return True;
}
-/****************************************************************************
- Check for POSIX group ACLs. If none use stat entry.
- Return -1 if no match, 0 if match and denied, 1 if match and allowed.
-****************************************************************************/
-
-static int check_posix_acl_group_access(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask)
-{
- SMB_ACL_T posix_acl = NULL;
- int entry_id = SMB_ACL_FIRST_ENTRY;
- SMB_ACL_ENTRY_T entry;
- int i;
- bool seen_mask = False;
- bool seen_owning_group = False;
- int ret = -1;
- gid_t cu_gid;
-
- DEBUG(10,("check_posix_acl_group_access: requesting 0x%x on file %s\n",
- (unsigned int)access_mask, fname ));
-
- if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS)) == NULL) {
- goto check_stat;
- }
-
- /* First ensure the group mask allows group access. */
- /* Also check any user entries (these take preference over group). */
-
- while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) {
- SMB_ACL_TAG_T tagtype;
- SMB_ACL_PERMSET_T permset;
- int have_write = -1;
- int have_read = -1;
-
- /* get_next... */
- if (entry_id == SMB_ACL_FIRST_ENTRY)
- entry_id = SMB_ACL_NEXT_ENTRY;
-
- if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1) {
- goto check_stat;
- }
-
- if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) {
- goto check_stat;
- }
-
- have_read = SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ);
- if (have_read == -1) {
- goto check_stat;
- }
-
- have_write = SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE);
- if (have_write == -1) {
- goto check_stat;
- }
-
- /*
- * Solaris returns 2 for this if write is available.
- * canonicalize to 0 or 1.
- */
- have_write = (have_write ? 1 : 0);
- have_read = (have_read ? 1 : 0);
-
- switch(tagtype) {
- case SMB_ACL_MASK:
- seen_mask = True;
- switch (access_mask) {
- case FILE_READ_DATA:
- if (!have_read) {
- ret = -1;
- DEBUG(10,("check_posix_acl_group_access: file %s "
- "refusing read due to mask.\n", fname));
- goto done;
- }
- break;
- case FILE_WRITE_DATA:
- if (!have_write) {
- ret = -1;
- DEBUG(10,("check_posix_acl_group_access: file %s "
- "refusing write due to mask.\n", fname));
- goto done;
- }
- break;
- default: /* FILE_READ_DATA|FILE_WRITE_DATA */
- if (!have_write || !have_read) {
- ret = -1;
- DEBUG(10,("check_posix_acl_group_access: file %s "
- "refusing read/write due to mask.\n", fname));
- goto done;
- }
- break;
- }
- break;
- case SMB_ACL_USER:
- {
- /* Check against current_user.ut.uid. */
- uid_t *puid = (uid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
- if (puid == NULL) {
- goto check_stat;
- }
- if (current_user.ut.uid == *puid) {
- /* We have a uid match but we must ensure we have seen the acl mask. */
- switch (access_mask) {
- case FILE_READ_DATA:
- ret = have_read;
- break;
- case FILE_WRITE_DATA:
- ret = have_write;
- break;
- default: /* FILE_READ_DATA|FILE_WRITE_DATA */
- ret = (have_write & have_read);
- break;
- }
- DEBUG(10,("check_posix_acl_group_access: file %s "
- "match on user %u -> %s.\n",
- fname, (unsigned int)*puid,
- ret ? "can access" : "cannot access"));
- if (seen_mask) {
- goto done;
- }
- }
- break;
- }
- default:
- continue;
- }
- }
-
- /* If ret is anything other than -1 we matched on a user entry. */
- if (ret != -1) {
- goto done;
- }
-
- /* Next check all group entries. */
- entry_id = SMB_ACL_FIRST_ENTRY;
- while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) {
- SMB_ACL_TAG_T tagtype;
- SMB_ACL_PERMSET_T permset;
- int have_write = -1;
- int have_read = -1;
-
- /* get_next... */
- if (entry_id == SMB_ACL_FIRST_ENTRY)
- entry_id = SMB_ACL_NEXT_ENTRY;
-
- if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1) {
- goto check_stat;
- }
-
- if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) {
- goto check_stat;
- }
-
- have_read = SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ);
- if (have_read == -1) {
- goto check_stat;
- }
-
- have_write = SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE);
- if (have_write == -1) {
- goto check_stat;
- }
-
- /*
- * Solaris returns 2 for this if write is available.
