[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Mon Dec 3 12:22:28 MST 2012 

The branch, v3-6-test has been updated
       via  005d7c2 Final part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
       via  cc17ce3 More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
       via  32892d6 Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory ACL.
       via  a115a4e Add comment explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's.
       via  1c7d00e First part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
      from  de2c0f0 Use work around for 'winbind use default domain' only if it is set

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 005d7c28e35f58d5f8b114fb6234e663a6c30824
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Nov 12 16:30:32 2012 -0800

    Final part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
    
    We need to do the same check for overriding ACCESS_DENIED on DELETE_ACCESS
    as we do in smbd/open.c, as the ACL check is duplicated here. This has
    been fixed in 4.0.0 and later code.

commit cc17ce366a459bf1cb2207a45e5528ea0167b323
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Nov 12 16:26:25 2012 -0800

    More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
    
    Change can_delete_directory() to can_delete_directory_fsp(), as
    we only ever call this from an open directory file handle.
    
    This allows us to use OpenDir_fsp() instead of OpenDir().
    OpenDir() re-checks the ACL on the directory, which may
    refuse DIR_LIST permissions. OpenDir_fsp() does not. As
    this is a file-server internal check to see if the directory
    actually contains any files before setting delete on close,
    we can ignore the ACL here (Windows does).

commit 32892d6357469287bf9594b269bde5b9ffabd54e
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Nov 12 16:22:52 2012 -0800

    Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory ACL.
    
    If we can access the path to this file, by
    default we have FILE_READ_ATTRIBUTES from the
    containing directory. See the section.
    "Algorithm to Check Access to an Existing File"
    in MS-FSA.pdf.

commit a115a4e9799e8e5497232a149d4d927308c81a5b
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Nov 12 16:21:15 2012 -0800

    Add comment explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's.
    
    If we can access the path to this file, by
    default we have FILE_READ_ATTRIBUTES from the
    containing directory. See the section.
    "Algorithm to Check Access to an Existing File"
    in MS-FSA.pdf.

commit 1c7d00e8ef48c2cd57d79a00cb26bc56a2979241
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Nov 12 16:17:19 2012 -0800

    First part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
    
    Use the requested access mask before making the fd_open request in
    open_directory() rather than faking up an access mask of
    FILE_READ_DATA | FILE_READ_ATTRIBUTES.
    
    The underlying ACL may not permit FILE_READ_DATA.

-----------------------------------------------------------------------

Summary of changes:
 source3/include/proto.h          |    3 +--
 source3/lib/dummysmbd.c          |    3 +--
 source3/locking/locking.c        |    3 +--
 source3/modules/vfs_acl_common.c |   17 ++++++++++++++++-
 source3/smbd/dir.c               |   15 +++++++++------
 source3/smbd/open.c              |   20 +++++++++++++++++---
 6 files changed, 45 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 720f431..189b286 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1970,8 +1970,7 @@ void cancel_pending_lock_requests_by_fid(files_struct *fsp,
 			enum file_close_type close_type);
 void send_stat_cache_delete_message(struct messaging_context *msg_ctx,
 				    const char *name);
-NTSTATUS can_delete_directory(struct connection_struct *conn,
-				const char *dirname);
+NTSTATUS can_delete_directory_fsp(files_struct *fsp);
 bool change_to_root_user(void);
 struct event_context *smbd_event_context(void);
 void contend_level2_oplocks_begin(files_struct *fsp,
diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c
index 2465e65..0ff0f2e 100644
--- a/source3/lib/dummysmbd.c
+++ b/source3/lib/dummysmbd.c
@@ -44,8 +44,7 @@ void send_stat_cache_delete_message(struct messaging_context *msg_ctx,
 {
 }
 
-NTSTATUS can_delete_directory(struct connection_struct *conn,
-				const char *dirname)
+NTSTATUS can_delete_directory_fsp(files_struct *fsp)
 {
 	return NT_STATUS_OK;
 }
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 4379847..e60c4a8 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1476,8 +1476,7 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode)
 			return NT_STATUS_ACCESS_DENIED;
 		}
 
