search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbd: Remove NT4 compatability handling in posix -> NT ACL conversion
[Samba/gbeck.git] / source3 / smbd / posix_acls.c
blobb8e0d4aba42a7497516d0e073e917e46b3cde43a
1 /*
2 Unix SMB/CIFS implementation.
3 SMB NT Security Descriptor / Unix permission conversion.
4 Copyright (C) Jeremy Allison 1994-2009.
5 Copyright (C) Andreas Gruenbacher 2002.
6 Copyright (C) Simo Sorce <idra@samba.org> 2009.
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "smbd/smbd.h"
24 #include "system/filesys.h"
25 #include "../libcli/security/security.h"
26 #include "trans2.h"
27 #include "passdb/lookup_sid.h"
28 #include "auth.h"
29 #include "../librpc/gen_ndr/idmap.h"
30 #include "../librpc/gen_ndr/ndr_smb_acl.h"
31 #include "lib/param/loadparm.h"
32
33 extern const struct generic_mapping file_generic_mapping;
34
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_ACLS
37
38 /****************************************************************************
39 Data structures representing the internal ACE format.
40 ****************************************************************************/
41
42 enum ace_owner {UID_ACE, GID_ACE, WORLD_ACE};
43 enum ace_attribute {ALLOW_ACE, DENY_ACE}; /* Used for incoming NT ACLS. */
44
45 typedef struct canon_ace {
46 struct canon_ace *next, *prev;
47 SMB_ACL_TAG_T type;
48 mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
49 struct dom_sid trustee;
50 enum ace_owner owner_type;
51 enum ace_attribute attr;
52 struct unixid unix_ug;
53 uint8_t ace_flags; /* From windows ACE entry. */
54 } canon_ace;
55
56 #define ALL_ACE_PERMS (S_IRUSR|S_IWUSR|S_IXUSR)
57
58 /*
59 * EA format of user.SAMBA_PAI (Samba_Posix_Acl_Interitance)
60 * attribute on disk - version 1.
61 * All values are little endian.
62 *
63 * | 1 | 1 | 2 | 2 | ....
64 * +------+------+-------------+---------------------+-------------+--------------------+
65 * | vers | flag | num_entries | num_default_entries | ..entries.. | default_entries... |
66 * +------+------+-------------+---------------------+-------------+--------------------+
67 *
68 * Entry format is :
69 *
70 * | 1 | 4 |
71 * +------+-------------------+
72 * | value| uid/gid or world |
73 * | type | value |
74 * +------+-------------------+
75 *
76 * Version 2 format. Stores extra Windows metadata about an ACL.
77 *
78 * | 1 | 2 | 2 | 2 | ....
79 * +------+----------+-------------+---------------------+-------------+--------------------+
80 * | vers | ace | num_entries | num_default_entries | ..entries.. | default_entries... |
81 * | 2 | type | | | | |
82 * +------+----------+-------------+---------------------+-------------+--------------------+
83 *
84 * Entry format is :
85 *
86 * | 1 | 1 | 4 |
87 * +------+------+-------------------+
88 * | ace | value| uid/gid or world |
89 * | flag | type | value |
90 * +------+-------------------+------+
91 *
92 */
93
94 #define PAI_VERSION_OFFSET 0
95
96 #define PAI_V1_FLAG_OFFSET 1
97 #define PAI_V1_NUM_ENTRIES_OFFSET 2
98 #define PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET 4
99 #define PAI_V1_ENTRIES_BASE 6
100 #define PAI_V1_ACL_FLAG_PROTECTED 0x1
101 #define PAI_V1_ENTRY_LENGTH 5
102
103 #define PAI_V1_VERSION 1
104
105 #define PAI_V2_TYPE_OFFSET 1
106 #define PAI_V2_NUM_ENTRIES_OFFSET 3
107 #define PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET 5
108 #define PAI_V2_ENTRIES_BASE 7
109 #define PAI_V2_ENTRY_LENGTH 6
110
111 #define PAI_V2_VERSION 2
112
113 /*
114 * In memory format of user.SAMBA_PAI attribute.
115 */
116
117 struct pai_entry {
118 struct pai_entry *next, *prev;
119 uint8_t ace_flags;
120 enum ace_owner owner_type;
121 struct unixid unix_ug;
122 };
123
124 struct pai_val {
125 uint16_t sd_type;
126 unsigned int num_entries;
127 struct pai_entry *entry_list;
128 unsigned int num_def_entries;
129 struct pai_entry *def_entry_list;
130 };
131
132 /************************************************************************
133 Return a uint32 of the pai_entry principal.
134 ************************************************************************/
135
136 static uint32_t get_pai_entry_val(struct pai_entry *paie)
137 {
138 switch (paie->owner_type) {
139 case UID_ACE:
140 DEBUG(10,("get_pai_entry_val: uid = %u\n", (unsigned int)paie->unix_ug.id ));
141 return (uint32_t)paie->unix_ug.id;
142 case GID_ACE:
143 DEBUG(10,("get_pai_entry_val: gid = %u\n", (unsigned int)paie->unix_ug.id ));
144 return (uint32_t)paie->unix_ug.id;
145 case WORLD_ACE:
146 default:
147 DEBUG(10,("get_pai_entry_val: world ace\n"));
148 return (uint32_t)-1;
149 }
150 }
151
152 /************************************************************************
153 Return a uint32 of the entry principal.
154 ************************************************************************/
155
156 static uint32_t get_entry_val(canon_ace *ace_entry)
157 {
158 switch (ace_entry->owner_type) {
159 case UID_ACE:
160 DEBUG(10,("get_entry_val: uid = %u\n", (unsigned int)ace_entry->unix_ug.id ));
161 return (uint32_t)ace_entry->unix_ug.id;
162 case GID_ACE:
163 DEBUG(10,("get_entry_val: gid = %u\n", (unsigned int)ace_entry->unix_ug.id ));
164 return (uint32_t)ace_entry->unix_ug.id;
165 case WORLD_ACE:
166 default:
167 DEBUG(10,("get_entry_val: world ace\n"));
168 return (uint32_t)-1;
169 }
170 }
171
172 /************************************************************************
173 Create the on-disk format (always v2 now). Caller must free.
174 ************************************************************************/
175
176 static char *create_pai_buf_v2(canon_ace *file_ace_list,
177 canon_ace *dir_ace_list,
178 uint16_t sd_type,
179 size_t *store_size)
180 {
181 char *pai_buf = NULL;
182 canon_ace *ace_list = NULL;
183 char *entry_offset = NULL;
184 unsigned int num_entries = 0;
185 unsigned int num_def_entries = 0;
186 unsigned int i;
187
188 for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
189 num_entries++;
190 }
191
192 for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
193 num_def_entries++;
194 }
195
196 DEBUG(10,("create_pai_buf_v2: num_entries = %u, num_def_entries = %u\n", num_entries, num_def_entries ));
197
198 *store_size = PAI_V2_ENTRIES_BASE +
199 ((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH);
200
201 pai_buf = talloc_array(talloc_tos(), char, *store_size);
202 if (!pai_buf) {
203 return NULL;
204 }
205
206 /* Set up the header. */
207 memset(pai_buf, '\0', PAI_V2_ENTRIES_BASE);
208 SCVAL(pai_buf,PAI_VERSION_OFFSET,PAI_V2_VERSION);
209 SSVAL(pai_buf,PAI_V2_TYPE_OFFSET, sd_type);
210 SSVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET,num_entries);
211 SSVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET,num_def_entries);
212
213 DEBUG(10,("create_pai_buf_v2: sd_type = 0x%x\n",
214 (unsigned int)sd_type ));
215
216 entry_offset = pai_buf + PAI_V2_ENTRIES_BASE;
217
218 i = 0;
219 for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
220 uint8_t type_val = (uint8_t)ace_list->owner_type;
221 uint32_t entry_val = get_entry_val(ace_list);
222
223 SCVAL(entry_offset,0,ace_list->ace_flags);
224 SCVAL(entry_offset,1,type_val);
225 SIVAL(entry_offset,2,entry_val);
226 DEBUG(10,("create_pai_buf_v2: entry %u [0x%x] [0x%x] [0x%x]\n",
227 i,
228 (unsigned int)ace_list->ace_flags,
229 (unsigned int)type_val,
230 (unsigned int)entry_val ));
231 i++;
232 entry_offset += PAI_V2_ENTRY_LENGTH;
233 }
234
235 for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
236 uint8_t type_val = (uint8_t)ace_list->owner_type;
237 uint32_t entry_val = get_entry_val(ace_list);
238
239 SCVAL(entry_offset,0,ace_list->ace_flags);
240 SCVAL(entry_offset,1,type_val);
241 SIVAL(entry_offset,2,entry_val);
242 DEBUG(10,("create_pai_buf_v2: entry %u [0x%x] [0x%x] [0x%x]\n",
243 i,
244 (unsigned int)ace_list->ace_flags,
245 (unsigned int)type_val,
246 (unsigned int)entry_val ));
247 i++;
248 entry_offset += PAI_V2_ENTRY_LENGTH;
249 }
250
251 return pai_buf;
