12944 – Handle EACCES when fetching DOS attributes

Bug 12944 - Handle EACCES when fetching DOS attributes

Summary: Handle EACCES when fetching DOS attributes

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-03 11:15 UTC by Ralph Böhme
Modified:	2017-08-15 08:31 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Patch for 4.5 backported from master (7.85 KB, patch) 2017-08-09 08:10 UTC, Ralph Böhme	cs: review+	Details
Patch for 4.6 backported from master (7.84 KB, patch) 2017-08-09 08:10 UTC, Ralph Böhme	cs: review+	Details
Patch for 4.7 cherry-picked from master (7.82 KB, patch) 2017-08-09 08:11 UTC, Ralph Böhme	cs: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ralph Böhme 2017-08-03 11:15:13 UTC

When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR(), if the filesystem does'n grant read access to the file the xattr read request fails with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an Existing File" FILE_LIST_DIRECTORY on a directory implies FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies  FILE_LIST_DIRECTORY and, for the default VFS implementation with "dos attributes = yes", reading the attributes from an xattr we should call SMB_VFS_GETXATTR() as root.

In VFS modules that make use of DAC, like vfs_gpfs, we should add the corresponding DAC override.

Have patch, need bugnumber.

Comment 1 Ralph Böhme 2017-08-09 08:10:10 UTC

Created attachment 13455 [details]
Patch for 4.5 backported from master

Comment 2 Ralph Böhme 2017-08-09 08:10:40 UTC

Created attachment 13456 [details]
Patch for 4.6 backported from master

Comment 3 Ralph Böhme 2017-08-09 08:11:04 UTC

Created attachment 13457 [details]
Patch for 4.7 cherry-picked from master

Comment 4 Ralph Böhme 2017-08-09 16:22:43 UTC

Reassigning to Karolin for inclusion in 4.5, 4.6 and 4.7.

Comment 5 Karolin Seeger 2017-08-11 08:23:49 UTC

Pushed to autobuild-v4-{7,6,5}-test.

Comment 6 Karolin Seeger 2017-08-15 08:31:51 UTC

(In reply to Karolin Seeger from comment #5)
Pushed to all branches.
Closing out bug report.

Thanks!