diff options
| author | Jeremy Allison <jra@samba.org> | 2013-10-28 16:59:20 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2013-11-04 12:10:18 -0800 |
| commit | 60f922bf1bd8816eacbb32c24793ad1f97a1d9f2 (patch) | |
| tree | 9acff2a89887e28e1281e0d9827332d193381718 /source3/smbd | |
| parent | 4061954990dfa0f898f278a536a9f0995d774a00 (diff) | |
| download | samba-60f922bf1bd8816eacbb32c24793ad1f97a1d9f2.tar.gz samba-60f922bf1bd8816eacbb32c24793ad1f97a1d9f2.tar.xz samba-60f922bf1bd8816eacbb32c24793ad1f97a1d9f2.zip | |
Fix bug #10229 - No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10229
We need to check if the requested access mask
could be used to open the underlying file (if
it existed), as we're passing in zero for the
access mask to the base filename.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/open.c | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 4db673acd3..105eb09530 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -302,6 +302,46 @@ static NTSTATUS check_parent_access(struct connection_struct *conn, } /**************************************************************************** + Ensure when opening a base file for a stream open that we have permissions + to do so given the access mask on the base file. +****************************************************************************/ + +static NTSTATUS check_base_file_access(struct connection_struct *conn, + struct smb_filename *smb_fname, + uint32_t access_mask) +{ + NTSTATUS status; + + status = smbd_calculate_access_mask(conn, smb_fname, + false, + access_mask, + &access_mask); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("smbd_calculate_access_mask " + "on file %s returned %s\n", + smb_fname_str_dbg(smb_fname), + nt_errstr(status))); + return status; + } + + if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) { + uint32_t dosattrs; + if (!CAN_WRITE(conn)) { + return NT_STATUS_ACCESS_DENIED; + } + dosattrs = dos_mode(conn, smb_fname); + if (IS_DOS_READONLY(dosattrs)) { + return NT_STATUS_ACCESS_DENIED; + } + } + + return smbd_check_access_rights(conn, + smb_fname, + false, + access_mask); +} + +/**************************************************************************** fd support routines - attempt to do a dos_open. ****************************************************************************/ @@ -3795,6 +3835,25 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, if (SMB_VFS_STAT(conn, smb_fname_base) == -1) { DEBUG(10, ("Unable to stat stream: %s\n", smb_fname_str_dbg(smb_fname_base))); + } else { + /* + * https://bugzilla.samba.org/show_bug.cgi?id=10229 + * We need to check if the requested access mask + * could be used to open the underlying file (if + * it existed), as we're passing in zero for the + * access mask to the base filename. + */ + status = check_base_file_access(conn, + smb_fname_base, + access_mask); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("Permission check " + "for base %s failed: " + "%s\n", smb_fname->base_name, + nt_errstr(status))); + goto fail; + } } /* Open the base file. */ |