Changeset 732 for branches/samba-3.5.x/source3/smbd
- Timestamp:
- Nov 12, 2012, 4:35:55 PM (13 years ago)
- Location:
- branches/samba-3.5.x/source3/smbd
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.5.x/source3/smbd/filename.c
r599 r732 296 296 if((!conn->case_sensitive || !(conn->fs_capabilities & 297 297 FILE_CASE_SENSITIVE_SEARCH)) && 298 stat_cache_lookup(conn, &smb_fname->base_name, &dirpath, &start,298 stat_cache_lookup(conn, posix_pathnames, &smb_fname->base_name, &dirpath, &start, 299 299 &smb_fname->st)) { 300 300 goto done; … … 840 840 841 841 /**************************************************************************** 842 Ensure a path is not vetod. 843 ****************************************************************************/ 844 845 NTSTATUS check_veto_path(connection_struct *conn, const char *name) 846 { 847 if (IS_VETO_PATH(conn, name)) { 848 /* Is it not dot or dot dot. */ 849 if (!(ISDOT(name) || ISDOTDOT(name))) { 850 DEBUG(5,("check_veto_path: file path name %s vetoed\n", 851 name)); 852 return map_nt_error_from_unix(ENOENT); 853 } 854 } 855 return NT_STATUS_OK; 856 } 857 858 /**************************************************************************** 842 859 Check a filename - possibly calling check_reduced_name. 843 860 This is called by every routine before it allows an operation on a filename. … … 848 865 NTSTATUS check_name(connection_struct *conn, const char *name) 849 866 { 850 if (IS_VETO_PATH(conn, name)) { 851 /* Is it not dot or dot dot. */ 852 if (!((name[0] == '.') && (!name[1] || 853 (name[1] == '.' && !name[2])))) { 854 DEBUG(5,("check_name: file path name %s vetoed\n", 855 name)); 856 return map_nt_error_from_unix(ENOENT); 857 } 867 NTSTATUS status = check_veto_path(conn, name); 868 869 if (!NT_STATUS_IS_OK(status)) { 870 return status; 858 871 } 859 872 860 873 if (!lp_widelinks(SNUM(conn)) || !lp_symlinks(SNUM(conn))) { 861 NTSTATUSstatus = check_reduced_name(conn,name);874 status = check_reduced_name(conn,name); 862 875 if (!NT_STATUS_IS_OK(status)) { 863 876 DEBUG(5,("check_name: name %s failed with %s\n",name, … … 1177 1190 } 1178 1191 1192 if ((ucf_flags & UCF_UNIX_NAME_LOOKUP) && 1193 VALID_STAT((*pp_smb_fname)->st) && 1194 S_ISLNK((*pp_smb_fname)->st.st_ex_mode)) { 1195 return check_veto_path(conn, (*pp_smb_fname)->base_name); 1196 } 1197 1179 1198 status = check_name(conn, (*pp_smb_fname)->base_name); 1180 1199 if (!NT_STATUS_IS_OK(status)) { -
branches/samba-3.5.x/source3/smbd/msdfs.c
r596 r732 526 526 527 527 /* 528 * Note the unix path conversion here we're doing we can 528 * Note the unix path conversion here we're doing we 529 529 * throw away. We're looking for a symlink for a dfs 530 530 * resolution, if we don't find it we'll do another 531 531 * unix_convert later in the codepath. 532 * If we needed to remember what we'd resolved in533 * dp->reqpath (as the original code did) we'd534 * copy (localhost, dp->reqpath) on any code535 * path below that returns True - but I don't536 * think this is needed. JRA.537 532 */ 538 533 … … 545 540 return status; 546 541 } 547 548 /* Create an smb_fname to use below. */ 549 status = create_synthetic_smb_fname(ctx, pdp->reqpath, NULL, 550 NULL, &smb_fname); 551 if (!NT_STATUS_IS_OK(status)) { 542 if (smb_fname == NULL || smb_fname->base_name == NULL) { 552 543 return status; 553 544 } -
branches/samba-3.5.x/source3/smbd/nttrans.c
