search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vfs_acl_common: Windows style default ACL
[Samba.git] / source3 / modules / vfs_acl_common.c
blob44fef12a377bb68dcb9da3a92c0030eae55271fe
1 /*
2 * Store Windows ACLs in data store - common functions.
3 * #included into modules/vfs_acl_xattr.c and modules/vfs_acl_tdb.c
4 *
5 * Copyright (C) Volker Lendecke, 2008
6 * Copyright (C) Jeremy Allison, 2009
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "smbd/smbd.h"
23 #include "system/filesys.h"
24 #include "../libcli/security/security.h"
25 #include "../librpc/gen_ndr/ndr_security.h"
26 #include "../lib/util/bitmap.h"
27 #include "passdb/lookup_sid.h"
28
29 static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
30 DATA_BLOB *pblob,
31 uint16_t hash_type,
32 uint8_t hash[XATTR_SD_HASH_SIZE]);
33
34 static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
35 vfs_handle_struct *handle,
36 files_struct *fsp,
37 const char *name,
38 DATA_BLOB *pblob);
39
40 static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
41 files_struct *fsp,
42 DATA_BLOB *pblob);
43
44 #define HASH_SECURITY_INFO (SECINFO_OWNER | \
45 SECINFO_GROUP | \
46 SECINFO_DACL | \
47 SECINFO_SACL)
48
49 enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
50
51 static const struct enum_list default_acl_style[] = {
52 {DEFAULT_ACL_POSIX, "posix"},
53 {DEFAULT_ACL_WINDOWS, "windows"}
54 };
55
56 struct acl_common_config {
57 bool ignore_system_acls;
58 enum default_acl_style default_acl_style;
59 };
60
61 static bool init_acl_common_config(vfs_handle_struct *handle)
62 {
63 struct acl_common_config *config = NULL;
64
65 config = talloc_zero(handle->conn, struct acl_common_config);
66 if (config == NULL) {
67 DBG_ERR("talloc_zero() failed\n");
68 errno = ENOMEM;
69 return false;
70 }
71
72 config->ignore_system_acls = lp_parm_bool(SNUM(handle->conn),
73 ACL_MODULE_NAME,
74 "ignore system acls",
75 false);
76 config->default_acl_style = lp_parm_enum(SNUM(handle->conn),
77 ACL_MODULE_NAME,
78 "default acl style",
79 default_acl_style,
80 DEFAULT_ACL_POSIX);
81
82 SMB_VFS_HANDLE_SET_DATA(handle, config, NULL,
83 struct acl_common_config,
84 return false);
85
86 return true;
87 }
88
89
90 /*******************************************************************
91 Hash a security descriptor.
92 *******************************************************************/
93
94 static NTSTATUS hash_blob_sha256(DATA_BLOB blob,
95 uint8_t *hash)
96 {
97 SHA256_CTX tctx;
98
99 memset(hash, '\0', XATTR_SD_HASH_SIZE);
100
101 samba_SHA256_Init(&tctx);
102 samba_SHA256_Update(&tctx, blob.data, blob.length);
103 samba_SHA256_Final(hash, &tctx);
104
105 return NT_STATUS_OK;
106 }
107
108 /*******************************************************************
109 Hash a security descriptor.
110 *******************************************************************/
111
112 static NTSTATUS hash_sd_sha256(struct security_descriptor *psd,
113 uint8_t *hash)
114 {
115 DATA_BLOB blob;
116 NTSTATUS status;
117
118 memset(hash, '\0', XATTR_SD_HASH_SIZE);
119 status = create_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash);
120 if (!NT_STATUS_IS_OK(status)) {
121 return status;
122 }
123 return hash_blob_sha256(blob, hash);
124 }
125
126 /*******************************************************************
127 Parse out a struct security_descriptor from a DATA_BLOB.
128 *******************************************************************/
129
130 static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
131 TALLOC_CTX *mem_ctx,
132 struct security_descriptor **ppdesc,
133 uint16_t *p_hash_type,
134 uint16_t *p_version,
135 uint8_t hash[XATTR_SD_HASH_SIZE],
136 uint8_t sys_acl_hash[XATTR_SD_HASH_SIZE])
137 {
138 struct xattr_NTACL xacl;
139 enum ndr_err_code ndr_err;
140 size_t sd_size;
141 TALLOC_CTX *frame = talloc_stackframe();
142
143 ndr_err = ndr_pull_struct_blob(pblob, frame, &xacl,
144 (ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL);
145
146 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
147 DEBUG(5, ("parse_acl_blob: ndr_pull_xattr_NTACL failed: %s\n",
148 ndr_errstr(ndr_err)));
149 TALLOC_FREE(frame);
150 return ndr_map_error2ntstatus(ndr_err);
151 }
152
153 *p_version = xacl.version;
154
155 switch (xacl.version) {
156 case 1:
157 *ppdesc = make_sec_desc(mem_ctx, SD_REVISION,
158 xacl.info.sd->type | SEC_DESC_SELF_RELATIVE,
159 xacl.info.sd->owner_sid,
160 xacl.info.sd->group_sid,
161 xacl.info.sd->sacl,
162 xacl.info.sd->dacl,
163 &sd_size);
164 /* No hash - null out. */
