summaryrefslogtreecommitdiff
path: root/source3/smbd/smb2_flush.c
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2018-05-10 10:26:52 -0700
committerJeremy Allison <jra@samba.org>2018-05-17 23:41:10 +0200
commit42aadf42f27053e621f2a6b72448afebb3f5082a (patch)
tree46c7b3c9dfff22e24d4df2a54e6986a48e5b475d /source3/smbd/smb2_flush.c
parent48f72803f0e4a797af64bbb2417feb7179b1bcfb (diff)
downloadsamba-42aadf42f27053e621f2a6b72448afebb3f5082a.tar.gz
s3: smbd: Fix SMB2-FLUSH against directories.
Directories opened with either FILE_ADD_FILE or FILE_ADD_SUBDIRECTORY can be flushed even if they're not writable in the conventional sense. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'source3/smbd/smb2_flush.c')
-rw-r--r--source3/smbd/smb2_flush.c26
1 files changed, 24 insertions, 2 deletions
diff --git a/source3/smbd/smb2_flush.c b/source3/smbd/smb2_flush.c
index f7d9e964319..470a8df4944 100644
--- a/source3/smbd/smb2_flush.c
+++ b/source3/smbd/smb2_flush.c
@@ -23,6 +23,7 @@
#include "smbd/globals.h"
#include "../libcli/smb/smb_common.h"
#include "../lib/util/tevent_ntstatus.h"
+#include "libcli/security/security.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SMB2
@@ -147,8 +148,29 @@ static struct tevent_req *smbd_smb2_flush_send(TALLOC_CTX *mem_ctx,
}
if (!CHECK_WRITE(fsp)) {
- tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
- return tevent_req_post(req, ev);
+ bool allow_dir_flush = false;
+ uint32_t flush_access = FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY;
+
+ if (!fsp->is_directory) {
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * Directories are not writable in the conventional
+ * sense, but if opened with *either*
+ * FILE_ADD_FILE or FILE_ADD_SUBDIRECTORY
+ * they can be flushed.
+ */
+
+ if ((fsp->access_mask & flush_access) != 0) {
+ allow_dir_flush = true;
+ }
+
+ if (allow_dir_flush == false) {
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
}
if (fsp->fh->fd == -1) {