struct security_descriptor_hash_v4 sd_hs4;
enum ndr_err_code ndr_err;
TALLOC_CTX *ctx = talloc_tos();
- NTTIME nttime_now;
- struct timeval now = timeval_current();
- nttime_now = timeval_to_nttime(&now);
ZERO_STRUCT(xacl);
ZERO_STRUCT(sd_hs4);
xacl.info.sd_hs4->hash_type = hash_type;
memcpy(&xacl.info.sd_hs4->hash[0], hash, XATTR_SD_HASH_SIZE);
xacl.info.sd_hs4->description = description;
- xacl.info.sd_hs4->time = nttime_now;
memcpy(&xacl.info.sd_hs4->sys_acl_hash[0], sys_acl_hash, XATTR_SD_HASH_SIZE);
ndr_err = ndr_push_struct_blob(
} else {
/*
* make_sec_acl() at the bottom of this function
- * dupliates new_ace_list
+ * duplicates new_ace_list
*/
new_ace_list = talloc_zero_array(talloc_tos(),
struct security_ace,
* and psd_from_fs set to false.
*
* Returning the underlying filesystem ACL in case no. 2 is really just an
- * optimisation, because some validations have to fetch the filesytem ACL as
+ * optimisation, because some validations have to fetch the filesystem ACL as
* part of the validation, so we already have it available and callers might
* need it as well.
**/
static NTSTATUS validate_nt_acl_blob(TALLOC_CTX *mem_ctx,
- vfs_handle_struct *handle,
- files_struct *fsp,
- const struct smb_filename *smb_fname,
- const DATA_BLOB *blob,
- struct security_descriptor **ppsd,
- bool *psd_is_from_fs)
+ vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ const DATA_BLOB *blob,
+ struct security_descriptor **ppsd,
+ bool *psd_is_from_fs)
{
NTSTATUS status;
uint16_t hash_type = XATTR_SD_HASH_TYPE_NONE;
switch (xattr_version) {
case 1:
case 2:
- /* These xattr types are unilatteral, they do not
+ /* These xattr types are unilateral, they do not
* require confirmation of the hash. In particular,
* the NTVFS file server uses version 1, but
* 'samba-tool ntacl' can set these as well */
case 4:
{
int ret;
- if (fsp) {
- /* Get the full underlying sd, then hash. */
- ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle,
- fsp,
- mem_ctx,
- &sys_acl_blob_description,
- &sys_acl_blob);
- } else {
- /* Get the full underlying sd, then hash. */
- ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle,
- smb_fname,
- mem_ctx,
- &sys_acl_blob_description,
- &sys_acl_blob);
- }
-
+ /* Get the full underlying sd, then hash. */
+ ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle,
+ fsp,
+ mem_ctx,
+ &sys_acl_blob_description,
+ &sys_acl_blob);
/* If we fail to get the ACL blob (for some reason) then this
* is not fatal, we just work based on the NT ACL only */
if (ret == 0) {
case 3:
/* Get the full underlying sd for the hash
or to return as backup. */
- if (fsp) {
- status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
- fsp,
- HASH_SECURITY_INFO,
- mem_ctx,
- &psd_fs);
- } else {
- status = SMB_VFS_NEXT_GET_NT_ACL(handle,
- smb_fname,
- HASH_SECURITY_INFO,
- mem_ctx,
- &psd_fs);
- }
-
+ status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
+ fsp,
+ HASH_SECURITY_INFO,
+ mem_ctx,
+ &psd_fs);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("get_next_acl for file %s returned %s\n",
smb_fname->base_name, nt_errstr(status));
status = fget_acl_blob_fn(mem_ctx, handle, fsp, &blob);
if (NT_STATUS_IS_OK(status)) {
status = validate_nt_acl_blob(mem_ctx,
- handle,
- fsp,
- smb_fname,
- &blob,
- &psd,
- &psd_is_from_fs);
+ handle,
+ fsp,
+ smb_fname,
+ &blob,
+ &psd,
+ &psd_is_from_fs);
TALLOC_FREE(blob.data);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("ACL validation for [%s] failed\n",
return status;
}
-/*******************************************************************
- Pull a DATA_BLOB from an xattr given a pathname.
