The Samba-Bugzilla – Attachment 12943 Details for
Bug 12536
smbd doesn't check for invalid bits in access_mask
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.4, 4.5 and 4.6 cherry-picked from master
bug12536-v44,v45,v46.patch (text/plain), 4.45 KB, created by
Ralph Böhme
on 2017-02-15 17:46:17 UTC
(
hide
)
Description:
Patch for 4.4, 4.5 and 4.6 cherry-picked from master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2017-02-15 17:46:17 UTC
Size:
4.45 KB
patch
obsolete
>From 2827656c3417f82291d30f8f7b18a14983968da5 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Mon, 23 Jan 2017 17:35:51 +0100 >Subject: [PATCH 1/2] selftest: also run test base.createx_access against ad_dc > >Fails currently, will be made to work in the next commit. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=12536 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit a3781d1cfe7d5e7df20fc65a9a7653937f03808c) >--- > selftest/knownfail | 1 + > source3/selftest/tests.py | 4 +++- > 2 files changed, 4 insertions(+), 1 deletion(-) > >diff --git a/selftest/knownfail b/selftest/knownfail >index d96e238..aa27eea 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -39,6 +39,7 @@ > ^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_group\(nt4_dc\) > ^samba3.base.delete.deltest16a > ^samba3.base.delete.deltest17a >+^samba3.base.createx_access.createx_access\(ad_dc\) > ^samba3.unix.whoami anonymous connection.whoami\(ad_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token > ^samba3.unix.whoami anonymous connection.whoami\(ad_member\) # smbd maps anonymous logins to domain guest in the local domain, not SID_NT_ANONYMOUS > # these show that we still have some differences between our system >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index b72da85..d482145 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -280,7 +280,7 @@ plantestsuite("samba3.async_req", "nt4_dc", > > #smbtorture4 tests > >-base = ["base.attr", "base.charset", "base.chkpath", "base.defer_open", "base.delaywrite", "base.delete", >+base = ["base.attr", "base.charset", "base.chkpath", "base.createx_access", "base.defer_open", "base.delaywrite", "base.delete", > "base.deny1", "base.deny2", "base.deny3", "base.denydos", "base.dir1", "base.dir2", > "base.disconnect", "base.fdpass", "base.lock", > "base.mangle", "base.negnowait", "base.ntdeny1", >@@ -336,6 +336,8 @@ tests= base + raw + smb2 + rpc + unix + local + rap + nbt + libsmbclient + idmap > for t in tests: > if t == "base.delaywrite": > plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD -k yes --maximum-runtime=900') >+ if t == "base.createx_access": >+ plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD -k yes --maximum-runtime=900') > elif t == "rap.sam": > plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1') > plansmbtorture4testsuite(t, "ad_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1') >-- >2.9.3 > > >From 4ef59f26b43dec61afedb46d1dad3ff8f82a0f04 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Mon, 23 Jan 2017 16:19:06 +0100 >Subject: [PATCH 2/2] s3/smbd: check for invalid access_mask > smbd_calculate_access_mask() > >This makes us pass "base.createx_access". > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=12536 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 326765923f1d384e5cd8b7fda048b459c67a4bf5) >--- > selftest/knownfail | 1 - > source3/smbd/open.c | 6 ++++++ > 2 files changed, 6 insertions(+), 1 deletion(-) > >diff --git a/selftest/knownfail b/selftest/knownfail >index aa27eea..d96e238 100644 >--- a/selftest/knownfail >+++ b/selftest/knownfail >@@ -39,7 +39,6 @@ > ^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_group\(nt4_dc\) > ^samba3.base.delete.deltest16a > ^samba3.base.delete.deltest17a >-^samba3.base.createx_access.createx_access\(ad_dc\) > ^samba3.unix.whoami anonymous connection.whoami\(ad_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token > ^samba3.unix.whoami anonymous connection.whoami\(ad_member\) # smbd maps anonymous logins to domain guest in the local domain, not SID_NT_ANONYMOUS > # these show that we still have some differences between our system >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 42db659..4be30a0 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -2274,6 +2274,12 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn, > uint32_t orig_access_mask = access_mask; > uint32_t rejected_share_access; > >+ if (access_mask & SEC_MASK_INVALID) { >+ DBG_DEBUG("access_mask [%8x] contains invalid bits\n", >+ access_mask); >+ return NT_STATUS_ACCESS_DENIED; >+ } >+ > /* > * Convert GENERIC bits to specific bits. > */ >-- >2.9.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12943">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 12536
: 12943