The branch, master has been updated
via 05e841c Final part of patchset to fix bug #8556 - ACL permissions
ignored when SMBsetatr is requested.
via 865bc0c Remove the check for FILE_WRITE_ATTRIBUTES from
smb_set_file_time(). It is called from places like fileio.c that need to update
the write time on a file handle only open for write, without neccessarily
having FILE_WRITE_ATTRIBUTES permission. Move all checks to before the
smb_set_file_time() callers.
via 86c1609 Always set the attribute first, before the time.
via edaa747 Move handle-based access check into handle codepath.
via c6a62f6 We've already checked fsp must be non-null here.
via 93000c9 Remove unneeded access check. This is done inside
smb_set_file_time().
via f5cda71 Remove unneeded access check. This is done inside
smb_set_file_size().
via c27551b Move handle based access check into handle code path.
from dd504b1 HEIMDAL:lib/krb5: add utf8 support to build_logon_name()
for the PAC
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 05e841c82ce7f0f252b5eb565e457f406b3a1b39
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 15 17:29:59 2011 -0800
Final part of patchset to fix bug #8556 - ACL permissions ignored when
SMBsetatr is requested.
This now plumbs access checks through all setattr calls.
Autobuild-User: Jeremy Allison <j...@samba.org>
Autobuild-Date: Wed Nov 16 04:20:04 CET 2011 on sn-devel-104
commit 865bc0c0ace0a4f8e5eb0277def2315867273071
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 15 17:41:48 2011 -0800
Remove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). It
is called from places like fileio.c that need to update the write time
on a file handle only open for write, without neccessarily having
FILE_WRITE_ATTRIBUTES permission. Move all checks to before the
smb_set_file_time() callers.
commit 86c16092194836d8478144b97da9ca08aec7fac6
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 15 16:49:42 2011 -0800
Always set the attribute first, before the time.
commit edaa7479edd9c6472dacb3642fe6d2a6869e4719
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 15 16:22:09 2011 -0800
Move handle-based access check into handle codepath.
commit c6a62f60a23fdadb99da4d4b47694b273342f2a7
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 15 16:20:44 2011 -0800
We've already checked fsp must be non-null here.
commit 93000c98ad42a2e089ba6b371d811263f953c23d
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 15 16:16:54 2011 -0800
Remove unneeded access check. This is done inside smb_set_file_time().
commit f5cda7160ce63abbde6878ca517680f417ffeb17
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 15 16:14:47 2011 -0800
Remove unneeded access check. This is done inside smb_set_file_size().
commit c27551b1631eff0c91d79fbcadce703eadc3efc1
Author: Jeremy Allison <j...@samba.org>
Date: Tue Nov 15 16:14:16 2011 -0800
Move handle based access check into handle code path.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/close.c | 6 +--
source3/smbd/proto.h | 4 ++
source3/smbd/reply.c | 26 +++++++++++----
source3/smbd/trans2.c | 86 ++++++++++++++++++++++++++++++------------------
4 files changed, 79 insertions(+), 43 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index b736432..837e360 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -581,11 +581,9 @@ static NTSTATUS update_write_time_on_close(struct
files_struct *fsp)
}
ft.mtime = fsp->close_write_time;
- /* We must use NULL for the fsp handle here, as smb_set_file_time()
- checks the fsp access_mask, which may not include
FILE_WRITE_ATTRIBUTES.
