diff options
author | Uri Simchoni <uri@samba.org> | 2016-08-04 14:59:23 +0300 |
---|---|---|
committer | David Disseldorp <ddiss@samba.org> | 2016-08-18 18:58:22 +0200 |
commit | a6073e6130d39dac58f1e6ea9f41ec4ab34c3e29 (patch) | |
tree | cb0d75bf20c7dbbd58fa8546b656f2d556f38eab /source3/smbd/smb2_glue.c | |
parent | 626dcc9e493e2ac4fd502f75c7cb4d29f686f017 (diff) | |
download | samba-a6073e6130d39dac58f1e6ea9f41ec4ab34c3e29.tar.gz |
smbd: allow reading files based on FILE_EXECUTE access right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Aug 18 18:58:22 CEST 2016 on sn-devel-144
Diffstat (limited to 'source3/smbd/smb2_glue.c')
-rw-r--r-- | source3/smbd/smb2_glue.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/smbd/smb2_glue.c b/source3/smbd/smb2_glue.c index b41775d882b..0bb34be454f 100644 --- a/source3/smbd/smb2_glue.c +++ b/source3/smbd/smb2_glue.c @@ -48,6 +48,22 @@ struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req) FLAGS2_32_BIT_ERROR_CODES | FLAGS2_LONG_PATH_COMPONENTS | FLAGS2_IS_LONG_NAME; + + /* This is not documented in revision 49 of [MS-SMB2] but should be + * added in a later revision (and torture test smb2.read.access + * as well as smb2.ioctl_copy_chunk_bad_access against + * Server 2012R2 confirms this) + * + * If FILE_EXECUTE is granted to a handle then the SMB2 server + * acts as if FILE_READ_DATA has also been granted. We must still + * keep the original granted mask, because with ioctl requests, + * access checks are made on the file handle, "below" the SMB2 + * server, and the object store below the SMB layer is not aware + * of this arrangement (see smb2.ioctl.copy_chunk_bad_access + * torture test). + */ + smbreq->flags2 |= FLAGS2_READ_PERMIT_EXECUTE; + if (IVAL(inhdr, SMB2_HDR_FLAGS) & SMB2_HDR_FLAG_DFS) { smbreq->flags2 |= FLAGS2_DFS_PATHNAMES; } |