[SCM] Samba Shared Repository - branch master updated

Thu, 18 Aug 2016 10:00:26 -0700 

The branch, master has been updated
       via  a6073e6 smbd: allow reading files based on FILE_EXECUTE access right
      from  626dcc9 ctdb-ipalloc: Fix cumulative takeover timeout

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a6073e6130d39dac58f1e6ea9f41ec4ab34c3e29
Author: Uri Simchoni <u...@samba.org>
Date:   Thu Aug 4 14:59:23 2016 +0300

    smbd: allow reading files based on FILE_EXECUTE access right
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
    
    Signed-off-by: Uri Simchoni <u...@samba.org>
    Reviewed-by: David Disseldorp <dd...@samba.org>
    
    Autobuild-User(master): David Disseldorp <dd...@samba.org>
    Autobuild-Date(master): Thu Aug 18 18:58:22 CEST 2016 on sn-devel-144

-----------------------------------------------------------------------

Summary of changes:
 selftest/knownfail       |  7 ++-----
 source3/smbd/smb2_glue.c | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/knownfail b/selftest/knownfail
index 41cad44..ffcaf06 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -286,10 +286,7 @@
 ^samba4.krb5.kdc.*as-req-aes.*fl2000dc
 # nt4_member and ad_member don't support ntlmv1
 
^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.member.creds.*as.user
-#new read tests fail
+#nt-vfs server blocks read with execute access
 ^samba4.smb2.read.access
-^samba3.smb2.read.access
-#new copychunk tests fail
+#ntvfs server blocks copychunk with execute access on read handle
 ^samba4.smb2.ioctl.copy_chunk_bad_access
-^samba3.smb2.ioctl.copy_chunk_bad_access
-^samba3.smb2.ioctl fs_specific.copy_chunk_bad_access
diff --git a/source3/smbd/smb2_glue.c b/source3/smbd/smb2_glue.c
index b41775d..0bb34be 100644
--- a/source3/smbd/smb2_glue.c
+++ b/source3/smbd/smb2_glue.c
@@ -48,6 +48,22 @@ struct smb_request *smbd_smb2_fake_smb_request(struct 
smbd_smb2_request *req)
                         FLAGS2_32_BIT_ERROR_CODES |
                         FLAGS2_LONG_PATH_COMPONENTS |
                         FLAGS2_IS_LONG_NAME;
+
+       /* This is not documented in revision 49 of [MS-SMB2] but should be
+        * added in a later revision (and torture test smb2.read.access
+        * as well as smb2.ioctl_copy_chunk_bad_access against
+        * Server 2012R2 confirms this)
+        *
+        * If FILE_EXECUTE is granted to a handle then the SMB2 server
+        * acts as if FILE_READ_DATA has also been granted. We must still
+        * keep the original granted mask, because with ioctl requests,
+        * access checks are made on the file handle, "below" the SMB2
+        * server, and the object store below the SMB layer is not aware
+        * of this arrangement (see smb2.ioctl.copy_chunk_bad_access
+        * torture test).
+        */
+       smbreq->flags2 |= FLAGS2_READ_PERMIT_EXECUTE;
+
        if (IVAL(inhdr, SMB2_HDR_FLAGS) & SMB2_HDR_FLAG_DFS) {
                smbreq->flags2 |= FLAGS2_DFS_PATHNAMES;
        }


-- 
Samba Shared Repository

Reply via email to