[SCM] Samba Shared Repository - branch v3-5-test updated
Karolin Seeger
kseeger at samba.org
Wed Nov 24 10:13:58 MST 2010
The branch, v3-5-test has been updated
via 941129f Fix our privileges code to display privileges with the "high" 32-bit value set.
via f11da60 Add SeSecurityPrivilige.
via 117d14f Ensure we have correct parameters to use Windows ACL modules.
via 7c892ed Add acl_xattr:ignore system acls boolean (normally false) to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set).
via 2d84fce Add make_default_filesystem_acl() function to be used in following change to acl_xattr and acl_tdb module.
via 84b2a3d Fix handling of "NULL" DACL. Map to u/g/w - rwx.
via 3fcceb6 Fix "force unknown ACL user" to strip out foreign SIDs from POSIX ACLs if they can't be mapped.
via 514e3e7 Add debug message to get_nt_acl_internal() to see what we got.
via 9b615ce Fix valgrind "uninitialized read" error on "info" when returning !NT_STATUS_OK.
via e675462 Fix bug #7734 - When creating files with "inherit ACLs" set to true, we neglect to apply appropriate create masks.
via 6b4141e Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated.
via fe5b8a9 Make the vfs_acl_xattr and other modules work with NULL SD's. Fix the "protected" inheritance problem (bleeding up from the POSIX layer).
via b01501a Canonicalize incoming and outgoing ACLs.
via 09ee42d Make the posix ACL module cope with a NULL incoming DACL and a missing owner/group.
from ff6c598 Fix bug #7785 - atime limit.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit 941129fb70261d4871de4804a81ce82e23d9d0f7
Author: Jeremy Allison <jra at samba.org>
Date: Wed Nov 17 15:58:15 2010 -0800
Fix our privileges code to display privileges with the "high" 32-bit value set.
SeSecurityPrivilege is the first LUID we have added that has a non-zero
"high" value, ensure our LUID code correctly supports it.
Jeremy.
The last 14 patches address bug #7716 (acl_xattr and acl_tdb modules don't store
unmodified copies of security descriptors).
commit f11da60f3189bc70eb82259435e108f40b2bb333
Author: Jeremy Allison <jra at samba.org>
Date: Thu Nov 18 16:13:28 2010 -0800
Add SeSecurityPrivilige.
Jeremy.
commit 117d14f108cded28ac2868d5040f633856cca923
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 16:14:28 2010 -0700
Ensure we have correct parameters to use Windows ACL modules.
commit 7c892ed58f816985e58b9cef2ff4cd2a81d16995
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 17:28:58 2010 -0700
Add acl_xattr:ignore system acls boolean (normally false) to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set).
Jeremy.
commit 2d84fce8f20c4eac70b02f0fc4333b15e278edfc
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 16:04:53 2010 -0700
Add make_default_filesystem_acl() function to be used in following change to acl_xattr and acl_tdb module.
commit 84b2a3d013390c01ef27d10085a0bf10137c857f
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 15:56:31 2010 -0700
Fix handling of "NULL" DACL. Map to u/g/w - rwx.
commit 3fcceb6c5ae55f5e3a66f71e44b5caa665596832
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 17:23:13 2010 -0700
Fix "force unknown ACL user" to strip out foreign SIDs from POSIX ACLs if they can't be mapped.
commit 514e3e786f999979f9fd85a9c08de9e06e50938b
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 14:55:52 2010 -0700
Add debug message to get_nt_acl_internal() to see what we got.
commit 9b615ce8706f4f4c59055fe155446f1fdac36323
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 14:54:19 2010 -0700
Fix valgrind "uninitialized read" error on "info" when returning !NT_STATUS_OK.
commit e675462b3cfc53d7fe0c6e07c13a386599c5afd9
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 15 14:12:04 2010 -0700
Fix bug #7734 - When creating files with "inherit ACLs" set to true, we neglect to apply appropriate create masks.
Jeremy.
(cherry picked from commit 8cad5e23b6e2440a566def6fb138d484e3b47643)
commit 6b4141e92151adaa0d2ef036657783a99ef517c6
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 15 13:30:07 2010 -0700
Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated.
