[SCM] Samba Shared Repository - branch master updated

Sat, 27 Apr 2013 06:58:42 -0700 

The branch, master has been updated
       via  5185460 Check for WRITE_ACCESS on the file before overriding an 
EACCESS.
       via  77e3099 Ensure we don't try the open_file_fchmod() if we can't 
write to the file.
       via  a91aac4 Remove indentation around code wrapped by unneeded 
CAN_WRITE.
       via  0d88b37 Add early return in file_set_dosmode() on a read only share.
      from  8283fd0 smbd: Do not fetch the record in defer_open_done

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 5185460067229a342ddf3951ecc968017c2ed4df
Author: Jeremy Allison <[email protected]>
Date:   Thu Apr 25 14:06:03 2013 -0700

    Check for WRITE_ACCESS on the file before overriding an EACCESS.
    
    Signed-off-by: Jeremy Allison <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>
    
    Autobuild-User(master): Volker Lendecke <[email protected]>
    Autobuild-Date(master): Sat Apr 27 15:57:17 CEST 2013 on sn-devel-104

commit 77e3099483489ef4d59087dc6542fe7f7b589224
Author: Jeremy Allison <[email protected]>
Date:   Thu Apr 25 14:02:24 2013 -0700

    Ensure we don't try the open_file_fchmod() if we can't write to the file.
    
    Signed-off-by: Jeremy Allison <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit a91aac4a5f0bd2077be267e49d1fc4f0321bb39c
Author: Jeremy Allison <[email protected]>
Date:   Thu Apr 25 14:00:42 2013 -0700

    Remove indentation around code wrapped by unneeded CAN_WRITE.
    
    Signed-off-by: Jeremy Allison <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit 0d88b37fc63023eeb749080713449b124e346e9e
Author: Jeremy Allison <[email protected]>
Date:   Thu Apr 25 13:59:22 2013 -0700

    Add early return in file_set_dosmode() on a read only share.
    
    Signed-off-by: Jeremy Allison <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/dosmode.c |   57 ++++++++++++++++++++++++++++-------------------
 1 files changed, 34 insertions(+), 23 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 19b7675..b534626 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -417,6 +417,10 @@ static bool set_ea_dos_attribute(connection_struct *conn,
                if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
                        return false;
 
+               if (!can_write_to_file(conn, smb_fname)) {
+                       return false;
+               }
+
                /*
                 * We need to open the file with write access whilst
                 * still in our current user context. This ensures we
@@ -705,6 +709,12 @@ int file_set_dosmode(connection_struct *conn, struct 
smb_filename *smb_fname,
        int ret = -1, lret = -1;
        uint32_t old_mode;
        struct timespec new_create_timespec;
+       files_struct *fsp = NULL;
+
+       if (!CAN_WRITE(conn)) {
+               errno = EROFS;
+               return -1;
+       }
 
        /* We only allow READONLY|HIDDEN|SYSTEM|DIRECTORY|ARCHIVE here. */
        dosmode &= (SAMBA_ATTRIBUTES_MASK | FILE_ATTRIBUTE_OFFLINE);
@@ -850,29 +860,30 @@ int file_set_dosmode(connection_struct *conn, struct 
smb_filename *smb_fname,
                bits on a file. Just like file_ntimes below.
        */
 
-       /* Check if we have write access. */
-       if (CAN_WRITE(conn)) {
-               /*
-                * We need to open the file with write access whilst
-                * still in our current user context. This ensures we
-                * are not violating security in doing the fchmod.
-                */
-               files_struct *fsp;
-               if (!NT_STATUS_IS_OK(open_file_fchmod(conn, smb_fname,
-                                    &fsp)))
-                       return -1;
-               become_root();
-               ret = SMB_VFS_FCHMOD(fsp, unixmode);
-               unbecome_root();
-               close_file(NULL, fsp, NORMAL_CLOSE);
-               if (!newfile) {
-                       notify_fname(conn, NOTIFY_ACTION_MODIFIED,
-                                    FILE_NOTIFY_CHANGE_ATTRIBUTES,
-                                    smb_fname->base_name);
-               }
-               if (ret == 0) {
-                       smb_fname->st.st_ex_mode = unixmode;
-               }
+       if (!can_write_to_file(conn, smb_fname)) {
+               errno = EACCES;
+               return -1;
+       }
+
+       /*
+        * We need to open the file with write access whilst
+        * still in our current user context. This ensures we
+        * are not violating security in doing the fchmod.
+        */
+       if (!NT_STATUS_IS_OK(open_file_fchmod(conn, smb_fname,
+                            &fsp)))
+               return -1;
+       become_root();
+       ret = SMB_VFS_FCHMOD(fsp, unixmode);
+       unbecome_root();
+       close_file(NULL, fsp, NORMAL_CLOSE);
+       if (!newfile) {
+               notify_fname(conn, NOTIFY_ACTION_MODIFIED,
+                            FILE_NOTIFY_CHANGE_ATTRIBUTES,
+                            smb_fname->base_name);
+       }
+       if (ret == 0) {
+               smb_fname->st.st_ex_mode = unixmode;
        }
 
        return( ret );


-- 
Samba Shared Repository

Reply via email to