/* We got access denied here. If we're already root,
or we didn't need to do a chown, or the fsp isn't
open with WRITE_OWNER access, just return. */
- if (get_current_uid(handle->conn) == 0 || !chown_needed ||
- !(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+ if (get_current_uid(handle->conn) == 0 || !chown_needed) {
return NT_STATUS_ACCESS_DENIED;
}
+ status = check_any_access_fsp(fsp, SEC_STD_WRITE_OWNER);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
/*
* Only allow take-ownership, not give-ownership. That's the way Windows
/* Ok, we failed to chown and we have
SEC_STD_WRITE_OWNER access - override. */
- set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ become_root();
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
- drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ unbecome_root();
return status;
}
goto out;
}
- set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ become_root();
if (is_directory) {
ret = SMB_VFS_NEXT_UNLINKAT(handle,
dirfsp,
smb_fname,
0);
}
- drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ unbecome_root();
if (ret == -1) {
saved_errno = errno;
git.samba.org / samba.git / blobdiff