The Samba-Bugzilla – Attachment 13683 Details for
Bug 12995
Wrong Samba access checks when changing DOS attributes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for master
bug12995-master.patch (text/plain), 5.22 KB, created by
Ralph Böhme
on 2017-10-13 11:07:14 UTC
(
hide
)
Description:
Patch for master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2017-10-13 11:07:14 UTC
Size:
5.22 KB
patch
obsolete
>From 913437beb0ec4e20c5e02e3af94b7ef6272e269f Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Thu, 12 Oct 2017 15:41:01 +0200 >Subject: [PATCH 1/3] s3/smbd: README.Coding fixes in set_ea_dos_attribute > >While I'm at it, some README.Coding fixes in set_ea_dos_attribute. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/smbd/dosmode.c | 19 +++++++++++-------- > 1 file changed, 11 insertions(+), 8 deletions(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index 3181f2e78a9..73112dc9ab0 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -415,6 +415,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, > struct xattr_DOSATTRIB dosattrib; > enum ndr_err_code ndr_err; > DATA_BLOB blob; >+ int ret; > > if (!lp_store_dos_attributes(SNUM(conn))) { > return NT_STATUS_NOT_IMPLEMENTED; >@@ -456,14 +457,15 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, > return NT_STATUS_INVALID_PARAMETER; > } > >- if (SMB_VFS_SETXATTR(conn, smb_fname, >- SAMBA_XATTR_DOS_ATTRIB, blob.data, blob.length, >- 0) == -1) { >+ ret = SMB_VFS_SETXATTR(conn, smb_fname, >+ SAMBA_XATTR_DOS_ATTRIB, >+ blob.data, blob.length, 0); >+ if (ret != 0) { > NTSTATUS status = NT_STATUS_OK; > bool need_close = false; > files_struct *fsp = NULL; > >- if((errno != EPERM) && (errno != EACCES)) { >+ if ((errno != EPERM) && (errno != EACCES)) { > DBG_INFO("Cannot set " > "attribute EA on file %s: Error = %s\n", > smb_fname_str_dbg(smb_fname), strerror(errno)); >@@ -475,7 +477,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, > */ > > /* Check if we have write access. */ >- if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn))) >+ if (!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn))) > return NT_STATUS_ACCESS_DENIED; > > if (!can_write_to_file(conn, smb_fname)) { >@@ -496,9 +498,10 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, > } > > become_root(); >- if (SMB_VFS_FSETXATTR(fsp, >- SAMBA_XATTR_DOS_ATTRIB, blob.data, >- blob.length, 0) == 0) { >+ ret = SMB_VFS_FSETXATTR(fsp, >+ SAMBA_XATTR_DOS_ATTRIB, >+ blob.data, blob.length, 0); >+ if (ret == 0) { > status = NT_STATUS_OK; > } > unbecome_root(); >-- >2.13.5 > > >From 1bff5d17d27ae161f8f47815b7b736c9ffe5537e Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 29 Aug 2017 15:55:19 +0200 >Subject: [PATCH 2/3] s3/smbd: fix access checks in set_ea_dos_attribute() > >We wanted to set the DOS attributes and failed with permission denied >from the VFS/kernel/filesystem. Next thing we wanna do here is override >this if either > >- "dos filemode = true" is set and the security descriptor gives the > user write access or if > >- the stored security descriptor has FILE_WRITE_ATTRIBUTES > >The former was working, but the latter was not implemented at all. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/smbd/dosmode.c | 16 ++++++++++++++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index 73112dc9ab0..d7b0a8c9a79 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -464,6 +464,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, > NTSTATUS status = NT_STATUS_OK; > bool need_close = false; > files_struct *fsp = NULL; >+ bool set_dosmode_ok = false; > > if ((errno != EPERM) && (errno != EACCES)) { > DBG_INFO("Cannot set " >@@ -477,10 +478,21 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, > */ > > /* Check if we have write access. */ >- if (!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn))) >+ if (!CAN_WRITE(conn)) { > return NT_STATUS_ACCESS_DENIED; >+ } > >- if (!can_write_to_file(conn, smb_fname)) { >+ status = smbd_check_access_rights(conn, smb_fname, false, >+ FILE_WRITE_ATTRIBUTES); >+ if (NT_STATUS_IS_OK(status)) { >+ set_dosmode_ok = true; >+ } >+ >+ if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) { >+ set_dosmode_ok = can_write_to_file(conn, smb_fname); >+ } >+ >+ if (!set_dosmode_ok) { > return NT_STATUS_ACCESS_DENIED; > } > >-- >2.13.5 > > >From 6d3ffc6c7586d06568e83bb592db068c53745621 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Tue, 29 Aug 2017 16:08:06 +0200 >Subject: [PATCH 3/3] s3/smbd: use correct access in > get_file_handle_for_metadata > >All we want here is FILE_WRITE_ATTRIBUTES, not FILE_WRITE_DATA. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/smbd/dosmode.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c >index d7b0a8c9a79..8a11c8fd62a 100644 >--- a/source3/smbd/dosmode.c >+++ b/source3/smbd/dosmode.c >@@ -1167,7 +1167,7 @@ static NTSTATUS get_file_handle_for_metadata(connection_struct *conn, > NULL, /* req */ > 0, /* root_dir_fid */ > smb_fname_cp, /* fname */ >- FILE_WRITE_DATA, /* access_mask */ >+ FILE_WRITE_ATTRIBUTES, /* access_mask */ > (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ > FILE_SHARE_DELETE), > FILE_OPEN, /* create_disposition*/ >-- >2.13.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 12995
:
13513
|
13650
|
13683
|
13701
|
13702