It turns out a client can send an NTCreateX call for a new file, but specify
FILE_ATTRIBUTE_DIRECTORY in the attribute list. Windows silently strips this,
but we don't - causing the unix_mode() function to go through the "mode bits
for new directory" codepath, instead of the "mode bits for new file" codepath.
Jeremy.
(cherry picked from commit 92adb686372a9b67e47efb5b051bc351212f1780)
commit fe5b8a9dc994d3020537f4e68f2105c806cd103b
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 17:18:45 2010 -0700
Make the vfs_acl_xattr and other modules work with NULL SD's. Fix the "protected" inheritance problem (bleeding up from the POSIX layer).
Jeremy
commit b01501af60d364ce7e7c96b7e4b93502c453ac6d
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 17:11:17 2010 -0700
Canonicalize incoming and outgoing ACLs.
Jeremy.
commit 09ee42d774c0b0f8cf9a67feb80426c19b4ce24c
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 22 17:07:10 2010 -0700
Make the posix ACL module cope with a NULL incoming DACL and a missing owner/group.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/include/privileges.h | 2 +
source3/include/proto.h | 4 +
source3/lib/privileges_basic.c | 29 ++++---
source3/lib/util_seaccess.c | 6 +-
source3/modules/vfs_acl_common.c | 119 +++++++++++++++++------------
source3/modules/vfs_acl_tdb.c | 8 ++-
source3/modules/vfs_acl_xattr.c | 14 ++-
source3/modules/vfs_default.c | 2 +-
source3/smbd/nttrans.c | 75 +++++++++++++++++-
source3/smbd/open.c | 39 ++++-----
source3/smbd/posix_acls.c | 159 ++++++++++++++++++++++++++++++++++++++
11 files changed, 359 insertions(+), 98 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/privileges.h b/source3/include/privileges.h
index 57d3fc0..9267310 100644
--- a/source3/include/privileges.h
+++ b/source3/include/privileges.h
@@ -59,6 +59,7 @@ typedef struct {
#define SE_BACKUP { { 0x00000200, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_RESTORE { { 0x00000400, 0x00000000, 0x00000000, 0x00000000 } }
#define SE_TAKE_OWNERSHIP { { 0x00000800, 0x00000000, 0x00000000, 0x00000000 } }
+#define SE_SECURITY { { 0x00001000, 0x00000000, 0x00000000, 0x00000000 } }
/* defined in lib/privilegs_basic.c */
@@ -72,6 +73,7 @@ extern const SE_PRIV se_disk_operators;
extern const SE_PRIV se_remote_shutdown;
extern const SE_PRIV se_restore;
extern const SE_PRIV se_take_ownership;
+extern const SE_PRIV se_security;
/*
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 3d06c31..bd5119f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6767,6 +6767,10 @@ bool set_unix_posix_default_acl(connection_struct *conn, const char *fname,
uint16 num_def_acls, const char *pdata);
bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata);
SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname);
+NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
+ const char *name,
+ SMB_STRUCT_STAT *psbuf,
+ SEC_DESC **ppdesc);
/* The following definitions come from smbd/process.c */
diff --git a/source3/lib/privileges_basic.c b/source3/lib/privileges_basic.c
index 323983b..8d52c90 100644
--- a/source3/lib/privileges_basic.c
+++ b/source3/lib/privileges_basic.c
@@ -46,6 +46,7 @@ const SE_PRIV se_disk_operators = SE_DISK_OPERATOR;
const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
const SE_PRIV se_restore = SE_RESTORE;
const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
+const SE_PRIV se_security = SE_SECURITY;
/********************************************************************
This is a list of privileges reported by a WIndows 2000 SP4 AD DC
@@ -98,6 +99,7 @@ PRIVS privs[] = {
{SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service", { 0x0, 0x0 }},
#endif
{SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain", { 0x0, 0x0006 }},
+ {SE_SECURITY, "SeSecurityPrivilege", "Manage auditing and security log", { 0x0, 0x0008 }},
{SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects",{ 0x0, 0x0009 }},
{SE_BACKUP, "SeBackupPrivilege", "Back up files and directories", { 0x0, 0x0011 }},
{SE_RESTORE, "SeRestorePrivilege", "Restore files and directories", { 0x0, 0x0012 }},
@@ -107,6 +109,7 @@ PRIVS privs[] = {
{SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain", { 0x0, 0x1002 }},
{SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares", { 0x0, 0x1003 }},
+
{SE_END, "", "", { 0x0, 0x0 }}
};
@@ -192,6 +195,15 @@ bool se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 )
}
/***************************************************************************
+ check if 2 LUID's are equal.
