From: Ralph Boehme <slow@samba.org>
Date: Tue, 29 Aug 2017 13:55:19 +0000 (+0200)
Subject: s3/smbd: fix access checks in set_ea_dos_attribute()
X-Git-Tag: tevent-0.9.34~197
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=143d26283dad8422fba557de311c304f0093d647;p=thirdparty%2Fsamba.git

s3/smbd: fix access checks in set_ea_dos_attribute()

We wanted to set the DOS attributes and failed with permission denied
from the VFS/kernel/filesystem. Next thing we wanna do here is override
this if either

- "dos filemode = true" is set and the security descriptor gives the
  user write access or if

- the stored security descriptor has FILE_WRITE_ATTRIBUTES

The former was working, but the latter was not implemented at all.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 73112dc9ab0..d7b0a8c9a79 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -464,6 +464,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
 		NTSTATUS status = NT_STATUS_OK;
 		bool need_close = false;
 		files_struct *fsp = NULL;
+		bool set_dosmode_ok = false;
 
 		if ((errno != EPERM) && (errno != EACCES)) {
 			DBG_INFO("Cannot set "
@@ -477,10 +478,21 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
 		*/
 
 		/* Check if we have write access. */
-		if (!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
+		if (!CAN_WRITE(conn)) {
 			return NT_STATUS_ACCESS_DENIED;
+		}
 
-		if (!can_write_to_file(conn, smb_fname)) {
+		status = smbd_check_access_rights(conn, smb_fname, false,
+						  FILE_WRITE_ATTRIBUTES);
+		if (NT_STATUS_IS_OK(status)) {
+			set_dosmode_ok = true;
+		}
+
+		if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) {
+			set_dosmode_ok = can_write_to_file(conn, smb_fname);
+		}
+
+		if (!set_dosmode_ok) {
 			return NT_STATUS_ACCESS_DENIED;
 		}