From b30020d50197ce92a9146fe90288e953369d4c22 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 22 Jun 2006 19:52:32 +0000 Subject: [PATCH] r16472: final pass for 3.0.23rc3 I think. Current with SAMBA_3_0 r16471 --- WHATSNEW.txt | 5 +++++ source/Makefile.in | 3 ++- source/auth/auth_util.c | 25 +++++++++++++++++++++++++ source/include/smb.h | 6 ++++-- source/libsmb/smb_share_modes.c | 1 + source/locking/locking.c | 23 ++++++++++++++--------- source/smbd/open.c | 4 ++-- source/smbd/oplock.c | 2 ++ source/utils/status.c | 5 +++-- source/web/statuspage.c | 1 + 10 files changed, 59 insertions(+), 16 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cf725f52d33..be26aa9cbec 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -38,12 +38,17 @@ o Jeremy Allison * Fix naming conflicts with 'net usershare' structures and Solaris header files. * Fix memleaks on error paths from the ASN.1 parsing code. + * Add uid to share_mode_entry structure so we can report who + opened the file. o Gerald (Jerry) Carter * Fix 'make install' problem when building outside source/. * Fix 'net ads join' when the workgroup is set incorrectly in smb.conf. + * Re-add code to include the BUILTIN\Administrators SID when + winbindd is not running, but the user's token includes the + Domain Admin SID. Fixes access problem for managing Services. o Guenther Deschner diff --git a/source/Makefile.in b/source/Makefile.in index bba29456133..136f597af3d 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -1616,7 +1616,8 @@ delheaders: @rm -f include/proto.h include/build_env.h \ nsswitch/winbindd_proto.h web/swat_proto.h \ client/client_proto.h utils/net_proto.h \ - smbd/build_options.c + smbd/build_options.c utils/ntlm_auth_proto.h \ + utils/passwd_proto.h MKPROTO_SH = $(srcdir)/script/mkproto.sh diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 9427c7681ee..0401e02b7d4 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -688,6 +688,31 @@ static NTSTATUS log_nt_token(TALLOC_CTX *tmp_ctx, NT_USER_TOKEN *token) static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_token *token ) { + DOM_SID domadm; + + /* nothing to do if we aren't in a domain */ + + if ( !(IS_DC || lp_server_role()==ROLE_DOMAIN_MEMBER) ) { + return NT_STATUS_OK; + } + + /* Find the Domain Admins SID */ + + if ( IS_DC ) { + sid_copy( &domadm, get_global_sam_sid() ); + } else { + if ( !secrets_fetch_domain_sid( lp_workgroup(), &domadm ) ) + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + sid_append_rid( &domadm, DOMAIN_GROUP_RID_ADMINS ); + + /* Add Administrators if the user beloongs to Domain Admins */ + + if ( nt_token_check_sid( &domadm, token ) ) { + add_sid_to_array(token, &global_sid_Builtin_Administrators, + &token->user_sids, &token->num_sids); + } + return NT_STATUS_OK; } diff --git a/source/include/smb.h b/source/include/smb.h index 41ffce1a155..5aa06347f8c 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -671,6 +671,7 @@ struct share_mode_entry { SMB_DEV_T dev; SMB_INO_T inode; unsigned long share_file_id; + uint32 uid; /* uid of file opener. */ }; /* oplock break message definition - linearization of share_mode_entry. @@ -687,10 +688,11 @@ Offset Data length. 28 SMB_DEV_T dev 8 bytes. 36 SMB_INO_T inode 8 bytes 44 unsigned long file_id 4 bytes -48 +48 uint32 uid 4 bytes +52 */ -#define MSG_SMB_SHARE_MODE_ENTRY_SIZE 48 +#define MSG_SMB_SHARE_MODE_ENTRY_SIZE 52 struct share_mode_lock { const char *servicepath; /* canonicalized. */ diff --git a/source/libsmb/smb_share_modes.c b/source/libsmb/smb_share_modes.c index 090571b8107..34ede9df296 100644 --- a/source/libsmb/smb_share_modes.c +++ b/source/libsmb/smb_share_modes.c @@ -149,6 +149,7 @@ static void create_share_mode_entry(struct share_mode_entry *out, out->access_mask = in->access_mask; out->dev = (SMB_DEV_T)in->dev; out->inode = (SMB_INO_T)in->ino; + out->uid = (uint32)geteuid(); } /* diff --git a/source/locking/locking.c b/source/locking/locking.c index 0ffb9374326..01f12bbb58d 100644 --- a/source/locking/locking.c +++ b/source/locking/locking.c @@ -443,13 +443,13 @@ char *share_mode_str(int num, struct share_mode_entry *e) slprintf(share_str, sizeof(share_str)-1, "share_mode_entry[%d]: %s " "pid = %s, share_access = 0x%x, private_options = 0x%x, " "access_mask = 0x%x, mid = 0x%x, type= 0x%x, file_id = %lu, " - "dev = 0x%x, inode = %.0f", + "uid = %u, dev = 0x%x, inode = %.0f", num, e->op_type == UNUSED_SHARE_MODE_ENTRY ? "UNUSED" : "", procid_str_static(&e->pid), e->share_access, e->private_options, e->access_mask, e->op_mid, e->op_type, e->share_file_id, - (unsigned int)e->dev, (double)e->inode ); + (unsigned int)e->uid, (unsigned int)e->dev, (double)e->inode ); return share_str; } @@ -917,7 +917,7 @@ BOOL is_unused_share_mode_entry(const struct share_mode_entry *e) static void fill_share_mode_entry(struct share_mode_entry *e, files_struct *fsp, - uint16 mid, uint16 op_type) + uid_t uid, uint16 mid, uint16 op_type) { ZERO_STRUCTP(e); e->pid = procid_self(); @@ -928,9 +928,10 @@ static void fill_share_mode_entry(struct