[SCM] Samba Shared Repository - branch master updated

Wed Nov 6 19:32:02 UTC 2019

The branch, master has been updated
       via  b749c923373 s3: smbd: SMB1 UNIX extensions - remove dead code.
       via  b784aee40ff s3: smbd: SMB1 UNIX extensions - POSIX mknod should just create the object, not change attributes after.
       via  d8567d46bd7 s3: smbd: SMB1 UNIX extensions - only allow size change on regular file.
       via  4b25299c0d0 3: smbd: SMB1 UNIX extensions - For POSIX mknod we can only create blk/chr/fifo/sock objects.
       via  4ca0fcb2d4e s3: smbd: SMB1 UNIX extensions - Ensure POSIX mknod is root-only.
      from  35bb734d638 bootstrap: Fix centos7 image creation

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b749c923373c7ccdc68ba2aed42c614e6a11d353
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 15 13:28:11 2019 -0700

    s3: smbd: SMB1 UNIX extensions - remove dead code.
    
    We no longer set delete_on_fail on return from mknod.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Wed Nov  6 19:31:00 UTC 2019 on sn-devel-184

commit b784aee40ffceae8332ff3aaa74c20539857ded6
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 15 13:39:00 2019 -0700

    s3: smbd: SMB1 UNIX extensions - POSIX mknod should just create the object, not change attributes after.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

commit d8567d46bd7e371de83e4d1ee1592639eb6f0c06
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 15 15:04:39 2019 -0700

    s3: smbd: SMB1 UNIX extensions - only allow size change on regular file.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

commit 4b25299c0d00b23c22be1e2a4eed3be5572e623a
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 15 13:35:44 2019 -0700

    3: smbd: SMB1 UNIX extensions - For POSIX mknod we can only create blk/chr/fifo/sock objects.
    
    Fail requests to create other object types.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

commit 4ca0fcb2d4eec29fc75a285947a77974a0555bea
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 15 13:25:14 2019 -0700

    s3: smbd: SMB1 UNIX extensions - Ensure POSIX mknod is root-only.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/trans2.c | 78 +++++++++++++++------------------------------------
 1 file changed, 23 insertions(+), 55 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index bc4b3934c83..d5000e83cb1 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -8016,6 +8016,11 @@ static NTSTATUS smb_unix_mknod(connection_struct *conn,
 #endif
 
 	switch (file_type) {
+		/* We can't create other objects here. */
+		case UNIX_TYPE_FILE:
+		case UNIX_TYPE_DIR:
+		case UNIX_TYPE_SYMLINK:
+			return NT_STATUS_ACCESS_DENIED;
 #if defined(S_IFIFO)
 		case UNIX_TYPE_FIFO:
 			unixmode |= S_IFIFO;
@@ -8028,11 +8033,18 @@ static NTSTATUS smb_unix_mknod(connection_struct *conn,
 #endif
 #if defined(S_IFCHR)
 		case UNIX_TYPE_CHARDEV:
+			/* This is only allowed for root. */
+			if (get_current_uid(conn) != sec_initial_uid()) {
+				return NT_STATUS_ACCESS_DENIED;
+			}
 			unixmode |= S_IFCHR;
 			break;
 #endif
 #if defined(S_IFBLK)
 		case UNIX_TYPE_BLKDEV:
+			if (get_current_uid(conn) != sec_initial_uid()) {
+				return NT_STATUS_ACCESS_DENIED;
+			}
 			unixmode |= S_IFBLK;
 			break;
 #endif
@@ -8091,12 +8103,10 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
 	uid_t set_owner = (uid_t)SMB_UID_NO_CHANGE;
 	gid_t set_grp = (uid_t)SMB_GID_NO_CHANGE;
 	NTSTATUS status = NT_STATUS_OK;
-	bool delete_on_fail = False;
 	enum perm_type ptype;
 	files_struct *all_fsps = NULL;
 	bool modify_mtime = true;
 	struct file_id id;
-	struct smb_filename *smb_fname_tmp = NULL;
 	SMB_STRUCT_STAT sbuf;
 
 	ZERO_STRUCT(ft);
@@ -8148,42 +8158,10 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
 		 * a new info level should be used for mknod. JRA.
 		 */
 
-		status = smb_unix_mknod(conn,
+		return smb_unix_mknod(conn,
 					pdata,
 					total_data,
 					smb_fname);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
-
-		smb_fname_tmp = cp_smb_filename(talloc_tos(), smb_fname);
-		if (smb_fname_tmp == NULL) {
-			return NT_STATUS_NO_MEMORY;
-		}
-
-		if (SMB_VFS_STAT(conn, smb_fname_tmp) != 0) {
-			status = map_nt_error_from_unix(errno);
-			TALLOC_FREE(smb_fname_tmp);
-			SMB_VFS_UNLINKAT(conn,
-				conn->cwd_fsp,
-				smb_fname,
-				0);
-			return status;
-		}
-
-		sbuf = smb_fname_tmp->st;
-		smb_fname = smb_fname_tmp;
-
-		/* Ensure we don't try and change anything else. */
-		raw_unixmode = SMB_MODE_NO_CHANGE;
-		size = get_file_size_stat(&sbuf);
-		ft.atime = sbuf.st_ex_atime;
-		ft.mtime = sbuf.st_ex_mtime;
-		/* 
-		 * We continue here as we might want to change the 
-		 * owner uid/gid.
-		 */
-		delete_on_fail = True;
 	}
 
 #if 1
@@ -8243,12 +8221,6 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
 
 		if (ret != 0) {
 			status = map_nt_error_from_unix(errno);
-			if (delete_on_fail) {
-				SMB_VFS_UNLINKAT(conn,
-					conn->cwd_fsp,
-					smb_fname,
-					0);
-			}
 			return status;
 		}
 	}
@@ -8277,26 +8249,22 @@ static NTSTATUS smb_set_file_unix_basic(connection_struct *conn,
 		}
 		if (ret != 0) {
 			status = map_nt_error_from_unix(errno);
-			if (delete_on_fail) {
-				SMB_VFS_UNLINKAT(conn,
-					conn->cwd_fsp,
-					smb_fname,
-					0);
-			}
 			return status;
 		}
 	}
 
 	/* Deal with any size changes. */
 
-	status = smb_set_file_size(conn, req,
-				   fsp,
-				   smb_fname,
-				   &sbuf,
-				   size,
-				   false);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+	if (S_ISREG(sbuf.st_ex_mode)) {
+		status = smb_set_file_size(conn, req,
+					   fsp,
+					   smb_fname,
+					   &sbuf,
+					   size,
+					   false);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	}
 
 	/* Deal with any time changes. */


-- 
Samba Shared Repository

