smbd: smb_info_set_ea() can only get fsp==NULL in POSIX mode accessing a symlink.

Ensure this is the case and force-return NT_STATUS_ACCESS_DENIED here.
Remove any race condition if anyone modifies the symlink whilst the
operation is in process.

This now allows us to require a valid fsp for operations on EAs.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 6b856424c62d65448851b61a1a9db2a63bd18105..da1614f7b1d5ae91e0b6c79f23e33bcc1dd4263b 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -6820,6 +6820,27 @@ static NTSTATUS smb_info_set_ea(connection_struct *conn,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
+       if (fsp == NULL) {
+               /*
+                * The only way fsp can be NULL here is if
+                * smb_fname points at a symlink and
+                * and we're in POSIX context.
+                * Ensure this is the case.
+                *
+                * There is still a race condition in that
+                * the symlink could be changed after we
+                * checked it, so ensure we only operate
+                * EA setting on a file handle.
+                */
+               SMB_ASSERT(smb_fname->flags & SMB_FILENAME_POSIX_PATH);
+               if (!(smb_fname->flags & SMB_FILENAME_POSIX_PATH)) {
+                       return NT_STATUS_ACCESS_DENIED;
+               }
+               status = refuse_symlink(conn, NULL, smb_fname);
+               SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED));
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        status = set_ea(conn, fsp, smb_fname, ea_list);
 
        return status;