r599 r732 861 861 /* Ensure we have at least one thing set. */ 862 862 if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) { 863 if (security_info_sent & SECINFO_LABEL) { 864 /* Only consider SECINFO_LABEL if no other 865 bits are set. Just like W2K3 we don't 866 store this. */ 867 return NT_STATUS_OK; 868 } 863 869 return NT_STATUS_INVALID_PARAMETER; 864 870 } … … 1850 1856 } 1851 1857 1858 if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| 1859 SECINFO_GROUP|SECINFO_SACL)) { 1860 /* Don't return SECINFO_LABEL if anything else was 1861 requested. See bug #8458. */ 1862 security_info_wanted &= ~SECINFO_LABEL; 1863 } 1864 1852 1865 if (!lp_nt_acl_support(SNUM(conn))) { 1866 status = get_null_nt_acl(talloc_tos(), &psd); 1867 } else if (security_info_wanted & SECINFO_LABEL) { 1868 /* Like W2K3 return a null object. */ 1853 1869 status = get_null_nt_acl(talloc_tos(), &psd); 1854 1870 } else { … … 1882 1898 security_info_wanted & DACL_SECURITY_INFORMATION) 1883 1899 psd->type |= SEC_DESC_DACL_PRESENT; 1900 1901 if (security_info_wanted & SECINFO_LABEL) { 1902 /* Like W2K3 return a null object. */ 1903 psd->owner_sid = NULL; 1904 psd->group_sid = NULL; 1905 psd->dacl = NULL; 1906 psd->sacl = NULL; 1907 psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT); 1908 } 1884 1909 1885 1910 sd_size = ndr_size_security_descriptor(psd, NULL, 0); -
branches/samba-3.5.x/source3/smbd/open.c
r620 r732 661 661 } 662 662 663 /*******************************************************************664 Return True if the filename is one of the special executable types.665 ********************************************************************/666 667 bool is_executable(const char *fname)668 {669 if ((fname = strrchr_m(fname,'.'))) {670 if (strequal(fname,".com") ||671 strequal(fname,".dll") ||672 strequal(fname,".exe") ||673 strequal(fname,".sym")) {674 return True;675 }676 }677 return False;678 }679 680 663 /**************************************************************************** 681 664 Check if we can open a file with a share mode. … … 1221 1204 return dup_file_fsp(req, fsp, access_mask, share_access, 1222 1205 create_options, fsp_to_dup_into); 1223 }1224 1225 /****************************************************************************1226 Open a file with a share mode - old openX method - map into NTCreate.1227 ****************************************************************************/1228 1229 bool map_open_params_to_ntcreate(const struct smb_filename *smb_fname,1230 int deny_mode, int open_func,1231 uint32 *paccess_mask,1232 uint32 *pshare_mode,1233 uint32 *pcreate_disposition,1234 uint32 *pcreate_options)1235 {1236 uint32 access_mask;1237 uint32 share_mode;1238 uint32 create_disposition;1239 uint32 create_options = FILE_NON_DIRECTORY_FILE;1240 1241 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "1242 "open_func = 0x%x\n",1243 smb_fname_str_dbg(smb_fname), (unsigned int)deny_mode,1244 (unsigned int)open_func ));1245 1246 /* Create the NT compatible access_mask. */1247 switch (GET_OPENX_MODE(deny_mode)) {1248 case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */1249 case DOS_OPEN_RDONLY:1250 access_mask = FILE_GENERIC_READ;1251 break;1252 case DOS_OPEN_WRONLY:1253 access_mask = FILE_GENERIC_WRITE;1254 break;1255 case DOS_OPEN_RDWR:1256 case DOS_OPEN_FCB:1257 access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;1258 break;1259 default:1260 DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",1261 (unsigned int)GET_OPENX_MODE(deny_mode)));1262 return False;1263 }1264 1265 /* Create the NT compatible create_disposition. */1266 switch (open_func) {1267 