summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-11-15 17:41:48 -0800
committerJeremy Allison <jra@samba.org>2011-11-15 17:41:48 -0800
commit865bc0c0ace0a4f8e5eb0277def2315867273071 (patch)
tree2ab9337880684abf24e7cf7d89f4b53361c18fc9
parent86c16092194836d8478144b97da9ca08aec7fac6 (diff)
downloadsamba-865bc0c0ace0a4f8e5eb0277def2315867273071.tar.gz
samba-865bc0c0ace0a4f8e5eb0277def2315867273071.tar.bz2
samba-865bc0c0ace0a4f8e5eb0277def2315867273071.zip
Remove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). It
is called from places like fileio.c that need to update the write time on a file handle only open for write, without neccessarily having FILE_WRITE_ATTRIBUTES permission. Move all checks to before the smb_set_file_time() callers.
-rw-r--r--source3/smbd/close.c6
-rw-r--r--source3/smbd/reply.c5
-rw-r--r--source3/smbd/trans2.c14
3 files changed, 17 insertions, 8 deletions
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index b736432a82..837e360769 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -581,11 +581,9 @@ static NTSTATUS update_write_time_on_close(struct files_struct *fsp)
}
ft.mtime = fsp->close_write_time;
- /* We must use NULL for the fsp handle here, as smb_set_file_time()
- checks the fsp access_mask, which may not include FILE_WRITE_ATTRIBUTES.
- As this is a close based update, we are not directly changing the
+ /* As this is a close based update, we are not directly changing the
file attributes from a client call, but indirectly from a write. */
- status = smb_set_file_time(fsp->conn, NULL, fsp->fsp_name, &ft, false);
+ status = smb_set_file_time(fsp->conn, fsp, fsp->fsp_name, &ft, false);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("update_write_time_on_close: smb_set_file_time "
"on file %s returned %s\n",
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 541789d846..18ebca1ce2 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -7952,6 +7952,11 @@ void reply_setattrE(struct smb_request *req)
goto out;
}
+ if (!(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ goto out;
+ }
+
status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 843092d7d9..0e831ecff9 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5440,6 +5440,8 @@ NTSTATUS hardlink_internals(TALLOC_CTX *ctx,
/****************************************************************************
Deal with setting the time from any of the setfilepathinfo functions.
+ NOTE !!!! The check for FILE_WRITE_ATTRIBUTES access must be done *before*
+ calling this function.
****************************************************************************/
NTSTATUS smb_set_file_time(connection_struct *conn,
@@ -5458,10 +5460,6 @@ NTSTATUS smb_set_file_time(connection_struct *conn,
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
/* get some defaults (no modifications) if any info is zero or -1. */
if (null_timespec(ft->create_time)) {
action &= ~FILE_NOTIFY_CHANGE_CREATION;
@@ -6574,6 +6572,10 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn,
DEBUG(10,("smb_set_info_standard: file %s\n",
smb_fname_str_dbg(smb_fname)));
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
return smb_set_file_time(conn,
fsp,
smb_fname,
@@ -6944,6 +6946,10 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
}
#endif
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/*
* Deal with the UNIX specific mode set.
*/