The Samba-Bugzilla – Attachment 12749 Details for
Bug 12460
rename_internals_fsp missing ACL permission-check on destination folder
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.4.next
4.4-patch (text/plain), 4.25 KB, created by
Jeremy Allison
on 2016-12-07 22:14:04 UTC
(
hide
)
Description:
git-am fix for 4.4.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2016-12-07 22:14:04 UTC
Size:
4.25 KB
patch
obsolete
>From 9b60e55018532fcc0871d5c3f78e7376e0a19cd5 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 5 Dec 2016 14:13:14 -0800 >Subject: [PATCH 1/3] s3: smbd: rename - missing early error exit if source and > destination prefixes are different. > >Noticed by Michael Zeis <mzeis.quantum@gmail.com>. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit 2bfad1c9d3237ad8d174b7dc2d1e6e3c53fdb8dc) >--- > source3/smbd/reply.c | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c >index 0aec433..6ddfa4f 100644 >--- a/source3/smbd/reply.c >+++ b/source3/smbd/reply.c >@@ -6812,6 +6812,7 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, > > if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) { > status = NT_STATUS_ACCESS_DENIED; >+ goto out; > } > > lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id); >-- >2.8.0.rc3.226.g39d4020 > > >From 9165b30e522bf06c21ff9d651b10321b5d6f33ee Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 5 Dec 2016 14:32:03 -0800 >Subject: [PATCH 2/3] s3: smbd: Make check_parent_access() available to rename > code. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit beb8a73e95e768565760f79c2a16586bafb4e58c) >--- > source3/smbd/open.c | 2 +- > source3/smbd/proto.h | 3 +++ > 2 files changed, 4 insertions(+), 1 deletion(-) > >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 9d10d19..e9bfdec 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -235,7 +235,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, > return NT_STATUS_OK; > } > >-static NTSTATUS check_parent_access(struct connection_struct *conn, >+NTSTATUS check_parent_access(struct connection_struct *conn, > struct smb_filename *smb_fname, > uint32_t access_mask) > { >diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h >index 352d28c..50ede9d 100644 >--- a/source3/smbd/proto.h >+++ b/source3/smbd/proto.h >@@ -642,6 +642,9 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, > const struct smb_filename *smb_fname, > bool use_privs, > uint32_t access_mask); >+NTSTATUS check_parent_access(struct connection_struct *conn, >+ struct smb_filename *smb_fname, >+ uint32_t access_mask); > NTSTATUS fd_open(struct connection_struct *conn, files_struct *fsp, > int flags, mode_t mode); > NTSTATUS fd_close(files_struct *fsp); >-- >2.8.0.rc3.226.g39d4020 > > >From f37952ce616e4b917e9ec464d8b037fc9c1c35ab Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 5 Dec 2016 14:32:55 -0800 >Subject: [PATCH 3/3] s3: smbd: Add missing permissions check on destination > folder. > >Based on code from Michael Zeis <mzeis.quantum@gmail.com>. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >(cherry picked from commit 91b591224ab7f8ea7b4594da9f61efef14353f7f) >--- > source3/smbd/reply.c | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > >diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c >index 6ddfa4f..6acbaca 100644 >--- a/source3/smbd/reply.c >+++ b/source3/smbd/reply.c >@@ -6615,6 +6615,7 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, > struct smb_filename *smb_fname_dst = NULL; > NTSTATUS status = NT_STATUS_OK; > struct share_mode_lock *lck = NULL; >+ uint32_t access_mask = SEC_DIR_ADD_FILE; > bool dst_exists, old_is_stream, new_is_stream; > > status = check_name(conn, smb_fname_dst_in->base_name); >@@ -6815,6 +6816,22 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, > goto out; > } > >+ /* Do we have rights to move into the destination ? */ >+ if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) { >+ /* We're moving a directory. */ >+ access_mask = SEC_DIR_ADD_SUBDIR; >+ } >+ status = check_parent_access(conn, >+ smb_fname_dst, >+ access_mask); >+ if (!NT_STATUS_IS_OK(status)) { >+ DBG_INFO("check_parent_access on " >+ "dst %s returned %s\n", >+ smb_fname_str_dbg(smb_fname_dst), >+ nt_errstr(status)); >+ goto out; >+ } >+ > lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id); > > /* >-- >2.8.0.rc3.226.g39d4020 > >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 12460
:
12731
|
12748
| 12749