[SCM] Samba Shared Repository - branch v4-16-test updated
Jule Anger
janger at samba.org
Mon Dec 5 11:04:01 UTC 2022
The branch, v4-16-test has been updated
via 885e3fc12de smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories
via 8c2f27d442f torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory
from 7edddbc684c CVE-2022-42898: HEIMDAL: lib/krb5: fix _krb5_get_int64 on systems where 'unsigned long' is just 32-bit
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test
- Log -----------------------------------------------------------------
commit 885e3fc12de55e56e6170be4456101bda09d8a17
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 22 07:31:52 2022 +0100
smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories
Cf MS-FSA 2.1.5.14.2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Nov 28 10:14:12 UTC 2022 on sn-devel-184
(cherry picked from commit 535a08dfc4c045d7b0c0ed335f76b5d560dd7bbd)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Dec 5 11:03:30 UTC 2022 on sn-devel-184
commit 8c2f27d442f49453079f6037a54e6a02cc276573
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 22 10:45:35 2022 +0100
torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit fdb19ce8aa189f6cfbd2d1fd7ed6fe809ba93cf3)
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 1 +
source3/smbd/dosmode.c | 7 +++++++
source4/torture/smb2/create.c | 47 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 55 insertions(+)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index a630270e5f0..7851ec397a0 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -146,6 +146,7 @@
^samba4.smb2.create.*.acldir
^samba4.smb2.create.*.impersonation
^samba4.smb2.create.quota-fake-file\(ad_dc_ntvfs\) # not supported by the NTVFS
+^samba4.smb2.create.dosattr_tmp_dir\(ad_dc_ntvfs\)
^samba4.smb2.acls.*.generic
^samba4.smb2.acls.*.inheritflags
^samba4.smb2.acls.*.owner
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index c97cdb65d93..0ae2c959220 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -940,6 +940,13 @@ int file_set_dosmode(connection_struct *conn,
return -1;
}
+ if ((S_ISDIR(smb_fname->st.st_ex_mode)) &&
+ (dosmode & FILE_ATTRIBUTE_TEMPORARY))
+ {
+ errno = EINVAL;
+ return -1;
+ }
+
dosmode &= SAMBA_ATTRIBUTES_MASK;
DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n",
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
index 94dbae917fd..956224b5b08 100644
--- a/source4/torture/smb2/create.c
+++ b/source4/torture/smb2/create.c
@@ -3059,6 +3059,52 @@ static bool test_fileid_unique_dir(
return test_fileid_unique_object(tctx, tree, 100, true);
}
+static bool test_dosattr_tmp_dir(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ bool ret = true;
+ NTSTATUS status;
+ struct smb2_create c;
+ struct smb2_handle h1 = {{0}};
+ const char *fname = DNAME;
+
+ smb2_deltree(tree, fname);
+ smb2_util_rmdir(tree, fname);
+
+ c = (struct smb2_create) {
+ .in.desired_access = SEC_RIGHTS_DIR_ALL,
+ .in.file_attributes = FILE_ATTRIBUTE_DIRECTORY,
+ .in.create_disposition = NTCREATEX_DISP_OPEN_IF,
+ .in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE |
+ NTCREATEX_SHARE_ACCESS_DELETE,
+ .in.create_options = NTCREATEX_OPTIONS_DIRECTORY,
+ .in.fname = DNAME,
+ };
+
+ status = smb2_create(tree, tctx, &c);
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
+ "smb2_create\n");
+ h1 = c.out.file.handle;
+
+ /* Try to set temporary attribute on directory */
+ SET_ATTRIB(FILE_ATTRIBUTE_TEMPORARY);
+
+ torture_assert_ntstatus_equal_goto(tctx, status,
+ NT_STATUS_INVALID_PARAMETER,
+ ret, done,
+ "Unexpected setinfo result\n");
+
+done:
+ if (!smb2_util_handle_empty(h1)) {
+ smb2_util_close(tree, h1);
+ }
+ smb2_util_unlink(tree, fname);
+ smb2_deltree(tree, fname);
+
+ return ret;
+}
+
/*
test opening quota fakefile handle and returned attributes
*/
@@ -3141,6 +3187,7 @@ struct torture_suite *torture_smb2_create_init(TALLOC_CTX *ctx)
torture_suite_add_1smb2_test(suite, "nulldacl", test_create_null_dacl);
torture_suite_add_1smb2_test(suite, "mkdir-dup", test_mkdir_dup);
torture_suite_add_1smb2_test(suite, "dir-alloc-size", test_dir_alloc_size);
+ torture_suite_add_1smb2_test(suite, "dosattr_tmp_dir", test_dosattr_tmp_dir);
torture_suite_add_1smb2_test(suite, "quota-fake-file", test_smb2_open_quota_fake_file);
suite->description = talloc_strdup(suite, "SMB2-CREATE tests");
--
Samba Shared Repository
More information about the samba-cvs
mailing list