The branch, v4-4-test has been updated
via 42d2d38 s3: ntlm_auth: Don't corrupt the output stream with debug
messages.
via 29e228c lib: security: se_access_check() incorrectly processes
owner rights (S-1-3-4) DENY ace entries
via 3873681 s3: smbd: Add missing permissions check on destination
folder.
via 6c28575 s3: smbd: Make check_parent_access() available to rename
code.
via 3c2cc97 s3: smbd: rename - missing early error exit if source and
destination prefixes are different.
from 764444d manpages/vfs_fruit: add warning to fruit:resoure=stream
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-test
- Log -----------------------------------------------------------------
commit 42d2d3844564c152ae21b6e8cabaa99dbf019c36
Author: Jeremy Allison <[email protected]>
Date: Sat Dec 10 13:56:18 2016 -0800
s3: ntlm_auth: Don't corrupt the output stream with debug messages.
Calling programs expect to cleanly read from STDOUT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12467
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Uri Simchoni <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 9fbd544b90c2b27985637a9bb3fa520f891f8696)
Autobuild-User(v4-4-test): Karolin Seeger <[email protected]>
Autobuild-Date(v4-4-test): Thu Dec 15 12:21:27 CET 2016 on sn-devel-144
commit 29e228cfe55a0dfd391b7cd7d63b4dcf3faf71cc
Author: Jeremy Allison <[email protected]>
Date: Thu Dec 8 10:40:18 2016 -0800
lib: security: se_access_check() incorrectly processes owner rights
(S-1-3-4) DENY ace entries
Reported and proposed fix by Shilpa K <[email protected]>.
When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the
code OR's in the deny access mask bits without taking into account if
they were being requested in the requested access mask.
E.g. The current logic has:
An ACL containining:
[0] SID: S-1-3-4
TYPE: DENY
MASK: WRITE_DATA
[1] SID: S-1-3-4
TYPE: ALLOW
MASK: ALLOW_ALL
prohibits an open request by the owner for READ_DATA - even though this
is explicitly allowed.
Furthermore a non-canonical ACL containing:
[0] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: READ_DATA
[1] SID: S-1-3-4
TYPE: DENY
MASK: READ_DATA
[2] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: WRITE_DATA
prohibits an open request by the owner for READ_DATA|WRITE_DATA - even
though READ_DATA is explicitly allowed in ACE no 0 and is thus already
filtered out of the "access-still-needed" mask when the deny ACE no 1 is
evaluated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12466
Signed-off-by: Jeremy Allison <[email protected]>
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
(cherry picked from commit 29b02cf22f3c0f2d556408e9e768d68c1efc3b96)
commit 387368180913af6acdb0911a94123ac0c960cb17
Author: Jeremy Allison <[email protected]>
Date: Mon Dec 5 14:32:55 2016 -0800
s3: smbd: Add missing permissions check on destination folder.
Based on code from Michael Zeis <[email protected]>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
(cherry picked from commit 91b591224ab7f8ea7b4594da9f61efef14353f7f)
commit 6c28575b57be6367f6d5f1ce159c7e21d7f23397
Author: Jeremy Allison <[email protected]>
Date: Mon Dec 5 14:32:03 2016 -0800
s3: smbd: Make check_parent_access() available to rename code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
(cherry picked from commit beb8a73e95e768565760f79c2a16586bafb4e58c)
commit 3c2cc979822c823c5fe720ab93ccf89ffa37bf28
Author: Jeremy Allison <[email protected]>
Date: Mon Dec 5 14:13:14 2016 -0800
s3: smbd: rename - missing early error exit if source and destination
prefixes are different.