- If the hash doesn't match, or doesn't exist - return the underlying
- filesystem sd.
-*******************************************************************/
-
-NTSTATUS get_nt_acl_common_at(
- NTSTATUS (*get_acl_blob_at_fn)(TALLOC_CTX *ctx,
- vfs_handle_struct *handle,
- struct files_struct *dirfsp,
- const struct smb_filename *smb_fname,
- DATA_BLOB *pblob),
- vfs_handle_struct *handle,
- struct files_struct *dirfsp,
- const struct smb_filename *smb_fname_in,
- uint32_t security_info,
- TALLOC_CTX *mem_ctx,
- struct security_descriptor **ppdesc)
-{
- DATA_BLOB blob = data_blob_null;
- NTSTATUS status;
- struct security_descriptor *psd = NULL;
- bool psd_is_from_fs = false;
- struct acl_common_config *config = NULL;
-
- SMB_VFS_HANDLE_GET_DATA(handle, config,
- struct acl_common_config,
- return NT_STATUS_UNSUCCESSFUL);
-
- DBG_DEBUG("name=%s\n", smb_fname_in->base_name);
-
- status = get_acl_blob_at_fn(mem_ctx,
- handle,
- dirfsp,
- smb_fname_in,
- &blob);
- if (NT_STATUS_IS_OK(status)) {
- status = validate_nt_acl_blob(mem_ctx,
- handle,
- NULL,
- smb_fname_in,
- &blob,
- &psd,
- &psd_is_from_fs);
- TALLOC_FREE(blob.data);
- if (!NT_STATUS_IS_OK(status)) {
- DBG_DEBUG("ACL validation for [%s] failed\n",
- smb_fname_in->base_name);
- goto fail;
- }
- }
-
- if (psd == NULL) {
- /* Get the full underlying sd, as we failed to get the
- * blob for the hash, or the revision/hash type wasn't
- * known */
-
- if (config->ignore_system_acls) {
- SMB_STRUCT_STAT sbuf;
- int ret;
-
- ret = vfs_stat_smb_basename(handle->conn,
- smb_fname_in,
- &sbuf);
- if (ret == -1) {
- status = map_nt_error_from_unix(errno);
- goto fail;
- }
-
- status = make_default_filesystem_acl(
- mem_ctx,
- config->default_acl_style,
- smb_fname_in->base_name,
- &sbuf,
- &psd);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
- } else {
- status = SMB_VFS_NEXT_GET_NT_ACL(handle,
- smb_fname_in,
- security_info,
- mem_ctx,
- &psd);
-
- if (!NT_STATUS_IS_OK(status)) {
- DBG_DEBUG("get_next_acl for file %s "
- "returned %s\n",
- smb_fname_in->base_name,
- nt_errstr(status));
- goto fail;
- }
-
- psd_is_from_fs = true;
- }
- }
-
- if (psd_is_from_fs) {
- SMB_STRUCT_STAT sbuf;
- bool is_directory = false;
- int ret;
-
- /*
- * We're returning the underlying ACL from the
- * filesystem. If it's a directory, and has no
- * inheritable ACE entries we have to fake them.
- */
-
- ret = vfs_stat_smb_basename(handle->conn,
- smb_fname_in,
- &sbuf);
- if (ret == -1) {
- status = map_nt_error_from_unix(errno);
- goto fail;
- }
-
- is_directory = S_ISDIR(sbuf.st_ex_mode);
-
- if (is_directory && !sd_has_inheritable_components(psd, true)) {
- status = add_directory_inheritable_components(
- handle,
- smb_fname_in->base_name,
- &sbuf,
- psd);
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
- }
-
- /*
- * The underlying POSIX module always sets the
- * ~SEC_DESC_DACL_PROTECTED bit, as ACLs can't be inherited in
- * this way under POSIX. Remove it for Windows-style ACLs.
