Remove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). It

is called from places like fileio.c that need to update the write time
on a file handle only open for write, without neccessarily having
FILE_WRITE_ATTRIBUTES permission. Move all checks to before the
smb_set_file_time() callers.

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index b736432a82edeff85b2315e14c87a51b99d54c25..837e3607696bd220a856681abd965900b7a7a37b 100644 (file)
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -581,11 +581,9 @@ static NTSTATUS update_write_time_on_close(struct files_struct *fsp)
        }
 
        ft.mtime = fsp->close_write_time;
-       /* We must use NULL for the fsp handle here, as smb_set_file_time()
-          checks the fsp access_mask, which may not include FILE_WRITE_ATTRIBUTES.
-          As this is a close based update, we are not directly changing the
+       /* As this is a close based update, we are not directly changing the
           file attributes from a client call, but indirectly from a write. */
-       status = smb_set_file_time(fsp->conn, NULL, fsp->fsp_name, &ft, false);
+       status = smb_set_file_time(fsp->conn, fsp, fsp->fsp_name, &ft, false);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(10,("update_write_time_on_close: smb_set_file_time "
                        "on file %s returned %s\n",

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 541789d846d521a0f4a619cf7a4681ebb0b6ed67..18ebca1ce2bb61583e8ab5fb452ef47c35762b44 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -7952,6 +7952,11 @@ void reply_setattrE(struct smb_request *req)
                goto out;
        }
 
+       if (!(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+               reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+               goto out;
+       }
+
        status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
        if (!NT_STATUS_IS_OK(status)) {
                reply_nterror(req, status);

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 843092d7d9974301a6afa07d9b08a2f3222c4560..0e831ecff9cabee2e649897b3034f934b891c964 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5440,6 +5440,8 @@ NTSTATUS hardlink_internals(TALLOC_CTX *ctx,
 
 /****************************************************************************
  Deal with setting the time from any of the setfilepathinfo functions.
+ NOTE !!!! The check for FILE_WRITE_ATTRIBUTES access must be done *before*
+ calling this function.
 ****************************************************************************/
 
 NTSTATUS smb_set_file_time(connection_struct *conn,
@@ -5458,10 +5460,6 @@ NTSTATUS smb_set_file_time(connection_struct *conn,
                return NT_STATUS_OBJECT_NAME_NOT_FOUND;
        }
 
-       if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
-               return NT_STATUS_ACCESS_DENIED;
-       }
-
        /* get some defaults (no modifications) if any info is zero or -1. */
        if (null_timespec(ft->create_time)) {
                action &= ~FILE_NOTIFY_CHANGE_CREATION;
@@ -6574,6 +6572,10 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn,
        DEBUG(10,("smb_set_info_standard: file %s\n",
                smb_fname_str_dbg(smb_fname)));
 
+       if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
         return smb_set_file_time(conn,
                                 fsp,
                                smb_fname,
@@ -6944,6 +6946,10 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
        }
 #endif
 
+       if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        /*
         * Deal with the UNIX specific mode set.
         */