svn commit: samba r9952 - branches/SAMBA_3_0/source/include
branches/SAMBA_3_0/source/lib branches/SAMBA_3_0/source/smbd
trunk/source/include trunk/source/lib trunk/source/smbd
gd at samba.org
gd at samba.org
Fri Sep 2 12:53:47 GMT 2005
Author: gd
Date: 2005-09-02 12:53:46 +0000 (Fri, 02 Sep 2005)
New Revision: 9952
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9952
Log:
Adapt better to the Windows way of taking and assigning ownership:
* Users with SeRestorePrivilege may chown files to anyone (be it as a
backup software or directly using the ownership-tab in the security
acl editor on xp), while
* Users with SeTakeOwnershipPrivilege only can chown to themselves.
Simo, Jeremy. I think this is correct now.
Guenther
Modified:
branches/SAMBA_3_0/source/include/privileges.h
branches/SAMBA_3_0/source/lib/privileges.c
branches/SAMBA_3_0/source/smbd/posix_acls.c
trunk/source/include/privileges.h
trunk/source/lib/privileges.c
trunk/source/smbd/posix_acls.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/privileges.h
===================================================================
--- branches/SAMBA_3_0/source/include/privileges.h 2005-09-02 12:06:25 UTC (rev 9951)
+++ branches/SAMBA_3_0/source/include/privileges.h 2005-09-02 12:53:46 UTC (rev 9952)
@@ -70,6 +70,7 @@
extern const SE_PRIV se_disk_operators;
extern const SE_PRIV se_remote_shutdown;
extern const SE_PRIV se_restore;
+extern const SE_PRIV se_take_ownership;
/*
Modified: branches/SAMBA_3_0/source/lib/privileges.c
===================================================================
--- branches/SAMBA_3_0/source/lib/privileges.c 2005-09-02 12:06:25 UTC (rev 9951)
+++ branches/SAMBA_3_0/source/lib/privileges.c 2005-09-02 12:53:46 UTC (rev 9952)
@@ -38,6 +38,7 @@
const SE_PRIV se_disk_operators = SE_DISK_OPERATOR;
const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
const SE_PRIV se_restore = SE_RESTORE;
+const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
/********************************************************************
This is a list of privileges reported by a WIndows 2000 SP4 AD DC
Modified: branches/SAMBA_3_0/source/smbd/posix_acls.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/posix_acls.c 2005-09-02 12:06:25 UTC (rev 9951)
+++ branches/SAMBA_3_0/source/smbd/posix_acls.c 2005-09-02 12:53:46 UTC (rev 9952)
@@ -2998,7 +2998,8 @@
1) If we have root privileges, then it will just work.
2) If we have SeTakeOwnershipPrivilege we can change the user to the current user.
- 3) If we have write permission to the file and dos_filemodes is set
+ 3) If we have SeRestorePrivilege we can change the user to any other user.
+ 4) If we have write permission to the file and dos_filemodes is set
then allow chown to the currently authenticated user.
****************************************************************************/
@@ -3007,7 +3008,6 @@
int ret;
files_struct *fsp;
SMB_STRUCT_STAT st;
- SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
if(!CAN_WRITE(conn)) {
return -1;
@@ -3019,17 +3019,28 @@
if (ret == 0)
return 0;
- /* Case (2). */
- if (lp_enable_privileges() &&
- (user_has_privileges(current_user.nt_user_token,&se_take_ownership))) {
- become_root();
- /* Keep the current file gid the same - take ownership doesn't imply group change. */
- ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
- unbecome_root();
- return ret;
+ /* Case (2) / (3) */
+ if (lp_enable_privileges()) {
+
+ BOOL has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
+ &se_take_ownership);
+ BOOL has_restore_priv = user_has_privileges(current_user.nt_user_token,
+ &se_restore);
+
+ /* Case (2) */
+ if ( ( has_take_ownership_priv && ( uid == current_user.uid ) ) ||
+ /* Case (3) */
+ ( has_restore_priv ) ) {
+
+ become_root();
+ /* Keep the current file gid the same - take ownership doesn't imply group change. */
+ ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
+ unbecome_root();
+ return ret;
+ }
}
- /* Case (3). */
+ /* Case (4). */
if (!lp_dos_filemode(SNUM(conn))) {
return -1;
}
Modified: trunk/source/include/privileges.h
===================================================================
--- trunk/source/include/privileges.h 2005-09-02 12:06:25 UTC (rev 9951)
+++ trunk/source/include/privileges.h 2005-09-02 12:53:46 UTC (rev 9952)
@@ -70,6 +70,7 @@
extern const SE_PRIV se_disk_operators;
extern const SE_PRIV se_remote_shutdown;
extern const SE_PRIV se_restore;
+extern const SE_PRIV se_take_ownership;
/*
Modified: trunk/source/lib/privileges.c
===================================================================
--- trunk/source/lib/privileges.c 2005-09-02 12:06:25 UTC (rev 9951)
+++ trunk/source/lib/privileges.c 2005-09-02 12:53:46 UTC (rev 9952)
@@ -38,6 +38,7 @@
const SE_PRIV se_disk_operators = SE_DISK_OPERATOR;
const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
const SE_PRIV se_restore = SE_RESTORE;
+const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
/********************************************************************
This is a list of privileges reported by a WIndows 2000 SP4 AD DC
Modified: trunk/source/smbd/posix_acls.c
===================================================================
--- trunk/source/smbd/posix_acls.c 2005-09-02 12:06:25 UTC (rev 9951)
+++ trunk/source/smbd/posix_acls.c 2005-09-02 12:53:46 UTC (rev 9952)
@@ -2998,7 +2998,8 @@
1) If we have root privileges, then it will just work.
2) If we have SeTakeOwnershipPrivilege we can change the user to the current user.
- 3) If we have write permission to the file and dos_filemodes is set
+ 3) If we have SeRestorePrivilege we can change the user to any other user.
+ 4) If we have write permission to the file and dos_filemodes is set
then allow chown to the currently authenticated user.
****************************************************************************/
@@ -3007,7 +3008,6 @@
int ret;
files_struct *fsp;
SMB_STRUCT_STAT st;
- SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
if(!CAN_WRITE(conn)) {
return -1;
@@ -3019,17 +3019,28 @@
if (ret == 0)
return 0;
- /* Case (2). */
- if (lp_enable_privileges() &&
- (user_has_privileges(current_user.nt_user_token,&se_take_ownership))) {
- become_root();
- /* Keep the current file gid the same - take ownership doesn't imply group change. */
- ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
- unbecome_root();
- return ret;
+ /* Case (2) / (3) */
+ if (lp_enable_privileges()) {
+
+ BOOL has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
+ &se_take_ownership);
+ BOOL has_restore_priv = user_has_privileges(current_user.nt_user_token,
+ &se_restore);
+
+ /* Case (2) */
+ if ( ( has_take_ownership_priv && ( uid == current_user.uid ) ) ||
+ /* Case (3) */
+ ( has_restore_priv ) ) {
+
+ become_root();
+ /* Keep the current file gid the same - take ownership doesn't imply group change. */
+ ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
+ unbecome_root();
+ return ret;
+ }
}
- /* Case (3). */
+ /* Case (4). */
if (!lp_dos_filemode(SNUM(conn))) {
return -1;
}
More information about the samba-cvs
mailing list