+****************************************************************************/
+
+static bool luid_equal( const LUID *luid1, const LUID *luid2 )
+{
+ return ( luid1->low == luid2->low && luid1->high == luid2->high);
+}
+
+/***************************************************************************
check if a SE_PRIV has any assigned privileges
****************************************************************************/
@@ -406,11 +418,8 @@ const char *luid_to_privilege_name(const LUID *set)
{
int i;
- if (set->high != 0)
- return NULL;
-
for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) {
- if ( set->low == privs[i].luid.low ) {
+ if (luid_equal(set, &privs[i].luid)) {
return privs[i].name;
}
}
@@ -477,9 +486,13 @@ static bool luid_to_se_priv( struct lsa_LUID *luid, SE_PRIV *mask )
{
int i;
uint32 num_privs = count_all_privileges();
+ LUID local_luid;
+
+ local_luid.low = luid->low;
+ local_luid.high = luid->high;
for ( i=0; i<num_privs; i++ ) {
- if ( luid->low == privs[i].luid.low ) {
+ if (luid_equal(&local_luid, &privs[i].luid)) {
se_priv_copy( mask, &privs[i].se_priv );
return True;
}
@@ -500,12 +513,6 @@ bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset )
for ( i=0; i<privset->count; i++ ) {
SE_PRIV r;
- /* sanity check for invalid privilege. we really
- only care about the low 32 bits */
-
- if ( privset->set[i].luid.high != 0 )
- return False;
-
if ( luid_to_se_priv( &privset->set[i].luid, &r ) )
se_priv_add( mask, &r );
}
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 0da7442..369f684 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -179,17 +179,13 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
bits_remaining));
}
-#if 0
- /* We need to support SeSecurityPrivilege for this. */
-
if (access_desired & SEC_FLAG_SYSTEM_SECURITY) {
- if (user_has_privileges(token, &sec_security)) {
+ if (user_has_privileges(token, &se_security)) {
bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
} else {
return NT_STATUS_PRIVILEGE_NOT_HELD;
}
}
-#endif
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index abc4a62..c91765c 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -254,6 +254,10 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
uint8_t hash_tmp[XATTR_SD_HASH_SIZE];
struct security_descriptor *psd = NULL;
struct security_descriptor *pdesc_next = NULL;
+ bool ignore_file_system_acl = lp_parm_bool(SNUM(handle->conn),
+ ACL_MODULE_NAME,
+ "ignore system acls",
+ false);
if (fsp && name == NULL) {
name = fsp->fsp_name->base_name;
@@ -317,6 +321,9 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
goto out;
}
+ if (ignore_file_system_acl) {
+ goto out;
+ }
status = hash_sd_sha256(pdesc_next, hash_tmp);
if (!NT_STATUS_IS_OK(status)) {
@@ -327,6 +334,9 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
if (memcmp(&hash[0], &hash_tmp[0], XATTR_SD_HASH_SIZE) == 0) {
/* Hash matches, return blob sd. */
+ DEBUG(10, ("get_nt_acl_internal: blob hash "
+ "matches for file %s\n",
+ name ));
goto out;
}
@@ -350,22 +360,44 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
* inheritable ACE entries we have to fake them.
*/
if (fsp) {
- is_directory = fsp->is_directory;
+ status = vfs_stat_fsp(fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
psbuf = &fsp->fsp_name->st;
} else {
- if (vfs_stat_smb_fname(handle->conn,
+ int ret = vfs_stat_smb_fname(handle->conn,
name,
- &sbuf) == 0) {
- is_directory = S_ISDIR(sbuf.st_ex_mode);
+ &sbuf);
+ if (ret == -1) {
+ return map_nt_error_from_unix(errno);
}
}
- if (is_directory &&
+ is_directory = S_ISDIR(sbuf.st_ex_mode);
+
+ if (ignore_file_system_acl) {
+ TALLOC_FREE(pdesc_next);
+ status = make_default_filesystem_acl(talloc_tos(),
+ name,
+ psbuf,
+ &psd);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ } else {
+ if (is_directory &&
!sd_has_inheritable_components(psd,
true)) {
- add_directory_inheritable_components(handle,
+ add_directory_inheritable_components(handle,
name,
psbuf,
psd);
+ }
+ /* The underlying POSIX module always sets
+ the ~SEC_DESC_DACL_PROTECTED bit, as ACLs
+ can't be inherited in this way under POSIX.
