s3: smbd: SMB1 UNIX extensions - Ensure POSIX mknod is root-only.

Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
author: Jeremy Allison <jra@samba.org> 2019-10-15 13:25:14 -0700
committer: Jeremy Allison <jra@samba.org> 2019-11-06 18:08:40 +0000
commit: 4ca0fcb2d4eec29fc75a285947a77974a0555bea (patch)
tree: 671f5cc8e1dcb196c7c9935436f57466154e0cf1
parent: 35bb734d638e273f2fd1a19220db5f200d3e7489 (diff)
download: samba-4ca0fcb2d4eec29fc75a285947a77974a0555bea.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index bc4b3934c83..767253d283b 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -8028,11 +8028,18 @@ static NTSTATUS smb_unix_mknod(connection_struct *conn,
 #endif
 #if defined(S_IFCHR)
 		case UNIX_TYPE_CHARDEV:
+			/* This is only allowed for root. */
+			if (get_current_uid(conn) != sec_initial_uid()) {
+				return NT_STATUS_ACCESS_DENIED;
+			}
 			unixmode |= S_IFCHR;
 			break;
 #endif
 #if defined(S_IFBLK)
 		case UNIX_TYPE_BLKDEV:
+			if (get_current_uid(conn) != sec_initial_uid()) {
+				return NT_STATUS_ACCESS_DENIED;
+			}
 			unixmode |= S_IFBLK;
 			break;
 #endif
author	Jeremy Allison <jra@samba.org>	2019-10-15 13:25:14 -0700
committer	Jeremy Allison <jra@samba.org>	2019-11-06 18:08:40 +0000
commit	4ca0fcb2d4eec29fc75a285947a77974a0555bea (patch)
tree	671f5cc8e1dcb196c7c9935436f57466154e0cf1
parent	35bb734d638e273f2fd1a19220db5f200d3e7489 (diff)
download	samba-4ca0fcb2d4eec29fc75a285947a77974a0555bea.tar.gz