The Samba-Bugzilla – Attachment 13652 Details for
Bug 7933
samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
WIP patch for master
wip-bug7933-master.patch (text/plain), 3.14 KB, created by
Ralph Böhme
on 2017-10-04 20:38:14 UTC
(
hide
)
Description:
WIP patch for master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2017-10-04 20:38:14 UTC
Size:
3.14 KB
patch
obsolete
>From 6f270e6a9bb2a3223d159484b112f3785460a5e3 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 4 Oct 2017 15:45:54 +0200 >Subject: [PATCH 1/3] s3/smbd/posix_acls: return correct status in try_chown > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933 >--- > source3/smbd/posix_acls.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c >index 4748fc01aa1..c2989a2d197 100644 >--- a/source3/smbd/posix_acls.c >+++ b/source3/smbd/posix_acls.c >@@ -3671,7 +3671,7 @@ NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid) > a local SID on the users workstation > */ > if (uid != get_current_uid(fsp->conn)) { >- return NT_STATUS_ACCESS_DENIED; >+ return NT_STATUS_INVALID_OWNER; > } > > become_root(); >-- >2.13.5 > > >From d4fed153134e148a900f09b7cbe8d7fd690540a8 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 4 Oct 2017 12:51:29 +0200 >Subject: [PATCH 2/3] vfs_acl_common: factor out a variable declaration > >Just some README.coding refactoring, no change in behaviour. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_acl_common.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c >index 75e72869e86..56c3be68715 100644 >--- a/source3/modules/vfs_acl_common.c >+++ b/source3/modules/vfs_acl_common.c >@@ -807,8 +807,9 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, > uint32_t security_info_sent, > bool chown_needed) > { >- NTSTATUS status = >- SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); >+ NTSTATUS status; >+ >+ status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); > if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { > return status; > } >-- >2.13.5 > > >From 462cbb74948190617a7543d93d324477a1297675 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 4 Oct 2017 22:27:24 +0200 >Subject: [PATCH 3/3] vfs_acl_common: fix take ownership vs give ownership > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933 >--- > source3/modules/vfs_acl_common.c | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c >index 56c3be68715..aa623864910 100644 >--- a/source3/modules/vfs_acl_common.c >+++ b/source3/modules/vfs_acl_common.c >@@ -808,6 +808,7 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, > bool chown_needed) > { > NTSTATUS status; >+ const struct security_token *token = NULL; > > status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); > if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { >@@ -822,6 +823,11 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, > return NT_STATUS_ACCESS_DENIED; > } > >+ token = get_current_nttok(fsp->conn); >+ if (!security_token_is_sid(token, psd->owner_sid)) { >+ return NT_STATUS_INVALID_OWNER; >+ } >+ > DBG_DEBUG("overriding chown on file %s for sid %s\n", > fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid)); > >-- >2.13.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 7933
:
7140
|
7141
|
7142
|
7143
|
7292
|
7384
|
7581
|
13652
|
13674
|
13675
|
13689
|
13690