From: Jeremy Allison <jra@samba.org>
Date: Mon, 17 Jun 2019 22:34:13 +0000 (-0700)
Subject: s3: smbd: Update smb_set_posix_acl() to always use an open file handle.
X-Git-Tag: ldb-2.0.5~245
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bf743b01d8d66d9e7622153a76f365babcf03006;p=thirdparty%2Fsamba.git

s3: smbd: Update smb_set_posix_acl() to always use an open file handle.

Uses get_posix_fsp() added in the previous commit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 7ec95e897c3..bcb40b3ccba 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7288,6 +7288,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
 	NTSTATUS status;
 	unsigned int size_needed;
 	unsigned int total_data;
+	bool close_fsp = false;
 
 	if (total_data_in < 0) {
 		status = NT_STATUS_INVALID_PARAMETER;
@@ -7348,6 +7349,32 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
 		goto out;
 	}
 
+	/*
+	 * Ensure we always operate on a file descriptor, not just
+	 * the filename.
+	 */
+	if (fsp == NULL) {
+		uint32_t access_mask = SEC_STD_WRITE_OWNER|
+					SEC_STD_WRITE_DAC|
+					SEC_STD_READ_CONTROL|
+					FILE_READ_ATTRIBUTES|
+					FILE_WRITE_ATTRIBUTES;
+
+		status = get_posix_fsp(conn,
+					req,
+					smb_fname,
+					access_mask,
+					&fsp);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			goto out;
+		}
+		close_fsp = true;
+	}
+
+	/* Here we know fsp != NULL */
+	SMB_ASSERT(fsp != NULL);
+
 	status = refuse_symlink(conn, fsp, smb_fname);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto out;
@@ -7392,6 +7419,10 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
 
   out:
 
+	if (close_fsp) {
+		(void)close_file(req, fsp, NORMAL_CLOSE);
+		fsp = NULL;
+	}
 	return status;
 }
 #endif