*/
#include "includes.h"
+#include "system/filesys.h"
#include "librpc/gen_ndr/ndr_xattr.h"
#include "../libcli/security/security.h"
+#include "smbd/smbd.h"
static uint32_t filter_mode_by_protocol(uint32_t mode)
{
#ifdef S_ISLNK
#if LINKS_READ_ONLY
if (S_ISLNK(sbuf->st_mode) && S_ISDIR(sbuf->st_mode))
- return aRONLY;
+ return FILE_ATTRIBUTE_READONLY;
#endif
#endif
return 0;
if (ro_opts == MAP_READONLY_YES) {
/* Original Samba method - map inverse of user "w" bit. */
if ((smb_fname->st.st_ex_mode & S_IWUSR) == 0) {
- result |= aRONLY;
+ result |= FILE_ATTRIBUTE_READONLY;
}
} else if (ro_opts == MAP_READONLY_PERMISSIONS) {
/* Check actual permissions for read-only. */
if (!can_write_to_file(conn, smb_fname)) {
- result |= aRONLY;
+ result |= FILE_ATTRIBUTE_READONLY;
}
} /* Else never set the readonly bit. */
if (MAP_ARCHIVE(conn) && ((smb_fname->st.st_ex_mode & S_IXUSR) != 0))
- result |= aARCH;
+ result |= FILE_ATTRIBUTE_ARCHIVE;
if (MAP_SYSTEM(conn) && ((smb_fname->st.st_ex_mode & S_IXGRP) != 0))
- result |= aSYSTEM;
+ result |= FILE_ATTRIBUTE_SYSTEM;
if (MAP_HIDDEN(conn) && ((smb_fname->st.st_ex_mode & S_IXOTH) != 0))
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
if (S_ISDIR(smb_fname->st.st_ex_mode))
- result = aDIR | (result & aRONLY);
+ result = FILE_ATTRIBUTE_DIRECTORY | (result & FILE_ATTRIBUTE_READONLY);
result |= set_link_read_only_flag(&smb_fname->st);
DEBUG(8,("dos_mode_from_sbuf returning "));
- if (result & aHIDDEN) DEBUG(8, ("h"));
- if (result & aRONLY ) DEBUG(8, ("r"));
- if (result & aSYSTEM) DEBUG(8, ("s"));
- if (result & aDIR ) DEBUG(8, ("d"));
- if (result & aARCH ) DEBUG(8, ("a"));
+ if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
+ if (result & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
+ if (result & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
+ if (result & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
+ if (result & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
DEBUG(8,("\n"));
return result;
}
if (S_ISDIR(smb_fname->st.st_ex_mode)) {
- dosattr |= aDIR;
+ dosattr |= FILE_ATTRIBUTE_DIRECTORY;
}
/* FILE_ATTRIBUTE_SPARSE is valid on get but not on set. */
*pattr = (uint32)(dosattr & (SAMBA_ATTRIBUTES_MASK|FILE_ATTRIBUTE_SPARSE));
DEBUG(8,("get_ea_dos_attribute returning (0x%x)", dosattr));
- if (dosattr & aHIDDEN) DEBUG(8, ("h"));
- if (dosattr & aRONLY ) DEBUG(8, ("r"));
- if (dosattr & aSYSTEM) DEBUG(8, ("s"));
- if (dosattr & aDIR ) DEBUG(8, ("d"));
- if (dosattr & aARCH ) DEBUG(8, ("a"));
+ if (dosattr & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
+ if (dosattr & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
+ if (dosattr & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
+ if (dosattr & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
+ if (dosattr & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
DEBUG(8,("\n"));
struct xattr_DOSATTRIB dosattrib;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
- files_struct *fsp = NULL;
- bool ret = false;
if (!lp_store_dos_attributes(SNUM(conn))) {
return False;
if (SMB_VFS_SETXATTR(conn, smb_fname->base_name,
SAMBA_XATTR_DOS_ATTRIB, blob.data, blob.length,
0) == -1) {
+ bool ret = false;
+ files_struct *fsp = NULL;
+
if((errno != EPERM) && (errno != EACCES)) {
if (errno == ENOSYS
#if defined(ENOTSUP)
if (!NT_STATUS_IS_OK(open_file_fchmod(conn, smb_fname,
&fsp)))
- return ret;
+ return false;
become_root();
- if (SMB_VFS_SETXATTR(conn, smb_fname->base_name,
+ if (SMB_VFS_FSETXATTR(fsp,
SAMBA_XATTR_DOS_ATTRIB, blob.data,
blob.length, 0) == 0) {
ret = true;
/* Only . and .. are not hidden. */
if (p[0] == '.' && !((p[1] == '\0') ||
(p[1] == '.' && p[2] == '\0'))) {
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
}
}
/* Optimization : Only call is_hidden_path if it's not already
hidden. */
- if (!(result & aHIDDEN) &&
+ if (!(result & FILE_ATTRIBUTE_HIDDEN) &&
IS_HIDDEN_PATH(conn, smb_fname->base_name)) {
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
}
if (result == 0) {
result = filter_mode_by_protocol(result);
+ /*
+ * Add in that it is a reparse point
+ */
+ result |= FILE_ATTRIBUTE_REPARSE_POINT;
+
DEBUG(8,("dos_mode_msdfs returning "));
- if (result & aHIDDEN) DEBUG(8, ("h"));
- if (result & aRONLY ) DEBUG(8, ("r"));