165 *p_hash_type = XATTR_SD_HASH_TYPE_NONE;
166 memset(hash, '\0', XATTR_SD_HASH_SIZE);
167 break;
168 case 2:
169 *ppdesc = make_sec_desc(mem_ctx, SD_REVISION,
170 xacl.info.sd_hs2->sd->type | SEC_DESC_SELF_RELATIVE,
171 xacl.info.sd_hs2->sd->owner_sid,
172 xacl.info.sd_hs2->sd->group_sid,
173 xacl.info.sd_hs2->sd->sacl,
174 xacl.info.sd_hs2->sd->dacl,
175 &sd_size);
176 /* No hash - null out. */
177 *p_hash_type = XATTR_SD_HASH_TYPE_NONE;
178 memset(hash, '\0', XATTR_SD_HASH_SIZE);
179 break;
180 case 3:
181 *ppdesc = make_sec_desc(mem_ctx, SD_REVISION,
182 xacl.info.sd_hs3->sd->type | SEC_DESC_SELF_RELATIVE,
183 xacl.info.sd_hs3->sd->owner_sid,
184 xacl.info.sd_hs3->sd->group_sid,
185 xacl.info.sd_hs3->sd->sacl,
186 xacl.info.sd_hs3->sd->dacl,
187 &sd_size);
188 *p_hash_type = xacl.info.sd_hs3->hash_type;
189 /* Current version 3 (if no sys acl hash available). */
190 memcpy(hash, xacl.info.sd_hs3->hash, XATTR_SD_HASH_SIZE);
191 break;
192 case 4:
193 *ppdesc = make_sec_desc(mem_ctx, SD_REVISION,
194 xacl.info.sd_hs4->sd->type | SEC_DESC_SELF_RELATIVE,
195 xacl.info.sd_hs4->sd->owner_sid,
196 xacl.info.sd_hs4->sd->group_sid,
197 xacl.info.sd_hs4->sd->sacl,
198 xacl.info.sd_hs4->sd->dacl,
199 &sd_size);
200 *p_hash_type = xacl.info.sd_hs4->hash_type;
201 /* Current version 4. */
202 memcpy(hash, xacl.info.sd_hs4->hash, XATTR_SD_HASH_SIZE);
203 memcpy(sys_acl_hash, xacl.info.sd_hs4->sys_acl_hash, XATTR_SD_HASH_SIZE);
204 break;
205 default:
206 TALLOC_FREE(frame);
207 return NT_STATUS_REVISION_MISMATCH;
208 }
209
210 TALLOC_FREE(frame);
211
212 return (*ppdesc != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
213 }
214
215 /*******************************************************************
216 Create a DATA_BLOB from a hash of the security descriptor storead at
217 the system layer and the NT ACL we wish to preserve
218 *******************************************************************/
219
220 static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
221 DATA_BLOB *pblob,
222 uint16_t hash_type,
223 uint8_t hash[XATTR_SD_HASH_SIZE])
224 {
225 struct xattr_NTACL xacl;
226 struct security_descriptor_hash_v3 sd_hs3;
227 enum ndr_err_code ndr_err;
228 TALLOC_CTX *ctx = talloc_tos();
229
230 ZERO_STRUCT(xacl);
231 ZERO_STRUCT(sd_hs3);
232
233 xacl.version = 3;
234 xacl.info.sd_hs3 = &sd_hs3;
235 xacl.info.sd_hs3->sd = discard_const_p(struct security_descriptor, psd);
236 xacl.info.sd_hs3->hash_type = hash_type;
237 memcpy(&xacl.info.sd_hs3->hash[0], hash, XATTR_SD_HASH_SIZE);
238
239 ndr_err = ndr_push_struct_blob(
240 pblob, ctx, &xacl,
241 (ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
242
243 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
244 DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n",
245 ndr_errstr(ndr_err)));
246 return ndr_map_error2ntstatus(ndr_err);
247 }
248
249 return NT_STATUS_OK;
250 }
251
252 /*******************************************************************
253 Create a DATA_BLOB from a hash of the security descriptors
254 (system and NT) stored at the system layer and the NT ACL we wish
255 to preserve.
256 *******************************************************************/
257
258 static NTSTATUS create_sys_acl_blob(const struct security_descriptor *psd,
259 DATA_BLOB *pblob,
260 uint16_t hash_type,
261 uint8_t hash[XATTR_SD_HASH_SIZE],
262 const char *description,
263 uint8_t sys_acl_hash[XATTR_SD_HASH_SIZE])
264 {
265 struct xattr_NTACL xacl;
266 struct security_descriptor_hash_v4 sd_hs4;
267 enum ndr_err_code ndr_err;
268 TALLOC_CTX *ctx = talloc_tos();
269 NTTIME nttime_now;
270 struct timeval now = timeval_current();
271 nttime_now = timeval_to_nttime(&now);
272
273 ZERO_STRUCT(xacl);
274 ZERO_STRUCT(sd_hs4);
275
276 xacl.version = 4;
277 xacl.info.sd_hs4 = &sd_hs4;
278 xacl.info.sd_hs4->sd = discard_const_p(struct security_descriptor, psd);
279 xacl.info.sd_hs4->hash_type = hash_type;
280 memcpy(&xacl.info.sd_hs4->hash[0], hash, XATTR_SD_HASH_SIZE);
281 xacl.info.sd_hs4->description = description;
282 xacl.info.sd_hs4->time = nttime_now;
283 memcpy(&xacl.info.sd_hs4->sys_acl_hash[0], sys_acl_hash, XATTR_SD_HASH_SIZE);
284
285 ndr_err = ndr_push_struct_blob(
286 pblob, ctx, &xacl,
287 (ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
288
289 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
290 DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n",
291 ndr_errstr(ndr_err)));
292 return ndr_map_error2ntstatus(ndr_err);
293 }
294
295 return NT_STATUS_OK;