- * canonicalize to 0 or 1.
- */
- have_write = (have_write ? 1 : 0);
- have_read = (have_read ? 1 : 0);
-
- switch(tagtype) {
- case SMB_ACL_GROUP:
- case SMB_ACL_GROUP_OBJ:
- {
- gid_t *pgid = NULL;
-
- if (tagtype == SMB_ACL_GROUP) {
- pgid = (gid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
- } else {
- seen_owning_group = True;
- pgid = &psbuf->st_gid;
- }
- if (pgid == NULL) {
- goto check_stat;
- }
-
- /*
- * Does it match the current effective group
- * or supplementary groups ?
- */
- for (cu_gid = get_current_user_gid_first(&i); cu_gid != (gid_t)-1;
- cu_gid = get_current_user_gid_next(&i)) {
- if (cu_gid == *pgid) {
- switch (access_mask) {
- case FILE_READ_DATA:
- ret = have_read;
- break;
- case FILE_WRITE_DATA:
- ret = have_write;
- break;
- default: /* FILE_READ_DATA|FILE_WRITE_DATA */
- ret = (have_write & have_read);
- break;
- }
-
- DEBUG(10,("check_posix_acl_group_access: file %s "
- "match on group %u -> can access.\n",
- fname, (unsigned int)cu_gid ));
-
- /* If we don't have access permission this entry doesn't
- terminate the enumeration of the entries. */
- if (ret) {
- goto done;
- }
- /* But does terminate the group iteration. */
- break;
- }
- }
- break;
- }
- default:
- continue;
- }
- }
-
- /* If ret is -1 here we didn't match on the user entry or
- supplemental group entries. */
-
- DEBUG(10,("check_posix_acl_group_access: ret = %d before check_stat:\n", ret));
-
- check_stat:
-
- /*
- * We only check the S_I[RW]GRP permissions if we haven't already
- * seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an
- * SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are
- * the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ
- * bits. Thanks to Marc Cousin <mcousin@sigma.fr> for pointing
- * this out. JRA.
- */
-
- if (!seen_owning_group) {
- /* Do we match on the owning group entry ? */
- /*
- * Does it match the current effective group
- * or supplementary groups ?
- */
- for (cu_gid = get_current_user_gid_first(&i); cu_gid != (gid_t)-1;
- cu_gid = get_current_user_gid_next(&i)) {
- if (cu_gid == psbuf->st_gid) {
- switch (access_mask) {
- case FILE_READ_DATA:
- ret = (psbuf->st_mode & S_IRGRP) ? 1 : 0;
- break;
- case FILE_WRITE_DATA:
- ret = (psbuf->st_mode & S_IWGRP) ? 1 : 0;
- break;
- default: /* FILE_READ_DATA|FILE_WRITE_DATA */
- if ((psbuf->st_mode & (S_IWGRP|S_IRGRP)) == (S_IWGRP|S_IRGRP)) {
- ret = 1;
- } else {
- ret = 0;
- }
- break;
- }
- DEBUG(10,("check_posix_acl_group_access: file %s "
- "match on owning group %u -> %s.\n",
- fname, (unsigned int)psbuf->st_gid,
- ret ? "can access" : "cannot access"));
- break;
- }
- }
-
- if (cu_gid == (gid_t)-1) {
- DEBUG(10,("check_posix_acl_group_access: file %s "
- "failed to match on user or group in token (ret = %d).\n",
- fname, ret ));
- }
- }
-
- done:
-
- if (posix_acl) {
- SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
- }
-
- DEBUG(10,("check_posix_acl_group_access: file %s returning (ret = %d).\n", fname, ret ));
- return ret;
-}
-
-/****************************************************************************
- Actually emulate the in-kernel access checking for delete access. We need
- this to successfully return ACCESS_DENIED on a file open for delete access.