252 }
253
254 /************************************************************************
255 Store the user.SAMBA_PAI attribute on disk.
256 ************************************************************************/
257
258 static void store_inheritance_attributes(files_struct *fsp,
259 canon_ace *file_ace_list,
260 canon_ace *dir_ace_list,
261 uint16_t sd_type)
262 {
263 int ret;
264 size_t store_size;
265 char *pai_buf;
266
267 if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
268 return;
269 }
270
271 pai_buf = create_pai_buf_v2(file_ace_list, dir_ace_list,
272 sd_type, &store_size);
273
274 if (fsp->fh->fd != -1) {
275 ret = SMB_VFS_FSETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
276 pai_buf, store_size, 0);
277 } else {
278 ret = SMB_VFS_SETXATTR(fsp->conn, fsp->fsp_name->base_name,
279 SAMBA_POSIX_INHERITANCE_EA_NAME,
280 pai_buf, store_size, 0);
281 }
282
283 TALLOC_FREE(pai_buf);
284
285 DEBUG(10,("store_inheritance_attribute: type 0x%x for file %s\n",
286 (unsigned int)sd_type,
287 fsp_str_dbg(fsp)));
288
289 if (ret == -1 && !no_acl_syscall_error(errno)) {
290 DEBUG(1,("store_inheritance_attribute: Error %s\n", strerror(errno) ));
291 }
292 }
293
294 /************************************************************************
295 Delete the in memory inheritance info.
296 ************************************************************************/
297
298 static void free_inherited_info(struct pai_val *pal)
299 {
300 if (pal) {
301 struct pai_entry *paie, *paie_next;
302 for (paie = pal->entry_list; paie; paie = paie_next) {
303 paie_next = paie->next;
304 TALLOC_FREE(paie);
305 }
306 for (paie = pal->def_entry_list; paie; paie = paie_next) {
307 paie_next = paie->next;
308 TALLOC_FREE(paie);
309 }
310 TALLOC_FREE(pal);
311 }
312 }
313
314 /************************************************************************
315 Get any stored ACE flags.
316 ************************************************************************/
317
318 static uint16_t get_pai_flags(struct pai_val *pal, canon_ace *ace_entry, bool default_ace)
319 {
320 struct pai_entry *paie;
321
322 if (!pal) {
323 return 0;
324 }
325
326 /* If the entry exists it is inherited. */
327 for (paie = (default_ace ? pal->def_entry_list : pal->entry_list); paie; paie = paie->next) {
328 if (ace_entry->owner_type == paie->owner_type &&
329 get_entry_val(ace_entry) == get_pai_entry_val(paie))
330 return paie->ace_flags;
331 }
332 return 0;
333 }
334
335 /************************************************************************
336 Ensure an attribute just read is valid - v1.
337 ************************************************************************/
338
339 static bool check_pai_ok_v1(const char *pai_buf, size_t pai_buf_data_size)
340 {
341 uint16 num_entries;
342 uint16 num_def_entries;
343
344 if (pai_buf_data_size < PAI_V1_ENTRIES_BASE) {
345 /* Corrupted - too small. */
346 return false;
347 }
348
349 if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V1_VERSION) {
350 return false;
351 }
352
353 num_entries = SVAL(pai_buf,PAI_V1_NUM_ENTRIES_OFFSET);
354 num_def_entries = SVAL(pai_buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
355
356 /* Check the entry lists match. */
357 /* Each entry is 5 bytes (type plus 4 bytes of uid or gid). */
358
359 if (((num_entries + num_def_entries)*PAI_V1_ENTRY_LENGTH) +
360 PAI_V1_ENTRIES_BASE != pai_buf_data_size) {
361 return false;
362 }
363
364 return true;
365 }
366
367 /************************************************************************
368 Ensure an attribute just read is valid - v2.
369 ************************************************************************/
370
371 static bool check_pai_ok_v2(const char *pai_buf, size_t pai_buf_data_size)
372 {
373 uint16 num_entries;
374 uint16 num_def_entries;
375
376 if (pai_buf_data_size < PAI_V2_ENTRIES_BASE) {
377 /* Corrupted - too small. */
378 return false;
379 }
380
381 if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V2_VERSION) {
382 return false;
383 }
384
385 num_entries = SVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET);
386 num_def_entries = SVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
387
388 /* Check the entry lists match. */
389 /* Each entry is 6 bytes (flags + type + 4 bytes of uid or gid). */
390
391 if (((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH) +
392 PAI_V2_ENTRIES_BASE != pai_buf_data_size) {
393 return false;
394 }
395
396 return true;
397 }
398
399 /************************************************************************
400 Decode the owner.
401 ************************************************************************/
402
403 static bool get_pai_owner_type(struct pai_entry *paie, const char *entry_offset)
404 {
405 paie->owner_type = (enum ace_owner)CVAL(entry_offset,0);
406 switch( paie->owner_type) {
407 case UID_ACE:
408 paie->unix_ug.type = ID_TYPE_UID;
409 paie->unix_ug.id = (uid_t)IVAL(entry_offset,1);
410 DEBUG(10,("get_pai_owner_type: uid = %u\n",
411 (unsigned int)paie->unix_ug.id ));
412 break;
413 case GID_ACE:
414 paie->unix_ug.type = ID_TYPE_GID;
415 paie->unix_ug.id = (gid_t)IVAL(entry_offset,1);
416 DEBUG(10,("get_pai_owner_type: gid = %u\n",
417 (unsigned int)paie->unix_ug.id ));
418 break;
419 case WORLD_ACE:
420 paie->unix_ug.type = ID_TYPE_NOT_SPECIFIED;
421 paie->unix_ug.id = -1;
422 DEBUG(10,("get_pai_owner_type: world ace\n"));
423 break;
424 default:
425 DEBUG(10,("get_pai_owner_type: unknown type %u\n",
426 (unsigned int)paie->owner_type ));
427 return false;
428 }
429 return true;
430 }
431
432 /************************************************************************
433 Process v2 entries.
434 ************************************************************************/
435
436 static const char *create_pai_v1_entries(struct pai_val *paiv,
437 const char *entry_offset,
438 bool def_entry)
439 {
440 int i;
441
442 for (i = 0; i < paiv->num_entries; i++) {
443 struct pai_entry *paie = talloc(talloc_tos(), struct pai_entry);
444 if (!paie) {
445 return NULL;
446 }
447
448 paie->ace_flags = SEC_ACE_FLAG_INHERITED_ACE;
449 if (!get_pai_owner_type(paie, entry_offset)) {
450 TALLOC_FREE(paie);
451 return NULL;
452 }
453
454 if (!def_entry) {
455 DLIST_ADD(paiv->entry_list, paie);
456 } else {
457 DLIST_ADD(paiv->def_entry_list, paie);
458 }
459 entry_offset += PAI_V1_ENTRY_LENGTH;
460 }
461 return entry_offset;
462 }
463
464 /************************************************************************
465 Convert to in-memory format from version 1.
466 ************************************************************************/
467
468 static struct pai_val *create_pai_val_v1(const char *buf, size_t size)
469 {
470 const char *entry_offset;
471 struct pai_val *paiv = NULL;
472
473 if (!check_pai_ok_v1(buf, size)) {
474 return NULL;
475 }
476
477 paiv = talloc(talloc_tos(), struct pai_val);
478 if (!paiv) {
479 return NULL;
480 }
481
482 memset(paiv, '\0', sizeof(struct pai_val));
483
484 paiv->sd_type = (CVAL(buf,PAI_V1_FLAG_OFFSET) == PAI_V1_ACL_FLAG_PROTECTED) ?
