[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Nov 22 18:28:02 MST 2011
The branch, master has been updated
via a17e01b Ensure we don't free uninitialized variables.
via 7ef4d08 Remove the setting of the inherited ACL on new files/directories. This is now done correctly in the main codepath. The vfs_acl_XXXX modules are now thin shims that simply store/retrieve ACLs as they should be.
via de3ab9b Move setting the inherited ACL into the main open code path. Next will remove it from the ACL modules.
via 6795432 Move the "set SD" code into provided SD and "inherit acls" branches.
via 7b275c5 Only add the SD if it's not a new stream file.
via 12514bf Move the add security descriptor code to *after* all the other meta-data is updated. We may be adding an SD that restricts our own access.
from d5d17f0 s3: Fix wb_next_pwent_fill_done
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a17e01baa79bd9205232f81534a700ac4aa951c3
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 22 15:53:26 2011 -0800
Ensure we don't free uninitialized variables.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Wed Nov 23 02:27:53 CET 2011 on sn-devel-104
commit 7ef4d08a98870a84ac6e60c194a0fcd47ebe00e8
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 22 12:33:54 2011 -0800
Remove the setting of the inherited ACL on new files/directories. This is
now done correctly in the main codepath. The vfs_acl_XXXX modules are
now thin shims that simply store/retrieve ACLs as they should be.
commit de3ab9bd05cd26d2ef53ce2b0af789416e3580bf
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 22 12:33:27 2011 -0800
Move setting the inherited ACL into the main open code path. Next will
remove it from the ACL modules.
commit 6795432f272e725198dcd3514910c823d96d0a55
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 22 11:53:51 2011 -0800
Move the "set SD" code into provided SD and "inherit acls" branches.
commit 7b275c551ba3caee9e020740a672f8dd447769ff
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 22 10:37:56 2011 -0800
Only add the SD if it's not a new stream file.
commit 12514bf008044f836e62b46b8fea1ef3117d7632
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 22 10:28:52 2011 -0800
Move the add security descriptor code to *after* all the other meta-data is
updated. We may be adding an SD that restricts our own access.
-----------------------------------------------------------------------
Summary of changes:
lib/addns/dnsrecord.c | 4 +-
source3/modules/vfs_acl_common.c | 222 --------------------------------------
source3/modules/vfs_acl_tdb.c | 1 -
source3/modules/vfs_acl_xattr.c | 1 -
source3/smbd/open.c | 190 ++++++++++++++++++++++++++-------
5 files changed, 153 insertions(+), 265 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/addns/dnsrecord.c b/lib/addns/dnsrecord.c
index de70bca..f9435da 100644
--- a/lib/addns/dnsrecord.c
+++ b/lib/addns/dnsrecord.c
@@ -309,8 +309,8 @@ DNS_ERROR dns_create_tsig_record(TALLOC_CTX *mem_ctx, const char *keyname,
uint16 original_id, uint16 error,
struct dns_rrec **prec)
{
- struct dns_buffer *buf;
- struct dns_domain_name *algorithm;
+ struct dns_buffer *buf = NULL;
+ struct dns_domain_name *algorithm = NULL;
DNS_ERROR err;
if (!(buf = dns_create_buffer(mem_ctx))) {
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index aebf0ae..799de98 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -445,126 +445,6 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
}
/*********************************************************************
- Create a default ACL by inheriting from the parent. If no inheritance
- from the parent available, don't set anything. This will leave the actual
- permissions the new file or directory already got from the filesystem
- as the NT ACL when read.
