sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-02 00:22:11 +03:00
Code Activity

s3/smbd: handle EACCES when fetching DOS attributes from xattr

Browse Source 
When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(backported from commit c54fcb7cbd)
This commit is contained in:
Ralph Boehme
2017-06-08 19:10:20 +02:00
committed by Karolin Seeger
parent e934f0274f
commit d909d9986c
1 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
source3/smbd/dosmode.c
View File

@ -281,6 +281,42 @@ NTSTATUS get_ea_dos_attribute(connection_struct *conn,
sizeret = SMB_VFS_GETXATTR(conn, smb_fname->base_name,
SAMBA_XATTR_DOS_ATTRIB, attrstr,
sizeof(attrstr));
if (sizeret == -1 && errno == EACCES) {
int saved_errno = 0;
/*
* According to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to
* an Existing File" FILE_LIST_DIRECTORY on a directory implies
* FILE_READ_ATTRIBUTES for directory entries. Being able to
* stat() a file implies FILE_LIST_DIRECTORY for the directory
* containing the file.
*/
if (!VALID_STAT(smb_fname->st)) {
/*
* Safety net: dos_mode() already checks this, but as we
* become root based on this, add an additional layer of
* defense.
*/
DBG_ERR("Rejecting root override, invalid stat [%s]\n",
smb_fname_str_dbg(smb_fname));
return NT_STATUS_ACCESS_DENIED;
}
become_root();
sizeret = SMB_VFS_GETXATTR(conn, smb_fname->base_name,
SAMBA_XATTR_DOS_ATTRIB,
attrstr,
sizeof(attrstr));
if (sizeret == -1) {
saved_errno = errno;
}
unbecome_root();
if (saved_errno != 0) {
errno = saved_errno;
}
}
if (sizeret == -1) {
DBG_INFO("Cannot get attribute "
"from EA on file %s: Error = %s\n",