case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:1268 create_disposition = FILE_CREATE;1269 break;1270 1271 case OPENX_FILE_EXISTS_OPEN:1272 create_disposition = FILE_OPEN;1273 break;1274 1275 case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:1276 create_disposition = FILE_OPEN_IF;1277 break;1278 1279 case OPENX_FILE_EXISTS_TRUNCATE:1280 create_disposition = FILE_OVERWRITE;1281 break;1282 1283 case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:1284 create_disposition = FILE_OVERWRITE_IF;1285 break;1286 1287 default:1288 /* From samba4 - to be confirmed. */1289 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {1290 create_disposition = FILE_CREATE;1291 break;1292 }1293 DEBUG(10,("map_open_params_to_ntcreate: bad "1294 "open_func 0x%x\n", (unsigned int)open_func));1295 return False;1296 }1297 1298 /* Create the NT compatible share modes. */1299 switch (GET_DENY_MODE(deny_mode)) {1300 case DENY_ALL:1301 share_mode = FILE_SHARE_NONE;1302 break;1303 1304 case DENY_WRITE:1305 share_mode = FILE_SHARE_READ;1306 break;1307 1308 case DENY_READ:1309 share_mode = FILE_SHARE_WRITE;1310 break;1311 1312 case DENY_NONE:1313 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;1314 break;1315 1316 case DENY_DOS:1317 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_DOS;1318 if (is_executable(smb_fname->base_name)) {1319 share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;1320 } else {1321 if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {1322 share_mode = FILE_SHARE_READ;1323 } else {1324 share_mode = FILE_SHARE_NONE;1325 }1326 }1327 break;1328 1329 case DENY_FCB:1330 create_options |= NTCREATEX_OPTIONS_PRIVATE_DENY_FCB;1331 share_mode = FILE_SHARE_NONE;1332 break;1333 1334 default:1335 DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",1336 (unsigned int)GET_DENY_MODE(deny_mode) ));1337 return False;1338 }1339 1340 DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "1341 "share_mode = 0x%x, create_disposition = 0x%x, "1342 "create_options = 0x%x\n",1343 smb_fname_str_dbg(smb_fname),1344 (unsigned int)access_mask,1345 (unsigned int)share_mode,1346 (unsigned int)create_disposition,1347 (unsigned int)create_options ));1348 1349 if (paccess_mask) {1350 *paccess_mask = access_mask;1351 }1352 if (pshare_mode) {1353 *pshare_mode = share_mode;1354 }1355 if (pcreate_disposition) {1356 *pcreate_disposition = create_disposition;1357 }1358 if (pcreate_options) {1359 *pcreate_options = create_options;1360 }1361 1362 return True;1363 1364 1206 } 1365 1207 … … 1503 1345 ZERO_STRUCT(id); 1504 1346 1505 /* Windows allows a new file to be created and1506 silently removes a FILE_ATTRIBUTE_DIRECTORY1507 sent by the client. Do the same. */1508 1509 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;1510 1511 1347 if (conn->printer) { 1512 1348 /* … … 1542 1378 new_dos_attributes = 0; 1543 1379 } else { 1380 /* Windows allows a new file to be created and 1381 silently removes a FILE_ATTRIBUTE_DIRECTORY 1382 sent by the client. Do the same. */ 1383 1384 new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY; 1385 1544 1386 /* We add aARCH to this as this mode is only used if the file is 1545 1387 * created new. */ -
branches/samba-3.5.x/source3/smbd/posix_acls.c