-*********************************************************************/
-
-static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
- files_struct *fsp,
- struct security_descriptor *parent_desc,
- bool is_directory)
-{
- TALLOC_CTX *ctx = talloc_tos();
- NTSTATUS status = NT_STATUS_OK;
- struct security_descriptor *psd = NULL;
- struct dom_sid *owner_sid = NULL;
- struct dom_sid *group_sid = NULL;
- uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
- bool inherit_owner = lp_inherit_owner(SNUM(handle->conn));
- bool inheritable_components = sd_has_inheritable_components(parent_desc,
- is_directory);
- size_t size;
-
- if (!inheritable_components && !inherit_owner) {
- /* Nothing to inherit and not setting owner. */
- return NT_STATUS_OK;
- }
-
- /* Create an inherited descriptor from the parent. */
-
- if (DEBUGLEVEL >= 10) {
- DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
- fsp_str_dbg(fsp) ));
- NDR_PRINT_DEBUG(security_descriptor, parent_desc);
- }
-
- /* Inherit from parent descriptor if "inherit owner" set. */
- if (inherit_owner) {
- owner_sid = parent_desc->owner_sid;
- group_sid = parent_desc->group_sid;
- }
-
- if (owner_sid == NULL) {
- owner_sid = &handle->conn->session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
- }
- if (group_sid == NULL) {
- group_sid = &handle->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX];
- }
-
- status = se_create_child_secdesc(ctx,
- &psd,
- &size,
- parent_desc,
- owner_sid,
- group_sid,
- is_directory);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- /* If inheritable_components == false,
- se_create_child_secdesc()
- creates a security desriptor with a NULL dacl
- entry, but with SEC_DESC_DACL_PRESENT. We need
- to remove that flag. */
-
- if (!inheritable_components) {
- security_info_sent &= ~SECINFO_DACL;
- psd->type &= ~SEC_DESC_DACL_PRESENT;
- }
-
- if (DEBUGLEVEL >= 10) {
- DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
- fsp_str_dbg(fsp) ));
- NDR_PRINT_DEBUG(security_descriptor, psd);
- }
-
- if (inherit_owner) {
- /* We need to be root to force this. */
- become_root();
- }
- status = SMB_VFS_FSET_NT_ACL(fsp,
- security_info_sent,
- psd);
- if (inherit_owner) {
- unbecome_root();
- }
- return status;
-}
-
-static NTSTATUS get_parent_acl_common(vfs_handle_struct *handle,
- const char *path,
- struct security_descriptor **pp_parent_desc)
-{
- char *parent_name = NULL;
- NTSTATUS status;
-
- if (!parent_dirname(talloc_tos(), path, &parent_name, NULL)) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = get_nt_acl_internal(handle,
- NULL,
- parent_name,
- (SECINFO_OWNER |
- SECINFO_GROUP |
- SECINFO_DACL),
- pp_parent_desc);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("get_parent_acl_common: get_nt_acl_internal "
- "on directory %s for "
- "path %s returned %s\n",
- parent_name,
- path,
- nt_errstr(status) ));
- }
- return status;
-}
-
-/*********************************************************************
Fetch a security descriptor given an fsp.
*********************************************************************/
@@ -778,108 +658,6 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle,
true);
}
-static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
- struct smb_request *req,
- uint16_t root_dir_fid,
- struct smb_filename *smb_fname,
- uint32_t access_mask,
- uint32_t share_access,
- uint32_t create_disposition,
- uint32_t create_options,
- uint32_t file_attributes,
- uint32_t oplock_request,
- uint64_t allocation_size,
- uint32_t private_flags,
- struct security_descriptor *sd,
- struct ea_list *ea_list,
- files_struct **result,
- int *pinfo)
-{
- NTSTATUS status, status1;
- files_struct *fsp = NULL;
- int info;
- struct security_descriptor *parent_sd = NULL;
-
- status = SMB_VFS_NEXT_CREATE_FILE(handle,
- req,
- root_dir_fid,
- smb_fname,
- access_mask,
- share_access,
- create_disposition,
- create_options,
- file_attributes,
- oplock_request,
- allocation_size,
- private_flags,
- sd,
- ea_list,
- result,
- &info);
-
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
-
- if (info != FILE_WAS_CREATED) {
- /* File/directory was opened, not created. */
- goto out;
- }
-
- fsp = *result;
-
- if (fsp == NULL) {
- /* Only handle success. */
- goto out;
- }
-
- if (sd) {
- /* Security descriptor already set. */
- goto out;
- }
-
- if (fsp->base_fsp) {
- /* Stream open. */
- goto out;
- }
-
- status = get_parent_acl_common(handle,
- fsp->fsp_name->base_name,
- &parent_sd);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
-
- if (!parent_sd) {
- goto err;
- }
-
- /* New directory - inherit from parent. */
- status1 = inherit_new_acl(handle, fsp, parent_sd, fsp->is_directory);
