[SCM] Samba Shared Repository - branch v4-16-test updated

Jule Anger Mon, 05 Dec 2022 03:04:25 -0800

The branch, v4-16-test has been updated
       via  885e3fc12de smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories
       via  8c2f27d442f torture: add a test trying to set 
FILE_ATTRIBUTE_TEMPORARY on a directory
      from  7edddbc684c CVE-2022-42898: HEIMDAL: lib/krb5: fix _krb5_get_int64 
on systems where 'unsigned long' is just 32-bit


https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test


- Log -----------------------------------------------------------------
commit 885e3fc12de55e56e6170be4456101bda09d8a17
Author: Ralph Boehme <s...@samba.org>
Date:   Tue Nov 22 07:31:52 2022 +0100

    smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories
    
    Cf MS-FSA 2.1.5.14.2
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
    
    Signed-off-by: Ralph Boehme <s...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    
    Autobuild-User(master): Ralph Böhme <s...@samba.org>
    Autobuild-Date(master): Mon Nov 28 10:14:12 UTC 2022 on sn-devel-184
    
    (cherry picked from commit 535a08dfc4c045d7b0c0ed335f76b5d560dd7bbd)
    
    Autobuild-User(v4-16-test): Jule Anger <jan...@samba.org>
    Autobuild-Date(v4-16-test): Mon Dec  5 11:03:30 UTC 2022 on sn-devel-184

commit 8c2f27d442f49453079f6037a54e6a02cc276573
Author: Ralph Boehme <s...@samba.org>
Date:   Tue Nov 22 10:45:35 2022 +0100

    torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
    
    Signed-off-by: Ralph Boehme <s...@samba.org>
    Reviewed-by: Andrew Bartlett <abart...@samba.org>
    (cherry picked from commit fdb19ce8aa189f6cfbd2d1fd7ed6fe809ba93cf3)

-----------------------------------------------------------------------

Summary of changes:
 selftest/knownfail            |  1 +
 source3/smbd/dosmode.c        |  7 +++++++
 source4/torture/smb2/create.c | 47 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)


Changeset truncated at 500 lines:

diff --git a/selftest/knownfail b/selftest/knownfail
index a630270e5f0..7851ec397a0 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -146,6 +146,7 @@
 ^samba4.smb2.create.*.acldir
 ^samba4.smb2.create.*.impersonation
 ^samba4.smb2.create.quota-fake-file\(ad_dc_ntvfs\) # not supported by the NTVFS
+^samba4.smb2.create.dosattr_tmp_dir\(ad_dc_ntvfs\)
 ^samba4.smb2.acls.*.generic
 ^samba4.smb2.acls.*.inheritflags
 ^samba4.smb2.acls.*.owner
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index c97cdb65d93..0ae2c959220 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -940,6 +940,13 @@ int file_set_dosmode(connection_struct *conn,
                return -1;
        }
 
+       if ((S_ISDIR(smb_fname->st.st_ex_mode)) &&
+           (dosmode & FILE_ATTRIBUTE_TEMPORARY))
+       {
+               errno = EINVAL;
+               return -1;
+       }
+
        dosmode &= SAMBA_ATTRIBUTES_MASK;
 
        DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n",
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
index 94dbae917fd..956224b5b08 100644
--- a/source4/torture/smb2/create.c
+++ b/source4/torture/smb2/create.c
@@ -3059,6 +3059,52 @@ static bool test_fileid_unique_dir(
        return test_fileid_unique_object(tctx, tree, 100, true);
 }
 
+static bool test_dosattr_tmp_dir(struct torture_context *tctx,
+                                struct smb2_tree *tree)
+{
+       bool ret = true;
+       NTSTATUS status;
+       struct smb2_create c;
+       struct smb2_handle h1 = {{0}};
+       const char *fname = DNAME;
+
+       smb2_deltree(tree, fname);
+       smb2_util_rmdir(tree, fname);
+
+       c = (struct smb2_create) {
+               .in.desired_access = SEC_RIGHTS_DIR_ALL,
+               .in.file_attributes  = FILE_ATTRIBUTE_DIRECTORY,
+               .in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+               .in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+                       NTCREATEX_SHARE_ACCESS_WRITE |
+                       NTCREATEX_SHARE_ACCESS_DELETE,
+               .in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+               .in.fname = DNAME,
+       };
+
+       status = smb2_create(tree, tctx, &c);
+       torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+                                       "smb2_create\n");
+       h1 = c.out.file.handle;
+
+       /* Try to set temporary attribute on directory */
+       SET_ATTRIB(FILE_ATTRIBUTE_TEMPORARY);
+
+       torture_assert_ntstatus_equal_goto(tctx, status,
+                                          NT_STATUS_INVALID_PARAMETER,
+                                          ret, done,
+                                          "Unexpected setinfo result\n");
+
+done:
+       if (!smb2_util_handle_empty(h1)) {
+               smb2_util_close(tree, h1);
+       }
+       smb2_util_unlink(tree, fname);
+       smb2_deltree(tree, fname);
+
+       return ret;
+}
+
 /*
   test opening quota fakefile handle and returned attributes
 */
@@ -3141,6 +3187,7 @@ struct torture_suite *torture_smb2_create_init(TALLOC_CTX 
*ctx)
        torture_suite_add_1smb2_test(suite, "nulldacl", test_create_null_dacl);
        torture_suite_add_1smb2_test(suite, "mkdir-dup", test_mkdir_dup);
        torture_suite_add_1smb2_test(suite, "dir-alloc-size", 
test_dir_alloc_size);
+       torture_suite_add_1smb2_test(suite, "dosattr_tmp_dir", 
test_dosattr_tmp_dir);
        torture_suite_add_1smb2_test(suite, "quota-fake-file", 
test_smb2_open_quota_fake_file);
 
        suite->description = talloc_strdup(suite, "SMB2-CREATE tests");


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-16-test updated

Reply via email to