485 SEC_DESC_DACL_PROTECTED : 0;
486
487 paiv->num_entries = SVAL(buf,PAI_V1_NUM_ENTRIES_OFFSET);
488 paiv->num_def_entries = SVAL(buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
489
490 entry_offset = buf + PAI_V1_ENTRIES_BASE;
491
492 DEBUG(10,("create_pai_val: num_entries = %u, num_def_entries = %u\n",
493 paiv->num_entries, paiv->num_def_entries ));
494
495 entry_offset = create_pai_v1_entries(paiv, entry_offset, false);
496 if (entry_offset == NULL) {
497 free_inherited_info(paiv);
498 return NULL;
499 }
500 entry_offset = create_pai_v1_entries(paiv, entry_offset, true);
501 if (entry_offset == NULL) {
502 free_inherited_info(paiv);
503 return NULL;
504 }
505
506 return paiv;
507 }
508
509 /************************************************************************
510 Process v2 entries.
511 ************************************************************************/
512
513 static const char *create_pai_v2_entries(struct pai_val *paiv,
514 unsigned int num_entries,
515 const char *entry_offset,
516 bool def_entry)
517 {
518 unsigned int i;
519
520 for (i = 0; i < num_entries; i++) {
521 struct pai_entry *paie = talloc(talloc_tos(), struct pai_entry);
522 if (!paie) {
523 return NULL;
524 }
525
526 paie->ace_flags = CVAL(entry_offset,0);
527
528 if (!get_pai_owner_type(paie, entry_offset+1)) {
529 TALLOC_FREE(paie);
530 return NULL;
531 }
532 if (!def_entry) {
533 DLIST_ADD(paiv->entry_list, paie);
534 } else {
535 DLIST_ADD(paiv->def_entry_list, paie);
536 }
537 entry_offset += PAI_V2_ENTRY_LENGTH;
538 }
539 return entry_offset;
540 }
541
542 /************************************************************************
543 Convert to in-memory format from version 2.
544 ************************************************************************/
545
546 static struct pai_val *create_pai_val_v2(const char *buf, size_t size)
547 {
548 const char *entry_offset;
549 struct pai_val *paiv = NULL;
550
551 if (!check_pai_ok_v2(buf, size)) {
552 return NULL;
553 }
554
555 paiv = talloc(talloc_tos(), struct pai_val);
556 if (!paiv) {
557 return NULL;
558 }
559
560 memset(paiv, '\0', sizeof(struct pai_val));
561
562 paiv->sd_type = SVAL(buf,PAI_V2_TYPE_OFFSET);
563
564 paiv->num_entries = SVAL(buf,PAI_V2_NUM_ENTRIES_OFFSET);
565 paiv->num_def_entries = SVAL(buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
566
567 entry_offset = buf + PAI_V2_ENTRIES_BASE;
568
569 DEBUG(10,("create_pai_val_v2: sd_type = 0x%x num_entries = %u, num_def_entries = %u\n",
570 (unsigned int)paiv->sd_type,
571 paiv->num_entries, paiv->num_def_entries ));
572
573 entry_offset = create_pai_v2_entries(paiv, paiv->num_entries,
574 entry_offset, false);
575 if (entry_offset == NULL) {
576 free_inherited_info(paiv);
577 return NULL;
578 }
579 entry_offset = create_pai_v2_entries(paiv, paiv->num_def_entries,
580 entry_offset, true);
581 if (entry_offset == NULL) {
582 free_inherited_info(paiv);
583 return NULL;
584 }
585
586 return paiv;
587 }
588
589 /************************************************************************
590 Convert to in-memory format - from either version 1 or 2.
591 ************************************************************************/
592
593 static struct pai_val *create_pai_val(const char *buf, size_t size)
594 {
595 if (size < 1) {
596 return NULL;
597 }
598 if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V1_VERSION) {
599 return create_pai_val_v1(buf, size);
600 } else if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V2_VERSION) {
601 return create_pai_val_v2(buf, size);
602 } else {
603 return NULL;
604 }
605 }
606
607 /************************************************************************
608 Load the user.SAMBA_PAI attribute.
609 ************************************************************************/
610
611 static struct pai_val *fload_inherited_info(files_struct *fsp)
612 {
613 char *pai_buf;
614 size_t pai_buf_size = 1024;
615 struct pai_val *paiv = NULL;
616 ssize_t ret;
617
618 if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
619 return NULL;
620 }
621
622 if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL) {
623 return NULL;
624 }
625
626 do {
627 if (fsp->fh->fd != -1) {
628 ret = SMB_VFS_FGETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
629 pai_buf, pai_buf_size);
630 } else {
631 ret = SMB_VFS_GETXATTR(fsp->conn,
632 fsp->fsp_name->base_name,
633 SAMBA_POSIX_INHERITANCE_EA_NAME,
634 pai_buf, pai_buf_size);
635 }
636
637 if (ret == -1) {
638 if (errno != ERANGE) {
639 break;
640 }
641 /* Buffer too small - enlarge it. */
642 pai_buf_size *= 2;
643 TALLOC_FREE(pai_buf);
644 if (pai_buf_size > 1024*1024) {
645 return NULL; /* Limit malloc to 1mb. */
646 }
647 if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL)
648 return NULL;
649 }
650 } while (ret == -1);
651
652 DEBUG(10,("load_inherited_info: ret = %lu for file %s\n",
653 (unsigned long)ret, fsp_str_dbg(fsp)));
654
655 if (ret == -1) {
656 /* No attribute or not supported. */
657 #if defined(ENOATTR)
658 if (errno != ENOATTR)
659 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
660 #else
661 if (errno != ENOSYS)
662 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
663 #endif
664 TALLOC_FREE(pai_buf);
665 return NULL;
666 }
667
668 paiv = create_pai_val(pai_buf, ret);
669
670 if (paiv) {
671 DEBUG(10,("load_inherited_info: ACL type is 0x%x for file %s\n",
672 (unsigned int)paiv->sd_type, fsp_str_dbg(fsp)));
673 }
674
675 TALLOC_FREE(pai_buf);
676 return paiv;
677 }
678
679 /************************************************************************
680 Load the user.SAMBA_PAI attribute.
681 ************************************************************************/
682
683 static struct pai_val *load_inherited_info(const struct connection_struct *conn,
684 const char *fname)
685 {
686 char *pai_buf;
687 size_t pai_buf_size = 1024;
688 struct pai_val *paiv = NULL;
689 ssize_t ret;
690
691 if (!lp_map_acl_inherit(SNUM(conn))) {
692 return NULL;
693 }
694
695 if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL) {
696 return NULL;
697 }
698
699 do {
700 ret = SMB_VFS_GETXATTR(conn, fname,
701 SAMBA_POSIX_INHERITANCE_EA_NAME,
702 pai_buf, pai_buf_size);
703
704 if (ret == -1) {
705 if (errno != ERANGE) {
706 break;
707 }
708 /* Buffer too small - enlarge it. */
709 pai_buf_size *= 2;
710 TALLOC_FREE(pai_buf);
711 if (pai_buf_size > 1024*1024) {
712 return NULL; /* Limit malloc to 1mb. */
713 }
714 if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL)
715 return NULL;
716 }
717 } while (ret == -1);
718
719 DEBUG(10,("load_inherited_info: ret = %lu for file %s\n", (unsigned long)ret, fname));
720
721 if (ret == -1) {
722 /* No attribute or not supported. */
723 #if defined(ENOATTR)
724 if (errno != ENOATTR)
725 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
726 #else
727 if (errno != ENOSYS)
728 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
729 #endif
730 TALLOC_FREE(pai_buf);
731 return NULL;
732 }
733
734 paiv = create_pai_val(pai_buf, ret);
735
736 if (paiv) {
737 DEBUG(10,("load_inherited_info: ACL type 0x%x for file %s\n",
738 (unsigned int)paiv->sd_type,
739 fname));
740 }
741
742 TALLOC_FREE(pai_buf);
743 return paiv;
744 }
745
746 /****************************************************************************
747 Functions to manipulate the internal ACE format.
748 ****************************************************************************/
749
750 /****************************************************************************
751 Count a linked list of canonical ACE entries.
752 ****************************************************************************/
753
754 static size_t count_canon_ace_list( canon_ace *l_head )
755 {
756 size_t count = 0;
757 canon_ace *ace;
758
759 for (ace = l_head; ace; ace = ace->next)
760 count++;
761
762 return count;
763 }
764
765 /****************************************************************************
