diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-11-18 11:45:24 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:46:26 -0500 |
commit | d5f37ecf94e2b63511102b3fd34c0e7bcd8d7879 (patch) | |
tree | 3f3e475cf6caf96b67b4acf126af8a119546f656 | |
parent | 70a01587b918718ddcbc11d4a7412c53211f04b8 (diff) | |
download | samba-d5f37ecf94e2b63511102b3fd34c0e7bcd8d7879.tar.gz samba-d5f37ecf94e2b63511102b3fd34c0e7bcd8d7879.tar.bz2 samba-d5f37ecf94e2b63511102b3fd34c0e7bcd8d7879.zip |
r11780: it turns out that the MxAc tag isn't a security descriptor, its a
request that the server return its own MxAc blob which contains the
maximum allowed access_mask for the returned file handle
(This used to be commit c0288aa8cd46ca384074f89430c226d725c39475)
-rw-r--r-- | source4/libcli/smb2/create.c | 27 | ||||
-rw-r--r-- | source4/libcli/smb2/request.c | 2 | ||||
-rw-r--r-- | source4/libcli/smb2/smb2_calls.h | 4 | ||||
-rw-r--r-- | source4/torture/smb2/util.c | 14 |
4 files changed, 13 insertions, 34 deletions
diff --git a/source4/libcli/smb2/create.c b/source4/libcli/smb2/create.c index 647b408c68..564eba7f46 100644 --- a/source4/libcli/smb2/create.c +++ b/source4/libcli/smb2/create.c @@ -25,8 +25,8 @@ #include "libcli/smb2/smb2.h" #include "libcli/smb2/smb2_calls.h" -#define CREATE_TAG_EA 0x41747845 /* "ExtA" */ -#define CREATE_TAG_SD 0x6341784D /* "MxAc" */ +#define CREATE_TAG_EXTA 0x41747845 /* "ExtA" */ +#define CREATE_TAG_MXAC 0x6341784D /* "MxAc" */ /* add a blob to a smb2_create attribute blob @@ -37,13 +37,14 @@ static NTSTATUS smb2_create_blob_add(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, { NTSTATUS status; uint32_t ofs = blob->length; - status = data_blob_realloc(mem_ctx, blob, blob->length + 0x18 + add.length); + uint8_t pad = smb2_padding_size(add.length, 8); + status = data_blob_realloc(mem_ctx, blob, blob->length + 0x18 + add.length + pad); NT_STATUS_NOT_OK_RETURN(status); if (last) { SIVAL(blob->data, ofs+0x00, 0); } else { - SIVAL(blob->data, ofs+0x00, 0x18 + add.length); + SIVAL(blob->data, ofs+0x00, 0x18 + add.length + pad); } SSVAL(blob->data, ofs+0x04, 0x10); /* offset of tag */ SIVAL(blob->data, ofs+0x06, 0x04); /* tag length */ @@ -52,6 +53,7 @@ static NTSTATUS smb2_create_blob_add(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, SIVAL(blob->data, ofs+0x10, tag); SIVAL(blob->data, ofs+0x14, 0); /* pad? */ memcpy(blob->data+ofs+0x18, add.data, add.length); + memset(blob->data+ofs+0x18+add.length, 0, pad); return NT_STATUS_OK; } @@ -90,7 +92,7 @@ struct smb2_request *smb2_create_send(struct smb2_tree *tree, struct smb2_create DATA_BLOB b = data_blob_talloc(req, NULL, ea_list_size_chained(io->in.eas.num_eas, io->in.eas.eas)); ea_put_list_chained(b.data, io->in.eas.num_eas, io->in.eas.eas); - status = smb2_create_blob_add(req, &blob, CREATE_TAG_EA, b, False); + status = smb2_create_blob_add(req, &blob, CREATE_TAG_EXTA, b, False); if (!NT_STATUS_IS_OK(status)) { talloc_free(req); return NULL; @@ -98,18 +100,9 @@ struct smb2_request *smb2_create_send(struct smb2_tree *tree, struct smb2_create data_blob_free(&b); } - if (io->in.sd != NULL) { - DATA_BLOB b; - status = ndr_push_struct_blob(&b, req, io->in.sd, - (ndr_push_flags_fn_t)ndr_push_security_descriptor); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(req); - return NULL; - } - status = smb2_create_blob_add(req, &blob, CREATE_TAG_SD, b, True); - } else { - status = smb2_create_blob_add(req, &blob, CREATE_TAG_SD, data_blob(NULL, 0), True); - } + /* an empty MxAc tag seems to be used to ask the server to + return the maximum access mask allowed on the file */ + status = smb2_create_blob_add(req, &blob, CREATE_TAG_MXAC, data_blob(NULL, 0), True); if (!NT_STATUS_IS_OK(status)) { talloc_free(req); diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c index 3f09c9aeec..03c0ed4350 100644 --- a/source4/libcli/smb2/request.c +++ b/source4/libcli/smb2/request.c @@ -181,7 +181,7 @@ BOOL smb2_oob(struct smb2_request_buffer *buf, const uint8_t *ptr, uint_t size) return False; } -static size_t smb2_padding_size(uint32_t offset, size_t n) +size_t smb2_padding_size(uint32_t offset, size_t n) { if ((offset & (n-1)) == 0) return 0; return n - (offset & (n-1)); diff --git a/source4/libcli/smb2/smb2_calls.h b/source4/libcli/smb2/smb2_calls.h index 53f7a45d88..1c41d4cd66 100644 --- a/source4/libcli/smb2/smb2_calls.h +++ b/source4/libcli/smb2/smb2_calls.h @@ -130,10 +130,8 @@ struct smb2_create { /* dynamic body */ const char *fname; - /* optional list of extended attributes and security - descriptor */ + /* optional list of extended attributes */ struct smb_ea_list eas; - struct security_descriptor *sd; } in; struct { diff --git a/source4/torture/smb2/util.c b/source4/torture/smb2/util.c index 7afce0137f..b39f53d8e1 100644 --- a/source4/torture/smb2/util.c +++ b/source4/torture/smb2/util.c @@ -103,7 +103,7 @@ static NTSTATUS smb2_create_complex(struct smb2_tree *tree, const char *fname, smb2_util_unlink(tree, fname); ZERO_STRUCT(io); - io.in.access_mask = SEC_RIGHTS_FILE_ALL; + io.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; io.in.file_attr = FILE_ATTRIBUTE_NORMAL; io.in.open_disposition = NTCREATEX_DISP_OVERWRITE_IF; io.in.share_access = @@ -119,18 +119,6 @@ static NTSTATUS smb2_create_complex(struct smb2_tree *tree, const char *fname, io.in.open_disposition = NTCREATEX_DISP_CREATE; } - io.in.sd = security_descriptor_create(tmp_ctx, - NULL, NULL, - SID_NT_AUTHENTICATED_USERS, - SEC_ACE_TYPE_ACCESS_ALLOWED, - SEC_RIGHTS_FILE_ALL | SEC_STD_ALL, - 0, - SID_WORLD, - SEC_ACE_TYPE_ACCESS_ALLOWED, - SEC_RIGHTS_FILE_READ | SEC_STD_ALL, - 0, - NULL); - if (strchr(fname, ':') == NULL) { /* setup some EAs */ io.in.eas.num_eas = 2; |