sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code

Split set_nt_acls into owner set (which uses chown) and permission set

Browse Source 
(which currently uses chmod) in preparation for ACL creation.
Jeremy.
(This used to be commit 0f39895ab0)
This commit is contained in:
Jeremy Allison 2000-12-19 20:00:28 +00:00
parent ed7ecca3aa
commit 0f95385d28
1 changed files with 114 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
source3/smbd/posix_acls.c
View File

@ -124,12 +124,62 @@ static mode_t map_nt_perms( SEC_ACCESS sec_access, int type)
Unpack a SEC_DESC into a owner, group and set of UNIX permissions.
****************************************************************************/
static BOOL unpack_nt_permissions(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, mode_t *pmode,
static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, SEC_DESC *psd)
{
DOM_SID owner_sid;
DOM_SID grp_sid;
enum SID_NAME_USE sid_type;
*puser = (uid_t)-1;
*pgrp = (gid_t)-1;
if(security_info_sent == 0) {
DEBUG(0,("unpack_nt_owners: no security info sent !\n"));
return False;
}
/*
* Validate the owner and group SID's.
*/
memset(&owner_sid, '\0', sizeof(owner_sid));
memset(&grp_sid, '\0', sizeof(grp_sid));
DEBUG(5,("unpack_nt_owners: validating owner_sids.\n"));
/*
* Don't immediately fail if the owner sid cannot be validated.
* This may be a group chown only set.
*/
if (security_info_sent & OWNER_SECURITY_INFORMATION) {
sid_copy(&owner_sid, psd->owner_sid);
if (!sid_to_uid( &owner_sid, puser, &sid_type))
DEBUG(3,("unpack_nt_owners: unable to validate owner sid.\n"));
}
/*
* Don't immediately fail if the group sid cannot be validated.
* This may be an owner chown only set.
*/
if (security_info_sent & GROUP_SECURITY_INFORMATION) {
sid_copy(&grp_sid, psd->grp_sid);
if (!sid_to_gid( &grp_sid, pgrp, &sid_type))
DEBUG(3,("unpack_nt_owners: unable to validate group sid.\n"));
}
return True;
}
/****************************************************************************
Unpack a SEC_DESC into a owner, group and set of UNIX permissions.
****************************************************************************/
static BOOL unpack_nt_permissions(SMB_STRUCT_STAT *psbuf, mode_t *pmode,
uint32 security_info_sent, SEC_DESC *psd, BOOL is_directory)
{
extern DOM_SID global_sid_World;
DOM_SID owner_sid;
DOM_SID grp_sid;
DOM_SID file_owner_sid;
DOM_SID file_grp_sid;
SEC_ACL *dacl = psd->dacl;
@ -138,8 +188,6 @@ static BOOL unpack_nt_permissions(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *p
enum SID_NAME_USE sid_type;
*pmode = 0;
*puser = (uid_t)-1;
*pgrp = (gid_t)-1;
if(security_info_sent == 0) {
DEBUG(0,("unpack_nt_permissions: no security info sent !\n"));
@ -155,37 +203,6 @@ static BOOL unpack_nt_permissions(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *p
create_file_sids(psbuf, &file_owner_sid, &file_grp_sid);
/*
* Validate the owner and group SID's.
*/
memset(&owner_sid, '\0', sizeof(owner_sid));
memset(&grp_sid, '\0', sizeof(grp_sid));
DEBUG(5,("unpack_nt_permissions: validating owner_sid.\n"));
/*
* Don't immediately fail if the owner sid cannot be validated.
* This may be a group chown only set.
*/
if (security_info_sent & OWNER_SECURITY_INFORMATION) {
sid_copy(&owner_sid, psd->owner_sid);
if (!sid_to_uid( &owner_sid, puser, &sid_type))
DEBUG(3,("unpack_nt_permissions: unable to validate owner sid.\n"));
}
/*
* Don't immediately fail if the group sid cannot be validated.
* This may be an owner chown only set.
*/
if (security_info_sent & GROUP_SECURITY_INFORMATION) {
sid_copy(&grp_sid, psd->grp_sid);
if (!sid_to_gid( &grp_sid, pgrp, &sid_type))
DEBUG(3,("unpack_nt_permissions: unable to validate group sid.\n"));
}
/*
* If no DACL then this is a chown only security descriptor.
*/
@ -731,26 +748,23 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
}
/*
* Unpack the user/group/world id's and permissions.
* Unpack the user/group/world id's.
*/
if (!unpack_nt_permissions( &sbuf, &user, &grp, &perms, security_info_sent, psd, fsp->is_directory))
if (!unpack_nt_owners( &sbuf, &user, &grp, security_info_sent, psd))
return False;
if (psd->dacl != NULL)
got_dacl = True;
/*
* Do we need to chown ?
*/
if((user != (uid_t)-1 || grp != (uid_t)-1) && (sbuf.st_uid != user || sbuf.st_gid != grp)) {
DEBUG(3,("call_nt_transact_set_security_desc: chown %s. uid = %u, gid = %u.\n",
DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
if(vfs_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) {
DEBUG(3,("call_nt_transact_set_security_desc: chown %s, %u, %u failed. Error = %s.\n",
DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error = %s.\n",
fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) ));
return False;
}
@ -778,6 +792,12 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
}
}
if (!unpack_nt_permissions( &sbuf, &perms, security_info_sent, psd, fsp->is_directory))
return False;
if (psd->dacl != NULL)
got_dacl = True;
/*
* Only change security if we got a DACL.
*/
@ -828,8 +848,3 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
return True;
}
#undef OLD_NTDOMAIN