r599 r732 1398 1398 pace->trustee = *pfile_owner_sid; 1399 1399 pace->attr = ALLOW_ACE; 1400 /* Start with existing permissions, principle of least 1401 surprises for the user. */ 1402 pace->perms = pst->st_ex_mode; 1400 1403 1401 1404 if (setting_acl) { 1402 1405 /* See if the owning user is in any of the other groups in 1403 the ACE . If so, OR in the permissions from that group. */1404 1405 bool group_matched = False; 1406 the ACE, or if there's a matching user entry. 1407 If so, OR in the permissions from that entry. */ 1408 1406 1409 canon_ace *pace_iter; 1407 1410 1408 1411 for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) { 1409 if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { 1412 if (pace_iter->type == SMB_ACL_USER && 1413 pace_iter->unix_ug.uid == pace->unix_ug.uid) { 1414 pace->perms |= pace_iter->perms; 1415 } else if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { 1410 1416 if (uid_entry_in_group(pace, pace_iter)) { 1411 1417 pace->perms |= pace_iter->perms; 1412 group_matched = True;1413 1418 } 1414 1419 } 1415 1420 } 1416 1421 1417 /* If we only got an "everyone" perm, just use that. */1418 if (!group_matched) {1422 if (pace->perms == 0) { 1423 /* If we only got an "everyone" perm, just use that. */ 1419 1424 if (got_other) 1420 1425 pace->perms = pace_other->perms; 1421 else1422 pace->perms = 0;1423 1426 } 1424 1427 … … 1485 1488 If it does not have them, check if there are any entries where the trustee is the 1486 1489 file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ. 1490 Note we must not do this to default directory ACLs. 1487 1491 ****************************************************************************/ 1488 1492 … … 1524 1528 if (!got_group_obj) 1525 1529 DEBUG(10,("check_owning_objs: ACL is missing an owning group entry.\n")); 1526 }1527 1528 /****************************************************************************1529 If an ACE entry is SMB_ACL_USER_OBJ and not CREATOR_OWNER, map to SMB_ACL_USER.1530 If an ACE entry is SMB_ACL_GROUP_OBJ and not CREATOR_GROUP, map to SMB_ACL_GROUP1531 ****************************************************************************/1532 1533 static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace)1534 {1535 /* dir ace must be followings.1536 SMB_ACL_USER_OBJ : trustee(CREATOR_OWNER) -> Posix ACL d:u::perm1537 SMB_ACL_USER : not trustee -> Posix ACL u:user:perm1538 SMB_ACL_USER_OBJ : trustee -> convert to SMB_ACL_USER : trustee1539 Posix ACL u:trustee:perm1540 1541 SMB_ACL_GROUP_OBJ: trustee(CREATOR_GROUP) -> Posix ACL d:g::perm1542 SMB_ACL_GROUP : not trustee -> Posix ACL g:group:perm1543 SMB_ACL_GROUP_OBJ: trustee -> convert to SMB_ACL_GROUP : trustee1544 Posix ACL g:trustee:perm1545 */1546 1547 if (ace->type == SMB_ACL_USER_OBJ &&1548 !(sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {1549 canon_ace *dup_ace = dup_canon_ace(ace);1550 1551 if (dup_ace == NULL) {1552 return false;1553 }1554 dup_ace->type = SMB_ACL_USER;1555 DLIST_ADD_END(dir_ace, dup_ace, canon_ace *);1556 }1557 1558 if (ace->type == SMB_ACL_GROUP_OBJ &&1559 !(sid_equal(&ace->trustee, &global_sid_Creator_Group))) {1560 canon_ace *dup_ace = dup_canon_ace(ace);1561 1562 if (dup_ace == NULL) {1563 return false;1564 }1565 dup_ace->type = SMB_ACL_GROUP;1566 DLIST_ADD_END(dir_ace, dup_ace, canon_ace *);1567 }1568 1569 return true;1570 1530 } 1571 1531 … … 1793 1753 (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) { 1794 1754 1755 canon_ace *current_dir_ace = current_ace; 1795 1756 DLIST_ADD_END(dir_ace, current_ace, canon_ace *); 1796 1757 … … 1818 1779 dbgtext("create_canon_ace_lists: adding dir ACL:\n"); 1819 1780 print_canon_ace( current_ace, 0); 1820 }1821 1822 /*1823 * We have a lossy mapping: directory ACE entries1824 * CREATOR_OWNER ------\1825 * (map to) +---> SMB_ACL_USER_OBJ1826 * owning sid ------/1827 *1828 * CREATOR_GROUP ------\1829 * (map to) +---> SMB_ACL_GROUP_OBJ1830 * primary group sid --/1831 *1832 * on set. And on read of a directory ACL1833 *1834 * SMB_ACL_USER_OBJ ----> CREATOR_OWNER1835 * SMB_ACL_GROUP_OBJ ---> CREATOR_GROUP.1836 *1837 * Deal with this on set by duplicating1838 * owning sid and primary group sid ACE1839 * entries into the directory ACL.1840 * Fix from Tsukasa Hamano <hamano@osstech.co.jp>.1841 */1842 1843 if (!dup_owning_ace(dir_ace, current_ace)) {1844 DEBUG(0,("create_canon_ace_lists: malloc fail !\n"));1845 free_canon_ace_list(file_ace);1846 free_canon_ace_list(dir_ace);1847 return false;1848 1781 } 1849 1782 … … 1882 1815 current_ace = NULL; 1883 1816 } 1817 1818 /* 1819 * current_ace is now either owned by file_ace 1820 * or is NULL. We can safely operate on current_dir_ace 1821 * to treat mapping for default acl entries differently 1822 * than access acl entries. 1823 */ 1824 1825 if (current_dir_ace->owner_type == UID_ACE) { 1826 /* 1827 * We already decided above this is a uid, 1828 * for default acls ace's only CREATOR_OWNER 1829 * maps to ACL_USER_OBJ. All other uid 1830 * ace's are ACL_USER. 1831 */ 1832 if (sid_equal(¤t_dir_ace->trustee, 1833 &global_sid_Creator_Owner)) { 1834 current_dir_ace->type = SMB_ACL_USER_OBJ; 1835 } else { 1836 current_dir_ace->type = SMB_ACL_USER; 1837 } 1838 } 1839 1840 if (current_dir_ace->owner_type == GID_ACE) { 1841 /* 1842 * We already decided above this is a gid, 1843 * for default acls ace's only CREATOR_GROUP 1844 * maps to ACL_GROUP_OBJ. All other uid 1845 * ace's are ACL_GROUP. 1846 */ 1847 if (sid_equal(¤t_dir_ace->trustee, 1848 &global_sid_Creator_Group)) { 1849 current_dir_ace->type = SMB_ACL_GROUP_OBJ; 1850 } else { 1851 current_dir_ace->type = SMB_ACL_GROUP; 1852 } 1853 } 1884 1854 } 1885 1855 } … … 1943 1913 } else { 1944 1914 /* 1945 * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in each 1946 * ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP 1947 * entries can be converted to *_OBJ. Usually we will already have these 1948 * entries in the Default ACL, and the Access ACL will not have them. 1915 * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in 1916 * the file ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP 1917 * entries can be converted to *_OBJ. Don't do this for the default 1918 * ACL, we will create them separately for this if needed inside 1919 * ensure_canon_entry_valid(). 1949 1920 */ 1950 1921 if (file_ace) { 1951 1922 check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid); 1952 }1953 if (dir_ace) {1954 check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid);1955 1923 } 1956 1924 } … … 2275 2243 2276 2244 /**************************************************************************** 2277 Create a default mode that will be used if a security descriptor entry has2278 no user/group/world entries.2279 ****************************************************************************/2280 2281 static mode_t create_default_mode(files_struct *fsp, bool interitable_mode)2282 {2283 int snum = SNUM(fsp->conn);2284 mode_t and_bits = (mode_t)0;2285 mode_t or_bits = (mode_t)0;2286 mode_t mode;2287 2288 if (interitable_mode) {2289 mode = unix_mode(fsp->conn, FILE_ATTRIBUTE_ARCHIVE,2290 fsp->fsp_name, NULL);2291 } else {2292 mode = S_IRUSR;2293 }2294 2295 if (fsp->is_directory)2296 mode |= (S_IWUSR|S_IXUSR);2297 2298 /*2299 * Now AND with the create mode/directory