From: Jeremy Allison Date: Tue, 8 Jun 2021 03:58:34 +0000 (-0700) Subject: s3: smbd: In open_directory() move the call to smbd_check_access_rights() until after... X-Git-Tag: tevent-0.11.0~640 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ae8313a4458fc314a841f90c00edf6b1ad4e44cf;p=thirdparty%2Fsamba.git s3: smbd: In open_directory() move the call to smbd_check_access_rights() until after the fsp is set up. This doesn't matter now, but later we will move to a handle-based call to check access rights, so we will need the full handle setup. Add a fd_close(fsp) in the error path now this is done after the fd open. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 70190c7641d..5094f41c690 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -4616,21 +4616,6 @@ static NTSTATUS open_directory(connection_struct *conn, return NT_STATUS_NOT_A_DIRECTORY; } - if (info == FILE_WAS_OPENED) { - status = smbd_check_access_rights(conn, - conn->cwd_fsp, - smb_dname, - false, - access_mask); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("open_directory: smbd_check_access_rights on " - "file %s failed with %s\n", - smb_fname_str_dbg(smb_dname), - nt_errstr(status))); - return status; - } - } - /* * Setup the files_struct for it. */ @@ -4703,6 +4688,22 @@ static NTSTATUS open_directory(connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } + if (info == FILE_WAS_OPENED) { + status = smbd_check_access_rights(conn, + conn->cwd_fsp, + smb_dname, + false, + access_mask); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("open_directory: smbd_check_access_rights on " + "file %s failed with %s\n", + smb_fname_str_dbg(smb_dname), + nt_errstr(status))); + fd_close(fsp); + return status; + } + } + lck = get_share_mode_lock(talloc_tos(), fsp->file_id, conn->connectpath, smb_dname, &mtimespec);