From bc7b4abc3a85e78a73d401345265b2c022f0f04d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 18 Nov 2004 03:31:35 +0000 Subject: r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263) --- source4/ntvfs/posix/pvfs_acl.c | 193 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 193 insertions(+) create mode 100644 source4/ntvfs/posix/pvfs_acl.c (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c new file mode 100644 index 0000000000..2885604311 --- /dev/null +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -0,0 +1,193 @@ +/* + Unix SMB/CIFS implementation. + + POSIX NTVFS backend - ACL support + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "auth/auth.h" +#include "system/filesys.h" +#include "vfs_posix.h" +#include "librpc/gen_ndr/ndr_xattr.h" + + +/* + setup a default ACL for a file +*/ +static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, int fd, + struct xattr_DosAcl *acl) +{ + struct security_descriptor *sd; + struct nt_user_token *token = req->session->session_info->nt_user_token; + int i; + + sd = security_descriptor_initialise(req); + if (sd == NULL) { + return NT_STATUS_NO_MEMORY; + } + + /* nasty hack to get a reasonable sec desc - should be based on posix uid/gid + and perms */ + if (token->num_sids > 0) { + sd->owner_sid = token->user_sids[0]; + } + if (token->num_sids > 1) { + sd->group_sid = token->user_sids[1]; + } + + for (i=0;inum_sids;i++) { + struct security_ace ace; + NTSTATUS status; + + ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace.flags = 0; + ace.access_mask = SEC_RIGHTS_FULL_CTRL | STD_RIGHT_ALL_ACCESS; + ace.trustee = *token->user_sids[i]; + + status = security_descriptor_dacl_add(sd, &ace); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + acl->version = 1; + acl->info.sd = sd; + + return NT_STATUS_OK; +} + + +/* + omit any security_descriptor elements not specified in the given + secinfo flags +*/ +static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_flags) +{ + if (!(secinfo_flags & OWNER_SECURITY_INFORMATION)) { + sd->owner_sid = NULL; + } + if (!(secinfo_flags & GROUP_SECURITY_INFORMATION)) { + sd->group_sid = NULL; + } + if (!(secinfo_flags & DACL_SECURITY_INFORMATION)) { + sd->dacl = NULL; + } + if (!(secinfo_flags & SACL_SECURITY_INFORMATION)) { + sd->sacl = NULL; + } +} + +/* + answer a setfileinfo for an ACL +*/ +NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, int fd, + union smb_setfileinfo *info) +{ + struct xattr_DosAcl *acl; + uint32_t secinfo_flags = info->set_secdesc.in.secinfo_flags; + struct security_descriptor *new_sd, *sd; + NTSTATUS status; + + acl = talloc_p(req, struct xattr_DosAcl); + if (acl == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = pvfs_acl_load(pvfs, name, fd, acl); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + status = pvfs_default_acl(pvfs, req, name, fd, acl); + } + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + switch (acl->version) { + case 1: + sd = acl->info.sd; + break; + default: + return NT_STATUS_INVALID_LEVEL; + } + + new_sd = info->set_secdesc.in.sd; + + /* only set the elements that have been specified */ + if (secinfo_flags & OWNER_SECURITY_INFORMATION) { + sd->owner_sid = new_sd->owner_sid; + } + if (secinfo_flags & GROUP_SECURITY_INFORMATION) { + sd->group_sid = new_sd->group_sid; + } + if (secinfo_flags & DACL_SECURITY_INFORMATION) { + sd->dacl = new_sd->dacl; + } + if (secinfo_flags & SACL_SECURITY_INFORMATION) { + sd->sacl = new_sd->sacl; + } + + status = pvfs_acl_save(pvfs, name, fd, acl); + + return status; +} + + +/* + answer a fileinfo query for the ACL +*/ +NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, int fd, + union smb_fileinfo *info) +{ + struct xattr_DosAcl *acl; + NTSTATUS status; + struct security_descriptor *sd; + + acl = talloc_p(req, struct xattr_DosAcl); + if (acl == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = pvfs_acl_load(pvfs, name, fd, acl); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + status = pvfs_default_acl(pvfs, req, name, fd, acl); + } + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + switch (acl->version) { + case 1: + sd = acl->info.sd; + break; + default: + return NT_STATUS_INVALID_LEVEL; + } + + normalise_sd_flags(sd, info->query_secdesc.in.secinfo_flags); + + info->query_secdesc.out.sd = sd; + + return NT_STATUS_OK; +} + -- cgit From 82da254ece1e09218d12b478e2164461306499a3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 18 Nov 2004 03:41:50 +0000 Subject: r3833: NTACL is a better xattr name than DosAcl (tpot suggested this) (This used to be commit 17911eea5995c12a2300dd3928612c77f8f0883e) --- source4/ntvfs/posix/pvfs_acl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 2885604311..ba92cdc31c 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -33,7 +33,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, struct smbsrv_request *req, struct pvfs_filename *name, int fd, - struct xattr_DosAcl *acl) + struct xattr_NTACL *acl) { struct security_descriptor *sd; struct nt_user_token *token = req->session->session_info->nt_user_token; @@ -103,12 +103,12 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd, union smb_setfileinfo *info) { - struct xattr_DosAcl *acl; + struct xattr_NTACL *acl; uint32_t secinfo_flags = info->set_secdesc.in.secinfo_flags; struct security_descriptor *new_sd, *sd; NTSTATUS status; - acl = talloc_p(req, struct xattr_DosAcl); + acl = talloc_p(req, struct xattr_NTACL); if (acl == NULL) { return NT_STATUS_NO_MEMORY; } @@ -159,11 +159,11 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd, union smb_fileinfo *info) { - struct xattr_DosAcl *acl; + struct xattr_NTACL *acl; NTSTATUS status; struct security_descriptor *sd; - acl = talloc_p(req, struct xattr_DosAcl); + acl = talloc_p(req, struct xattr_NTACL); if (acl == NULL) { return NT_STATUS_NO_MEMORY; } -- cgit From 0b691afe81c2778de30f20c03ab2a5f29473f799 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 18 Nov 2004 04:19:26 +0000 Subject: r3836: - fixed the handling of NT_STATUS_BUFFER_TOO_SMALL in nttrans server - fixed revision number on default DACL - fixed DACL_PRESENT bit in acl query with these fixes cacls.exe and the GUI ACL editor in w2k both work against pvfs. The GUI editor is slow as it times out looking up the SID -> name mappings. (This used to be commit 4468018cb63fd884920c2b0f5235bded50c6b5db) --- source4/ntvfs/posix/pvfs_acl.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index ba92cdc31c..216c9b4a71 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -52,6 +52,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, if (token->num_sids > 1) { sd->group_sid = token->user_sids[1]; } + sd->type |= SEC_DESC_DACL_PRESENT; for (i=0;inum_sids;i++) { struct security_ace ace; -- cgit From 71a81e9dcbbdc3e8d443967e47110ce9187a7c1d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Nov 2004 03:22:44 +0000 Subject: r3990: take advantage of the uid->sid and gid->sid code to create a much better default NT ACL in pvfs (This used to be commit 9ff6ecbdb6c08528193f7958d7ea7d9a8df6defd) --- source4/ntvfs/posix/pvfs_acl.c | 105 +++++++++++++++++++++++++++++++++++------ 1 file changed, 91 insertions(+), 14 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 216c9b4a71..f079857821 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -36,32 +36,109 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, struct xattr_NTACL *acl) { struct security_descriptor *sd; - struct nt_user_token *token = req->session->session_info->nt_user_token; int i; + struct security_ace ace; + NTSTATUS status; + const char *sid_names[] = { + SID_BUILTIN_ADMINISTRATORS, + SID_CREATOR_OWNER, + SID_CREATOR_GROUP, + SID_WORLD + }; + uint32_t access_masks[4]; + mode_t mode; sd = security_descriptor_initialise(req); if (sd == NULL) { return NT_STATUS_NO_MEMORY; } - /* nasty hack to get a reasonable sec desc - should be based on posix uid/gid - and perms */ - if (token->num_sids > 0) { - sd->owner_sid = token->user_sids[0]; + status = sidmap_uid_to_sid(pvfs->sidmap, sd, name->st.st_uid, &sd->owner_sid); + if (!NT_STATUS_IS_OK(status)) { + return status; } - if (token->num_sids > 1) { - sd->group_sid = token->user_sids[1]; + status = sidmap_gid_to_sid(pvfs->sidmap, sd, name->st.st_gid, &sd->group_sid); + if (!NT_STATUS_IS_OK(status)) { + return status; } + sd->type |= SEC_DESC_DACL_PRESENT; - for (i=0;inum_sids;i++) { - struct security_ace ace; - NTSTATUS status; + /* + we provide 4 ACEs + - Administrator + - Owner + - Group + - Everyone + */ + access_masks[0] = SEC_RIGHTS_FULL_CTRL | STD_RIGHT_ALL_ACCESS; + access_masks[1] = 0; + access_masks[2] = 0; + access_masks[3] = 0; + + mode = name->st.st_mode; + + if (mode & S_IRUSR) { + access_masks[1] |= + SA_RIGHT_FILE_READ_DATA | + SA_RIGHT_FILE_READ_EA | + SA_RIGHT_FILE_READ_ATTRIBUTES | + SA_RIGHT_FILE_EXECUTE; + } + if (mode & S_IWUSR) { + access_masks[1] |= + SA_RIGHT_FILE_WRITE_DATA | + SA_RIGHT_FILE_APPEND_DATA | + SA_RIGHT_FILE_WRITE_EA | + SA_RIGHT_FILE_DELETE_CHILD | + SA_RIGHT_FILE_WRITE_ATTRIBUTES; + } + + if (mode & S_IRGRP) { + access_masks[2] |= + SA_RIGHT_FILE_READ_DATA | + SA_RIGHT_FILE_READ_EA | + SA_RIGHT_FILE_READ_ATTRIBUTES | + SA_RIGHT_FILE_EXECUTE; + } + if (mode & S_IWGRP) { + access_masks[2] |= + SA_RIGHT_FILE_WRITE_DATA | + SA_RIGHT_FILE_APPEND_DATA | + SA_RIGHT_FILE_WRITE_EA | + SA_RIGHT_FILE_DELETE_CHILD | + SA_RIGHT_FILE_WRITE_ATTRIBUTES; + } + + if (mode & S_IROTH) { + access_masks[3] |= + SA_RIGHT_FILE_READ_DATA | + SA_RIGHT_FILE_READ_EA | + SA_RIGHT_FILE_READ_ATTRIBUTES | + SA_RIGHT_FILE_EXECUTE; + } + if (mode & S_IWOTH) { + access_masks[3] |= + SA_RIGHT_FILE_WRITE_DATA | + SA_RIGHT_FILE_APPEND_DATA | + SA_RIGHT_FILE_WRITE_EA | + SA_RIGHT_FILE_DELETE_CHILD | + SA_RIGHT_FILE_WRITE_ATTRIBUTES; + } + + ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace.flags = 0; + + for (i=0;iuser_sids[i]; + ace.access_mask = access_masks[i]; + + sid = dom_sid_parse_talloc(sd, sid_names[i]); + if (sid == NULL) { + return NT_STATUS_NO_MEMORY; + } + ace.trustee = *sid; status = security_descriptor_dacl_add(sd, &ace); if (!NT_STATUS_IS_OK(status)) { -- cgit From 77be33e31c11ac3b667f3019d23c2fcde1e8692f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Nov 2004 06:42:02 +0000 Subject: r3995: improved the default ACL mapping from unix perms (This used to be commit 01e89697fe837ee76fedda149e1e2b389a7d3889) --- source4/ntvfs/posix/pvfs_acl.