Attachment 13683 Details for Bug 12995 – Patch for master

[patch] Patch for master

bug12995-master.patch (text/plain), 5.22 KB, created by Ralph Böhme on 2017-10-13 11:07:14 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ralph Böhme

Created: 2017-10-13 11:07:14 UTC

Size: 5.22 KB

patch

obsolete

>From 913437beb0ec4e20c5e02e3af94b7ef6272e269f Mon Sep 17 00:00:00 2001
>From: Ralph Boehme <slow@samba.org>
>Date: Thu, 12 Oct 2017 15:41:01 +0200
>Subject: [PATCH 1/3] s3/smbd: README.Coding fixes in set_ea_dos_attribute
>
>While I'm at it, some README.Coding fixes in set_ea_dos_attribute.
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
>
>Signed-off-by: Ralph Boehme <slow@samba.org>
>---
> source3/smbd/dosmode.c | 19 +++++++++++--------
> 1 file changed, 11 insertions(+), 8 deletions(-)
>
>diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
>index 3181f2e78a9..73112dc9ab0 100644
>--- a/source3/smbd/dosmode.c
>+++ b/source3/smbd/dosmode.c
>@@ -415,6 +415,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
> 	struct xattr_DOSATTRIB dosattrib;
> 	enum ndr_err_code ndr_err;
> 	DATA_BLOB blob;
>+	int ret;
> 
> 	if (!lp_store_dos_attributes(SNUM(conn))) {
> 		return NT_STATUS_NOT_IMPLEMENTED;
>@@ -456,14 +457,15 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
> 		return NT_STATUS_INVALID_PARAMETER;
> 	}
> 
>-	if (SMB_VFS_SETXATTR(conn, smb_fname,
>-			     SAMBA_XATTR_DOS_ATTRIB, blob.data, blob.length,
>-			     0) == -1) {
>+	ret = SMB_VFS_SETXATTR(conn, smb_fname,
>+			       SAMBA_XATTR_DOS_ATTRIB,
>+			       blob.data, blob.length, 0);
>+	if (ret != 0) {
> 		NTSTATUS status = NT_STATUS_OK;
> 		bool need_close = false;
> 		files_struct *fsp = NULL;
> 
>-		if((errno != EPERM) && (errno != EACCES)) {
>+		if ((errno != EPERM) && (errno != EACCES)) {
> 			DBG_INFO("Cannot set "
> 				 "attribute EA on file %s: Error = %s\n",
> 				 smb_fname_str_dbg(smb_fname), strerror(errno));
>@@ -475,7 +477,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
> 		*/
> 
> 		/* Check if we have write access. */
>-		if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
>+		if (!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
> 			return NT_STATUS_ACCESS_DENIED;
> 
> 		if (!can_write_to_file(conn, smb_fname)) {
>@@ -496,9 +498,10 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
> 		}
> 
> 		become_root();
>-		if (SMB_VFS_FSETXATTR(fsp,
>-				     SAMBA_XATTR_DOS_ATTRIB, blob.data,
>-				     blob.length, 0) == 0) {
>+		ret = SMB_VFS_FSETXATTR(fsp,
>+					SAMBA_XATTR_DOS_ATTRIB,
>+					blob.data, blob.length, 0);
>+		if (ret == 0) {
> 			status = NT_STATUS_OK;
> 		}
> 		unbecome_root();
>-- 
>2.13.5
>
>
>From 1bff5d17d27ae161f8f47815b7b736c9ffe5537e Mon Sep 17 00:00:00 2001
>From: Ralph Boehme <slow@samba.org>
>Date: Tue, 29 Aug 2017 15:55:19 +0200
>Subject: [PATCH 2/3] s3/smbd: fix access checks in set_ea_dos_attribute()
>
>We wanted to set the DOS attributes and failed with permission denied
>from the VFS/kernel/filesystem. Next thing we wanna do here is override
>this if either
>
>- "dos filemode = true" is set and the security descriptor gives the
>  user write access or if
>
>- the stored security descriptor has FILE_WRITE_ATTRIBUTES
>
>The former was working, but the latter was not implemented at all.
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
>
>Signed-off-by: Ralph Boehme <slow@samba.org>
>---
> source3/smbd/dosmode.c | 16 ++++++++++++++--
> 1 file changed, 14 insertions(+), 2 deletions(-)
>
>diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
>index 73112dc9ab0..d7b0a8c9a79 100644
>--- a/source3/smbd/dosmode.c
>+++ b/source3/smbd/dosmode.c
>@@ -464,6 +464,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
> 		NTSTATUS status = NT_STATUS_OK;
> 		bool need_close = false;
> 		files_struct *fsp = NULL;
>+		bool set_dosmode_ok = false;
> 
> 		if ((errno != EPERM) && (errno != EACCES)) {
> 			DBG_INFO("Cannot set "
>@@ -477,10 +478,21 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
> 		*/
> 
> 		/* Check if we have write access. */
>-		if (!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
>+		if (!CAN_WRITE(conn)) {
> 			return NT_STATUS_ACCESS_DENIED;
>+		}
> 
>-		if (!can_write_to_file(conn, smb_fname)) {
>+		status = smbd_check_access_rights(conn, smb_fname, false,
>+						  FILE_WRITE_ATTRIBUTES);
>+		if (NT_STATUS_IS_OK(status)) {
>+			set_dosmode_ok = true;
>+		}
>+
>+		if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) {
>+			set_dosmode_ok = can_write_to_file(conn, smb_fname);
>+		}
>+
>+		if (!set_dosmode_ok) {
> 			return NT_STATUS_ACCESS_DENIED;
> 		}
> 
>-- 
>2.13.5
>
>
>From 6d3ffc6c7586d06568e83bb592db068c53745621 Mon Sep 17 00:00:00 2001
>From: Ralph Boehme <slow@samba.org>
>Date: Tue, 29 Aug 2017 16:08:06 +0200
>Subject: [PATCH 3/3] s3/smbd: use correct access in
> get_file_handle_for_metadata
>
>All we want here is FILE_WRITE_ATTRIBUTES, not FILE_WRITE_DATA.
>
>Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
>
>Signed-off-by: Ralph Boehme <slow@samba.org>
>---
> source3/smbd/dosmode.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
>index d7b0a8c9a79..8a11c8fd62a 100644
>--- a/source3/smbd/dosmode.c
>+++ b/source3/smbd/dosmode.c
>@@ -1167,7 +1167,7 @@ static NTSTATUS get_file_handle_for_metadata(connection_struct *conn,
> 		NULL,                                   /* req */
> 		0,                                      /* root_dir_fid */
> 		smb_fname_cp,				/* fname */
>-		FILE_WRITE_DATA,                        /* access_mask */
>+		FILE_WRITE_ATTRIBUTES,			/* access_mask */
> 		(FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
> 			FILE_SHARE_DELETE),
> 		FILE_OPEN,                              /* create_disposition*/
>-- 
>2.13.5
>

Actions: View

Attachments on bug 12995: 13513 | 13650 | 13683 | 13701 | 13702