smb2_file_rename_information must check that the file has been opened with DELETE Access ...

Richard Sharpe realrichardsharpe at gmail.com
Wed Nov 14 17:47:34 MST 2012


On Wed, Nov 14, 2012 at 11:48 AM, Christian Ambach <ambi at samba.org> wrote:
> Hi Richard,
>
> On 11/14/2012 05:59 PM, Richard Sharpe wrote:
>> On Tue, Nov 13, 2012 at 8:38 PM, Richard Sharpe
>> <realrichardsharpe at gmail.com> wrote:
>>> Hi folks,
>>>
>>> One of the smb2 tests shows that you can only do a SET_FILE_INFO
>>> Rename Info if you have the source file open for delete.
>>>
>>> This is confirmed by MS-FSCC section x.y.z. I will confirm the
>>> specific section tomorrow.
>>>
>>> The following is a potential fix.
>>>
>>> diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
>>> index 61d755c..d919ad4 100644
>>> --- a/source3/smbd/trans2.c
>>> +++ b/source3/smbd/trans2.c
>>> @@ -6100,6 +6100,9 @@ static NTSTATUS smb2_file_rename_information(connection_st
>>>                  return NT_STATUS_INVALID_PARAMETER;
>>>          }
>>>
>>> +       if (!(fsp->access_mask & DELETE_ACCESS)) {
>>> +               return NT_STATUS_ACCESS_DENIED;
>>> +       }
>>>          srvstr_get_path(ctx, pdata, req->flags2, &newname,
>>>                                  &pdata[20], len, STR_TERMINATE,
>>>                                  &status);
>
> Do we have an existing piece in the smb2 torture tests that shows that
> this necessary? If there is a test in place, I think the patch is valid.

Yes, I forgot to mention that. The test is smb2.rename test in the
Master branch.

It succeeds against Win2K08 in that we get ACCESS_DENIED while it
fails against Samba 3.6.6:

time: 2012-11-14 16:46:10.618975
failure: simple_nodelete) [
(../source4/torture/smb2/rename.c:184) Incorrect status NT_STATUS_OK -
should be NT_STATUS_ACCESS_DENIED
]

Command I ran was:

./bin/smbtorture //10.1.4.187/test1 -Udomain/administrator smb2.rename

from samba.master

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)


More information about the samba-technical mailing list