From b1dacb8195a52b6cfce6ad60a839f7effd35b261 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 23 Nov 2010 15:59:33 -0800
Subject: [PATCH] Add in fsp->access_mask checks. Not required (underlying
 system does this) but makes logic cleaner. Pointed out by Metze.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 24 01:47:13 CET 2010 on sn-devel-104
---
 source3/smbd/nttrans.c |  6 ++++--
 source3/smbd/trans2.c  | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 855a49b2d5f..ad585337b85 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1389,7 +1389,8 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx,
 		req,					/* req */
 		0,					/* root_dir_fid */
 		smb_fname_src,				/* fname */
-		FILE_READ_DATA,				/* access_mask */
+		FILE_READ_DATA|FILE_READ_ATTRIBUTES|
+			FILE_READ_EA,			/* access_mask */
 		(FILE_SHARE_READ | FILE_SHARE_WRITE |	/* share_access */
 		    FILE_SHARE_DELETE),
 		FILE_OPEN,				/* create_disposition*/
@@ -1412,7 +1413,8 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx,
 		req,					/* req */
 		0,					/* root_dir_fid */
 		smb_fname_dst,				/* fname */
-		FILE_WRITE_DATA,			/* access_mask */
+		FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|
+			FILE_WRITE_EA,			/* access_mask */
 		(FILE_SHARE_READ | FILE_SHARE_WRITE |	/* share_access */
 		    FILE_SHARE_DELETE),
 		FILE_CREATE,				/* create_disposition*/
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 30794e009e9..ddae99d7cce 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -504,6 +504,10 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
 		return NT_STATUS_EAS_NOT_SUPPORTED;
 	}
 
+	if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	/* For now setting EAs on streams isn't supported. */
 	fname = smb_fname->base_name;
 
@@ -5446,6 +5450,10 @@ NTSTATUS smb_set_file_time(connection_struct *conn,
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 	}
 
+	if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	/* get some defaults (no modifications) if any info is zero or -1. */
 	if (null_timespec(ft->create_time)) {
 		action &= ~FILE_NOTIFY_CHANGE_CREATION;
@@ -5599,6 +5607,10 @@ static NTSTATUS smb_set_file_size(connection_struct *conn,
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 	}
 
+	if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	DEBUG(6,("smb_set_file_size: size: %.0f ", (double)size));
 
 	if (size == get_file_size_stat(psbuf)) {
@@ -5705,6 +5717,11 @@ static NTSTATUS smb_info_set_ea(connection_struct *conn,
 	if (!ea_list) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
+
+	if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	status = set_ea(conn, fsp, smb_fname, ea_list);
 
 	return status;
@@ -5747,6 +5764,11 @@ static NTSTATUS smb_set_file_full_ea_info(connection_struct *conn,
 	if (!ea_list) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
+
+	if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
 
 	DEBUG(10, ("smb_set_file_full_ea_info on file %s returned %s\n",
@@ -6485,6 +6507,10 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	/* Set the attributes */
 	dosmode = IVAL(pdata,32);
 	status = smb_set_file_dosmode(conn, smb_fname, dosmode);
@@ -6529,6 +6555,10 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	/* create time */
 	ft.create_time = convert_time_t_to_timespec(srv_make_unix_date2(pdata));
 	/* access time */
@@ -6587,6 +6617,10 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn,
 		allocation_size = smb_roundup(conn, allocation_size);
 	}
 
+	if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	DEBUG(10,("smb_set_file_allocation_info: file %s : setting new "
 		  "allocation size to %.0f\n", smb_fname_str_dbg(smb_fname),
 		  (double)allocation_size));
@@ -6684,6 +6718,10 @@ static NTSTATUS smb_set_file_end_of_file_info(connection_struct *conn,
 		  "file %s to %.0f\n", smb_fname_str_dbg(smb_fname),
 		  (double)size));
 
+	if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	return smb_set_file_size(conn, req,
 				fsp,
 				smb_fname,
-- 
2.34.1