[SCM] Samba Shared Repository - branch master updated

Tue Oct 17 09:49:02 UTC 2017

The branch, master has been updated
       via  a3cc2fe s3/smbd: use correct access in get_file_handle_for_metadata
       via  143d262 s3/smbd: fix access checks in set_ea_dos_attribute()
       via  fbad642 s3/smbd: README.Coding fixes in set_ea_dos_attribute
      from  7917f97 vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a3cc2fedab37134edd401b88087e20881c4ea18f
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Aug 29 16:08:06 2017 +0200

    s3/smbd: use correct access in get_file_handle_for_metadata
    
    All we want here is FILE_WRITE_ATTRIBUTES, not FILE_WRITE_DATA.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Tue Oct 17 11:48:09 CEST 2017 on sn-devel-144

commit 143d26283dad8422fba557de311c304f0093d647
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Aug 29 15:55:19 2017 +0200

    s3/smbd: fix access checks in set_ea_dos_attribute()
    
    We wanted to set the DOS attributes and failed with permission denied
    from the VFS/kernel/filesystem. Next thing we wanna do here is override
    this if either
    
    - "dos filemode = true" is set and the security descriptor gives the
      user write access or if
    
    - the stored security descriptor has FILE_WRITE_ATTRIBUTES
    
    The former was working, but the latter was not implemented at all.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit fbad64200e0199acb644d83073234b2f6c200fce
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Oct 12 15:41:01 2017 +0200

    s3/smbd: README.Coding fixes in set_ea_dos_attribute
    
    While I'm at it, some README.Coding fixes in set_ea_dos_attribute.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/dosmode.c | 35 +++++++++++++++++++++++++----------
 1 file changed, 25 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 3181f2e..8a11c8f 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -415,6 +415,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
 	struct xattr_DOSATTRIB dosattrib;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
+	int ret;
 
 	if (!lp_store_dos_attributes(SNUM(conn))) {
 		return NT_STATUS_NOT_IMPLEMENTED;
@@ -456,14 +457,16 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (SMB_VFS_SETXATTR(conn, smb_fname,
-			     SAMBA_XATTR_DOS_ATTRIB, blob.data, blob.length,
-			     0) == -1) {
+	ret = SMB_VFS_SETXATTR(conn, smb_fname,
+			       SAMBA_XATTR_DOS_ATTRIB,
+			       blob.data, blob.length, 0);
+	if (ret != 0) {
 		NTSTATUS status = NT_STATUS_OK;
 		bool need_close = false;
 		files_struct *fsp = NULL;
+		bool set_dosmode_ok = false;
 
-		if((errno != EPERM) && (errno != EACCES)) {
+		if ((errno != EPERM) && (errno != EACCES)) {
 			DBG_INFO("Cannot set "
 				 "attribute EA on file %s: Error = %s\n",
 				 smb_fname_str_dbg(smb_fname), strerror(errno));
@@ -475,10 +478,21 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
 		*/
 
 		/* Check if we have write access. */
-		if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
+		if (!CAN_WRITE(conn)) {
 			return NT_STATUS_ACCESS_DENIED;
+		}
 
-		if (!can_write_to_file(conn, smb_fname)) {
+		status = smbd_check_access_rights(conn, smb_fname, false,
+						  FILE_WRITE_ATTRIBUTES);
+		if (NT_STATUS_IS_OK(status)) {
+			set_dosmode_ok = true;
+		}
+
+		if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) {
+			set_dosmode_ok = can_write_to_file(conn, smb_fname);
+		}
+
+		if (!set_dosmode_ok) {
 			return NT_STATUS_ACCESS_DENIED;
 		}
 
@@ -496,9 +510,10 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
 		}
 
 		become_root();
-		if (SMB_VFS_FSETXATTR(fsp,
-				     SAMBA_XATTR_DOS_ATTRIB, blob.data,
-				     blob.length, 0) == 0) {
+		ret = SMB_VFS_FSETXATTR(fsp,
+					SAMBA_XATTR_DOS_ATTRIB,
+					blob.data, blob.length, 0);
+		if (ret == 0) {
 			status = NT_STATUS_OK;
 		}
 		unbecome_root();
@@ -1152,7 +1167,7 @@ static NTSTATUS get_file_handle_for_metadata(connection_struct *conn,
 		NULL,                                   /* req */
 		0,                                      /* root_dir_fid */
 		smb_fname_cp,				/* fname */
-		FILE_WRITE_DATA,                        /* access_mask */
+		FILE_WRITE_ATTRIBUTES,			/* access_mask */
 		(FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
 			FILE_SHARE_DELETE),
 		FILE_OPEN,                              /* create_disposition*/


-- 
Samba Shared Repository

