1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s3: smbd: Refuse open in create_file_unixpath() with only SEC_FLAG_SYSTEM_SECURITY set.

We now pass smbtorture3 SMB2-SACL like Windows 10 does.
Note this is an SMB2-only behavior. SMB1 allows an open
with only SEC_FLAG_SYSTEM_SECURITY set as tested in
smbtorture3 SMB1-SYSTEM-SECURITY.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 21 20:17:10 UTC 2020 on sn-devel-184
This commit is contained in:
Jeremy Allison 2020-04-17 14:23:07 -07:00
parent d53c3f2b83
commit 1ebec7056b
2 changed files with 15 additions and 2 deletions

View File

@ -1,2 +0,0 @@
^samba3.blackbox.sacl_get_set.SACL set_get\(fileserver\)

View File

@ -5432,6 +5432,21 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
status = NT_STATUS_PRIVILEGE_NOT_HELD;
goto fail;
}
if (conn->sconn->using_smb2 &&
(access_mask == SEC_FLAG_SYSTEM_SECURITY))
{
/*
* No other bits set. Windows SMB2 refuses this.
* See smbtorture3 SMB2-SACL test.
*
* Note this is an SMB2-only behavior,
* smbtorture3 SMB1-SYSTEM-SECURITY already tests
* that SMB1 allows this.
*/
status = NT_STATUS_ACCESS_DENIED;
goto fail;
}
}
/*