[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Aug 29 18:21:01 UTC 2022
The branch, master has been updated
via 772319412df smbd: fix opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
via 169d8fe4a95 smbd: cache DOS attributes in struct smb_filename.cached_dos_attributes
via 9da1e7a4041 smbd: update smb_fname->st btime with the rounded value with NTTIME granularity
via 5ed188e492c smbd: remove const from smb_fname arg of set_ea_dos_attribute()
via e3d883c0b1c smbtorture: add a test opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
via c73d666e5ab smbtorture: turn maximum_allowed test into a test suite
via 12e0c579785 smbtorture: close handle and delete file in tree_base()
from 0d5016fb3a9 s3: smbd: parse_dfs_path() - Fix comment explaining where this is called from and with what kind of path.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 772319412df7804236e1cc06056474469bcdcb66
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 19 12:02:43 2022 +0200
smbd: fix opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Aug 29 18:20:20 UTC 2022 on sn-devel-184
commit 169d8fe4a956c98da9558ccef9b1c90ea6a841e4
Author: Ralph Boehme <slow at samba.org>
Date: Wed Aug 24 11:40:41 2022 +0200
smbd: cache DOS attributes in struct smb_filename.cached_dos_attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9da1e7a4041a9f4258e23e70230bd75c60c55490
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 21 13:39:02 2022 +0200
smbd: update smb_fname->st btime with the rounded value with NTTIME granularity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5ed188e492cfca9fef9266aa66041726f3ab6de5
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 21 13:38:16 2022 +0200
smbd: remove const from smb_fname arg of set_ea_dos_attribute()
We need to update the btime of fsp->fsp_name->st.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e3d883c0b1caf13596dc8a18a8a108e3e48e7543
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 19 11:01:31 2022 +0200
smbtorture: add a test opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
Passes against Windows, currently fails against Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
RN: Requesting maximum allowed permission of file with DOS read-only attribute results in access denied error
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c73d666e5abe8717a5ea333a6dae3619d9621d48
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 19 10:45:10 2022 +0200
smbtorture: turn maximum_allowed test into a test suite
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 12e0c579785b84a99ad6f1877aa1c45391aba60e
Author: Ralph Boehme <slow at samba.org>
Date: Sun Aug 21 18:55:29 2022 +0200
smbtorture: close handle and delete file in tree_base()
Otherwise the session might still be around with the open handle when the next
test starts and then fails to delete the testfile.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smb_constants.h | 1 +
selftest/knownfail | 2 +-
source3/include/includes.h | 1 +
source3/include/vfs.h | 1 +
source3/smbd/dosmode.c | 21 ++++++++-----
source3/smbd/files.c | 6 ++++
source3/smbd/open.c | 6 ++++
source3/smbd/proto.h | 2 +-
source4/torture/rpc/fsrvp.c | 5 ++++
source4/torture/smb2/max_allowed.c | 60 ++++++++++++++++++++++++++++++++++++--
source4/torture/smb2/smb2.c | 2 +-
11 files changed, 95 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h
index a043cbc883e..862bf49861b 100644
--- a/libcli/smb/smb_constants.h
+++ b/libcli/smb/smb_constants.h
@@ -329,6 +329,7 @@ enum csc_policy {
#define FLAGS2_UNICODE_STRINGS 0x8000
/* FileAttributes (search attributes) field */
+#define FILE_ATTRIBUTES_INVALID 0x0000L
#define FILE_ATTRIBUTE_READONLY 0x0001L
#define FILE_ATTRIBUTE_HIDDEN 0x0002L
#define FILE_ATTRIBUTE_SYSTEM 0x0004L
diff --git a/selftest/knownfail b/selftest/knownfail
index 82dd7e1e8b4..f130d2dc3c5 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -118,7 +118,7 @@
^samba4.smb2.charset.*.Testing partial surrogate # This test is currently broken
^samba3.smb2.charset.*.Testing partial surrogate # This test is currently broken
^samba4.*.base.maximum_allowed # broken until we implement NTCREATEX_OPTIONS_BACKUP_INTENT
-^samba..*.smb2.maximum_allowed
+^samba..*.smb2.maximum_allowed.maximum_allowed
.*net.api.delshare.* # DelShare isn't implemented yet
^samba4.smb2.oplock.doc
^samba4.smb2.lock.valid-request
diff --git a/source3/include/includes.h b/source3/include/includes.h
index bb93aad02a0..27ce2074a72 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -201,6 +201,7 @@ struct stat_ex {
struct timespec st_ex_mtime;
struct timespec st_ex_ctime;
struct timespec st_ex_btime; /* birthtime */
+ uint32_t cached_dos_attributes;
blksize_t st_ex_blksize;
blkcnt_t st_ex_blocks;
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 33623969ef3..fc7afccfdb3 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -376,6 +376,7 @@
* Version 47 - Change SMB_VFS_OPENAT() to match the Linux openat2 prototype, add vfs_open_how
* Version 47 - Add VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS for SMB_VFS_OPENAT()
* Change to Version 48 - will ship with 4.18
+ * Version 48 - Add cached_dos_attributes to struct stat_ex
*/
#define SMB_VFS_INTERFACE_VERSION 48
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index cb3cdc568bd..40fe7b5166a 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -407,12 +407,13 @@ NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp,
****************************************************************************/
NTSTATUS set_ea_dos_attribute(connection_struct *conn,
- const struct smb_filename *smb_fname,
+ struct smb_filename *smb_fname,
uint32_t dosmode)
{
struct xattr_DOSATTRIB dosattrib;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
+ struct timespec btime;
int ret;
if (!lp_store_dos_attributes(SNUM(conn))) {
@@ -515,11 +516,11 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
* We correctly stored the create time.