766 Free a linked list of canonical ACE entries.
767 ****************************************************************************/
768
769 static void free_canon_ace_list( canon_ace *l_head )
770 {
771 canon_ace *list, *next;
772
773 for (list = l_head; list; list = next) {
774 next = list->next;
775 DLIST_REMOVE(l_head, list);
776 TALLOC_FREE(list);
777 }
778 }
779
780 /****************************************************************************
781 Function to duplicate a canon_ace entry.
782 ****************************************************************************/
783
784 static canon_ace *dup_canon_ace( canon_ace *src_ace)
785 {
786 canon_ace *dst_ace = talloc(talloc_tos(), canon_ace);
787
788 if (dst_ace == NULL)
789 return NULL;
790
791 *dst_ace = *src_ace;
792 dst_ace->prev = dst_ace->next = NULL;
793 return dst_ace;
794 }
795
796 /****************************************************************************
797 Print out a canon ace.
798 ****************************************************************************/
799
800 static void print_canon_ace(canon_ace *pace, int num)
801 {
802 dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
803 dbgtext( "SID = %s ", sid_string_dbg(&pace->trustee));
804 if (pace->owner_type == UID_ACE) {
805 const char *u_name = uidtoname(pace->unix_ug.id);
806 dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.id, u_name );
807 } else if (pace->owner_type == GID_ACE) {
808 char *g_name = gidtoname(pace->unix_ug.id);
809 dbgtext( "gid %u (%s) ", (unsigned int)pace->unix_ug.id, g_name );
810 } else
811 dbgtext( "other ");
812 switch (pace->type) {
813 case SMB_ACL_USER:
814 dbgtext( "SMB_ACL_USER ");
815 break;
816 case SMB_ACL_USER_OBJ:
817 dbgtext( "SMB_ACL_USER_OBJ ");
818 break;
819 case SMB_ACL_GROUP:
820 dbgtext( "SMB_ACL_GROUP ");
821 break;
822 case SMB_ACL_GROUP_OBJ:
823 dbgtext( "SMB_ACL_GROUP_OBJ ");
824 break;
825 case SMB_ACL_OTHER:
826 dbgtext( "SMB_ACL_OTHER ");
827 break;
828 default:
829 dbgtext( "MASK " );
830 break;
831 }
832
833 dbgtext( "ace_flags = 0x%x ", (unsigned int)pace->ace_flags);
834 dbgtext( "perms ");
835 dbgtext( "%c", pace->perms & S_IRUSR ? 'r' : '-');
836 dbgtext( "%c", pace->perms & S_IWUSR ? 'w' : '-');
837 dbgtext( "%c\n", pace->perms & S_IXUSR ? 'x' : '-');
838 }
839
840 /****************************************************************************
841 Print out a canon ace list.
842 ****************************************************************************/
843
844 static void print_canon_ace_list(const char *name, canon_ace *ace_list)
845 {
846 int count = 0;
847
848 if( DEBUGLVL( 10 )) {
849 dbgtext( "print_canon_ace_list: %s\n", name );
850 for (;ace_list; ace_list = ace_list->next, count++)
851 print_canon_ace(ace_list, count );
852 }
853 }
854
855 /****************************************************************************
856 Map POSIX ACL perms to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
857 ****************************************************************************/
858
859 static mode_t convert_permset_to_mode_t(SMB_ACL_PERMSET_T permset)
860 {
861 mode_t ret = 0;
862
863 ret |= (sys_acl_get_perm(permset, SMB_ACL_READ) ? S_IRUSR : 0);
864 ret |= (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
865 ret |= (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
866
867 return ret;
868 }
869
870 /****************************************************************************
871 Map generic UNIX permissions to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
872 ****************************************************************************/
873
874 static mode_t unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask)
875 {
876 mode_t ret = 0;
877
878 if (mode & r_mask)
879 ret |= S_IRUSR;
880 if (mode & w_mask)
881 ret |= S_IWUSR;
882 if (mode & x_mask)
883 ret |= S_IXUSR;
884
885 return ret;
886 }
887
888 /****************************************************************************
889 Map canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits) to
890 an SMB_ACL_PERMSET_T.
891 ****************************************************************************/
892
893 static int map_acl_perms_to_permset(connection_struct *conn, mode_t mode, SMB_ACL_PERMSET_T *p_permset)
894 {
895 if (sys_acl_clear_perms(*p_permset) == -1)
896 return -1;
897 if (mode & S_IRUSR) {
898 if (sys_acl_add_perm(*p_permset, SMB_ACL_READ) == -1)
899 return -1;
900 }
901 if (mode & S_IWUSR) {
902 if (sys_acl_add_perm(*p_permset, SMB_ACL_WRITE) == -1)
903 return -1;
904 }
905 if (mode & S_IXUSR) {
906 if (sys_acl_add_perm(*p_permset, SMB_ACL_EXECUTE) == -1)
907 return -1;
908 }
909 return 0;
910 }
911
912 /****************************************************************************
913 Function to create owner and group SIDs from a SMB_STRUCT_STAT.
914 ****************************************************************************/
915
916 void create_file_sids(const SMB_STRUCT_STAT *psbuf, struct dom_sid *powner_sid, struct dom_sid *pgroup_sid)
917 {
918 uid_to_sid( powner_sid, psbuf->st_ex_uid );
919 gid_to_sid( pgroup_sid, psbuf->st_ex_gid );
920 }
921
922 /****************************************************************************
923 Merge aces with a common UID or GID - if both are allow or deny, OR the permissions together and
924 delete the second one. If the first is deny, mask the permissions off and delete the allow
925 if the permissions become zero, delete the deny if the permissions are non zero.
926 ****************************************************************************/
927
928 static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
929 {
930 canon_ace *l_head = *pp_list_head;
931 canon_ace *curr_ace_outer;
932 canon_ace *curr_ace_outer_next;
933
934 /*
935 * First, merge allow entries with identical SIDs, and deny entries
936 * with identical SIDs.
937 */
938
939 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
940 canon_ace *curr_ace;
941 canon_ace *curr_ace_next;
942
943 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
944
945 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
946 bool can_merge = false;
947
948 curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
949
950 /* For file ACLs we can merge if the SIDs and ALLOW/DENY
951 * types are the same. For directory acls we must also
952 * ensure the POSIX ACL types are the same.
953 *
954 * For the IDMAP_BOTH case, we must not merge
955 * the UID and GID ACE values for same SID
956 */
957
958 if (!dir_acl) {
959 can_merge = (curr_ace->unix_ug.id == curr_ace_outer->unix_ug.id &&
960 curr_ace->owner_type == curr_ace_outer->owner_type &&
961 (curr_ace->attr == curr_ace_outer->attr));
962 } else {
963 can_merge = (curr_ace->unix_ug.id == curr_ace_outer->unix_ug.id &&
964 curr_ace->owner_type == curr_ace_outer->owner_type &&
965 (curr_ace->type == curr_ace_outer->type) &&
966 (curr_ace->attr == curr_ace_outer->attr));
967 }
968
969 if (can_merge) {
970 if( DEBUGLVL( 10 )) {
971 dbgtext("merge_aces: Merging ACE's\n");
972 print_canon_ace( curr_ace_outer, 0);
973 print_canon_ace( curr_ace, 0);
974 }
975
976 /* Merge two allow or two deny ACE's. */
977
978 /* Theoretically we shouldn't merge a dir ACE if
979 * one ACE has the CI flag set, and the other
980 * ACE has the OI flag set, but this is rare
981 * enough we can ignore it. */
982
983 curr_ace_outer->perms |= curr_ace->perms;
984 curr_ace_outer->ace_flags |= curr_ace->ace_flags;
985 DLIST_REMOVE(l_head, curr_ace);
986 TALLOC_FREE(curr_ace);
987 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
988 }
989 }
990 }
991
992 /*
993 * Now go through and mask off allow permissions with deny permissions.
994 * We can delete either the allow or deny here as we know that each SID
995 * appears only once in the list.
996 */
997
998 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
999 canon_ace *curr_ace;
1000 canon_ace *curr_ace_next;
1001
1002 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
1003
1004 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
1005
1006 curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
1007
1008 /*
1009 * Subtract ACE's with different entries. Due to the ordering constraints
1010 * we've put on the ACL, we know the deny must be the first one.
1011 */
1012
1013 if (curr_ace->unix_ug.id == curr_ace_outer->unix_ug.id &&
1014 (curr_ace->owner_type == curr_ace_outer->owner_type) &&
1015 (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
1016
1017 if( DEBUGLVL( 10 )) {
1018 dbgtext("merge_aces: Masking ACE's\n");
1019 print_canon_ace( curr_ace_outer, 0);
1020 print_canon_ace( curr_ace, 0);
1021 }
1022
1023 curr_ace->perms &= ~curr_ace_outer->perms;
1024
1025 if (curr_ace->perms == 0) {
1026
1027 /*
1028 * The deny overrides the allow. Remove the allow.
