diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-08-05 17:51:21 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-08-05 17:51:58 +1000 |
commit | 00a8ff5fe9acf965395b99b39b0c24a5517b6e2b (patch) | |
tree | f544527da4c973658174926191ef630d79208e58 /source4 | |
parent | 0a16265bc21e6f1f8cef4f38b7b45f3fd356527c (diff) | |
download | samba-00a8ff5fe9acf965395b99b39b0c24a5517b6e2b.tar.gz samba-00a8ff5fe9acf965395b99b39b0c24a5517b6e2b.tar.bz2 samba-00a8ff5fe9acf965395b99b39b0c24a5517b6e2b.zip |
fixed a problem with group policy writes causing policy corruption
This bug was caused by two things:
1) in the unix ACL mapping, we were not taking into account group
write permssions for the SEC_STD_DELETE flag
2) when a file is created using OVERWRITE mode, a fchmod() would
fail if the user is not the file owner. We resolve that by only
doing the fchmod() if the mapped file attribute does not match the
desired file attribute
Diffstat (limited to 'source4')
-rw-r--r-- | source4/ntvfs/posix/pvfs_acl.c | 37 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_open.c | 10 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_util.c | 5 |
3 files changed, 48 insertions, 4 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 203b6b11c0..ad7ac5a749 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -449,6 +449,35 @@ static bool pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask) } /* + see if we are a member of the appropriate unix group + */ +static bool pvfs_group_member(struct pvfs_state *pvfs, gid_t gid) +{ + int i, ngroups; + gid_t *groups; + if (getegid() == gid) { + return true; + } + ngroups = getgroups(0, NULL); + if (ngroups == 0) { + return false; + } + groups = talloc_array(pvfs, gid_t, ngroups); + if (groups == NULL) { + return false; + } + if (getgroups(ngroups, groups) != ngroups) { + talloc_free(groups); + return false; + } + for (i=0; i<ngroups; i++) { + if (groups[i] == gid) break; + } + talloc_free(groups); + return i < ngroups; +} + +/* default access check function based on unix permissions doing this saves on building a full security descriptor for the common case of access check on files with no @@ -473,6 +502,12 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, max_bits |= SEC_STD_ALL; } + if ((name->st.st_mode & S_IWOTH) || + ((name->st.st_mode & S_IWGRP) && + pvfs_group_member(pvfs, name->st.st_gid))) { + max_bits |= SEC_STD_ALL; + } + if (uwrap_enabled()) { /* when running with the uid wrapper, files will be created owned by the ruid, but we may have a different simulated @@ -491,6 +526,8 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, } if (*access_mask & ~max_bits) { + DEBUG(0,(__location__ " denied access to '%s' - wanted 0x%08x but got 0x%08x (missing 0x%08x)\n", + name->full_name, *access_mask, max_bits, *access_mask & ~max_bits)); return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 12f50fcc97..46e39a00dd 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -534,7 +534,7 @@ static int pvfs_handle_destructor(struct pvfs_file_handle *h) if (!timeval_is_zero(&tv[0]) || !timeval_is_zero(&tv[1])) { if (utimes(h->name->full_name, tv) == -1) { - DEBUG(0,("pvfs_handle_destructor: utimes() failed '%s' - %s\n", + DEBUG(3,("pvfs_handle_destructor: utimes() failed '%s' - %s\n", h->name->full_name, strerror(errno))); } } @@ -1516,6 +1516,8 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, if (fd == -1) { status = pvfs_map_errno(f->pvfs, errno); + DEBUG(0,(__location__ " mapped errno %s for %s (was %d)\n", + nt_errstr(status), f->handle->name->full_name, errno)); /* * STATUS_MORE_ENTRIES is EAGAIN or EWOULDBLOCK */ @@ -1581,10 +1583,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, if (f->handle->name->stream_id == 0 && (io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE || io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE_IF)) { - /* for overwrite we need to replace file permissions */ + /* for overwrite we may need to replace file permissions */ uint32_t attrib = io->ntcreatex.in.file_attr | FILE_ATTRIBUTE_ARCHIVE; mode_t mode = pvfs_fileperms(pvfs, attrib); - if (fchmod(fd, mode) == -1) { + if (f->handle->name->st.st_mode != mode && + f->handle->name->dos.attrib != attrib && + fchmod(fd, mode) == -1) { talloc_free(lck); return pvfs_map_errno(pvfs, errno); } diff --git a/source4/ntvfs/posix/pvfs_util.c b/source4/ntvfs/posix/pvfs_util.c index 81ff20a608..b1b0a64789 100644 --- a/source4/ntvfs/posix/pvfs_util.c +++ b/source4/ntvfs/posix/pvfs_util.c @@ -39,7 +39,10 @@ bool pvfs_has_wildcard(const char *str) */ NTSTATUS pvfs_map_errno(struct pvfs_state *pvfs, int unix_errno) { - return map_nt_error_from_unix(unix_errno); + NTSTATUS status; + status = map_nt_error_from_unix(unix_errno); + DEBUG(10,(__location__ " mapped unix errno %d -> %s\n", unix_errno, nt_errstr(status))); + return status; } |