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index f079857821..2ff873fd78 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -83,15 +83,17 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_READ_EA | SA_RIGHT_FILE_READ_ATTRIBUTES | - SA_RIGHT_FILE_EXECUTE; + SA_RIGHT_FILE_EXECUTE | + STD_RIGHT_SYNCHRONIZE_ACCESS | + STD_RIGHT_READ_CONTROL_ACCESS; } if (mode & S_IWUSR) { access_masks[1] |= SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_APPEND_DATA | SA_RIGHT_FILE_WRITE_EA | - SA_RIGHT_FILE_DELETE_CHILD | - SA_RIGHT_FILE_WRITE_ATTRIBUTES; + SA_RIGHT_FILE_WRITE_ATTRIBUTES | + STD_RIGHT_DELETE_ACCESS; } if (mode & S_IRGRP) { @@ -99,14 +101,15 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_READ_EA | SA_RIGHT_FILE_READ_ATTRIBUTES | - SA_RIGHT_FILE_EXECUTE; + SA_RIGHT_FILE_EXECUTE | + STD_RIGHT_SYNCHRONIZE_ACCESS | + STD_RIGHT_READ_CONTROL_ACCESS; } if (mode & S_IWGRP) { access_masks[2] |= SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_APPEND_DATA | SA_RIGHT_FILE_WRITE_EA | - SA_RIGHT_FILE_DELETE_CHILD | SA_RIGHT_FILE_WRITE_ATTRIBUTES; } @@ -115,14 +118,15 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_READ_EA | SA_RIGHT_FILE_READ_ATTRIBUTES | - SA_RIGHT_FILE_EXECUTE; + SA_RIGHT_FILE_EXECUTE | + STD_RIGHT_SYNCHRONIZE_ACCESS | + STD_RIGHT_READ_CONTROL_ACCESS; } if (mode & S_IWOTH) { access_masks[3] |= SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_APPEND_DATA | SA_RIGHT_FILE_WRITE_EA | - SA_RIGHT_FILE_DELETE_CHILD | SA_RIGHT_FILE_WRITE_ATTRIBUTES; } -- cgit From fdc9f417d89fdf9dd6afbc22843d70585e195c9d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Nov 2004 04:33:27 +0000 Subject: r4011: get rid of rpc_secdes.h and replace it with a single sane set of definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d) --- source4/ntvfs/posix/pvfs_acl.c | 80 +++++++++++++++++++++--------------------- 1 file changed, 40 insertions(+), 40 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 2ff873fd78..2fff6db628 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -71,7 +71,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, - Group - Everyone */ - access_masks[0] = SEC_RIGHTS_FULL_CTRL | STD_RIGHT_ALL_ACCESS; + access_masks[0] = SEC_RIGHTS_FULL_CONTROL; access_masks[1] = 0; access_masks[2] = 0; access_masks[3] = 0; @@ -80,54 +80,54 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, if (mode & S_IRUSR) { access_masks[1] |= - SA_RIGHT_FILE_READ_DATA | - SA_RIGHT_FILE_READ_EA | - SA_RIGHT_FILE_READ_ATTRIBUTES | - SA_RIGHT_FILE_EXECUTE | - STD_RIGHT_SYNCHRONIZE_ACCESS | - STD_RIGHT_READ_CONTROL_ACCESS; + SEC_FILE_READ_DATA | + SEC_FILE_READ_EA | + SEC_FILE_READ_ATTRIBUTE | + SEC_FILE_EXECUTE | + SEC_STD_SYNCHRONIZE | + SEC_STD_READ_CONTROL; } if (mode & S_IWUSR) { access_masks[1] |= - SA_RIGHT_FILE_WRITE_DATA | - SA_RIGHT_FILE_APPEND_DATA | - SA_RIGHT_FILE_WRITE_EA | - SA_RIGHT_FILE_WRITE_ATTRIBUTES | - STD_RIGHT_DELETE_ACCESS; + SEC_FILE_WRITE_DATA | + SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | + SEC_FILE_WRITE_ATTRIBUTE | + SEC_STD_DELETE; } if (mode & S_IRGRP) { access_masks[2] |= - SA_RIGHT_FILE_READ_DATA | - SA_RIGHT_FILE_READ_EA | - SA_RIGHT_FILE_READ_ATTRIBUTES | - SA_RIGHT_FILE_EXECUTE | - STD_RIGHT_SYNCHRONIZE_ACCESS | - STD_RIGHT_READ_CONTROL_ACCESS; + SEC_FILE_READ_DATA | + SEC_FILE_READ_EA | + SEC_FILE_READ_ATTRIBUTE | + SEC_FILE_EXECUTE | + SEC_STD_SYNCHRONIZE | + SEC_STD_READ_CONTROL; } if (mode & S_IWGRP) { access_masks[2] |= - SA_RIGHT_FILE_WRITE_DATA | - SA_RIGHT_FILE_APPEND_DATA | - SA_RIGHT_FILE_WRITE_EA | - SA_RIGHT_FILE_WRITE_ATTRIBUTES; + SEC_FILE_WRITE_DATA | + SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | + SEC_FILE_WRITE_ATTRIBUTE; } if (mode & S_IROTH) { access_masks[3] |= - SA_RIGHT_FILE_READ_DATA | - SA_RIGHT_FILE_READ_EA | - SA_RIGHT_FILE_READ_ATTRIBUTES | - SA_RIGHT_FILE_EXECUTE | - STD_RIGHT_SYNCHRONIZE_ACCESS | - STD_RIGHT_READ_CONTROL_ACCESS; + SEC_FILE_READ_DATA | + SEC_FILE_READ_EA | + SEC_FILE_READ_ATTRIBUTE | + SEC_FILE_EXECUTE | + SEC_STD_SYNCHRONIZE | + SEC_STD_READ_CONTROL; } if (mode & S_IWOTH) { access_masks[3] |= - SA_RIGHT_FILE_WRITE_DATA | - SA_RIGHT_FILE_APPEND_DATA | - SA_RIGHT_FILE_WRITE_EA | - SA_RIGHT_FILE_WRITE_ATTRIBUTES; + SEC_FILE_WRITE_DATA | + SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | + SEC_FILE_WRITE_ATTRIBUTE; } ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; @@ -163,16 +163,16 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, */ static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_flags) { - if (!(secinfo_flags & OWNER_SECURITY_INFORMATION)) { + if (!(secinfo_flags & SECINFO_OWNER)) { sd->owner_sid = NULL; } - if (!(secinfo_flags & GROUP_SECURITY_INFORMATION)) { + if (!(secinfo_flags & SECINFO_GROUP)) { sd->group_sid = NULL; } - if (!(secinfo_flags & DACL_SECURITY_INFORMATION)) { + if (!(secinfo_flags & SECINFO_DACL)) { sd->dacl = NULL; } - if (!(secinfo_flags & SACL_SECURITY_INFORMATION)) { + if (!(secinfo_flags & SECINFO_SACL)) { sd->sacl = NULL; } } @@ -214,16 +214,16 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, new_sd = info->set_secdesc.in.sd; /* only set the elements that have been specified */ - if (secinfo_flags & OWNER_SECURITY_INFORMATION) { + if (secinfo_flags & SECINFO_OWNER) { sd->owner_sid = new_sd->owner_sid; } - if (secinfo_flags & GROUP_SECURITY_INFORMATION) { + if (secinfo_flags & SECINFO_GROUP) { sd->group_sid = new_sd->group_sid; } - if (secinfo_flags & DACL_SECURITY_INFORMATION) { + if (secinfo_flags & SECINFO_DACL) { sd->dacl = new_sd->dacl; } - if (secinfo_flags & SACL_SECURITY_INFORMATION) { + if (secinfo_flags & SECINFO_SACL) { sd->sacl = new_sd->sacl; } -- cgit From a8a3fec528f6ee9a4a0171fb4186e8dcaba76518 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 1 Dec 2004 11:35:01 +0000 Subject: r4026: added NT ACL checking on pvfs_open() for existing files. I need to work out some way to do a decent test suite for this. (This used to be commit 9a9a0d0e791e4b64f0a35c921729e623b977af47) --- source4/ntvfs/posix/pvfs_acl.c | 80 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 78 insertions(+), 2 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 2fff6db628..236bc4d98d 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -208,7 +208,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, sd = acl->info.sd; break; default: - return NT_STATUS_INVALID_LEVEL; + return NT_STATUS_INVALID_ACL; } new_sd = info->set_secdesc.in.sd; @@ -263,7 +263,7 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, sd = acl->info.sd; break; default: - return NT_STATUS_INVALID_LEVEL; + return NT_STATUS_INVALID_ACL; } normalise_sd_flags(sd, info->query_secdesc.in.secinfo_flags); @@ -273,3 +273,79 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, return NT_STATUS_OK; } + +/* + default access check function based on unix permissions + doing this saves on building a full security descriptor + for the common case of access check on files with no + specific NT ACL +*/ +NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, + uint32_t *access_mask) +{ + uid_t uid = geteuid(); + uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL; + + /* owner and root get extra permissions */ + if (uid == 0 || uid == name->st.st_uid) { + max_bits |= SEC_STD_ALL; + } + + if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) { + *access_mask = max_bits; + return NT_STATUS_OK; + } + + if (*access_mask & ~max_bits) { + return NT_STATUS_ACCESS_DENIED; + } + + return NT_STATUS_OK; +} + + +/* + check the security descriptor on a file, if any + + *access_mask is modified with the access actually granted +*/ +NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, + uint32_t *access_mask) +{ + struct nt_user_token *token = req->session->session_info->nt_user_token; + struct xattr_NTACL *acl; + NTSTATUS status; + struct security_descriptor *sd; + + acl = talloc_p(req, struct xattr_NTACL); + if (acl == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = pvfs_acl_load(pvfs, name, -1, acl); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + talloc_free(acl); + return pvfs_access_check_unix(pvfs, req, name, access_mask); + } + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + switch (acl->version) { + case 1: + sd = acl->info.sd; + break; + default: + return NT_STATUS_INVALID_ACL; + } + + status = sec_access_check(sd, token, *access_mask, access_mask); + + talloc_free(acl); + + return status; +} -- cgit From cc8f4358cca2404895015e2351394f2f4a16e025 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 2 Dec 2004 04:37:36 +0000 Subject: r4035: more effort on consistent naming of the access mask bits. This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and SEC_RIGHTS_FULL_CONTROL, which are just other names for SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names match the new naming conventions in security.idl Also added names for the generic->specific mappings for files are directories (This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 236bc4d98d..c584ddc4e8 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -71,7 +71,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, - Group - Everyone */ - access_masks[0] = SEC_RIGHTS_FULL_CONTROL; + access_masks[0] = SEC_RIGHTS_FILE_ALL; access_masks[1] = 0; access_masks[2] = 0; access_masks[3] = 0; -- cgit From 4075e28a4f87993858e630012cffe96e49ff6717 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Dec 2004 13:04:10 +0000 Subject: r4056: modified the access check code based on results from RAW-ACLS test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS yet, but its close. (This used to be commit c7cbd966d49a5345ea326732587555d209c531fc) --- source4/ntvfs/posix/pvfs_acl.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index c584ddc4e8..6eb4c13804 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -27,6 +27,38 @@ #include "librpc/gen_ndr/ndr_xattr.h" +/* + map a single access_mask from generic to specific bits for files/dirs +*/ +static uint32_t pvfs_translate_mask(uint32_t access_mask) +{ + if (access_mask & SEC_MASK_GENERIC) { + if (access_mask & SEC_GENERIC_READ) access_mask |= SEC_RIGHTS_FILE_READ; + if (access_mask & SEC_GENERIC_WRITE) access_mask |= SEC_RIGHTS_FILE_WRITE; + if (access_mask & SEC_GENERIC_EXECUTE) access_mask |= SEC_RIGHTS_FILE_EXECUTE; + if (access_mask & SEC_GENERIC_ALL) access_mask |= SEC_RIGHTS_FILE_ALL; + access_mask &= ~SEC_MASK_GENERIC; + } + return access_mask; +} + + +/* + map any generic access bits in the given acl + this relies on the fact that the mappings for files and directories + are the same +*/ +static void pvfs_translate_generic_bits(struct security_acl *acl) +{ + unsigned i; + + for (i=0;inum_aces;i++) { + struct security_ace *ace = &acl->aces[i]; + ace->access_mask = pvfs_translate_mask(ace->access_mask); + } +} + + /* setup a default ACL for a file */ @@ -222,9 +254,11 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, } if (secinfo_flags & SECINFO_DACL) { sd->dacl = new_sd->dacl; + pvfs_translate_generic_bits(sd->dacl); } if (secinfo_flags & SECINFO_SACL) { sd->sacl = new_sd->sacl; + pvfs_translate_generic_bits(sd->sacl); } status = pvfs_acl_save(pvfs, name, fd, acl); @@ -343,8 +377,15 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, return NT_STATUS_INVALID_ACL; } + /* expand the generic access bits to file specific bits */ + *access_mask = pvfs_translate_mask(*access_mask); + + /* check the acl against the required access mask */ status = sec_access_check(sd, token, *access_mask, access_mask); + /* this bit is always granted, even if not asked for */ + *access_mask |= SEC_FILE_READ_ATTRIBUTE; + talloc_free(acl); return status; -- cgit From 6ca874f71ad77c82d6e161a3e4772100de2ad6c5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 11 Dec 2004 05:41:19 +0000 Subject: r4147: converted from NT_USER_TOKEN to struct security_token this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 6eb4c13804..e2d779f91c 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -350,7 +350,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, struct pvfs_filename *name, uint32_t *access_mask) { - struct nt_user_token *token = req->session->session_info->nt_user_token; + struct security_token *token = req->session->session_info->security_token; struct xattr_NTACL *acl; NTSTATUS status; struct security_descriptor *sd; -- cgit From d21a55dda787a65f15eccb6442189ad7d97526f0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 14 Dec 2004 22:17:41 +0000 Subject: r4205: fixed the default acl mapping from posix permissions to use the mapped uid->sid and gid->sid (This used to be commit 590e1a91bfc719c2d84a9a066fb4e0308b6d9803) --- source4/ntvfs/posix/pvfs_acl.c | 66 +++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 33 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index e2d779f91c..95a4e5765c 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -68,17 +68,11 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, struct xattr_NTACL *acl) { struct security_descriptor *sd; - int i; - struct security_ace ace; NTSTATUS status; - const char *sid_names[] = { - SID_BUILTIN_ADMINISTRATORS, - SID_CREATOR_OWNER, - SID_CREATOR_GROUP, - SID_WORLD - }; - uint32_t access_masks[4]; + struct security_ace aces[4]; mode_t mode; + struct dom_sid *sid; + int i; sd = security_descriptor_initialise(req); if (sd == NULL) { @@ -103,15 +97,15 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, - Group - Everyone */ - access_masks[0] = SEC_RIGHTS_FILE_ALL; - access_masks[1] = 0; - access_masks[2] = 0; - access_masks[3] = 0; + aces[0].access_mask = SEC_RIGHTS_FILE_ALL; + aces[1].access_mask = 0; + aces[2].access_mask = 0; + aces[3].access_mask = 0; mode = name->st.st_mode; if (mode & S_IRUSR) { - access_masks[1] |= + aces[1].access_mask |= SEC_FILE_READ_DATA | SEC_FILE_READ_EA | SEC_FILE_READ_ATTRIBUTE | @@ -120,7 +114,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, SEC_STD_READ_CONTROL; } if (mode & S_IWUSR) { - access_masks[1] |= + aces[1].access_mask |= SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | SEC_FILE_WRITE_EA | @@ -129,7 +123,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, } if (mode & S_IRGRP) { - access_masks[2] |= + aces[2].access_mask |= SEC_FILE_READ_DATA | SEC_FILE_READ_EA | SEC_FILE_READ_ATTRIBUTE | @@ -138,7 +132,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, SEC_STD_READ_CONTROL; } if (mode & S_IWGRP) { - access_masks[2] |= + aces[2].access_mask |= SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | SEC_FILE_WRITE_EA | @@ -146,7 +140,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, } if (mode & S_IROTH) { - access_masks[3] |= + aces[3].access_mask |= SEC_FILE_READ_DATA | SEC_FILE_READ_EA | SEC_FILE_READ_ATTRIBUTE | @@ -155,31 +149,37 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, SEC_STD_READ_CONTROL; } if (mode & S_IWOTH) { - access_masks[3] |= + aces[3].access_mask |= SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE; } - ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; - ace.flags = 0; + sid = dom_sid_parse_talloc(sd, SID_BUILTIN_ADMINISTRATORS); + if (sid == NULL) return NT_STATUS_NO_MEMORY; + + aces[0].type = SEC_ACE_TYPE_ACCESS_ALLOWED; + aces[0].flags = 0; + aces[0].trustee = *sid; + + aces[1].type = SEC_ACE_TYPE_ACCESS_ALLOWED; + aces[1].flags = 0; + aces[1].trustee = *sd->owner_sid; - for (i=0;igroup_sid; - ace.access_mask = access_masks[i]; + sid = dom_sid_parse_talloc(sd, SID_WORLD); + if (sid == NULL) return NT_STATUS_NO_MEMORY; - sid = dom_sid_parse_talloc(sd, sid_names[i]); - if (sid == NULL) { - return NT_STATUS_NO_MEMORY; - } - ace.trustee = *sid; + aces[3].type = SEC_ACE_TYPE_ACCESS_ALLOWED; + aces[3].flags = 0; + aces[3].trustee = *sid; - status = security_descriptor_dacl_add(sd, &ace); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + for (i=0;i<4;i++) { + security_descriptor_dacl_add(sd, &aces[i]); } acl->version = 1; -- cgit From a66a985cde1606d0ed6f66f2dc80357b0f7d3363 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 21 Dec 2004 11:44:32 +0000 Subject: r4314: added ACL checking on unlink (This used to be commit f25c469693517ed993e0379d8b07cd7eb235a669) --- source4/ntvfs/posix/pvfs_acl.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 95a4e5765c..5302cc9524 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -390,3 +390,16 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, return status; } + + +/* + a simplified interface to access check, designed for calls that + do not take or return an access check mask +*/ +NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, + uint32_t access_needed) +{ + return pvfs_access_check(pvfs, req, name, &access_needed); +} -- cgit From 359cf872df35096aaf30a36612c62f42d7015378 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 29 Dec 2004 12:41:27 +0000 Subject: r4391: bring the default ACL inline with what w2k3 uses (This used to be commit 16967f7502ea6d2efa0fc08decc955a1516c3a02) --- source4/ntvfs/posix/pvfs_acl.c | 109 ++++++++++++++--------------------------- 1 file changed, 37 insertions(+), 72 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 5302cc9524..970cddf6f7 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -69,10 +69,8 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, { struct security_descriptor *sd; NTSTATUS status; - struct security_ace aces[4]; + struct security_ace ace; mode_t mode; - struct dom_sid *sid; - int i; sd = security_descriptor_initialise(req); if (sd == NULL) { @@ -90,97 +88,64 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, sd->type |= SEC_DESC_DACL_PRESENT; + mode = name->st.st_mode; + /* - we provide 4 ACEs - - Administrator + we provide up to 4 ACEs - Owner - Group - Everyone + - Administrator */ - aces[0].access_mask = SEC_RIGHTS_FILE_ALL; - aces[1].access_mask = 0; - aces[2].access_mask = 0; - aces[3].access_mask = 0; - mode = name->st.st_mode; + + /* setup owner ACE */ + ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; + ace.flags = 0; + ace.trustee = *sd->owner_sid; + ace.access_mask = 0; if (mode & S_IRUSR) { - aces[1].access_mask |= - SEC_FILE_READ_DATA | - SEC_FILE_READ_EA | - SEC_FILE_READ_ATTRIBUTE | - SEC_FILE_EXECUTE | - SEC_STD_SYNCHRONIZE | - SEC_STD_READ_CONTROL; + ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; } if (mode & S_IWUSR) { - aces[1].access_mask |= - SEC_FILE_WRITE_DATA | - SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | - SEC_FILE_WRITE_ATTRIBUTE | - SEC_STD_DELETE; + ace.access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE; + } + if (ace.access_mask) { + security_descriptor_dacl_add(sd, &ace); } + + /* setup group ACE */ + ace.trustee = *sd->group_sid; + ace.access_mask = 0; if (mode & S_IRGRP) { - aces[2].access_mask |= - SEC_FILE_READ_DATA | - SEC_FILE_READ_EA | - SEC_FILE_READ_ATTRIBUTE | - SEC_FILE_EXECUTE | - SEC_STD_SYNCHRONIZE | - SEC_STD_READ_CONTROL; + ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; } if (mode & S_IWGRP) { - aces[2].access_mask |= - SEC_FILE_WRITE_DATA | - SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | - SEC_FILE_WRITE_ATTRIBUTE; + ace.access_mask |= SEC_RIGHTS_FILE_WRITE; + } + if (ace.access_mask) { + security_descriptor_dacl_add(sd, &ace); } + /* setup other ACE */ + ace.trustee = *dom_sid_parse_talloc(req, SID_WORLD); + ace.access_mask = 0; if (mode & S_IROTH) { - aces[3].access_mask |= - SEC_FILE_READ_DATA | - SEC_FILE_READ_EA | - SEC_FILE_READ_ATTRIBUTE | - SEC_FILE_EXECUTE | - SEC_STD_SYNCHRONIZE | - SEC_STD_READ_CONTROL; + ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; } if (mode & S_IWOTH) { - aces[3].access_mask |= - SEC_FILE_WRITE_DATA | - SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | - SEC_FILE_WRITE_ATTRIBUTE; + ace.access_mask |= SEC_RIGHTS_FILE_WRITE; } - - sid = dom_sid_parse_talloc(sd, SID_BUILTIN_ADMINISTRATORS); - if (sid == NULL) return NT_STATUS_NO_MEMORY; - - aces[0].type = SEC_ACE_TYPE_ACCESS_ALLOWED; - aces[0].flags = 0; - aces[0].trustee = *sid; - - aces[1].type = SEC_ACE_TYPE_ACCESS_ALLOWED; - aces[1].flags = 0; - aces[1].trustee = *sd->owner_sid; - - aces[2].type = SEC_ACE_TYPE_ACCESS_ALLOWED; - aces[2].flags = 0; - aces[2].trustee = *sd->group_sid; - - sid = dom_sid_parse_talloc(sd, SID_WORLD); - if (sid == NULL) return NT_STATUS_NO_MEMORY; - - aces[3].type = SEC_ACE_TYPE_ACCESS_ALLOWED; - aces[3].flags = 0; - aces[3].trustee = *sid; - - for (i=0;i<4;i++) { - security_descriptor_dacl_add(sd, &aces[i]); + if (ace.access_mask) { + security_descriptor_dacl_add(sd, &ace); } + + /* setup system ACE */ + ace.trustee = *dom_sid_parse_talloc(req, SID_NT_SYSTEM); + ace.access_mask = SEC_RIGHTS_FILE_ALL; + security_descriptor_dacl_add(sd, &ace); acl->version = 1; acl->info.sd = sd; -- cgit From abe22d0351955adb1ad7c304d45b9539d202aadb Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 30 Dec 2004 02:25:20 +0000 Subject: r4403: - added ACL inheritance in the pvfs backend. ACLs are now inherited on file and directory creation via ntcreatex. pvfs now passes the inheritance test in RAW-ACLS - cleaned up the error handling a bit in pvfs_open() (This used to be commit f4dfb63d5395a365961a21388639809fcd3112d0) --- source4/ntvfs/posix/pvfs_acl.c | 164 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 163 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 970cddf6f7..c2309b92ea 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -106,7 +106,11 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, ace.access_mask = 0; if (mode & S_IRUSR) { - ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; + if (mode & S_IWUSR) { + ace.access_mask |= SEC_RIGHTS_FILE_ALL; + } else { + ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; + } } if (mode & S_IWUSR) { ace.access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE; @@ -123,6 +127,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; } if (mode & S_IWGRP) { + /* note that delete is not granted - this matches posix behaviour */ ace.access_mask |= SEC_RIGHTS_FILE_WRITE; } if (ace.access_mask) { @@ -368,3 +373,160 @@ NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, { return pvfs_access_check(pvfs, req, name, &access_needed); } + + +/* + determine if an ACE is inheritable +*/ +static BOOL pvfs_inheritable_ace(struct pvfs_state *pvfs, + const struct security_ace *ace, + BOOL container) +{ + if (!container) { + return (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) != 0; + } + + if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) { + return True; + } + + if ((ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) && + !