1029 */
1030
1031 DLIST_REMOVE(l_head, curr_ace);
1032 TALLOC_FREE(curr_ace);
1033 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
1034
1035 } else {
1036
1037 /*
1038 * Even after removing permissions, there
1039 * are still allow permissions - delete the deny.
1040 * It is safe to delete the deny here,
1041 * as we are guarenteed by the deny first
1042 * ordering that all the deny entries for
1043 * this SID have already been merged into one
1044 * before we can get to an allow ace.
1045 */
1046
1047 DLIST_REMOVE(l_head, curr_ace_outer);
1048 TALLOC_FREE(curr_ace_outer);
1049 break;
1050 }
1051 }
1052
1053 } /* end for curr_ace */
1054 } /* end for curr_ace_outer */
1055
1056 /* We may have modified the list. */
1057
1058 *pp_list_head = l_head;
1059 }
1060
1061 /****************************************************************************
1062 Map canon_ace perms to permission bits NT.
1063 The attr element is not used here - we only process deny entries on set,
1064 not get. Deny entries are implicit on get with ace->perms = 0.
1065 ****************************************************************************/
1066
1067 uint32_t map_canon_ace_perms(int snum,
1068 enum security_ace_type *pacl_type,
1069 mode_t perms,
1070 bool directory_ace)
1071 {
1072 uint32_t nt_mask = 0;
1073
1074 *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
1075
1076 if (lp_acl_map_full_control(snum) && ((perms & ALL_ACE_PERMS) == ALL_ACE_PERMS)) {
1077 if (directory_ace) {
1078 nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
1079 } else {
1080 nt_mask = (UNIX_ACCESS_RWX & ~DELETE_ACCESS);
1081 }
1082 } else if ((perms & ALL_ACE_PERMS) == (mode_t)0) {
1083 /*
1084 * Windows NT refuses to display ACEs with no permissions in them (but
1085 * they are perfectly legal with Windows 2000). If the ACE has empty
1086 * permissions we cannot use 0, so we use the otherwise unused
1087 * WRITE_OWNER permission, which we ignore when we set an ACL.
1088 * We abstract this into a #define of UNIX_ACCESS_NONE to allow this
1089 * to be changed in the future.
1090 */
1091
1092 nt_mask = 0;
1093 } else {
1094 if (directory_ace) {
1095 nt_mask |= ((perms & S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 );
1096 nt_mask |= ((perms & S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 );
1097 nt_mask |= ((perms & S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 );
1098 } else {
1099 nt_mask |= ((perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
1100 nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
1101 nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
1102 }
1103 }
1104
1105 if ((perms & S_IWUSR) && lp_dos_filemode(snum)) {
1106 nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER|DELETE_ACCESS);
1107 }
1108
1109 DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
1110 (unsigned int)perms, (unsigned int)nt_mask ));
1111
1112 return nt_mask;
1113 }
1114
1115 /****************************************************************************
1116 Map NT perms to a UNIX mode_t.
1117 ****************************************************************************/
1118
1119 #define FILE_SPECIFIC_READ_BITS (FILE_READ_DATA|FILE_READ_EA)
1120 #define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA)
1121 #define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
1122
1123 static mode_t map_nt_perms( uint32 *mask, int type)
1124 {
1125 mode_t mode = 0;
1126
1127 switch(type) {
1128 case S_IRUSR:
1129 if((*mask) & GENERIC_ALL_ACCESS)
1130 mode = S_IRUSR|S_IWUSR|S_IXUSR;
1131 else {
1132 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
1133 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
1134 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
1135 }
1136 break;
1137 case S_IRGRP:
1138 if((*mask) & GENERIC_ALL_ACCESS)
1139 mode = S_IRGRP|S_IWGRP|S_IXGRP;
1140 else {
1141 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
1142 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
1143 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
1144 }
1145 break;
1146 case S_IROTH:
1147 if((*mask) & GENERIC_ALL_ACCESS)
1148 mode = S_IROTH|S_IWOTH|S_IXOTH;
1149 else {
1150 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
1151 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
1152 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
1153 }
1154 break;
1155 }
1156
1157 return mode;
1158 }
1159
1160 /****************************************************************************
1161 Unpack a struct security_descriptor into a UNIX owner and group.
1162 ****************************************************************************/
1163
1164 NTSTATUS unpack_nt_owners(struct connection_struct *conn,
1165 uid_t *puser, gid_t *pgrp,
1166 uint32 security_info_sent, const struct
1167 security_descriptor *psd)
1168 {
1169 struct dom_sid owner_sid;
1170 struct dom_sid grp_sid;
1171
1172 *puser = (uid_t)-1;
1173 *pgrp = (gid_t)-1;
1174
1175 if(security_info_sent == 0) {
1176 DEBUG(0,("unpack_nt_owners: no security info sent !\n"));
1177 return NT_STATUS_OK;
1178 }
1179
1180 /*
1181 * Validate the owner and group SID's.
1182 */
1183
1184 memset(&owner_sid, '\0', sizeof(owner_sid));
1185 memset(&grp_sid, '\0', sizeof(grp_sid));
1186
1187 DEBUG(5,("unpack_nt_owners: validating owner_sids.\n"));
1188
1189 /*
1190 * Don't immediately fail if the owner sid cannot be validated.
1191 * This may be a group chown only set.
1192 */
1193
1194 if (security_info_sent & SECINFO_OWNER) {
1195 sid_copy(&owner_sid, psd->owner_sid);
1196 if (!sid_to_uid(&owner_sid, puser)) {
1197 if (lp_force_unknown_acl_user(SNUM(conn))) {
1198 /* this allows take ownership to work
1199 * reasonably */
1200 *puser = get_current_uid(conn);
1201 } else {
1202 DEBUG(3,("unpack_nt_owners: unable to validate"
1203 " owner sid for %s\n",
1204 sid_string_dbg(&owner_sid)));
1205 return NT_STATUS_INVALID_OWNER;
1206 }
1207 }
1208 DEBUG(3,("unpack_nt_owners: owner sid mapped to uid %u\n",
1209 (unsigned int)*puser ));
1210 }
1211
1212 /*
1213 * Don't immediately fail if the group sid cannot be validated.
1214 * This may be an owner chown only set.
1215 */
1216
1217 if (security_info_sent & SECINFO_GROUP) {
1218 sid_copy(&grp_sid, psd->group_sid);
1219 if (!sid_to_gid( &grp_sid, pgrp)) {
1220 if (lp_force_unknown_acl_user(SNUM(conn))) {
1221 /* this allows take group ownership to work
1222 * reasonably */
1223 *pgrp = get_current_gid(conn);
1224 } else {
1225 DEBUG(3,("unpack_nt_owners: unable to validate"
1226 " group sid.\n"));
1227 return NT_STATUS_INVALID_OWNER;
1228 }
1229 }
1230 DEBUG(3,("unpack_nt_owners: group sid mapped to gid %u\n",
1231 (unsigned int)*pgrp));
1232 }
1233
1234 DEBUG(5,("unpack_nt_owners: owner_sids validated.\n"));
1235
1236 return NT_STATUS_OK;
1237 }
1238
1239 /****************************************************************************
1240 Ensure the enforced permissions for this share apply.
1241 ****************************************************************************/
1242
1243 static void apply_default_perms(const struct share_params *params,
1244 const bool is_directory, canon_ace *pace,
1245 mode_t type)
1246 {
1247 mode_t and_bits = (mode_t)0;
1248 mode_t or_bits = (mode_t)0;
1249
1250 /* Get the initial bits to apply. */
1251
1252 if (is_directory) {
1253 and_bits = lp_dir_mask(params->service);
1254 or_bits = lp_force_dir_mode(params->service);
1255 } else {
1256 and_bits = lp_create_mask(params->service);
1257 or_bits = lp_force_create_mode(params->service);
1258 }
1259
1260 /* Now bounce them into the S_USR space. */
1261 switch(type) {
1262 case S_IRUSR:
1263 /* Ensure owner has read access. */
1264 pace->perms |= S_IRUSR;
1265 if (is_directory)
1266 pace->perms |= (S_IWUSR|S_IXUSR);
1267 and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1268 or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1269 break;
1270 case S_IRGRP:
1271 and_bits = unix_perms_to_acl_perms(and_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1272 or_bits = unix_perms_to_acl_perms(or_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1273 break;
1274 case S_IROTH:
1275 and_bits = unix_perms_to_acl_perms(and_bits, S_IROTH, S_IWOTH, S_IXOTH);
1276 or_bits = unix_perms_to_acl_perms(or_bits, S_IROTH, S_IWOTH, S_IXOTH);
1277 break;
1278 }
1279
1280 pace->perms = ((pace->perms & and_bits)|or_bits);
1281 }
1282
1283 /****************************************************************************
1284 Check if a given uid/SID is in a group gid/SID. This is probably very
1285 expensive and will need optimisation. A *lot* of optimisation :-). JRA.