- As this is a close based update, we are not directly changing the
+ /* As this is a close based update, we are not directly changing the
file attributes from a client call, but indirectly from a write. */
- status = smb_set_file_time(fsp->conn, NULL, fsp->fsp_name, &ft, false);
+ status = smb_set_file_time(fsp->conn, fsp, fsp->fsp_name, &ft, false);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("update_write_time_on_close: smb_set_file_time "
"on file %s returned %s\n",
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index fe90766..151ae78 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -1059,6 +1059,10 @@ int sys_statvfs(const char *path, vfs_statvfs_struct
*statbuf);
/* The following definitions come from smbd/trans2.c */
+NTSTATUS check_access(connection_struct *conn,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ uint32_t access_mask);
uint64_t smb_roundup(connection_struct *conn, uint64_t val);
uint64_t get_FileIndex(connection_struct *conn, const SMB_STRUCT_STAT *psbuf);
NTSTATUS get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn,
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 0adc4e8..7dd3260 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1269,19 +1269,19 @@ void reply_setatr(struct smb_request *req)
mode = SVAL(req->vwv+0, 0);
mtime = srv_make_unix_date3(req->vwv+1);
- ft.mtime = convert_time_t_to_timespec(mtime);
- status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
- if (!NT_STATUS_IS_OK(status)) {
- reply_nterror(req, status);
- goto out;
- }
-
if (mode != FILE_ATTRIBUTE_NORMAL) {
if (VALID_STAT_OF_DIR(smb_fname->st))
mode |= FILE_ATTRIBUTE_DIRECTORY;
else
mode &= ~FILE_ATTRIBUTE_DIRECTORY;
+ status = check_access(conn, NULL, smb_fname,
+ FILE_WRITE_ATTRIBUTES);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ goto out;
+ }
+
if (file_set_dosmode(conn, smb_fname, mode, NULL,
false) != 0) {
reply_nterror(req, map_nt_error_from_unix(errno));
@@ -1289,6 +1289,13 @@ void reply_setatr(struct smb_request *req)
}
}
+ ft.mtime = convert_time_t_to_timespec(mtime);
+ status = smb_set_file_time(conn, NULL, smb_fname, &ft, true);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ goto out;
+ }
+
reply_outbuf(req, 0, 0);
DEBUG(3, ("setatr name=%s mode=%d\n", smb_fname_str_dbg(smb_fname),
@@ -7952,6 +7959,11 @@ void reply_setattrE(struct smb_request *req)
goto out;
}
+ if (!(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ goto out;
+ }
+
status = smb_set_file_time(conn, fsp, fsp->fsp_name, &ft, true);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index f6e62ef..024979c 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -50,6 +50,30 @@ static char *store_file_unix_basic_info2(connection_struct
*conn,
const SMB_STRUCT_STAT *psbuf);
/********************************************************************
+ The canonical "check access" based on object handle or path function.
+********************************************************************/
+
+NTSTATUS check_access(connection_struct *conn,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ uint32_t access_mask)
+{
+ if (fsp) {
+ if (!(fsp->access_mask & access_mask)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ } else {
+ NTSTATUS status = smbd_check_access_rights(conn,
+ smb_fname,
+ access_mask);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
Roundup a value to the nearest allocation roundup size boundary.
Only do this for Windows clients.
********************************************************************/
@@ -504,14 +528,16 @@ static void canonicalize_ea_name(connection_struct *conn,
files_struct *fsp, con
NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
const struct smb_filename *smb_fname, struct ea_list *ea_list)
{
+ NTSTATUS status;
char *fname = NULL;
if (!lp_ea_support(SNUM(conn))) {
return NT_STATUS_EAS_NOT_SUPPORTED;
}
- if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
- return NT_STATUS_ACCESS_DENIED;
+ status = check_access(conn, fsp, smb_fname, FILE_WRITE_EA);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
/* For now setting EAs on streams isn't supported. */
@@ -5440,6 +5466,8 @@ NTSTATUS hardlink_internals(TALLOC_CTX *ctx,
/****************************************************************************
Deal with setting the time from any of the setfilepathinfo functions.
+ NOTE !!!! The check for FILE_WRITE_ATTRIBUTES access must be done *before*
+ calling this function.
****************************************************************************/
NTSTATUS smb_set_file_time(connection_struct *conn,
@@ -5458,10 +5486,6 @@ NTSTATUS smb_set_file_time(connection_struct *conn,
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
/* get some defaults (no modifications) if any info is zero or -1. */
if (null_timespec(ft->create_time)) {
action &= ~FILE_NOTIFY_CHANGE_CREATION;
@@ -5542,6 +5566,8 @@ NTSTATUS smb_set_file_time(connection_struct *conn,
/****************************************************************************
Deal with setting the dosmode from any of the setfilepathinfo functions.
