svn commit: samba r11780 - in branches/SAMBA_4_0/source: libcli/smb2 torture/smb2

tridge at samba.org tridge at samba.org
Fri Nov 18 11:45:25 GMT 2005 

Author: tridge
Date: 2005-11-18 11:45:24 +0000 (Fri, 18 Nov 2005)
New Revision: 11780

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11780

Log:

it turns out that the MxAc tag isn't a security descriptor, its a
request that the server return its own MxAc blob which contains the
maximum allowed access_mask for the returned file handle



Modified:
   branches/SAMBA_4_0/source/libcli/smb2/create.c
   branches/SAMBA_4_0/source/libcli/smb2/request.c
   branches/SAMBA_4_0/source/libcli/smb2/smb2_calls.h
   branches/SAMBA_4_0/source/torture/smb2/util.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/smb2/create.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/smb2/create.c	2005-11-18 11:40:03 UTC (rev 11779)
+++ branches/SAMBA_4_0/source/libcli/smb2/create.c	2005-11-18 11:45:24 UTC (rev 11780)
@@ -25,8 +25,8 @@
 #include "libcli/smb2/smb2.h"
 #include "libcli/smb2/smb2_calls.h"
 
-#define CREATE_TAG_EA 0x41747845 /* "ExtA" */
-#define CREATE_TAG_SD 0x6341784D /* "MxAc" */
+#define CREATE_TAG_EXTA 0x41747845 /* "ExtA" */
+#define CREATE_TAG_MXAC 0x6341784D /* "MxAc" */
 
 /*
   add a blob to a smb2_create attribute blob
@@ -37,13 +37,14 @@
 {
 	NTSTATUS status;
 	uint32_t ofs = blob->length;
-	status = data_blob_realloc(mem_ctx, blob, blob->length + 0x18 + add.length);
+	uint8_t pad = smb2_padding_size(add.length, 8);
+	status = data_blob_realloc(mem_ctx, blob, blob->length + 0x18 + add.length + pad);
 	NT_STATUS_NOT_OK_RETURN(status);
 	
 	if (last) {
 		SIVAL(blob->data, ofs+0x00, 0);
 	} else {
-		SIVAL(blob->data, ofs+0x00, 0x18 + add.length);
+		SIVAL(blob->data, ofs+0x00, 0x18 + add.length + pad);
 	}
 	SSVAL(blob->data, ofs+0x04, 0x10); /* offset of tag */
 	SIVAL(blob->data, ofs+0x06, 0x04); /* tag length */
@@ -52,6 +53,7 @@
 	SIVAL(blob->data, ofs+0x10, tag);
 	SIVAL(blob->data, ofs+0x14, 0); /* pad? */
 	memcpy(blob->data+ofs+0x18, add.data, add.length);
+	memset(blob->data+ofs+0x18+add.length, 0, pad);
 
 	return NT_STATUS_OK;
 }
@@ -90,7 +92,7 @@
 		DATA_BLOB b = data_blob_talloc(req, NULL, 
 					       ea_list_size_chained(io->in.eas.num_eas, io->in.eas.eas));
 		ea_put_list_chained(b.data, io->in.eas.num_eas, io->in.eas.eas);
-		status = smb2_create_blob_add(req, &blob, CREATE_TAG_EA, b, False);
+		status = smb2_create_blob_add(req, &blob, CREATE_TAG_EXTA, b, False);
 		if (!NT_STATUS_IS_OK(status)) {
 			talloc_free(req);
 			return NULL;
@@ -98,18 +100,9 @@
 		data_blob_free(&b);
 	}
 
-	if (io->in.sd != NULL) {
-		DATA_BLOB b;
-		status = ndr_push_struct_blob(&b, req, io->in.sd,
-					      (ndr_push_flags_fn_t)ndr_push_security_descriptor);
-		if (!NT_STATUS_IS_OK(status)) {
-			talloc_free(req);
-			return NULL;
-		}
-		status = smb2_create_blob_add(req, &blob, CREATE_TAG_SD, b, True);
-	} else {
-		status = smb2_create_blob_add(req, &blob, CREATE_TAG_SD, data_blob(NULL, 0), True);
-	}
+	/* an empty MxAc tag seems to be used to ask the server to
+	   return the maximum access mask allowed on the file */
+	status = smb2_create_blob_add(req, &blob, CREATE_TAG_MXAC, data_blob(NULL, 0), True);
 
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(req);

Modified: branches/SAMBA_4_0/source/libcli/smb2/request.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/smb2/request.c	2005-11-18 11:40:03 UTC (rev 11779)
+++ branches/SAMBA_4_0/source/libcli/smb2/request.c	2005-11-18 11:45:24 UTC (rev 11780)
@@ -181,7 +181,7 @@
 	return False;
 }
 
-static size_t smb2_padding_size(uint32_t offset, size_t n)
+size_t smb2_padding_size(uint32_t offset, size_t n)
 {
 	if ((offset & (n-1)) == 0) return 0;
 	return n - (offset & (n-1));

Modified: branches/SAMBA_4_0/source/libcli/smb2/smb2_calls.h
===================================================================
--- branches/SAMBA_4_0/source/libcli/smb2/smb2_calls.h	2005-11-18 11:40:03 UTC (rev 11779)
+++ branches/SAMBA_4_0/source/libcli/smb2/smb2_calls.h	2005-11-18 11:45:24 UTC (rev 11780)
@@ -130,10 +130,8 @@
 		/* dynamic body */
 		const char *fname;
 
-		/* optional list of extended attributes and security
-		   descriptor */
+		/* optional list of extended attributes */
 		struct smb_ea_list eas;
-		struct security_descriptor *sd;
 	} in;
 
 	struct {

Modified: branches/SAMBA_4_0/source/torture/smb2/util.c
===================================================================
--- branches/SAMBA_4_0/source/torture/smb2/util.c	2005-11-18 11:40:03 UTC (rev 11779)
+++ branches/SAMBA_4_0/source/torture/smb2/util.c	2005-11-18 11:45:24 UTC (rev 11780)
@@ -103,7 +103,7 @@
 
 	smb2_util_unlink(tree, fname);
 	ZERO_STRUCT(io);
-	io.in.access_mask = SEC_RIGHTS_FILE_ALL;
+	io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 	io.in.file_attr   = FILE_ATTRIBUTE_NORMAL;
 	io.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF;
 	io.in.share_access = 
@@ -119,18 +119,6 @@
 		io.in.open_disposition = NTCREATEX_DISP_CREATE;
 	}
 
-	io.in.sd = security_descriptor_create(tmp_ctx,
-					      NULL, NULL,
-					      SID_NT_AUTHENTICATED_USERS,
-					      SEC_ACE_TYPE_ACCESS_ALLOWED,
-					      SEC_RIGHTS_FILE_ALL | SEC_STD_ALL,
-					      0,
-					      SID_WORLD,
-					      SEC_ACE_TYPE_ACCESS_ALLOWED,
-					      SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
-					      0,
-					      NULL);
-
 	if (strchr(fname, ':') == NULL) {
 		/* setup some EAs */
 		io.in.eas.num_eas = 2;

More information about the samba-cvs mailing list