svn commit: samba r9952 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/lib branches/SAMBA_3_0/source/smbd trunk/source/include trunk/source/lib trunk/source/smbd

gd at samba.org gd at samba.org
Fri Sep 2 12:53:47 GMT 2005 

Author: gd
Date: 2005-09-02 12:53:46 +0000 (Fri, 02 Sep 2005)
New Revision: 9952

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9952

Log:
Adapt better to the Windows way of taking and assigning ownership:

* Users with SeRestorePrivilege may chown files to anyone (be it as a
backup software or directly using the ownership-tab in the security
acl editor on xp), while

* Users with SeTakeOwnershipPrivilege only can chown to themselves.

Simo, Jeremy. I think this is correct now.

Guenther


Modified:
   branches/SAMBA_3_0/source/include/privileges.h
   branches/SAMBA_3_0/source/lib/privileges.c
   branches/SAMBA_3_0/source/smbd/posix_acls.c
   trunk/source/include/privileges.h
   trunk/source/lib/privileges.c
   trunk/source/smbd/posix_acls.c


Changeset:
Modified: branches/SAMBA_3_0/source/include/privileges.h
===================================================================
--- branches/SAMBA_3_0/source/include/privileges.h	2005-09-02 12:06:25 UTC (rev 9951)
+++ branches/SAMBA_3_0/source/include/privileges.h	2005-09-02 12:53:46 UTC (rev 9952)
@@ -70,6 +70,7 @@
 extern const SE_PRIV se_disk_operators;
 extern const SE_PRIV se_remote_shutdown;
 extern const SE_PRIV se_restore;
+extern const SE_PRIV se_take_ownership;
 
 
 /*

Modified: branches/SAMBA_3_0/source/lib/privileges.c
===================================================================
--- branches/SAMBA_3_0/source/lib/privileges.c	2005-09-02 12:06:25 UTC (rev 9951)
+++ branches/SAMBA_3_0/source/lib/privileges.c	2005-09-02 12:53:46 UTC (rev 9952)
@@ -38,6 +38,7 @@
 const SE_PRIV se_disk_operators  = SE_DISK_OPERATOR;
 const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
 const SE_PRIV se_restore         = SE_RESTORE;
+const SE_PRIV se_take_ownership  = SE_TAKE_OWNERSHIP;
 
 /********************************************************************
  This is a list of privileges reported by a WIndows 2000 SP4 AD DC

Modified: branches/SAMBA_3_0/source/smbd/posix_acls.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/posix_acls.c	2005-09-02 12:06:25 UTC (rev 9951)
+++ branches/SAMBA_3_0/source/smbd/posix_acls.c	2005-09-02 12:53:46 UTC (rev 9952)
@@ -2998,7 +2998,8 @@
 
   1) If we have root privileges, then it will just work.
   2) If we have SeTakeOwnershipPrivilege we can change the user to the current user.
-  3) If we have write permission to the file and dos_filemodes is set
+  3) If we have SeRestorePrivilege we can change the user to any other user. 
+  4) If we have write permission to the file and dos_filemodes is set
      then allow chown to the currently authenticated user.
 ****************************************************************************/
 
@@ -3007,7 +3008,6 @@
 	int ret;
 	files_struct *fsp;
 	SMB_STRUCT_STAT st;
-	SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
 
 	if(!CAN_WRITE(conn)) {
 		return -1;
@@ -3019,17 +3019,28 @@
 	if (ret == 0)
 		return 0;
 
-	/* Case (2). */
-	if (lp_enable_privileges() &&
-			(user_has_privileges(current_user.nt_user_token,&se_take_ownership))) {
-		become_root();
-		/* Keep the current file gid the same - take ownership doesn't imply group change. */
-		ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
-		unbecome_root();
-		return ret;
+	/* Case (2) / (3) */
+	if (lp_enable_privileges()) {
+
+		BOOL has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
+							      &se_take_ownership);
+		BOOL has_restore_priv = user_has_privileges(current_user.nt_user_token,
+						       &se_restore);
+
+		/* Case (2) */
+		if ( ( has_take_ownership_priv && ( uid == current_user.uid ) ) ||
+		/* Case (3) */
+		     ( has_restore_priv ) ) {
+
+			become_root();
+			/* Keep the current file gid the same - take ownership doesn't imply group change. */
+			ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
+			unbecome_root();
+			return ret;
+		}
 	}
 
