FW: patch for safer/saner permissions setting

Cole, Timothy D. timothy_d_cole at md.northgrum.com
Mon Jun 14 16:24:19 GMT 1999 

I originally sent this to samba-bugs, but didn't see any response...
apologies if this has already hit CVS in some form or another; I can't use
CVS from behind the firewall, and the samba-cvs archives seem to be b0rked
as well.

--- begin forwarded message ---

> I've been playing with the permissions setting in 2.0.4 from an NT client,
> and I'm finding that:
> 
>   1. most of the time you want to allow the user to set permissions
> broader than the creation mask if they want
>   
>   2. existing permission bits always get silently mangled (by the creation
> mask and the forced mode, as well as suid/sgid/sticky bits being
> stripped), even when the user doesn't explicitly change them. This can be
> downright  _dangerous_  in some cases, particularly with force mode
> 
> The attached patch (against 2.0.4, although it should apply to 2.0.4b
> fine) addresses the first issue by adding "allow mask" and "allow
> directory mask" configuration parameters (defaulting to 0000), which are
> ored with the creation mask when determining what permission bits the user
> can set (so, if she desires, the sysadmin can allow users to set a more
> liberal permissions than allowed by the creation mask alone).  The patch
> also allows Samba to preserve any permission bits that the user hasn't
> directly modified.
> 
--- snip ---

diff -u3 -r samba-2.0.4.orig/source/include/proto.h
samba-2.0.4/source/include/proto.h
--- samba-2.0.4.orig/source/include/proto.h	Mon May 17 19:27:59 1999
+++ samba-2.0.4/source/include/proto.h	Tue Jun  1 11:50:24 1999
@@ -1152,8 +1152,10 @@
 BOOL lp_mangle_locks(int );
 int lp_create_mode(int );
 int lp_force_create_mode(int );
+int lp_allow_mode(int );
 int lp_dir_mode(int );
 int lp_force_dir_mode(int );
+int lp_allow_dir_mode(int );
 int lp_max_connections(int );
 int lp_defaultcase(int );
 int lp_minprintspace(int );
diff -u3 -r samba-2.0.4.orig/source/param/loadparm.c
samba-2.0.4/source/param/loadparm.c
--- samba-2.0.4.orig/source/param/loadparm.c	Mon May 17 19:37:43 1999
+++ samba-2.0.4/source/param/loadparm.c	Tue Jun  1 11:54:09 1999
@@ -294,8 +294,10 @@
   int  iMinPrintSpace;
   int  iCreate_mask;
   int  iCreate_force_mode;
+  int  iAllow_mask;
   int  iDir_mask;
   int  iDir_force_mode;
+  int  iAllow_dir_mask;
   int  iMaxConnections;
   int  iDefaultCase;
   int  iPrinting;
@@ -389,8 +391,10 @@
   0,       /* iMinPrintSpace */
   0744,    /* iCreate_mask */
   0000,    /* iCreate_force_mode */
+  0000,    /* iAllow_mask */
   0755,    /* iDir_mask */
   0000,    /* iDir_force_mode */
+  0000,    /* iAllow_dir_mask */
   0,       /* iMaxConnections */
   CASE_LOWER, /* iDefaultCase */
   DEFAULT_PRINTING, /* iPrinting */
@@ -572,9 +576,13 @@
   {"create mask",      P_OCTAL,   P_LOCAL,  &sDefault.iCreate_mask,
NULL,   NULL,  FLAG_GLOBAL|FLAG_SHARE},
   {"create mode",      P_OCTAL,   P_LOCAL,  &sDefault.iCreate_mask,
NULL,   NULL,  FLAG_GLOBAL},
   {"force create mode",P_OCTAL,   P_LOCAL,  &sDefault.iCreate_force_mode,
NULL,   NULL,  FLAG_GLOBAL|FLAG_SHARE},
+  {"allow mask",       P_OCTAL,   P_LOCAL,  &sDefault.iAllow_mask,
NULL,   NULL,  FLAG_GLOBAL|FLAG_SHARE},
+  {"allow mode",       P_OCTAL,   P_LOCAL,  &sDefault.iAllow_mask,
NULL,   NULL,  FLAG_GLOBAL},
   {"directory mask",   P_OCTAL,   P_LOCAL,  &sDefault.iDir_mask,
NULL,   NULL,  FLAG_GLOBAL|FLAG_SHARE},
   {"directory mode",   P_OCTAL,   P_LOCAL,  &sDefault.iDir_mask,
NULL,   NULL,  FLAG_GLOBAL},
   {"force directory mode",   P_OCTAL,   P_LOCAL,
&sDefault.iDir_force_mode,        NULL,   NULL,  FLAG_GLOBAL|FLAG_SHARE},
+  {"allow directory mask",       P_OCTAL,   P_LOCAL,
&sDefault.iAllow_dir_mask,      NULL,   NULL,  FLAG_GLOBAL|FLAG_SHARE},
+  {"allow directory mode",       P_OCTAL,   P_LOCAL,
&sDefault.iAllow_dir_mask,      NULL,   NULL,  FLAG_GLOBAL},
   {"guest only",       P_BOOL,    P_LOCAL,  &sDefault.bGuest_only,
NULL,   NULL,  FLAG_SHARE},
   {"only guest",       P_BOOL,    P_LOCAL,  &sDefault.bGuest_only,
NULL,   NULL,  0},
   {"guest ok",         P_BOOL,    P_LOCAL,  &sDefault.bGuest_ok,
NULL,   NULL,  FLAG_BASIC|FLAG_SHARE|FLAG_PRINT},
@@ -1337,8 +1345,10 @@
 
