summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-05-31 17:47:39 +0000
committerJeremy Allison <jra@samba.org>2000-05-31 17:47:39 +0000
commit2a4ce0f0b993d7f820f83514d21dca346f0e7357 (patch)
treec9c8939fafa1eea609c81237daecdf2b2676db18 /source3
parente67aa6b43cbb2dca355e3ea9868df9509925f795 (diff)
downloadsamba-2a4ce0f0b993d7f820f83514d21dca346f0e7357.tar.gz
samba-2a4ce0f0b993d7f820f83514d21dca346f0e7357.tar.bz2
samba-2a4ce0f0b993d7f820f83514d21dca346f0e7357.zip
The functionality in this file has been moved into smbd/unix_acls.c in order
to make the acl functionality regular (we can have smbd/posix_acls etc). Jeremy. (This used to be commit 9adb9399df27c5c1d7fec04f80d49e5476200738)
Diffstat (limited to 'source3')
-rw-r--r--source3/lib/util_unixsd.c679
1 files changed, 0 insertions, 679 deletions
diff --git a/source3/lib/util_unixsd.c b/source3/lib/util_unixsd.c
deleted file mode 100644
index bee9f69641..0000000000
--- a/source3/lib/util_unixsd.c
+++ /dev/null
@@ -1,679 +0,0 @@
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- SMB NT Security Descriptor / Unix permission conversion.
- Copyright (C) Jeremy Allison 1994-2000
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "rpc_parse.h"
-#include "sids.h"
-
-#ifndef WITH_SURS
-extern DOM_SID global_sid_World;
-#define global_sid_everyone &global_sid_World
-#endif
-
-
-/****************************************************************************
- Map unix perms to NT.
-****************************************************************************/
-
-static SEC_ACCESS map_unix_perms(int *pacl_type, mode_t perm, int r_mask,
- int w_mask, int x_mask, BOOL is_directory)
-{
- SEC_ACCESS sa;
- uint32 nt_mask = 0;
-
- *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
-
- if ((perm & (r_mask | w_mask | x_mask)) == (r_mask | w_mask | x_mask))
- {
- nt_mask = UNIX_ACCESS_RWX;
- }
- else if ((perm & (r_mask | w_mask | x_mask)) == 0)
- {
- nt_mask = UNIX_ACCESS_NONE;
- }
- else
- {
- nt_mask |= (perm & r_mask) ? UNIX_ACCESS_R : 0;
- if (is_directory)
- nt_mask |= (perm & w_mask) ? UNIX_ACCESS_W : 0;
- else
- nt_mask |= (perm & w_mask) ? UNIX_ACCESS_W : 0;
- nt_mask |= (perm & x_mask) ? UNIX_ACCESS_X : 0;
- }
- make_sec_access(&sa, nt_mask);
- return sa;
-}
-
-/****************************************************************************
- Function to create owner and group SIDs from a SMB_STRUCT_STAT.
-****************************************************************************/
-
-static BOOL create_file_sids(const SMB_STRUCT_STAT * psbuf,
- DOM_SID *powner_sid, DOM_SID *pgroup_sid)
-{
- extern DOM_SID global_sam_sid;
-
- sid_copy(powner_sid, &global_sam_sid);
- sid_copy(pgroup_sid, &global_sam_sid);
- sid_append_rid(powner_sid, pdb_uid_to_user_rid(psbuf->st_uid));
- sid_append_rid(pgroup_sid, pdb_gid_to_group_rid(psbuf->st_gid));
- return True;
-}
-
-#ifdef WITH_SURS
-static BOOL create_file_sids(const SMB_STRUCT_STAT * psbuf,
- DOM_SID *powner_sid, DOM_SID *pgroup_sid)
-{
- SURS_POSIX_ID id;
-
- ZERO_STRUCTP(powner_sid);
- ZERO_STRUCTP(pgroup_sid);
- DEBUG(0, ("TODO: create_file_sids: not ok "
- "to assume gid is NT group\n"));
-
- id.type = SURS_POSIX_UID;
- id.id = (uint32)psbuf->st_uid;
-
- if (!surs_unixid_to_sam_sid(&id, powner_sid, False))
- {
- DEBUG(3, ("create_file_sids: map uid %d failed\n",
- (int)psbuf->st_uid));
- return False;
- }
-
- id.type = SURS_POSIX_GID;
- id.id = (uint32)psbuf->st_gid;
-
- if (!surs_unixid_to_sam_sid(&id, pgroup_sid, False))
- {
- DEBUG(3, ("create_file_sids: map gid %d failed\n",
- (int)psbuf->st_gid));
- return False;
- }
- return True;
-}
-#endif
-
-/****************************************************************************
- Reply to query a security descriptor from an fsp. If it succeeds it allocates
- the space for the return elements and returns True.
