[SCM] Samba Shared Repository - branch v4-15-test updated
Jule Anger
janger at samba.org
Mon Aug 9 12:06:02 UTC 2021
The branch, v4-15-test has been updated
via 4467a0ba7f0 smbd: only open full fd for directories if needed
via 4f3b6f6b311 smbd: drop requirement for full open for READ_CONTROL_ACCESS, WRITE_DAC_ACCESS and WRITE_OWNER_ACCESS
via 9b8e795df6f s3: smbd: Don't leak meta-data about the containing directory of the share root.
via 3acccfc764d s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname->fsp to prevent meta-data leakage.
via fccedb4d94a configure: Do not put arguments into double quotes
from c933b88dbe1 samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry"
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test
- Log -----------------------------------------------------------------
commit 4467a0ba7f0764831827645ae4cca22360d7cb70
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jun 29 12:47:34 2021 +0200
smbd: only open full fd for directories if needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14700
RN: File owner not available when file unreadable
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 2 18:05:04 UTC 2021 on sn-devel-184
(cherry picked from commit 6d928eb1e8ea44f0d0aea4ec9b1b7c385a281193)
Autobuild-User(v4-15-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-15-test): Mon Aug 9 12:05:34 UTC 2021 on sn-devel-184
commit 4f3b6f6b311942e1cf42ed263188384d643f25e6
Author: Ralph Boehme <slow at samba.org>
Date: Sat May 8 21:45:25 2021 +0200
smbd: drop requirement for full open for READ_CONTROL_ACCESS, WRITE_DAC_ACCESS and WRITE_OWNER_ACCESS
This was needed before we had pathref fsps, with pathref fsps we can do
operation requiring WRITE_OWNER_ACCESS, WRITE_DAC_ACCESS and READ_CONTROL_ACCESS
on the pathref fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14700
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e71e373a07e467ff2d2328f39bd2bc285e2ba840)
commit 9b8e795df6f61fdf530d3fe85faea8ae2e3c00e9
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jul 14 19:11:05 2021 -0700
s3: smbd: Don't leak meta-data about the containing directory of the share root.
This is a subtle one. In smbd_dirptr_get_entry() we now
open a pathref fsp on all entries - including "..".
If we're at the root of the share we don't want
a handle to the directory above it, so silently
close the smb_fname->fsp for ".." names to prevent
it from being used to return meta-data to the client
(more than we already have done historically by
calling pathname functions on "..").
The marshalling returned entries and async DOS
code copes with smb_fname->fsp == NULL perfectly
well.
Only in master, but will need fixing for 4.15.rc1
or 2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jul 28 15:07:54 UTC 2021 on sn-devel-184
(cherry picked from commit 2acad27686074029ac83c66b42bb37eea380f449)
commit 3acccfc764df88bd1400bc8da72b2733ca06cdff
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jul 14 21:30:09 2021 -0700
s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname->fsp to prevent meta-data leakage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b004ebb1c62742346b84ecb9d52c783173528fac)
commit fccedb4d94abac9909c2ed00b07af6a207b09590
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 2 17:43:01 2021 +0200
configure: Do not put arguments into double quotes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14777
This could create an issue that arguments don't get split by python and then the
following could happen:
./configure --libdir=/usr/lib64 --enable-clangdb
LIBDIR='/usr/lib64 --enable-clangdb'
This ends then up in parameters.all.xml:
<!ENTITY pathconfig.LIBDIR '/usr/lib64 --enable-clangdb'>
The python parser then errors out:
xml.etree.ElementTree.ParseError: not well-formed (invalid token)
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 3 18:36:37 UTC 2021 on sn-devel-184
(cherry picked from commit e2962b4262fc4a7197a3fcbd010fcfaca781baea)
-----------------------------------------------------------------------
Summary of changes:
configure | 2 +-
source3/smbd/dir.c | 25 +++++++++++++++++++++++++
source3/smbd/dosmode.c | 23 ++++++++++++++---------
source3/smbd/open.c | 31 +++++++++++++++++++++----------
4 files changed, 61 insertions(+), 20 deletions(-)
Changeset truncated at 500 lines:
diff --git a/configure b/configure
index a6ca50feb47..2b0ffb0dae1 100755
--- a/configure
+++ b/configure
@@ -13,5 +13,5 @@ export JOBS
unset LD_PRELOAD
cd . || exit 1
-$PYTHON $WAF configure "$@" || exit 1
+$PYTHON $WAF configure $@ || exit 1
cd $PREVPATH
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 127e4b0d08d..4c807c3f85c 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -946,6 +946,31 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
continue;
}
+ /*
+ * Don't leak metadata about the containing
+ * directory of the share.
