From 54695647ef52558e5f83744898b7c5c95c9fed5a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sat, 27 May 2000 01:56:26 +0000 Subject: fixed nttrans.c (This used to be commit 06cd46b0ec10b32af54edd8256d2fdbec45e1371) --- source3/lib/util_sid.c | 2 +- source3/lib/util_unixsd.c | 679 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 680 insertions(+), 1 deletion(-) create mode 100644 source3/lib/util_unixsd.c (limited to 'source3/lib') diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 65bc2fe85d..3605dfbf27 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -391,7 +391,7 @@ BOOL sid_linearize(char *outbuf, size_t len, DOM_SID *sid) Compare two sids. *****************************************************************/ -BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2) +BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2) { int i; diff --git a/source3/lib/util_unixsd.c b/source3/lib/util_unixsd.c new file mode 100644 index 0000000000..1bfc56a2da --- /dev/null +++ b/source3/lib/util_unixsd.c @@ -0,0 +1,679 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + SMB NT Security Descriptor / Unix permission conversion. + Copyright (C) Jeremy Allison 1994-2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "rpc_parse.h" +#include "sids.h" + +#ifndef WITH_SURS +extern DOM_SID global_sid_World; +#define global_sid_everyone &global_sid_World +#endif + + +/**************************************************************************** + Map unix perms to NT. +****************************************************************************/ + +static SEC_ACCESS map_unix_perms(int *pacl_type, mode_t perm, int r_mask, + int w_mask, int x_mask, BOOL is_directory) +{ + SEC_ACCESS sa; + uint32 nt_mask = 0; + + *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED; + + if ((perm & (r_mask | w_mask | x_mask)) == (r_mask | w_mask | x_mask)) + { + nt_mask = UNIX_ACCESS_RWX; + } + else if ((perm & (r_mask | w_mask | x_mask)) == 0) + { + nt_mask = UNIX_ACCESS_NONE; + } + else + { + nt_mask |= (perm & r_mask) ? UNIX_ACCESS_R : 0; + if (is_directory) + nt_mask |= (perm & w_mask) ? UNIX_ACCESS_W : 0; + else + nt_mask |= (perm & w_mask) ? UNIX_ACCESS_W : 0; + nt_mask |= (perm & x_mask) ? UNIX_ACCESS_X : 0; + } + make_sec_access(&sa, nt_mask); + return sa; +} + +/**************************************************************************** + Function to create owner and group SIDs from a SMB_STRUCT_STAT. +****************************************************************************/ + +static BOOL create_file_sids(const SMB_STRUCT_STAT * psbuf, + DOM_SID *powner_sid, DOM_SID *pgroup_sid) +{ + extern DOM_SID global_sam_sid; + + sid_copy(powner_sid, &global_sam_sid); + sid_copy(pgroup_sid, &global_sam_sid); + sid_append_rid(powner_sid, pdb_uid_to_user_rid(psbuf->st_uid)); + sid_append_rid(pgroup_sid, pdb_gid_to_group_rid(psbuf->st_gid)); + return True; +} + +#ifdef WITH_SURS +static BOOL create_file_sids(const SMB_STRUCT_STAT * psbuf, + DOM_SID *powner_sid, DOM_SID *pgroup_sid) +{ + SURS_POSIX_ID id; + + ZERO_STRUCTP(powner_sid); + ZERO_STRUCTP(pgroup_sid); + DEBUG(0, ("TODO: create_file_sids: not ok " + "to assume gid is NT group\n")); + + id.type = SURS_POSIX_UID; + id.id = (uint32)psbuf->st_uid; + + if (!surs_unixid_to_sam_sid(&id, powner_sid, False)) + { + DEBUG(3, ("create_file_sids: