diff options
author | David Disseldorp <ddiss@samba.org> | 2013-01-15 17:23:10 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2013-01-16 23:15:07 +0100 |
commit | cb323281c1f2b66f2b42527cda722e57ca1f1f23 (patch) | |
tree | 324d4dbf100cee51cf37fdc76e0c4523bc8078f5 | |
parent | 456724f05d79733fe805a3209231c565d69d2be3 (diff) | |
download | samba-cb323281c1f2b66f2b42527cda722e57ca1f1f23.tar.gz samba-cb323281c1f2b66f2b42527cda722e57ca1f1f23.tar.xz samba-cb323281c1f2b66f2b42527cda722e57ca1f1f23.zip |
smb2_ioctl: copychunk CHECK_READ and CHECK_WRITE
[MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request, specifies
that the copychunk destination file handle be granted FILE_WRITE_DATA
and FILE_READ_DATA access.
FILE_READ_DATA access must also be granted on the copychunk source file,
which may be done implicitly with execute permission.
Reviewed by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | source3/smbd/smb2_ioctl_network_fs.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c index 5721a4cc63..125aaaee38 100644 --- a/source3/smbd/smb2_ioctl_network_fs.c +++ b/source3/smbd/smb2_ioctl_network_fs.c @@ -23,6 +23,7 @@ #include "smbd/smbd.h" #include "smbd/globals.h" #include "../libcli/smb/smb_common.h" +#include "../libcli/security/security.h" #include "../lib/util/tevent_ntstatus.h" #include "../lib/ccan/build_assert/build_assert.h" #include "include/ntioctl.h" @@ -207,6 +208,30 @@ static struct tevent_req *fsctl_srv_copychunk_send(TALLOC_CTX *mem_ctx, } state->dst_fsp = dst_fsp; + /* + * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request + * If Open.GrantedAccess of the destination file does not + * include FILE_WRITE_DATA, then the request MUST be failed with + * STATUS_ACCESS_DENIED. If Open.GrantedAccess of the + * destination file does not include FILE_READ_DATA access and + * the CtlCode is FSCTL_SRV_COPYCHUNK, then the request MUST be + * failed with STATUS_ACCESS_DENIED. + */ + if (!CHECK_WRITE(state->dst_fsp)) { + state->status = NT_STATUS_ACCESS_DENIED; + tevent_req_nterror(req, state->status); + return tevent_req_post(req, ev); + } + if (!CHECK_READ(state->dst_fsp, smb2req->smb1req)) { + state->status = NT_STATUS_ACCESS_DENIED; + tevent_req_nterror(req, state->status); + return tevent_req_post(req, ev); + } + if (!CHECK_READ(state->src_fsp, smb2req->smb1req)) { + state->status = NT_STATUS_ACCESS_DENIED; + tevent_req_nterror(req, state->status); + return tevent_req_post(req, ev); + } state->status = copychunk_check_limits(&cc_copy); if (tevent_req_nterror(req, state->status)) { |