summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/close.c22
-rw-r--r--source3/smbd/conn.c1
-rw-r--r--source3/smbd/file_access.c5
-rw-r--r--source3/smbd/fileio.c3
-rw-r--r--source3/smbd/files.c43
-rw-r--r--source3/smbd/open.c28
-rw-r--r--source3/smbd/reply.c12
-rw-r--r--source3/smbd/server.c2
-rw-r--r--source3/smbd/service.c8
-rw-r--r--source3/smbd/trans2.c14
-rw-r--r--source3/smbd/uid.c11
11 files changed, 135 insertions, 14 deletions
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 78b8123680..d23b509af2 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -471,6 +471,7 @@ static NTSTATUS update_write_time_on_close(struct files_struct *fsp)
SMB_STRUCT_STAT sbuf;
struct smb_file_time ft;
NTSTATUS status;
+ int ret = -1;
ZERO_STRUCT(sbuf);
ZERO_STRUCT(ft);
@@ -485,15 +486,19 @@ static NTSTATUS update_write_time_on_close(struct files_struct *fsp)
/* Ensure we have a valid stat struct for the source. */
if (fsp->fh->fd != -1) {
- if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
- return map_nt_error_from_unix(errno);
- }
+ ret = SMB_VFS_FSTAT(fsp, &sbuf);
} else {
- if (SMB_VFS_STAT(fsp->conn,fsp->fsp_name,&sbuf) == -1) {
- return map_nt_error_from_unix(errno);
+ if (fsp->posix_open) {
+ ret = SMB_VFS_LSTAT(fsp->conn,fsp->fsp_name,&sbuf);
+ } else {
+ ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name,&sbuf);
}
}
+ if (ret == -1) {
+ return map_nt_error_from_unix(errno);
+ }
+
if (!VALID_STAT(sbuf)) {
/* if it doesn't seem to be a real file */
return NT_STATUS_OK;
@@ -581,6 +586,13 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
*/
saved_status4 = update_write_time_on_close(fsp);
+ if (NT_STATUS_EQUAL(saved_status4, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ /* Someone renamed the file or a parent directory containing
+ * this file. We can't do anything about this, we don't have
+ * an "update timestamp by fd" call in POSIX. Eat the error. */
+
+ saved_status4 = NT_STATUS_OK;
+ }
if (NT_STATUS_IS_OK(status)) {
if (!NT_STATUS_IS_OK(saved_status1)) {
diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 4b467b0312..a52f2d2e96 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -140,6 +140,7 @@ find_again:
return NULL;
}
conn->cnum = i;
+ conn->force_group_gid = (gid_t)-1;
bitmap_set(bmap, i);
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index fe7ba1cc46..abffcd2f4f 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -34,6 +34,11 @@ bool can_access_file_acl(struct connection_struct *conn,
uint32_t access_granted;
struct security_descriptor *secdesc = NULL;
+ if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ /* I'm sorry sir, I didn't know you were root... */
+ return true;
+ }
+
status = SMB_VFS_GET_NT_ACL(conn, fname,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c
index a9a97a2d14..adf664b396 100644
--- a/source3/smbd/fileio.c
+++ b/source3/smbd/fileio.c
@@ -256,10 +256,9 @@ ssize_t write_file(struct smb_request *req,
int write_path = -1;
if (fsp->print_file) {
- fstring sharename;
uint32 jobid;
- if (!rap_to_pjobid(fsp->rap_print_jobid, sharename, &jobid)) {
+ if (!rap_to_pjobid(fsp->rap_print_jobid, NULL, &jobid)) {
DEBUG(3,("write_file: Unable to map RAP jobid %u to jobid.\n",
(unsigned int)fsp->rap_print_jobid ));
errno = EBADF;
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index efaadffc06..36e80a086a 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -356,6 +356,49 @@ files_struct *file_find_print(void)
}
/****************************************************************************
+ Find any fsp open with a pathname below that of an already open path.
+****************************************************************************/
+
+bool file_find_subpath(files_struct *dir_fsp)
+{
+ files_struct *fsp;
+ size_t dlen;
+ char *d_fullname = talloc_asprintf(talloc_tos(),
+ "%s/%s",
+ dir_fsp->conn->connectpath,
+ dir_fsp->fsp_name);
+
+ if (!d_fullname) {
+ return false;
+ }
+
+ dlen = strlen(d_fullname);
+
+ for (fsp=Files;fsp;fsp=fsp->next) {
+ char *d1_fullname;
+
+ if (fsp == dir_fsp) {
+ continue;
+ }
+
+ d1_fullname = talloc_asprintf(talloc_tos(),
+ "%s/%s",
+ fsp->conn->connectpath,
+ fsp->fsp_name);
+
+ if (strnequal(d_fullname, d1_fullname, dlen)) {
+ TALLOC_FREE(d_fullname);
+ TALLOC_FREE(d1_fullname);
+ return true;
+ }
+ TALLOC_FREE(d1_fullname);
+ }
+
+ TALLOC_FREE(d_fullname);
+ return false;
+}
+
+/****************************************************************************
Sync open files on a connection.
