1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

48 Commits

Author SHA1 Message Date
Jeremy Allison
dc5dad4813 s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
Get it from parent/deriving smb_filename if present.
Use 0 (as usually this a Windows-style lookup) if
not.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 22:57:16 +01:00
Jeremy Allison
616d068f0c s3: VFS: Modify SMB_VFS_GET_NT_ACL to take a const struct smb_filename * instead of const char *
Bumps VFS version to 35.

Preparing to reduce use of lp_posix_pathnames().

Most of this is boilerplate, the only subtleties are in
the modules:

vfs_catia.c
vfs_media_harmony.c
vfs_shadow_copy2.c
vfs_unityed_media.c

Where the path is modified then passed to SMB_VFS_NEXT_GET_NT_ACL().
In these cases the change uses synthetic_smb_fname() to
create a new struct smb_filename from the modified path.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
2016-02-16 19:59:24 +01:00
Richard Sharpe
6abd986704 Convert all uses of uint8/16/32 to _t in source3/smbd.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-06 04:14:14 +02:00
Volker Lendecke
01b8f34e49 smbd: Convert can_delete_file_in_directory to synthetic_smb_fname
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-17 14:50:01 -07:00
Jeremy Allison
c5ad5029fd More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
Change can_delete_directory() to can_delete_directory_fsp(), as
we only ever call this from an open directory file handle.

This allows us to use OpenDir_fsp() instead of OpenDir().
OpenDir() re-checks the ACL on the directory, which may
refuse DIR_LIST permissions. OpenDir_fsp() does not. As
this is a file-server internal check to see if the directory
actually contains any files before setting delete on close,
we can ignore the ACL here (Windows does).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104
2012-11-20 01:46:27 +01:00
Andrew Bartlett
c8ade07760 smbd: Add mem_ctx to {f,}get_nt_acl VFS call
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().

As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.

Andrew Bartlett
2012-10-11 12:25:11 +11:00
Jeremy Allison
aa0a7cf51a Add bool use_privs parameter to smbd_check_access_rights()
If this is set we should use it in preference to blindly assuming
root can do anything. Currently set to 'false' in (most) callers.
2012-09-14 22:54:29 +02:00
Jeremy Allison
762928945d Based on code from Richard Sharpe <realrichardsharpe@gmail.com>,
ensure we don't crash on a NULL DACL.
2012-03-29 08:53:43 -07:00
Volker Lendecke
34d58c9d92 s3: Move can_set_delete_on_close to smbd/ 2011-12-13 17:27:26 +01:00
Jeremy Allison
7ff5a5584f can_write_to_file() does now take share permissions into account. Fix comment. 2011-11-04 16:01:16 -07:00
Jeremy Allison
b988a3233f Remove can_access_file_acl(). We no longer need this duplicate code (hurrah!). 2011-11-04 15:55:11 -07:00
Jeremy Allison
60b741415d Remove can_access_file_data() - make it use the standard smbd_check_access_rights() instead. 2011-11-04 15:45:13 -07:00
Jeremy Allison
4851219333 Add const to the smb_filename argument of smbd_check_access_rights(). 2011-11-04 15:39:55 -07:00
Jeremy Allison
5d7d52ceea Fix bug #8254 - "acl check permissions = no" does not work in all cases
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.

Thanks to John Janosik @ IBM for noticing this.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104
2011-06-24 01:18:11 +02:00
Günther Deschner
8c24ebf371 s3: include smbd/smbd.h where needed.
Guenther
2011-03-30 01:13:08 +02:00
Günther Deschner
0e771263ee s3-includes: only include system/filesys.h when needed.
Guenther
2011-03-30 01:13:07 +02:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
a75436e3ee s3-security: use shared SECINFO_DACL define.
Guenther
2010-06-03 11:00:12 +02:00
Günther Deschner
630c27bdad s3-security: use shared SECINFO_GROUP define.
Guenther
2010-06-03 10:59:38 +02:00
Günther Deschner
415d3d5fe7 s3-security: use shared SECINFO_OWNER define.
Guenther
2010-06-03 10:59:15 +02:00
Günther Deschner
f9f8007361 s3-build: only use ndr_security.h where needed.
Guenther
2010-05-31 11:32:37 +02:00
Jeremy Allison
984eee7e29 Switch over to using get_currect_XXX() accessor functions.
Jeremy.
2010-03-15 14:49:15 -07:00
Jeremy Allison
4b85a0ea7f Rever e80ceb1d73 "Remove more uses of "extern struct current_user current_user;"."
As requested by Volker, split this into smaller commits.

Jeremy.
2010-03-15 14:48:54 -07:00
Jeremy Allison
e80ceb1d73 Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.

Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.

Jeremy.
2010-03-12 13:56:51 -08:00
Jeremy Allison
33ee8b5a4e Make file access control decisions a lot easier to debug (at level 10).
Jeremy.
2010-01-12 21:06:09 -08:00
Tim Prouty
23c703a01e s3: Remove unnecessary callers of get_full_smb_filename
This often times means explicitly denying certain operations on a stream
as they are not supported or don't make sense at a particular level.  At
some point in the future these can be enabled, but for now it's better to
remove ambiguity
2009-07-21 12:04:59 -07:00
Tim Prouty
eb8c658fcd s3 file_access: Convert some more functions over to use smb_filneame 2009-06-25 18:25:48 -07:00
Tim Prouty
e129384d7c s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTAT
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname.  They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient.  As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.

