From 1160fcfe3d97644a6bcfa9ee687fd7dfca58e812 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 20 Nov 2014 16:33:22 +0100 Subject: [PATCH 1/3] vfs_streams_xattr: fix check with samba_private_attr_name() We want to check with samba_private_attr_name() whether the xattr name is a private one, unfortunately it flags xattrs that begin with the default streams prefix as private. By only calling samba_private_attr_name() in case the xattr does NOT begin with the default prefix, we know that if it returns 'true' it definitely one of our internal xattr like "user.DOSATTRIB". This fixes a bug introduced in 634bcb09a08b927fd79ae0e16aeee2a123605f94 that denied all access to valid stream xattrs. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- source3/modules/vfs_streams_xattr.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 735db2b..6314442 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -687,13 +687,28 @@ static NTSTATUS walk_xattr_streams(vfs_handle_struct *handle, files_struct *fsp, for (i=0; iprefix, config->prefix_len) != 0) { continue; } - if (samba_private_attr_name(names[i])) { - continue; - } status = get_ea_value(names, handle->conn, fsp, fname, names[i], &ea); -- 1.9.3 From 1076e4e4e2a2b6238116bd860b03a9dcc8a151f8 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Fri, 21 Nov 2014 14:54:17 +0100 Subject: [PATCH 2/3] vfs_streams_xattr: initialize pointer Intitialize pointer to NULL, otherwise we talloc_free() an unitialized pointer in the error code path. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- source3/modules/vfs_streams_xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 6314442..f65ccc8 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -533,7 +533,7 @@ static int streams_xattr_unlink(vfs_handle_struct *handle, { NTSTATUS status; int ret = -1; - char *xattr_name; + char *xattr_name = NULL; if (!is_ntfs_stream_smb_fname(smb_fname)) { return SMB_VFS_NEXT_UNLINK(handle, smb_fname); -- 1.9.3 From 927290b384bc4f4fd53a1f93d4d27ccc71dd6135 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Fri, 21 Nov 2014 14:56:08 +0100 Subject: [PATCH 3/3] vfs_streams_xattr: check stream type Only allow access to the stream type "$DATA". vfs_streams_depot does this too and it fixes the failing test "smb2.streams.names". Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Nov 22 01:07:54 CET 2014 on sn-devel-104 --- source3/modules/vfs_streams_xattr.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index f65ccc8..f0ab732 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -114,6 +114,12 @@ static NTSTATUS streams_xattr_get_name(vfs_handle_struct *handle, stype = strchr_m(stream_name + 1, ':'); + if (stype) { + if (strcasecmp_m(stype, ":$DATA") != 0) { + return NT_STATUS_INVALID_PARAMETER; + } + } + *xattr_name = talloc_asprintf(ctx, "%s%s", config->prefix, stream_name + 1); -- 1.9.3