296 }
297
298 /*******************************************************************
299 Add in 3 inheritable components for a non-inheritable directory ACL.
300 CREATOR_OWNER/CREATOR_GROUP/WORLD.
301 *******************************************************************/
302
303 static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
304 const char *name,
305 SMB_STRUCT_STAT *psbuf,
306 struct security_descriptor *psd)
307 {
308 struct connection_struct *conn = handle->conn;
309 int num_aces = (psd->dacl ? psd->dacl->num_aces : 0);
310 struct smb_filename smb_fname;
311 enum security_ace_type acltype;
312 uint32_t access_mask;
313 mode_t dir_mode;
314 mode_t file_mode;
315 mode_t mode;
316 struct security_ace *new_ace_list;
317
318 if (psd->dacl) {
319 new_ace_list = talloc_zero_array(psd->dacl,
320 struct security_ace,
321 num_aces + 3);
322 } else {
323 /*
324 * make_sec_acl() at the bottom of this function
325 * dupliates new_ace_list
326 */
327 new_ace_list = talloc_zero_array(talloc_tos(),
328 struct security_ace,
329 num_aces + 3);
330 }
331
332 if (new_ace_list == NULL) {
333 return NT_STATUS_NO_MEMORY;
334 }
335
336 /* Fake a quick smb_filename. */
337 ZERO_STRUCT(smb_fname);
338 smb_fname.st = *psbuf;
339 smb_fname.base_name = discard_const_p(char, name);
340
341 dir_mode = unix_mode(conn,
342 FILE_ATTRIBUTE_DIRECTORY, &smb_fname, NULL);
343 file_mode = unix_mode(conn,
344 FILE_ATTRIBUTE_ARCHIVE, &smb_fname, NULL);
345
346 mode = dir_mode | file_mode;
347
348 DEBUG(10, ("add_directory_inheritable_components: directory %s, "
349 "mode = 0%o\n",
350 name,
351 (unsigned int)mode ));
352
353 if (num_aces) {
354 memcpy(new_ace_list, psd->dacl->aces,
355 num_aces * sizeof(struct security_ace));
356 }
357 access_mask = map_canon_ace_perms(SNUM(conn), &acltype,
358 mode & 0700, false);
359
360 init_sec_ace(&new_ace_list[num_aces],
361 &global_sid_Creator_Owner,
362 acltype,
363 access_mask,
364 SEC_ACE_FLAG_CONTAINER_INHERIT|
365 SEC_ACE_FLAG_OBJECT_INHERIT|
366 SEC_ACE_FLAG_INHERIT_ONLY);
367 access_mask = map_canon_ace_perms(SNUM(conn), &acltype,
368 (mode << 3) & 0700, false);
369 init_sec_ace(&new_ace_list[num_aces+1],
370 &global_sid_Creator_Group,
371 acltype,
372 access_mask,
373 SEC_ACE_FLAG_CONTAINER_INHERIT|
374 SEC_ACE_FLAG_OBJECT_INHERIT|
375 SEC_ACE_FLAG_INHERIT_ONLY);
376 access_mask = map_canon_ace_perms(SNUM(conn), &acltype,
377 (mode << 6) & 0700, false);
378 init_sec_ace(&new_ace_list[num_aces+2],
379 &global_sid_World,
380 acltype,
381 access_mask,
382 SEC_ACE_FLAG_CONTAINER_INHERIT|
383 SEC_ACE_FLAG_OBJECT_INHERIT|
384 SEC_ACE_FLAG_INHERIT_ONLY);
385 if (psd->dacl) {
386 psd->dacl->aces = new_ace_list;
387 psd->dacl->num_aces += 3;
388 psd->dacl->size += new_ace_list[num_aces].size +
389 new_ace_list[num_aces+1].size +
390 new_ace_list[num_aces+2].size;
391 } else {
392 psd->dacl = make_sec_acl(psd,
393 NT4_ACL_REVISION,
394 3,
395 new_ace_list);
396 if (psd->dacl == NULL) {
397 return NT_STATUS_NO_MEMORY;
398 }
399 }
400 return NT_STATUS_OK;
401 }
402
403 static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx,
404 const char *name,
405 SMB_STRUCT_STAT *psbuf,
406 struct security_descriptor **ppdesc)
407 {
408 struct dom_sid owner_sid, group_sid;
409 size_t size = 0;
410 struct security_ace aces[4];
411 uint32_t access_mask = 0;
412 mode_t mode = psbuf->st_ex_mode;
413 struct security_acl *new_dacl = NULL;
414 int idx = 0;
415
416 DBG_DEBUG("file %s mode = 0%o\n",name, (int)mode);
417
418 uid_to_sid(&owner_sid, psbuf->st_ex_uid);
419 gid_to_sid(&group_sid, psbuf->st_ex_gid);
420
421 /*
422 We provide up to 4 ACEs
423 - Owner
424 - Group
425 - Everyone
426 - NT System
427 */
428
429 if (mode & S_IRUSR) {
430 if (mode & S_IWUSR) {
431 access_mask |= SEC_RIGHTS_FILE_ALL;
432 } else {
433 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
434 }
435 }
436 if (mode & S_IWUSR) {
437 access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
438 }
439
440 init_sec_ace(&aces[idx],
441 &owner_sid,
442 SEC_ACE_TYPE_ACCESS_ALLOWED,
443 access_mask,
444 0);
445 idx++;
446
447 access_mask = 0;
448 if (mode & S_IRGRP) {
449 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
450 }
451 if (mode & S_IWGRP) {
452 /* note that delete is not granted - this matches posix behaviour */
453 access_mask |= SEC_RIGHTS_FILE_WRITE;
454 }
455 if (access_mask) {
456 init_sec_ace(&aces[idx],
457 &group_sid,
458 SEC_ACE_TYPE_ACCESS_ALLOWED,
459 access_mask,
460 0);
461 idx++;
462 }
463
464 access_mask = 0;
465 if (mode & S_IROTH) {
466 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
467 }
468 if (mode & S_IWOTH) {
469 access_mask |= SEC_RIGHTS_FILE_WRITE;
470 }
471 if (access_mask) {
472 init_sec_ace(&aces[idx],
473 &global_sid_World,
474 SEC_ACE_TYPE_ACCESS_ALLOWED,
475 access_mask,
476 0);
477 idx++;
478 }
479
480 init_sec_ace(&aces[idx],
481 &global_sid_System,
482 SEC_ACE_TYPE_ACCESS_ALLOWED,
483 SEC_RIGHTS_FILE_ALL,
484 0);
485 idx++;
486
487 new_dacl = make_sec_acl(ctx,
488 NT4_ACL_REVISION,
489 idx,
490 aces);
491
492 if (!new_dacl) {
493 return NT_STATUS_NO_MEMORY;
494 }
495
496 *ppdesc = make_sec_desc(ctx,
497 SECURITY_DESCRIPTOR_REVISION_1,
498 SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
499 &owner_sid,
500 &group_sid,
501 NULL,
502 new_dacl,
503 &size);
504 if (!*ppdesc) {
505 return NT_STATUS_NO_MEMORY;
506 }
507 return NT_STATUS_OK;
508 }
509
510 static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx,
511 const char *name,
512 SMB_STRUCT_STAT *psbuf,
513 struct security_descriptor **ppdesc)
514 {
515 struct dom_sid owner_sid, group_sid;
516 size_t size = 0;
517 struct security_ace aces[4];
