[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-105-g634cc6b

Thu, 22 Jan 2009 15:58:33 -0800 

The branch, master has been updated
       via  634cc6b64ad7e840a26400b0ee9c075176d2db3a (commit)
      from  81533e2d39cae11b7ea06f289a7c398ed3c51da9 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 634cc6b64ad7e840a26400b0ee9c075176d2db3a
Author: Jeremy Allison <j...@samba.org>
Date:   Thu Jan 22 15:57:41 2009 -0800

    Fix logic error in try_chown - we shouldn't arbitrarily chown
    to ourselves unless that was passed in.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_aixacl2.c |    2 --
 source3/smbd/posix_acls.c     |   15 +++++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c
index a078b9f..5ebc3a1 100644
--- a/source3/modules/vfs_aixacl2.c
+++ b/source3/modules/vfs_aixacl2.c
@@ -25,8 +25,6 @@
 
 #define AIXACL2_MODULE_NAME "aixacl2"
 
-extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, 
gid_t gid);
-
 extern SMB_ACL_T aixacl_to_smbacl( struct acl *file_acl);
 extern struct acl *aixacl_smb_to_aixacl(SMB_ACL_TYPE_T acltype, SMB_ACL_T 
theacl);
 
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 627bfb4..72f5c94 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3187,6 +3187,15 @@ int try_chown(connection_struct *conn, const char 
*fname, uid_t uid, gid_t gid)
                return -1;
        }
 
+       /* only allow chown to the current user. This is more secure,
+          and also copes with the case where the SID in a take ownership ACL is
+          a local SID on the users workstation
+       */
+       if (uid != current_user.ut.uid) {
+               errno = EPERM;
+               return -1;
+       }
+
        if (SMB_VFS_STAT(conn,fname,&st)) {
                return -1;
        }
@@ -3195,12 +3204,6 @@ int try_chown(connection_struct *conn, const char 
*fname, uid_t uid, gid_t gid)
                return -1;
        }
 
-       /* only allow chown to the current user. This is more secure,
-          and also copes with the case where the SID in a take ownership ACL is
-          a local SID on the users workstation 
-       */
-       uid = current_user.ut.uid;
-
        become_root();
        /* Keep the current file gid the same. */
        ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1);


-- 
Samba Shared Repository

Reply via email to