s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS - samba

diff options

author	Stefan Metzmacher <metze@samba.org>	2014-08-20 13:58:38 +0200
committer	Karolin Seeger <kseeger@samba.org>	2014-09-01 21:34:11 +0200
commit	83c039ce721d38e6aa6b4b3e51b1fdbfecce2615 (patch)
tree	4227aef1e7ba9c6612a5efec5cde08a17b85fef7 /libcli
parent	f5d7b2d5c7795cbcf07e483a7f880073765e3ede (diff)
download	samba-83c039ce721d38e6aa6b4b3e51b1fdbfecce2615.tar.gz

s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS

Sometimes Windows clients doesn't filter SECINFO_[UN]PROTECTED_[D|S]ACL flags before sending the security_information to the server. security_information = SECINFO_PROTECTED_DACL| SECINFO_DACL results in a NULL dacl being returned from an GetSecurityDecriptor request. This happens because posix_get_nt_acl_common() has the following logic: if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) { ... create DACL ... } I'm not sure if the logic is correct or wrong in this place (I guess it's wrong...). But what I know is that the SMB server should filter the given security_information flags before passing to the filesystem. [MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY ... The server MUST ignore any flag value in the AdditionalInformation field that is not specified in section 2.2.37. Section 2.2.37 lists: OWNER_SECURITY_INFORMATION GROUP_SECURITY_INFORMATION DACL_SECURITY_INFORMATION SACL_SECURITY_INFORMATION LABEL_SECURITY_INFORMATION ATTRIBUTE_SECURITY_INFORMATION SCOPE_SECURITY_INFORMATION BACKUP_SECURITY_INFORMATION Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>

Diffstat (limited to 'libcli')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: