diff options
Diffstat (limited to 'source3/include/smb_macros.h')
-rw-r--r-- | source3/include/smb_macros.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index de39bf616e1..f1191ac011e 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -56,6 +56,22 @@ ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) && \ (fsp->access_mask & FILE_EXECUTE)))) +/* + * This is not documented in revision 49 of [MS-SMB2] but should be added in a + * later revision (and torture test smb2.read.access as well as + * smb2.ioctl_copy_chunk_bad_access against Server 2012R2 confirms this) + * + * If FILE_EXECUTE is granted to a handle then the SMB2 server acts as if + * FILE_READ_DATA has also been granted. We must still keep the original granted + * mask, because with ioctl requests, access checks are made on the file handle, + * "below" the SMB2 server, and the object store below the SMB layer is not + * aware of this arrangement (see smb2.ioctl.copy_chunk_bad_access torture + * test). + */ +#define CHECK_READ_SMB2(fsp) \ + (((fsp)->fh->fd != -1) && \ + ((fsp)->can_read || (fsp->access_mask & FILE_EXECUTE))) + /* An IOCTL readability check (validating read access * when the IOCTL code requires it) * http://social.technet.microsoft.com/wiki/contents/articles/24653.decoding-io-control-codes-ioctl-fsctl-and-deviceiocodes-with-table-of-known-values.aspx |