- */
- psd->type &= ~SEC_DESC_DACL_PROTECTED;
- }
-
- if (!(security_info & SECINFO_OWNER)) {
- psd->owner_sid = NULL;
- }
- if (!(security_info & SECINFO_GROUP)) {
- psd->group_sid = NULL;
- }
- if (!(security_info & SECINFO_DACL)) {
- psd->type &= ~SEC_DESC_DACL_PRESENT;
- psd->dacl = NULL;
- }
- if (!(security_info & SECINFO_SACL)) {
- psd->type &= ~SEC_DESC_SACL_PRESENT;
- psd->sacl = NULL;
- }
-
- if (DEBUGLEVEL >= 10) {
- DBG_DEBUG("returning acl for %s is:\n",
- smb_fname_in->base_name);
- NDR_PRINT_DEBUG(security_descriptor, psd);
- }
-
- *ppdesc = psd;
-
- return NT_STATUS_OK;
-
-fail:
- TALLOC_FREE(psd);
- return status;
-}
-
/*********************************************************************
Set the underlying ACL (e.g. POSIX ACLS, POSIX owner, etc)
*********************************************************************/
/* We got access denied here. If we're already root,
or we didn't need to do a chown, or the fsp isn't
open with WRITE_OWNER access, just return. */
- if (get_current_uid(handle->conn) == 0 || chown_needed == false ||
- !(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+ if (get_current_uid(handle->conn) == 0 || !chown_needed) {
return NT_STATUS_ACCESS_DENIED;
}
+ status = check_any_access_fsp(fsp, SEC_STD_WRITE_OWNER);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
/*
* Only allow take-ownership, not give-ownership. That's the way Windows
TALLOC_CTX *frame = talloc_stackframe();
bool ignore_file_system_acl = lp_parm_bool(
SNUM(handle->conn), module_name, "ignore system acls", false);
+ struct acl_common_fsp_ext *ext = NULL;
if (DEBUGLEVEL >= 10) {
DBG_DEBUG("incoming sd for file %s\n", fsp_str_dbg(fsp));
psd->type |= SEC_DESC_SACL_PRESENT;
}
+ ext = VFS_ADD_FSP_EXTENSION(handle,
+ fsp,
+ struct acl_common_fsp_ext,
+ NULL);
+ ext->setting_nt_acl = true;
+
if (ignore_file_system_acl) {
if (chown_needed) {
/* send only ownership stuff to lower layer */
status = set_underlying_acl(handle, fsp, psd,
security_info_sent, true);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(frame);
- return status;
+ goto done;
}
}
ZERO_ARRAY(hash);
status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
NULL, hash);
-
- TALLOC_FREE(frame);
- return status;
+ goto done;
}
status = set_underlying_acl(handle, fsp, psd, security_info_sent,
chown_needed);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(frame);
- return status;
+ goto done;
}
/* Get the full underlying sd, then hash. */
&pdesc_next);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(frame);
- return status;
+ goto done;
}
status = hash_sd_sha256(pdesc_next, hash);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(frame);
- return status;
+ goto done;
}
/* Get the full underlying sd, then hash. */
status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
pdesc_next, hash);
- TALLOC_FREE(frame);
- return status;
+ goto done;
}
status = hash_blob_sha256(sys_acl_blob, sys_acl_hash);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(frame);
- return status;
+ goto done;
}
if (DEBUGLEVEL >= 10) {
}
/* We store hashes of both the sys ACL blob and the NT
- * security desciptor mapped from that ACL so as to improve
- * our chances against some inadvertant change breaking the
+ * security descriptor mapped from that ACL so as to improve
+ * our chances against some inadvertent change breaking the
* hash used */
status = create_sys_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash,
sys_acl_description, sys_acl_hash);
