mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3: smbd: Add missing permissions check on destination folder.
Based on code from Michael Zeis <mzeis.quantum@gmail.com>. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
beb8a73e95
commit
91b591224a
@ -6615,6 +6615,7 @@ NTSTATUS rename_internals_fsp(connection_struct *conn,
|
||||
struct smb_filename *smb_fname_dst = NULL;
|
||||
NTSTATUS status = NT_STATUS_OK;
|
||||
struct share_mode_lock *lck = NULL;
|
||||
uint32_t access_mask = SEC_DIR_ADD_FILE;
|
||||
bool dst_exists, old_is_stream, new_is_stream;
|
||||
|
||||
status = check_name(conn, smb_fname_dst_in->base_name);
|
||||
@ -6815,6 +6816,22 @@ NTSTATUS rename_internals_fsp(connection_struct *conn,
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Do we have rights to move into the destination ? */
|
||||
if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
|
||||
/* We're moving a directory. */
|
||||
access_mask = SEC_DIR_ADD_SUBDIR;
|
||||
}
|
||||
status = check_parent_access(conn,
|
||||
smb_fname_dst,
|
||||
access_mask);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DBG_INFO("check_parent_access on "
|
||||
"dst %s returned %s\n",
|
||||
smb_fname_str_dbg(smb_fname_dst),
|
||||
nt_errstr(status));
|
||||
goto out;
|
||||
}
|
||||
|
||||
lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user