-****************************************************************************/
-
-size_t convertperms_unix_to_sd(const SMB_STRUCT_STAT * sbuf,
- BOOL is_directory, mode_t mode,
- SEC_DESC ** ppdesc)
-{
- SEC_ACE *ace_list = NULL;
- DOM_SID owner_sid;
- DOM_SID group_sid;
- size_t sec_desc_size;
- SEC_ACL *psa = NULL;
- SEC_ACCESS owner_access;
- int owner_acl_type;
- SEC_ACCESS group_access;
- int grp_acl_type;
- SEC_ACCESS other_access;
- int other_acl_type;
- int num_acls = 0;
-
- (*ppdesc) = NULL;
-
- if (!lp_nt_acl_support() || sbuf == NULL)
- {
- sid_copy(&owner_sid, global_sid_everyone);
- sid_copy(&group_sid, global_sid_everyone);
- }
- else
- {
- if (!create_file_sids(sbuf, &owner_sid, &group_sid))
- {
- DEBUG(3, ("create_file_sids: uid or gid "
- "not mapped to SIDS\n"));
- return 0;
- }
-
- /*
- * Create the generic 3 element UNIX acl.
- */
-
- owner_access = map_unix_perms(&owner_acl_type, sbuf->st_mode,
- S_IRUSR, S_IWUSR, S_IXUSR,
- is_directory);
- group_access = map_unix_perms(&grp_acl_type, sbuf->st_mode,
- S_IRGRP, S_IWGRP, S_IXGRP,
- is_directory);
- other_access = map_unix_perms(&other_acl_type, sbuf->st_mode,
- S_IROTH, S_IWOTH, S_IXOTH,
- is_directory);
-
- if (owner_access.mask)
- {
- ace_list = g_renew(SEC_ACE, ace_list, num_acls + 1);
- if (ace_list == NULL)
- {
- return 0;
- }
- make_sec_ace(&ace_list[num_acls++], &owner_sid,
- owner_acl_type, owner_access, 0);
- }
-
- if (group_access.mask)
- {
- ace_list = g_renew(SEC_ACE, ace_list, num_acls + 1);
- if (ace_list == NULL)
- {
- return 0;
- }
-
- make_sec_ace(&ace_list[num_acls++], &group_sid,
- grp_acl_type, group_access, 0);
- }
-
- if (other_access.mask)
- {
- ace_list = g_renew(SEC_ACE, ace_list, num_acls + 1);
- if (ace_list == NULL)
- {
- return 0;
- }
-
- make_sec_ace(&ace_list[num_acls++],
- global_sid_everyone, other_acl_type,
- other_access, 0);
- }
-
- if (is_directory)
- {
- /*
- * For directory ACLs we also add in the
- * inherited permissions ACE entries. These
- * are the permissions a file would get when
- * being created in the directory.