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { + return True; + } + + return False; +} + +/* + this is the core of ACL inheritance. It copies any inheritable + aces from the parent SD to the child SD. Note that the algorithm + depends on whether the child is a container or not +*/ +static NTSTATUS pvfs_acl_inherit_aces(struct pvfs_state *pvfs, + struct security_descriptor *parent_sd, + struct security_descriptor *sd, + BOOL container) +{ + int i; + + for (i=0;idacl->num_aces;i++) { + struct security_ace ace = parent_sd->dacl->aces[i]; + NTSTATUS status; + + if (!pvfs_inheritable_ace(pvfs, &ace, container)) { + continue; + } + + /* see the RAW-ACLS inheritance test for details on these rules */ + if (!container) { + ace.flags = 0; + } else { + ace.flags &= ~SEC_ACE_FLAG_INHERIT_ONLY; + + if (!(ace.flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) { + ace.flags |= SEC_ACE_FLAG_INHERIT_ONLY; + } + if (ace.flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { + ace.flags = 0; + } + } + + status = security_descriptor_dacl_add(sd, &ace); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + return NT_STATUS_OK; +} + + + +/* + setup an ACL on a new file/directory based on the inherited ACL from + the parent. If there is no inherited ACL then we don't set anything, + as the default ACL applies anyway +*/ +NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, + int fd) +{ + struct xattr_NTACL *acl; + NTSTATUS status; + struct pvfs_filename *parent; + struct security_descriptor *parent_sd, *sd; + BOOL container; + + /* form the parents path */ + status = pvfs_resolve_parent(pvfs, req, name, &parent); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + acl = talloc_p(req, struct xattr_NTACL); + if (acl == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = pvfs_acl_load(pvfs, parent, -1, acl); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + return NT_STATUS_OK; + } + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + switch (acl->version) { + case 1: + parent_sd = acl->info.sd; + break; + default: + return NT_STATUS_INVALID_ACL; + } + + if (parent_sd == NULL || + parent_sd->dacl == NULL || + parent_sd->dacl->num_aces == 0) { + /* go with the default ACL */ + return NT_STATUS_OK; + } + + /* create the new sd */ + sd = security_descriptor_initialise(req); + if (sd == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = sidmap_uid_to_sid(pvfs->sidmap, sd, name->st.st_uid, &sd->owner_sid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + status = sidmap_gid_to_sid(pvfs->sidmap, sd, name->st.st_gid, &sd->group_sid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + sd->type |= SEC_DESC_DACL_PRESENT; + + container = (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) ? True:False; + + /* fill in the aces from the parent */ + status = pvfs_acl_inherit_aces(pvfs, parent_sd, sd, container); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* if there is nothing to inherit then we fallback to the + default acl */ + if (sd->dacl == NULL || sd->dacl->num_aces == 0) { + return NT_STATUS_OK; + } + + acl->info.sd = sd; + + status = pvfs_acl_save(pvfs, name, fd, acl); + + return status; +} -- cgit From e913a48ded85e7baf91a355fff46fe270afed936 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 30 Dec 2004 05:50:23 +0000 Subject: r4408: added the remaining access check hooks into pvfs. All calls should now have acl checking, and obey the various inheritance rules. (This used to be commit 5fe51807d6b97e68b65f152c0f405e5c5a025d21) --- source4/ntvfs/posix/pvfs_acl.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index c2309b92ea..a5cd9ebd79 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -371,9 +371,30 @@ NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, struct pvfs_filename *name, uint32_t access_needed) { + if (access_needed == 0) { + return NT_STATUS_OK; + } return pvfs_access_check(pvfs, req, name, &access_needed); } +/* + access check for creating a new file/directory +*/ +NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name) +{ + struct pvfs_filename *parent; + NTSTATUS status; + + status = pvfs_resolve_parent(pvfs, req, name, &parent); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE); +} + /* determine if an ACE is inheritable -- cgit From 373bca5bcd9555acda8ecf526c82f136c2312ee8 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 30 Dec 2004 06:51:13 +0000 Subject: r4411: when checking for create permissions, we need to check the parent, not the child! (This used to be commit 30b4c20b1c9aea94dd2a0611b58860797d244e5a) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index a5cd9ebd79..6741fb851d 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -392,7 +392,7 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, return status; } - return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE); + return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE); } -- cgit From ef179fddb3c4feae9d048034c035cbda71457ccc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 30 Dec 2004 07:10:31 +0000 Subject: r4412: SEC_FILE_READ_ATTRIBUTE is always granted, even if not requested. This was being done in the full ACL code, but not in the unix access check code, which meant that qfileinfo was failing for some parameters (This used to be commit 96d017e521f5a996a7a274682838855d077834bc) --- source4/ntvfs/posix/pvfs_acl.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 6741fb851d..4cc22b0918 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -306,6 +306,8 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, return NT_STATUS_ACCESS_DENIED; } + *access_mask |= SEC_FILE_READ_ATTRIBUTE; + return NT_STATUS_OK; } -- cgit From 291b02a639aa6551ac1f59e47a78d5590d2b7f6e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 31 Dec 2004 08:56:32 +0000 Subject: r4448: - fixed access_mask checking on acl set - honor the change ownership requests of acl set, changing the underlying unix owner/group - fix the access mask on file create with SEC_FLAG_MAXIMUM_ALLOWED (This used to be commit 5761fa35ab727b51ef1b52459911bafbdd788755) --- source4/ntvfs/posix/pvfs_acl.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 4cc22b0918..ce5f3a248b 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -185,12 +185,15 @@ static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, struct smbsrv_request *req, struct pvfs_filename *name, int fd, + uint32_t access_mask, union smb_setfileinfo *info) { struct xattr_NTACL *acl; uint32_t secinfo_flags = info->set_secdesc.in.secinfo_flags; struct security_descriptor *new_sd, *sd; NTSTATUS status; + uid_t uid = -1; + gid_t gid = -1; acl = talloc_p(req, struct xattr_NTACL); if (acl == NULL) { @@ -215,12 +218,28 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, new_sd = info->set_secdesc.in.sd; + uid = name->st.st_uid; + gid = name->st.st_gid; + /* only set the elements that have been specified */ - if (secinfo_flags & SECINFO_OWNER) { + if ((secinfo_flags & SECINFO_OWNER) && + !dom_sid_equal(sd->owner_sid, new_sd->owner_sid)) { + if (!(access_mask & SEC_STD_WRITE_OWNER)) { + return NT_STATUS_ACCESS_DENIED; + } sd->owner_sid = new_sd->owner_sid; + status = sidmap_sid_to_unixuid(pvfs->sidmap, sd->owner_sid, &uid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } } - if (secinfo_flags & SECINFO_GROUP) { + if ((secinfo_flags & SECINFO_GROUP) && + !dom_sid_equal(sd->group_sid, new_sd->group_sid)) { sd->group_sid = new_sd->group_sid; + status = sidmap_sid_to_unixgid(pvfs->sidmap, sd->owner_sid, &gid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } } if (secinfo_flags & SECINFO_DACL) { sd->dacl = new_sd->dacl; @@ -228,9 +247,24 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, } if (secinfo_flags & SECINFO_SACL) { sd->sacl = new_sd->sacl; + if (!(access_mask & SEC_FLAG_SYSTEM_SECURITY)) { + return NT_STATUS_ACCESS_DENIED; + } pvfs_translate_generic_bits(sd->sacl); } + if (uid != -1 || gid != -1) { + int ret; + if (fd == -1) { + ret = chown(name->full_name, uid, gid); + } else { + ret = fchown(fd, uid, gid); + } + if (ret == -1) { + return pvfs_map_errno(pvfs, errno); + } + } + status = pvfs_acl_save(pvfs, name, fd, acl); return status; -- cgit From d4b16573966d2b5e45a3a83d75fe0827ce9dc4be Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 1 Jan 2005 04:25:46 +0000 Subject: r4464: added pvfs backend support for the special CREATOR_OWNER and CREATOR_GROUP inheritance rules (This used to be commit 0a29fb45c310b4b8c348d187b8ff1833deaac6c3) --- source4/ntvfs/posix/pvfs_acl.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index ce5f3a248b..ba5fa96b07 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -470,11 +470,15 @@ static NTSTATUS pvfs_acl_inherit_aces(struct pvfs_state *pvfs, for (i=0;idacl->num_aces;i++) { struct security_ace ace = parent_sd->dacl->aces[i]; NTSTATUS status; + const struct dom_sid *creator = NULL, *new_id = NULL; + uint32_t orig_flags; if (!pvfs_inheritable_ace(pvfs, &ace, container)) { continue; } + orig_flags = ace.flags; + /* see the RAW-ACLS inheritance test for details on these rules */ if (!container) { ace.flags = 0; @@ -489,7 +493,39 @@ static NTSTATUS pvfs_acl_inherit_aces(struct pvfs_state *pvfs, } } - status = security_descriptor_dacl_add(sd, &ace); + /* the CREATOR sids are special when inherited */ + if (dom_sid_equal(&ace.trustee, pvfs->sid_cache.creator_owner)) { + creator = pvfs->sid_cache.creator_owner; + new_id = sd->owner_sid; + } else if (dom_sid_equal(&ace.trustee, pvfs->sid_cache.creator_group)) { + creator = pvfs->sid_cache.creator_group; + new_id = sd->group_sid; + } else { + new_id = &ace.trustee; + } + + if (creator && container && + (ace.flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) { + uint32_t flags = ace.flags; + + ace.trustee = *new_id; + ace.flags = 0; + status = security_descriptor_dacl_add(sd, &ace); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + ace.trustee = *creator; + ace.flags = flags | SEC_ACE_FLAG_INHERIT_ONLY; + status = security_descriptor_dacl_add(sd, &ace); + } else if (container && + !(orig_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { + status = security_descriptor_dacl_add(sd, &ace); + } else { + ace.trustee = *new_id; + status = security_descriptor_dacl_add(sd, &ace); + } + if (!NT_STATUS_IS_OK(status)) { return status; } -- cgit From 586949362684864a18f9a56b5a96f7c4b8331281 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 3 Jan 2005 07:57:05 +0000 Subject: r4501: when copying files it is common for clients to copy the ACL. When the ACL is the default ACL this menas the copied file would have an xattr but the original would not. Avoid this by checking if the ACL being set is the original ACL, and avoid the copy. (This used to be commit 1df985a49b200a41eed39023aa668afb233f2e53) --- source4/ntvfs/posix/pvfs_acl.