diff options
-rw-r--r-- | source4/include/smb.h | 2 | ||||
-rw-r--r-- | source4/ntvfs/common/opendb.c | 12 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_open.c | 8 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_read.c | 9 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_write.c | 2 | ||||
-rw-r--r-- | source4/torture/basic/denytest.c | 22 |
6 files changed, 33 insertions, 22 deletions
diff --git a/source4/include/smb.h b/source4/include/smb.h index b36c2a8708..623316087c 100644 --- a/source4/include/smb.h +++ b/source4/include/smb.h @@ -503,7 +503,7 @@ typedef struct nt_user_token { #define FLAGS2_IS_LONG_NAME 0x0040 #define FLAGS2_EXTENDED_SECURITY 0x0800 #define FLAGS2_DFS_PATHNAMES 0x1000 -#define FLAGS2_READ_PERMIT_NO_EXECUTE 0x2000 +#define FLAGS2_READ_PERMIT_EXECUTE 0x2000 #define FLAGS2_32_BIT_ERROR_CODES 0x4000 #define FLAGS2_UNICODE_STRINGS 0x8000 diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c index dfb1177eae..5dc68e5382 100644 --- a/source4/ntvfs/common/opendb.c +++ b/source4/ntvfs/common/opendb.c @@ -154,20 +154,24 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2) /* if either open involves no read.write or delete access then it can't conflict */ - if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_DATA | + if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_APPEND | SA_RIGHT_FILE_READ_EXEC | STD_RIGHT_DELETE_ACCESS))) { return False; } - if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_DATA | + if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_APPEND | SA_RIGHT_FILE_READ_EXEC | STD_RIGHT_DELETE_ACCESS))) { return False; } /* check the basic share access */ - CHECK_MASK(e1->access_mask, e2->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE); - CHECK_MASK(e2->access_mask, e1->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE); + CHECK_MASK(e1->access_mask, e2->share_access, + SA_RIGHT_FILE_WRITE_APPEND, + NTCREATEX_SHARE_ACCESS_WRITE); + CHECK_MASK(e2->access_mask, e1->share_access, + SA_RIGHT_FILE_WRITE_APPEND, + NTCREATEX_SHARE_ACCESS_WRITE); CHECK_MASK(e1->access_mask, e2->share_access, SA_RIGHT_FILE_READ_EXEC, diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 346b1420e3..bfaa7bf5a1 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -290,9 +290,9 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs, } if ((access_mask & SA_RIGHT_FILE_READ_EXEC) && - (access_mask & SA_RIGHT_FILE_WRITE_DATA)) { + (access_mask & SA_RIGHT_FILE_WRITE_APPEND)) { flags = O_RDWR; - } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) { + } else if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) { flags = O_WRONLY; } else { flags = O_RDONLY; @@ -491,9 +491,9 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, } if ((access_mask & SA_RIGHT_FILE_READ_EXEC) && - (access_mask & SA_RIGHT_FILE_WRITE_DATA)) { + (access_mask & SA_RIGHT_FILE_WRITE_APPEND)) { flags |= O_RDWR; - } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) { + } else if (access_mask & SA_RIGHT_FILE_WRITE_APPEND) { flags |= O_WRONLY; } else { flags |= O_RDONLY; diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c index 734134368d..1f89f01a03 100644 --- a/source4/ntvfs/posix/pvfs_read.c +++ b/source4/ntvfs/posix/pvfs_read.c @@ -34,6 +34,7 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs, struct pvfs_file *f; NTSTATUS status; uint32_t maxcnt; + uint32_t mask; if (rd->generic.level != RAW_READ_READX) { return ntvfs_map_read(req, rd, ntvfs); @@ -48,8 +49,12 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs, return NT_STATUS_FILE_IS_A_DIRECTORY; } - if (!(f->access_mask & SA_RIGHT_FILE_READ_EXEC)) { - return NT_STATUS_ACCESS_VIOLATION; + mask = SA_RIGHT_FILE_READ_DATA; + if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) { + mask |= SA_RIGHT_FILE_EXECUTE; + } + if (!(f->access_mask & mask)) { + return NT_STATUS_ACCESS_DENIED; } maxcnt = rd->readx.in.maxcnt; diff --git a/source4/ntvfs/posix/pvfs_write.c b/source4/ntvfs/posix/pvfs_write.c index 235a21882a..018f43e6d0 100644 --- a/source4/ntvfs/posix/pvfs_write.c +++ b/source4/ntvfs/posix/pvfs_write.c @@ -48,7 +48,7 @@ NTSTATUS pvfs_write(struct ntvfs_module_context *ntvfs, return NT_STATUS_FILE_IS_A_DIRECTORY; } - if (!(f->access_mask & SA_RIGHT_FILE_WRITE_DATA)) { + if (!(f->access_mask & SA_RIGHT_FILE_WRITE_APPEND)) { return NT_STATUS_ACCESS_VIOLATION; } diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c index 32f44044cc..8dc6118b7d 100644 --- a/source4/torture/basic/denytest.c +++ b/source4/torture/basic/denytest.c @@ -1773,24 +1773,27 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c union smb_open io1, io2; extern int torture_numops; int failures = 0; + char buf[1]; - fname = talloc_asprintf(cli1, "\\ntdeny_%d.dat", client); + ZERO_STRUCT(buf); + + fname = talloc_asprintf(cli1, "\\ntdeny_%d.dll", client); smbcli_unlink(cli1->tree, fname); fnum1 = smbcli_open(cli1->tree, fname, O_RDWR|O_CREAT, DENY_NONE); - smbcli_write(cli1->tree, fnum1, 0, fname, 0, strlen(fname)); + smbcli_write(cli1->tree, fnum1, 0, buf, 0, sizeof(buf)); smbcli_close(cli1->tree, fnum1); GetTimeOfDay(&tv_start); io1.ntcreatex.level = RAW_OPEN_NTCREATEX; io1.ntcreatex.in.root_fid = 0; - io1.ntcreatex.in.flags = 0; - io1.ntcreatex.in.create_options = 0; - io1.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL; + io1.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED; + io1.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE; + io1.ntcreatex.in.file_attr = 0; io1.ntcreatex.in.alloc_size = 0; io1.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; - io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + io1.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_IMPERSONATION; io1.ntcreatex.in.security_flags = 0; io1.ntcreatex.in.fname = fname; io2 = io1; @@ -1814,7 +1817,7 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c io2.ntcreatex.in.share_access = map_bits(share_access_bits, b_sa2, nbits1); io2.ntcreatex.in.access_mask = map_bits(access_mask_bits, b_am2, nbits2); - + status1 = smb_raw_open(cli1->tree, mem_ctx, &io1); status2 = smb_raw_open(cli2->tree, mem_ctx, &io2); @@ -1823,14 +1826,13 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c } else if (!NT_STATUS_IS_OK(status2)) { res = A_0; } else { - char x = 1; res = A_0; if (smbcli_read(cli2->tree, - io2.ntcreatex.out.fnum, (void *)&x, 0, 1) == 1) { + io2.ntcreatex.out.fnum, (void *)buf, 0, sizeof(buf)) >= 1) { res += A_R; } if (smbcli_write(cli2->tree, - io2.ntcreatex.out.fnum, 0, (void *)&x, 0, 1) == 1) { + io2.ntcreatex.out.fnum, 0, (void *)buf, 0, sizeof(buf)) >= 1) { res += A_W; } } |