+ */
+ if (dirptr_path_is_dot && ISDOTDOT(dname)) {
+ /*
+ * Making a copy here, then freeing
+ * the original will close the smb_fname->fsp.
+ */
+ struct smb_filename *tmp_smb_fname =
+ cp_smb_filename(ctx, smb_fname);
+
+ if (tmp_smb_fname == NULL) {
+ TALLOC_FREE(atname);
+ TALLOC_FREE(smb_fname);
+ TALLOC_FREE(dname);
+ TALLOC_FREE(fname);
+ return false;
+ }
+ TALLOC_FREE(smb_fname);
+ smb_fname = tmp_smb_fname;
+ mode = FILE_ATTRIBUTE_DIRECTORY;
+ get_dosmode = false;
+ }
+
ok = mode_fn(ctx,
private_data,
dirptr->dir_hnd->fsp,
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 43c46867122..99cb8607944 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -814,15 +814,20 @@ struct tevent_req *dos_mode_at_send(TALLOC_CTX *mem_ctx,
}
if (smb_fname->fsp == NULL) {
- /*
- * The pathological case where a caller does
- * dos_mode_at_send() and smb_fname points at a
- * symlink in POSIX context. smb_fname->fsp is NULL.
- *
- * FIXME ? Should we move to returning
- * FILE_ATTRIBUTE_REPARSE_POINT here ?
- */
- state->dosmode = FILE_ATTRIBUTE_NORMAL;
+ if (ISDOTDOT(smb_fname->base_name)) {
+ /*
+ * smb_fname->fsp is explicitly closed
+ * for ".." to prevent meta-data leakage.
+ */
+ state->dosmode = FILE_ATTRIBUTE_DIRECTORY;
+ } else {
+ /*
+ * This is a symlink in POSIX context.
+ * FIXME ? Should we move to returning
+ * FILE_ATTRIBUTE_REPARSE_POINT here ?
+ */
+ state->dosmode = FILE_ATTRIBUTE_NORMAL;
+ }
tevent_req_done(req);
return tevent_req_post(req, ev);
}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index c29662b4fd2..968dd8ecb00 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1279,10 +1279,7 @@ static NTSTATUS open_file(files_struct *fsp,
FILE_WRITE_DATA |
FILE_APPEND_DATA |
FILE_EXECUTE |
- WRITE_DAC_ACCESS |
- WRITE_OWNER_ACCESS |
- SEC_FLAG_SYSTEM_SECURITY |
- READ_CONTROL_ACCESS;
+ SEC_FLAG_SYSTEM_SECURITY;
bool creating = !file_existed && (flags & O_CREAT);
bool truncating = (flags & O_TRUNC);
bool open_fd = false;
@@ -4407,6 +4404,7 @@ static NTSTATUS open_directory(connection_struct *conn,
struct timespec mtimespec;
int info = 0;
bool ok;
+ uint32_t need_fd_access;
if (is_ntfs_stream_smb_fname(smb_dname)) {
DEBUG(2, ("open_directory: %s is a stream name!\n",
@@ -4599,12 +4597,25 @@ static NTSTATUS open_directory(connection_struct *conn,
*/
mtimespec = make_omit_timespec();
- status = reopen_from_fsp(fsp, O_RDONLY|O_DIRECTORY, 0, NULL);
- if (!NT_STATUS_IS_OK(status)) {
- DBG_INFO("Could not open fd for%s (%s)\n",
- smb_fname_str_dbg(smb_dname),
- nt_errstr(status));
- return status;
+ /*
+ * Obviously for FILE_LIST_DIRECTORY we need to reopen to get an fd
+ * usable for reading a directory. SMB2_FLUSH may be called on
+ * directories opened with FILE_ADD_FILE and FILE_ADD_SUBDIRECTORY so
+ * for those we need to reopen as well.
+ */
+ need_fd_access =
+ FILE_LIST_DIRECTORY |
+ FILE_ADD_FILE |
+ FILE_ADD_SUBDIRECTORY;
+
+ if (access_mask & need_fd_access) {
+ status = reopen_from_fsp(fsp, O_RDONLY | O_DIRECTORY, 0, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_INFO("Could not open fd for [%s]: %s\n",
+ smb_fname_str_dbg(smb_dname),
+ nt_errstr(status));
+ return status;
+ }
}
status = vfs_stat_fsp(fsp);
--
Samba Shared Repository
More information about the samba-cvs
mailing list