There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode.  This is now fixed.
2009-06-24 21:15:25 -07:00
Jeremy Allison
d2da9dee68 Add some const to the stat struct in the dosmode calls.
Fix a couple more unix_convert uses to filename_convert.
Fix bug in acl_group_override() where an uninitialized
struct could be used. Move unix_convert with wildcard
use in SMBsearch reply to boilerplate code.
Jeremy.
2009-06-18 15:07:14 -07:00
Tim Prouty
5cfac1a1bd s3: Plumb smb_filename from create_file all of the way down to fd_open
I used the smb_filename struct everywhere that was feasible for the
first pass.  There are still some places in this path that need to be
changed to use smb_filename, but this is a good start.

I also:
- Removed fname/path arguments from a few functions that weren't
  really using them.
- Added a utility function for detecting whether an smb_filename is a
  stream.
2009-06-17 20:11:53 -07:00
Jeremy Allison
5cef57ff7d Fix bug #6297 - owner of sticky directory cannot delete files created by others.
The reason we couldn't delete was we were erroring out early
if requestor was not the owner of the file we wanted to delete,
instead of checking if the requestor owned the directory as well.
If either of these is true, we must go on and check the ACL.
Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update
the bug report with patches for 3.4.0 and 3.3.next and ask vl
to review.
Jeremy.
2009-06-11 12:51:45 -07:00
Volker Lendecke
49ca690b4b Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STAT
This patch introduces

struct stat_ex {
        dev_t           st_ex_dev;
        ino_t           st_ex_ino;
        mode_t          st_ex_mode;
        nlink_t         st_ex_nlink;
        uid_t           st_ex_uid;
        gid_t           st_ex_gid;
        dev_t           st_ex_rdev;
        off_t           st_ex_size;
        struct timespec st_ex_atime;
        struct timespec st_ex_mtime;
        struct timespec st_ex_ctime;
        struct timespec st_ex_btime; /* birthtime */
        blksize_t       st_ex_blksize;
        blkcnt_t        st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;

It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.

Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.

At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.

It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
2009-05-26 17:48:23 +02:00
Jeremy Allison
badad0a6a6 Fix bug #6154 - zfs does not honor admin users.
Jeremy
2009-03-04 16:57:37 -08:00
Jeremy Allison
553818add8 Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename or delete file
This fixes the generic rename/delete problem for 3.3.0 and above.
Fixed slightly differently to discussions, user viewable modified
ACLs are not a good idea :-).
Jeremy.
2009-02-02 17:10:27 -08:00
Volker Lendecke
972295f80a Rename parent_dirname_talloc() to parent_dirname() 2008-12-31 19:33:25 +01:00
Jeremy Allison
8344e94574 Unify se_access_check with the S4 code. Will make
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier
for files.
Jeremy.
2008-10-31 10:51:45 -07:00
Volker Lendecke
40f5eab5eb Wrap the unix token info in a unix_user_token in auth_serversupplied_info
No functional change, this is a preparation for more current_user ref removal
(This used to be commit dcaedf345e)
2008-06-19 18:51:37 +02:00
Volker Lendecke
066f6c856f Fix checks in can_delete_file_in_directory()
With at least NFSv4 ACLs around the write permission for the owner is a bogus
check if we can delete a file in a directory. Like in Windows, there are two
ways which can grant us such: First, the DELETE permission on the file itself,
or if that does not help, the DELETE_CHILD permission on the directory. It
might be a bit more code that runs, but essentially we should end up with the
same set of syscalls in the non-acl case.
(This used to be commit daa9b05664)
2008-06-19 15:27:41 +02:00
Michael Adam
aedce263a8 file_access: add a function header comment for can_access_file_acl().
Michael
(This used to be commit 7d5fb873bd)
2008-06-18 00:06:46 +02:00
Michael Adam
b172eb1d47 file_access: remove unneeded stat buf parameter from can_access_file_acl().
This is a security descriptor level function only.

Michael
(This used to be commit 5931540fa1)
2008-06-17 23:58:49 +02:00
Volker Lendecke
704c99f340 Remove the reference to current_user from file_access.c
conn holds the current user info
(This used to be commit 093bc5f2b3)
2008-06-15 11:39:31 +02:00
Jeremy Allison
b430b38220 Remove the "stat_open()" function, flag, and all associated code. It was only
being (correctly) used in the can_read/can_write checks for hide unreadable/unwritable
and this is more properly done using the functions in smbd/file_access.c.
Preparing to do NT access checks on all file access.
Jeremy.
(This used to be commit 6bfb06ad95)
2008-05-02 17:22:10 -07:00
Jeremy Allison
96e969c9eb Move directory_has_default_acl() to file_access.c, belongs
there as it no longer uses explicit POSIX ACL calls.
Jeremy.
(This used to be commit ac1eac9b0d)
2008-05-02 10:09:00 -07:00
Michael Adam
233eb0e560 Change the prototype of the vfs function get_nt_acl().
Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.

This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.

Michael
(This used to be commit b5f600fab5)
2007-12-19 23:08:01 +01:00
Michael Adam
8ab992524a Fix potential orphaned open files.
Calling can_access_file could lead to orphaned open files
when SMB_VFS_GET_NT_ACL returned ENOSYS (not implemented).

Michael
(This used to be commit f4f700cf0c)
2007-11-13 23:26:38 +01:00
Volker Lendecke
15953b82eb Make [f]get_nt_acl return NTSTATUS
(This used to be commit dcbe1bf942)
2007-11-13 15:47:01 +01:00
Volker Lendecke
7e9d639ed1 Cosmetic fix
Do directory vs file open before entering open_file_stat
(This used to be commit cd62122916)
2007-11-11 23:45:02 +01:00
Michael Adam
7d899b5e7b Move some access check functions that are not posix-acl specific
to a new source file of their own.

Michael
(This used to be commit 9dd18bb534)
2007-11-06 19:32:10 +01:00