map uid %d failed\n", + (int)psbuf->st_uid)); + return False; + } + + id.type = SURS_POSIX_GID; + id.id = (uint32)psbuf->st_gid; + + if (!surs_unixid_to_sam_sid(&id, pgroup_sid, False)) + { + DEBUG(3, ("create_file_sids: map gid %d failed\n", + (int)psbuf->st_gid)); + return False; + } + return True; +} +#endif + +/**************************************************************************** + Reply to query a security descriptor from an fsp. If it succeeds it allocates + the space for the return elements and returns True. +****************************************************************************/ + +size_t convertperms_unix_to_sd(const SMB_STRUCT_STAT * sbuf, + BOOL is_directory, mode_t mode, + SEC_DESC ** ppdesc) +{ + SEC_ACE *ace_list = NULL; + DOM_SID owner_sid; + DOM_SID group_sid; + size_t sec_desc_size; + SEC_ACL *psa = NULL; + SEC_ACCESS owner_access; + int owner_acl_type; + SEC_ACCESS group_access; + int grp_acl_type; + SEC_ACCESS other_access; + int other_acl_type; + int num_acls = 0; + + (*ppdesc) = NULL; + + if (!lp_nt_acl_support()) + { + sid_copy(&owner_sid, global_sid_everyone); + sid_copy(&group_sid, global_sid_everyone); + } + else + { + if (!create_file_sids(sbuf, &owner_sid, &group_sid)) + { + DEBUG(3, ("create_file_sids: uid or gid " + "not mapped to SIDS\n")); + return 0; + } + + /* + * Create the generic 3 element UNIX acl. + */ + + owner_access = map_unix_perms(&owner_acl_type, sbuf->st_mode, + S_IRUSR, S_IWUSR, S_IXUSR, + is_directory); + group_access = map_unix_perms(&grp_acl_type, sbuf->st_mode, + S_IRGRP, S_IWGRP, S_IXGRP, + is_directory); + other_access = map_unix_perms(&other_acl_type, sbuf->st_mode, + S_IROTH, S_IWOTH, S_IXOTH, + is_directory); + + if (owner_access.mask) + { + ace_list = g_renew(SEC_ACE, ace_list, num_acls + 1); + if (ace_list == NULL) + { + return 0; + } + make_sec_ace(&ace_list[num_acls++], &owner_sid, + owner_acl_type, owner_access, 0); + } + + if (group_access.mask) + { + ace_list = g_renew(SEC_ACE, ace_list, num_acls + 1); + if (ace_list == NULL) + { + return 0; + } + + make_sec_ace(&ace_list[num_acls++], &group_sid, + grp_acl_type, group_access, 0); + } + + if (other_access.mask) + { + ace_list = g_renew(SEC_ACE, ace_list, num_acls + 1); + if (ace_list == NULL) + { + return 0; + } + + make_sec_ace(&ace_list[num_acls++], + global_sid_everyone, other_acl_type, + other_access, 0); + } + + if (is_directory) + { + /* + * For directory ACLs we also add in the + * inherited permissions ACE entries. These + * are the permissions a file would get when + * being created in the directory. + */ + + owner_access = map_unix_perms(&owner_acl_type, mode, + S_IRUSR, S_IWUSR, + S_IXUSR, is_directory); + group_access = map_unix_perms(&grp_acl_type, + mode, S_IRGRP, + S_IWGRP, S_IXGRP, + is_directory); + other_access = map_unix_perms(&other_acl_type, + mode, S_IROTH, + S_IWOTH, S_IXOTH, + is_directory); + + if (owner_access.mask) + { + ace_list = g_renew(SEC_ACE, ace_list, + num_acls + 1); + if (ace_list == NULL) + { + return 0; + } + + make_sec_ace(&ace_list[num_acls++], + &owner_sid, owner_acl_type, + owner_access, + SEC_ACE_FLAG_OBJECT_INHERIT | + SEC_ACE_FLAG_INHERIT_ONLY); + } + + if (group_access.mask) + { + ace_list = g_renew(SEC_ACE, ace_list, + num_acls + 1); + if (ace_list == NULL) + { + return 