The branch, master has been updated
via a3cc2fe s3/smbd: use correct access in get_file_handle_for_metadata
via 143d262 s3/smbd: fix access checks in set_ea_dos_attribute()
via fbad642 s3/smbd: README.Coding fixes in set_ea_dos_attribute
from 7917f97 vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a3cc2fedab37134edd401b88087e20881c4ea18f
Author: Ralph Boehme <[email protected]>
Date: Tue Aug 29 16:08:06 2017 +0200
s3/smbd: use correct access in get_file_handle_for_metadata
All we want here is FILE_WRITE_ATTRIBUTES, not FILE_WRITE_DATA.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Ralph Böhme <[email protected]>
Autobuild-Date(master): Tue Oct 17 11:48:09 CEST 2017 on sn-devel-144
commit 143d26283dad8422fba557de311c304f0093d647
Author: Ralph Boehme <[email protected]>
Date: Tue Aug 29 15:55:19 2017 +0200
s3/smbd: fix access checks in set_ea_dos_attribute()
We wanted to set the DOS attributes and failed with permission denied
from the VFS/kernel/filesystem. Next thing we wanna do here is override
this if either
- "dos filemode = true" is set and the security descriptor gives the
user write access or if
- the stored security descriptor has FILE_WRITE_ATTRIBUTES
The former was working, but the latter was not implemented at all.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit fbad64200e0199acb644d83073234b2f6c200fce
Author: Ralph Boehme <[email protected]>
Date: Thu Oct 12 15:41:01 2017 +0200
s3/smbd: README.Coding fixes in set_ea_dos_attribute
While I'm at it, some README.Coding fixes in set_ea_dos_attribute.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/dosmode.c | 35 +++++++++++++++++++++++++----------
1 file changed, 25 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 3181f2e..8a11c8f 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -415,6 +415,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
struct xattr_DOSATTRIB dosattrib;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
+ int ret;
if (!lp_store_dos_attributes(SNUM(conn))) {
return NT_STATUS_NOT_IMPLEMENTED;
@@ -456,14 +457,16 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
return NT_STATUS_INVALID_PARAMETER;
}
- if (SMB_VFS_SETXATTR(conn, smb_fname,
- SAMBA_XATTR_DOS_ATTRIB, blob.data, blob.length,
- 0) == -1) {
+ ret = SMB_VFS_SETXATTR(conn, smb_fname,
+ SAMBA_XATTR_DOS_ATTRIB,
+ blob.data, blob.length, 0);
+ if (ret != 0) {
NTSTATUS status = NT_STATUS_OK;
bool need_close = false;
files_struct *fsp = NULL;
+ bool set_dosmode_ok = false;
- if((errno != EPERM) && (errno != EACCES)) {
+ if ((errno != EPERM) && (errno != EACCES)) {
DBG_INFO("Cannot set "
"attribute EA on file %s: Error = %s\n",
smb_fname_str_dbg(smb_fname), strerror(errno));
@@ -475,10 +478,21 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
*/
/* Check if we have write access. */
- if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
+ if (!CAN_WRITE(conn)) {
return NT_STATUS_ACCESS_DENIED;
+ }
- if (!can_write_to_file(conn, smb_fname)) {
+ status = smbd_check_access_rights(conn, smb_fname, false,
+ FILE_WRITE_ATTRIBUTES);
+ if (NT_STATUS_IS_OK(status)) {
+ set_dosmode_ok = true;
+ }
+
+ if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) {
+ set_dosmode_ok = can_write_to_file(conn, smb_fname);
+ }
+
+ if (!set_dosmode_ok) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -496,9 +510,10 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
}
become_root();
- if (SMB_VFS_FSETXATTR(fsp,
- SAMBA_XATTR_DOS_ATTRIB, blob.data,
- blob.length, 0) == 0) {
+ ret = SMB_VFS_FSETXATTR(fsp,
+ SAMBA_XATTR_DOS_ATTRIB,
+ blob.data, blob.length, 0);
+ if (ret == 0) {
status = NT_STATUS_OK;
}
unbecome_root();
@@ -1152,7 +1167,7 @@ static NTSTATUS
get_file_handle_for_metadata(connection_struct *conn,
NULL, /* req */
0, /* root_dir_fid */
smb_fname_cp, /* fname */
- FILE_WRITE_DATA, /* access_mask */
+ FILE_WRITE_ATTRIBUTES, /* access_mask */
(FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
FILE_SHARE_DELETE),
FILE_OPEN, /* create_disposition*/
--
Samba Shared Repository