518 uint32_t access_mask = 0;
519 mode_t mode = psbuf->st_ex_mode;
520 struct security_acl *new_dacl = NULL;
521 int idx = 0;
522
523 DBG_DEBUG("file [%s] mode [0%o]\n", name, (int)mode);
524
525 uid_to_sid(&owner_sid, psbuf->st_ex_uid);
526 gid_to_sid(&group_sid, psbuf->st_ex_gid);
527
528 /*
529 * We provide 2 ACEs:
530 * - Owner
531 * - NT System
532 */
533
534 if (mode & S_IRUSR) {
535 if (mode & S_IWUSR) {
536 access_mask |= SEC_RIGHTS_FILE_ALL;
537 } else {
538 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
539 }
540 }
541 if (mode & S_IWUSR) {
542 access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
543 }
544
545 init_sec_ace(&aces[idx],
546 &owner_sid,
547 SEC_ACE_TYPE_ACCESS_ALLOWED,
548 access_mask,
549 0);
550 idx++;
551
552 init_sec_ace(&aces[idx],
553 &global_sid_System,
554 SEC_ACE_TYPE_ACCESS_ALLOWED,
555 SEC_RIGHTS_FILE_ALL,
556 0);
557 idx++;
558
559 new_dacl = make_sec_acl(ctx,
560 NT4_ACL_REVISION,
561 idx,
562 aces);
563
564 if (!new_dacl) {
565 return NT_STATUS_NO_MEMORY;
566 }
567
568 *ppdesc = make_sec_desc(ctx,
569 SECURITY_DESCRIPTOR_REVISION_1,
570 SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
571 &owner_sid,
572 &group_sid,
573 NULL,
574 new_dacl,
575 &size);
576 if (!*ppdesc) {
577 return NT_STATUS_NO_MEMORY;
578 }
579 return NT_STATUS_OK;
580 }
581
582 static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
583 struct acl_common_config *config,
584 const char *name,
585 SMB_STRUCT_STAT *psbuf,
586 struct security_descriptor **ppdesc)
587 {
588 NTSTATUS status;
589
590 switch (config->default_acl_style) {
591
592 case DEFAULT_ACL_POSIX:
593 status = make_default_acl_posix(ctx, name, psbuf, ppdesc);
594 break;
595
596 case DEFAULT_ACL_WINDOWS:
597 status = make_default_acl_windows(ctx, name, psbuf, ppdesc);
598 break;
599
600 default:
601 DBG_ERR("unknown acl style %d", config->default_acl_style);
602 status = NT_STATUS_INTERNAL_ERROR;
603 break;
604 }
605
606 return status;
607 }
608
609 /**
610 * Validate an ACL blob
611 *
612 * This validates an ACL blob against the underlying filesystem ACL. If this
613 * function returns NT_STATUS_OK ppsd can be
614 *
615 * 1. the ACL from the blob (psd_from_fs=false), or
616 * 2. the ACL from the fs (psd_from_fs=true), or
617 * 3. NULL (!)
618 *
619 * If the return value is anything else then NT_STATUS_OK, ppsd is set to NULL
620 * and psd_from_fs set to false.
621 *
622 * Returning the underlying filesystem ACL in case no. 2 is really just an
623 * optimisation, because some validations have to fetch the filesytem ACL as
624 * part of the validation, so we already have it available and callers might
625 * need it as well.
626 **/
627 static NTSTATUS validate_nt_acl_blob(TALLOC_CTX *mem_ctx,
628 vfs_handle_struct *handle,
629 files_struct *fsp,
630 const char *name,
631 const DATA_BLOB *blob,
632 struct security_descriptor **ppsd,
633 bool *psd_is_from_fs)
634 {
635 NTSTATUS status;
636 uint16_t hash_type = XATTR_SD_HASH_TYPE_NONE;
637 uint16_t xattr_version = 0;
638 uint8_t hash[XATTR_SD_HASH_SIZE];
639 uint8_t sys_acl_hash[XATTR_SD_HASH_SIZE];
640 uint8_t hash_tmp[XATTR_SD_HASH_SIZE];
641 uint8_t sys_acl_hash_tmp[XATTR_SD_HASH_SIZE];
642 struct security_descriptor *psd = NULL;
643 struct security_descriptor *psd_blob = NULL;
644 struct security_descriptor *psd_fs = NULL;
645 char *sys_acl_blob_description = NULL;
646 DATA_BLOB sys_acl_blob = { 0 };
647 struct acl_common_config *config = NULL;
648
649 *ppsd = NULL;
650 *psd_is_from_fs = false;
651
652 SMB_VFS_HANDLE_GET_DATA(handle, config,
653 struct acl_common_config,
654 return NT_STATUS_UNSUCCESSFUL);
655
656 status = parse_acl_blob(blob,
657 mem_ctx,
658 &psd_blob,
659 &hash_type,
660 &xattr_version,
661 &hash[0],
662 &sys_acl_hash[0]);
663
664 if (!NT_STATUS_IS_OK(status)) {
665 DBG_DEBUG("parse_acl_blob returned %s\n", nt_errstr(status));
666 goto fail;
667 }
668
669 /* determine which type of xattr we got */
670 switch (xattr_version) {
671 case 1:
672 case 2:
673 /* These xattr types are unilatteral, they do not
674 * require confirmation of the hash. In particular,
675 * the NTVFS file server uses version 1, but
676 * 'samba-tool ntacl' can set these as well */
677 *ppsd = psd_blob;
678 return NT_STATUS_OK;
679 case 3:
680 case 4:
681 if (config->ignore_system_acls) {
682 *ppsd = psd_blob;
683 return NT_STATUS_OK;
684 }
685
686 break;
687 default:
688 DBG_DEBUG("ACL blob revision mismatch (%u) for file %s\n",
689 (unsigned int)hash_type, name);
690 TALLOC_FREE(psd_blob);
691 return NT_STATUS_OK;
692 }
693
694 /* determine which type of xattr we got */
695 if (hash_type != XATTR_SD_HASH_TYPE_SHA256) {
696 DBG_DEBUG("ACL blob hash type (%u) unexpected for file %s\n",
697 (unsigned int)hash_type, name);
698 TALLOC_FREE(psd_blob);
699 return NT_STATUS_OK;
700 }
701
702 /* determine which type of xattr we got */
703 switch (xattr_version) {
704 case 4:
705 {
706 int ret;
707 if (fsp) {
708 /* Get the full underlying sd, then hash. */
709 ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle,
710 fsp,
711 mem_ctx,
712 &sys_acl_blob_description,
713 &sys_acl_blob);
714 } else {
715 /* Get the full underlying sd, then hash. */
716 ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle,
717 name,
718 mem_ctx,
719 &sys_acl_blob_description,
720 &sys_acl_blob);
721 }
722
723 /* If we fail to get the ACL blob (for some reason) then this
724 * is not fatal, we just work based on the NT ACL only */
725 if (ret == 0) {
726 status = hash_blob_sha256(sys_acl_blob, sys_acl_hash_tmp);
727 if (!NT_STATUS_IS_OK(status)) {
728 goto fail;
729 }
730
731 TALLOC_FREE(sys_acl_blob_description);
