The branch, master has been updated
via 927290b vfs_streams_xattr: check stream type
via 1076e4e vfs_streams_xattr: initialize pointer
via 1160fcf vfs_streams_xattr: fix check with samba_private_attr_name()
from b7f6b09 s4-dns: dlz-bind: Add trailing '.' to all fqdn strings
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 927290b384bc4f4fd53a1f93d4d27ccc71dd6135
Author: Ralph Boehme <[email protected]>
Date: Fri Nov 21 14:56:08 2014 +0100
vfs_streams_xattr: check stream type
Only allow access to the stream type "$DATA". vfs_streams_depot does
this too and it fixes the failing test "smb2.streams.names".
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Sat Nov 22 01:07:54 CET 2014 on sn-devel-104
commit 1076e4e4e2a2b6238116bd860b03a9dcc8a151f8
Author: Ralph Boehme <[email protected]>
Date: Fri Nov 21 14:54:17 2014 +0100
vfs_streams_xattr: initialize pointer
Intitialize pointer to NULL, otherwise we talloc_free() an unitialized
pointer in the error code path.
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 1160fcfe3d97644a6bcfa9ee687fd7dfca58e812
Author: Ralph Boehme <[email protected]>
Date: Thu Nov 20 16:33:22 2014 +0100
vfs_streams_xattr: fix check with samba_private_attr_name()
We want to check with samba_private_attr_name() whether the xattr name
is a private one, unfortunately it flags xattrs that begin with the
default streams prefix as private. By only calling
samba_private_attr_name() in case the xattr does NOT begin with the
default prefix, we know that if it returns 'true' it definitely one of
our internal xattr like "user.DOSATTRIB".
This fixes a bug introduced in 634bcb09a08b927fd79ae0e16aeee2a123605f94
that denied all access to valid stream xattrs.
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_streams_xattr.c | 29 +++++++++++++++++++++++++----
1 file changed, 25 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_streams_xattr.c
b/source3/modules/vfs_streams_xattr.c
index 735db2b..f0ab732 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -114,6 +114,12 @@ static NTSTATUS streams_xattr_get_name(vfs_handle_struct
*handle,
stype = strchr_m(stream_name + 1, ':');
+ if (stype) {
+ if (strcasecmp_m(stype, ":$DATA") != 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
*xattr_name = talloc_asprintf(ctx, "%s%s",
config->prefix,
stream_name + 1);
@@ -533,7 +539,7 @@ static int streams_xattr_unlink(vfs_handle_struct *handle,
{
NTSTATUS status;
int ret = -1;
- char *xattr_name;
+ char *xattr_name = NULL;
if (!is_ntfs_stream_smb_fname(smb_fname)) {
return SMB_VFS_NEXT_UNLINK(handle, smb_fname);
@@ -687,13 +693,28 @@ static NTSTATUS walk_xattr_streams(vfs_handle_struct
*handle, files_struct *fsp,
for (i=0; i<num_names; i++) {
struct ea_struct ea;
+ /*
+ * We want to check with samba_private_attr_name()
+ * whether the xattr name is a private one,
+ * unfortunately it flags xattrs that begin with the
+ * default streams prefix as private.
+ *
+ * By only calling samba_private_attr_name() in case
+ * the xattr does NOT begin with the default prefix,
+ * we know that if it returns 'true' it definitely one
+ * of our internal xattr like "user.DOSATTRIB".
+ */
+ if (strncasecmp_m(names[i], SAMBA_XATTR_DOSSTREAM_PREFIX,
+ strlen(SAMBA_XATTR_DOSSTREAM_PREFIX)) != 0) {
+ if (samba_private_attr_name(names[i])) {
+ continue;
+ }
+ }
+
if (strncmp(names[i], config->prefix,
config->prefix_len) != 0) {
continue;
}
- if (samba_private_attr_name(names[i])) {
- continue;
- }
status = get_ea_value(names, handle->conn, fsp, fname,
names[i], &ea);
--
Samba Shared Repository