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index ba5fa96b07..86a9a56ee9 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -190,7 +190,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, { struct xattr_NTACL *acl; uint32_t secinfo_flags = info->set_secdesc.in.secinfo_flags; - struct security_descriptor *new_sd, *sd; + struct security_descriptor *new_sd, *sd, orig_sd; NTSTATUS status; uid_t uid = -1; gid_t gid = -1; @@ -217,6 +217,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, } new_sd = info->set_secdesc.in.sd; + orig_sd = *sd; uid = name->st.st_uid; gid = name->st.st_gid; @@ -265,7 +266,12 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, } } - status = pvfs_acl_save(pvfs, name, fd, acl); + /* we avoid saving if the sd is the same. This means when clients + copy files and end up copying the default sd that we don't + needlessly use xattrs */ + if (!security_descriptor_equal(sd, &orig_sd)) { + status = pvfs_acl_save(pvfs, name, fd, acl); + } return status; } -- cgit From ad7da47948a5a3ed2c3fc18392b83c059bec5b6e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 7 Jan 2005 02:14:34 +0000 Subject: r4584: fix pvfs backend to pass the new enhanced RAW-ACLS test. Easy once I really the strange behaviour I saw was a w2k3 bug :-) (This used to be commit e729061bcde25d0565a72222e4720ca8074ef23f) --- source4/ntvfs/posix/pvfs_acl.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 86a9a56ee9..5d8225f8ec 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -392,6 +392,8 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, /* expand the generic access bits to file specific bits */ *access_mask = pvfs_translate_mask(*access_mask); + *access_mask &= ~SEC_FILE_READ_ATTRIBUTE; + /* check the acl against the required access mask */ status = sec_access_check(sd, token, *access_mask, access_mask); @@ -424,7 +426,35 @@ NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, */ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, struct smbsrv_request *req, - struct pvfs_filename *name) + struct pvfs_filename *name, + uint32_t *access_mask) +{ + struct pvfs_filename *parent; + NTSTATUS status; + + status = pvfs_resolve_parent(pvfs, req, name, &parent); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = pvfs_access_check(pvfs, req, parent, access_mask); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (! ((*access_mask) & SEC_DIR_ADD_FILE)) { + return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE); + } + + return status; +} + +/* + access check for creating a new file/directory - no access mask supplied +*/ +NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name) { struct pvfs_filename *parent; NTSTATUS status; @@ -434,7 +464,7 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, return status; } - return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE); + return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE); } -- cgit From c012669b5538dfbc66697da07b5295431a35ac13 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 7 Jan 2005 05:24:38 +0000 Subject: r4595: on create check access against parent not child ... (This used to be commit 5a1a17d3fc771b1e1c61297067f38c87901891d3) --- source4/ntvfs/posix/pvfs_acl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 5d8225f8ec..590c9c18b5 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -443,7 +443,7 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, } if (! ((*access_mask) & SEC_DIR_ADD_FILE)) { - return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE); + return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE); } return status; @@ -464,7 +464,7 @@ NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs, return status; } - return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE); + return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE); } -- cgit From 3feb4423f3ec35dd3dfa2c358797a4f6a86b2fb5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 9 Jan 2005 08:27:35 +0000 Subject: r4615: added acl checking on directory search in pvfs (This used to be commit 0e61a422bd9a1596a284c176f033e958bbeaa8ce) --- source4/ntvfs/posix/pvfs_acl.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 590c9c18b5..e38f2c9ecb 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -452,9 +452,10 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, /* access check for creating a new file/directory - no access mask supplied */ -NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs, - struct smbsrv_request *req, - struct pvfs_filename *name) +NTSTATUS pvfs_access_check_parent(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, + uint32_t access_mask) { struct pvfs_filename *parent; NTSTATUS status; @@ -464,7 +465,7 @@ NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs, return status; } - return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE); + return pvfs_access_check_simple(pvfs, req, parent, access_mask); } -- cgit From 759da3b915e2006d4c87b5ace47f399accd9ce91 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 27 Jan 2005 07:08:20 +0000 Subject: r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0) --- source4/ntvfs/posix/pvfs_acl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index e38f2c9ecb..c2856ad292 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -195,7 +195,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, uid_t uid = -1; gid_t gid = -1; - acl = talloc_p(req, struct xattr_NTACL); + acl = talloc(req, struct xattr_NTACL); if (acl == NULL) { return NT_STATUS_NO_MEMORY; } @@ -289,7 +289,7 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; - acl = talloc_p(req, struct xattr_NTACL); + acl = talloc(req, struct xattr_NTACL); if (acl == NULL) { return NT_STATUS_NO_MEMORY; } @@ -367,7 +367,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; - acl = talloc_p(req, struct xattr_NTACL); + acl = talloc(req, struct xattr_NTACL); if (acl == NULL) { return NT_STATUS_NO_MEMORY; } @@ -595,7 +595,7 @@ NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, return status; } - acl = talloc_p(req, struct xattr_NTACL); + acl = talloc(req, struct xattr_NTACL); if (acl == NULL) { return NT_STATUS_NO_MEMORY; } -- cgit From cc869963e8db57ac4048c3a4bc9f943582574c99 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 27 Jan 2005 23:22:12 +0000 Subject: r5050: make sure we translate the generic to the specific bits before doing a pvfs_access_check_unix(). Fixes a problem with the cifsfs filesystem (This used to be commit 8ebc61a2297176515d767ef0f67ec912293ab905) --- source4/ntvfs/posix/pvfs_acl.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index c2856ad292..258d4e5bcb 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -372,6 +372,10 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, return NT_STATUS_NO_MEMORY; } + /* expand the generic access bits to file specific bits */ + *access_mask = pvfs_translate_mask(*access_mask); + *access_mask &= ~SEC_FILE_READ_ATTRIBUTE; + status = pvfs_acl_load(pvfs, name, -1, acl); if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { talloc_free(acl); @@ -389,11 +393,6 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, return NT_STATUS_INVALID_ACL; } - /* expand the generic access bits to file specific bits */ - *access_mask = pvfs_translate_mask(*access_mask); - - *access_mask &= ~SEC_FILE_READ_ATTRIBUTE; - /* check the acl against the required access mask */ status = sec_access_check(sd, token, *access_mask, access_mask); -- cgit From e82aad1ce39a6b7a2e51b9e2cb494d74ec70e158 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 10 Feb 2005 05:09:35 +0000 Subject: r5298: - got rid of pstring.h from includes.h. This at least makes it a bit less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f) --- source4/ntvfs/posix/pvfs_acl.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 258d4e5bcb..7e4b07a941 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -22,7 +22,6 @@ #include "includes.h" #include "auth/auth.h" -#include "system/filesys.h" #include "vfs_posix.h" #include "librpc/gen_ndr/ndr_xattr.h" -- cgit From d9c15b0f280621fca844c0e8482b5e95f4ad2d11 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 14 Apr 2005 13:19:40 +0000 Subject: r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machines Thanks to lars and agruen for finding this (This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 7e4b07a941..33756bc8bc 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -309,7 +309,7 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, return NT_STATUS_INVALID_ACL; } - normalise_sd_flags(sd, info->query_secdesc.in.secinfo_flags); + normalise_sd_flags(sd, info->query_secdesc.secinfo_flags); info->query_secdesc.out.sd = sd; -- cgit From 4ac2be99588b48b0652a524bf12fb1aa9c3f5fbb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 11:07:23 +0000 Subject: r13924: Split more prototypes out of include/proto.h + initial work on header file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781) --- source4/ntvfs/posix/pvfs_acl.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 33756bc8bc..a5cd919ba3 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -24,6 +24,7 @@ #include "auth/auth.h" #include "vfs_posix.h" #include "librpc/gen_ndr/ndr_xattr.h" +#include "libcli/security/proto.h" /* -- cgit From 86497db6113c4ec3210d671c3fcf957d1026098c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 10 Mar 2006 14:31:17 +0000 Subject: r14157: - pass a struct ntvfs_request to the ntvfs layer (for now we just do #define ntvfs_request smbsrv_request, but it's the first step...) - rename ntvfs_openfile() -> ntvfs_open() - fix the talloc hierachie in some places in the ntvfs_map_*() code metze (This used to be commit ed9ed1f48f602354810937c0b0de850b44322191) --- source4/ntvfs/posix/pvfs_acl.