configure:

configure.in:
include/config.h.in:
include/profile.h:
smbd/vfs-wrap.c:
smbd/vfs.c:
Added fchmod and fchown to VFS (sorry Gerald - but we needed them anyway).
smbd/dosmode.c:
smbd/files.c:
printing/printfsp.c:
smbd/close.c:
smbd/open.c:
Fixed "dos filemode" correctly so there are no race conditions. Forces test
of open of file O_WRONLY before allowing fchmod as root. Afterwards, calls
standard close function that preserves POSIX locks due to POSIX-me-harder
braindamage. :-). Andrew please review this code.
Also - in removing the tmpdir param in smbrun an extra NULL parameter
was missed in each print_run_command() call (which is a varargs fn.).
Now fixed.
Jeremy.
(This used to be commit 32397e5bc6d995ce7ca37c82d6aedc1e5b1b6fbd)

6 files changed, 116 insertions, 22 deletions

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 45df9b2e0d..217c81228f 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -111,7 +111,7 @@ static int close_filestruct(files_struct *fsp)
 }    
 
 /****************************************************************************
- Close a file - possibly invalidating the read prediction.
+ Close a file.
 
  If normal_close is 1 then this came from a normal SMBclose (or equivalent)
  operation otherwise it came as the result of some other operation such as
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 8b2c482b0a..9ec1fa2606 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -184,7 +184,6 @@ chmod a file - but preserve some bits
 ********************************************************************/
 int file_chmod(connection_struct *conn,char *fname,int dosmode,SMB_STRUCT_STAT *st)
 {
-	extern struct current_user current_user;
 	SMB_STRUCT_STAT st1;
 	int mask=0;
 	mode_t tmp;
@@ -250,16 +249,21 @@ int file_chmod(connection_struct *conn,char *fname,int dosmode,SMB_STRUCT_STAT *
 
 	/* Check if we have write access. */
 	if (CAN_WRITE(conn)) {
-		if (((st->st_mode & S_IWOTH) ||
-				conn->admin_user ||
-				((st->st_mode & S_IWUSR) && current_user.uid==st->st_uid) ||
-				((st->st_mode & S_IWGRP) &&
-				in_group(st->st_gid,current_user.gid, current_user.ngroups,current_user.groups)))) {
-					/* We are allowed to become root and change the file mode. */
-					become_root();
-					ret = vfs_chmod(conn,fname,unixmode);
-					unbecome_root();
-		}
+		/*
+		 * We need to open the file with write access whilst
+		 * still in our current user context. This ensures we
+		 * are not violating security in doing the fchmod.
+		 * This file open does *not* break any oplocks we are
+		 * holding. We need to review this.... may need to
+		 * break batch oplocks open by others. JRA.
+		 */
+		files_struct *fsp = open_file_fchmod(conn,fname,st);
+		if (!fsp)
+			return -1;
+		become_root();
+		ret = conn->vfs_ops.fchmod(fsp, fsp->fd, unixmode);
+		unbecome_root();
+		close_file_fchmod(fsp);
 	}
 
 	return( ret );
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 33243e1e94..27dfad7c48 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -43,7 +43,7 @@ static int files_used;
 /****************************************************************************
   find first available file slot
 ****************************************************************************/
-files_struct *file_new(void )
+files_struct *file_new(connection_struct *conn)
 {
 	int i;
 	static int first_file;
@@ -72,7 +72,7 @@ files_struct *file_new(void )
 		for (fsp=Files;fsp;fsp=next) {
 			next=fsp->next;
 			if (attempt_close_oplocked_file(fsp)) {
-				return file_new();
+				return file_new(conn);
 			}
 		}
 
@@ -91,6 +91,7 @@ files_struct *file_new(void )
 
 	ZERO_STRUCTP(fsp);
 	fsp->fd = -1;
+	fsp->conn = conn;
 
 	first_file = (i+1) % real_max_open_files;
 
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 007a169f9e..f450e74e58 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -583,13 +583,10 @@ files_struct *open_file_shared(connection_struct *conn,char *fname, SMB_STRUCT_S
 		return print_fsp_open(conn, fname);
 	}
 
-	fsp = file_new();
+	fsp = file_new(conn);
 	if(!fsp)
 		return NULL;
 
-	fsp->fd = -1;
-	fsp->conn = conn; /* The vfs_fXXX() macros need this. */
-
 	DEBUG(10,("open_file_shared: fname = %s, share_mode = %x, ofun = %x, mode = %o, oplock request = %d\n",
 		fname, share_mode, ofun, (int)mode,  oplock_request ));
 
@@ -870,7 +867,7 @@ files_struct *open_file_stat(connection_struct *conn, char *fname,
 		return NULL;
 	}
 
-	fsp = file_new();
+	fsp = file_new(conn);
 	if(!fsp)
 		return NULL;
 
@@ -919,6 +916,49 @@ files_struct *open_file_stat(connection_struct *conn, char *fname,
 }
 
