From f1e2506f98c778a40f39cc1f26f342ff7f1b3bae Mon Sep 17 00:00:00 2001
From: tjr <tjr@FreeBSD.org>
Date: Tue, 4 Feb 2003 08:30:53 +0000
Subject: Add missing permission checks to the smbfs VOP_SETATTR vnode op for
 the case where the caller requests to change access or modification times.

MFC after:	3 days
---
 sys/fs/smbfs/smbfs_vnops.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sys/fs/smbfs/smbfs_vnops.c b/sys/fs/smbfs/smbfs_vnops.c
index 744a7d4..29ff1d7 100644
--- a/sys/fs/smbfs/smbfs_vnops.c
+++ b/sys/fs/smbfs/smbfs_vnops.c
@@ -412,6 +412,11 @@ smbfs_setattr(ap)
 	if (vap->va_atime.tv_sec != VNOVAL)
 		atime = &vap->va_atime;
 	if (mtime != atime) {
+		if (ap->a_cred->cr_uid != VTOSMBFS(vp)->sm_args.uid &&
+		    (error = suser_cred(ap->a_cred, PRISON_ROOT)) &&
+		    ((vap->va_vaflags & VA_UTIMES_NULL) == 0 ||
+		    (error = VOP_ACCESS(vp, VWRITE, ap->a_cred, ap->a_td))))
+			return (error);
 #if 0
 		if (mtime == NULL)
 			mtime = &np->n_mtime;
-- 
cgit v1.1