* We *always* set XATTR_DOSINFO_CREATE_TIME,
* so now it can no longer be considered
- * calculated.
+ * calculated. Make sure to use the value rounded
+ * to NTTIME granularity we've stored in the xattr.
*/
- update_stat_ex_create_time(
- &smb_fname->fsp->fsp_name->st,
- smb_fname->st.st_ex_btime);
+ btime = nt_time_to_full_timespec(dosattrib.info.info5.create_time);
+ update_stat_ex_create_time(&smb_fname->st, btime);
DEBUG(10,("set_ea_dos_attribute: set EA 0x%x on file %s\n",
(unsigned int)dosmode,
@@ -726,6 +727,10 @@ uint32_t fdos_mode(struct files_struct *fsp)
return FILE_ATTRIBUTE_NORMAL;
}
+ if (fsp->fsp_name->st.cached_dos_attributes != FILE_ATTRIBUTES_INVALID) {
+ return fsp->fsp_name->st.cached_dos_attributes;
+ }
+
/* Get the DOS attributes via the VFS if we can */
status = vfs_fget_dos_attributes(fsp, &result);
if (!NT_STATUS_IS_OK(status)) {
@@ -737,8 +742,8 @@ uint32_t fdos_mode(struct files_struct *fsp)
}
}
- result = dos_mode_post(result, fsp, __func__);
- return result;
+ fsp->fsp_name->st.cached_dos_attributes = dos_mode_post(result, fsp, __func__);
+ return fsp->fsp_name->st.cached_dos_attributes;
}
struct dos_mode_at_state {
@@ -939,6 +944,7 @@ int file_set_dosmode(connection_struct *conn,
}
if (NT_STATUS_IS_OK(status)) {
+ smb_fname->st.cached_dos_attributes = dosmode;
ret = 0;
goto done;
}
@@ -1146,6 +1152,7 @@ NTSTATUS file_set_sparse(connection_struct *conn,
FILE_NOTIFY_CHANGE_ATTRIBUTES,
fsp->fsp_name->base_name);
+ fsp->fsp_name->st.cached_dos_attributes = new_dosmode;
fsp->fsp_flags.is_sparse = sparse;
return NT_STATUS_OK;
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index b494a8b789a..095a01723b1 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -1843,6 +1843,7 @@ files_struct *file_fsp(struct smb_request *req, uint16_t fid)
}
req->chain_fsp = fsp;
+ fsp->fsp_name->st.cached_dos_attributes = FILE_ATTRIBUTES_INVALID;
return fsp;
}
@@ -1889,6 +1890,8 @@ struct files_struct *file_fsp_get(struct smbd_smb2_request *smb2req,
return NULL;
}
+ fsp->fsp_name->st.cached_dos_attributes = FILE_ATTRIBUTES_INVALID;
+
return fsp;
}
@@ -1902,6 +1905,8 @@ struct files_struct *file_fsp_smb2(struct smbd_smb2_request *smb2req,
if (smb2req->compat_chain_fsp->fsp_flags.closing) {
return NULL;
}
+ smb2req->compat_chain_fsp->fsp_name->st.cached_dos_attributes =
+ FILE_ATTRIBUTES_INVALID;
return smb2req->compat_chain_fsp;
}
@@ -2027,6 +2032,7 @@ static NTSTATUS fsp_attach_smb_fname(struct files_struct *fsp,
fsp->name_hash = name_hash;
fsp->fsp_name = smb_fname_new;
+ fsp->fsp_name->st.cached_dos_attributes = FILE_ATTRIBUTES_INVALID;
*_smb_fname = NULL;
return NT_STATUS_OK;
}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 3dd9f69b8cc..db0cb47d34d 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3269,6 +3269,7 @@ static NTSTATUS smbd_calculate_maximum_allowed_access_fsp(
{
struct security_descriptor *sd = NULL;
uint32_t access_granted = 0;
+ uint32_t dosattrs;
NTSTATUS status;
/* Cope with symlinks */
@@ -3345,6 +3346,11 @@ static NTSTATUS smbd_calculate_maximum_allowed_access_fsp(
}
}
+ dosattrs = fdos_mode(fsp);
+ if (IS_DOS_READONLY(dosattrs) || !CAN_WRITE(fsp->conn)) {
+ *p_access_mask &= ~(FILE_GENERIC_WRITE | DELETE_ACCESS);
+ }
+
return NT_STATUS_OK;
}
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 632ef45ffdf..a0870089925 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -287,7 +287,7 @@ bool set_sticky_write_time_fsp(struct files_struct *fsp,
NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp,
uint32_t *pattr);
NTSTATUS set_ea_dos_attribute(connection_struct *conn,
- const struct smb_filename *smb_fname,
+ struct smb_filename *smb_fname,
uint32_t dosmode);
