Bug 10252 - Access Based Enuemration: User can see/list folders/files even when they denied to either read attribute or read extend attribiute permission
Partha Sarathi
parthasarathi.bl at gmail.com
Tue Nov 5 23:50:05 MST 2013
Hi,
I just gone through the hide unreadable related code and found that we are
only checking for FILE_READ_DATA at user_can_read_file() and I have added
the rest of the access mask just work similar to windows.
bash-4.0$ diff -up smbd/dir.c smbd/dir.c.fix
--- smbd/dir.c 2013-11-05 22:42:44.565464984 -0800
+++ smbd/dir.c.fix 2013-11-05 22:42:31.751405097 -0800
@@ -1185,7 +1185,7 @@ static bool user_can_read_file(connectio
return True;
}
- return can_access_file_acl(conn, smb_fname, FILE_READ_DATA);
+ return can_access_file_acl(conn, smb_fname, (FILE_READ_DATA |
FILE_READ_EA | FILE_READ_ATTRIBUTES));
}
/*******************************************************************
Note: I have done the unit test and it just works like Windows i.e even if
the user is just denied for any one of the READ permissions samba hides the
folder/files with the above changes.
--
Thanks & Regards
-Partha
More information about the samba-technical
mailing list