[patch] Allow chown of directories from W2k domain clients
Andrew Bartlett
abartlet at samba.org
Wed Feb 19 09:11:52 GMT 2003
On Wed, 2003-02-19 at 19:18, Andrew Furey wrote:
> Hi all,
>
> I never did get any replies to my original postings to this list (as
> well as samba@), so I wrote my own patch. I just _know_ that there are
> going to be several folks point out that this is a hack, and would never
> survive an audit, etc... but it does the job, which is what our client
> wanted ;)
>
> Our existing machine is a domain member server, joined to a W2k-based
> domain in mixed mode (using winbind+NSS to get user details), which is
> using ACLs (on ext3) to provide file serving capabilities. The (admin)
> users are then trying to "take ownership" on files and directories
> within the shares. This is (I presume) a very specific scenario, or else
> I presumably would have had more replies before now (changing ownership
> isn't that uncommon an operation, is it?)
With the implementation of privileges in Samba, the existing
vendor-specific hacks should be replaced with 'proper' support for this
kind of operation.
> Note that this patch isn't perfect; it doesn't check to see if the user
> actually has write permission on the directory, which is of course a big
> security hole. Nor does it seem to work from an NT4 client (comes up
> with "Access Denied"). I didn't get a chance to seriously look at the
> NT4 problem, but from what I saw of the logs it seems to be using a
> completely different section of the code.
>
> Comments (and flames) encouraged...
>
> Andrew
>
> --
> ANDREW FUREY <andrew at terminus.net.au> - Sysadmin/developer for Terminus.
> Providing online networks of Australian lawyers (http://www.ilaw.com.au)
> and Linux experts (http://www.linuxconsultants.com.au) for instant help!
> Disclaimer: http://www.terminus.net.au/disclaimer.html. GCS L+++ P++ t++
> ----
>
> diff -u -r samba-2.2.7a-orig/source/smbd/open.c samba-2.2.7a/source/smbd/open.c
> --- samba-2.2.7a-orig/source/smbd/open.c 2002-12-10 22:58:17.000000000 +0800
> +++ samba-2.2.7a/source/smbd/open.c 2003-02-12 08:53:44.000000000 +0800
> @@ -49,6 +49,11 @@
> fd = conn->vfs_ops.open(conn,dos_to_unix_static(fname),flags,mode);
> }
>
> + /* Don't fail automatically if a directory (andrew at terminus.net.au) */
> + if (strcmp(strerror(errno),"Is a directory") == 0) {
> + fd = conn->vfs_ops.opendir(conn,dos_to_unix_static(fname));
> + }
> +
This needs some serious flamage... Why can't you just use the errno
directly?
> DEBUG(10,("fd_open: name %s, flags = 0%o mode = 0%o, fd = %d. %s\n", fname,
> flags, (int)mode, fd, (fd == -1) ? strerror(errno) : "" ));
>
> diff -u -r samba-2.2.7a-orig/source/smbd/posix_acls.c samba-2.2.7a/source/smbd/posix_acls.c
> --- samba-2.2.7a-orig/source/smbd/posix_acls.c 2002-12-10 22:58:17.000000000 +0800
> +++ samba-2.2.7a/source/smbd/posix_acls.c 2003-02-12 09:00:51.000000000 +0800
> @@ -2173,6 +2173,10 @@
> mode_t orig_mode = (mode_t)0;
> uid_t orig_uid;
> gid_t orig_gid;
> + int chown_return;
> + char fullpath[1000];
> + /* have to specify a size - hopefully 1000 chars for the full file
> + name (on the server) should be enough (andrew at terminus.net.au) */
That's what a pstring is for, but we try to use allocated strings now.
> DEBUG(10,("set_nt_acl: called for file %s\n", fsp->fsp_name ));
>
> @@ -2214,7 +2218,8 @@
> DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
> fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
>
> - if(try_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) {
> + /* also check if it's a directory (andrew at terminus.net.au) */
> + if((try_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) && (fsp->is_directory == 0)) {
> DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error = %s.\n",
> fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) ));
> return False;
> @@ -2254,6 +2259,16 @@
> &file_ace_list, &dir_ace_list, security_info_sent, psd);
>
> if ((file_ace_list == NULL) && (dir_ace_list == NULL)) {
> + /* if we're here we're probably trying to chown a directory
> + (fails normally) - andrew at terminus.net.au */
> + fstrcpy(fullpath, conn->connectpath);
> + fstrcat(fullpath, "/");
> + fstrcat(fullpath, fsp->fsp_name);
> + become_root();
What are you doing to ensure that only your admin users can do this?
> + chown_return = chown(fullpath, (unsigned int)user, -1);
> + unbecome_root();
> + DEBUG(5,("AndrewF: chown of %s returned %u\n",
> + fullpath, chown_return));
> /* W2K traverse DACL set - ignore. */
> return True;
> }
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030219/bf592b9b/attachment.bin
More information about the samba-technical
mailing list