summaryrefslogtreecommitdiff
path: root/source4/ntvfs
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-01 11:35:01 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:06:15 -0500
commita8a3fec528f6ee9a4a0171fb4186e8dcaba76518 (patch)
tree716c5e4b0eefb75e748e2674f2dca0c82d6ef56c /source4/ntvfs
parent1a7283a8fa5a7d97abc5b10f3d73ce99a4a7b905 (diff)
downloadsamba-a8a3fec528f6ee9a4a0171fb4186e8dcaba76518.tar.gz
samba-a8a3fec528f6ee9a4a0171fb4186e8dcaba76518.tar.bz2
samba-a8a3fec528f6ee9a4a0171fb4186e8dcaba76518.zip
r4026: added NT ACL checking on pvfs_open() for existing files. I need to
work out some way to do a decent test suite for this. (This used to be commit 9a9a0d0e791e4b64f0a35c921729e623b977af47)
Diffstat (limited to 'source4/ntvfs')
-rw-r--r--source4/ntvfs/posix/pvfs_acl.c80
-rw-r--r--source4/ntvfs/posix/pvfs_open.c26
2 files changed, 90 insertions, 16 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 2fff6db628..236bc4d98d 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -208,7 +208,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs,
sd = acl->info.sd;
break;
default:
- return NT_STATUS_INVALID_LEVEL;
+ return NT_STATUS_INVALID_ACL;
}
new_sd = info->set_secdesc.in.sd;
@@ -263,7 +263,7 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs,
sd = acl->info.sd;
break;
default:
- return NT_STATUS_INVALID_LEVEL;
+ return NT_STATUS_INVALID_ACL;
}
normalise_sd_flags(sd, info->query_secdesc.in.secinfo_flags);
@@ -273,3 +273,79 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs,
return NT_STATUS_OK;
}
+
+/*
+ default access check function based on unix permissions
+ doing this saves on building a full security descriptor
+ for the common case of access check on files with no
+ specific NT ACL
+*/
+NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
+ struct smbsrv_request *req,
+ struct pvfs_filename *name,
+ uint32_t *access_mask)
+{
+ uid_t uid = geteuid();
+ uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
+
+ /* owner and root get extra permissions */
+ if (uid == 0 || uid == name->st.st_uid) {
+ max_bits |= SEC_STD_ALL;
+ }
+
+ if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) {
+ *access_mask = max_bits;
+ return NT_STATUS_OK;
+ }
+
+ if (*access_mask & ~max_bits) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return NT_STATUS_OK;
+}
+
+
+/*
+ check the security descriptor on a file, if any
+
+ *access_mask is modified with the access actually granted
+*/
+NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
+ struct smbsrv_request *req,
+ struct pvfs_filename *name,
+ uint32_t *access_mask)
+{
+ struct nt_user_token *token = req->session->session_info->nt_user_token;
+ struct xattr_NTACL *acl;
+ NTSTATUS status;
+ struct security_descriptor *sd;
+
+ acl = talloc_p(req, struct xattr_NTACL);
+ if (acl == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = pvfs_acl_load(pvfs, name, -1, acl);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ talloc_free(acl);
+ return pvfs_access_check_unix(pvfs, req, name, access_mask);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ switch (acl->version) {
+ case 1:
+ sd = acl->info.sd;
+ break;
+ default:
+ return NT_STATUS_INVALID_ACL;
+ }
+
+ status = sec_access_check(sd, token, *access_mask, access_mask);
+
+ talloc_free(acl);
+
+ return status;
+}
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 4b8de28488..17740f7636 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -862,14 +862,6 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
share_access = io->generic.in.share_access;
access_mask = io->generic.in.access_mask;
- if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
- if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_READONLY)) {
- access_mask = SEC_RIGHTS_FILE_READ;
- } else {
- access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE;
- }
- }
-
/* certain create options are not allowed */
if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) &&
!(access_mask & SEC_STD_DELETE)) {
@@ -914,12 +906,6 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
- if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
- flags |= O_RDWR;
- } else {
- flags |= O_RDONLY;
- }
-
if (io->generic.in.file_attr & FILE_ATTRIBUTE_DIRECTORY) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -949,6 +935,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
return NT_STATUS_CANNOT_DELETE;
}
+ /* check the security descriptor */
+ status = pvfs_access_check(pvfs, req, name, &access_mask);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
f = talloc_p(req, struct pvfs_file);
if (f == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -1036,6 +1028,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
f->handle->have_opendb_entry = True;
+ if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
+ flags |= O_RDWR;
+ } else {
+ flags |= O_RDONLY;
+ }
+
/* do the actual open */
fd = open(f->handle->name->full_name, flags);
if (fd == -1) {