****************************************************************************/
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index a42705adb6..acd347520d 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -76,6 +76,15 @@ static NTSTATUS check_open_rights(struct connection_struct *conn,
*access_granted = 0;
+ if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ /* I'm sorry sir, I didn't know you were root... */
+ *access_granted = access_mask;
+ if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+ *access_granted |= FILE_GENERIC_ALL;
+ }
+ return NT_STATUS_OK;
+ }
+
status = SMB_VFS_GET_NT_ACL(conn, fname,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
@@ -2457,6 +2466,25 @@ static NTSTATUS open_directory(connection_struct *conn,
fname,
access_mask,
&access_granted);
+
+ /* Were we trying to do a directory open
+ * for delete and didn't get DELETE
+ * access (only) ? Check if the
+ * directory allows DELETE_CHILD.
+ * See here:
+ * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
+ * for details. */
+
+ if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
+ (access_mask & DELETE_ACCESS) &&
+ (access_granted == DELETE_ACCESS) &&
+ can_delete_file_in_directory(conn, fname))) {
+ DEBUG(10,("open_directory: overrode ACCESS_DENIED "
+ "on directory %s\n",
+ fname ));
+ status = NT_STATUS_OK;
+ }
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_directory: check_open_rights on "
"file %s failed with %s\n",
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index b30ef23c0e..22e4c1aad7 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2214,6 +2214,16 @@ static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
}
if (S_ISDIR(pst->st_mode)) {
+ if (fsp->posix_open) {
+ return NT_STATUS_OK;
+ }
+
+ /* If no pathnames are open below this
+ directory, allow the rename. */
+
+ if (file_find_subpath(fsp)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
return NT_STATUS_OK;
}
@@ -2808,9 +2818,9 @@ static void send_file_readbraw(connection_struct *conn,
}
return;
}
-#endif
normal_readbraw:
+#endif
outbuf = TALLOC_ARRAY(NULL, char, nread+4);
if (!outbuf) {
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 346e8973de..538e04938e 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -730,7 +730,7 @@ void reload_printers(void)
DEBUG(3, ("removing stale printer %s\n", pname));
if (is_printer_published(NULL, snum, NULL))
- nt_printer_publish(NULL, snum, SPOOL_DS_UNPUBLISH);
+ nt_printer_publish(NULL, snum, DSPRINT_UNPUBLISH);
del_a_printer(pname);
lp_killservice(snum);
}
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index dcdd69f997..eb16a2601e 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -833,6 +833,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
*pstatus = status;
return NULL;
}
+
+ /*
+ * We need to cache this gid, to use within
+ * change_to_user() separately from the conn->server_info
+ * struct. We only use conn->server_info directly if
+ * "force_user" was set.
+ */
+ conn->force_group_gid = conn->server_info->utok.gid;
}
conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID;
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 759e520866..ee1dda98b2 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -4972,6 +4972,7 @@ NTSTATUS smb_set_file_time(connection_struct *conn,
****************************************************************************/
static NTSTATUS smb_set_file_dosmode(connection_struct *conn,
+ files_struct *fsp,
const char *fname,
SMB_STRUCT_STAT *psbuf,
uint32 dosmode)
@@ -4980,6 +4981,14 @@ static NTSTATUS smb_set_file_dosmode(connection_struct *conn,
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
+ if (fsp) {
+ if (fsp->base_fsp) {
+ fname = fsp->base_fsp->fsp_name;
+ } else {
+ fname = fsp->fsp_name;
+ }
+ }
+
if (dosmode) {
if (S_ISDIR(psbuf->st_mode)) {
dosmode |= aDIR;
@@ -5723,12 +5732,11 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn,
/* Set the attributes */
dosmode = IVAL(pdata,32);
- status = smb_set_file_dosmode(conn, fname, psbuf, dosmode);
+ status = smb_set_file_dosmode(conn, fsp, fname, psbuf, dosmode);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
-
/* access time */
ft.atime = interpret_long_date(pdata+8);
@@ -6415,6 +6423,8 @@ static NTSTATUS smb_posix_open(connection_struct *conn,
create_disp = FILE_OVERWRITE_IF;
} else if((wire_open_mode & SMB_O_CREAT) == SMB_O_CREAT) {
create_disp = FILE_OPEN_IF;
+ } else if ((wire_open_mode & (SMB_O_CREAT | SMB_O_EXCL | SMB_O_TRUNC)) == 0) {
+ create_disp = FILE_OPEN;
} else {
DEBUG(5,("smb_posix_open: invalid create mode 0x%x\n",
(unsigned int)wire_open_mode ));
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 4f059bdb59..f8c55b1b8f 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -254,6 +254,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
if((group_c = *lp_force_group(snum))) {
+ SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
+
if(group_c == '+') {
/*
@@ -266,15 +268,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
int i;
for (i = 0; i < num_groups; i++) {
if (group_list[i]
- == conn->server_info->utok.gid) {
- gid = conn->server_info->utok.gid;
+ == conn->force_group_gid) {
+ conn->server_info->utok.gid =
+ conn->force_group_gid;
+ gid = conn->force_group_gid;
gid_to_sid(&conn->server_info->ptok
->user_sids[1], gid);
break;
}
}
} else {
- gid = conn->server_info->utok.gid;
+ conn->server_info->utok.gid = conn->force_group_gid;
+ gid = conn->force_group_gid;
gid_to_sid(&conn->server_info->ptok->user_sids[1],
gid);
}
generated by cgit (git 2.34.1) at 2024-11-17 14:42:32 +0000