+ NB. The check for FILE_WRITE_ATTRIBUTES access on this path must have been
+ done before calling this function.
****************************************************************************/
static NTSTATUS smb_set_file_dosmode(connection_struct *conn,
@@ -5615,10 +5641,6 @@ static NTSTATUS smb_set_file_size(connection_struct
*conn,
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
DEBUG(6,("smb_set_file_size: size: %.0f ", (double)size));
if (size == get_file_size_stat(psbuf)) {
@@ -5630,6 +5652,10 @@ static NTSTATUS smb_set_file_size(connection_struct
*conn,
if (fsp && fsp->fh->fd != -1) {
/* Handle based call. */
+ if (!(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
if (vfs_set_filelen(fsp, size) == -1) {
return map_nt_error_from_unix(errno);
}
@@ -5726,10 +5752,6 @@ static NTSTATUS smb_info_set_ea(connection_struct *conn,
return NT_STATUS_INVALID_PARAMETER;
}
- if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
status = set_ea(conn, fsp, smb_fname, ea_list);
return status;
@@ -5773,10 +5795,6 @@ static NTSTATUS
smb_set_file_full_ea_info(connection_struct *conn,
return NT_STATUS_INVALID_PARAMETER;
}
- if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
DEBUG(10, ("smb_set_file_full_ea_info on file %s returned %s\n",
@@ -6516,8 +6534,9 @@ static NTSTATUS smb_set_file_basic_info(connection_struct
*conn,
return NT_STATUS_INVALID_PARAMETER;
}
- if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
- return NT_STATUS_ACCESS_DENIED;
+ status = check_access(conn, fsp, smb_fname, FILE_WRITE_ATTRIBUTES);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
/* Set the attributes */
@@ -6556,6 +6575,7 @@ static NTSTATUS smb_set_info_standard(connection_struct
*conn,
files_struct *fsp,
const struct smb_filename *smb_fname)
{
+ NTSTATUS status;
struct smb_file_time ft;
ZERO_STRUCT(ft);
@@ -6564,10 +6584,6 @@ static NTSTATUS smb_set_info_standard(connection_struct
*conn,
return NT_STATUS_INVALID_PARAMETER;
}
- if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
/* create time */
ft.create_time = convert_time_t_to_timespec(srv_make_unix_date2(pdata));
/* access time */
@@ -6578,6 +6594,11 @@ static NTSTATUS smb_set_info_standard(connection_struct
*conn,
DEBUG(10,("smb_set_info_standard: file %s\n",
smb_fname_str_dbg(smb_fname)));
+ status = check_access(conn, fsp, smb_fname, FILE_WRITE_ATTRIBUTES);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
return smb_set_file_time(conn,
fsp,
smb_fname,
@@ -6626,16 +6647,16 @@ static NTSTATUS
smb_set_file_allocation_info(connection_struct *conn,
allocation_size = smb_roundup(conn, allocation_size);
}
- if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
DEBUG(10,("smb_set_file_allocation_info: file %s : setting new "
"allocation size to %.0f\n", smb_fname_str_dbg(smb_fname),
(double)allocation_size));
if (fsp && fsp->fh->fd != -1) {
/* Open file handle. */
+ if (!(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* Only change if needed. */
if (allocation_size != get_file_size_stat(&smb_fname->st)) {
if (vfs_allocate_file_space(fsp, allocation_size) ==
-1) {
@@ -6727,10 +6748,6 @@ static NTSTATUS
smb_set_file_end_of_file_info(connection_struct *conn,
"file %s to %.0f\n", smb_fname_str_dbg(smb_fname),
(double)size));
- if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
return smb_set_file_size(conn, req,
fsp,
smb_fname,
@@ -6952,6 +6969,11 @@ static NTSTATUS
smb_set_file_unix_basic(connection_struct *conn,
}
#endif
+ status = check_access(conn, fsp, smb_fname, FILE_WRITE_ATTRIBUTES);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
/*
* Deal with the UNIX specific mode set.
*/
--
Samba Shared Repository
