diff options
author | Ralph Boehme <slow@samba.org> | 2017-01-23 16:19:06 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2017-01-23 22:46:13 +0100 |
commit | 326765923f1d384e5cd8b7fda048b459c67a4bf5 (patch) | |
tree | d87e34d0856448f15d9ec9128eba96ab9558fe42 | |
parent | a3781d1cfe7d5e7df20fc65a9a7653937f03808c (diff) | |
download | samba-326765923f1d384e5cd8b7fda048b459c67a4bf5.tar.gz |
s3/smbd: check for invalid access_mask smbd_calculate_access_mask()
This makes us pass "base.createx_access".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12536
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | selftest/knownfail | 1 | ||||
-rw-r--r-- | source3/smbd/open.c | 6 |
2 files changed, 6 insertions, 1 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index aa27eeac8c5..d96e238796c 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -39,7 +39,6 @@ ^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_group\(nt4_dc\) ^samba3.base.delete.deltest16a ^samba3.base.delete.deltest17a -^samba3.base.createx_access.createx_access\(ad_dc\) ^samba3.unix.whoami anonymous connection.whoami\(ad_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token ^samba3.unix.whoami anonymous connection.whoami\(ad_member\) # smbd maps anonymous logins to domain guest in the local domain, not SID_NT_ANONYMOUS # these show that we still have some differences between our system diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 404a259b57f..931d76df44f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2275,6 +2275,12 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn, uint32_t orig_access_mask = access_mask; uint32_t rejected_share_access; + if (access_mask & SEC_MASK_INVALID) { + DBG_DEBUG("access_mask [%8x] contains invalid bits\n", + access_mask); + return NT_STATUS_ACCESS_DENIED; + } + /* * Convert GENERIC bits to specific bits. */ |