From f454a56321953dbebc35d6058853c9e83f6d0e82 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Tue, 22 Nov 2022 10:45:35 +0100 Subject: [PATCH 1/2] torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252 Signed-off-by: Ralph Boehme Reviewed-by: Andrew Bartlett (cherry picked from commit fdb19ce8aa189f6cfbd2d1fd7ed6fe809ba93cf3) --- selftest/knownfail | 1 + .../samba3.smb2.create.dosattr_tmp_dir | 1 + source4/torture/smb2/create.c | 47 +++++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 selftest/knownfail.d/samba3.smb2.create.dosattr_tmp_dir diff --git a/selftest/knownfail b/selftest/knownfail index 82dd7e1e8b43..690690012aac 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -146,6 +146,7 @@ ^samba4.smb2.create.*.acldir ^samba4.smb2.create.*.impersonation ^samba4.smb2.create.quota-fake-file\(ad_dc_ntvfs\) # not supported by the NTVFS +^samba4.smb2.create.dosattr_tmp_dir\(ad_dc_ntvfs\) ^samba4.smb2.acls.*.generic ^samba4.smb2.acls.*.inheritflags ^samba4.smb2.acls.*.owner diff --git a/selftest/knownfail.d/samba3.smb2.create.dosattr_tmp_dir b/selftest/knownfail.d/samba3.smb2.create.dosattr_tmp_dir new file mode 100644 index 000000000000..ab5e36588369 --- /dev/null +++ b/selftest/knownfail.d/samba3.smb2.create.dosattr_tmp_dir @@ -0,0 +1 @@ +^samba3.smb2.create.dosattr_tmp_dir\(.*\) diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 9357528909e2..cdd543685a12 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -3372,6 +3372,52 @@ static bool test_fileid_unique_dir( return test_fileid_unique_object(tctx, tree, 100, true); } +static bool test_dosattr_tmp_dir(struct torture_context *tctx, + struct smb2_tree *tree) +{ + bool ret = true; + NTSTATUS status; + struct smb2_create c; + struct smb2_handle h1 = {{0}}; + const char *fname = DNAME; + + smb2_deltree(tree, fname); + smb2_util_rmdir(tree, fname); + + c = (struct smb2_create) { + .in.desired_access = SEC_RIGHTS_DIR_ALL, + .in.file_attributes = FILE_ATTRIBUTE_DIRECTORY, + .in.create_disposition = NTCREATEX_DISP_OPEN_IF, + .in.share_access = NTCREATEX_SHARE_ACCESS_READ | + NTCREATEX_SHARE_ACCESS_WRITE | + NTCREATEX_SHARE_ACCESS_DELETE, + .in.create_options = NTCREATEX_OPTIONS_DIRECTORY, + .in.fname = DNAME, + }; + + status = smb2_create(tree, tctx, &c); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create\n"); + h1 = c.out.file.handle; + + /* Try to set temporary attribute on directory */ + SET_ATTRIB(FILE_ATTRIBUTE_TEMPORARY); + + torture_assert_ntstatus_equal_goto(tctx, status, + NT_STATUS_INVALID_PARAMETER, + ret, done, + "Unexpected setinfo result\n"); + +done: + if (!smb2_util_handle_empty(h1)) { + smb2_util_close(tree, h1); + } + smb2_util_unlink(tree, fname); + smb2_deltree(tree, fname); + + return ret; +} + /* test opening quota fakefile handle and returned attributes */ @@ -3927,6 +3973,7 @@ struct torture_suite *torture_smb2_create_init(TALLOC_CTX *ctx) torture_suite_add_1smb2_test(suite, "nulldacl", test_create_null_dacl); torture_suite_add_1smb2_test(suite, "mkdir-dup", test_mkdir_dup); torture_suite_add_1smb2_test(suite, "dir-alloc-size", test_dir_alloc_size); + torture_suite_add_1smb2_test(suite, "dosattr_tmp_dir", test_dosattr_tmp_dir); torture_suite_add_1smb2_test(suite, "quota-fake-file", test_smb2_open_quota_fake_file); torture_suite_add_1smb2_test(suite, "bench-path-contention-shared", test_smb2_bench_path_contention_shared); -- 2.38.1 From b19ccec31cb6de43e8003dacddd3c1fd3acca41c Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Tue, 22 Nov 2022 07:31:52 +0100 Subject: [PATCH 2/2] smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cf MS-FSA 2.1.5.14.2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252 Signed-off-by: Ralph Boehme Reviewed-by: Andrew Bartlett Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Nov 28 10:14:12 UTC 2022 on sn-devel-184 (cherry picked from commit 535a08dfc4c045d7b0c0ed335f76b5d560dd7bbd) --- selftest/knownfail.d/samba3.smb2.create.dosattr_tmp_dir | 1 - source3/smbd/dosmode.c | 7 +++++++ 2 files changed, 7 insertions(+), 1 deletion(-) delete mode 100644 selftest/knownfail.d/samba3.smb2.create.dosattr_tmp_dir diff --git a/selftest/knownfail.d/samba3.smb2.create.dosattr_tmp_dir b/selftest/knownfail.d/samba3.smb2.create.dosattr_tmp_dir deleted file mode 100644 index ab5e36588369..000000000000 --- a/selftest/knownfail.d/samba3.smb2.create.dosattr_tmp_dir +++ /dev/null @@ -1 +0,0 @@ -^samba3.smb2.create.dosattr_tmp_dir\(.*\) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index cb3cdc568bd5..4faa270403d5 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -913,6 +913,13 @@ int file_set_dosmode(connection_struct *conn, return -1; } + if ((S_ISDIR(smb_fname->st.st_ex_mode)) && + (dosmode & FILE_ATTRIBUTE_TEMPORARY)) + { + errno = EINVAL; + return -1; + } + dosmode &= SAMBA_ATTRIBUTES_MASK; DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n", -- 2.38.1