From 812dcab195504301faea7443f1cb900dea57a823 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 12 Oct 2001 22:00:38 +0000 Subject: Made nt acl support a local parameter for w2ksp2 profile fix. Jeremy. (This used to be commit ebba334c15619610475a5c8242a55ed4fcdedf7c) --- source3/param/loadparm.c | 8 ++--- source3/smbd/nttrans.c | 80 ++++++++++++++++++++++++++++++++---------------- source3/smbd/trans2.c | 2 +- 3 files changed, 59 insertions(+), 31 deletions(-) (limited to 'source3') diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 63bc16e394..e011f47df6 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -254,7 +254,6 @@ typedef struct BOOL bTimestampLogs; BOOL bNTSmbSupport; BOOL bNTPipeSupport; - BOOL bNTAclSupport; BOOL bStatCache; BOOL bKernelOplocks; BOOL bAllowTrustedDomains; @@ -388,6 +387,7 @@ typedef struct BOOL bInheritPerms; BOOL bMSDfsRoot; BOOL bUseClientDriver; + BOOL bNTAclSupport; char dummy[3]; /* for alignment */ } @@ -502,6 +502,7 @@ static service sDefault = { False, /* bInheritPerms */ False, /* bMSDfsRoot */ False, /* bUseClientDriver */ + True, /* bNTAclSupport */ "" /* dummy */ }; @@ -783,7 +784,7 @@ static struct parm_struct parm_table[] = { {N_("write raw"), P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, 0}, {N_("nt pipe support"), P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, 0}, - {N_("nt acl support"), P_BOOL, P_GLOBAL, &Globals.bNTAclSupport, NULL, NULL, 0}, + {N_("nt acl support"), P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, 0}, {N_("announce version"), P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, 0}, {N_("announce as"), P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, 0}, {N_("max mux"), P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, 0}, @@ -1280,7 +1281,6 @@ static void init_globals(void) Globals.bPasswdChatDebug = False; Globals.bUnicode = True; /* Do unicode on the wire by default */ Globals.bNTPipeSupport = True; /* Do NT pipes by default. */ - Globals.bNTAclSupport = True; /* Use NT ACLs by default. */ Globals.bStatCache = True; /* use stat cache by default */ Globals.bRestrictAnonymous = False; Globals.bLanmanAuth = True; /* Do use the LanMan hash if it is available */ @@ -1570,7 +1570,6 @@ FN_GLOBAL_BOOL(lp_unix_password_sync, &Globals.bUnixPasswdSync) FN_GLOBAL_BOOL(lp_passwd_chat_debug, &Globals.bPasswdChatDebug) FN_GLOBAL_BOOL(lp_unicode, &Globals.bUnicode) FN_GLOBAL_BOOL(lp_nt_pipe_support, &Globals.bNTPipeSupport) -FN_GLOBAL_BOOL(lp_nt_acl_support, &Globals.bNTAclSupport) FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache) FN_GLOBAL_BOOL(lp_allow_trusted_domains, &Globals.bAllowTrustedDomains) FN_GLOBAL_BOOL(lp_restrict_anonymous, &Globals.bRestrictAnonymous) @@ -1699,6 +1698,7 @@ FN_LOCAL_BOOL(lp_fake_dir_create_times, bFakeDirCreateTimes) FN_LOCAL_BOOL(lp_blocking_locks, bBlockingLocks) FN_LOCAL_BOOL(lp_inherit_perms, bInheritPerms) FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver) +FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport) FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask) FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode) FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 2618a96913..1d8d2bae3e 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1463,6 +1463,23 @@ static int call_nt_transact_rename(connection_struct *conn, return -1; } +/****************************************************************************** + Fake up a completely empty SD. +*******************************************************************************/ + +static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd) +{ + extern DOM_SID global_sid_World; + size_t sd_size; + + *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size); + if(!