Noticed by Michael Zeis <[email protected]>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Ralph Boehme <[email protected]>
(cherry picked from commit 2bfad1c9d3237ad8d174b7dc2d1e6e3c53fdb8dc)
-----------------------------------------------------------------------
Summary of changes:
libcli/security/access_check.c | 2 +-
source3/smbd/open.c | 2 +-
source3/smbd/proto.h | 3 +++
source3/smbd/reply.c | 18 ++++++++++++++++++
source3/utils/ntlm_auth.c | 6 +++---
5 files changed, 26 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 2be5928..b4c850b 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -220,7 +220,7 @@ NTSTATUS se_access_check(const struct security_descriptor
*sd,
owner_rights_allowed |= ace->access_mask;
owner_rights_default = false;
} else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
- owner_rights_denied |= ace->access_mask;
+ owner_rights_denied |= (bits_remaining &
ace->access_mask);
owner_rights_default = false;
}
continue;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 90155bd..ced3bb0 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -235,7 +235,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct
*conn,
return NT_STATUS_OK;
}
-static NTSTATUS check_parent_access(struct connection_struct *conn,
+NTSTATUS check_parent_access(struct connection_struct *conn,
struct smb_filename *smb_fname,
uint32_t access_mask)
{
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index ca8ea57..4ba7316 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -615,6 +615,9 @@ NTSTATUS smbd_check_access_rights(struct connection_struct
*conn,
const struct smb_filename *smb_fname,
bool use_privs,
uint32_t access_mask);
+NTSTATUS check_parent_access(struct connection_struct *conn,
+ struct smb_filename *smb_fname,
+ uint32_t access_mask);
NTSTATUS fd_open(struct connection_struct *conn, files_struct *fsp,
int flags, mode_t mode);
NTSTATUS fd_close(files_struct *fsp);
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 6b16458..3ba61a3 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -6589,6 +6589,7 @@ NTSTATUS rename_internals_fsp(connection_struct *conn,
struct smb_filename *smb_fname_dst = NULL;
NTSTATUS status = NT_STATUS_OK;
struct share_mode_lock *lck = NULL;
+ uint32_t access_mask = SEC_DIR_ADD_FILE;
bool dst_exists, old_is_stream, new_is_stream;
status = check_name(conn, smb_fname_dst_in->base_name);
@@ -6769,6 +6770,23 @@ NTSTATUS rename_internals_fsp(connection_struct *conn,
if (rename_path_prefix_equal(fsp->fsp_name, smb_fname_dst)) {
status = NT_STATUS_ACCESS_DENIED;
+ goto out;
+ }
+
+ /* Do we have rights to move into the destination ? */
+ if (S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
+ /* We're moving a directory. */
+ access_mask = SEC_DIR_ADD_SUBDIR;
+ }
+ status = check_parent_access(conn,
+ smb_fname_dst,
+ access_mask);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_INFO("check_parent_access on "
+ "dst %s returned %s\n",
+ smb_fname_str_dbg(smb_fname_dst),
+ nt_errstr(status));
+ goto out;
}
lck = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index b65493b..653be45 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -291,7 +291,7 @@ static char winbind_separator(void)
if (winbindd_request_response(NULL, WINBINDD_INFO, NULL, &response) !=
NSS_STATUS_SUCCESS) {
- d_printf("could not obtain winbind separator!\n");
+ d_fprintf(stderr, "could not obtain winbind separator!\n");
return *lp_winbind_separator();
}
@@ -299,7 +299,7 @@ static char winbind_separator(void)
got_sep = True;
if (!sep) {
- d_printf("winbind separator was NULL!\n");
+ d_fprintf(stderr, "winbind separator was NULL!\n");
return *lp_winbind_separator();
}
@@ -493,7 +493,7 @@ static bool check_plaintext_auth(const char *user, const
char *pass,
if (stdout_diagnostics) {
if ((result != NSS_STATUS_SUCCESS) &&
(response.data.auth.nt_status == 0)) {
- d_printf("Reading winbind reply failed! (0x01)\n");
+ d_fprintf(stderr, "Reading winbind reply failed!
(0x01)\n");
}
d_printf("%s: %s (0x%x)\n",
--
Samba Shared Repository
