[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Fri Sep 14 16:38:02 MDT 2012
The branch, master has been updated
via 8de46ea Add 'bool use_privs' to smbd_calculate_access_mask().
via 6d82976 Fix bad string in debug message (remove it).
via aa0a7cf Add bool use_privs parameter to smbd_check_access_rights()
via 1e34d58 Add "backup_intent" bool.
via b66bcab Don't call can_write_to_file() if we already have 'fsp->can_write' set.
from 35a4a1e build: Fix build on systems without ldap development headers
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8de46eac65deb33cd91fa242fb89fb59dc3cac42
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 13 17:12:24 2012 -0700
Add 'bool use_privs' to smbd_calculate_access_mask().
Replaces blanket root allow if set. Set to 'false' for
all current callers.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 15 00:37:49 CEST 2012 on sn-devel-104
commit 6d82976597d6418005a889781cc23adf6b3090c3
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 13 17:08:43 2012 -0700
Fix bad string in debug message (remove it).
commit aa0a7cf51a8b4ed2f188c2c38c4d5d47688de9ad
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 13 16:11:31 2012 -0700
Add bool use_privs parameter to smbd_check_access_rights()
If this is set we should use it in preference to blindly assuming
root can do anything. Currently set to 'false' in (most) callers.
commit 1e34d584393c09a43bf0226bebc0ae0f675e57ae
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 13 15:35:21 2012 -0700
Add "backup_intent" bool.
commit b66bcab58ce73f86424b9a6ffbf9d3634e42f8ae
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 13 14:36:57 2012 -0700
Don't call can_write_to_file() if we already have 'fsp->can_write' set.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/dir.c | 5 ++++-
source3/smbd/fake_file.c | 2 +-
source3/smbd/file_access.c | 2 ++
source3/smbd/globals.h | 1 +
source3/smbd/nttrans.c | 2 ++
source3/smbd/open.c | 33 +++++++++++++++++++++------------
source3/smbd/proto.h | 1 +
source3/smbd/smb2_create.c | 1 +
source3/smbd/trans2.c | 1 +
9 files changed, 34 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index cb27110..e12812e 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -510,6 +510,7 @@ NTSTATUS dptr_create(connection_struct *conn,
dir_hnd = OpenDir_fsp(NULL, conn, fsp, wcard, attr);
} else {
int ret;
+ bool backup_intent = (req && req->priv_paths);
struct smb_filename *smb_dname = NULL;
NTSTATUS status = create_synthetic_smb_fname(talloc_tos(),
path,
@@ -532,11 +533,12 @@ NTSTATUS dptr_create(connection_struct *conn,
}
status = smbd_check_access_rights(conn,
smb_dname,
+ backup_intent,
SEC_DIR_LIST);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- if (req && req->priv_paths) {
+ if (backup_intent) {
dir_hnd = open_dir_with_privilege(conn,
req,
path,
@@ -1280,6 +1282,7 @@ static bool user_can_read_file(connection_struct *conn,
return NT_STATUS_IS_OK(smbd_check_access_rights(conn,
smb_fname,
+ false,
FILE_READ_DATA));
}
diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c
index d052d49..3f9e2ae 100644
--- a/source3/smbd/fake_file.c
+++ b/source3/smbd/fake_file.c
@@ -129,7 +129,7 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn,
files_struct *fsp = NULL;
NTSTATUS status;
- status = smbd_calculate_access_mask(conn, smb_fname,
+ status = smbd_calculate_access_mask(conn, smb_fname, false,
access_mask, &access_mask);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_fake_file: smbd_calculate_access_mask "
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 6ced6a6..015679d 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -124,6 +124,7 @@ bool can_delete_file_in_directory(connection_struct *conn,
ret = NT_STATUS_IS_OK(smbd_check_access_rights(conn,
smb_fname_parent,
+ false,
FILE_DELETE_CHILD));
out:
TALLOC_FREE(dname);
@@ -140,6 +141,7 @@ bool can_write_to_file(connection_struct *conn,
{
return NT_STATUS_IS_OK(smbd_check_access_rights(conn,
smb_fname,
+ false,
FILE_WRITE_DATA));
}
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 566f04d..74e42c7 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -202,6 +202,7 @@ bool smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
const struct smb_filename *smb_fname,
+ bool use_privs,
uint32_t access_mask,
uint32_t *access_mask_out);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 997f721..6848d10 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -718,6 +718,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
uint32 perms = 0;
p += 25;
if (fsp->is_directory ||
+ fsp->can_write ||
can_write_to_file(conn, smb_fname)) {
perms = FILE_GENERIC_ALL;
} else {
@@ -1345,6 +1346,7 @@ static void call_nt_transact_create(connection_struct *conn,
uint32 perms = 0;
p += 25;
if (fsp->is_directory ||
+ fsp->can_write ||
can_write_to_file(conn, smb_fname)) {
perms = FILE_GENERIC_ALL;
} else {
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 0da2386..b67c045 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -65,6 +65,7 @@ static bool parent_override_delete(connection_struct *conn,
NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
const struct smb_filename *smb_fname,