NTSTATUS set_create_timespec_ea(struct files_struct *fsp,
diff --git a/source4/torture/rpc/fsrvp.c b/source4/torture/rpc/fsrvp.c
index 63b03f920d5..1b389477a8c 100644
--- a/source4/torture/rpc/fsrvp.c
+++ b/source4/torture/rpc/fsrvp.c
@@ -692,6 +692,11 @@ static bool test_fsrvp_enum_created(struct torture_context *tctx,
"count");
torture_assert_int_equal(tctx, count, 2, "num snaps");
+ smb2_util_close(tree_base, base_fh);
+ ZERO_STRUCT(base_fh);
+
+ smb2_util_unlink(tree_base, FNAME);
+
talloc_free(tmp_ctx);
return true;
diff --git a/source4/torture/smb2/max_allowed.c b/source4/torture/smb2/max_allowed.c
index e68b0ff25d7..af8b08ac9a9 100644
--- a/source4/torture/smb2/max_allowed.c
+++ b/source4/torture/smb2/max_allowed.c
@@ -27,8 +27,8 @@
#include "torture/smb2/proto.h"
#define MAXIMUM_ALLOWED_FILE "torture_maximum_allowed"
-bool torture_smb2_maximum_allowed(struct torture_context *tctx,
- struct smb2_tree *tree)
+static bool torture_smb2_maximum_allowed(struct torture_context *tctx,
+ struct smb2_tree *tree)
{
struct security_descriptor *sd = NULL, *sd_orig = NULL;
struct smb2_create io = {0};
@@ -190,3 +190,59 @@ bool torture_smb2_maximum_allowed(struct torture_context *tctx,
talloc_free(mem_ctx);
return ret;
}
+
+static bool torture_smb2_read_only_file(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ struct smb2_create c;
+ struct smb2_handle h = {{0}};
+ bool ret = true;
+ NTSTATUS status;
+
+ smb2_deltree(tree, MAXIMUM_ALLOWED_FILE);
+
+ c = (struct smb2_create) {
+ .in.desired_access = SEC_RIGHTS_FILE_ALL,
+ .in.file_attributes = FILE_ATTRIBUTE_READONLY,
+ .in.create_disposition = NTCREATEX_DISP_CREATE,
+ .in.fname = MAXIMUM_ALLOWED_FILE,
+ };
+
+ status = smb2_create(tree, tctx, &c);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create failed\n");
+ h = c.out.file.handle;
+ smb2_util_close(tree, h);
+ ZERO_STRUCT(h);
+
+ c = (struct smb2_create) {
+ .in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED,
+ .in.file_attributes = FILE_ATTRIBUTE_READONLY,
+ .in.create_disposition = NTCREATEX_DISP_OPEN,
+ .in.fname = MAXIMUM_ALLOWED_FILE,
+ };
+
+ status = smb2_create(tree, tctx, &c);
+ torture_assert_ntstatus_ok_goto(
+ tctx, status, ret, done,
+ "Failed to open READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED\n");
+ h = c.out.file.handle;
+ smb2_util_close(tree, h);
+ ZERO_STRUCT(h);
+
+done:
+ if (!smb2_util_handle_empty(h)) {
+ smb2_util_close(tree, h);
+ }
+ smb2_deltree(tree, MAXIMUM_ALLOWED_FILE);
+ return ret;
+}
+
+struct torture_suite *torture_smb2_max_allowed(TALLOC_CTX *ctx)
+{
+ struct torture_suite *suite = torture_suite_create(ctx, "maximum_allowed");
+
+ torture_suite_add_1smb2_test(suite, "maximum_allowed", torture_smb2_maximum_allowed);
+ torture_suite_add_1smb2_test(suite, "read_only", torture_smb2_read_only_file);
+ return suite;
+}
diff --git a/source4/torture/smb2/smb2.c b/source4/torture/smb2/smb2.c
index 85c51c2e890..458561adac3 100644
--- a/source4/torture/smb2/smb2.c
+++ b/source4/torture/smb2/smb2.c
@@ -205,7 +205,7 @@ NTSTATUS torture_smb2_init(TALLOC_CTX *ctx)
torture_suite_add_1smb2_test(suite, "winattr", torture_smb2_winattrtest);
torture_suite_add_1smb2_test(suite, "sdread", torture_smb2_sdreadtest);
torture_suite_add_suite(suite, torture_smb2_readwrite_init(suite));
- torture_suite_add_1smb2_test(suite, "maximum_allowed", torture_smb2_maximum_allowed);
+ torture_suite_add_suite(suite, torture_smb2_max_allowed(suite));
torture_suite_add_1smb2_test(suite, "mangle", torture_smb2_mangle);
torture_suite_add_1smb2_test(suite, "tcon", run_tcon_test);
torture_suite_add_1smb2_test(suite, "mkdir", torture_smb2_mkdir);
--
Samba Shared Repository
More information about the samba-cvs
mailing list