From: Jeremy Allison Date: Mon, 28 Jun 2021 20:54:52 +0000 (-0700) Subject: s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code. X-Git-Tag: talloc-2.3.3~82 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0657db26447ad9b0d2130fe07163e953eba2bcc2;p=thirdparty%2Fsamba.git s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code. We actually don't need this to get the right semantics, as the open or the set_sd() code catches the correct cases and returns ACCESS_DENIED, but it makes me much happier to see the prerequisites needed expressed in code here right at the point of use. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Jul 13 08:11:36 UTC 2021 on sn-devel-184 --- diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 8bfaea27e39..899e7dc3c1e 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3440,9 +3440,24 @@ NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) } /* Case (4). */ + /* If "dos filemode" isn't set, we're done. */ if (!lp_dos_filemode(SNUM(fsp->conn))) { return NT_STATUS_ACCESS_DENIED; } + /* + * If we have a writable handle, obviously we + * can write to the file. + */ + if (!fsp->fsp_flags.can_write) { + /* + * If we don't have a writable handle, we + * need to read the ACL on the file to + * see if we can write to it. + */ + if (!can_write_to_fsp(fsp)) { + return NT_STATUS_ACCESS_DENIED; + } + } /* only allow chown to the current user. This is more secure, and also copes with the case where the SID in a take ownership ACL is