ksmbd: enforce FILE_READ_ATTRIBUTES on SMB_FIND_FILE_POSIX_INFORMATION

find_file_posix_info() in smb2_query_info() returns file metadata (owner
uid, group gid, mode, inode, size, allocation size, hard-link count and all
four timestamps) but performs no per-handle access check. Every sibling
query handler gates on the handle's granted access first --
get_file_basic_info(), get_file_all_info(), get_file_network_open_info()
and get_file_attribute_tag_info() all reject a handle lacking
FILE_READ_ATTRIBUTES_LE with -EACCES. The POSIX handler is gated only by
the connection-scoped tcon->posix_extensions flag, which is not a
per-handle authorization, so a handle opened with only FILE_WRITE_DATA is
correctly denied FileBasicInformation yet is allowed the strict-superset
POSIX info. Mirror the FILE_READ_ATTRIBUTES_LE gate the sibling info
handlers already use.

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Signed-off-by: Gil Portnoy <dddhkts1@gmail.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 9efafa56c03e5360f6027578ffad36639d284d44..4e008793179597e7884abd5dce47ef2051562cfe 100644 (file)
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -5437,6 +5437,12 @@ static int find_file_posix_info(struct smb2_query_info_rsp *rsp,
        int out_buf_len = sizeof(struct smb311_posix_qinfo) + 32;
        int ret;
 
+       if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
+               pr_err("no right to read the attributes : 0x%x\n",
+                      fp->daccess);
+               return -EACCES;
+       }
+
        ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
                          AT_STATX_SYNC_AS_STAT);
        if (ret)