sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1

Browse Source 
The spec lists the following as requiring special access:

- for requiring FILE_READ_ATTRIBUTES:

  FileBasicInformation
  FileAllInformation
  FileNetworkOpenInformation
  FileAttributeTagInformation

- for requiring FILE_READ_EA:

  FileFullEaInformation

All other infolevels are unrestricted.

We ignore the IPC related infolevels:

  FilePipeInformation
  FilePipeLocalInformation
  FilePipeRemoteInformation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
This commit is contained in:
Ralph Boehme 2022-08-14 18:46:24 +02:00
parent 9b2d281571
commit 6d493a9d56
3 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
selftest/knownfail
View File

@ -208,10 +208,8 @@
^samba3.smb2.oplock.stream1
^samba3.smb2.streams.rename
^samba3.smb2.streams.rename2
^samba3.smb2.streams.attributes1\(.*\)
^samba3.smb2.streams streams_xattr.rename\(nt4_dc\)
^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\)
^samba3.smb2.streams streams_xattr.attributes1\(nt4_dc\)
^samba3.smb2.getinfo.complex
^samba3.smb2.getinfo.fsinfo # quotas don't work yet
^samba3.smb2.setinfo.setinfo

2
selftest/knownfail.d/samba3.smb2.getinfo
View File

@ -1,2 +0,0 @@
^samba3.smb2.getinfo.getinfo_access\(nt4_dc\)
^samba3.smb2.getinfo.getinfo_access\(ad_dc\)

28
source3/smbd/smb2_getinfo.c
View File

@ -303,6 +303,34 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx,
ZERO_STRUCT(write_time_ts);
/*
* MS-SMB2 3.3.5.20.1 "Handling SMB2_0_INFO_FILE"
*
* FileBasicInformation, FileAllInformation,
* FileNetworkOpenInformation, FileAttributeTagInformation
* require FILE_READ_ATTRIBUTES.
*
* FileFullEaInformation requires FILE_READ_EA.
*/
switch (in_file_info_class) {
case FSCC_FILE_BASIC_INFORMATION:
case FSCC_FILE_ALL_INFORMATION:
case FSCC_FILE_NETWORK_OPEN_INFORMATION:
case FSCC_FILE_ATTRIBUTE_TAG_INFORMATION:
if (!(fsp->access_mask & SEC_FILE_READ_ATTRIBUTE)) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return tevent_req_post(req, ev);
}
break;
case FSCC_FILE_FULL_EA_INFORMATION:
if (!(fsp->access_mask & SEC_FILE_READ_EA)) {
tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
return tevent_req_post(req, ev);
}
break;
}
switch (in_file_info_class) {
case FSCC_FILE_FULL_EA_INFORMATION:
file_info_level = SMB2_FILE_FULL_EA_INFORMATION;