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("create_sys_acl_blob failed\n");
- TALLOC_FREE(frame);
- return status;
+ goto done;
}
status = store_acl_blob_fsp_fn(handle, fsp, &blob);
+done:
+ VFS_REMOVE_FSP_EXTENSION(handle, fsp);
TALLOC_FREE(frame);
return status;
}
static int acl_common_remove_object(vfs_handle_struct *handle,
+ struct files_struct *dirfsp,
const struct smb_filename *smb_fname,
bool is_directory)
{
struct file_id id;
files_struct *fsp = NULL;
int ret = 0;
+ struct smb_filename *full_fname = NULL;
struct smb_filename *local_fname = NULL;
struct smb_filename *parent_dir_fname = NULL;
int saved_errno = 0;
struct smb_filename *saved_dir_fname = NULL;
- bool ok;
+ NTSTATUS status;
saved_dir_fname = vfs_GetWd(talloc_tos(),conn);
if (saved_dir_fname == NULL) {
goto out;
}
- ok = parent_smb_fname(talloc_tos(),
- smb_fname,
- &parent_dir_fname,
- &local_fname);
- if (!ok) {
- saved_errno = ENOMEM;
+ full_fname = full_path_from_dirfsp_atname(talloc_tos(),
+ dirfsp,
+ smb_fname);
+ if (full_fname == NULL) {
+ goto out;
+ }
+
+ status = SMB_VFS_PARENT_PATHNAME(conn,
+ talloc_tos(),
+ full_fname,
+ &parent_dir_fname,
+ &local_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+ saved_errno = map_errno_from_nt_status(status);
goto out;
}
- DBG_DEBUG("removing %s %s/%s\n", is_directory ? "directory" : "file",
- smb_fname_str_dbg(parent_dir_fname),
- smb_fname_str_dbg(local_fname));
+ DBG_DEBUG("removing %s %s\n", is_directory ? "directory" : "file",
+ smb_fname_str_dbg(full_fname));
/* cd into the parent dir to pin it. */
ret = vfs_ChDir(conn, parent_dir_fname);
/* Ensure we have this file open with DELETE access. */
id = vfs_file_id_from_sbuf(conn, &local_fname->st);
- for (fsp = file_find_di_first(conn->sconn, id); fsp;
- fsp = file_find_di_next(fsp)) {
+ for (fsp = file_find_di_first(conn->sconn, id, true); fsp;
+ fsp = file_find_di_next(fsp, true)) {
if (fsp->access_mask & DELETE_ACCESS &&
fsp->fsp_flags.delete_on_close)
{
}
if (!fsp) {
- DBG_DEBUG("%s %s/%s not an open file\n",
+ DBG_DEBUG("%s %s not an open file\n",
is_directory ? "directory" : "file",
- smb_fname_str_dbg(parent_dir_fname),
- smb_fname_str_dbg(local_fname));
+ smb_fname_str_dbg(full_fname));
saved_errno = EACCES;
goto out;
}
become_root();
if (is_directory) {
ret = SMB_VFS_NEXT_UNLINKAT(handle,
- conn->cwd_fsp,
- local_fname,
+ dirfsp,
+ smb_fname,
AT_REMOVEDIR);
} else {
ret = SMB_VFS_NEXT_UNLINKAT(handle,
- conn->cwd_fsp,
- local_fname,
+ dirfsp,
+ smb_fname,
0);
}
unbecome_root();
out:
TALLOC_FREE(parent_dir_fname);
+ TALLOC_FREE(full_fname);
if (saved_dir_fname) {
vfs_ChDir(conn, saved_dir_fname);
/* Failed due to access denied,
see if we need to root override. */
return acl_common_remove_object(handle,
+ dirfsp,
smb_fname,
true);
}
return -1;
}
return acl_common_remove_object(handle,
+ dirfsp,
smb_fname,
false);
}
return -1;
}
-int chmod_acl_module_common(struct vfs_handle_struct *handle,
- const struct smb_filename *smb_fname,
- mode_t mode)
-{
- if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
- /* Only allow this on POSIX pathnames. */
- return SMB_VFS_NEXT_CHMOD(handle, smb_fname, mode);
- }
- return 0;
-}
-
int fchmod_acl_module_common(struct vfs_handle_struct *handle,
struct files_struct *fsp, mode_t mode)
{
- if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
+ if (fsp->posix_flags & FSP_POSIX_FLAGS_PATHNAMES
+ || fsp->fsp_name->flags & SMB_FILENAME_POSIX_PATH) {
/* Only allow this on POSIX opens. */
return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
}