- */
-
- owner_access = map_unix_perms(&owner_acl_type, mode,
- S_IRUSR, S_IWUSR,
- S_IXUSR, is_directory);
- group_access = map_unix_perms(&grp_acl_type,
- mode, S_IRGRP,
- S_IWGRP, S_IXGRP,
- is_directory);
- other_access = map_unix_perms(&other_acl_type,
- mode, S_IROTH,
- S_IWOTH, S_IXOTH,
- is_directory);
-
- if (owner_access.mask)
- {
- ace_list = g_renew(SEC_ACE, ace_list,
- num_acls + 1);
- if (ace_list == NULL)
- {
- return 0;
- }
-
- make_sec_ace(&ace_list[num_acls++],
- &owner_sid, owner_acl_type,
- owner_access,
- SEC_ACE_FLAG_OBJECT_INHERIT |
- SEC_ACE_FLAG_INHERIT_ONLY);
- }
-
- if (group_access.mask)
- {
- ace_list = g_renew(SEC_ACE, ace_list,
- num_acls + 1);
- if (ace_list == NULL)
- {
- return 0;
- }
-
- make_sec_ace(&ace_list[num_acls++],
- &group_sid, grp_acl_type,
- group_access,
- SEC_ACE_FLAG_OBJECT_INHERIT |
- SEC_ACE_FLAG_INHERIT_ONLY);
- }
-
- if (other_access.mask)
- {
- ace_list = g_renew(SEC_ACE, ace_list,
- num_acls + 1);
- if (ace_list == NULL)
- {
- return 0;
- }
-
- make_sec_ace(&ace_list[num_acls++],
- global_sid_everyone,
- other_acl_type, other_access,
- SEC_ACE_FLAG_OBJECT_INHERIT |
- SEC_ACE_FLAG_INHERIT_ONLY);
- }
- }
-
- if (num_acls)
- {
- psa = g_new(SEC_ACL, 1);
- if (psa == NULL)
- {
- safe_free(ace_list);
- }
- if (!make_sec_acl(psa, 2, num_acls, ace_list))
- {
- DEBUG(0, ("get_nt_acl: Unable to malloc "
- "space for acl.\n"));
- safe_free(ace_list);
- safe_free(psa);
- return 0;
- }
- }
- }
-
- (*ppdesc) = g_new(SEC_DESC, 1);
-
- if ((*ppdesc) == NULL)
- {
- DEBUG(0, ("get_nt_acl: Unable to malloc space "
- "for security descriptor.\n"));
- sec_desc_size = 0;
- free_sec_acl(psa);
- safe_free(psa);
- return 0;
- }
-
- sec_desc_size = make_sec_desc((*ppdesc), 1,
- SEC_DESC_SELF_RELATIVE |
- (sbuf?SEC_DESC_DACL_PRESENT:0),
- sid_dup(&owner_sid),
- sid_dup(&group_sid), NULL, psa);
-
- return sec_desc_size;
-}
-
-/****************************************************************************
- Map NT perms to UNIX.
-****************************************************************************/
-
-#define FILE_SPECIFIC_READ_BITS \
- (FILE_READ_DATA|FILE_READ_EA|FILE_READ_ATTRIBUTES)
-#define FILE_SPECIFIC_WRITE_BITS \
- (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES)
-#define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
-
-#define PRINT_SPECIFIC_READ_BITS (PRINTER_READ)
-#define PRINT_SPECIFIC_WRITE_BITS (PRINTER_READ)
-#define PRINT_SPECIFIC_EXECUTE_BITS (PRINTER_ALL_ACCESS)
-
-static mode_t map_nt_perms(SEC_ACCESS sec_access, int type)
-{
- uint32 write_bits;
- uint32 read_bits;
- uint32 execute_bits;
- mode_t mode = 0;
-
- write_bits = FILE_SPECIFIC_WRITE_BITS;
- read_bits = FILE_SPECIFIC_READ_BITS;
- execute_bits = FILE_SPECIFIC_EXECUTE_BITS;
-
- switch (type)
- {
- case S_IRUSR:
- if (sec_access.mask & GENERIC_ALL_ACCESS)
- mode = S_IRUSR | S_IWUSR | S_IXUSR;
- else
- {
- mode |=
- (sec_access.mask &
- (GENERIC_READ_ACCESS |
- read_bits)) ? S_IRUSR : 0;
- mode |=
- (sec_access.mask &
- (GENERIC_WRITE_ACCESS |
- write_bits)) ? S_IWUSR : 0;
- mode |=
- (sec_access.mask &
- (GENERIC_EXECUTE_ACCESS |
- execute_bits)) ? S_IXUSR : 0;
- }
- break;
- case S_IRGRP:
- if (sec_access.mask & GENERIC_ALL_ACCESS)
- mode = S_IRGRP | S_IWGRP | S_IXGRP;
- else
- {
- mode |=
- (sec_access.mask &
- (GENERIC_READ_ACCESS |
- read_bits)) ? S_IRGRP : 0;
- mode |=
- (sec_access.mask &
- (GENERIC_WRITE_ACCESS |
- write_bits)) ? S_IWGRP : 0;
- mode |=
- (sec_access.mask &
- (GENERIC_EXECUTE_ACCESS |
- execute_bits)) ? S_IXGRP : 0;
- }
- break;
- case S_IROTH:
- if (sec_access.mask & GENERIC_ALL_ACCESS)
- mode = S_IROTH | S_IWOTH | S_IXOTH;
- else
- {
- mode |=
- (sec_access.mask &
- (GENERIC_READ_ACCESS |
- read_bits)) ? S_IROTH : 0;
- mode |=
- (sec_access.mask &
- (GENERIC_WRITE_ACCESS |
- write_bits)) ? S_IWOTH : 0;
- mode |=
- (sec_access.mask &
- (GENERIC_EXECUTE_ACCESS |
- execute_bits)) ? S_IXOTH : 0;
- }
- break;
- }
-
- return mode;
-}
-
-#ifndef WITH_SURS
-/****************************************************************************
- Validate a SID.
