Bug 12995 - Wrong Samba access checks when changing DOS attributes
Wrong Samba access checks when changing DOS attributes
Status: ASSIGNED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
unspecified
All All
: P5 normal
: ---
Assigned To: Ralph Böhme
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-29 14:16 UTC by Ralph Böhme
Modified: 2017-08-30 07:42 UTC (History)
2 users (show)

See Also:


Attachments
Possible patch for master (3.25 KB, patch)
2017-08-29 14:16 UTC, Ralph Böhme
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2017-08-29 14:16:19 UTC
Created attachment 13513 [details]
Possible patch for master

When chaning DOS attributes we currently require that the authenticated user has FILE_WRITE_DATA permissions on the file or directory (by virtue of calling can_write_to_file()).

A Windows server allows changing the DOS attributes if the user has FILE_WRITE_ATTRIBUTES (WA):

PS C:\Users\Administrator> icacls.exe C:\share\smb.pcap
C:\share\smb.pcap BUILTIN\Administrators:(Rc,S,RD,RA,WA)

$ ./bin/smbclient -U "riverside\Administrator" -m smb3 //10.10.11.14/share -c "setmode smb.pcap +r"
Enter RIVERSIDE\Administrator's password: 

$ ./bin/smbclient -U "riverside\Administrator" -m smb3 //10.10.11.14/share -c "ls smb.pcap"
Enter RIVERSIDE\Administrator's password: 
  smb.pcap                           AR 566018449  Wed May 31 15:15:33 2017

$ ./bin/smbclient -U "riverside\Administrator" -m smb3 //10.10.11.14/share -c "setmode smb.pcap -r"
Enter RIVERSIDE\Administrator's password: 

$ ./bin/smbclient -U "riverside\Administrator" -m smb3 //10.10.11.14/share -c "ls smb.pcap"
Enter RIVERSIDE\Administrator's password: 
  smb.pcap                            A 566018449  Wed May 31 15:15:33 2017

With the same permissions Samba denies modifying the DOS attribute:

$ ./bin/smbcacls -U slow%x -m smb3 //localhost/share "README" 
REVISION:1
CONTROL:SR|DP
OWNER:SLOWSERVER\slow
GROUP:SLOWSERVER\None
ACL:Everyone:ALLOWED/0x0/READ
ACL:SLOWSERVER\None:ALLOWED/0x0/READ
ACL:SLOWSERVER\slow:ALLOWED/0x0/0x00120181
ACL:SLOWSERVER\fast:ALLOWED/0x0/FULL

$ ./bin/smbclient -U slow%x -m smb3 //localhost/share -c "ls README" 
  README                              A     8859  Tue Aug 29 15:18:22 2017

Setting as user slow who has 0x00120181 (read + write attributes) permissions fails:

$ ./bin/smbclient -U slow%x -m smb3 //localhost/share -c "setmode README +r" 
cli_setatr failed: NT_STATUS_ACCESS_DENIED

Setting as user fast who has full permissions succeeds:

$ ./bin/smbclient -U fast%x -m smb3 //localhost/share -c "setmode README +r"

So checking for FILE_WRITE_DATA instead of FILE_WRITE_ATTRIBUTES  is one problem, but there are more if the underlying file only grants read access to the user.

Attaching a WIP patch for master.
Comment 1 Jeremy Allison 2017-08-29 16:13:11 UTC
Looks good Ralph. Ping me when you want review and merge !