[SCM] Samba Shared Repository - branch v3-6-test updated

Jeremy Allison jra at samba.org
Tue Oct 12 12:13:26 MDT 2010 

The branch, v3-6-test has been updated
       via  8fcfb11 Make the vfs_acl_xattr and other modules work with NULL SD's. Fix the "protected" inheritance problem (bleeding up from the POSIX layer).
       via  406be18 Canonicalize incoming and outgoing ACLs.
       via  544d4dd Make the posix ACL module cope with a NULL incoming DACL and a missing owner/group.
      from  e8f3281 More neccessary const.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 8fcfb11885142b5e3b16220b2d8581db4a75dec9
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Oct 11 17:15:39 2010 -0700

    Make the vfs_acl_xattr and other modules work with NULL SD's. Fix
    the "protected" inheritance problem (bleeding up from the POSIX
    layer).
    
    Jeremy
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Tue Oct 12 00:57:41 UTC 2010 on sn-devel-104
    (cherry picked from commit 6f6094076ff73dffb2570f86cb72e0ac9d0e86f2)

commit 406be1880d0d6f5c97e97ccb463ece6c06d264a6
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Oct 11 17:10:28 2010 -0700

    Canonicalize incoming and outgoing ACLs.
    
    Jeremy.
    (cherry picked from commit 6f4e782c5343fc46f9029a549c419e5f3c1e6190)

commit 544d4ddd04f5a2e1fb298528a974fe727bec6afc
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Oct 11 17:07:54 2010 -0700

    Make the posix ACL module cope with a NULL incoming DACL and a
    missing owner/group.
    
    Jeremy.
    (cherry picked from commit 71d9f51b4eaedbecaf4b9e7a7fffae33dba6ba2e)

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_acl_common.c |   70 ++++++++++++++++----------------------
 source3/smbd/nttrans.c           |   59 +++++++++++++++++++++++++++++--
 source3/smbd/posix_acls.c        |   31 +++++++++++++++++
 3 files changed, 115 insertions(+), 45 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 46ff2e6..10cb252 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -329,6 +329,9 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
 
 	if (memcmp(&hash[0], &hash_tmp[0], XATTR_SD_HASH_SIZE) == 0) {
 		/* Hash matches, return blob sd. */
+		DEBUG(10, ("get_nt_acl_internal: blob hash "
+			"matches for file %s\n",
+			name ));
 		goto out;
 	}
 
@@ -369,6 +372,11 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
 							psbuf,
 							psd);
 		}
+		/* The underlying POSIX module always sets
+		   the ~SEC_DESC_DACL_PROTECTED bit, as ACLs
+		   can't be inherited in this way under POSIX.
+		   Remove it for Windows-style ACLs. */
+		psd->type &= ~SEC_DESC_DACL_PROTECTED;
 	}
 
 	if (!(security_info & SECINFO_OWNER)) {
@@ -662,61 +670,41 @@ static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
 *********************************************************************/
 
 static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
-        uint32_t security_info_sent, const struct security_descriptor *psd)
+        uint32_t security_info_sent, const struct security_descriptor *orig_psd)
 {
 	NTSTATUS status;
 	DATA_BLOB blob;
 	struct security_descriptor *pdesc_next = NULL;
+	struct security_descriptor *psd = NULL;
 	uint8_t hash[XATTR_SD_HASH_SIZE];
 
 	if (DEBUGLEVEL >= 10) {
 		DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n",
 			  fsp_str_dbg(fsp)));
 		NDR_PRINT_DEBUG(security_descriptor,
-			CONST_DISCARD(struct security_descriptor *,psd));
+			CONST_DISCARD(struct security_descriptor *,orig_psd));
 	}
 
-        /* Ensure we have OWNER/GROUP/DACL set. */
-
-	if ((security_info_sent & (SECINFO_OWNER|
-				SECINFO_GROUP|
-				SECINFO_DACL)) !=
-				(SECINFO_OWNER|
-				 SECINFO_GROUP|
-				 SECINFO_DACL)) {
-		/* No we don't - read from the existing SD. */
-		struct security_descriptor *nc_psd = NULL;
-
-		status = get_nt_acl_internal(handle, fsp,
-				NULL,
-				(SECINFO_OWNER|
-				 SECINFO_GROUP|
-				 SECINFO_DACL),
-				&nc_psd);
-
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
-
-		/* This is safe as nc_psd is discarded at fn exit. */
-		if (security_info_sent & SECINFO_OWNER) {
-			nc_psd->owner_sid = psd->owner_sid;
-		}
-		security_info_sent |= SECINFO_OWNER;
+	status = get_nt_acl_internal(handle, fsp,
+			NULL,
+			SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL,
+			&psd);
 