+ Remove it for Windows-style ACLs. */
+ psd->type &= ~SEC_DESC_DACL_PROTECTED;
}
}
@@ -384,6 +416,13 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
TALLOC_FREE(blob.data);
*ppdesc = psd;
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("get_nt_acl_internal: returning acl for %s is:\n",
+ name ));
+ NDR_PRINT_DEBUG(security_descriptor, psd);
+ }
+
return NT_STATUS_OK;
}
@@ -660,61 +699,41 @@ static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
*********************************************************************/
static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
- uint32_t security_info_sent, const struct security_descriptor *psd)
+ uint32_t security_info_sent, const struct security_descriptor *orig_psd)
{
NTSTATUS status;
DATA_BLOB blob;
struct security_descriptor *pdesc_next = NULL;
+ struct security_descriptor *psd = NULL;
uint8_t hash[XATTR_SD_HASH_SIZE];
if (DEBUGLEVEL >= 10) {
DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n",
fsp_str_dbg(fsp)));
NDR_PRINT_DEBUG(security_descriptor,
- CONST_DISCARD(struct security_descriptor *,psd));
+ CONST_DISCARD(struct security_descriptor *,orig_psd));
}
- /* Ensure we have OWNER/GROUP/DACL set. */
-
- if ((security_info_sent & (OWNER_SECURITY_INFORMATION|
- GROUP_SECURITY_INFORMATION|
- DACL_SECURITY_INFORMATION)) !=
- (OWNER_SECURITY_INFORMATION|
- GROUP_SECURITY_INFORMATION|
- DACL_SECURITY_INFORMATION)) {
- /* No we don't - read from the existing SD. */
- struct security_descriptor *nc_psd = NULL;
-
- status = get_nt_acl_internal(handle, fsp,
- NULL,
- (OWNER_SECURITY_INFORMATION|
- GROUP_SECURITY_INFORMATION|
- DACL_SECURITY_INFORMATION),
- &nc_psd);
-
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- /* This is safe as nc_psd is discarded at fn exit. */
- if (security_info_sent & OWNER_SECURITY_INFORMATION) {
- nc_psd->owner_sid = psd->owner_sid;
- }
- security_info_sent |= OWNER_SECURITY_INFORMATION;
+ status = get_nt_acl_internal(handle, fsp,
+ NULL,
+ SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL,
+ &psd);
- if (security_info_sent & GROUP_SECURITY_INFORMATION) {
- nc_psd->group_sid = psd->group_sid;
- }
- security_info_sent |= GROUP_SECURITY_INFORMATION;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- if (security_info_sent & DACL_SECURITY_INFORMATION) {
- nc_psd->dacl = dup_sec_acl(talloc_tos(), psd->dacl);
- if (nc_psd->dacl == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- }
- security_info_sent |= DACL_SECURITY_INFORMATION;
- psd = nc_psd;
+ if ((security_info_sent & SECINFO_OWNER) && (orig_psd->owner_sid != NULL)) {
+ psd->owner_sid = orig_psd->owner_sid;
+ }
+ if ((security_info_sent & SECINFO_GROUP) && (orig_psd->group_sid != NULL)) {
+ psd->group_sid = orig_psd->group_sid;
+ }
+ if (security_info_sent & SECINFO_DACL) {
+ psd->dacl = orig_psd->dacl;
+ }
+ if (security_info_sent & SECINFO_SACL) {
+ psd->sacl = orig_psd->sacl;
}
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
@@ -901,6 +920,10 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
result,
&info);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
if (info != FILE_WAS_CREATED) {
/* File/directory was opened, not created. */
goto out;
@@ -908,7 +931,7 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
fsp = *result;
- if (!NT_STATUS_IS_OK(status) || fsp == NULL) {
+ if (fsp == NULL) {
/* Only handle success. */
goto out;
}
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 8da0d1e..b26208c 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -28,6 +28,7 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
+#define ACL_MODULE_NAME "acl_tdb"
#include "modules/vfs_acl_common.c"
static unsigned int ref_count;
@@ -314,13 +315,16 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
return -1;
}
- /* Ensure we have "inherit acls = yes" if we're
+ /* Ensure we have the parameters correct if we're
* using this module. */
DEBUG(2,("connect_acl_tdb: setting 'inherit acls = true' "