0; + } + + make_sec_ace(&ace_list[num_acls++], + &group_sid, grp_acl_type, + group_access, + SEC_ACE_FLAG_OBJECT_INHERIT | + SEC_ACE_FLAG_INHERIT_ONLY); + } + + if (other_access.mask) + { + ace_list = g_renew(SEC_ACE, ace_list, + num_acls + 1); + if (ace_list == NULL) + { + return 0; + } + + make_sec_ace(&ace_list[num_acls++], + global_sid_everyone, + other_acl_type, other_access, + SEC_ACE_FLAG_OBJECT_INHERIT | + SEC_ACE_FLAG_INHERIT_ONLY); + } + } + + if (num_acls) + { + psa = g_new(SEC_ACL, 1); + if (psa == NULL) + { + safe_free(ace_list); + } + if (!make_sec_acl(psa, 2, num_acls, ace_list)) + { + DEBUG(0, ("get_nt_acl: Unable to malloc " + "space for acl.\n")); + safe_free(ace_list); + safe_free(psa); + return 0; + } + } + } + + (*ppdesc) = g_new(SEC_DESC, 1); + + if ((*ppdesc) == NULL) + { + DEBUG(0, ("get_nt_acl: Unable to malloc space " + "for security descriptor.\n")); + sec_desc_size = 0; + free_sec_acl(psa); + safe_free(psa); + return 0; + } + + sec_desc_size = make_sec_desc((*ppdesc), 1, + SEC_DESC_SELF_RELATIVE | + SEC_DESC_DACL_PRESENT, + sid_dup(&owner_sid), + sid_dup(&group_sid), NULL, psa); + + return sec_desc_size; +} + +/**************************************************************************** + Map NT perms to UNIX. +****************************************************************************/ + +#define FILE_SPECIFIC_READ_BITS \ + (FILE_READ_DATA|FILE_READ_EA|FILE_READ_ATTRIBUTES) +#define FILE_SPECIFIC_WRITE_BITS \ + (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES) +#define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE) + +#define PRINT_SPECIFIC_READ_BITS (PRINTER_READ) +#define PRINT_SPECIFIC_WRITE_BITS (PRINTER_READ) +#define PRINT_SPECIFIC_EXECUTE_BITS (PRINTER_ALL_ACCESS) + +static mode_t map_nt_perms(SEC_ACCESS sec_access, int type) +{ + uint32 write_bits; + uint32 read_bits; + uint32 execute_bits; + mode_t mode = 0; + + write_bits = FILE_SPECIFIC_WRITE_BITS; + read_bits = FILE_SPECIFIC_READ_BITS; + execute_bits = FILE_SPECIFIC_EXECUTE_BITS; + + switch (type) + { + case S_IRUSR: + if (sec_access.mask & GENERIC_ALL_ACCESS) + mode = S_IRUSR | S_IWUSR | S_IXUSR; + else + { + mode |= + (sec_access.mask & + (GENERIC_READ_ACCESS | + read_bits)) ? S_IRUSR : 0; + mode |= + (sec_access.mask & + (GENERIC_WRITE_ACCESS | + write_bits)) ? S_IWUSR : 0; + mode |= + (sec_access.mask & + (GENERIC_EXECUTE_ACCESS | + execute_bits)) ? S_IXUSR : 0; + } + break; + case S_IRGRP: + if (sec_access.mask & GENERIC_ALL_ACCESS) + mode = S_IRGRP | S_IWGRP | S_IXGRP; + else + { + mode |= + (sec_access.mask & + (GENERIC_READ_ACCESS | + read_bits)) ? S_IRGRP : 0; + mode |= + (sec_access.mask & + (GENERIC_WRITE_ACCESS | + write_bits)) ? S_IWGRP : 0; + mode |= + (sec_access.mask & + (GENERIC_EXECUTE_ACCESS | + execute_bits)) ? S_IXGRP : 0; + } + break; + case S_IROTH: + if (sec_access.mask & GENERIC_ALL_ACCESS) + mode = S_IROTH | S_IWOTH | S_IXOTH; + else + { + mode |= + (sec_access.mask & + (GENERIC_READ_ACCESS | + read_bits)) ? S_IROTH : 0; + mode |= + (sec_access.mask & + (GENERIC_WRITE_ACCESS | + write_bits)) ? S_IWOTH : 0; + mode |= + (sec_access.mask & + (GENERIC_EXECUTE_ACCESS | + execute_bits)) ? S_IXOTH : 0; + } + break; + } + + return mode; +} + +#ifndef WITH_SURS +/**************************************************************************** + Validate a SID. +****************************************************************************/ +static BOOL validate_unix_sid(DOM_SID *psid, uint32 *prid, DOM_SID *sd_sid) +{ + extern DOM_SID global_sam_sid; + DOM_SID sid; + + if (!sd_sid) + { + DEBUG(5, ("validate_unix_sid: sid missing.