diff options
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/dosmode.c | 4 | ||||
-rw-r--r-- | source3/smbd/open.c | 4 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 76 | ||||
-rw-r--r-- | source3/smbd/proto.h | 19 | ||||
-rw-r--r-- | source3/smbd/pysmbd.c | 12 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 10 | ||||
-rw-r--r-- | source3/smbd/vfs.c | 4 |
7 files changed, 89 insertions, 40 deletions
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 1789b55dfd7..3c6d47bb6dc 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -679,8 +679,8 @@ int file_set_dosmode(connection_struct *conn, struct smb_filename *smb_fname, unixmode = smb_fname->st.st_ex_mode; - get_acl_group_bits(conn, smb_fname->base_name, - &smb_fname->st.st_ex_mode); + get_acl_group_bits(conn, smb_fname, + &smb_fname->st.st_ex_mode); if (S_ISDIR(smb_fname->st.st_ex_mode)) dosmode |= FILE_ATTRIBUTE_DIRECTORY; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 49932e98504..8fdc96376d8 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1224,7 +1224,7 @@ static NTSTATUS open_file(files_struct *fsp, /* Inherit the ACL if required */ if (lp_inherit_permissions(SNUM(conn))) { inherit_access_posix_acl(conn, parent_dir, - smb_fname->base_name, + smb_fname, unx_mode); need_re_stat = true; } @@ -3832,7 +3832,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn, if (lp_inherit_permissions(SNUM(conn))) { inherit_access_posix_acl(conn, parent_dir, - smb_dname->base_name, mode); + smb_dname, mode); need_re_stat = true; } diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index c02331d1230..4f0540b90a5 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3583,12 +3583,12 @@ NTSTATUS posix_get_nt_acl(struct connection_struct *conn, } /* Get the ACL from the path. */ - posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname->base_name, + posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname, SMB_ACL_TYPE_ACCESS, frame); /* If it's a directory get the default POSIX ACL. */ if(S_ISDIR(smb_fname->st.st_ex_mode)) { - def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname->base_name, + def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname, SMB_ACL_TYPE_DEFAULT, frame); def_acl = free_empty_sys_acl(conn, def_acl); } @@ -4044,14 +4044,16 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct the mask bits, not the real group bits, for a file with an ACL. ****************************************************************************/ -int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode ) +int get_acl_group_bits( connection_struct *conn, + const struct smb_filename *smb_fname, + mode_t *mode ) { int entry_id = SMB_ACL_FIRST_ENTRY; SMB_ACL_ENTRY_T entry; SMB_ACL_T posix_acl; int result = -1; - posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, + posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname, SMB_ACL_TYPE_ACCESS, talloc_tos()); if (posix_acl == (SMB_ACL_T)NULL) return -1; @@ -4155,12 +4157,15 @@ static int chmod_acl_internals( connection_struct *conn, SMB_ACL_T posix_acl, mo resulting ACL on TO. Note that name is in UNIX character set. ****************************************************************************/ -static int copy_access_posix_acl(connection_struct *conn, const char *from, const char *to, mode_t mode) +static int copy_access_posix_acl(connection_struct *conn, + const struct smb_filename *smb_fname_from, + const struct smb_filename *smb_fname_to, + mode_t mode) { SMB_ACL_T posix_acl = NULL; int ret = -1; - if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, from, + if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname_from, SMB_ACL_TYPE_ACCESS, talloc_tos())) == NULL) return -1; @@ -4168,7 +4173,8 @@ static int copy_access_posix_acl(connection_struct *conn, const char *from, cons if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1) goto done; - ret = SMB_VFS_SYS_ACL_SET_FILE(conn, to, SMB_ACL_TYPE_ACCESS, posix_acl); + ret = SMB_VFS_SYS_ACL_SET_FILE(conn, smb_fname_to->base_name, + SMB_ACL_TYPE_ACCESS, posix_acl); done: @@ -4182,18 +4188,21 @@ static int copy_access_posix_acl(connection_struct *conn, const char *from, cons Note that name is in UNIX character set. ****************************************************************************/ -int chmod_acl(connection_struct *conn, const char *name, mode_t mode) +int chmod_acl(connection_struct *conn, + const struct