From: Ralph Boehme <slow@samba.org>
Date: Wed, 27 Jul 2022 13:58:37 +0000 (+0200)
Subject: smbd: skip access checks for stat-opens on streams in open_file()
X-Git-Tag: samba-4.15.10~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a3f3f26a6bfced21532a189a34fe9711fc972a83;p=thirdparty%2Fsamba.git

smbd: skip access checks for stat-opens on streams in open_file()

For streams, access is already checked in create_file_unixpath() by
check_base_file_access().

We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit f0299abf1b28a14518328710d9f84bef17fd2ecf)
[slow@samba.org: smbd_check_access_rights_fsp(dirfsp) -> smbd_check_access_rights_fsp(parent_dir->fsp)]
[slow@samba.org: posix_flags -> fsp->posix_flags & FSP_POSIX_FLAGS_OPEN]
---

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index d2a4b521d89..3926f376164 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1565,29 +1565,36 @@ static NTSTATUS open_file(files_struct *fsp,
 			}
 		}
 
-		status = smbd_check_access_rights_fsp(parent_dir->fsp,
-						      fsp,
-						      false,
-						      access_mask);
-
-		if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
-				(fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
-				S_ISLNK(smb_fname->st.st_ex_mode)) {
-			/* This is a POSIX stat open for delete
-			 * or rename on a symlink that points
-			 * nowhere. Allow. */
-			DEBUG(10,("open_file: allowing POSIX "
-				  "open on bad symlink %s\n",
-				  smb_fname_str_dbg(smb_fname)));
-			status = NT_STATUS_OK;
-		}
+		/*
+		 * Access to streams is checked by checking the basefile and
+		 * that has alreay been checked by check_base_file_access()
+		 * in create_file_unixpath().
+		 */
+		if (!fsp_is_alternate_stream(fsp)) {
+			status = smbd_check_access_rights_fsp(parent_dir->fsp,
+							      fsp,
+							      false,
+							      access_mask);
+
+			if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
+			    (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) &&
+			    S_ISLNK(smb_fname->st.st_ex_mode)) {
+				/* This is a POSIX stat open for delete
+				 * or rename on a symlink that points
+				 * nowhere. Allow. */
+				DEBUG(10,("open_file: allowing POSIX "
+					  "open on bad symlink %s\n",
+					  smb_fname_str_dbg(smb_fname)));
+				status = NT_STATUS_OK;
+			}
 
-		if (!NT_STATUS_IS_OK(status)) {
-			DBG_DEBUG("smbd_check_access_rights_fsp on file "
-				"%s returned %s\n",
-				fsp_str_dbg(fsp),
-				nt_errstr(status));
-			return status;
+			if (!NT_STATUS_IS_OK(status)) {
+				DBG_DEBUG("smbd_check_access_rights_fsp on file "
+					  "%s returned %s\n",
+					  fsp_str_dbg(fsp),
+					  nt_errstr(status));
+				return status;
+			}
 		}
 	}