From 865bc0c0ace0a4f8e5eb0277def2315867273071 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 15 Nov 2011 17:41:48 -0800 Subject: Remove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). It is called from places like fileio.c that need to update the write time on a file handle only open for write, without neccessarily having FILE_WRITE_ATTRIBUTES permission. Move all checks to before the smb_set_file_time() callers. --- source3/smbd/trans2.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'source3/smbd/trans2.c') diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 843092d7d9..0e831ecff9 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -5440,6 +5440,8 @@ NTSTATUS hardlink_internals(TALLOC_CTX *ctx, /**************************************************************************** Deal with setting the time from any of the setfilepathinfo functions. + NOTE !!!! The check for FILE_WRITE_ATTRIBUTES access must be done *before* + calling this function. ****************************************************************************/ NTSTATUS smb_set_file_time(connection_struct *conn, @@ -5458,10 +5460,6 @@ NTSTATUS smb_set_file_time(connection_struct *conn, return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) { - return NT_STATUS_ACCESS_DENIED; - } - /* get some defaults (no modifications) if any info is zero or -1. */ if (null_timespec(ft->create_time)) { action &= ~FILE_NOTIFY_CHANGE_CREATION; @@ -6574,6 +6572,10 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn, DEBUG(10,("smb_set_info_standard: file %s\n", smb_fname_str_dbg(smb_fname))); + if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) { + return NT_STATUS_ACCESS_DENIED; + } + return smb_set_file_time(conn, fsp, smb_fname, @@ -6944,6 +6946,10 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn, } #endif + if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) { + return NT_STATUS_ACCESS_DENIED; + } + /* * Deal with the UNIX specific mode set. */ -- cgit