From: Jeremy Allison <jra@samba.org>
Date: Tue, 18 Jun 2019 22:29:25 +0000 (-0700)
Subject: s3: smbd: Add default ACLS can only be set on directory check to smb_set_posix_acl().
X-Git-Tag: ldb-2.0.5~231
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=77454ecfbd8f9ac662aaaf47579927073f494552;p=thirdparty%2Fsamba.git

s3: smbd: Add default ACLS can only be set on directory check to smb_set_posix_acl().

This was already being checked in the lower layer,
so no change in behavior, just an efficiency and
clarity change.

Just move an extra check here so we refuse the
set if a default ACL is sent on a file object
before we go into the lower layers.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index cc5af63201f..7abf9bcfce0 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7452,6 +7452,14 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
 		goto out;
 	}
 
+	/* If we have a default acl, this *must* be a directory. */
+	if (valid_def_acls && !fsp->is_directory) {
+		DBG_INFO("Can't set default acls on "
+			 "non-directory %s\n",
+			 fsp_str_dbg(fsp));
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
 	DBG_DEBUG("file %s num_file_acls = %"PRIu16", "
 		  "num_def_acls = %"PRIu16"\n",
 		  fsp_str_dbg(fsp),