diff options
author | Stefan Metzmacher <metze@samba.org> | 2014-08-20 13:58:38 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-08-22 00:28:08 +0200 |
commit | 1b3ee5e5a336064f324715d46f80661305d93c28 (patch) | |
tree | d8516e29871d2a866209b1f708eefd7ed9eb7a7f /source3/smbd/smb2_setinfo.c | |
parent | f56bfffa51d86f96f0e71cf0c3fe23f1008ddd88 (diff) | |
download | samba-1b3ee5e5a336064f324715d46f80661305d93c28.tar.gz samba-1b3ee5e5a336064f324715d46f80661305d93c28.tar.xz samba-1b3ee5e5a336064f324715d46f80661305d93c28.zip |
s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS
Sometimes Windows clients doesn't filter SECINFO_[UN]PROTECTED_[D|S]ACL flags
before sending the security_information to the server.
security_information = SECINFO_PROTECTED_DACL| SECINFO_DACL
results in a NULL dacl being returned from an GetSecurityDecriptor
request. This happens because posix_get_nt_acl_common()
has the following logic:
if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) {
... create DACL ...
}
I'm not sure if the logic is correct or wrong in this place (I guess it's
wrong...).
But what I know is that the SMB server should filter the given
security_information flags before passing to the filesystem.
[MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY
...
The server MUST ignore any flag value in the AdditionalInformation field that
is not specified in section 2.2.37.
Section 2.2.37 lists:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION
ATTRIBUTE_SECURITY_INFORMATION
SCOPE_SECURITY_INFORMATION
BACKUP_SECURITY_INFORMATION
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3/smbd/smb2_setinfo.c')
-rw-r--r-- | source3/smbd/smb2_setinfo.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c index 3722697f4d..d95bd3d9b8 100644 --- a/source3/smbd/smb2_setinfo.c +++ b/source3/smbd/smb2_setinfo.c @@ -312,7 +312,8 @@ static struct tevent_req *smbd_smb2_setinfo_send(TALLOC_CTX *mem_ctx, status = set_sd_blob(fsp, in_input_buffer.data, in_input_buffer.length, - in_additional_information); + in_additional_information & + SMB_SUPPORTED_SECINFO_FLAGS); if (!NT_STATUS_IS_OK(status)) { tevent_req_nterror(req, status); return tevent_req_post(req, ev); |