mode bits then OR with the2300 * force create mode/force directory mode bits.2301 */2302 2303 if (fsp->is_directory) {2304 and_bits = lp_dir_security_mask(snum);2305 or_bits = lp_force_dir_security_mode(snum);2306 } else {2307 and_bits = lp_security_mask(snum);2308 or_bits = lp_force_security_mode(snum);2309 }2310 2311 return ((mode & and_bits)|or_bits);2312 }2313 2314 /****************************************************************************2315 2245 Unpack a SEC_DESC into two canonical ace lists. We don't depend on this 2316 2246 succeeding. … … 2326 2256 const SEC_DESC *psd) 2327 2257 { 2328 SMB_STRUCT_STAT st;2329 2258 canon_ace *file_ace = NULL; 2330 2259 canon_ace *dir_ace = NULL; … … 2390 2319 print_canon_ace_list( "file ace - before valid", file_ace); 2391 2320 2392 st = *pst;2393 2394 /*2395 * A default 3 element mode entry for a file should be r-- --- ---.2396 * A default 3 element mode entry for a directory should be rwx --- ---.2397 */2398 2399 st.st_ex_mode = create_default_mode(fsp, False);2400 2401 2321 if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params, 2402 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, &st, True)) {2322 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) { 2403 2323 free_canon_ace_list(file_ace); 2404 2324 free_canon_ace_list(dir_ace); … … 2408 2328 print_canon_ace_list( "dir ace - before valid", dir_ace); 2409 2329 2410 /*2411 * A default inheritable 3 element mode entry for a directory should be the2412 * mode Samba will use to create a file within. Ensure user rwx bits are set if2413 * it's a directory.2414 */2415 2416 st.st_ex_mode = create_default_mode(fsp, True);2417 2418 2330 if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params, 2419 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, &st, True)) {2331 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) { 2420 2332 free_canon_ace_list(file_ace); 2421 2333 free_canon_ace_list(dir_ace); -
branches/samba-3.5.x/source3/smbd/process.c
r599 r732 1910 1910 1911 1911 /* 1912 * Check if the client tries to fool us. The request so far uses the 1913 * space to the end of the byte buffer in the request just 1914 * processed. The chain_offset can't point into that area. If that was 1915 * the case, we could end up with an endless processing of the chain, 1916 * we would always handle the same request. 1917 */ 1918 1919 already_used = PTR_DIFF(req->buf+req->buflen, smb_base(req->inbuf)); 1920 if (chain_offset < already_used) { 1912 * Check if the client tries to fool us. The chain offset 1913 * needs to point beyond the current request in the chain, it 1914 * needs to strictly grow. Otherwise we might be tricked into 1915 * an endless loop always processing the same request over and 1916 * over again. We used to assume that vwv and the byte buffer 1917 * array in a chain are always attached, but OS/2 the 1918 * Write&X/Read&X chain puts the Read&X vwv array right behind 1919 * the Write&X vwv chain. The Write&X bcc array is put behind 1920 * the Read&X vwv array. So now we check whether the chain 1921 * offset points strictly behind the previous vwv 1922 * array. req->buf points right after the vwv array of the 1923 * previous request. See 1924 * https://bugzilla.samba.org/show_bug.cgi?id=8360 for more 1925 * information. 1926 */ 1927 1928 already_used = PTR_DIFF(req->buf, smb_base(req->inbuf)); 1929 if (chain_offset <= already_used) { 1921 1930 goto error; 1922 1931 } -
branches/samba-3.5.x/source3/smbd/reply.c