1286 ****************************************************************************/
1287
1288 static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, canon_ace *group_ace )
1289 {
1290 /* "Everyone" always matches every uid. */
1291
1292 if (dom_sid_equal(&group_ace->trustee, &global_sid_World))
1293 return True;
1294
1295 /*
1296 * if it's the current user, we already have the unix token
1297 * and don't need to do the complex user_in_group_sid() call
1298 */
1299 if (uid_ace->unix_ug.id == get_current_uid(conn)) {
1300 const struct security_unix_token *curr_utok = NULL;
1301 size_t i;
1302
1303 if (group_ace->unix_ug.id == get_current_gid(conn)) {
1304 return True;
1305 }
1306
1307 curr_utok = get_current_utok(conn);
1308 for (i=0; i < curr_utok->ngroups; i++) {
1309 if (group_ace->unix_ug.id == curr_utok->groups[i]) {
1310 return True;
1311 }
1312 }
1313 }
1314
1315 /*
1316 * user_in_group_sid() uses create_token_from_sid()
1317 * which creates an artificial NT token given just a username,
1318 * so this is not reliable for users from foreign domains
1319 * exported by winbindd!
1320 */
1321 return user_sid_in_group_sid(&uid_ace->trustee, &group_ace->trustee);
1322 }
1323
1324 /****************************************************************************
1325 A well formed POSIX file or default ACL has at least 3 entries, a
1326 SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ.
1327 In addition, the owner must always have at least read access.
1328 When using this call on get_acl, the pst struct is valid and contains
1329 the mode of the file.
1330 ****************************************************************************/
1331
1332 static bool ensure_canon_entry_valid_on_get(connection_struct *conn,
1333 canon_ace **pp_ace,
1334 const struct dom_sid *pfile_owner_sid,
1335 const struct dom_sid *pfile_grp_sid,
1336 const SMB_STRUCT_STAT *pst)
1337 {
1338 canon_ace *pace;
1339 bool got_user = false;
1340 bool got_group = false;
1341 bool got_other = false;
1342
1343 for (pace = *pp_ace; pace; pace = pace->next) {
1344 if (pace->type == SMB_ACL_USER_OBJ) {
1345 got_user = true;
1346 } else if (pace->type == SMB_ACL_GROUP_OBJ) {
1347 got_group = true;
1348 } else if (pace->type == SMB_ACL_OTHER) {
1349 got_other = true;
1350 }
1351 }
1352
1353 if (!got_user) {
1354 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1355 DEBUG(0,("malloc fail.\n"));
1356 return false;
1357 }
1358
1359 ZERO_STRUCTP(pace);
1360 pace->type = SMB_ACL_USER_OBJ;
1361 pace->owner_type = UID_ACE;
1362 pace->unix_ug.type = ID_TYPE_UID;
1363 pace->unix_ug.id = pst->st_ex_uid;
1364 pace->trustee = *pfile_owner_sid;
1365 pace->attr = ALLOW_ACE;
1366 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
1367 DLIST_ADD(*pp_ace, pace);
1368 }
1369
1370 if (!got_group) {
1371 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1372 DEBUG(0,("malloc fail.\n"));
1373 return false;
1374 }
1375
1376 ZERO_STRUCTP(pace);
1377 pace->type = SMB_ACL_GROUP_OBJ;
1378 pace->owner_type = GID_ACE;
1379 pace->unix_ug.type = ID_TYPE_GID;
1380 pace->unix_ug.id = pst->st_ex_gid;
1381 pace->trustee = *pfile_grp_sid;
1382 pace->attr = ALLOW_ACE;
1383 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP);
1384 DLIST_ADD(*pp_ace, pace);
1385 }
1386
1387 if (!got_other) {
1388 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1389 DEBUG(0,("malloc fail.\n"));
1390 return false;
1391 }
1392
1393 ZERO_STRUCTP(pace);
1394 pace->type = SMB_ACL_OTHER;
1395 pace->owner_type = WORLD_ACE;
1396 pace->unix_ug.type = ID_TYPE_NOT_SPECIFIED;
1397 pace->unix_ug.id = -1;
1398 pace->trustee = global_sid_World;
1399 pace->attr = ALLOW_ACE;
1400 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IROTH, S_IWOTH, S_IXOTH);
1401 DLIST_ADD(*pp_ace, pace);
1402 }
1403
1404 return true;
1405 }
1406
1407 /****************************************************************************
1408 A well formed POSIX file or default ACL has at least 3 entries, a
1409 SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ.
1410 In addition, the owner must always have at least read access.
1411 When using this call on set_acl, the pst struct has
1412 been modified to have a mode containing the default for this file or directory
1413 type.
1414 ****************************************************************************/
1415
1416 static bool ensure_canon_entry_valid_on_set(connection_struct *conn,
1417 canon_ace **pp_ace,
1418 bool is_default_acl,
1419 const struct share_params *params,
1420 const bool is_directory,
1421 const struct dom_sid *pfile_owner_sid,
1422 const struct dom_sid *pfile_grp_sid,
1423 const SMB_STRUCT_STAT *pst)
1424 {
1425 canon_ace *pace;
1426 canon_ace *pace_user = NULL;
1427 canon_ace *pace_group = NULL;
1428 canon_ace *pace_other = NULL;
1429 bool got_duplicate_user = false;
1430 bool got_duplicate_group = false;
1431
1432 for (pace = *pp_ace; pace; pace = pace->next) {
1433 if (pace->type == SMB_ACL_USER_OBJ) {
1434
1435 if (!is_default_acl) {
1436 apply_default_perms(params, is_directory, pace, S_IRUSR);
1437 }
1438 pace_user = pace;
1439
1440 } else if (pace->type == SMB_ACL_GROUP_OBJ) {
1441
1442 /*
1443 * Ensure create mask/force create mode is respected on set.
1444 */
1445
1446 if (!is_default_acl) {
1447 apply_default_perms(params, is_directory, pace, S_IRGRP);
1448 }
1449 pace_group = pace;
1450
1451 } else if (pace->type == SMB_ACL_OTHER) {
1452
1453 /*
1454 * Ensure create mask/force create mode is respected on set.
1455 */
1456
1457 if (!is_default_acl) {
1458 apply_default_perms(params, is_directory, pace, S_IROTH);
1459 }
1460 pace_other = pace;
1461
1462 } else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
1463
1464 /*
1465 * Ensure create mask/force create mode is respected on set.
1466 */
1467
1468 if (!is_default_acl) {
1469 apply_default_perms(params, is_directory, pace, S_IRGRP);
1470 }
1471 }
1472 }
1473
1474 if (!pace_user) {
1475 canon_ace *pace_iter;
1476
1477 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1478 DEBUG(0,("talloc fail.\n"));
1479 return false;
1480 }
1481
1482 ZERO_STRUCTP(pace);
1483 pace->type = SMB_ACL_USER_OBJ;
1484 pace->owner_type = UID_ACE;
1485 pace->unix_ug.type = ID_TYPE_UID;
1486 pace->unix_ug.id = pst->st_ex_uid;
1487 pace->trustee = *pfile_owner_sid;
1488 pace->attr = ALLOW_ACE;
1489 /* Start with existing user permissions, principle of least
1490 surprises for the user. */
1491 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
1492
1493 /* See if the owning user is in any of the other groups in
1494 the ACE, or if there's a matching user entry (by uid
1495 or in the case of ID_TYPE_BOTH by SID).