732 TALLOC_FREE(sys_acl_blob.data);
733
734 if (memcmp(&sys_acl_hash[0], &sys_acl_hash_tmp[0],
735 XATTR_SD_HASH_SIZE) == 0) {
736 /* Hash matches, return blob sd. */
737 DBG_DEBUG("blob hash matches for file %s\n",
738 name);
739 *ppsd = psd_blob;
740 return NT_STATUS_OK;
741 }
742 }
743
744 /* Otherwise, fall though and see if the NT ACL hash matches */
745 }
746 case 3:
747 /* Get the full underlying sd for the hash
748 or to return as backup. */
749 if (fsp) {
750 status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
751 fsp,
752 HASH_SECURITY_INFO,
753 mem_ctx,
754 &psd_fs);
755 } else {
756 status = SMB_VFS_NEXT_GET_NT_ACL(handle,
757 name,
758 HASH_SECURITY_INFO,
759 mem_ctx,
760 &psd_fs);
761 }
762
763 if (!NT_STATUS_IS_OK(status)) {
764 DBG_DEBUG("get_next_acl for file %s returned %s\n",
765 name, nt_errstr(status));
766 goto fail;
767 }
768
769 status = hash_sd_sha256(psd_fs, hash_tmp);
770 if (!NT_STATUS_IS_OK(status)) {
771 TALLOC_FREE(psd_blob);
772 *ppsd = psd_fs;
773 *psd_is_from_fs = true;
774 return NT_STATUS_OK;
775 }
776
777 if (memcmp(&hash[0], &hash_tmp[0], XATTR_SD_HASH_SIZE) == 0) {
778 /* Hash matches, return blob sd. */
779 DBG_DEBUG("blob hash matches for file %s\n", name);
780 *ppsd = psd_blob;
781 return NT_STATUS_OK;
782 }
783
784 /* Hash doesn't match, return underlying sd. */
785 DBG_DEBUG("blob hash does not match for file %s - returning "
786 "file system SD mapping.\n", name);
787
788 if (DEBUGLEVEL >= 10) {
789 DBG_DEBUG("acl for blob hash for %s is:\n", name);
790 NDR_PRINT_DEBUG(security_descriptor, psd_fs);
791 }
792
793 TALLOC_FREE(psd_blob);
794 *ppsd = psd_fs;
795 *psd_is_from_fs = true;
796 }
797
798 return NT_STATUS_OK;
799
800 fail:
801 TALLOC_FREE(psd);
802 TALLOC_FREE(psd_blob);
803 TALLOC_FREE(psd_fs);
804 TALLOC_FREE(sys_acl_blob_description);
805 TALLOC_FREE(sys_acl_blob.data);
806 return status;
807 }
808
809 static NTSTATUS stat_fsp_or_name(vfs_handle_struct *handle,
810 files_struct *fsp,
811 const char *name,
812 SMB_STRUCT_STAT *sbuf,
813 SMB_STRUCT_STAT **psbuf)
814 {
815 NTSTATUS status;
816 int ret;
817
818 if (fsp) {
819 status = vfs_stat_fsp(fsp);
820 if (!NT_STATUS_IS_OK(status)) {
821 return status;
822 }
823 *psbuf = &fsp->fsp_name->st;
824 } else {
825 /*
826 * https://bugzilla.samba.org/show_bug.cgi?id=11249
827 *
828 * We are currently guaranteed that 'name' here is a
829 * smb_fname->base_name, which *cannot* contain a stream name
830 * (':'). vfs_stat_smb_fname() splits a name into a base name +
831 * stream name, which when we get here we know we've already
832 * done. So we have to call the stat or lstat VFS calls
833 * directly here. Else, a base_name that contains a ':' (from a
834 * demangled name) will get split again.
835 *
836 * FIXME.
837 * This uglyness will go away once smb_fname is fully plumbed
838 * through the VFS.
839 */
840 ret = vfs_stat_smb_basename(handle->conn,
841 name,
842 sbuf);
843 if (ret == -1) {
844 return map_nt_error_from_unix(errno);
845 }
846 }
847
848 return NT_STATUS_OK;
849 }
850
851 /*******************************************************************
852 Pull a DATA_BLOB from an xattr given a pathname.
853 If the hash doesn't match, or doesn't exist - return the underlying
854 filesystem sd.
855 *******************************************************************/
856
857 static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
858 files_struct *fsp,
859 const char *name,
860 uint32_t security_info,
861 TALLOC_CTX *mem_ctx,
862 struct security_descriptor **ppdesc)
863 {
864 DATA_BLOB blob = data_blob_null;
865 NTSTATUS status;
866 struct security_descriptor *psd = NULL;
867 bool psd_is_from_fs = false;
868 struct acl_common_config *config = NULL;
869
870 SMB_VFS_HANDLE_GET_DATA(handle, config,
871 struct acl_common_config,
872 return NT_STATUS_UNSUCCESSFUL);
873
874 if (fsp && name == NULL) {
875 name = fsp->fsp_name->base_name;
876 }
877
878 DEBUG(10, ("get_nt_acl_internal: name=%s\n", name));
879
880 status = get_acl_blob(mem_ctx, handle, fsp, name, &blob);
881 if (NT_STATUS_IS_OK(status)) {
882 status = validate_nt_acl_blob(mem_ctx,
883 handle,
884 fsp,
885 name,
886 &blob,
887 &psd,
888 &psd_is_from_fs);
889 TALLOC_FREE(blob.data);
890 if (!NT_STATUS_IS_OK(status)) {
891 DBG_DEBUG("ACL validation for [%s] failed\n",
892 name);
893 goto fail;
894 }
895 }
896
897 if (psd == NULL) {
898 /* Get the full underlying sd, as we failed to get the
899 * blob for the hash, or the revision/hash type wasn't
900 * known */
901
902 if (config->ignore_system_acls) {
903 SMB_STRUCT_STAT sbuf;
904 SMB_STRUCT_STAT *psbuf = &sbuf;
905
906 status = stat_fsp_or_name(handle, fsp, name,
907 &sbuf, &psbuf);
908 if (!NT_STATUS_IS_OK(status)) {
909 goto fail;
910 }
911
912 status = make_default_filesystem_acl(
913 mem_ctx,
914 config,
915 name,
916 psbuf,
917 &psd);
918 if (!NT_STATUS_IS_OK(status)) {
919 goto fail;
920 }
921 } else {
922 if (fsp) {
923 status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
924 fsp,
925 security_info,
926 mem_ctx,
927 &psd);
928 } else {
929 status = SMB_VFS_NEXT_GET_NT_ACL(handle,
930 name,
931 security_info,
932 mem_ctx,
933 &psd);
934 }
935
936 if (!NT_STATUS_IS_OK(status)) {
937 DBG_DEBUG("get_next_acl for file %s "
938 "returned %s\n", name,
939 nt_errstr(status));
940 goto fail;
941 }
942
943 psd_is_from_fs = true;
944 }
945 }
946
947 if (psd_is_from_fs) {
948 SMB_STRUCT_STAT sbuf;
949 SMB_STRUCT_STAT *psbuf = &sbuf;
950 bool is_directory = false;
951
952 /*
953 * We're returning the underlying ACL from the
954 * filesystem. If it's a directory, and has no
955 * inheritable ACE entries we have to fake them.