-		return can_delete_directory(fsp->conn,
-					    fsp->fsp_name->base_name);
+		return can_delete_directory_fsp(fsp);
 	}
 
 	return NT_STATUS_OK;
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index a537011..11c34e0 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -646,7 +646,22 @@ static int open_acl_common(vfs_handle_struct *handle,
 					get_current_nttok(handle->conn),
 					fsp->access_mask,
 					&access_granted);
-		if (!NT_STATUS_IS_OK(status)) {
+		/*
+		 * Check if we need to override ACCESS_DENIED for DELETE_ACCESS.
+		 * Do this if we only failed open on DELETE_ACCESS, and
+		 * we have permission to delete from the parent directory.
+		 */
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
+			(fsp->access_mask & DELETE_ACCESS) &&
+			(access_granted == DELETE_ACCESS) &&
+			can_delete_file_in_directory(handle->conn, smb_fname)) {
+				DEBUG(10,("open_acl_xattr: "
+					"overrode "
+					"DELETE_ACCESS on "
+					"file %s\n",
+					smb_fname_str_dbg(smb_fname)));
+				status = NT_STATUS_OK;
+		} else if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(10,("open_acl_xattr: %s open "
 				"for access 0x%x (0x%x) "
 				"refused with error %s\n",
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 9108a80..92be816 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1643,16 +1643,19 @@ bool SearchDir(struct smb_Dir *dirp, const char *name, long *poffset)
  Is this directory empty ?
 *****************************************************************/
 
-NTSTATUS can_delete_directory(struct connection_struct *conn,
-				const char *dirname)
+NTSTATUS can_delete_directory_fsp(files_struct *fsp)
 {
 	NTSTATUS status = NT_STATUS_OK;
 	long dirpos = 0;
 	const char *dname = NULL;
 	char *talloced = NULL;
 	SMB_STRUCT_STAT st;
-	struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
-					dirname, NULL, 0);
+	struct connection_struct *conn = fsp->conn;
+	struct smb_Dir *dir_hnd = OpenDir_fsp(talloc_tos(),
+					conn,
+					fsp,
+					NULL,
+					0);
 
 	if (!dir_hnd) {
 		return map_nt_error_from_unix(errno);
@@ -1667,12 +1670,12 @@ NTSTATUS can_delete_directory(struct connection_struct *conn,
 			}
 		}
 
-		if (!is_visible_file(conn, dirname, dname, &st, True)) {
+		if (!is_visible_file(conn, fsp->fsp_name->base_name, dname, &st, True)) {
 			TALLOC_FREE(talloced);
 			continue;
 		}
 
-		DEBUG(10,("can_delete_directory: got name %s - can't delete\n",
+		DEBUG(10,("can_delete_directory_fsp: got name %s - can't delete\n",
 			 dname ));
 		status = NT_STATUS_DIRECTORY_NOT_EMPTY;
 		break;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 6b94a6d..d10b697 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -58,6 +58,13 @@ NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
 		return NT_STATUS_OK;
 	}
 
+	/*
+	 * If we can access the path to this file, by
+	 * default we have FILE_READ_ATTRIBUTES from the
+	 * containing directory. See the section:
+	 * "Algorithm to Check Access to an Existing File"
+	 * in MS-FSA.pdf.
+	 */
 	return se_access_check(sd,
 				token,
 				(access_desired & ~FILE_READ_ATTRIBUTES),
@@ -1416,7 +1423,14 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
 				}
 			}
 
-			access_mask = access_granted;
+			/*
+			 * If we can access the path to this file, by
+			 * default we have FILE_READ_ATTRIBUTES from the
+			 * containing directory. See the section.
+			 * "Algorithm to Check Access to an Existing File"
+			 * in MS-FSA.pdf.
+			 */
+			access_mask = access_granted | FILE_READ_ATTRIBUTES;
 		} else {
 			access_mask = FILE_GENERIC_ALL;
 		}
@@ -2752,8 +2766,8 @@ static NTSTATUS open_directory(connection_struct *conn,
 
 	mtimespec = smb_dname->st.st_ex_mtime;
 
-	/* Temporary access mask used to open the directory fd. */
-	fsp->access_mask = FILE_READ_DATA | FILE_READ_ATTRIBUTES;
+	fsp->access_mask = access_mask;
+
 #ifdef O_DIRECTORY
 	status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
 #else


-- 
Samba Shared Repository

More information about the samba-cvs mailing list