Fix logic error in try_chown - we shouldn't arbitrarily chown

author Jeremy Allison <jra@samba.org>

Fri, 23 Jan 2009 00:04:36 +0000 (16:04 -0800)

committer Karolin Seeger <kseeger@samba.org>

Thu, 30 Jul 2009 07:22:08 +0000 (09:22 +0200)
author Jeremy Allison <jra@samba.org>
Fri, 23 Jan 2009 00:04:36 +0000 (16:04 -0800)
committer Karolin Seeger <kseeger@samba.org>
Thu, 30 Jul 2009 07:22:08 +0000 (09:22 +0200)
diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c

index 5132e9725df3a37ec90657a27c65f52c58d5e6fd..ed38ffcae15bcf281e40a3a4836a970372f8da41 100644 (file)
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -3097,6 +3097,15 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid)
                 return -1;
         }
  
+       /* only allow chown to the current user. This is more secure,
+          and also copes with the case where the SID in a take ownership ACL is
+          a local SID on the users workstation
+       */
+       if (uid != current_user.ut.uid) {
+               errno = EPERM;
+               return -1;
+       }
+
         if (SMB_VFS_STAT(conn,fname,&st)) {
                 return -1;
         }
@@ -3105,12 +3114,6 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid)
                 return -1;
         }
  
-       /* only allow chown to the current user. This is more secure,
-          and also copes with the case where the SID in a take ownership ACL is
-          a local SID on the users workstation 
-       */
-       uid = current_user.ut.uid;
-
         become_root();
         /* Keep the current file gid the same. */
         ret = SMB_VFS_FCHOWN(fsp, fsp->fh->fd, uid, (gid_t)-1);
author	Jeremy Allison <jra@samba.org>
	Fri, 23 Jan 2009 00:04:36 +0000 (16:04 -0800)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 30 Jul 2009 07:22:08 +0000 (09:22 +0200)