956 */
957
958 status = stat_fsp_or_name(handle, fsp, name,
959 &sbuf, &psbuf);
960 if (!NT_STATUS_IS_OK(status)) {
961 goto fail;
962 }
963
964 is_directory = S_ISDIR(psbuf->st_ex_mode);
965
966 if (is_directory && !sd_has_inheritable_components(psd, true)) {
967 status = add_directory_inheritable_components(
968 handle,
969 name,
970 psbuf,
971 psd);
972 if (!NT_STATUS_IS_OK(status)) {
973 goto fail;
974 }
975 }
976
977 /*
978 * The underlying POSIX module always sets the
979 * ~SEC_DESC_DACL_PROTECTED bit, as ACLs can't be inherited in
980 * this way under POSIX. Remove it for Windows-style ACLs.
981 */
982 psd->type &= ~SEC_DESC_DACL_PROTECTED;
983 }
984
985 if (!(security_info & SECINFO_OWNER)) {
986 psd->owner_sid = NULL;
987 }
988 if (!(security_info & SECINFO_GROUP)) {
989 psd->group_sid = NULL;
990 }
991 if (!(security_info & SECINFO_DACL)) {
992 psd->type &= ~SEC_DESC_DACL_PRESENT;
993 psd->dacl = NULL;
994 }
995 if (!(security_info & SECINFO_SACL)) {
996 psd->type &= ~SEC_DESC_SACL_PRESENT;
997 psd->sacl = NULL;
998 }
999
1000 if (DEBUGLEVEL >= 10) {
1001 DEBUG(10,("get_nt_acl_internal: returning acl for %s is:\n",
1002 name));
1003 NDR_PRINT_DEBUG(security_descriptor, psd);
1004 }
1005
1006 *ppdesc = psd;
1007
1008 return NT_STATUS_OK;
1009
1010 fail:
1011 TALLOC_FREE(psd);
1012 return status;
1013 }
1014
1015 /*********************************************************************
1016 Fetch a security descriptor given an fsp.
1017 *********************************************************************/
1018
1019 static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle,
1020 files_struct *fsp,
1021 uint32_t security_info,
1022 TALLOC_CTX *mem_ctx,
1023 struct security_descriptor **ppdesc)
1024 {
1025 return get_nt_acl_internal(handle, fsp,
1026 NULL, security_info, mem_ctx, ppdesc);
1027 }
1028
1029 /*********************************************************************
1030 Fetch a security descriptor given a pathname.
1031 *********************************************************************/
1032
1033 static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
1034 const char *name,
1035 uint32_t security_info,
1036 TALLOC_CTX *mem_ctx,
1037 struct security_descriptor **ppdesc)
1038 {
1039 return get_nt_acl_internal(handle, NULL,
1040 name, security_info, mem_ctx, ppdesc);
1041 }
1042
1043 /*********************************************************************
1044 Set the underlying ACL (e.g. POSIX ACLS, POSIX owner, etc)
1045 *********************************************************************/
1046 static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp,
1047 struct security_descriptor *psd,
1048 uint32_t security_info_sent,
1049 bool chown_needed)
1050 {
1051 NTSTATUS status =
1052 SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1053 if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1054 return status;
1055 }
1056
1057 /* We got access denied here. If we're already root,
1058 or we didn't need to do a chown, or the fsp isn't
1059 open with WRITE_OWNER access, just return. */
1060 if (get_current_uid(handle->conn) == 0 || chown_needed == false ||
1061 !(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
1062 return NT_STATUS_ACCESS_DENIED;
1063 }
1064
1065 DEBUG(10, ("fset_nt_acl_common: overriding chown on file %s "
1066 "for sid %s\n",
1067 fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid)));
1068
1069 /* Ok, we failed to chown and we have
1070 SEC_STD_WRITE_OWNER access - override. */
1071 become_root();
1072 status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1073 unbecome_root();
1074
1075 return status;
1076 }
1077
1078 /*********************************************************************
1079 Store a v3 security descriptor
1080 *********************************************************************/
1081 static NTSTATUS store_v3_blob(vfs_handle_struct *handle, files_struct *fsp,
1082 struct security_descriptor *psd,
1083 struct security_descriptor *pdesc_next,
1084 uint8_t hash[XATTR_SD_HASH_SIZE])
1085 {
1086 NTSTATUS status;
1087 DATA_BLOB blob;
1088
1089 if (DEBUGLEVEL >= 10) {
1090 DEBUG(10, ("fset_nt_acl_xattr: storing xattr sd for file %s\n",
1091 fsp_str_dbg(fsp)));
1092 NDR_PRINT_DEBUG(
1093 security_descriptor,
1094 discard_const_p(struct security_descriptor, psd));
1095
1096 if (pdesc_next != NULL) {
1097 DEBUG(10, ("fset_nt_acl_xattr: storing has in xattr sd "
1098 "based on \n"));
1099 NDR_PRINT_DEBUG(
1100 security_descriptor,
1101 discard_const_p(struct security_descriptor,
1102 pdesc_next));
1103 } else {
1104 DEBUG(10,
1105 ("fset_nt_acl_xattr: ignoring underlying sd\n"));
1106 }
1107 }
1108 status = create_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash);
1109 if (!NT_STATUS_IS_OK(status)) {
1110 DEBUG(10, ("fset_nt_acl_xattr: create_acl_blob failed\n"));
1111 return status;
1112 }
1113
1114 status = store_acl_blob_fsp(handle, fsp, &blob);
1115 return status;