+ bool use_privs,
uint32_t access_mask)
{
/* Check if we have rights to open. */
@@ -84,7 +85,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
return NT_STATUS_ACCESS_DENIED;
}
- if (get_current_uid(conn) == (uid_t)0) {
+ if (!use_privs && get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
DEBUG(10,("smbd_check_access_rights: root override "
"on %s. Granting 0x%x\n",
@@ -135,7 +136,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
*/
status = se_file_access_check(sd,
get_current_nttok(conn),
- false,
+ use_privs,
(access_mask & ~FILE_READ_ATTRIBUTES),
&rejected_mask);
@@ -745,6 +746,7 @@ static NTSTATUS open_file(files_struct *fsp,
if (file_existed) {
status = smbd_check_access_rights(conn,
smb_fname,
+ false,
access_mask);
} else if (local_flags & O_CREAT){
status = check_parent_access(conn,
@@ -836,6 +838,7 @@ static NTSTATUS open_file(files_struct *fsp,
status = smbd_check_access_rights(conn,
smb_fname,
+ false,
access_mask);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
@@ -1659,13 +1662,14 @@ static void schedule_async_open(struct timeval request_time,
static NTSTATUS smbd_calculate_maximum_allowed_access(
connection_struct *conn,
const struct smb_filename *smb_fname,
+ bool use_privs,
uint32_t *p_access_mask)
{
struct security_descriptor *sd;
uint32_t access_granted;
NTSTATUS status;
- if (get_current_uid(conn) == (uid_t)0) {
+ if (!use_privs && (get_current_uid(conn) == (uid_t)0)) {
*p_access_mask |= FILE_GENERIC_ALL;
return NT_STATUS_OK;
}
@@ -1683,8 +1687,7 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
return NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("smbd_calculate_access_mask: "
- "Could not get acl on file %s: %s\n",
+ DEBUG(10,("Could not get acl on file %s: %s\n",
smb_fname_str_dbg(smb_fname),
nt_errstr(status)));
return NT_STATUS_ACCESS_DENIED;
@@ -1696,15 +1699,14 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
*/
status = se_file_access_check(sd,
get_current_nttok(conn),
- false,
+ use_privs,
(*p_access_mask & ~FILE_READ_ATTRIBUTES),
&access_granted);
TALLOC_FREE(sd);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("smbd_calculate_access_mask: "
- "Access denied on file %s: "
+ DEBUG(10, ("Access denied on file %s: "
"when calculating maximum access\n",
smb_fname_str_dbg(smb_fname)));
return NT_STATUS_ACCESS_DENIED;
@@ -1715,6 +1717,7 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
const struct smb_filename *smb_fname,
+ bool use_privs,
uint32_t access_mask,
uint32_t *access_mask_out)
{
@@ -1732,7 +1735,7 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
status = smbd_calculate_maximum_allowed_access(
- conn, smb_fname, &access_mask);
+ conn, smb_fname, use_privs, &access_mask);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -2084,6 +2087,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
}
status = smbd_calculate_access_mask(conn, smb_fname,
+ false,
access_mask,
&access_mask);
if (!NT_STATUS_IS_OK(status)) {
@@ -2308,7 +2312,9 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
if (((can_access_mask & FILE_WRITE_DATA) &&
!CAN_WRITE(conn)) ||
!NT_STATUS_IS_OK(smbd_check_access_rights(conn,
- smb_fname, can_access_mask))) {
+ smb_fname,
+ false,
+ can_access_mask))) {
can_access = False;
}
@@ -2919,7 +2925,7 @@ static NTSTATUS open_directory(connection_struct *conn,
(unsigned int)create_disposition,
(unsigned int)file_attributes));
- status = smbd_calculate_access_mask(conn, smb_dname,
+ status = smbd_calculate_access_mask(conn, smb_dname, false,
access_mask, &access_mask);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_directory: smbd_calculate_access_mask "
@@ -3025,7 +3031,10 @@ static NTSTATUS open_directory(connection_struct *conn,
}
if (info == FILE_WAS_OPENED) {
- status = smbd_check_access_rights(conn, smb_dname, access_mask);
+ status = smbd_check_access_rights(conn,
+ smb_dname,
+ false,
+ access_mask);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_directory: smbd_check_access_rights on "
"file %s failed with %s\n",
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 5d6a299..a1cef16 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -598,6 +598,7 @@ void reply_nttranss(struct smb_request *req);
NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
const struct smb_filename *smb_fname,
+ bool use_privs,
uint32_t access_mask);
NTSTATUS fd_open(struct connection_struct *conn, files_struct *fsp,
int flags, mode_t mode);
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 331ca49..0d9a146 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -932,6 +932,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
status = smbd_calculate_access_mask(smb1req->conn,
result->fsp_name,
+ false,
SEC_FLAG_MAXIMUM_ALLOWED,
&max_access_granted);
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 2bc85bf..d108ee6 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -67,6 +67,7 @@ NTSTATUS check_access(connection_struct *conn,
} else {
NTSTATUS status = smbd_check_access_rights(conn,
smb_fname,
+ false,
access_mask);
if (!NT_STATUS_IS_OK(status)) {
return status;
--
Samba Shared Repository
More information about the samba-cvs
mailing list