-		if (security_info_sent & SECINFO_GROUP) {
-			nc_psd->group_sid = psd->group_sid;
-		}
-		security_info_sent |= SECINFO_GROUP;
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
-		if (security_info_sent & SECINFO_DACL) {
-			nc_psd->dacl = dup_sec_acl(talloc_tos(), psd->dacl);
-			if (nc_psd->dacl == NULL) {
-				return NT_STATUS_NO_MEMORY;
-			}
-		}
-		security_info_sent |= SECINFO_DACL;
-		psd = nc_psd;
+	if ((security_info_sent & SECINFO_OWNER) && (orig_psd->owner_sid != NULL)) {
+		psd->owner_sid = orig_psd->owner_sid;
+	}
+	if ((security_info_sent & SECINFO_GROUP) && (orig_psd->group_sid != NULL)) {
+		psd->group_sid = orig_psd->group_sid;
+	}
+	if (security_info_sent & SECINFO_DACL) {
+		psd->dacl = orig_psd->dacl;
+	}
+	if (security_info_sent & SECINFO_SACL) {
+		psd->sacl = orig_psd->sacl;
 	}
 
 	status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index b3096b5..f0b6eb2 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -836,11 +836,15 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len,
 	struct security_descriptor *psd = NULL;
 	NTSTATUS status;
 
+	if (sd_len == 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	if (!CAN_WRITE(fsp->conn)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
+	if (!lp_nt_acl_support(SNUM(fsp->conn))) {
 		return NT_STATUS_OK;
 	}
 
@@ -857,9 +861,43 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len,
 		security_info_sent &= ~SECINFO_GROUP;
 	}
 
-	/* Convert all the generic bits. */
-	security_acl_map_generic(psd->dacl, &file_generic_mapping);
-	security_acl_map_generic(psd->sacl, &file_generic_mapping);
+	/* Ensure we have at least one thing set. */
+	if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* Ensure we have the rights to do this. */
+	if (security_info_sent & SECINFO_OWNER) {
+		if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
+
+	if (security_info_sent & SECINFO_GROUP) {
+		if (!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
+
+	if (security_info_sent & SECINFO_DACL) {
+		if (!(fsp->access_mask & SEC_STD_WRITE_DAC)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		/* Convert all the generic bits. */
+		if (psd->dacl) {
+			security_acl_map_generic(psd->dacl, &file_generic_mapping);
+		}
+	}
+
+	if (security_info_sent & SECINFO_SACL) {
+		if (!(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+		/* Convert all the generic bits. */
+		if (psd->sacl) {
+			security_acl_map_generic(psd->sacl, &file_generic_mapping);
+		}
+	}
 
 	if (DEBUGLEVEL >= 10) {
 		DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
@@ -1808,6 +1846,19 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
 		return status;
 	}
 
+	if (!(security_info_wanted & SECINFO_OWNER)) {
+		psd->owner_sid = NULL;
+	}
+	if (!(security_info_wanted & SECINFO_GROUP)) {
+		psd->group_sid = NULL;
+	}
+	if (!(security_info_wanted & SECINFO_DACL)) {
+		psd->dacl = NULL;
+	}
+	if (!(security_info_wanted & SECINFO_SACL)) {
+		psd->sacl = NULL;
+	}
+
 	/* If the SACL/DACL is NULL, but was requested, we mark that it is
 	 * present in the reply to match Windows behavior */
 	if (psd->sacl == NULL &&
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 1fb0a2c..ebecd6c 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3863,6 +3863,29 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	if((security_info_sent & SECINFO_DACL) &&
+			(psd->type & SEC_DESC_DACL_PRESENT) &&
+			(psd->dacl == NULL)) {
+		struct security_ace ace;
+
+		/* We can't have NULL DACL in POSIX.
+		   Use Everyone -> full access. */
+
+		init_sec_ace(&ace,
+				&global_sid_World,
+				SEC_ACE_TYPE_ACCESS_ALLOWED,
+				GENERIC_ALL_ACCESS,
+				0);
+		psd->dacl = make_sec_acl(talloc_tos(),
+					NT4_ACL_REVISION,
+					1,
+					&ace);
+		if (psd->dacl == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		security_acl_map_generic(psd->dacl, &file_generic_mapping);
+	}
+
 	/*
 	 * Get the current state of the file.
 	 */
@@ -3879,6 +3902,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
 	 * Unpack the user/group/world id's.
 	 */
 
+	/* POSIX can't cope with missing owner/group. */
+	if ((security_info_sent & SECINFO_OWNER) && (psd->owner_sid == NULL)) {
+		security_info_sent &= ~SECINFO_OWNER;
+	}
+	if ((security_info_sent & SECINFO_GROUP) && (psd->group_sid == NULL)) {
+		security_info_sent &= ~SECINFO_GROUP;
+	}
+
 	status = unpack_nt_owners( conn, &user, &grp, security_info_sent, psd);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list