\n")); + return False; + } + + sid_copy(psid, sd_sid); + sid_copy(&sid, sd_sid); + + if (!sid_split_rid(&sid, prid)) + { + DEBUG(5, ("validate_unix_sid: cannot get RID from sid.\n")); + return False; + } + + if (!sid_equal(&sid, &global_sam_sid)) + { + DEBUG(5, ("validate_unix_sid: sid is not ours.\n")); + return False; + } + + return True; +} +#endif + +/**************************************************************************** + Unpack a SEC_DESC into a owner, group and set of UNIX permissions. +****************************************************************************/ + +BOOL convertperms_sd_to_unix(SMB_STRUCT_STAT * psbuf, uid_t * puser, + gid_t * pgrp, mode_t * pmode, + uint32 security_info_sent, SEC_DESC * psd, + BOOL is_directory) +{ + DOM_SID file_owner_sid; + DOM_SID file_grp_sid; + SEC_ACL *dacl = psd->dacl; + BOOL all_aces_are_inherit_only = (is_directory ? True : False); + int i; +#ifdef WITH_SURS + SURS_POSIX_ID id; +#else + DOM_SID owner_sid; + DOM_SID grp_sid; + uint32 owner_rid; + uint32 grp_rid; +#endif + + *pmode = 0; + *puser = (uid_t) - 1; + *pgrp = (gid_t) - 1; + + if (security_info_sent == 0) + { + DEBUG(0, ("unpack_nt_permissions: " + "no security info sent !\n")); + return False; + } + + /* + * Windows 2000 sends the owner and group SIDs as the logged in + * user, not the connected user. But it still sends the file + * owner SIDs on an ACL set. So we need to check for the file + * owner and group SIDs as well as the owner SIDs. JRA. + */ + + if (!create_file_sids(psbuf, &file_owner_sid, &file_grp_sid)) + { + DEBUG(3, ("create_file_sids: uid or gid " + "not mapped to SIDS\n")); + return 0; + } + + /* + * Don't immediately fail if the owner sid cannot be validated. + * This may be a group chown only set. + */ + + DEBUG(0, ("TODO: LsaLookupSids to find type of owner_sid\n")); + +#ifdef WITH_SURS + if (security_info_sent & OWNER_SECURITY_INFORMATION && + surs_sam_sid_to_unixid(psd->owner_sid, &id, False) && + id.type == SURS_POSIX_UID) + { + *puser = (uid_t) id.id; + } + +#else + if (!validate_unix_sid(&owner_sid, &owner_rid, psd->owner_sid)) + DEBUG(3, + ("unpack_nt_permissions: unable to validate owner sid.\n")); + else if (security_info_sent & OWNER_SECURITY_INFORMATION) + *puser = pdb_user_rid_to_uid(owner_rid); + + if (security_info_sent & OWNER_SECURITY_INFORMATION) + { + *puser = pdb_user_rid_to_uid(owner_rid); + } + +#endif + /* + * Don't immediately fail if the group sid cannot be validated. + * This may be an owner chown only set. + */ + +#ifdef WITH_SURS + if (security_info_sent & GROUP_SECURITY_INFORMATION && + surs_sam_sid_to_unixid(psd->grp_sid, &id, False) && + (id.type == SURS_POSIX_GID)) + { + *pgrp = (gid_t) id.id; + } +#else + if (!validate_unix_sid(&grp_sid, &grp_rid, psd->grp_sid)) + DEBUG(3, + ("unpack_nt_permissions: unable to validate group sid.\n")); + else if (security_info_sent & GROUP_SECURITY_INFORMATION) + *pgrp = pdb_user_rid_to_gid(grp_rid); + +#endif + /* + * If no DACL then this is a chown only security descriptor. + */ + + if (!