 FN_LOCAL_INTEGER(lp_create_mode,iCreate_mask)
 FN_LOCAL_INTEGER(lp_force_create_mode,iCreate_force_mode)
+FN_LOCAL_INTEGER(lp_allow_mode,iAllow_mask)
 FN_LOCAL_INTEGER(lp_dir_mode,iDir_mask)
 FN_LOCAL_INTEGER(lp_force_dir_mode,iDir_force_mode)
+FN_LOCAL_INTEGER(lp_allow_dir_mode,iAllow_dir_mask)
 FN_LOCAL_INTEGER(lp_max_connections,iMaxConnections)
 FN_LOCAL_INTEGER(lp_defaultcase,iDefaultCase)
 FN_LOCAL_INTEGER(lp_minprintspace,iMinPrintSpace)
@@ -1346,8 +1356,6 @@
 FN_LOCAL_INTEGER(lp_oplock_contention_limit,iOplockContentionLimit)
 
 FN_LOCAL_CHAR(lp_magicchar,magic_char)
-
-
 
 /* local prototypes */
 static int    strwicmp( char *psz1, char *psz2 );
diff -u3 -r samba-2.0.4.orig/source/smbd/nttrans.c
samba-2.0.4/source/smbd/nttrans.c
--- samba-2.0.4.orig/source/smbd/nttrans.c	Fri May 14 21:06:39 1999
+++ samba-2.0.4/source/smbd/nttrans.c	Tue Jun  1 14:24:55 1999
@@ -2238,6 +2238,28 @@
               fsp->fsp_name, (unsigned int)user, (unsigned int)grp,
strerror(errno) ));
         return(UNIXERROR(ERRDOS,ERRnoaccess));
       }
+
+      /*
+       * Recheck the current state of the file, which may have changed.
+       * (suid/sgid bits, for instance)
+       */
+
+      if(fsp->is_directory) {
+        if(dos_stat(fsp->fsp_name, &sbuf) != 0) {
+          return(UNIXERROR(ERRDOS,ERRnoaccess));
+        }
+      } else {
+
+        int ret;
+    
+        if(fsp->fd_ptr == NULL)
+          ret = dos_stat(fsp->fsp_name, &sbuf);
+        else
+          ret = sys_fstat(fsp->fd_ptr->fd,&sbuf);
+    
+        if(ret != 0)
+          return(UNIXERROR(ERRDOS,ERRnoaccess));
+      }
   }
 
   /*
@@ -2249,20 +2271,26 @@
     free_sec_desc(&psd);
 
     /*
-     * Check to see if we need to change anything.
+     * Don't mangle unmodified permissions, but enforce limits on modified
bits.
      */
 
     if(fsp->is_directory) {
 
-      perms &= lp_dir_mode(SNUM(conn));
-      perms |= lp_force_dir_mode(SNUM(conn));
+      perms &= lp_dir_mode(SNUM(conn)) | lp_allow_dir_mode(SNUM(conn)) |
sbuf.st_mode;
+      perms |= lp_force_dir_mode(SNUM(conn)) & (sbuf.st_mode ^ perms);
 
     } else {
 
-      perms &= lp_create_mode(SNUM(conn)); 
-      perms |= lp_force_create_mode(SNUM(conn));
+      perms &= lp_create_mode(SNUM(conn)) | lp_allow_mode(SNUM(conn)) |
sbuf.st_mode; 
+      perms |= lp_force_create_mode(SNUM(conn)) & (sbuf.st_mode ^ perms);
 
     }
+
+    /*
+     * Preserve special bits.
+     */
+
+    perms |= sbuf.st_mode & ~0777;
 
     /*
      * Do we need to chmod ?

More information about the samba-technical mailing list