-****************************************************************************/
-static BOOL validate_unix_sid(DOM_SID *psid, uint32 *prid, DOM_SID *sd_sid)
-{
- extern DOM_SID global_sam_sid;
- DOM_SID sid;
-
- if (!sd_sid)
- {
- DEBUG(5, ("validate_unix_sid: sid missing.\n"));
- return False;
- }
-
- sid_copy(psid, sd_sid);
- sid_copy(&sid, sd_sid);
-
- if (!sid_split_rid(&sid, prid))
- {
- DEBUG(5, ("validate_unix_sid: cannot get RID from sid.\n"));
- return False;
- }
-
- if (!sid_equal(&sid, &global_sam_sid))
- {
- DEBUG(5, ("validate_unix_sid: sid is not ours.\n"));
- return False;
- }
-
- return True;
-}
-#endif
-
-/****************************************************************************
- Unpack a SEC_DESC into a owner, group and set of UNIX permissions.
-****************************************************************************/
-
-BOOL convertperms_sd_to_unix(SMB_STRUCT_STAT * psbuf, uid_t * puser,
- gid_t * pgrp, mode_t * pmode,
- uint32 security_info_sent, SEC_DESC * psd,
- BOOL is_directory)
-{
- DOM_SID file_owner_sid;
- DOM_SID file_grp_sid;
- SEC_ACL *dacl = psd->dacl;
- BOOL all_aces_are_inherit_only = (is_directory ? True : False);
- int i;
-#ifdef WITH_SURS
- SURS_POSIX_ID id;
-#else
- DOM_SID owner_sid;
- DOM_SID grp_sid;
- uint32 owner_rid;
- uint32 grp_rid;
-#endif
-
- *pmode = 0;
- *puser = (uid_t) - 1;
- *pgrp = (gid_t) - 1;
-
- if (security_info_sent == 0)
- {
- DEBUG(0, ("unpack_nt_permissions: "
- "no security info sent !\n"));
- return False;
- }
-
- /*
- * Windows 2000 sends the owner and group SIDs as the logged in
- * user, not the connected user. But it still sends the file
- * owner SIDs on an ACL set. So we need to check for the file
- * owner and group SIDs as well as the owner SIDs. JRA.
- */
-
- if (!create_file_sids(psbuf, &file_owner_sid, &file_grp_sid))
- {
- DEBUG(3, ("create_file_sids: uid or gid "
- "not mapped to SIDS\n"));
- return 0;
- }
-
- /*
- * Don't immediately fail if the owner sid cannot be validated.
- * This may be a group chown only set.
- */
-
- DEBUG(0, ("TODO: LsaLookupSids to find type of owner_sid\n"));
-
-#ifdef WITH_SURS
- if (security_info_sent & OWNER_SECURITY_INFORMATION &&
- surs_sam_sid_to_unixid(psd->owner_sid, &id, False) &&
- id.type == SURS_POSIX_UID)
- {
- *puser = (uid_t) id.id;
- }
-
-#else
- if (!validate_unix_sid(&owner_sid, &owner_rid, psd->owner_sid))
- DEBUG(3,
- ("unpack_nt_permissions: unable to validate owner sid.\n"));
- else if (security_info_sent & OWNER_SECURITY_INFORMATION)
- *puser = pdb_user_rid_to_uid(owner_rid);
-
- if (security_info_sent & OWNER_SECURITY_INFORMATION)
- {
- *puser = pdb_user_rid_to_uid(owner_rid);
- }
-
-#endif
- /*
- * Don't immediately fail if the group sid cannot be validated.
- * This may be an owner chown only set.
- */
-
-#ifdef WITH_SURS
- if (security_info_sent & GROUP_SECURITY_INFORMATION &&
- surs_sam_sid_to_unixid(psd->grp_sid, &id, False) &&
- (id.type == SURS_POSIX_GID))
- {
- *pgrp = (gid_t) id.id;
- }
-#else
- if (!validate_unix_sid(&grp_sid, &grp_rid, psd->grp_sid))
- DEBUG(3,
- ("unpack_nt_permissions: unable to validate group sid.\n"));
- else if (security_info_sent & GROUP_SECURITY_INFORMATION)
- *pgrp = pdb_user_rid_to_gid(grp_rid);
-
-#endif
- /*
- * If no DACL then this is a chown only security descriptor.
