From a8a3fec528f6ee9a4a0171fb4186e8dcaba76518 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 1 Dec 2004 11:35:01 +0000 Subject: r4026: added NT ACL checking on pvfs_open() for existing files. I need to work out some way to do a decent test suite for this. (This used to be commit 9a9a0d0e791e4b64f0a35c921729e623b977af47) --- source4/ntvfs/posix/pvfs_acl.c | 80 +++++++++++++++++++++++++++++++++++++++-- source4/ntvfs/posix/pvfs_open.c | 26 +++++++------- 2 files changed, 90 insertions(+), 16 deletions(-) (limited to 'source4') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 2fff6db628..236bc4d98d 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -208,7 +208,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, sd = acl->info.sd; break; default: - return NT_STATUS_INVALID_LEVEL; + return NT_STATUS_INVALID_ACL; } new_sd = info->set_secdesc.in.sd; @@ -263,7 +263,7 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, sd = acl->info.sd; break; default: - return NT_STATUS_INVALID_LEVEL; + return NT_STATUS_INVALID_ACL; } normalise_sd_flags(sd, info->query_secdesc.in.secinfo_flags); @@ -273,3 +273,79 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, return NT_STATUS_OK; } + +/* + default access check function based on unix permissions + doing this saves on building a full security descriptor + for the common case of access check on files with no + specific NT ACL +*/ +NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, + uint32_t *access_mask) +{ + uid_t uid = geteuid(); + uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL; + + /* owner and root get extra permissions */ + if (uid == 0 || uid == name->st.st_uid) { + max_bits |= SEC_STD_ALL; + } + + if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) { + *access_mask = max_bits; + return NT_STATUS_OK; + } + + if (*access_mask & ~max_bits) { + return NT_STATUS_ACCESS_DENIED; + } + + return NT_STATUS_OK; +} + + +/* + check the security descriptor on a file, if any + + *access_mask is modified with the access actually granted +*/ +NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, + uint32_t *access_mask) +{ + struct nt_user_token *token = req->session->session_info->nt_user_token; + struct xattr_NTACL *acl; + NTSTATUS status; + struct security_descriptor *sd; + + acl = talloc_p(req, struct xattr_NTACL); + if (acl == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = pvfs_acl_load(pvfs, name, -1, acl); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + talloc_free(acl); + return pvfs_access_check_unix(pvfs, req, name, access_mask); + } + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + switch (acl->version) { + case 1: + sd = acl->info.sd; + break; + default: + return NT_STATUS_INVALID_ACL; + } + + status = sec_access_check(sd, token, *access_mask, access_mask); + + talloc_free(acl); + + return status; +} diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 4b8de28488..17740f7636 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -862,14 +862,6 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, share_access = io->generic.in.share_access; access_mask = io->generic.in.access_mask; - if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) { - if (name->exists && (name->dos.attrib & FILE_ATTRIBUTE_READONLY)) { - access_mask = SEC_RIGHTS_FILE_READ; - } else { - access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE; - } - } - /* certain create options are not allowed */ if ((create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) && !(access_mask & SEC_STD_DELETE)) { @@ -914,12 +906,6 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, return NT_STATUS_INVALID_PARAMETER; } - if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) { - flags |= O_RDWR; - } else { - flags |= O_RDONLY; - } - if (io->generic.in.file_attr & FILE_ATTRIBUTE_DIRECTORY) { return NT_STATUS_INVALID_PARAMETER; } @@ -949,6 +935,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, return NT_STATUS_CANNOT_DELETE; } + /* check the security descriptor */ + status = pvfs_access_check(pvfs, req, name, &access_mask); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + f = talloc_p(req, struct pvfs_file); if (f == NULL) { return NT_STATUS_NO_MEMORY; @@ -1036,6 +1028,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, f->handle->have_opendb_entry = True; + if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) { + flags |= O_RDWR; + } else { + flags |= O_RDONLY; + } + /* do the actual open */ fd = open(f->handle->name->full_name, flags); if (fd == -1) { -- cgit