-
- if (!NT_STATUS_IS_OK(status1)) {
- DEBUG(1,("create_file_acl_common: error setting "
- "sd for %s (%s)\n",
- fsp_str_dbg(fsp),
- nt_errstr(status1) ));
- }
-
- out:
-
- TALLOC_FREE(parent_sd);
-
- if (NT_STATUS_IS_OK(status) && pinfo) {
- *pinfo = info;
- }
- return status;
-
- err:
-
- smb_panic("create_file_acl_common: logic error.\n");
- /* NOTREACHED */
- return status;
-}
-
static int unlink_acl_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 647d133..35b8ab7 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -401,7 +401,6 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
.connect_fn = connect_acl_tdb,
.disconnect = disconnect_acl_tdb,
.rmdir = rmdir_acl_tdb,
- .create_file = create_file_acl_common,
.unlink = unlink_acl_tdb,
.chmod = chmod_acl_module_common,
.fchmod = fchmod_acl_module_common,
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index f1a2e89..25a3c54 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -202,7 +202,6 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
static struct vfs_fn_pointers vfs_acl_xattr_fns = {
.connect_fn = connect_acl_xattr,
.rmdir = rmdir_acl_common,
- .create_file = create_file_acl_common,
.unlink = unlink_acl_common,
.chmod = chmod_acl_module_common,
.fchmod = fchmod_acl_module_common,
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 575503f..5cda44c 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3185,6 +3185,109 @@ NTSTATUS open_streams_for_delete(connection_struct *conn,
return status;
}
+/*********************************************************************
+ Create a default ACL by inheriting from the parent. If no inheritance
+ from the parent available, don't set anything. This will leave the actual
+ permissions the new file or directory already got from the filesystem
+ as the NT ACL when read.
+*********************************************************************/
+
+static NTSTATUS inherit_new_acl(files_struct *fsp)
+{
+ TALLOC_CTX *ctx = talloc_tos();
+ char *parent_name = NULL;
+ struct security_descriptor *parent_desc = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+ struct security_descriptor *psd = NULL;
+ struct dom_sid *owner_sid = NULL;
+ struct dom_sid *group_sid = NULL;
+ uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
+ bool inherit_owner = lp_inherit_owner(SNUM(fsp->conn));
+ bool inheritable_components = false;
+ size_t size = 0;
+
+ if (!parent_dirname(ctx, fsp->fsp_name->base_name, &parent_name, NULL)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = SMB_VFS_GET_NT_ACL(fsp->conn,
+ parent_name,
+ (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
+ &parent_desc);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ inheritable_components = sd_has_inheritable_components(parent_desc,
+ fsp->is_directory);
+
+ if (!inheritable_components && !inherit_owner) {
+ /* Nothing to inherit and not setting owner. */
+ return NT_STATUS_OK;
+ }
+
+ /* Create an inherited descriptor from the parent. */
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("inherit_new_acl: parent acl for %s is:\n",
+ fsp_str_dbg(fsp) ));
+ NDR_PRINT_DEBUG(security_descriptor, parent_desc);
+ }
+
+ /* Inherit from parent descriptor if "inherit owner" set. */
+ if (inherit_owner) {
+ owner_sid = parent_desc->owner_sid;
+ group_sid = parent_desc->group_sid;
+ }
+
+ if (owner_sid == NULL) {
+ owner_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+ }
+ if (group_sid == NULL) {
+ group_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX];
+ }
+
+ status = se_create_child_secdesc(ctx,
+ &psd,
+ &size,
+ parent_desc,
+ owner_sid,
+ group_sid,
+ fsp->is_directory);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* If inheritable_components == false,
+ se_create_child_secdesc()
+ creates a security desriptor with a NULL dacl
+ entry, but with SEC_DESC_DACL_PRESENT. We need
+ to remove that flag. */
+
+ if (!inheritable_components) {
+ security_info_sent &= ~SECINFO_DACL;
+ psd->type &= ~SEC_DESC_DACL_PRESENT;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
+ fsp_str_dbg(fsp) ));
+ NDR_PRINT_DEBUG(security_descriptor, psd);
+ }
+
+ if (inherit_owner) {
+ /* We need to be root to force this. */
+ become_root();
+ }
+ status = SMB_VFS_FSET_NT_ACL(fsp,
+ security_info_sent,
+ psd);
+ if (inherit_owner) {
+ unbecome_root();
+ }
+ return status;
+}
+
/*
* Wrapper around open_file_ntcreate and open_directory
*/
@@ -3422,45 +3525,6 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
fsp->base_fsp = base_fsp;
- /*
- * According to the MS documentation, the only time the security
- * descriptor is applied to the opened file is iff we *created* the
- * file; an existing file stays the same.