smb_filename *smb_fname, + mode_t mode) { - return copy_access_posix_acl(conn, name, name, mode); + return copy_access_posix_acl(conn, smb_fname, smb_fname, mode); } /**************************************************************************** Check for an existing default POSIX ACL on a directory. ****************************************************************************/ -static bool directory_has_default_posix_acl(connection_struct *conn, const char *fname) +static bool directory_has_default_posix_acl(connection_struct *conn, + const struct smb_filename *smb_fname) { - SMB_ACL_T def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, + SMB_ACL_T def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname, SMB_ACL_TYPE_DEFAULT, talloc_tos()); bool has_acl = False; @@ -4214,13 +4223,25 @@ static bool directory_has_default_posix_acl(connection_struct *conn, const char inherit this Access ACL to file name. ****************************************************************************/ -int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir, - const char *name, mode_t mode) +int inherit_access_posix_acl(connection_struct *conn, + const char *inherit_from_dir, + const struct smb_filename *smb_fname, + mode_t mode) { - if (directory_has_default_posix_acl(conn, inherit_from_dir)) + struct smb_filename *inherit_from_fname = + synthetic_smb_fname(talloc_tos(), + smb_fname->base_name, + NULL, + NULL, + smb_fname->flags); + if (inherit_from_fname == NULL) { + return-1; + } + + if (directory_has_default_posix_acl(conn, inherit_from_fname)) return 0; - return copy_access_posix_acl(conn, inherit_from_dir, name, mode); + return copy_access_posix_acl(conn, inherit_from_fname, smb_fname, mode); } /**************************************************************************** @@ -4467,12 +4488,15 @@ bool set_unix_posix_default_acl(connection_struct *conn, FIXME ! How does the share mask/mode fit into this.... ? ****************************************************************************/ -static bool remove_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname) +static bool remove_posix_acl(connection_struct *conn, + files_struct *fsp, + const struct smb_filename *smb_fname) { SMB_ACL_T file_acl = NULL; int entry_id = SMB_ACL_FIRST_ENTRY; SMB_ACL_ENTRY_T entry; bool ret = False; + const char *fname = smb_fname->base_name; /* Create a new ACL with only 3 entries, u/g/w. */ SMB_ACL_T new_file_acl = sys_acl_init(talloc_tos()); SMB_ACL_ENTRY_T user_ent = NULL; @@ -4522,7 +4546,7 @@ static bool remove_posix_acl(connection_struct *conn, files_struct *fsp, const c if (fsp && fsp->fh->fd != -1) { file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos()); } else { - file_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, + file_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname, SMB_ACL_TYPE_ACCESS, talloc_tos()); } @@ -4605,13 +4629,17 @@ static bool remove_posix_acl(connection_struct *conn, files_struct *fsp, const c except SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER. ****************************************************************************/ -bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16_t num_acls, const char *pdata) +bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, + const struct smb_filename *smb_fname, + uint16_t num_acls, + const char *pdata) { SMB_ACL_T file_acl = NULL; + const char *fname = smb_fname->base_name; if (!num_acls) { /* Remove the ACL from the file. */ - return remove_posix_acl(conn, fsp, fname); + return remove_posix_acl(conn, fsp, smb_fname); } if ((file_acl = create_posix_acl_from_wire(conn, num_acls, @@ -4728,7 +4756,7 @@ int posix_sys_acl_blob_get_file(vfs_handle_struct *handle, acl_wrapper.access_acl = smb_vfs_call_sys_acl_get_file(handle, - path_p, + smb_fname, SMB_ACL_TYPE_ACCESS, frame); @@ -4741,7 +4769,7 @@ int posix_sys_acl_blob_get_file(vfs_handle_struct *handle, if (S_ISDIR(smb_fname->st.st_ex_mode)) { acl_wrapper.default_acl = smb_vfs_call_sys_acl_get_file(handle, - path_p, + smb_fname, SMB_ACL_TYPE_DEFAULT, frame); } @@ -4789,8 +4817,10 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle, acl_wrapper.default_acl = NULL; - acl_wrapper.access_acl = smb_vfs_call_sys_acl_get_file(handle, fsp->fsp_name->base_name, - SMB_ACL_TYPE_ACCESS, frame); + acl_wrapper.access_acl = smb_vfs_call_sys_acl_get_file(handle, + fsp->fsp_name, + SMB_ACL_TYPE_ACCESS, + frame); ret = smb_vfs_call_fstat(handle, fsp, &sbuf); if (ret == -1) { diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 88ba6f9d3e4..556fb6b2f5b 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -778,15 +778,24 @@ NTSTATUS posix_get_nt_acl(struct connection_struct *conn, struct security_descriptor **ppdesc); NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid); NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd); -int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode ); -int chmod_acl(connection_struct *conn, const char *name, mode_t mode); -int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir, - const char *name, mode_t mode); +int get_acl_group_bits( connection_struct *conn, + const struct smb_filename *smb_fname, + mode_t *mode); +int chmod_acl(connection_struct *conn, + const struct smb_filename *smb_fname, + mode_t mode); +int inherit_access_posix_acl(connection_struct *conn, + const char *inherit_from_dir, + const struct smb_filename *smb_fname, + mode_t mode); int fchmod_acl(files_struct *fsp, mode_t mode); bool set_unix_posix_default_acl(connection_struct *conn, const struct smb_filename *smb_fname, uint16_t num_def_acls, const char *pdata); -bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16_t num_acls, const char *pdata); +bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, + const struct smb_filename *smb_fname, + uint16_t num_acls, + const char *pdata); NTSTATUS get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname, uint32_t security_info_wanted, struct security_descriptor **sd); diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index fca8f108b57..df6ab188e6b 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -622,6 +622,8 @@ static PyObject *py_smbd_get_sys_acl(PyObject *self, PyObject *args, PyObject *k TALLOC_CTX *tmp_ctx = talloc_new(NULL); connection_struct *conn; char *service = NULL; + struct smb_filename *smb_fname = NULL; + if (!tmp_ctx) { PyErr_NoMemory(); return NULL; @@ -642,7 +644,15 @@ static PyObject *py_smbd_get_sys_acl(PyObject *self, PyObject *args, PyObject *k return NULL; } - acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, acl_type, tmp_ctx); + smb_fname = synthetic_smb_fname_split(frame, + fname, + lp_posix_pathnames()); + if (smb_fname == NULL) { + TALLOC_FREE(frame); + TALLOC_FREE(tmp_ctx); + return NULL; + } + acl = SMB_VFS_SYS_ACL_GET_FILE( conn, smb_fname, acl_type, tmp_ctx); if (!acl) { TALLOC_FREE(frame); TALLOC_FREE(tmp_ctx); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index f11dcd116dd..a44de7e7b3a 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -5519,7 +5519,7 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, } else { file_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, - smb_fname->base_name, + smb_fname, SMB_ACL_TYPE_ACCESS, talloc_tos()); } @@ -5537,14 +5537,14 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, def_acl = SMB_VFS_SYS_ACL_GET_FILE( conn, - fsp->fsp_name->base_name, + fsp->fsp_name, SMB_ACL_TYPE_DEFAULT, talloc_tos()); } else { def_acl = SMB_VFS_SYS_ACL_GET_FILE( conn, - smb_fname->base_name, + smb_fname, SMB_ACL_TYPE_DEFAULT, talloc_tos()); } @@ -7151,7 +7151,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn, (unsigned int)num_def_acls)); if (valid_file_acls && !set_unix_posix_acl(conn, fsp, - smb_fname->base_name, num_file_acls, + smb_fname, num_file_acls, pdata + SMB_POSIX_ACL_HEADER_SIZE)) { return map_nt_error_from_unix(errno); } @@ -7590,7 +7590,7 @@ static NTSTATUS smb_unix_mknod(connection_struct *conn, &parent, NULL)) { return NT_STATUS_NO_MEMORY; } - inherit_access_posix_acl(conn, parent, smb_fname->base_name, + inherit_access_posix_acl(conn, parent, smb_fname, unixmode); TALLOC_FREE(parent); } diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index a4aeffe47a8..82d0485416e 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -2441,12 +2441,12 @@ int smb_vfs_call_fchmod_acl(struct vfs_handle_struct *handle, } SMB_ACL_T smb_vfs_call_sys_acl_get_file(struct vfs_handle_struct *handle, - const char *path_p, + const struct smb_filename *smb_fname, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx) { VFS_FIND(sys_acl_get_file); - return handle->fns->sys_acl_get_file_fn(handle, path_p, type, mem_ctx); + return handle->fns->sys_acl_get_file_fn(handle, smb_fname, type, mem_ctx); } SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle, |