Attachment #7542 for bug #40921

View | Details | Raw Unified | Return to bug 40921
Collapse All | Expand All




				files_struct *fsp,
				const SMB_STRUCT_STAT *psbuf);

/****************************************************************************
 Check if an open file handle or pathname is a symlink.
****************************************************************************/

static NTSTATUS refuse_symlink(connection_struct *conn,
			const files_struct *fsp,
			const char *name)
{
	SMB_STRUCT_STAT sbuf;
	const SMB_STRUCT_STAT *pst = NULL;

	if (fsp) {
		pst = &fsp->fsp_name->st;
	} else {
		int ret = vfs_stat_smb_fname(conn,
				name,
				&sbuf);
		if (ret == -1) {
			return map_nt_error_from_unix(errno);
		}
		pst = &sbuf;
	}
	if (S_ISLNK(pst->st_ex_mode)) {
		return NT_STATUS_ACCESS_DENIED;
	}
	return NT_STATUS_OK;
}

/********************************************************************
 Roundup a value to the nearest allocation roundup size boundary.
 Only do this for Windows clients.
- 
POSIX file handle on a symlink.
--
source3/smbd/nttrans.c | 6 ++++++
1 file changed, 6 insertions(+)




		return NT_STATUS_ACCESS_DENIED;
	}

	if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
		DEBUG(10, ("ACL get on symlink %s denied.\n",
			fsp_str_dbg(fsp)));
		return NT_STATUS_ACCESS_DENIED;
	}

	if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
			SECINFO_GROUP|SECINFO_SACL)) {
		/* Don't return SECINFO_LABEL if anything else was
- 
POSIX file handle on a symlink.
--
source3/smbd/nttrans.c | 6 ++++++
1 file changed, 6 insertions(+)




		return NT_STATUS_OK;
	}

	if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
		DEBUG(10, ("ACL set on symlink %s denied.\n",
			fsp_str_dbg(fsp)));
		return NT_STATUS_ACCESS_DENIED;
	}

	if (psd->owner_sid == NULL) {
		security_info_sent &= ~SECINFO_OWNER;
	}
- 
symlink.
--
source3/smbd/trans2.c | 6 ++++++
1 file changed, 6 insertions(+)




	uint16 num_def_acls;
	bool valid_file_acls = True;
	bool valid_def_acls = True;
	NTSTATUS status;

	if (total_data < SMB_POSIX_ACL_HEADER_SIZE) {
		return NT_STATUS_INVALID_PARAMETER;

		return NT_STATUS_INVALID_PARAMETER;
	}

	status = refuse_symlink(conn, fsp, smb_fname->base_name);
	if (!NT_STATUS_IS_OK(status)) {
		return status;
	}

	DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n",
		smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp),
		(unsigned int)num_file_acls,
- 
symlink.
--
source3/smbd/trans2.c | 7 +++++++
1 file changed, 7 insertions(+)




				uint16 num_file_acls = 0;
				uint16 num_def_acls = 0;

				status = refuse_symlink(conn,
						fsp,
						smb_fname->base_name);
				if (!NT_STATUS_IS_OK(status)) {
					return status;
				}

				if (fsp && fsp->fh->fd != -1) {
					file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
				} else {
- 
removal of code duplication.
--
source3/smbd/trans2.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)




	size_t num_names;
	ssize_t sizeret = -1;

	if (pnames) {
		*pnames = NULL;
	}
	*pnum_names = 0;

	if (!lp_ea_support(SNUM(conn))) {
		if (pnames) {
			*pnames = NULL;
		}
		*pnum_names = 0;
		return NT_STATUS_OK;
	}



	if (sizeret == 0) {
		TALLOC_FREE(names);
		if (pnames) {
			*pnames = NULL;
		}
		*pnum_names = 0;
		return NT_STATUS_OK;
	}

- 
available on a symlink.
--
source3/smbd/trans2.c | 9 +++++++++
1 file changed, 9 insertions(+)




	char **names, **tmp;
	size_t num_names;
	ssize_t sizeret = -1;
	NTSTATUS status;

	if (pnames) {
		*pnames = NULL;

		return NT_STATUS_OK;
	}

	status = refuse_symlink(conn, fsp, fname);
	if (!NT_STATUS_IS_OK(status)) {
		/*
		 * Just return no EA's on a symlink.
		 */
		return NT_STATUS_OK;
	}

	/*
	 * TALLOC the result early to get the talloc hierarchy right.
	 */
- 
--
source3/smbd/trans2.c | 7 +++++++
1 file changed, 7 insertions(+)

(-)a/source3/smbd/trans2.c (-1 / +7 lines)

Lines 584-589 NTSTATUS set_ea(connection_struct conn, files_struct fsp,	Link Here

584

		const struct smb_filename *smb_fname, struct ea_list *ea_list)

584

		const struct smb_filename *smb_fname, struct ea_list *ea_list)

585

586

	char *fname = NULL;

586

	char *fname = NULL;

587

	NTSTATUS status;

587

588

	if (!lp_ea_support(SNUM(conn))) {

589

	if (!lp_ea_support(SNUM(conn))) {

589

		return NT_STATUS_EAS_NOT_SUPPORTED;

590

		return NT_STATUS_EAS_NOT_SUPPORTED;

Lines 593-598 NTSTATUS set_ea(connection_struct conn, files_struct fsp,	Link Here

593

		return NT_STATUS_ACCESS_DENIED;

594

		return NT_STATUS_ACCESS_DENIED;

594

595

596

597

	status = refuse_symlink(conn, fsp, smb_fname->base_name);

598

	if (!NT_STATUS_IS_OK(status)) {

599

		return status;

600

601

602

596

	/* For now setting EAs on streams isn't supported. */

603

	/* For now setting EAs on streams isn't supported. */

597

	fname = smb_fname->base_name;

604

	fname = smb_fname->base_name;

598

605

599

Return to bug 40921