-	/* Case (3). */
+	/* Case (4). */
 	if (!lp_dos_filemode(SNUM(conn))) {
 		return -1;
 	}

Modified: trunk/source/include/privileges.h
===================================================================
--- trunk/source/include/privileges.h	2005-09-02 12:06:25 UTC (rev 9951)
+++ trunk/source/include/privileges.h	2005-09-02 12:53:46 UTC (rev 9952)
@@ -70,6 +70,7 @@
 extern const SE_PRIV se_disk_operators;
 extern const SE_PRIV se_remote_shutdown;
 extern const SE_PRIV se_restore;
+extern const SE_PRIV se_take_ownership;
 
 
 /*

Modified: trunk/source/lib/privileges.c
===================================================================
--- trunk/source/lib/privileges.c	2005-09-02 12:06:25 UTC (rev 9951)
+++ trunk/source/lib/privileges.c	2005-09-02 12:53:46 UTC (rev 9952)
@@ -38,6 +38,7 @@
 const SE_PRIV se_disk_operators  = SE_DISK_OPERATOR;
 const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
 const SE_PRIV se_restore         = SE_RESTORE;
+const SE_PRIV se_take_ownership  = SE_TAKE_OWNERSHIP;
 
 /********************************************************************
  This is a list of privileges reported by a WIndows 2000 SP4 AD DC

Modified: trunk/source/smbd/posix_acls.c
===================================================================
--- trunk/source/smbd/posix_acls.c	2005-09-02 12:06:25 UTC (rev 9951)
+++ trunk/source/smbd/posix_acls.c	2005-09-02 12:53:46 UTC (rev 9952)
@@ -2998,7 +2998,8 @@
 
   1) If we have root privileges, then it will just work.
   2) If we have SeTakeOwnershipPrivilege we can change the user to the current user.
-  3) If we have write permission to the file and dos_filemodes is set
+  3) If we have SeRestorePrivilege we can change the user to any other user. 
+  4) If we have write permission to the file and dos_filemodes is set
      then allow chown to the currently authenticated user.
 ****************************************************************************/
 
@@ -3007,7 +3008,6 @@
 	int ret;
 	files_struct *fsp;
 	SMB_STRUCT_STAT st;
-	SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
 
 	if(!CAN_WRITE(conn)) {
 		return -1;
@@ -3019,17 +3019,28 @@
 	if (ret == 0)
 		return 0;
 
-	/* Case (2). */
-	if (lp_enable_privileges() &&
-			(user_has_privileges(current_user.nt_user_token,&se_take_ownership))) {
-		become_root();
-		/* Keep the current file gid the same - take ownership doesn't imply group change. */
-		ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
-		unbecome_root();
-		return ret;
+	/* Case (2) / (3) */
+	if (lp_enable_privileges()) {
+
+		BOOL has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
+							      &se_take_ownership);
+		BOOL has_restore_priv = user_has_privileges(current_user.nt_user_token,
+						       &se_restore);
+
+		/* Case (2) */
+		if ( ( has_take_ownership_priv && ( uid == current_user.uid ) ) ||
+		/* Case (3) */
+		     ( has_restore_priv ) ) {
+
+			become_root();
+			/* Keep the current file gid the same - take ownership doesn't imply group change. */
+			ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
+			unbecome_root();
+			return ret;
+		}
 	}
 
-	/* Case (3). */
+	/* Case (4). */
 	if (!lp_dos_filemode(SNUM(conn))) {
 		return -1;
 	}

More information about the samba-cvs mailing list