- *
- * Also, it seems (from observation) that you can open the file with
- * any access mask but you can still write the sd. We need to override
- * the granted access before we call set_sd
- * Patch for bug #2242 from Tom Lackemann <cessnatomny at yahoo.com>.
- */
-
- if ((sd != NULL) && (info == FILE_WAS_CREATED)
- && lp_nt_acl_support(SNUM(conn))) {
-
- uint32_t sec_info_sent;
- uint32_t saved_access_mask = fsp->access_mask;
-
- sec_info_sent = get_sec_info(sd);
-
- fsp->access_mask = FILE_GENERIC_ALL;
-
- /* Convert all the generic bits. */
- security_acl_map_generic(sd->dacl, &file_generic_mapping);
- security_acl_map_generic(sd->sacl, &file_generic_mapping);
-
- if (sec_info_sent & (SECINFO_OWNER|
- SECINFO_GROUP|
- SECINFO_DACL|
- SECINFO_SACL)) {
- status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
- }
-
- fsp->access_mask = saved_access_mask;
-
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
- }
- }
-
if ((ea_list != NULL) &&
((info == FILE_WAS_CREATED) || (info == FILE_WAS_OVERWRITTEN))) {
status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
@@ -3496,6 +3560,54 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
}
}
+ if ((info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn)) &&
+ fsp->base_fsp == NULL) {
+ if (sd != NULL) {
+ /*
+ * According to the MS documentation, the only time the security
+ * descriptor is applied to the opened file is iff we *created* the
+ * file; an existing file stays the same.
+ *
+ * Also, it seems (from observation) that you can open the file with
+ * any access mask but you can still write the sd. We need to override
+ * the granted access before we call set_sd
+ * Patch for bug #2242 from Tom Lackemann <cessnatomny at yahoo.com>.
+ */
+
+ uint32_t sec_info_sent;
+ uint32_t saved_access_mask = fsp->access_mask;
+
+ sec_info_sent = get_sec_info(sd);
+
+ fsp->access_mask = FILE_GENERIC_ALL;
+
+ /* Convert all the generic bits. */
+ security_acl_map_generic(sd->dacl, &file_generic_mapping);
+ security_acl_map_generic(sd->sacl, &file_generic_mapping);
+
+ if (sec_info_sent & (SECINFO_OWNER|
+ SECINFO_GROUP|
+ SECINFO_DACL|
+ SECINFO_SACL)) {
+ status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
+ }
+
+ fsp->access_mask = saved_access_mask;
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ } else if (lp_inherit_acls(SNUM(conn))) {
+ /* Inherit from parent. Errors here are not fatal. */
+ status = inherit_new_acl(fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("inherit_new_acl: failed for %s with %s\n",
+ fsp_str_dbg(fsp),
+ nt_errstr(status) ));
+ }
+ }
+ }
+
DEBUG(10, ("create_file_unixpath: info=%d\n", info));
*result = fsp;
--
Samba Shared Repository
More information about the samba-cvs
mailing list