smbd: skip access checks for stat-opens on streams in open_file()

For streams, access is already checked in create_file_unixpath() by
check_base_file_access().

We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit f0299abf1b28a14518328710d9f84bef17fd2ecf)
[slow@samba.org: smbd_check_access_rights_fsp(dirfsp) -> smbd_check_access_rights_fsp(parent_dir->fsp)]
[slow@samba.org: posix_flags -> fsp->posix_flags & FSP_POSIX_FLAGS_OPEN]

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index d2a4b521d895339865ee5b85f2b10e0cc9cd1806..3926f376164e335e2488c46e6ec3b870b7a2c18b 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1565,29 +1565,36 @@ static NTSTATUS open_file(files_struct *fsp,
                        }
                }
 
-               status = smbd_check_access_rights_fsp(parent_dir->fsp,
-                                                     fsp,
-                                                     false,
-                                                     access_mask);
-
-               if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
-                               (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
-                               S_ISLNK(smb_fname->st.st_ex_mode)) {
-                       /* This is a POSIX stat open for delete
-                        * or rename on a symlink that points
-                        * nowhere. Allow. */
-                       DEBUG(10,("open_file: allowing POSIX "
-                                 "open on bad symlink %s\n",
-                                 smb_fname_str_dbg(smb_fname)));
-                       status = NT_STATUS_OK;
-               }
+               /*
+                * Access to streams is checked by checking the basefile and
+                * that has alreay been checked by check_base_file_access()
+                * in create_file_unixpath().
+                */
+               if (!fsp_is_alternate_stream(fsp)) {
+                       status = smbd_check_access_rights_fsp(parent_dir->fsp,
+                                                             fsp,
+                                                             false,
+                                                             access_mask);
+
+                       if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
+                           (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
+                           S_ISLNK(smb_fname->st.st_ex_mode)) {
+                               /* This is a POSIX stat open for delete
+                                * or rename on a symlink that points
+                                * nowhere. Allow. */
+                               DEBUG(10,("open_file: allowing POSIX "
+                                         "open on bad symlink %s\n",
+                                         smb_fname_str_dbg(smb_fname)));
+                               status = NT_STATUS_OK;
+                       }
 
-               if (!NT_STATUS_IS_OK(status)) {
-                       DBG_DEBUG("smbd_check_access_rights_fsp on file "
-                               "%s returned %s\n",
-                               fsp_str_dbg(fsp),
-                               nt_errstr(status));
-                       return status;
+                       if (!NT_STATUS_IS_OK(status)) {
+                               DBG_DEBUG("smbd_check_access_rights_fsp on file "
+                                         "%s returned %s\n",
+                                         fsp_str_dbg(fsp),
+                                         nt_errstr(status));
+                               return status;
+                       }
                }
        }