diff options
-rw-r--r-- | source4/libcli/clireadwrite.c | 1 | ||||
-rw-r--r-- | source4/libcli/raw/interfaces.h | 1 | ||||
-rw-r--r-- | source4/libcli/raw/rawreadwrite.c | 3 | ||||
-rw-r--r-- | source4/libcli/smb_composite/loadfile.c | 1 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_smb.c | 1 | ||||
-rw-r--r-- | source4/ntvfs/ntvfs_generic.c | 1 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_read.c | 2 | ||||
-rw-r--r-- | source4/smb_server/smb/reply.c | 5 | ||||
-rw-r--r-- | source4/torture/basic/denytest.c | 30 | ||||
-rw-r--r-- | source4/torture/gentest.c | 1 | ||||
-rw-r--r-- | source4/torture/nbench/nbio.c | 1 | ||||
-rw-r--r-- | source4/torture/raw/read.c | 2 |
12 files changed, 40 insertions, 9 deletions
diff --git a/source4/libcli/clireadwrite.c b/source4/libcli/clireadwrite.c index afffba968a..03d1864a5d 100644 --- a/source4/libcli/clireadwrite.c +++ b/source4/libcli/clireadwrite.c @@ -56,6 +56,7 @@ ssize_t smbcli_read(struct smbcli_tree *tree, int fnum, void *_buf, off_t offset parms.readx.in.mincnt = readsize; parms.readx.in.maxcnt = readsize; parms.readx.in.remaining = size - total; + parms.readx.in.read_for_execute = False; parms.readx.out.data = buf + total; status = smb_raw_read(tree, &parms); diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h index e476a00b68..086686b9e9 100644 --- a/source4/libcli/raw/interfaces.h +++ b/source4/libcli/raw/interfaces.h @@ -1352,6 +1352,7 @@ union smb_read { uint16_t mincnt; uint32_t maxcnt; uint16_t remaining; + BOOL read_for_execute; } in; struct { uint8_t *data; diff --git a/source4/libcli/raw/rawreadwrite.c b/source4/libcli/raw/rawreadwrite.c index 00dc71971e..c4e2ab2498 100644 --- a/source4/libcli/raw/rawreadwrite.c +++ b/source4/libcli/raw/rawreadwrite.c @@ -84,6 +84,9 @@ struct smbcli_request *smb_raw_read_send(struct smbcli_tree *tree, union smb_rea if (bigoffset) { SIVAL(req->out.vwv, VWV(10),parms->readx.in.offset>>32); } + if (parms->readx.in.read_for_execute) { + req->flags2 |= FLAGS2_READ_PERMIT_EXECUTE; + } break; } diff --git a/source4/libcli/smb_composite/loadfile.c b/source4/libcli/smb_composite/loadfile.c index 9a593c0726..db074bfd2b 100644 --- a/source4/libcli/smb_composite/loadfile.c +++ b/source4/libcli/smb_composite/loadfile.c @@ -106,6 +106,7 @@ static NTSTATUS loadfile_open(struct composite_context *c, state->io_read->readx.in.mincnt = MIN(32768, io->out.size); state->io_read->readx.in.maxcnt = state->io_read->readx.in.mincnt; state->io_read->readx.in.remaining = 0; + state->io_read->readx.in.read_for_execute = False; state->io_read->readx.out.data = io->out.data; state->req = smb_raw_read_send(tree, state->io_read); diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c index cf82f1daed..bac91ef134 100644 --- a/source4/librpc/rpc/dcerpc_smb.c +++ b/source4/librpc/rpc/dcerpc_smb.c @@ -157,6 +157,7 @@ static NTSTATUS send_read_request_continue(struct dcerpc_connection *c, DATA_BLO io->readx.in.maxcnt = io->readx.in.mincnt; io->readx.in.offset = 0; io->readx.in.remaining = 0; + io->readx.in.read_for_execute = False; io->readx.out.data = state->data.data + state->received; req = smb_raw_read_send(smb->tree, io); if (req == NULL) { diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c index e373c7a28e..e4bc963882 100644 --- a/source4/ntvfs/ntvfs_generic.c +++ b/source4/ntvfs/ntvfs_generic.c @@ -1158,6 +1158,7 @@ _PUBLIC_ NTSTATUS ntvfs_map_read(struct ntvfs_module_context *ntvfs, } rd2->readx.level = RAW_READ_READX; + rd2->readx.in.read_for_execute = False; switch (rd->generic.level) { case RAW_READ_READX: diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c index 15c9111d61..a6b7cf6dd0 100644 --- a/source4/ntvfs/posix/pvfs_read.c +++ b/source4/ntvfs/posix/pvfs_read.c @@ -51,7 +51,7 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs, } mask = SEC_FILE_READ_DATA; - if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) { + if (rd->readx.in.read_for_execute) { mask |= SEC_FILE_EXECUTE; } if (!