Fix logic error in try_chown - we shouldn't arbitrarily chown

to ourselves unless that was passed in.
Jeremy.

diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c
index a078b9f9f62c9801cb6a4a5059e4f8b004c9fdf4..5ebc3a12f892294869fcce2ddd67a7e2dd733f5e 100644 (file)
--- a/source3/modules/vfs_aixacl2.c
+++ b/source3/modules/vfs_aixacl2.c
@@ -25,8 +25,6 @@
 
 #define AIXACL2_MODULE_NAME "aixacl2"
 
-extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid);
-
 extern SMB_ACL_T aixacl_to_smbacl( struct acl *file_acl);
 extern struct acl *aixacl_smb_to_aixacl(SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
 

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 627bfb4634688e6bc94e8dfe05f2584a8511cfa8..72f5c94bc542221541b8f8a0a8420f5ff6d7224f 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3187,6 +3187,15 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid)
                return -1;
        }
 
+       /* only allow chown to the current user. This is more secure,
+          and also copes with the case where the SID in a take ownership ACL is
+          a local SID on the users workstation
+       */
+       if (uid != current_user.ut.uid) {
+               errno = EPERM;
+               return -1;
+       }
+
        if (SMB_VFS_STAT(conn,fname,&st)) {
                return -1;
        }
@@ -3195,12 +3204,6 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid)
                return -1;
        }
 
-       /* only allow chown to the current user. This is more secure,
-          and also copes with the case where the SID in a take ownership ACL is
-          a local SID on the users workstation 
-       */
-       uid = current_user.ut.uid;
-
        become_root();
        /* Keep the current file gid the same. */
        ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1);