mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3: smbd: Refuse open in create_file_unixpath() with only SEC_FLAG_SYSTEM_SECURITY set.
We now pass smbtorture3 SMB2-SACL like Windows 10 does. Note this is an SMB2-only behavior. SMB1 allows an open with only SEC_FLAG_SYSTEM_SECURITY set as tested in smbtorture3 SMB1-SYSTEM-SECURITY. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 21 20:17:10 UTC 2020 on sn-devel-184
This commit is contained in:
parent
d53c3f2b83
commit
1ebec7056b
@ -1,2 +0,0 @@
|
||||
^samba3.blackbox.sacl_get_set.SACL set_get\(fileserver\)
|
||||
|
@ -5432,6 +5432,21 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
|
||||
status = NT_STATUS_PRIVILEGE_NOT_HELD;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (conn->sconn->using_smb2 &&
|
||||
(access_mask == SEC_FLAG_SYSTEM_SECURITY))
|
||||
{
|
||||
/*
|
||||
* No other bits set. Windows SMB2 refuses this.
|
||||
* See smbtorture3 SMB2-SACL test.
|
||||
*
|
||||
* Note this is an SMB2-only behavior,
|
||||
* smbtorture3 SMB1-SYSTEM-SECURITY already tests
|
||||
* that SMB1 allows this.
|
||||
*/
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user