1496 If so, OR in the permissions from that entry. */
1497
1498
1499 for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) {
1500 if (pace_iter->type == SMB_ACL_USER &&
1501 pace_iter->unix_ug.id == pace->unix_ug.id) {
1502 pace->perms |= pace_iter->perms;
1503 } else if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) {
1504 if (dom_sid_equal(&pace->trustee, &pace_iter->trustee)) {
1505 pace->perms |= pace_iter->perms;
1506 } else if (uid_entry_in_group(conn, pace, pace_iter)) {
1507 pace->perms |= pace_iter->perms;
1508 }
1509 }
1510 }
1511
1512 if (pace->perms == 0) {
1513 /* If we only got an "everyone" perm, just use that. */
1514 if (pace_other)
1515 pace->perms = pace_other->perms;
1516 }
1517
1518 if (!is_default_acl) {
1519 apply_default_perms(params, is_directory, pace, S_IRUSR);
1520 }
1521
1522 DLIST_ADD(*pp_ace, pace);
1523 pace_user = pace;
1524 }
1525
1526 if (!pace_group) {
1527 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1528 DEBUG(0,("talloc fail.\n"));
1529 return false;
1530 }
1531
1532 ZERO_STRUCTP(pace);
1533 pace->type = SMB_ACL_GROUP_OBJ;
1534 pace->owner_type = GID_ACE;
1535 pace->unix_ug.type = ID_TYPE_GID;
1536 pace->unix_ug.id = pst->st_ex_gid;
1537 pace->trustee = *pfile_grp_sid;
1538 pace->attr = ALLOW_ACE;
1539
1540 /* If we only got an "everyone" perm, just use that. */
1541 if (pace_other) {
1542 pace->perms = pace_other->perms;
1543 } else {
1544 pace->perms = 0;
1545 }
1546 if (!is_default_acl) {
1547 apply_default_perms(params, is_directory, pace, S_IRGRP);
1548 }
1549
1550 DLIST_ADD(*pp_ace, pace);
1551 pace_group = pace;
1552 }
1553
1554 if (!pace_other) {
1555 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1556 DEBUG(0,("talloc fail.\n"));
1557 return false;
1558 }
1559
1560 ZERO_STRUCTP(pace);
1561 pace->type = SMB_ACL_OTHER;
1562 pace->owner_type = WORLD_ACE;
1563 pace->unix_ug.type = ID_TYPE_NOT_SPECIFIED;
1564 pace->unix_ug.id = -1;
1565 pace->trustee = global_sid_World;
1566 pace->attr = ALLOW_ACE;
1567 pace->perms = 0;
1568 if (!is_default_acl) {
1569 apply_default_perms(params, is_directory, pace, S_IROTH);
1570 }
1571
1572 DLIST_ADD(*pp_ace, pace);
1573 pace_other = pace;
1574 }
1575
1576 /* Ensure when setting a POSIX ACL, that the uid for a
1577 SMB_ACL_USER_OBJ ACE (the owner ACE entry) has a duplicate
1578 permission entry as an SMB_ACL_USER, and a gid for a
1579 SMB_ACL_GROUP_OBJ ACE (the primary group ACE entry) also has
1580 a duplicate permission entry as an SMB_ACL_GROUP. If not,
1581 then if the ownership or group ownership of this file or
1582 directory gets changed, the user or group can lose their
1583 access. */
1584
1585 for (pace = *pp_ace; pace; pace = pace->next) {
1586 if (pace->type == SMB_ACL_USER &&
1587 pace->unix_ug.id == pace_user->unix_ug.id) {
1588 /* Already got one. */
1589 got_duplicate_user = true;
1590 } else if (pace->type == SMB_ACL_GROUP &&
1591 pace->unix_ug.id == pace_group->unix_ug.id) {
1592 /* Already got one. */
1593 got_duplicate_group = true;
1594 } else if ((pace->type == SMB_ACL_GROUP)
1595 && (dom_sid_equal(&pace->trustee, &pace_user->trustee))) {
1596 /* If the SID owning the file appears
1597 * in a group entry, then we have
1598 * enough duplication, they will still
1599 * have access */
1600 got_duplicate_user = true;
1601 }
1602 }
1603
1604 /* If the SID is equal for the user and group that we need
1605 to add the duplicate for, add only the group */
1606 if (!got_duplicate_user && !got_duplicate_group
1607 && dom_sid_equal(&pace_group->trustee,
1608 &pace_user->trustee)) {
1609 /* Add a duplicate SMB_ACL_GROUP entry, this
1610 * will cover the owning SID as well, as it
1611 * will always be mapped to both a uid and
1612 * gid. */
1613
1614 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1615 DEBUG(0,("talloc fail.\n"));
1616 return false;
1617 }
1618
1619 ZERO_STRUCTP(pace);
1620 pace->type = SMB_ACL_GROUP;;
1621 pace->owner_type = GID_ACE;
1622 pace->unix_ug.type = ID_TYPE_GID;
1623 pace->unix_ug.id = pace_group->unix_ug.id;
1624 pace->trustee = pace_group->trustee;
1625 pace->attr = pace_group->attr;
1626 pace->perms = pace_group->perms;
1627
1628 DLIST_ADD(*pp_ace, pace);
1629
1630 /* We're done here, make sure the
1631 statements below are not executed. */
1632 got_duplicate_user = true;
1633 got_duplicate_group = true;
1634 }
1635
1636 if (!got_duplicate_user) {
1637 /* Add a duplicate SMB_ACL_USER entry. */
1638 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1639 DEBUG(0,("talloc fail.\n"));
1640 return false;
1641 }
1642
1643 ZERO_STRUCTP(pace);
1644 pace->type = SMB_ACL_USER;;
1645 pace->owner_type = UID_ACE;
1646 pace->unix_ug.type = ID_TYPE_UID;
1647 pace->unix_ug.id = pace_user->unix_ug.id;
1648 pace->trustee = pace_user->trustee;
1649 pace->attr = pace_user->attr;
1650 pace->perms = pace_user->perms;
1651
1652 DLIST_ADD(*pp_ace, pace);
1653
1654 got_duplicate_user = true;
1655 }
1656
1657 if (!got_duplicate_group) {
1658 /* Add a duplicate SMB_ACL_GROUP entry. */
1659 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1660 DEBUG(0,("talloc fail.\n"));
1661 return false;
1662 }
1663
1664 ZERO_STRUCTP(pace);
1665 pace->type = SMB_ACL_GROUP;;
1666 pace->owner_type = GID_ACE;
1667 pace->unix_ug.type = ID_TYPE_GID;
1668 pace->unix_ug.id = pace_group->unix_ug.id;
1669 pace->trustee = pace_group->trustee;
1670 pace->attr = pace_group->attr;
1671 pace->perms = pace_group->perms;
1672
1673 DLIST_ADD(*pp_ace, pace);
1674
1675 got_duplicate_group = true;
1676 }
1677
1678 return true;
1679 }
1680
1681 /****************************************************************************
1682 Check if a POSIX ACL has the required SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries.
1683 If it does not have them, check if there are any entries where the trustee is the
1684 file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ.
1685 Note we must not do this to default directory ACLs.
1686 ****************************************************************************/
1687
1688 static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, struct dom_sid *pfile_grp_sid)
1689 {
1690 bool got_user_obj, got_group_obj;
1691 canon_ace *current_ace;
1692 int i, entries;
1693
1694 entries = count_canon_ace_list(ace);
1695 got_user_obj = False;
1696 got_group_obj = False;
1697
1698 for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1699 if (current_ace->type == SMB_ACL_USER_OBJ)
1700 got_user_obj = True;
1701 else if (current_ace->type == SMB_ACL_GROUP_OBJ)
1702 got_group_obj = True;
1703 }
1704 if (got_user_obj && got_group_obj) {
1705 DEBUG(10,("check_owning_objs: ACL had owning user/group entries.\n"));
1706 return;
1707 }
1708
1709 for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1710 if (!got_user_obj && current_ace->owner_type == UID_ACE &&
1711 dom_sid_equal(&current_ace->trustee, pfile_owner_sid)) {
1712 current_ace->type = SMB_ACL_USER_OBJ;
1713 got_user_obj = True;
1714 }
1715 if (!got_group_obj && current_ace->owner_type == GID_ACE &&
1716 dom_sid_equal(&current_ace->trustee, pfile_grp_sid)) {
1717 current_ace->type = SMB_ACL_GROUP_OBJ;
1718 got_group_obj = True;
1719 }
1720 }
1721 if (!got_user_obj)
1722 DEBUG(10,("check_owning_objs: ACL is missing an owner entry.\n"));
1723 if (!got_group_obj)
1724 DEBUG(10,("check_owning_objs: ACL is missing an owning group entry.\n"));
1725 }
1726
1727 static bool add_current_ace_to_acl(files_struct *fsp, struct security_ace *psa,
1728 canon_ace **file_ace, canon_ace **dir_ace,
1729 bool *got_file_allow, bool *got_dir_allow,
1730 bool *all_aces_are_inherit_only,
1731 canon_ace *current_ace)
1732 {
1733
1734 /*
1735 * Map the given NT permissions into a UNIX mode_t containing only
1736 * S_I(R|W|X)USR bits.
