From 5f6546ecbbe946f2275e07d87351968105c176a1 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Sun, 9 Mar 2008 15:21:39 +0000 Subject: [PATCH] windows-afs-execute-only-20080309 LICENSE MIT If we want to enforce the open for read flag in smb_ReadData we must also check for execute access. We map execute access to read access because AFS doesn't have a separate permission for that. --- src/WINNT/afsd/cm_vnodeops.c | 2 +- src/WINNT/afsd/cm_vnodeops.h | 1 + src/WINNT/afsd/smb.c | 12 ++++++++---- src/WINNT/afsd/smb3.c | 10 ++++++---- 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/src/WINNT/afsd/cm_vnodeops.c b/src/WINNT/afsd/cm_vnodeops.c index 329e20b36..76aa2d6d3 100644 --- a/src/WINNT/afsd/cm_vnodeops.c +++ b/src/WINNT/afsd/cm_vnodeops.c @@ -346,7 +346,7 @@ long cm_CheckNTOpen(cm_scache_t *scp, unsigned int desiredAccess, rights = 0; - if (desiredAccess & AFS_ACCESS_READ) + if (desiredAccess & (AFS_ACCESS_READ|AFS_ACCESS_EXECUTE)) rights |= (scp->fileType == CM_SCACHETYPE_DIRECTORY ? PRSFS_LOOKUP : PRSFS_READ); /* We used to require PRSFS_WRITE if createDisp was 4 diff --git a/src/WINNT/afsd/cm_vnodeops.h b/src/WINNT/afsd/cm_vnodeops.h index 91b616dc9..61105a505 100644 --- a/src/WINNT/afsd/cm_vnodeops.h +++ b/src/WINNT/afsd/cm_vnodeops.h @@ -170,6 +170,7 @@ extern long cm_CheckOpen(cm_scache_t *scp, int openMode, int trunc, #define AFS_ACCESS_READ (FILE_GENERIC_READ & ~SYNCHRONIZE) #define AFS_ACCESS_WRITE ((FILE_GENERIC_WRITE & ~(READ_CONTROL | SYNCHRONIZE)) \ & ~FILE_WRITE_ATTRIBUTES) +#define AFS_ACCESS_EXECUTE (FILE_GENERIC_EXECUTE & ~SYNCHRONIZE) typedef struct cm_lock_data { cm_key_t key; diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c index 66c8389b9..94ef2581a 100644 --- a/src/WINNT/afsd/smb.c +++ b/src/WINNT/afsd/smb.c @@ -2858,6 +2858,7 @@ long smb_ReceiveCoreReadRaw(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp unsigned short fd; unsigned pid; smb_fid_t *fidp; + smb_t *smbp = (smb_t*) inp; long code = 0; cm_user_t *userp = NULL; NCB *ncbp; @@ -2908,7 +2909,7 @@ long smb_ReceiveCoreReadRaw(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp } - pid = ((smb_t *) inp)->pid; + pid = smbp->pid; { LARGE_INTEGER LOffset, LLength; cm_key_t key; @@ -6473,6 +6474,7 @@ long smb_ReceiveCoreWrite(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) long written = 0, total_written = 0; unsigned pid; smb_fid_t *fidp; + smb_t* smbp = (smb_t*) inp; long code = 0; cm_user_t *userp; cm_attr_t truncAttr; /* attribute struct used for truncating file */ @@ -6520,7 +6522,7 @@ long smb_ReceiveCoreWrite(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) LARGE_INTEGER LOffset; LARGE_INTEGER LLength; - pid = ((smb_t *) inp)->pid; + pid = smbp->pid; key = cm_GenerateKey(vcp->vcID, pid, fd); LOffset.HighPart = offset.HighPart; @@ -6674,6 +6676,7 @@ long smb_ReceiveCoreWriteRaw(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *out long totalCount; unsigned short fd; smb_fid_t *fidp; + smb_t *smbp = (smb_t*) inp; long code = 0; cm_user_t *userp; char *op; @@ -6739,7 +6742,7 @@ long smb_ReceiveCoreWriteRaw(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *out LARGE_INTEGER LOffset; LARGE_INTEGER LLength; - pid = ((smb_t *) inp)->pid; + pid = smbp->pid; key = cm_GenerateKey(vcp->vcID, pid, fd); LOffset.HighPart = offset.HighPart; @@ -6851,6 +6854,7 @@ long smb_ReceiveCoreRead(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) unsigned short fd; unsigned pid; smb_fid_t *fidp; + smb_t *smbp = (smb_t*) inp; long code = 0; cm_user_t *userp; char *op; @@ -6887,7 +6891,7 @@ long smb_ReceiveCoreRead(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) LARGE_INTEGER LOffset, LLength; cm_key_t key; - pid = ((smb_t *) inp)->pid; + pid = smbp->pid; key = cm_GenerateKey(vcp->vcID, pid, fd); LOffset.HighPart = 0; diff --git a/src/WINNT/afsd/smb3.c b/src/WINNT/afsd/smb3.c index 75acd795c..27c6e1a5c 100644 --- a/src/WINNT/afsd/smb3.c +++ b/src/WINNT/afsd/smb3.c @@ -6242,6 +6242,7 @@ long smb_ReceiveV3WriteX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) unsigned short fd; unsigned pid; smb_fid_t *fidp; + smb_t *smbp = (smb_t*) inp; long code = 0; cm_user_t *userp; char *op; @@ -6306,7 +6307,7 @@ long smb_ReceiveV3WriteX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) LARGE_INTEGER LLength; cm_scache_t * scp; - pid = ((smb_t *) inp)->pid; + pid = smbp->pid; key = cm_GenerateKey(vcp->vcID, pid, fd); LOffset.HighPart = offset.HighPart; @@ -6376,6 +6377,7 @@ long smb_ReceiveV3ReadX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) unsigned short fd; unsigned pid; smb_fid_t *fidp; + smb_t *smbp = (smb_t*) inp; long code = 0; cm_user_t *userp; cm_key_t key; @@ -6422,7 +6424,7 @@ long smb_ReceiveV3ReadX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) return CM_ERROR_NOSUCHFILE; } - pid = ((smb_t *) inp)->pid; + pid = smbp->pid; key = cm_GenerateKey(vcp->vcID, pid, fd); { LARGE_INTEGER LOffset, LLength; @@ -6734,7 +6736,7 @@ long smb_ReceiveNTCreateX(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *outp) fidflags = 0; if (desiredAccess & DELETE) fidflags |= SMB_FID_OPENDELETE; - if (desiredAccess & AFS_ACCESS_READ) + if (desiredAccess & (AFS_ACCESS_READ|AFS_ACCESS_EXECUTE)) fidflags |= SMB_FID_OPENREAD_LISTDIR; if (desiredAccess & AFS_ACCESS_WRITE) fidflags |= SMB_FID_OPENWRITE; @@ -7538,7 +7540,7 @@ long smb_ReceiveNTTranCreate(smb_vc_t *vcp, smb_packet_t *inp, smb_packet_t *out fidflags = 0; if (desiredAccess & DELETE) fidflags |= SMB_FID_OPENDELETE; - if (desiredAccess & AFS_ACCESS_READ) + if (desiredAccess & (AFS_ACCESS_READ|AFS_ACCESS_EXECUTE)) fidflags |= SMB_FID_OPENREAD_LISTDIR; if (desiredAccess & AFS_ACCESS_WRITE) fidflags |= SMB_FID_OPENWRITE; -- 2.39.5