-****************************************************************************/
-
-bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
-{
- SMB_STRUCT_STAT sbuf;
- TALLOC_CTX *ctx = talloc_tos();
- char *dname = NULL;
- int ret;
-
- if (!CAN_WRITE(conn)) {
- return False;
- }
-
- /* Get the parent directory permission mask and owners. */
- if (!parent_dirname_talloc(ctx,
- fname,
- &dname,
- NULL)) {
- return False;
- }
- if(SMB_VFS_STAT(conn, dname, &sbuf) != 0) {
- return False;
- }
- if (!S_ISDIR(sbuf.st_mode)) {
- return False;
- }
- if (current_user.ut.uid == 0 || conn->admin_user) {
- /* I'm sorry sir, I didn't know you were root... */
- return True;
- }
-
- /* Check primary owner write access. */
- if (current_user.ut.uid == sbuf.st_uid) {
- return (sbuf.st_mode & S_IWUSR) ? True : False;
- }
-
-#ifdef S_ISVTX
- /* sticky bit means delete only by owner or root. */
- if (sbuf.st_mode & S_ISVTX) {
- SMB_STRUCT_STAT sbuf_file;
- if(SMB_VFS_STAT(conn, fname, &sbuf_file) != 0) {
- if (errno == ENOENT) {
- /* If the file doesn't already exist then
- * yes we'll be able to delete it. */
- return True;
- }
- return False;
- }
- /*
- * Patch from SATOH Fumiyasu <fumiyas@miraclelinux.com>
- * for bug #3348. Don't assume owning sticky bit
- * directory means write access allowed.
- */
- if (current_user.ut.uid != sbuf_file.st_uid) {
- return False;
- }
- }
-#endif
-
- /* Check group or explicit user acl entry write access. */
- ret = check_posix_acl_group_access(conn, dname, &sbuf, FILE_WRITE_DATA);
- if (ret == 0 || ret == 1) {
- return ret ? True : False;
- }
-
- /* Finally check other write access. */
- return (sbuf.st_mode & S_IWOTH) ? True : False;
-}
-
-/****************************************************************************
- Actually emulate the in-kernel access checking for read/write access. We need
- this to successfully check for ability to write for dos filetimes.
- Note this doesn't take into account share write permissions.
-****************************************************************************/
-
-bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask)
-{
- int ret;
-
- if (!(access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))) {
- return False;
- }
- access_mask &= (FILE_READ_DATA|FILE_WRITE_DATA);
-
- DEBUG(10,("can_access_file: requesting 0x%x on file %s\n",
- (unsigned int)access_mask, fname ));
-
- if (current_user.ut.uid == 0 || conn->admin_user) {
- /* I'm sorry sir, I didn't know you were root... */
- return True;
- }
-
- if (!VALID_STAT(*psbuf)) {
- /* Get the file permission mask and owners. */
- if(SMB_VFS_STAT(conn, fname, psbuf) != 0) {
- return False;
- }
- }
-
- /* Check primary owner access. */
- if (current_user.ut.uid == psbuf->st_uid) {
- switch (access_mask) {
- case FILE_READ_DATA:
- return (psbuf->st_mode & S_IRUSR) ? True : False;
-
- case FILE_WRITE_DATA:
- return (psbuf->st_mode & S_IWUSR) ? True : False;
-
- default: /* FILE_READ_DATA|FILE_WRITE_DATA */
-
- if ((psbuf->st_mode & (S_IWUSR|S_IRUSR)) == (S_IWUSR|S_IRUSR)) {
- return True;
- } else {
- return False;
- }
- }
- }
-
- /* Check group or explicit user acl entry access. */
- ret = check_posix_acl_group_access(conn, fname, psbuf, access_mask);
- if (ret == 0 || ret == 1) {
- return ret ? True : False;
- }
-
- /* Finally check other access. */
- switch (access_mask) {
- case FILE_READ_DATA:
- return (psbuf->st_mode & S_IROTH) ? True : False;
-
- case FILE_WRITE_DATA:
- return (psbuf->st_mode & S_IWOTH) ? True : False;
-
- default: /* FILE_READ_DATA|FILE_WRITE_DATA */
-
- if ((psbuf->st_mode & (S_IWOTH|S_IROTH)) == (S_IWOTH|S_IROTH)) {
- return True;
- }
- }
- return False;
-}
-
-/****************************************************************************
- Userspace check for write access.
- Note this doesn't take into account share write permissions.
-****************************************************************************/
-
-bool can_write_to_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf)
-{
- return can_access_file(conn, fname, psbuf, FILE_WRITE_DATA);
-}
-
/********************************************************************
Pull the NT ACL from a file on disk or the OpenEventlog() access
check. Caller is responsible for freeing the returned security
git.samba.org / obnox / samba / samba-obnox.git / blobdiff