1116 }
1117
1118 /*********************************************************************
1119 Store a security descriptor given an fsp.
1120 *********************************************************************/
1121
1122 static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
1123 uint32_t security_info_sent, const struct security_descriptor *orig_psd)
1124 {
1125 NTSTATUS status;
1126 int ret;
1127 DATA_BLOB blob, sys_acl_blob;
1128 struct security_descriptor *pdesc_next = NULL;
1129 struct security_descriptor *psd = NULL;
1130 uint8_t hash[XATTR_SD_HASH_SIZE];
1131 uint8_t sys_acl_hash[XATTR_SD_HASH_SIZE];
1132 bool chown_needed = false;
1133 char *sys_acl_description;
1134 TALLOC_CTX *frame = talloc_stackframe();
1135 bool ignore_file_system_acl = lp_parm_bool(
1136 SNUM(handle->conn), ACL_MODULE_NAME, "ignore system acls", false);
1137
1138 if (DEBUGLEVEL >= 10) {
1139 DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n",
1140 fsp_str_dbg(fsp)));
1141 NDR_PRINT_DEBUG(security_descriptor,
1142 discard_const_p(struct security_descriptor, orig_psd));
1143 }
1144
1145 status = get_nt_acl_internal(handle, fsp,
1146 NULL,
1147 SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL,
1148 frame,
1149 &psd);
1150
1151 if (!NT_STATUS_IS_OK(status)) {
1152 TALLOC_FREE(frame);
1153 return status;
1154 }
1155
1156 psd->revision = orig_psd->revision;
1157 /* All our SD's are self relative. */
1158 psd->type = orig_psd->type | SEC_DESC_SELF_RELATIVE;
1159
1160 if ((security_info_sent & SECINFO_OWNER) && (orig_psd->owner_sid != NULL)) {
1161 if (!dom_sid_equal(orig_psd->owner_sid, psd->owner_sid)) {
1162 /* We're changing the owner. */
1163 chown_needed = true;
1164 }
1165 psd->owner_sid = orig_psd->owner_sid;
1166 }
1167 if ((security_info_sent & SECINFO_GROUP) && (orig_psd->group_sid != NULL)) {
1168 if (!dom_sid_equal(orig_psd->group_sid, psd->group_sid)) {
1169 /* We're changing the group. */
1170 chown_needed = true;
1171 }
1172 psd->group_sid = orig_psd->group_sid;
1173 }
1174 if (security_info_sent & SECINFO_DACL) {
1175 if (security_descriptor_with_ms_nfs(orig_psd)) {
1176 /*
1177 * If the sd contains a MS NFS SID, do
1178 * nothing, it's a chmod() request from OS X
1179 * with AAPL context.
1180 */
1181 TALLOC_FREE(frame);
1182 return NT_STATUS_OK;
1183 }
1184 psd->dacl = orig_psd->dacl;
1185 psd->type |= SEC_DESC_DACL_PRESENT;
1186 }
1187 if (security_info_sent & SECINFO_SACL) {
1188 psd->sacl = orig_psd->sacl;
1189 psd->type |= SEC_DESC_SACL_PRESENT;
1190 }
1191
1192 if (ignore_file_system_acl) {
1193 if (chown_needed) {
1194 /* send only ownership stuff to lower layer */
1195 security_info_sent &= (SECINFO_OWNER | SECINFO_GROUP);
1196 status = set_underlying_acl(handle, fsp, psd,
1197 security_info_sent, true);
1198 if (!NT_STATUS_IS_OK(status)) {
1199 TALLOC_FREE(frame);
1200 return status;
1201 }
1202 }
1203 ZERO_ARRAY(hash);
1204 status = store_v3_blob(handle, fsp, psd, NULL, hash);
1205
1206 TALLOC_FREE(frame);
1207 return status;
1208 }
1209
1210 status = set_underlying_acl(handle, fsp, psd, security_info_sent,
1211 chown_needed);
1212 if (!NT_STATUS_IS_OK(status)) {
1213 TALLOC_FREE(frame);
1214 return status;
1215 }
1216
1217 /* Get the full underlying sd, then hash. */
1218 status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
1219 fsp,
1220 HASH_SECURITY_INFO,
1221 frame,
1222 &pdesc_next);
1223
1224 if (!NT_STATUS_IS_OK(status)) {
1225 TALLOC_FREE(frame);
1226 return status;
1227 }
1228
1229 status = hash_sd_sha256(pdesc_next, hash);
1230 if (!NT_STATUS_IS_OK(status)) {
1231 TALLOC_FREE(frame);
1232 return status;
1233 }
1234
1235 /* Get the full underlying sd, then hash. */
1236 ret = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle,
1237 fsp,
1238 frame,
1239 &sys_acl_description,
1240 &sys_acl_blob);
1241
1242 /* If we fail to get the ACL blob (for some reason) then this
1243 * is not fatal, we just work based on the NT ACL only */
1244 if (ret != 0) {
1245 status = store_v3_blob(handle, fsp, psd, pdesc_next, hash);
1246
1247 TALLOC_FREE(frame);
1248 return status;
1249 }
1250
1251 status = hash_blob_sha256(sys_acl_blob, sys_acl_hash);
1252 if (!NT_STATUS_IS_OK(status)) {
1253 TALLOC_FREE(frame);
1254 return status;
1255 }
1256
1257 if (DEBUGLEVEL >= 10) {
1258 DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s based on system ACL\n",
1259 fsp_str_dbg(fsp)));
1260 NDR_PRINT_DEBUG(security_descriptor,
1261 discard_const_p(struct security_descriptor, psd));
1262
1263 DEBUG(10,("fset_nt_acl_xattr: storing hash in xattr sd based on system ACL and:\n"));
1264 NDR_PRINT_DEBUG(security_descriptor,
1265 discard_const_p(struct security_descriptor, pdesc_next));
1266 }
1267
1268 /* We store hashes of both the sys ACL blob and the NT
1269 * security desciptor mapped from that ACL so as to improve
1270 * our chances against some inadvertant change breaking the
1271 * hash used */
1272 status = create_sys_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash,
1273 sys_acl_description, sys_acl_hash);
1274 if (!NT_STATUS_IS_OK(status)) {
