From d6e10f00666b9baa17927067e58361ab39901fa1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 16 Jan 2013 12:51:32 -0800 Subject: [PATCH] Move handle checking code to copychunk_check_handles(). Planning to add extra checks to ensure we don't attempt copychunk on printer or IPC$ handles. Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp --- source3/smbd/smb2_ioctl_network_fs.c | 58 +++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c index 76625ab5104..a59a83b5708 100644 --- a/source3/smbd/smb2_ioctl_network_fs.c +++ b/source3/smbd/smb2_ioctl_network_fs.c @@ -171,6 +171,38 @@ struct fsctl_srv_copychunk_state { }; static void fsctl_srv_copychunk_vfs_done(struct tevent_req *subreq); +static NTSTATUS copychunk_check_handles(struct files_struct *src_fsp, + struct files_struct *dst_fsp, + struct smb_request *smb1req) +{ + /* + * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request + * If Open.GrantedAccess of the destination file does not + * include FILE_WRITE_DATA, then the request MUST be failed with + * STATUS_ACCESS_DENIED. If Open.GrantedAccess of the + * destination file does not include FILE_READ_DATA access and + * the CtlCode is FSCTL_SRV_COPYCHUNK, then the request MUST be + * failed with STATUS_ACCESS_DENIED. + */ + if (!CHECK_WRITE(dst_fsp)) { + DEBUG(5, ("copy chunk no write on dest handle (%s).\n", + smb_fname_str_dbg(dst_fsp->fsp_name) )); + return NT_STATUS_ACCESS_DENIED; + } + if (!CHECK_READ(dst_fsp, smb1req)) { + DEBUG(5, ("copy chunk no read on dest handle (%s).\n", + smb_fname_str_dbg(dst_fsp->fsp_name) )); + return NT_STATUS_ACCESS_DENIED; + } + if (!CHECK_READ(src_fsp, smb1req)) { + DEBUG(5, ("copy chunk no read on src handle (%s).\n", + smb_fname_str_dbg(src_fsp->fsp_name) )); + return NT_STATUS_ACCESS_DENIED; + } + + return NT_STATUS_OK; +} + static struct tevent_req *fsctl_srv_copychunk_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct files_struct *dst_fsp, @@ -224,27 +256,11 @@ static struct tevent_req *fsctl_srv_copychunk_send(TALLOC_CTX *mem_ctx, } state->dst_fsp = dst_fsp; - /* - * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request - * If Open.GrantedAccess of the destination file does not - * include FILE_WRITE_DATA, then the request MUST be failed with - * STATUS_ACCESS_DENIED. If Open.GrantedAccess of the - * destination file does not include FILE_READ_DATA access and - * the CtlCode is FSCTL_SRV_COPYCHUNK, then the request MUST be - * failed with STATUS_ACCESS_DENIED. - */ - if (!CHECK_WRITE(state->dst_fsp)) { - state->status = NT_STATUS_ACCESS_DENIED; - tevent_req_nterror(req, state->status); - return tevent_req_post(req, ev); - } - if (!CHECK_READ(state->dst_fsp, smb2req->smb1req)) { - state->status = NT_STATUS_ACCESS_DENIED; - tevent_req_nterror(req, state->status); - return tevent_req_post(req, ev); - } - if (!CHECK_READ(state->src_fsp, smb2req->smb1req)) { - state->status = NT_STATUS_ACCESS_DENIED; + + state->status = copychunk_check_handles(state->src_fsp, + state->dst_fsp, + smb2req->smb1req); + if (!NT_STATUS_IS_OK(state->status)) { tevent_req_nterror(req, state->status); return tevent_req_post(req, ev); } -- 2.11.4.GIT