diff options
author | Jeremy Allison <jra@samba.org> | 2018-05-10 10:26:52 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-06-19 13:45:09 +0200 |
commit | a743be8440b05d8dd11170777965aac0fd06b062 (patch) | |
tree | edf00881b856229978b811ce021f072ea5a1c075 /source3 | |
parent | d3c2cc28545b052754a2b77a5df0a7dc86e90766 (diff) | |
download | samba-a743be8440b05d8dd11170777965aac0fd06b062.tar.gz |
s3: smbd: Fix SMB2-FLUSH against directories.
Directories opened with either FILE_ADD_FILE or
FILE_ADD_SUBDIRECTORY can be flushed even if
they're not writable in the conventional sense.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 42aadf42f27053e621f2a6b72448afebb3f5082a)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/smb2_flush.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/source3/smbd/smb2_flush.c b/source3/smbd/smb2_flush.c index d1ab3a09839..ef9b7fddcf9 100644 --- a/source3/smbd/smb2_flush.c +++ b/source3/smbd/smb2_flush.c @@ -23,6 +23,7 @@ #include "smbd/globals.h" #include "../libcli/smb/smb_common.h" #include "../lib/util/tevent_ntstatus.h" +#include "libcli/security/security.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_SMB2 @@ -147,8 +148,29 @@ static struct tevent_req *smbd_smb2_flush_send(TALLOC_CTX *mem_ctx, } if (!CHECK_WRITE(fsp)) { - tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); - return tevent_req_post(req, ev); + bool allow_dir_flush = false; + uint32_t flush_access = FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY; + + if (!fsp->is_directory) { + tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); + return tevent_req_post(req, ev); + } + + /* + * Directories are not writable in the conventional + * sense, but if opened with *either* + * FILE_ADD_FILE or FILE_ADD_SUBDIRECTORY + * they can be flushed. + */ + + if ((fsp->access_mask & flush_access) != 0) { + allow_dir_flush = true; + } + + if (allow_dir_flush == false) { + tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED); + return tevent_req_post(req, ev); + } } if (fsp->fh->fd == -1) { |