(f->access_mask & mask)) { diff --git a/source4/smb_server/smb/reply.c b/source4/smb_server/smb/reply.c index d4c98ab416..8b6dedb81a 100644 --- a/source4/smb_server/smb/reply.c +++ b/source4/smb_server/smb/reply.c @@ -900,6 +900,11 @@ void smbsrv_reply_read_and_X(struct smbsrv_request *req) io->readx.in.maxcnt = SVAL(req->in.vwv, VWV(5)); io->readx.in.mincnt = SVAL(req->in.vwv, VWV(6)); io->readx.in.remaining = SVAL(req->in.vwv, VWV(9)); + if (req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) { + io->readx.in.read_for_execute = True; + } else { + io->readx.in.read_for_execute = False; + } if (req->smb_conn->negotiate.client_caps & CAP_LARGE_READX) { uint32_t high_part = IVAL(req->in.vwv, VWV(7)); diff --git a/source4/torture/basic/denytest.c b/source4/torture/basic/denytest.c index 646714a4e9..5715238fca 100644 --- a/source4/torture/basic/denytest.c +++ b/source4/torture/basic/denytest.c @@ -1693,7 +1693,7 @@ static const char *bit_string(TALLOC_CTX *mem_ctx, const struct bit_value *bv, i determine if two opens conflict */ static NTSTATUS predict_share_conflict(uint32_t sa1, uint32_t am1, uint32_t sa2, uint32_t am2, - uint16_t flags2, enum deny_result *res) + BOOL read_for_execute, enum deny_result *res) { #define CHECK_MASK(am, sa, right, share) do { \ if (((am) & (right)) && !((sa) & (share))) { \ @@ -1707,8 +1707,7 @@ static NTSTATUS predict_share_conflict(uint32_t sa1, uint32_t am1, uint32_t sa2, } if (am2 & SEC_FILE_READ_DATA) { *res += A_R; - } else if ((am2 & SEC_FILE_EXECUTE) && - (flags2 & FLAGS2_READ_PERMIT_EXECUTE)) { + } else if ((am2 & SEC_FILE_EXECUTE) && read_for_execute) { *res += A_R; } @@ -1822,6 +1821,7 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c int b_am1 = random() & ((1<<nbits2)-1); int b_sa2 = random() & ((1<<nbits1)-1); int b_am2 = random() & ((1<<nbits2)-1); + BOOL read_for_execute; progress_bar(i, torture_numops); @@ -1835,9 +1835,9 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c status2 = smb_raw_open(cli2->tree, mem_ctx, &io2); if (random() % 2 == 0) { - cli2->tree->session->flags2 |= FLAGS2_READ_PERMIT_EXECUTE; + read_for_execute = True; } else { - cli2->tree->session->flags2 &= ~FLAGS2_READ_PERMIT_EXECUTE; + read_for_execute = False; } if (!NT_STATUS_IS_OK(status1)) { @@ -1845,9 +1845,23 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c } else if (!NT_STATUS_IS_OK(status2)) { res = A_0; } else { + union smb_read r; + NTSTATUS status; + + /* we can't use smbcli_read() as we need to + set read_for_execute */ + r.readx.level = RAW_READ_READX; + r.readx.file.fnum = io2.ntcreatex.file.fnum; + r.readx.in.offset = 0; + r.readx.in.mincnt = sizeof(buf); + r.readx.in.maxcnt = sizeof(buf); + r.readx.in.remaining = 0; + r.readx.in.read_for_execute = read_for_execute; + r.readx.out.data = buf; + res = A_0; - if (smbcli_read(cli2->tree, - io2.ntcreatex.file.fnum, buf, 0, sizeof(buf)) >= 1) { + status = smb_raw_read(cli2->tree, &r); + if (NT_STATUS_IS_OK(status)) { res += A_R; } if (smbcli_write(cli2->tree, @@ -1867,7 +1881,7 @@ static BOOL torture_ntdenytest(struct smbcli_state *cli1, struct smbcli_state *c io1.ntcreatex.in.access_mask, io2.ntcreatex.in.share_access, io2.ntcreatex.in.access_mask, - cli2->tree->session->flags2, + read_for_execute, &res2); GetTimeOfDay(&tv); diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index 9a268c57b5..79ce27e2df 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -1351,6 +1351,7 @@ static BOOL handler_readx(int instance) parm[0].readx.in.mincnt = gen_io_count(); parm[0].readx.in.maxcnt = gen_io_count(); parm[0].readx.in.remaining = gen_io_count(); + parm[0].readx.in.read_for_execute = gen_bool(); parm[0].readx.out.data = talloc_size(current_op.mem_ctx, MAX(parm[0].readx.in.mincnt, parm[0].readx.in.maxcnt)); diff --git a/source4/torture/nbench/nbio.c b/source4/torture/nbench/nbio.c index c5cebdc8d2..76728eb7b5 100644 --- a/source4/torture/nbench/nbio.c +++ b/source4/torture/nbench/nbio.c @@ -437,6 +437,7 @@ void nb_readx(int handle, int offset, int size, int ret_size, NTSTATUS status) io.readx.in.mincnt = size; io.readx.in.maxcnt = size; io.readx.in.remaining = 0; + io.readx.in.read_for_execute = False; io.readx.out.data = buf; ret = smb_raw_read(c->tree, &io); diff --git a/source4/torture/raw/read.c b/source4/torture/raw/read.c index 2e5a06df63..d41f0a025d 100644 --- a/source4/torture/raw/read.c +++ b/source4/torture/raw/read.c @@ -382,6 +382,7 @@ static BOOL test_readx(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) io.readx.in.maxcnt = 1; io.readx.in.offset = 0; io.readx.in.remaining = 0; + io.readx.in.read_for_execute = False; io.readx.out.data = buf; status = smb_raw_read(cli->tree, &io); @@ -411,6 +412,7 @@ static BOOL test_readx(struct smbcli_state *cli, TALLOC_CTX *mem_ctx) io.readx.file.fnum = fnum; io.readx.in.offset = 0; io.readx.in.remaining = 0; + io.readx.in.read_for_execute = False; io.readx.in.mincnt = strlen(test_data); io.readx.in.maxcnt = strlen(test_data); status = smb_raw_read(cli->tree, &io); |