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index a5cd919ba3..a03499b733 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -63,7 +63,7 @@ static void pvfs_translate_generic_bits(struct security_acl *acl) setup a default ACL for a file */ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct pvfs_filename *name, int fd, struct xattr_NTACL *acl) { @@ -183,7 +183,7 @@ static void normalise_sd_flags(struct security_descriptor *sd, uint32_t secinfo_ answer a setfileinfo for an ACL */ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct pvfs_filename *name, int fd, uint32_t access_mask, union smb_setfileinfo *info) @@ -281,7 +281,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, answer a fileinfo query for the ACL */ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct pvfs_filename *name, int fd, union smb_fileinfo *info) { @@ -325,7 +325,7 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, specific NT ACL */ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct pvfs_filename *name, uint32_t *access_mask) { @@ -358,7 +358,7 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, *access_mask is modified with the access actually granted */ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct pvfs_filename *name, uint32_t *access_mask) { @@ -410,7 +410,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, do not take or return an access check mask */ NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct pvfs_filename *name, uint32_t access_needed) { @@ -424,7 +424,7 @@ NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, access check for creating a new file/directory */ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct pvfs_filename *name, uint32_t *access_mask) { @@ -452,7 +452,7 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, access check for creating a new file/directory - no access mask supplied */ NTSTATUS pvfs_access_check_parent(struct pvfs_state *pvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct pvfs_filename *name, uint32_t access_mask) { @@ -578,7 +578,7 @@ static NTSTATUS pvfs_acl_inherit_aces(struct pvfs_state *pvfs, as the default ACL applies anyway */ NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct pvfs_filename *name, int fd) { -- cgit From 307e43bb5628e8b53a930c2928279af994281ba5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 10 Mar 2006 20:49:20 +0000 Subject: r14173: change smb interface structures to always use a union smb_file, to abtract - const char *path fot qpathinfo and setpathinfo - uint16_t fnum for SMB - smb2_handle handle for SMB2 the idea is to later add a struct ntvfs_handle *ntvfs so that the ntvfs subsystem don't need to know the difference between SMB and SMB2 metze (This used to be commit 2ef3f5970901b5accdb50f0d0115b5d46b0c788f) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index a03499b733..246290ae91 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -310,7 +310,7 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, return NT_STATUS_INVALID_ACL; } - normalise_sd_flags(sd, info->query_secdesc.secinfo_flags); + normalise_sd_flags(sd, info->query_secdesc.in.secinfo_flags); info->query_secdesc.out.sd = sd; -- cgit From 8528016978b084213ef53d66e1b6e831b1a01acc Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 16 Mar 2006 00:23:11 +0000 Subject: r14464: Don't include ndr_BASENAME.h files unless strictly required, instead try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 246290ae91..84ad62fcc8 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -23,7 +23,7 @@ #include "includes.h" #include "auth/auth.h" #include "vfs_posix.h" -#include "librpc/gen_ndr/ndr_xattr.h" +#include "librpc/gen_ndr/xattr.h" #include "libcli/security/proto.h" -- cgit From d3087451c4ec25171ba956fe2cd4e1d0f64f7edc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 16 Mar 2006 18:54:19 +0000 Subject: r14487: split smbsrv_request into two parts, one will be moved to ntvfs_request but I don't to get the commit to large, to I'll do this tomorrow... metze (This used to be commit 10e627032d7d04f1ebf6efed248c426614f5aa6f) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 84ad62fcc8..f7647ae3e4 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -362,7 +362,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, struct pvfs_filename *name, uint32_t *access_mask) { - struct security_token *token = req->session->session_info->security_token; + struct security_token *token = req->session_info->security_token; struct xattr_NTACL *acl; NTSTATUS status; struct security_descriptor *sd; -- cgit From 1af925f394b1084779f5b1b5a10c2ec512d7e5be Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 2 Apr 2006 12:02:01 +0000 Subject: r14860: create libcli/security/security.h metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index f7647ae3e4..53ee63dc0a 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -24,7 +24,7 @@ #include "auth/auth.h" #include "vfs_posix.h" #include "librpc/gen_ndr/xattr.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" /* -- cgit From 0dd63e0432d185c1f2397c7cc95489c2d50fc2c5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Apr 2006 11:34:39 +0000 Subject: r15069: - don't crash on a NULL acl - add the correct access checks for changing sd->group and sd->dacl metze (This used to be commit 2a61f65cd4084bf690caccf87efaf46551a13aee) --- source4/ntvfs/posix/pvfs_acl.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 53ee63dc0a..90c357934c 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -52,6 +52,8 @@ static void pvfs_translate_generic_bits(struct security_acl *acl) { unsigned i; + if (!acl) return; + for (i=0;inum_aces;i++) { struct security_ace *ace = &acl->aces[i]; ace->access_mask = pvfs_translate_mask(ace->access_mask); @@ -236,6 +238,9 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, } if ((secinfo_flags & SECINFO_GROUP) && !dom_sid_equal(sd->group_sid, new_sd->group_sid)) { + if (!(access_mask & SEC_STD_WRITE_OWNER)) { + return NT_STATUS_ACCESS_DENIED; + } sd->group_sid = new_sd->group_sid; status = sidmap_sid_to_unixgid(pvfs->sidmap, sd->owner_sid, &gid); if (!NT_STATUS_IS_OK(status)) { @@ -243,14 +248,17 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, } } if (secinfo_flags & SECINFO_DACL) { + if (!(access_mask & SEC_STD_WRITE_DAC)) { + return NT_STATUS_ACCESS_DENIED; + } sd->dacl = new_sd->dacl; pvfs_translate_generic_bits(sd->dacl); } if (secinfo_flags & SECINFO_SACL) { - sd->sacl = new_sd->sacl; if (!(access_mask & SEC_FLAG_SYSTEM_SECURITY)) { return NT_STATUS_ACCESS_DENIED; } + sd->sacl = new_sd->sacl; pvfs_translate_generic_bits(sd->sacl); } -- cgit From 732027b87a25e1b0d2df3335bab95be90b6cc984 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Apr 2006 12:03:05 +0000 Subject: r15071: fix typo metze (This used to be commit fde8922947551f5f7d50607c5c83feba062138c8) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 90c357934c..c2afdbec24 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -242,7 +242,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, return NT_STATUS_ACCESS_DENIED; } sd->group_sid = new_sd->group_sid; - status = sidmap_sid_to_unixgid(pvfs->sidmap, sd->owner_sid, &gid); + status = sidmap_sid_to_unixgid(pvfs->sidmap, sd->group_sid, &gid); if (!NT_STATUS_IS_OK(status)) { return status; } -- cgit From 44ba1055031404c2e11247b4b70c8306ffecd094 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 18 Apr 2006 08:33:48 +0000 Subject: r15118: - do access checks also when the owner and group are not changed - only call chown/fchown when we want to change something metze (This used to be commit 46b3096d938331a2339a876649bc6cbfec883cb2) --- source4/ntvfs/posix/pvfs_acl.c | 47 +++++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 19 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index c2afdbec24..3826b2f157 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -194,8 +194,10 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, uint32_t secinfo_flags = info->set_secdesc.in.secinfo_flags; struct security_descriptor *new_sd, *sd, orig_sd; NTSTATUS status; - uid_t uid = -1; - gid_t gid = -1; + uid_t old_uid = -1; + gid_t old_gid = -1; + uid_t new_uid = -1; + gid_t new_gid = -1; acl = talloc(req, struct xattr_NTACL); if (acl == NULL) { @@ -221,31 +223,29 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, new_sd = info->set_secdesc.in.sd; orig_sd = *sd; - uid = name->st.st_uid; - gid = name->st.st_gid; + old_uid = name->st.st_uid; + old_gid = name->st.st_gid; /* only set the elements that have been specified */ - if ((secinfo_flags & SECINFO_OWNER) && - !dom_sid_equal(sd->owner_sid, new_sd->owner_sid)) { + if (secinfo_flags & SECINFO_OWNER) { if (!(access_mask & SEC_STD_WRITE_OWNER)) { return NT_STATUS_ACCESS_DENIED; } - sd->owner_sid = new_sd->owner_sid; - status = sidmap_sid_to_unixuid(pvfs->sidmap, sd->owner_sid, &uid); - if (!NT_STATUS_IS_OK(status)) { - return status; + if (!dom_sid_equal(sd->owner_sid, new_sd->owner_sid)) { + status = sidmap_sid_to_unixuid(pvfs->sidmap, new_sd->owner_sid, &new_uid); + NT_STATUS_NOT_OK_RETURN(status); } + sd->owner_sid = new_sd->owner_sid; } - if ((secinfo_flags & SECINFO_GROUP) && - !dom_sid_equal(sd->group_sid, new_sd->group_sid)) { + if (secinfo_flags & SECINFO_GROUP) { if (!(access_mask & SEC_STD_WRITE_OWNER)) { return NT_STATUS_ACCESS_DENIED; } - sd->group_sid = new_sd->group_sid; - status = sidmap_sid_to_unixgid(pvfs->sidmap, sd->group_sid, &gid); - if (!NT_STATUS_IS_OK(status)) { - return status; + if (!dom_sid_equal(sd->group_sid, new_sd->group_sid)) { + status = sidmap_sid_to_unixgid(pvfs->sidmap, new_sd->group_sid, &new_gid); + NT_STATUS_NOT_OK_RETURN(status); } + sd->group_sid = new_sd->group_sid; } if (secinfo_flags & SECINFO_DACL) { if (!(access_mask & SEC_STD_WRITE_DAC)) { @@ -262,12 +262,21 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, pvfs_translate_generic_bits(sd->sacl); } - if (uid != -1 || gid != -1) { + if (new_uid == old_uid) { + new_uid = -1; + } + + if (new_gid == old_gid) { + new_gid = -1; + } + + /* if there's something to change try it */ + if (new_uid != -1 || new_gid != -1) { int ret; if (fd == -1) { - ret = chown(name->full_name, uid, gid); + ret = chown(name->full_name, new_uid, new_gid); } else { - ret = fchown(fd, uid, gid); + ret = fchown(fd, new_uid, new_gid); } if (ret == -1) { return pvfs_map_errno(pvfs, errno); -- cgit From 0f2c93016d870adc4eb4e7072c05a8ef8273cb0c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 21 May 2006 12:56:49 +0000 Subject: r15774: take care of the SYSTEM_SECURITY flag metze (This used to be commit 98f58d710a4fe1cd3581b1fb25c4f0c0236b5092) --- source4/ntvfs/posix/pvfs_acl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 3826b2f157..3d276431dc 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -350,7 +350,9 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL; /* owner and root get extra permissions */ - if (uid == 0 || uid == name->st.st_uid) { + if (uid == 0) { + max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY; + } else if (uid == name->st.st_uid) { max_bits |= SEC_STD_ALL; } @@ -359,6 +361,10 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, return NT_STATUS_OK; } + if (uid != 0 && (*access_mask & SEC_FLAG_SYSTEM_SECURITY)) { + return NT_STATUS_PRIVILEGE_NOT_HELD; + } + if (*access_mask & ~max_bits) { return NT_STATUS_ACCESS_DENIED; } -- cgit From 9c53e146020c16e2a26e24fb327d69ed8da14c8e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 16 Sep 2006 15:31:53 +0000 Subject: r18580: map the PVFS_FLAG_READONLY bit in the posix backend onto NT_STATUS_ACCESS_DENIED in the access mask checks (This used to be commit ceffc34f3e9f47a8a44dad52054688f9855eeb37) --- source4/ntvfs/posix/pvfs_acl.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 3d276431dc..1dd40c0e06 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -349,6 +349,13 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, uid_t uid = geteuid(); uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL; + if ((pvfs->flags & PVFS_FLAG_READONLY) && + ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | + SEC_DIR_DELETE_CHILD))) { + return NT_STATUS_ACCESS_DENIED; + } + /* owner and root get extra permissions */ if (uid == 0) { max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY; @@ -390,6 +397,13 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; + if ((pvfs->flags & PVFS_FLAG_READONLY) && + ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | + SEC_DIR_DELETE_CHILD))) { + return NT_STATUS_ACCESS_DENIED; + } + acl = talloc(req, struct xattr_NTACL); if (acl == NULL) { return NT_STATUS_NO_MEMORY; -- cgit From c5e67b855560b85040c6caa17e0cab641b0e273e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 16 Sep 2006 15:37:45 +0000 Subject: r18581: also check for SEC_STD_DELETE, and split out the check into a separate static function (This used to be commit 024ca6a91cdf2c0f8999c220b4459a72c45bfd32) --- source4/ntvfs/posix/pvfs_acl.