(security_info_sent & DACL_SECURITY_INFORMATION) || !dacl) + { + *pmode = 0; + return True; + } + + /* + * Now go through the DACL and ensure that + * any owner/group sids match. + */ + + for (i = 0; i < dacl->num_aces; i++) + { + DOM_SID ace_sid; + SEC_ACE *psa = &dacl->ace[i]; + + if ((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && + (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) + { + DEBUG(3, ("unpack_nt_permissions: " + "unable to set anything but an " + "ALLOW or DENY ACE.\n")); + return False; + } + + /* + * Ignore or remove bits we don't care about on a directory ACE. + */ + + if (is_directory) + { + if (psa->flags & SEC_ACE_FLAG_INHERIT_ONLY) + { + DEBUG(3, ("unpack_nt_permissions: " + "ignoring inherit only ACE.\n")); + continue; + } + + /* + * At least one of the ACE entries wasn't inherit only. + * Flag this so we know the returned mode is valid. + */ + + all_aces_are_inherit_only = False; + } + + /* + * Windows 2000 sets these flags even on *file* ACE's. + * This is wrong but we can ignore them for now. + * Revisit this when we go to POSIX ACLs on directories. + */ + + psa->flags &= + ~(SEC_ACE_FLAG_OBJECT_INHERIT | + SEC_ACE_FLAG_CONTAINER_INHERIT); + + if (psa->flags != 0) + { + DEBUG(1, + ("unpack_nt_permissions: unable to set ACE flags (%x).\n", + (unsigned int)psa->flags)); + return False; + } + + /* + * The security mask may be UNIX_ACCESS_NONE which + * should map into no permissions (we overload the + * WRITE_OWNER bit for this) or it should be one of + * the ALL/EXECUTE/READ/WRITE bits. Arrange for this + * to be so. Any other bits override the + * UNIX_ACCESS_NONE bit. + */ + + psa->info.mask &= + (GENERIC_ALL_ACCESS | GENERIC_EXECUTE_ACCESS | + GENERIC_WRITE_ACCESS | GENERIC_READ_ACCESS | + UNIX_ACCESS_NONE | FILE_ALL_ATTRIBUTES); + + if (psa->info.mask != UNIX_ACCESS_NONE) + psa->info.mask &= ~UNIX_ACCESS_NONE; + + sid_copy(&ace_sid, &psa->sid); + + if (sid_equal(&ace_sid, &file_owner_sid)) + { + /* + * Map the desired permissions into owner perms. + */ + + if (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) + *pmode |= map_nt_perms(psa->info, S_IRUSR); + else + *pmode &= ~(map_nt_perms(psa->info, S_IRUSR)); + + } + else if (sid_equal(&ace_sid, &file_grp_sid)) + { + /* + * Map the desired permissions into group perms. + */ + + if (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) + *pmode |= map_nt_perms(psa->info, S_IRGRP); + else + *pmode &= ~(map_nt_perms(psa->info, S_IRGRP)); + + } + else if (sid_equal(&ace_sid, global_sid_everyone)) + { + /* + * Map the desired permissions into other perms. + */ + + if (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) + *pmode |= map_nt_perms(psa->info, S_IROTH); + else + *pmode &= ~(map_nt_perms(psa->info, S_IROTH)); + + } + else + { + DEBUG(0, ("unpack_nt_permissions: " + "unknown SID used in ACL.\n")); + return False; + } + } + + if (is_directory && all_aces_are_inherit_only) + { + /* + * Windows 2000 is doing one of these weird 'inherit acl' + * traverses to conserve NTFS ACL resources. Just pretend + * there was no DACL sent. JRA. + */ + + DEBUG(10, ("unpack_nt_permissions: " + "Win2k inherit acl traverse. " + "Ignoring DACL.\n")); + free_sec_acl(psd->dacl); + safe_free(psd->dacl); + psd->dacl = NULL; + } + + return True; +} -- cgit