From 97253c865017f47214be47e741f27acc1a8474d9 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Sun, 3 Oct 2004 14:52:12 +0000 Subject: [PATCH] STABLE14-windows-symlink-access-20041003 FIXES 15250 One more fix for the symlink problem. Access control checks cannot be performed until after we have walked all of the symlinks. Otherwise, we are checking access to the symlink itself and not to the file. (cherry picked from commit fdaf6f793398fb7dd61bdb7030447918dbe30b38) --- src/WINNT/afsd/smb3.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/WINNT/afsd/smb3.c b/src/WINNT/afsd/smb3.c index 46be160bfb..dc0dd0a50c 100644 --- a/src/WINNT/afsd/smb3.c +++ b/src/WINNT/afsd/smb3.c @@ -5030,16 +5030,6 @@ long smb_ReceiveNTCreateX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) * scp is NULL. */ if (code == 0 && !treeCreate) { - code = cm_CheckNTOpen(scp, desiredAccess, createDisp, userp, - &req); - if (code) { - if (dscp) cm_ReleaseSCache(dscp); - cm_ReleaseSCache(scp); - cm_ReleaseUser(userp); - free(realPathp); - return code; - } - if (createDisp == FILE_CREATE) { /* oops, file shouldn't be there */ if (dscp) cm_ReleaseSCache(dscp); @@ -5073,7 +5063,18 @@ long smb_ReceiveNTCreateX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) code = cm_SetAttr(scp, &setAttr, userp, &req); openAction = 3; /* truncated existing file */ } - else openAction = 1; /* found existing file */ + else + openAction = 1; /* found existing file */ + + code = cm_CheckNTOpen(scp, desiredAccess, createDisp, userp, + &req); + if (code) { + if (dscp) cm_ReleaseSCache(dscp); + cm_ReleaseSCache(scp); + cm_ReleaseUser(userp); + free(realPathp); + return code; + } } else if (createDisp == FILE_OPEN || createDisp == FILE_OVERWRITE) { /* don't create if not found */