share_mode_entry *e, e->op_type = op_type; e->time.tv_sec = fsp->open_time.tv_sec; e->time.tv_usec = fsp->open_time.tv_usec; - e->share_file_id = fsp->fh->file_id; e->dev = fsp->dev; e->inode = fsp->inode; + e->share_file_id = fsp->fh->file_id; + e->uid = (uint32)uid; } static void fill_deferred_open_entry(struct share_mode_entry *e, @@ -945,6 +946,7 @@ static void fill_deferred_open_entry(struct share_mode_entry *e, e->time.tv_usec = request_time.tv_usec; e->dev = dev; e->inode = ino; + e->uid = (uint32)-1; } static void add_share_mode_entry(struct share_mode_lock *lck, @@ -969,10 +971,10 @@ static void add_share_mode_entry(struct share_mode_lock *lck, } void set_share_mode(struct share_mode_lock *lck, files_struct *fsp, - uint16 mid, uint16 op_type) + uid_t uid, uint16 mid, uint16 op_type) { struct share_mode_entry entry; - fill_share_mode_entry(&entry, fsp, mid, op_type); + fill_share_mode_entry(&entry, fsp, uid, mid, op_type); add_share_mode_entry(lck, &entry); } @@ -1044,7 +1046,8 @@ BOOL del_share_mode(struct share_mode_lock *lck, files_struct *fsp) { struct share_mode_entry entry, *e; - fill_share_mode_entry(&entry, fsp, 0, NO_OPLOCK); + /* Don't care about the pid owner being correct here - just a search. */ + fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK); e = find_share_mode_entry(lck, &entry); if (e == NULL) { @@ -1080,7 +1083,8 @@ BOOL remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp) { struct share_mode_entry entry, *e; - fill_share_mode_entry(&entry, fsp, 0, NO_OPLOCK); + /* Don't care about the pid owner being correct here - just a search. */ + fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK); e = find_share_mode_entry(lck, &entry); if (e == NULL) { @@ -1101,7 +1105,8 @@ BOOL downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp) { struct share_mode_entry entry, *e; - fill_share_mode_entry(&entry, fsp, 0, NO_OPLOCK); + /* Don't care about the pid owner being correct here - just a search. */ + fill_share_mode_entry(&entry, fsp, (uid_t)-1, 0, NO_OPLOCK); e = find_share_mode_entry(lck, &entry); if (e == NULL) { diff --git a/source/smbd/open.c b/source/smbd/open.c index 2e4091d937e..832a8df7559 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -1685,7 +1685,7 @@ files_struct *open_file_ntcreate(connection_struct *conn, fsp->oplock_type = NO_OPLOCK; } } - set_share_mode(lck, fsp, 0, fsp->oplock_type); + set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type); if (info == FILE_WAS_OVERWRITTEN || info == FILE_WAS_CREATED || info == FILE_WAS_SUPERSEDED) { @@ -1991,7 +1991,7 @@ files_struct *open_directory(connection_struct *conn, return NULL; } - set_share_mode(lck, fsp, 0, NO_OPLOCK); + set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK); /* For directories the delete on close bit at open time seems always to be honored on close... See test 19 in Samba4 BASE-DELETE. */ diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c index 1f731e17291..e4f5c434b09 100644 --- a/source/smbd/oplock.c +++ b/source/smbd/oplock.c @@ -830,6 +830,7 @@ void share_mode_entry_to_message(char *msg, struct share_mode_entry *e) SDEV_T_VAL(msg,28,e->dev); SINO_T_VAL(msg,36,e->inode); SIVAL(msg,44,e->share_file_id); + SIVAL(msg,48,e->uid); } /**************************************************************************** @@ -849,6 +850,7 @@ void message_to_share_mode_entry(struct share_mode_entry *e, char *msg) e->dev = DEV_T_VAL(msg,28); e->inode = INO_T_VAL(msg,36); e->share_file_id = (unsigned long)IVAL(msg,44); + e->uid = (uint32)IVAL(msg,48); } /**************************************************************************** diff --git a/source/utils/status.c b/source/utils/status.c index 2566c8a50de..163d99a2f69 100644 --- a/source/utils/status.c +++ b/source/utils/status.c @@ -108,13 +108,14 @@ static void print_share_mode(const struct share_mode_entry *e, const char *share if (count==0) { d_printf("Locked files:\n"); - d_printf("Pid DenyMode Access R/W Oplock SharePath Name\n"); - d_printf("----------------------------------------------------------------------------------------\n"); + d_printf("Pid Uid DenyMode Access R/W Oplock SharePath Name Time\n"); + d_printf("--------------------------------------------------------------------------------------------------\n"); } count++; if (Ucrit_checkPid(procid_to_pid(&e->pid))) { d_printf("%-11s ",procid_str_static(&e->pid)); + d_printf("%-9u ", (unsigned int)e->uid); switch (map_share_mode_to_deny_mode(e->share_access, e->private_options)) { case DENY_NONE: d_printf("DENY_NONE "); break; diff --git a/source/web/statuspage.c b/source/web/statuspage.c index 769ab217b3e..cb6fa911711 100644 --- a/source/web/statuspage.c +++ b/source/web/statuspage.c @@ -119,6 +119,7 @@ static void print_share_mode(const struct share_mode_entry *e, const char *share e->private_options); printf("%s",_(mapPid2Machine(e->pid))); + printf("%u",(unsigned int)e->uid); printf(""); switch ((deny_mode>>4)&0xF) { case DENY_NONE: printf("DENY_NONE"); break; -- 2.11.4.GIT