- */
-
- if (!(security_info_sent & DACL_SECURITY_INFORMATION) || !dacl)
- {
- *pmode = 0;
- return True;
- }
-
- /*
- * Now go through the DACL and ensure that
- * any owner/group sids match.
- */
-
- for (i = 0; i < dacl->num_aces; i++)
- {
- DOM_SID ace_sid;
- SEC_ACE *psa = &dacl->ace[i];
-
- if ((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) &&
- (psa->type != SEC_ACE_TYPE_ACCESS_DENIED))
- {
- DEBUG(3, ("unpack_nt_permissions: "
- "unable to set anything but an "
- "ALLOW or DENY ACE.\n"));
- return False;
- }
-
- /*
- * Ignore or remove bits we don't care about on a directory ACE.
- */
-
- if (is_directory)
- {
- if (psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)
- {
- DEBUG(3, ("unpack_nt_permissions: "
- "ignoring inherit only ACE.\n"));
- continue;
- }
-
- /*
- * At least one of the ACE entries wasn't inherit only.
- * Flag this so we know the returned mode is valid.
- */
-
- all_aces_are_inherit_only = False;
- }
-
- /*
- * Windows 2000 sets these flags even on *file* ACE's.
- * This is wrong but we can ignore them for now.
- * Revisit this when we go to POSIX ACLs on directories.
- */
-
- psa->flags &=
- ~(SEC_ACE_FLAG_OBJECT_INHERIT |
- SEC_ACE_FLAG_CONTAINER_INHERIT);
-
- if (psa->flags != 0)
- {
- DEBUG(1,
- ("unpack_nt_permissions: unable to set ACE flags (%x).\n",
- (unsigned int)psa->flags));
- return False;
- }
-
- /*
- * The security mask may be UNIX_ACCESS_NONE which
- * should map into no permissions (we overload the
- * WRITE_OWNER bit for this) or it should be one of
- * the ALL/EXECUTE/READ/WRITE bits. Arrange for this
- * to be so. Any other bits override the
- * UNIX_ACCESS_NONE bit.
- */
-
- psa->info.mask &=
- (GENERIC_ALL_ACCESS | GENERIC_EXECUTE_ACCESS |
- GENERIC_WRITE_ACCESS | GENERIC_READ_ACCESS |
- UNIX_ACCESS_NONE | FILE_ALL_ATTRIBUTES);
-
- if (psa->info.mask != UNIX_ACCESS_NONE)
- psa->info.mask &= ~UNIX_ACCESS_NONE;
-
- sid_copy(&ace_sid, &psa->sid);
-
- if (sid_equal(&ace_sid, &file_owner_sid))
- {
- /*
- * Map the desired permissions into owner perms.
- */
-
- if (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED)
- *pmode |= map_nt_perms(psa->info, S_IRUSR);
- else
- *pmode &= ~(map_nt_perms(psa->info, S_IRUSR));
-
- }
- else if (sid_equal(&ace_sid, &file_grp_sid))
- {
- /*
- * Map the desired permissions into group perms.
- */
-
- if (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED)
- *pmode |= map_nt_perms(psa->info, S_IRGRP);
- else
- *pmode &= ~(map_nt_perms(psa->info, S_IRGRP));
-
- }
- else if (sid_equal(&ace_sid, global_sid_everyone))
- {
- /*
- * Map the desired permissions into other perms.
- */
-
- if (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED)
- *pmode |= map_nt_perms(psa->info, S_IROTH);
- else
- *pmode &= ~(map_nt_perms(psa->info, S_IROTH));
-
- }
- else
- {
- DEBUG(0, ("unpack_nt_permissions: "
- "unknown SID used in ACL.\n"));
- return False;
- }
- }
-
- if (is_directory && all_aces_are_inherit_only)
- {
- /*
- * Windows 2000 is doing one of these weird 'inherit acl'
- * traverses to conserve NTFS ACL resources. Just pretend
- * there was no DACL sent. JRA.
- */
-
- DEBUG(10, ("unpack_nt_permissions: "
- "Win2k inherit acl traverse. "
- "Ignoring DACL.\n"));
- free_sec_acl(psd->dacl);
- safe_free(psd->dacl);
- psd->dacl = NULL;
- }
-
- return True;
-}