[SCM] Samba Shared Repository - branch v3-6-test updated

Sat Jan 21 13:09:36 MST 2012

The branch, v3-6-test has been updated
       via  6b72809 Third part of fix for bug #8673 - NT ACL issue.
       via  28834ee Second part of fix for bug #8673 - NT ACL issue.
       via  d40006a First part of fix for bug #8673 - NT ACL issue.
      from  c6bd2aa Third part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 6b72809b7488cc530f47ad08dfde215627681cf6
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jan 10 13:49:03 2012 -0800

    Third part of fix for bug #8673 - NT ACL issue.
    
    (Not needed in master as this code has changed). Ensure we set a temp
    access mask before calling open(O_RDONLY|O_DIRECTORY) on the directory.

commit 28834ee4fcfc204fa9a88459700fed212a1e9fce
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jan 10 13:48:18 2012 -0800

    Second part of fix for bug #8673 - NT ACL issue.
    
    Ensure we process the entire ACE list instead of returning ACCESS_DENIED
    and terminating the walk - ensure we only return the exact bits that cause
    the access to be denied. Some of the S3 fileserver needs to know if we
    are only denied DELETE access before overriding it by looking at the
    containing directory ACL.

commit d40006aa7f8a594273a9d0ad1fa1a87ae7b1ebb0
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jan 10 13:41:55 2012 -0800

    First part of fix for bug #8673 - NT ACL issue.
    
    Simplify the logic in the unlink/rmdir calls - makes it readable
    (and correct). Add some debug.

-----------------------------------------------------------------------

Summary of changes:
 libcli/security/access_check.c   |    7 +++--
 source3/modules/vfs_acl_common.c |   52 ++++++++++++++++++++++++-------------
 source3/smbd/open.c              |   12 ++++++---
 3 files changed, 46 insertions(+), 25 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 6bb64ae..1b02a86 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -158,6 +158,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
 {
 	uint32_t i;
 	uint32_t bits_remaining;
+	uint32_t explicitly_denied_bits = 0;
 
 	*access_granted = access_desired;
 	bits_remaining = access_desired;
@@ -232,15 +233,15 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
 			break;
 		case SEC_ACE_TYPE_ACCESS_DENIED:
 		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
-			if (bits_remaining & ace->access_mask) {
-				return NT_STATUS_ACCESS_DENIED;
-			}
+			explicitly_denied_bits |= (bits_remaining & ace->access_mask);
 			break;
 		default:	/* Other ACE types not handled/supported */
 			break;
 		}
 	}
 
+	bits_remaining |= explicitly_denied_bits;
+
 done:
 	if (bits_remaining != 0) {
 		*access_granted = bits_remaining;
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index f82f031..4554dc8 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -631,8 +631,11 @@ static int open_acl_common(vfs_handle_struct *handle,
 					&access_granted);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(10,("open_acl_xattr: %s open "
+				"for access 0x%x (0x%x) "
 				"refused with error %s\n",
 				fsp_str_dbg(fsp),
+				(unsigned int)fsp->access_mask,
+				(unsigned int)access_granted,
 				nt_errstr(status) ));
 			goto err;
 		}
@@ -917,17 +920,23 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle,
 {
 	int ret;
 
+	/* Try the normal rmdir first. */
 	ret = SMB_VFS_NEXT_RMDIR(handle, path);
-	if (!(ret == -1 && (errno == EACCES || errno == EPERM))) {
-		DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n",
-			path,
-			strerror(errno) ));
-		return ret;
+	if (ret == 0) {
+		return 0;
+	}
+	if (errno == EACCES || errno == EPERM) {
+		/* Failed due to access denied,
+		   see if we need to root override. */
+		return acl_common_remove_object(handle,
+						path,
+						true);
 	}
 
-	return acl_common_remove_object(handle,
-					path,
-					true);
+	DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n",
+		path,
+		strerror(errno) ));
+	return -1;
 }
 
 static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
@@ -1047,21 +1056,28 @@ static int unlink_acl_common(struct vfs_handle_struct *handle,
 {
 	int ret;
 
+	/* Try the normal unlink first. */
 	ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
-	if (!(ret == -1 && (errno == EACCES || errno == EPERM))) {
-		DEBUG(10,("unlink_acl_common: unlink of %s failed %s\n",
-			smb_fname->base_name,
-			strerror(errno) ));
-		return ret;
-	}
-	/* Don't do anything fancy for streams. */
-	if (smb_fname->stream_name) {
-		return ret;
+	if (ret == 0) {
+		return 0;
 	}
+	if (errno == EACCES || errno == EPERM) {
+		/* Failed due to access denied,
+		   see if we need to root override. */
 
-	return acl_common_remove_object(handle,
+		/* Don't do anything fancy for streams. */
+		if (smb_fname->stream_name) {
+			return -1;
+		}
+		return acl_common_remove_object(handle,
 					smb_fname->base_name,
 					false);
+	}
+
+	DEBUG(10,("unlink_acl_common: unlink of %s failed %s\n",
+		smb_fname->base_name,
+		strerror(errno) ));
+	return -1;
 }
 
 static int chmod_acl_module_common(struct vfs_handle_struct *handle,
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ce86b4c..202643f 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2740,10 +2740,6 @@ static NTSTATUS open_directory(connection_struct *conn,
 
 	fsp->share_access = share_access;
 	fsp->fh->private_options = 0;
-	/*
-	 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
-	 */
-	fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
 	fsp->print_file = NULL;
 	fsp->modified = False;
 	fsp->oplock_type = NO_OPLOCK;
@@ -2758,6 +2754,8 @@ static NTSTATUS open_directory(connection_struct *conn,
 
 	mtimespec = smb_dname->st.st_ex_mtime;
 
+	/* Temporary access mask used to open the directory fd. */
+	fsp->access_mask = FILE_READ_DATA | FILE_READ_ATTRIBUTES;
 #ifdef O_DIRECTORY
 	status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
 #else
@@ -2773,6 +2771,12 @@ static NTSTATUS open_directory(connection_struct *conn,
 		return status;
 	}
 
+	/*
+	 * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
+	 * Set the real access mask for later access (possibly delete).
+	 */
+	fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
+
 	status = vfs_stat_fsp(fsp);
 	if (!NT_STATUS_IS_OK(status)) {
 		fd_close(fsp);


-- 
Samba Shared Repository