- "and 'dos filemode = true' for service %s\n",
+ "'dos filemode = true' and "
+ "'force unknown acl user = true' for service %s\n",
service ));
+
lp_do_parameter(SNUM(handle->conn), "inherit acls", "true");
lp_do_parameter(SNUM(handle->conn), "dos filemode", "true");
+ lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true");
return 0;
}
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index 18f2d42..46e282d 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -29,6 +29,8 @@
#define DBGC_CLASS DBGC_VFS
/* Pull in the common functions. */
+#define ACL_MODULE_NAME "acl_xattr"
+
#include "modules/vfs_acl_common.c"
/*******************************************************************
@@ -183,14 +185,16 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
return ret;
}
- /* Ensure we have "inherit acls = yes" if we're
- * using this module. */
- DEBUG(2,("connect_acl_xattr: setting 'inherit acls = true' "
- "and 'dos filemode = true' for service %s\n",
- service ));
+ /* Ensure we have the parameters correct if we're
+ * using this module. */
+ DEBUG(2,("connect_acl_xattr: setting 'inherit acls = true' "
+ "'dos filemode = true' and "
+ "'force unknown acl user = true' for service %s\n",
+ service ));
lp_do_parameter(SNUM(handle->conn), "inherit acls", "true");
lp_do_parameter(SNUM(handle->conn), "dos filemode", "true");
+ lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true");
return 0;
}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 6e2a571..691fd7c 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -217,7 +217,7 @@ static int vfswrap_mkdir(vfs_handle_struct *handle, const char *path, mode_t mo
if (lp_inherit_acls(SNUM(handle->conn))
&& parent_dirname(talloc_tos(), path, &parent, NULL)
&& (has_dacl = directory_has_default_acl(handle->conn, parent)))
- mode = 0777;
+ mode = (0777 & lp_dir_mask(SNUM(handle->conn)));
TALLOC_FREE(parent);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 9139213..3ff192b 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -833,7 +833,15 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len,
SEC_DESC *psd = NULL;
NTSTATUS status;
- if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
+ if (sd_len == 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!CAN_WRITE(fsp->conn)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (!lp_nt_acl_support(SNUM(fsp->conn))) {
return NT_STATUS_OK;
}
@@ -850,9 +858,43 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len,
security_info_sent &= ~GROUP_SECURITY_INFORMATION;
}
- /* Convert all the generic bits. */
- security_acl_map_generic(psd->dacl, &file_generic_mapping);
- security_acl_map_generic(psd->sacl, &file_generic_mapping);
+ /* Ensure we have at least one thing set. */
+ if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Ensure we have the rights to do this. */
+ if (security_info_sent & SECINFO_OWNER) {
+ if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ if (security_info_sent & SECINFO_GROUP) {
+ if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ if (security_info_sent & SECINFO_DACL) {
+ if (!(fsp->access_mask & SEC_STD_WRITE_DAC)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ /* Convert all the generic bits. */
+ if (psd->dacl) {
+ security_acl_map_generic(psd->dacl, &file_generic_mapping);
+ }
+ }
+
+ if (security_info_sent & SECINFO_SACL) {
+ if (!(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ /* Convert all the generic bits. */
+ if (psd->sacl) {
+ security_acl_map_generic(psd->sacl, &file_generic_mapping);
+ }
+ }
if (DEBUGLEVEL >= 10) {
DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
@@ -1795,6 +1837,18 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
* Get the permissions to return.
*/
+ if ((security_info_wanted & SECINFO_SACL) &&
+ !(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
--
Samba Shared Repository
More information about the samba-cvs
mailing list