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 1dd40c0e06..62ef196977 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -335,6 +335,25 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, } +/* + check the read only bit against any of the write access bits +*/ +static BOOL pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask) +{ + if ((pvfs->flags & PVFS_FLAG_READONLY) && + (access_mask & (SEC_FILE_WRITE_DATA | + SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | + SEC_FILE_WRITE_ATTRIBUTE | + SEC_STD_DELETE | + SEC_STD_WRITE_DAC | + SEC_STD_WRITE_OWNER | + SEC_DIR_DELETE_CHILD))) { + return True; + } + return False; +} + /* default access check function based on unix permissions doing this saves on building a full security descriptor @@ -349,10 +368,7 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, uid_t uid = geteuid(); uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL; - if ((pvfs->flags & PVFS_FLAG_READONLY) && - ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | - SEC_DIR_DELETE_CHILD))) { + if (pvfs_read_only(pvfs, *access_mask)) { return NT_STATUS_ACCESS_DENIED; } @@ -397,10 +413,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; - if ((pvfs->flags & PVFS_FLAG_READONLY) && - ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | - SEC_DIR_DELETE_CHILD))) { + if (pvfs_read_only(pvfs, *access_mask)) { return NT_STATUS_ACCESS_DENIED; } -- cgit From 2338e978322510d5b6def6edac40a868e4945d2e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 9 Oct 2006 11:13:49 +0000 Subject: r19199: split out the xattr NTACL code into a separate part of the posix backend, allowing other ACL backends to be added. The xattr backend is still the default backend (This used to be commit 90f044e63b12d32228310c7529382198bd7e6dfe) --- source4/ntvfs/posix/pvfs_acl.c | 108 ++++++++++++++++++++++++++--------------- 1 file changed, 68 insertions(+), 40 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 62ef196977..1a3fc184de 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -27,6 +27,60 @@ #include "libcli/security/security.h" +/* the list of currently registered ACL backends */ +static struct pvfs_acl_backend { + const struct pvfs_acl_ops *ops; +} *backends = NULL; +static int num_backends; + +/* + register a pvfs acl backend. + + The 'name' can be later used by other backends to find the operations + structure for this backend. +*/ +_PUBLIC_ NTSTATUS pvfs_acl_register(const struct pvfs_acl_ops *ops) +{ + struct pvfs_acl_ops *new_ops; + + if (pvfs_acl_backend_byname(ops->name) != NULL) { + DEBUG(0,("pvfs acl backend '%s' already registered\n", ops->name)); + return NT_STATUS_OBJECT_NAME_COLLISION; + } + + backends = talloc_realloc(talloc_autofree_context(), backends, struct pvfs_acl_backend, num_backends+1); + NT_STATUS_HAVE_NO_MEMORY(backends); + + new_ops = talloc_memdup(backends, ops, sizeof(*ops)); + new_ops->name = talloc_strdup(new_ops, ops->name); + + backends[num_backends].ops = new_ops; + + num_backends++; + + DEBUG(3,("NTVFS backend '%s' registered\n", ops->name)); + + return NT_STATUS_OK; +} + + +/* + return the operations structure for a named backend +*/ +_PUBLIC_ const struct pvfs_acl_ops *pvfs_acl_backend_byname(const char *name) +{ + int i; + + for (i=0;iname, name) == 0) { + return backends[i].ops; + } + } + + return NULL; +} + + /* map a single access_mask from generic to specific bits for files/dirs */ @@ -67,17 +121,18 @@ static void pvfs_translate_generic_bits(struct security_acl *acl) static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, struct ntvfs_request *req, struct pvfs_filename *name, int fd, - struct xattr_NTACL *acl) + struct security_descriptor **psd) { struct security_descriptor *sd; NTSTATUS status; struct security_ace ace; mode_t mode; - sd = security_descriptor_initialise(req); - if (sd == NULL) { + *psd = security_descriptor_initialise(req); + if (*psd == NULL) { return NT_STATUS_NO_MEMORY; } + sd = *psd; status = sidmap_uid_to_sid(pvfs->sidmap, sd, name->st.st_uid, &sd->owner_sid); if (!NT_STATUS_IS_OK(status)) { @@ -154,9 +209,6 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, ace.access_mask = SEC_RIGHTS_FILE_ALL; security_descriptor_dacl_add(sd, &ace); - acl->version = 1; - acl->info.sd = sd; - return NT_STATUS_OK; } @@ -190,36 +242,24 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, uint32_t access_mask, union smb_setfileinfo *info) { - struct xattr_NTACL *acl; uint32_t secinfo_flags = info->set_secdesc.in.secinfo_flags; struct security_descriptor *new_sd, *sd, orig_sd; - NTSTATUS status; + NTSTATUS status = NT_STATUS_NOT_FOUND; uid_t old_uid = -1; gid_t old_gid = -1; uid_t new_uid = -1; gid_t new_gid = -1; - acl = talloc(req, struct xattr_NTACL); - if (acl == NULL) { - return NT_STATUS_NO_MEMORY; + if (pvfs->acl_ops != NULL) { + status = pvfs->acl_ops->acl_load(pvfs, name, fd, req, &sd); } - - status = pvfs_acl_load(pvfs, name, fd, acl); if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { - status = pvfs_default_acl(pvfs, req, name, fd, acl); + status = pvfs_default_acl(pvfs, req, name, fd, &sd); } if (!NT_STATUS_IS_OK(status)) { return status; } - switch (acl->version) { - case 1: - sd = acl->info.sd; - break; - default: - return NT_STATUS_INVALID_ACL; - } - new_sd = info->set_secdesc.in.sd; orig_sd = *sd; @@ -286,8 +326,8 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, /* we avoid saving if the sd is the same. This means when clients copy files and end up copying the default sd that we don't needlessly use xattrs */ - if (!security_descriptor_equal(sd, &orig_sd)) { - status = pvfs_acl_save(pvfs, name, fd, acl); + if (!security_descriptor_equal(sd, &orig_sd) && pvfs->acl_ops) { + status = pvfs->acl_ops->acl_save(pvfs, name, fd, sd); } return status; @@ -302,31 +342,19 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd, union smb_fileinfo *info) { - struct xattr_NTACL *acl; - NTSTATUS status; + NTSTATUS status = NT_STATUS_NOT_FOUND; struct security_descriptor *sd; - acl = talloc(req, struct xattr_NTACL); - if (acl == NULL) { - return NT_STATUS_NO_MEMORY; + if (pvfs->acl_ops) { + status = pvfs->acl_ops->acl_load(pvfs, name, fd, req, &sd); } - - status = pvfs_acl_load(pvfs, name, fd, acl); if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { - status = pvfs_default_acl(pvfs, req, name, fd, acl); + status = pvfs_default_acl(pvfs, req, name, fd, &sd); } if (!NT_STATUS_IS_OK(status)) { return status; } - switch (acl->version) { - case 1: - sd = acl->info.sd; - break; - default: - return NT_STATUS_INVALID_ACL; - } - normalise_sd_flags(sd, info->query_secdesc.in.secinfo_flags); info->query_secdesc.out.sd = sd; -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/ntvfs/posix/pvfs_acl.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 1a3fc184de..4302b7f890 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 2151cde58014ea2e822c13d2f8a369b45dc19ca8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 22:28:14 +0000 Subject: r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9) --- source4/ntvfs/posix/pvfs_acl.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 4302b7f890..f19dc1f41f 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -365,7 +365,7 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, /* check the read only bit against any of the write access bits */ -static BOOL pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask) +static bool pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask) { if ((pvfs->flags & PVFS_FLAG_READONLY) && (access_mask & (SEC_FILE_WRITE_DATA | @@ -376,9 +376,9 @@ static BOOL pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask) SEC_STD_WRITE_DAC | SEC_STD_WRITE_OWNER | SEC_DIR_DELETE_CHILD))) { - return True; + return true; } - return False; + return false; } /* @@ -548,24 +548,24 @@ NTSTATUS pvfs_access_check_parent(struct pvfs_state *pvfs, /* determine if an ACE is inheritable */ -static BOOL pvfs_inheritable_ace(struct pvfs_state *pvfs, +static bool pvfs_inheritable_ace(struct pvfs_state *pvfs, const struct security_ace *ace, - BOOL container) + bool container) { if (!container) { return (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) != 0; } if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) { - return True; + return true; } if ((ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) && !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { - return True; + return true; } - return False; + return false; } /* @@ -576,7 +576,7 @@ static BOOL pvfs_inheritable_ace(struct pvfs_state *pvfs, static NTSTATUS pvfs_acl_inherit_aces(struct pvfs_state *pvfs, struct security_descriptor *parent_sd, struct security_descriptor *sd, - BOOL container) + bool container) { int i; @@ -663,7 +663,7 @@ NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, NTSTATUS status; struct pvfs_filename *parent; struct security_descriptor *parent_sd, *sd; - BOOL container; + bool container; /* form the parents path */ status = pvfs_resolve_parent(pvfs, req, name, &parent); @@ -716,7 +716,7 @@ NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, sd->type |= SEC_DESC_DACL_PRESENT; - container = (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) ? True:False; + container = (name->dos.attrib & FILE_ATTRIBUTE_DIRECTORY) ? true:false; /* fill in the aces from the parent */ status = pvfs_acl_inherit_aces(pvfs, parent_sd, sd, container); -- cgit From afe3e8172ddaa5e4aa811faceecda4f943d6e2ef Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 2 Apr 2008 04:53:27 +0200 Subject: Install public header files again and include required prototypes. (This used to be commit 47ffbbf67435904754469544390b67d34c958343) --- source4/ntvfs/posix/pvfs_acl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index f19dc1f41f..5070f6852d 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -38,7 +38,7 @@ static int num_backends; The 'name' can be later used by other backends to find the operations structure for this backend. */ -_PUBLIC_ NTSTATUS pvfs_acl_register(const struct pvfs_acl_ops *ops) +NTSTATUS pvfs_acl_register(const struct pvfs_acl_ops *ops) { struct pvfs_acl_ops *new_ops; @@ -66,7 +66,7 @@ _PUBLIC_ NTSTATUS pvfs_acl_register(const struct pvfs_acl_ops *ops) /* return the operations structure for a named backend */ -_PUBLIC_ const struct pvfs_acl_ops *pvfs_acl_backend_byname(const char *name) +const struct pvfs_acl_ops *pvfs_acl_backend_byname(const char *name) { int i; -- cgit From 4133bd85e9f5860712cf392ccac36f30f9e423de Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 28 Mar 2008 