 /****************************************************************************
+ Open a file for for write to ensure that we can fchmod it.
+****************************************************************************/
+
+files_struct *open_file_fchmod(connection_struct *conn, char *fname, SMB_STRUCT_STAT *psbuf)
+{
+	files_struct *fsp = NULL;
+	BOOL fsp_open;
+
+	if (!VALID_STAT(*psbuf))
+		return NULL;
+
+	fsp = file_new(conn);
+	if(!fsp)
+		return NULL;
+
+	fsp_open = open_file(fsp,conn,fname,psbuf,O_WRONLY,0);
+
+	/* 
+	 * This is not a user visible file open.
+	 * Don't set a share mode and don't increment
+	 * the conn->num_files_open.
+	 */
+
+	if (!fsp_open) {
+		file_free(fsp);
+		return NULL;
+	}
+
+	return fsp;
+}
+
+/****************************************************************************
+ Close the fchmod file fd - ensure no locks are lost.
+****************************************************************************/
+
+int close_file_fchmod(files_struct *fsp)
+{
+	int ret = fd_close(fsp->conn, fsp);
+	file_free(fsp);
+	return ret;
+}
+
+/****************************************************************************
  Open a directory from an NT SMB call.
 ****************************************************************************/
 
@@ -927,12 +967,12 @@ files_struct *open_directory(connection_struct *conn, char *fname,
 {
 	extern struct current_user current_user;
 	BOOL got_stat = False;
-	files_struct *fsp = file_new();
+	files_struct *fsp = file_new(conn);
 
 	if(!fsp)
 		return NULL;
 
-	fsp->conn = conn; /* THe vfs_fXXX() macros need this. */
+	fsp->conn = conn; /* The vfs_fXXX() macros need this. */
 
 	if (VALID_STAT(*psbuf))
 		got_stat = True;
diff --git a/source3/smbd/vfs-wrap.c b/source3/smbd/vfs-wrap.c
index a4057eb7ce..da8484e14e 100644
--- a/source3/smbd/vfs-wrap.c
+++ b/source3/smbd/vfs-wrap.c
@@ -369,6 +369,34 @@ int vfswrap_chmod(connection_struct *conn, char *path, mode_t mode)
     return result;
 }
 
+int vfswrap_fchmod(files_struct *fsp, int fd, mode_t mode)
+{
+    int result;
+	struct vfs_ops *vfs_ops = &fsp->conn->vfs_ops;
+	
+    START_PROFILE(syscall_fchmod);
+
+	/*
+	 * We need to do this due to the fact that the default POSIX ACL
+	 * chmod modifies the ACL *mask* for the group owner, not the
+	 * group owner bits directly. JRA.
+	 */
+	
+	if (vfs_ops->fchmod_acl != NULL) {
+		int saved_errno = errno; /* We might get ENOSYS */
+		if ((result = vfs_ops->fchmod_acl(fsp, fd, mode)) == 0) {
+			END_PROFILE(syscall_chmod);
+			return result;
+		}
+		/* Error - return the old errno. */
+		errno = saved_errno;
+	}
+
+    result = fchmod(fd, mode);
+    END_PROFILE(syscall_fchmod);
+    return result;
+}
+
 int vfswrap_chown(connection_struct *conn, char *path, uid_t uid, gid_t gid)
 {
     int result;
@@ -386,6 +414,17 @@ int vfswrap_chown(connection_struct *conn, char *path, uid_t uid, gid_t gid)
     return result;
 }
 
+int vfswrap_fchown(files_struct *fsp, int fd, uid_t uid, gid_t gid)
+{
+    int result;
+
+    START_PROFILE(syscall_fchown);
+
+    result = fchown(fd, uid, gid);
+    END_PROFILE(syscall_fchown);
+    return result;
+}
+
 int vfswrap_chdir(connection_struct *conn, char *path)
 {
     int result;
@@ -452,7 +491,7 @@ int vfswrap_ftruncate(files_struct *fsp, int fd, SMB_OFF_T len)
 		extend a file with ftruncate. Provide alternate implementation
 		for this */
 
-	struct vfs_ops *vfs_ops = fsp->conn->vfs_ops;
+	struct vfs_ops *vfs_ops = &fsp->conn->vfs_ops;
 	SMB_STRUCT_STAT st;
 	char c = 0;
 	SMB_OFF_T currpos;
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index f5bd057ca6..713d58cdc8 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -64,7 +64,9 @@ struct vfs_ops default_vfs_ops = {
 	vfswrap_lstat,
 	vfswrap_unlink,
 	vfswrap_chmod,
+	vfswrap_fchmod,
 	vfswrap_chown,
+	vfswrap_fchown,
 	vfswrap_chdir,
 	vfswrap_getwd,
 	vfswrap_utime,
@@ -224,10 +226,18 @@ BOOL vfs_init_custom(connection_struct *conn)
 	conn->vfs_ops.chmod = default_vfs_ops.chmod;
     }
 
+    if (conn->vfs_ops.fchmod == NULL) {
+	conn->vfs_ops.fchmod = default_vfs_ops.fchmod;
+    }
+
     if (conn->vfs_ops.chown == NULL) {
 	conn->vfs_ops.chown = default_vfs_ops.chown;
     }
 
+    if (conn->vfs_ops.fchown == NULL) {
+	conn->vfs_ops.fchown = default_vfs_ops.fchown;
+    }
+
     if (conn->vfs_ops.chdir == NULL) {
 	conn->vfs_ops.chdir = default_vfs_ops.chdir;
     }