[PATCH] two fixes for vfs_streams_xattr

Ralph Böhme rb at sernet.de
Fri Nov 21 07:02:52 MST 2014 

Hi all,

attached are some fixes for vfs_streams_xattr.

0001: I broke it, I fix it (hopefully), see the commit message for
details. :/

0002: should be obvious

0003 adds a check for stream types that was missing which resulted in
a smb2.streams.names failure. The fix was shamelessly stolen from
vfs_streams_depot.

Please review and push if ok.

We need these in 4.2 too, at least 0001.

Thanks!
-Ralph

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de,mailto:kontakt@sernet.de
-------------- next part --------------
>From 6bb7bf107c066378a75c5bcb218cf7877769f90c Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Thu, 20 Nov 2014 16:33:22 +0100
Subject: [PATCH 1/3] vfs_streams_xattr: fix check with
 samba_private_attr_name()

We want to check with samba_private_attr_name() whether the xattr name
is a private one, unfortunately it flags xattrs that begin with the
default streams prefix as private.  By only calling
samba_private_attr_name() in case the xattr does NOT begin with the
default prefix, we know that if it returns 'true' it definitely one of
our internal xattr like "user.DOSATTRIB".

This fixes a bug introduced in 634bcb09a08b927fd79ae0e16aeee2a123605f94
that denied all access to valid stream xattrs.

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 source3/modules/vfs_streams_xattr.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index 735db2b..6314442 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -687,13 +687,28 @@ static NTSTATUS walk_xattr_streams(vfs_handle_struct *handle, files_struct *fsp,
 	for (i=0; i<num_names; i++) {
 		struct ea_struct ea;
 
+		/*
+		 * We want to check with samba_private_attr_name()
+		 * whether the xattr name is a private one,
+		 * unfortunately it flags xattrs that begin with the
+		 * default streams prefix as private.
+		 *
+		 * By only calling samba_private_attr_name() in case
+		 * the xattr does NOT begin with the default prefix,
+		 * we know that if it returns 'true' it definitely one
+		 * of our internal xattr like "user.DOSATTRIB".
+		 */
+		if (strncasecmp_m(names[i], SAMBA_XATTR_DOSSTREAM_PREFIX,
+				  strlen(SAMBA_XATTR_DOSSTREAM_PREFIX)) != 0) {
+			if (samba_private_attr_name(names[i])) {
+				continue;
+			}
+		}
+
 		if (strncmp(names[i], config->prefix,
 			    config->prefix_len) != 0) {
 			continue;
 		}
-		if (samba_private_attr_name(names[i])) {
-			continue;
-		}
 
 		status = get_ea_value(names, handle->conn, fsp, fname,
 				      names[i], &ea);
-- 
1.9.3


>From a557b9db924c48dd79274d071c3b541a5452a9df Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Fri, 21 Nov 2014 14:54:17 +0100
Subject: [PATCH 2/3] vfs_streams_xattr: initialize pointer

Intitialize pointer to NULL, otherwise we talloc_free() an unitialized
pointer in the error code path.

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 source3/modules/vfs_streams_xattr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index 6314442..f65ccc8 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -533,7 +533,7 @@ static int streams_xattr_unlink(vfs_handle_struct *handle,
 {
 	NTSTATUS status;
 	int ret = -1;
-	char *xattr_name;
+	char *xattr_name = NULL;
 
 	if (!is_ntfs_stream_smb_fname(smb_fname)) {
 		return SMB_VFS_NEXT_UNLINK(handle, smb_fname);
-- 
1.9.3


>From 953845c558bc01307f7934a26aa143a3c33a411a Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Fri, 21 Nov 2014 14:56:08 +0100
Subject: [PATCH 3/3] vfs_streams_xattr: check stream type

Only allow access to the stream type "$DATA". vfs_streams_depot does
this too and it fixes the failing test "smb2.streams.names".

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 source3/modules/vfs_streams_xattr.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index f65ccc8..f0ab732 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -114,6 +114,12 @@ static NTSTATUS streams_xattr_get_name(vfs_handle_struct *handle,
 
 	stype = strchr_m(stream_name + 1, ':');
 
+	if (stype) {
+		if (strcasecmp_m(stype, ":$DATA") != 0) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+	}
+
 	*xattr_name = talloc_asprintf(ctx, "%s%s",
 				      config->prefix,
 				      stream_name + 1);
-- 
1.9.3

More information about the samba-technical mailing list