23:29:01 +0100 Subject: ntvfs: Use wbclient for pvfs_acl and pvfs_acl_nfs4 (This used to be commit ac5e5fee1db2999053dee82d1fcf97ca8799c9b5) --- source4/ntvfs/posix/pvfs_acl.c | 100 +++++++++++++++++++++++++++++++++-------- 1 file changed, 82 insertions(+), 18 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 5070f6852d..2393a2e7a3 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -126,6 +126,8 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, NTSTATUS status; struct security_ace ace; mode_t mode; + struct id_mapping *ids; + struct composite_context *ctx; *psd = security_descriptor_initialise(req); if (*psd == NULL) { @@ -133,15 +135,33 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, } sd = *psd; - status = sidmap_uid_to_sid(pvfs->sidmap, sd, name->st.st_uid, &sd->owner_sid); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - status = sidmap_gid_to_sid(pvfs->sidmap, sd, name->st.st_gid, &sd->group_sid); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + ids = talloc_array(sd, struct id_mapping, 2); + NT_STATUS_HAVE_NO_MEMORY(ids); + + ids[0].unixid = talloc(ids, struct unixid); + NT_STATUS_HAVE_NO_MEMORY(ids[0].unixid); + + ids[0].unixid->id = name->st.st_uid; + ids[0].unixid->type = ID_TYPE_UID; + ids[0].sid = NULL; + ids[1].unixid = talloc(ids, struct unixid); + NT_STATUS_HAVE_NO_MEMORY(ids[1].unixid); + + ids[1].unixid->id = name->st.st_gid; + ids[1].unixid->type = ID_TYPE_GID; + ids[1].sid = NULL; + + ctx = wbc_xids_to_sids_send(pvfs->wbc_ctx, ids, 2, ids); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + status = wbc_xids_to_sids_recv(ctx, &ids); + NT_STATUS_NOT_OK_RETURN(status); + + sd->owner_sid = talloc_steal(sd, ids[0].sid); + sd->group_sid = talloc_steal(sd, ids[1].sid); + + talloc_free(ids); sd->type |= SEC_DESC_DACL_PRESENT; mode = name->st.st_mode; @@ -248,6 +268,8 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, gid_t old_gid = -1; uid_t new_uid = -1; gid_t new_gid = -1; + struct id_mapping *ids; + struct composite_context *ctx; if (pvfs->acl_ops != NULL) { status = pvfs->acl_ops->acl_load(pvfs, name, fd, req, &sd); @@ -259,6 +281,12 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, return status; } + ids = talloc(req, struct id_mapping); + NT_STATUS_HAVE_NO_MEMORY(ids); + ids->unixid = NULL; + ids->sid = NULL; + ids->status = NT_STATUS_NONE_MAPPED; + new_sd = info->set_secdesc.in.sd; orig_sd = *sd; @@ -271,8 +299,16 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, return NT_STATUS_ACCESS_DENIED; } if (!dom_sid_equal(sd->owner_sid, new_sd->owner_sid)) { - status = sidmap_sid_to_unixuid(pvfs->sidmap, new_sd->owner_sid, &new_uid); + ids->sid = new_sd->owner_sid; + ctx = wbc_sids_to_xids_send(pvfs->wbc_ctx, ids, 1, ids); + NT_STATUS_HAVE_NO_MEMORY(ctx); + status = wbc_sids_to_xids_recv(ctx, &ids); NT_STATUS_NOT_OK_RETURN(status); + + if (ids->unixid->type == ID_TYPE_BOTH || + ids->unixid->type == ID_TYPE_UID) { + new_uid = ids->unixid->id; + } } sd->owner_sid = new_sd->owner_sid; } @@ -281,8 +317,17 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, return NT_STATUS_ACCESS_DENIED; } if (!dom_sid_equal(sd->group_sid, new_sd->group_sid)) { - status = sidmap_sid_to_unixgid(pvfs->sidmap, new_sd->group_sid, &new_gid); + ids->sid = new_sd->group_sid; + ctx = wbc_sids_to_xids_send(pvfs->wbc_ctx, ids, 1, ids); + NT_STATUS_HAVE_NO_MEMORY(ctx); + status = wbc_sids_to_xids_recv(ctx, &ids); NT_STATUS_NOT_OK_RETURN(status); + + if (ids->unixid->type == ID_TYPE_BOTH || + ids->unixid->type == ID_TYPE_GID) { + new_gid = ids->unixid->id; + } + } sd->group_sid = new_sd->group_sid; } @@ -664,6 +709,8 @@ NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, struct pvfs_filename *parent; struct security_descriptor *parent_sd, *sd; bool container; + struct id_mapping *ids; + struct composite_context *ctx; /* form the parents path */ status = pvfs_resolve_parent(pvfs, req, name, &parent); @@ -705,14 +752,31 @@ NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, return NT_STATUS_NO_MEMORY; } - status = sidmap_uid_to_sid(pvfs->sidmap, sd, name->st.st_uid, &sd->owner_sid); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - status = sidmap_gid_to_sid(pvfs->sidmap, sd, name->st.st_gid, &sd->group_sid); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + ids = talloc_array(sd, struct id_mapping, 2); + NT_STATUS_HAVE_NO_MEMORY(ids); + + ids[0].unixid = talloc(ids, struct unixid); + NT_STATUS_HAVE_NO_MEMORY(ids[0].unixid); + ids[0].unixid->id = name->st.st_uid; + ids[0].unixid->type = ID_TYPE_UID; + ids[0].sid = NULL; + ids[0].status = NT_STATUS_NONE_MAPPED; + + ids[1].unixid = talloc(ids, struct unixid); + NT_STATUS_HAVE_NO_MEMORY(ids[1].unixid); + ids[1].unixid->id = name->st.st_gid; + ids[1].unixid->type = ID_TYPE_GID; + ids[1].sid = NULL; + ids[1].status = NT_STATUS_NONE_MAPPED; + + ctx = wbc_xids_to_sids_send(pvfs->wbc_ctx, ids, 2, ids); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + status = wbc_xids_to_sids_recv(ctx, &ids); + NT_STATUS_NOT_OK_RETURN(status); + + sd->owner_sid = talloc_steal(sd, ids[0].sid); + sd->group_sid = talloc_steal(sd, ids[1].sid); sd->type |= SEC_DESC_DACL_PRESENT; -- cgit From 79af7ff2f7f6fabe8a2a48386088228096e218b4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 14 Apr 2008 18:59:40 +0200 Subject: fixed a valgrind error in id mapping the status field is sent on both call and reply, but was only being initialised on reply (This used to be commit 2ebd7b80998775168959d511fbc987f8b5b7bd34) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 2393a2e7a3..f1e469f790 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -135,7 +135,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, } sd = *psd; - ids = talloc_array(sd, struct id_mapping, 2); + ids = talloc_zero_array(sd, struct id_mapping, 2); NT_STATUS_HAVE_NO_MEMORY(ids); ids[0].unixid = talloc(ids, struct unixid); -- cgit From 9a37e7ed93dabd1880513d10afc1135049f1fb4a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 27 May 2008 14:06:51 +1000 Subject: Vista returns ACCESS_DENIED here (This used to be commit f5068c6e50215f6ea7108d58d783394a315ff14f) --- source4/ntvfs/posix/pvfs_acl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index f1e469f790..507c22f050 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -457,7 +457,7 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, } if (uid != 0 && (*access_mask & SEC_FLAG_SYSTEM_SECURITY)) { - return NT_STATUS_PRIVILEGE_NOT_HELD; + return NT_STATUS_ACCESS_DENIED; } if (*access_mask & ~max_bits) { -- cgit From e42ded24a085a9bfaae0e4973b8dd52681b51a8a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 29 May 2008 18:23:20 +1000 Subject: SEC_FILE_READ_ATTRIBUTE is only automatically granted on SMB, not SMB2 (This used to be commit 7bff0691428ed3f75c1a9cbaae692bc9830640e6) --- source4/ntvfs/posix/pvfs_acl.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 507c22f050..089631a307 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -464,7 +464,11 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, return NT_STATUS_ACCESS_DENIED; } - *access_mask |= SEC_FILE_READ_ATTRIBUTE; + if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) { + /* on SMB, this bit is always granted, even if not + asked for */ + *access_mask |= SEC_FILE_READ_ATTRIBUTE; + } return NT_STATUS_OK; } @@ -518,8 +522,11 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, /* check the acl against the required access mask */ status = sec_access_check(sd, token, *access_mask, access_mask); - /* this bit is always granted, even if not asked for */ - *access_mask |= SEC_FILE_READ_ATTRIBUTE; + if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) { + /* on SMB, this bit is always granted, even if not + asked for */ + *access_mask |= SEC_FILE_READ_ATTRIBUTE; + } talloc_free(acl); -- cgit From c86dc11be6e626fa81f025d7ec78226fb4249cdc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 29 May 2008 19:16:26 +1000 Subject: added support for returning the maximal access MXAC tag in SMB2 create (This used to be commit 4eb49335d5f0319f9aa47ded5215a2977d3336bf) --- source4/ntvfs/posix/pvfs_acl.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 089631a307..623b1ae5e9 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -807,3 +807,15 @@ NTSTATUS pvfs_acl_inherit(struct pvfs_state *pvfs, return status; } + +/* + return the maximum allowed access mask +*/ +NTSTATUS pvfs_access_maximal_allowed(struct pvfs_state *pvfs, + struct ntvfs_request *req, + struct pvfs_filename *name, + uint32_t *maximal_access) +{ + *maximal_access = SEC_FLAG_MAXIMUM_ALLOWED; + return pvfs_access_check(pvfs, req, name, maximal_access); +} -- cgit From f0bc7c07fe3148adee4ee625fcfc24cd5d4cc034 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 29 May 2008 22:22:42 +1000 Subject: don't mask out SEC_FILE_READ_ATTRIBUTE on SMB2 (This used to be commit 1dfa50a48040bdc1166be2dbe1063fd8a79166f8) --- source4/ntvfs/posix/pvfs_acl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 623b1ae5e9..9a9200e4f0 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -500,7 +500,9 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, /* expand the generic access bits to file specific bits */ *access_mask = pvfs_translate_mask(*access_mask); - *access_mask &= ~SEC_FILE_READ_ATTRIBUTE; + if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) { + *access_mask &= ~SEC_FILE_READ_ATTRIBUTE; + } status = pvfs_acl_load(pvfs, name, -1, acl); if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { -- cgit From 98014c5668e3269a059658e433d636213e2b06e6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 28 Jun 2008 10:28:15 +0200 Subject: pvfs: create a pvfs_acl subsystem That means that the pvfs_acl implementations no longer register as ntvfs modules (which was wrong) metze (This used to be commit 89e90556ec57fce24faf0ed3d6fe262edd974b28) --- source4/ntvfs/posix/pvfs_acl.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'source4/ntvfs/posix/pvfs_acl.c') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 9a9200e4f0..57a463aba6 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -24,6 +24,7 @@ #include "vfs_posix.h" #include "librpc/gen_ndr/xattr.h" #include "libcli/security/security.h" +#include "param/param.h" /* the list of currently registered ACL backends */ @@ -79,6 +80,27 @@ const struct pvfs_acl_ops *pvfs_acl_backend_byname(const char *name) return NULL; } +NTSTATUS pvfs_acl_init(struct loadparm_context *lp_ctx) +{ + static bool initialized = false; + extern NTSTATUS pvfs_acl_nfs4_init(void); + extern NTSTATUS pvfs_acl_xattr_init(void); + init_module_fn static_init[] = { STATIC_pvfs_acl_MODULES }; + init_module_fn *shared_init; + + if (initialized) return NT_STATUS_OK; + initialized = true; + + shared_init = load_samba_modules(NULL, lp_ctx, "pvfs_acl"); + + run_init_functions(static_init); + run_init_functions(shared_init); + + talloc_free(shared_init); + + return NT_STATUS_OK; +} + /* map a single access_mask from generic to specific bits for files/dirs -- cgit