CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index b353b2b8c6d5b5217c53ad3c0126dfd56a9d68fa..642f5974115e237169818f938c6626743ec15fe4 100644 (file)
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -700,6 +700,106 @@ NTSTATUS cli_posix_getacl(struct cli_state *cli,
        return status;
 }
 
+/****************************************************************************
+ Do a POSIX setacl - pathname based ACL set (UNIX extensions).
+****************************************************************************/
+
+struct setacl_state {
+       uint8_t *data;
+};
+
+static void cli_posix_setacl_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_setacl_send(TALLOC_CTX *mem_ctx,
+                                       struct tevent_context *ev,
+                                       struct cli_state *cli,
+                                       const char *fname,
+                                       const void *data,
+                                       size_t num_data)
+{
+       struct tevent_req *req = NULL, *subreq = NULL;
+       struct setacl_state *state = NULL;
+
+       req = tevent_req_create(mem_ctx, &state, struct setacl_state);
+       if (req == NULL) {
+               return NULL;
+       }
+       state->data = talloc_memdup(state, data, num_data);
+       if (tevent_req_nomem(state->data, req)) {
+               return tevent_req_post(req, ev);
+       }
+
+       subreq = cli_setpathinfo_send(state,
+                               ev,
+                               cli,
+                               SMB_SET_POSIX_ACL,
+                               fname,
+                               state->data,
+                               num_data);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
+       }
+       tevent_req_set_callback(subreq, cli_posix_setacl_done, req);
+       return req;
+}
+
+static void cli_posix_setacl_done(struct tevent_req *subreq)
+{
+       NTSTATUS status = cli_setpathinfo_recv(subreq);
+       tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_posix_setacl_recv(struct tevent_req *req)
+{
+       return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_setacl(struct cli_state *cli,
+                       const char *fname,
+                       const void *acl_buf,
+                       size_t acl_buf_size)
+{
+       TALLOC_CTX *frame = talloc_stackframe();
+       struct tevent_context *ev = NULL;
+       struct tevent_req *req = NULL;
+       NTSTATUS status = NT_STATUS_OK;
+
+       if (smbXcli_conn_has_async_calls(cli->conn)) {
+               /*
+                * Can't use sync call while an async call is in flight
+                */
+               status = NT_STATUS_INVALID_PARAMETER;
+               goto fail;
+       }
+
+       ev = samba_tevent_context_init(frame);
+       if (ev == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto fail;
+       }
+
+       req = cli_posix_setacl_send(frame,
+                               ev,
+                               cli,
+                               fname,
+                               acl_buf,
+                               acl_buf_size);
+       if (req == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto fail;
+       }
+
+       if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+               goto fail;
+       }
+
+       status = cli_posix_setacl_recv(req);
+
+ fail:
+       TALLOC_FREE(frame);
+       return status;
+}
+
 /****************************************************************************
  Stat a file (UNIX extensions).
 ****************************************************************************/

diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index e20e06cf058c65b22835171c698d0ca40b5a4941..d6706939ab85b0f92b5e8969b11046b5a50aaffa 100644 (file)
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -268,6 +268,17 @@ NTSTATUS cli_posix_getacl(struct cli_state *cli,
                        TALLOC_CTX *mem_ctx,
                        size_t *prb_size,
                        char **retbuf);
+struct tevent_req *cli_posix_setacl_send(TALLOC_CTX *mem_ctx,
+                                       struct tevent_context *ev,
+                                       struct cli_state *cli,
+                                       const char *fname,
+                                       const void *acl_buf,
+                                       size_t acl_buf_size);
+NTSTATUS cli_posix_setacl_recv(struct tevent_req *req);
+NTSTATUS cli_posix_setacl(struct cli_state *cli,
+                       const char *fname,
+                       const void *acl_buf,
+                       size_t acl_buf_size);
 struct tevent_req *cli_posix_stat_send(TALLOC_CTX *mem_ctx,
                                        struct tevent_context *ev,
                                        struct cli_state *cli,