*ppsd) { + DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n")); + sd_size = 0; + } + + return sd_size; +} /**************************************************************************** Reply to query a security descriptor - currently this is not implemented (it @@ -1496,12 +1513,24 @@ static int call_nt_transact_query_security_desc(connection_struct *conn, *ppparams = params; + if ((mem_ctx = talloc_init()) == NULL) { + DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n")); + return ERROR_DOS(ERRDOS,ERRnomem); + } + /* * Get the permissions to return. */ - if((sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd)) == 0) + if (!lp_nt_acl_support(SNUM(conn))) + sd_size = get_null_nt_acl(mem_ctx, &psd); + else + sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd); + + if (sd_size == 0) { + talloc_destroy(mem_ctx); return(UNIXERROR(ERRDOS,ERRnoaccess)); + } DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %d.\n",(int)sd_size)); @@ -1511,6 +1540,7 @@ static int call_nt_transact_query_security_desc(connection_struct *conn, send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL, params, 4, *ppdata, 0); + talloc_destroy(mem_ctx); return -1; } @@ -1520,6 +1550,7 @@ static int call_nt_transact_query_security_desc(connection_struct *conn, data = Realloc(*ppdata, sd_size); if(data == NULL) { + talloc_destroy(mem_ctx); return ERROR_DOS(ERRDOS,ERRnomem); } @@ -1531,11 +1562,6 @@ static int call_nt_transact_query_security_desc(connection_struct *conn, * Init the parse struct we will marshall into. */ - if ((mem_ctx = talloc_init()) == NULL) { - DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n")); - return ERROR_DOS(ERRDOS,ERRnomem); - } - prs_init(&pd, 0, mem_ctx, MARSHALL); /* @@ -1578,34 +1604,36 @@ static int call_nt_transact_set_security_desc(connection_struct *conn, int bufsize, char **ppsetup, char **ppparams, char **ppdata) { - uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount); - char *params= *ppparams; - char *data = *ppdata; - uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount); - files_struct *fsp = NULL; - uint32 security_info_sent = 0; - int error_class; - uint32 error_code; + uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount); + char *params= *ppparams; + char *data = *ppdata; + uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount); + files_struct *fsp = NULL; + uint32 security_info_sent = 0; + int error_class; + uint32 error_code; - if(!lp_nt_acl_support()) - return(UNIXERROR(ERRDOS,ERRnoaccess)); + if(total_parameter_count < 8) + return ERROR_DOS(ERRDOS,ERRbadfunc); - if(total_parameter_count < 8) - return ERROR_DOS(ERRDOS,ERRbadfunc); + if((fsp = file_fsp(params,0)) == NULL) + return ERROR_DOS(ERRDOS,ERRbadfid); - if((fsp = file_fsp(params,0)) == NULL) - return ERROR_DOS(ERRDOS,ERRbadfid); + if(!lp_nt_acl_support(SNUM(conn))) + goto done; - security_info_sent = IVAL(params,4); + security_info_sent = IVAL(params,4); - DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name, - (unsigned int)security_info_sent )); + DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name, + (unsigned int)security_info_sent )); - if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code)) + if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code)) return ERROR_DOS(error_class, error_code); - send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); - return -1; + done: + + send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0); + return -1; } /**************************************************************************** diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 0941d9f692..9b0fd379cf 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1159,7 +1159,7 @@ static int call_trans2qfsinfo(connection_struct *conn, case SMB_QUERY_FS_ATTRIBUTE_INFO: SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH| FILE_DEVICE_IS_MOUNTED| - (lp_nt_acl_support() ? FILE_PERSISTENT_ACLS : 0)); /* FS ATTRIBUTES */ + (lp_nt_acl_support(SNUM(conn)) ? FILE_PERSISTENT_ACLS : 0)); /* FS ATTRIBUTES */ SIVAL(pdata,4,255); /* Max filename component length */ len = srvstr_push(outbuf, pdata+12, fstype, -1, STR_TERMINATE); SIVAL(pdata,8,len); -- cgit