- if (result & aSYSTEM) DEBUG(8, ("s"));
- if (result & aDIR ) DEBUG(8, ("d"));
- if (result & aARCH ) DEBUG(8, ("a"));
+ if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
+ if (result & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
+ if (result & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
+ if (result & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
+ if (result & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
if (result & FILE_ATTRIBUTE_SPARSE ) DEBUG(8, ("[sparse]"));
DEBUG(8,("\n"));
{
uint32_t dos_stat_flags = 0;
- if (dosmode & aARCH)
+ if (dosmode & FILE_ATTRIBUTE_ARCHIVE)
dos_stat_flags |= UF_DOS_ARCHIVE;
- if (dosmode & aHIDDEN)
+ if (dosmode & FILE_ATTRIBUTE_HIDDEN)
dos_stat_flags |= UF_DOS_HIDDEN;
- if (dosmode & aRONLY)
+ if (dosmode & FILE_ATTRIBUTE_READONLY)
dos_stat_flags |= UF_DOS_RO;
- if (dosmode & aSYSTEM)
+ if (dosmode & FILE_ATTRIBUTE_SYSTEM)
dos_stat_flags |= UF_DOS_SYSTEM;
if (dosmode & FILE_ATTRIBUTE_NONINDEXED)
dos_stat_flags |= UF_DOS_NOINDEX;
smb_fname_str_dbg(smb_fname)));
if (smb_fname->st.st_ex_flags & UF_DOS_ARCHIVE)
- *dosmode |= aARCH;
+ *dosmode |= FILE_ATTRIBUTE_ARCHIVE;
if (smb_fname->st.st_ex_flags & UF_DOS_HIDDEN)
- *dosmode |= aHIDDEN;
+ *dosmode |= FILE_ATTRIBUTE_HIDDEN;
if (smb_fname->st.st_ex_flags & UF_DOS_RO)
- *dosmode |= aRONLY;
+ *dosmode |= FILE_ATTRIBUTE_READONLY;
if (smb_fname->st.st_ex_flags & UF_DOS_SYSTEM)
- *dosmode |= aSYSTEM;
+ *dosmode |= FILE_ATTRIBUTE_SYSTEM;
if (smb_fname->st.st_ex_flags & UF_DOS_NOINDEX)
*dosmode |= FILE_ATTRIBUTE_NONINDEXED;
if (smb_fname->st.st_ex_flags & FILE_ATTRIBUTE_SPARSE)
*dosmode |= FILE_ATTRIBUTE_SPARSE;
if (S_ISDIR(smb_fname->st.st_ex_mode))
- *dosmode |= aDIR;
+ *dosmode |= FILE_ATTRIBUTE_DIRECTORY;
*dosmode |= set_link_read_only_flag(&smb_fname->st);
/* Only . and .. are not hidden. */
if (p[0] == '.' && !((p[1] == '\0') ||
(p[1] == '.' && p[2] == '\0'))) {
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
}
}
/* Optimization : Only call is_hidden_path if it's not already
hidden. */
- if (!(result & aHIDDEN) &&
+ if (!(result & FILE_ATTRIBUTE_HIDDEN) &&
IS_HIDDEN_PATH(conn, smb_fname->base_name)) {
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
}
if (result == 0) {
DEBUG(8,("dos_mode returning "));
- if (result & aHIDDEN) DEBUG(8, ("h"));
- if (result & aRONLY ) DEBUG(8, ("r"));
- if (result & aSYSTEM) DEBUG(8, ("s"));
- if (result & aDIR ) DEBUG(8, ("d"));
- if (result & aARCH ) DEBUG(8, ("a"));
+ if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
+ if (result & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
+ if (result & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
+ if (result & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
+ if (result & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
if (result & FILE_ATTRIBUTE_SPARSE ) DEBUG(8, ("[sparse]"));
DEBUG(8,("\n"));
&smb_fname->st.st_ex_mode);
if (S_ISDIR(smb_fname->st.st_ex_mode))
- dosmode |= aDIR;
+ dosmode |= FILE_ATTRIBUTE_DIRECTORY;
else
- dosmode &= ~aDIR;
+ dosmode &= ~FILE_ATTRIBUTE_DIRECTORY;
new_create_timespec = smb_fname->st.st_ex_btime;
if (dosmode & FILE_ATTRIBUTE_OFFLINE) {
if (!(old_mode & FILE_ATTRIBUTE_OFFLINE)) {
- lret = SMB_VFS_SET_OFFLINE(conn, smb_fname->base_name);
+ lret = SMB_VFS_SET_OFFLINE(conn, smb_fname);
if (lret == -1) {
DEBUG(0, ("set_dos_mode: client has asked to "
"set FILE_ATTRIBUTE_OFFLINE to "
unixmode |= (smb_fname->st.st_ex_mode & (S_IWUSR|S_IWGRP|S_IWOTH));
}
+ /*
+ * From the chmod 2 man page:
+ *
+ * "If the calling process is not privileged, and the group of the file
+ * does not match the effective group ID of the process or one of its
+ * supplementary group IDs, the S_ISGID bit will be turned off, but
+ * this will not cause an error to be returned."
+ *
+ * Simply refuse to do the chmod in this case.
+ */
+
+ if (S_ISDIR(smb_fname->st.st_ex_mode) && (unixmode & S_ISGID) &&
+ geteuid() != sec_initial_uid() &&
+ !current_user_in_group(conn, smb_fname->st.st_ex_gid)) {
+ DEBUG(3,("file_set_dosmode: setgid bit cannot be "
+ "set for directory %s\n",
+ smb_fname_str_dbg(smb_fname)));
+ errno = EPERM;
+ return -1;
+ }
+
ret = SMB_VFS_CHMOD(conn, smb_fname->base_name, unixmode);
if (ret == 0) {
if(!newfile || (lret != -1)) {