r590 r732 1754 1754 } 1755 1755 1756 if (!map_open_params_to_ntcreate(smb_fname , deny_mode,1756 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode, 1757 1757 OPENX_FILE_EXISTS_OPEN, &access_mask, 1758 1758 &share_mode, &create_disposition, … … 1927 1927 } 1928 1928 1929 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, smb_ofun, 1929 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode, 1930 smb_ofun, 1930 1931 &access_mask, &share_mode, 1931 1932 &create_disposition, … … 6436 6437 new_create_disposition = FILE_OPEN; 6437 6438 } else { 6438 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp, 0, ofun, 6439 if (!map_open_params_to_ntcreate(smb_fname_dst_tmp->base_name, 6440 0, ofun, 6439 6441 NULL, NULL, 6440 6442 &new_create_disposition, -
branches/samba-3.5.x/source3/smbd/statcache.c
r414 r732 146 146 * 147 147 * @param conn A connection struct to do the stat() with. 148 * @param posix_paths Whether to lookup using stat() or lstat() 148 149 * @param name The path we are attempting to cache, modified by this routine 149 150 * to be correct as far as the cache can tell us. We assume that … … 162 163 163 164 bool stat_cache_lookup(connection_struct *conn, 165 bool posix_paths, 164 166 char **pp_name, 165 167 char **pp_dirpath, … … 177 179 TALLOC_CTX *ctx = talloc_tos(); 178 180 struct smb_filename smb_fname; 181 int ret; 179 182 180 183 *pp_dirpath = NULL; … … 279 282 smb_fname.base_name = translated_path; 280 283 281 if (SMB_VFS_STAT(conn, &smb_fname) != 0) { 284 if (posix_paths) { 285 ret = SMB_VFS_LSTAT(conn, &smb_fname); 286 } else { 287 ret = SMB_VFS_STAT(conn, &smb_fname); 288 } 289 290 if (ret != 0) { 282 291 /* Discard this entry - it doesn't exist in the filesystem. */ 283 292 memcache_delete(smbd_memcache(), STAT_CACHE, -
branches/samba-3.5.x/source3/smbd/trans2.c
r599 r732 1082 1082 } 1083 1083 1084 if (!map_open_params_to_ntcreate(smb_fname, deny_mode, open_ofun, 1084 if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode, 1085 open_ofun, 1085 1086 &access_mask, &share_mode, 1086 1087 &create_disposition, … … 2246 2247 struct dptr_struct *dirptr = NULL; 2247 2248 struct smbd_server_connection *sconn = smbd_server_conn; 2249 uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP); 2248 2250 2249 2251 if (total_params < 13) { … … 2289 2291 goto out; 2290 2292 } 2293 ucf_flags |= UCF_UNIX_NAME_LOOKUP; 2291 2294 break; 2292 2295 default: … … 2306 2309 req->flags2 & FLAGS2_DFS_PATHNAMES, 2307 2310 directory, 2308 (UCF_SAVE_LCOMP | 2309 UCF_ALWAYS_ALLOW_WCARD_LCOMP), 2311 ucf_flags, 2310 2312 &mask_contains_wcard, 2311 2313 &smb_dname); … … 5102 5104 } else { 5103 5105 char *fname = NULL; 5106 uint32_t ucf_flags = 0; 5104 5107 5105 5108 /* qpathinfo */ … … 5113 5116 DEBUG(3,("call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = %d\n", info_level)); 5114 5117 5115 if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) { 5116 reply_nterror(req, NT_STATUS_INVALID_LEVEL); 5117 return; 5118 if (INFO_LEVEL_IS_UNIX(info_level)) { 5119 if (!lp_unix_extensions()) { 5120 reply_nterror(req, NT_STATUS_INVALID_LEVEL); 5121 return; 5122 } 5123 if (info_level == SMB_QUERY_FILE_UNIX_BASIC || 5124 info_level == SMB_QUERY_FILE_UNIX_INFO2 || 5125 info_level == SMB_QUERY_FILE_UNIX_LINK) { 5126 ucf_flags |= UCF_UNIX_NAME_LOOKUP; 5127 } 5118 5128 } 5119 5129 … … 5130 5140 req->flags2 & FLAGS2_DFS_PATHNAMES, 5131 5141 fname, 5132 0,5142 ucf_flags, 5133 5143 NULL, 5134 5144 &smb_fname);
Note:
See TracChangeset
for help on using the changeset viewer.