1275 DEBUG(10, ("fset_nt_acl_xattr: create_sys_acl_blob failed\n"));
1276 TALLOC_FREE(frame);
1277 return status;
1278 }
1279
1280 status = store_acl_blob_fsp(handle, fsp, &blob);
1281
1282 TALLOC_FREE(frame);
1283 return status;
1284 }
1285
1286 static int acl_common_remove_object(vfs_handle_struct *handle,
1287 const char *path,
1288 bool is_directory)
1289 {
1290 connection_struct *conn = handle->conn;
1291 struct file_id id;
1292 files_struct *fsp = NULL;
1293 int ret = 0;
1294 char *parent_dir = NULL;
1295 const char *final_component = NULL;
1296 struct smb_filename local_fname;
1297 int saved_errno = 0;
1298 char *saved_dir = NULL;
1299
1300 saved_dir = vfs_GetWd(talloc_tos(),conn);
1301 if (!saved_dir) {
1302 saved_errno = errno;
1303 goto out;
1304 }
1305
1306 if (!parent_dirname(talloc_tos(), path,
1307 &parent_dir, &final_component)) {
1308 saved_errno = ENOMEM;
1309 goto out;
1310 }
1311
1312 DEBUG(10,("acl_common_remove_object: removing %s %s/%s\n",
1313 is_directory ? "directory" : "file",
1314 parent_dir, final_component ));
1315
1316 /* cd into the parent dir to pin it. */
1317 ret = vfs_ChDir(conn, parent_dir);
1318 if (ret == -1) {
1319 saved_errno = errno;
1320 goto out;
1321 }
1322
1323 ZERO_STRUCT(local_fname);
1324 local_fname.base_name = discard_const_p(char, final_component);
1325
1326 /* Must use lstat here. */
1327 ret = SMB_VFS_LSTAT(conn, &local_fname);
1328 if (ret == -1) {
1329 saved_errno = errno;
1330 goto out;
1331 }
1332
1333 /* Ensure we have this file open with DELETE access. */
1334 id = vfs_file_id_from_sbuf(conn, &local_fname.st);
1335 for (fsp = file_find_di_first(conn->sconn, id); fsp;
1336 fsp = file_find_di_next(fsp)) {
1337 if (fsp->access_mask & DELETE_ACCESS &&
1338 fsp->delete_on_close) {
1339 /* We did open this for delete,
1340 * allow the delete as root.
1341 */
1342 break;
1343 }
1344 }
1345
1346 if (!fsp) {
1347 DEBUG(10,("acl_common_remove_object: %s %s/%s "
1348 "not an open file\n",
1349 is_directory ? "directory" : "file",
1350 parent_dir, final_component ));
1351 saved_errno = EACCES;
1352 goto out;
1353 }
1354
1355 become_root();
1356 if (is_directory) {
1357 ret = SMB_VFS_NEXT_RMDIR(handle, final_component);
1358 } else {
1359 ret = SMB_VFS_NEXT_UNLINK(handle, &local_fname);
1360 }
1361 unbecome_root();
1362
1363 if (ret == -1) {
1364 saved_errno = errno;
1365 }
1366
1367 out:
1368
1369 TALLOC_FREE(parent_dir);
1370
1371 if (saved_dir) {
1372 vfs_ChDir(conn, saved_dir);
1373 }
1374 if (saved_errno) {
1375 errno = saved_errno;
1376 }
1377 return ret;
1378 }
1379
1380 static int rmdir_acl_common(struct vfs_handle_struct *handle,
1381 const char *path)
1382 {
1383 int ret;
1384
1385 /* Try the normal rmdir first. */
1386 ret = SMB_VFS_NEXT_RMDIR(handle, path);
1387 if (ret == 0) {
1388 return 0;
1389 }
1390 if (errno == EACCES || errno == EPERM) {
1391 /* Failed due to access denied,
1392 see if we need to root override. */
1393 return acl_common_remove_object(handle,
1394 path,
1395 true);
1396 }
1397
1398 DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n",
1399 path,
1400 strerror(errno) ));
1401 return -1;
1402 }
1403
1404 static int unlink_acl_common(struct vfs_handle_struct *handle,
1405 const struct smb_filename *smb_fname)
1406 {
1407 int ret;
1408
1409 /* Try the normal unlink first. */
1410 ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
1411 if (ret == 0) {
1412 return 0;
1413 }
1414 if (errno == EACCES || errno == EPERM) {
1415 /* Failed due to access denied,
1416 see if we need to root override. */
1417
1418 /* Don't do anything fancy for streams. */
1419 if (smb_fname->stream_name) {
1420 return -1;
1421 }
1422 return acl_common_remove_object(handle,
1423 smb_fname->base_name,
1424 false);
1425 }
1426
1427 DEBUG(10,("unlink_acl_common: unlink of %s failed %s\n",
1428 smb_fname->base_name,
1429 strerror(errno) ));
1430 return -1;
1431 }
1432
1433 static int chmod_acl_module_common(struct vfs_handle_struct *handle,
1434 const char *path, mode_t mode)
1435 {
1436 if (lp_posix_pathnames()) {
1437 /* Only allow this on POSIX pathnames. */
1438 return SMB_VFS_NEXT_CHMOD(handle, path, mode);
1439 }
1440 return 0;
1441 }
1442
1443 static int fchmod_acl_module_common(struct vfs_handle_struct *handle,
1444 struct files_struct *fsp, mode_t mode)
1445 {
1446 if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
1447 /* Only allow this on POSIX opens. */
1448 return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1449 }
1450 return 0;
1451 }
1452
1453 static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
1454 const char *name, mode_t mode)
1455 {
1456 if (lp_posix_pathnames()) {
1457 /* Only allow this on POSIX pathnames. */
1458 return SMB_VFS_NEXT_CHMOD_ACL(handle, name, mode);
1459 }
1460 return 0;
1461 }
1462
1463 static int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
1464 struct files_struct *fsp, mode_t mode)
1465 {
1466 if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
1467 /* Only allow this on POSIX opens. */
1468 return SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1469 }
1470 return 0;
1471 }
Samba GIT mirror