The Samba-Bugzilla – Attachment 13513 Details for
Bug 12995
Wrong Samba access checks when changing DOS attributes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible patch for master
wip (text/plain), 3.25 KB, created by
Ralph Böhme
on 2017-08-29 14:16:19 UTC
(
hide
)
Description:
Possible patch for master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2017-08-29 14:16:19 UTC
Size:
3.25 KB
patch
obsolete
>From bef82d3180a6df98623664eaed8a7ae51159573b Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 29 Aug 2017 15:55:19 +0200 >Subject: [PATCH 1/3] s3/smbd: remove lp_dos_filemode() check from permissions > override > >We wanted to set the DOS attributes and failed with permission >denied. Next thing we wanna do here is possible override the kernel >access check given that the stored security descriptor has >FILE_WRITE_ATTRIBUTES for the user. > >All this has nothing to do with what the "dos filemode" setting is for, >so just remove it from this codepath. > >Bug: ... >--- > source3/smbd/dosmode.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index 3181f2e78a9..72980679266 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -475,7 +475,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, > */ > > /* Check if we have write access. */ >- if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn))) >+ if(!CAN_WRITE(conn)) > return NT_STATUS_ACCESS_DENIED; > > if (!can_write_to_file(conn, smb_fname)) { >-- >2.13.5 > > >From 09905d6ccb73a437d6f4d68072bfe3899d049a9b Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 29 Aug 2017 15:57:49 +0200 >Subject: [PATCH 2/3] s3/smbd: setting DOS attributes requires > FILE_WRITE_ATTRIBUTES > >can_write_to_file() tests for FILE_WRITE_DATA, but changing DOS >attributes requires FILE_WRITE_ATTRIBUTES. > >Bug: ... >--- > source3/smbd/dosmode.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index 72980679266..420afd0697f 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -478,7 +478,9 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, > if(!CAN_WRITE(conn)) > return NT_STATUS_ACCESS_DENIED; > >- if (!can_write_to_file(conn, smb_fname)) { >+ status = smbd_check_access_rights(conn, smb_fname, false, >+ FILE_WRITE_ATTRIBUTES); >+ if (!NT_STATUS_IS_OK(status)) { > return NT_STATUS_ACCESS_DENIED; > } > >-- >2.13.5 > > >From ed9f9bd75794bb7cec074f5c4116f132998a837c Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 29 Aug 2017 16:08:06 +0200 >Subject: [PATCH 3/3] s3/smbd: let get_file_handle_for_metadata() open the file > read-only > >We're only using these filehandles in root override cases where we need >a filehandle to call filehandle based syscalls (fchmod and >fsetxattr). This fixes the case of requesting write access on a file >where the user only has read permissions which fails. > >Bug: ... >--- > source3/smbd/dosmode.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index 420afd0697f..38d92e8fa2f 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -1154,7 +1154,7 @@ static NTSTATUS get_file_handle_for_metadata(connection_struct *conn, > NULL, /* req */ > 0, /* root_dir_fid */ > smb_fname_cp, /* fname */ >- FILE_WRITE_DATA, /* access_mask */ >+ FILE_READ_DATA, /* access_mask */ > (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ > FILE_SHARE_DELETE), > FILE_OPEN, /* create_disposition*/ >-- >2.13.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13513">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 12995
:
13513
|
13650
|
13683
|
13701
|
13702