1737 */
1738
1739 current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR);
1740 current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
1741
1742 /* Store the ace_flag. */
1743 current_ace->ace_flags = psa->flags;
1744
1745 /*
1746 * Now add the created ace to either the file list, the directory
1747 * list, or both. We *MUST* preserve the order here (hence we use
1748 * DLIST_ADD_END) as NT ACLs are order dependent.
1749 */
1750
1751 if (fsp->is_directory) {
1752
1753 /*
1754 * We can only add to the default POSIX ACE list if the ACE is
1755 * designed to be inherited by both files and directories.
1756 */
1757
1758 if ((psa->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) ==
1759 (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) {
1760
1761 canon_ace *current_dir_ace = current_ace;
1762 DLIST_ADD_END(*dir_ace, current_ace, canon_ace *);
1763
1764 /*
1765 * Note if this was an allow ace. We can't process
1766 * any further deny ace's after this.
1767 */
1768
1769 if (current_ace->attr == ALLOW_ACE)
1770 *got_dir_allow = True;
1771
1772 if ((current_ace->attr == DENY_ACE) && *got_dir_allow) {
1773 DEBUG(0,("add_current_ace_to_acl: "
1774 "malformed ACL in "
1775 "inheritable ACL! Deny entry "
1776 "after Allow entry. Failing "
1777 "to set on file %s.\n",
1778 fsp_str_dbg(fsp)));
1779 return False;
1780 }
1781
1782 if( DEBUGLVL( 10 )) {
1783 dbgtext("add_current_ace_to_acl: adding dir ACL:\n");
1784 print_canon_ace( current_ace, 0);
1785 }
1786
1787 /*
1788 * If this is not an inherit only ACE we need to add a duplicate
1789 * to the file acl.
1790 */
1791
1792 if (!(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1793 canon_ace *dup_ace = dup_canon_ace(current_ace);
1794
1795 if (!dup_ace) {
1796 DEBUG(0,("add_current_ace_to_acl: malloc fail !\n"));
1797 return False;
1798 }
1799
1800 /*
1801 * We must not free current_ace here as its
1802 * pointer is now owned by the dir_ace list.
1803 */
1804 current_ace = dup_ace;
1805 /* We've essentially split this ace into two,
1806 * and added the ace with inheritance request
1807 * bits to the directory ACL. Drop those bits for
1808 * the ACE we're adding to the file list. */
1809 current_ace->ace_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT|
1810 SEC_ACE_FLAG_CONTAINER_INHERIT|
1811 SEC_ACE_FLAG_INHERIT_ONLY);
1812 } else {
1813 /*
1814 * We must not free current_ace here as its
1815 * pointer is now owned by the dir_ace list.
1816 */
1817 current_ace = NULL;
1818 }
1819
1820 /*
1821 * current_ace is now either owned by file_ace
1822 * or is NULL. We can safely operate on current_dir_ace
1823 * to treat mapping for default acl entries differently
1824 * than access acl entries.
1825 */
1826
1827 if (current_dir_ace->owner_type == UID_ACE) {
1828 /*
1829 * We already decided above this is a uid,
1830 * for default acls ace's only CREATOR_OWNER
1831 * maps to ACL_USER_OBJ. All other uid
1832 * ace's are ACL_USER.
1833 */
1834 if (dom_sid_equal(&current_dir_ace->trustee,
1835 &global_sid_Creator_Owner)) {
1836 current_dir_ace->type = SMB_ACL_USER_OBJ;
1837 } else {
1838 current_dir_ace->type = SMB_ACL_USER;
1839 }
1840 }
1841
1842 if (current_dir_ace->owner_type == GID_ACE) {
1843 /*
1844 * We already decided above this is a gid,
1845 * for default acls ace's only CREATOR_GROUP
1846 * maps to ACL_GROUP_OBJ. All other uid
1847 * ace's are ACL_GROUP.
1848 */
1849 if (dom_sid_equal(&current_dir_ace->trustee,
1850 &global_sid_Creator_Group)) {
1851 current_dir_ace->type = SMB_ACL_GROUP_OBJ;
1852 } else {
1853 current_dir_ace->type = SMB_ACL_GROUP;
1854 }
1855 }
1856 }
1857 }
1858
1859 /*
1860 * Only add to the file ACL if not inherit only.
1861 */
1862
1863 if (current_ace && !(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1864 DLIST_ADD_END(*file_ace, current_ace, canon_ace *);
1865
1866 /*
1867 * Note if this was an allow ace. We can't process
1868 * any further deny ace's after this.
1869 */
1870
1871 if (current_ace->attr == ALLOW_ACE)
1872 *got_file_allow = True;
1873
1874 if ((current_ace->attr == DENY_ACE) && got_file_allow) {
1875 DEBUG(0,("add_current_ace_to_acl: malformed "
1876 "ACL in file ACL ! Deny entry after "
1877 "Allow entry. Failing to set on file "
1878 "%s.\n", fsp_str_dbg(fsp)));
1879 return False;
1880 }
1881
1882 if( DEBUGLVL( 10 )) {
1883 dbgtext("add_current_ace_to_acl: adding file ACL:\n");
1884 print_canon_ace( current_ace, 0);
1885 }
1886 *all_aces_are_inherit_only = False;
1887 /*
1888 * We must not free current_ace here as its
1889 * pointer is now owned by the file_ace list.
1890 */
1891 current_ace = NULL;
1892 }
1893
1894 /*
1895 * Free if ACE was not added.
1896 */
1897
1898 TALLOC_FREE(current_ace);
1899 return true;
1900 }
1901
1902 /****************************************************************************
1903 Unpack a struct security_descriptor into two canonical ace lists.
1904 ****************************************************************************/
1905
1906 static bool create_canon_ace_lists(files_struct *fsp,
1907 const SMB_STRUCT_STAT *pst,
1908 struct dom_sid *pfile_owner_sid,
1909 struct dom_sid *pfile_grp_sid,
1910 canon_ace **ppfile_ace,
1911 canon_ace **ppdir_ace,
1912 const struct security_acl *dacl)
1913 {
1914 bool all_aces_are_inherit_only = (fsp->is_directory ? True : False);
1915 canon_ace *file_ace = NULL;
1916 canon_ace *dir_ace = NULL;
1917 canon_ace *current_ace = NULL;
1918 bool got_dir_allow = False;
1919 bool got_file_allow = False;
1920 int i, j;
1921
1922 *ppfile_ace = NULL;
1923 *ppdir_ace = NULL;
1924
1925 /*
1926 * Convert the incoming ACL into a more regular form.
1927 */
1928
1929 for(i = 0; i < dacl->num_aces; i++) {
1930 struct security_ace *psa = &dacl->aces[i];
1931
1932 if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
1933 DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
1934 return False;
1935 }
1936 }
1937
1938 /*
1939 * Deal with the fact that NT 4.x re-writes the canonical format
1940 * that we return for default ACLs. If a directory ACE is identical
1941 * to a inherited directory ACE then NT changes the bits so that the
1942 * first ACE is set to OI|IO and the second ACE for this SID is set
1943 * to CI. We need to repair this. JRA.
1944 */
1945
1946 for(i = 0; i < dacl->num_aces; i++) {
1947 struct security_ace *psa1 = &dacl->aces[i];
1948
1949 for (j = i + 1; j < dacl->num_aces; j++) {
1950 struct security_ace *psa2 = &dacl->aces[j];
1951
1952 if (psa1->access_mask != psa2->access_mask)
1953 continue;
1954
1955 if (!dom_sid_equal(&psa1->trustee, &psa2->trustee))
1956 continue;
1957
1958 /*
1959 * Ok - permission bits and SIDs are equal.
1960 * Check if flags were re-written.
1961 */
1962
1963 if (psa1->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1964
1965 psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1966 psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1967
1968 } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1969
1970 psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1971 psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1972
1973 }
1974 }
1975 }
1976
1977 for(i = 0; i < dacl->num_aces; i++) {
1978 struct security_ace *psa = &dacl->aces[i];
1979
1980 /*
1981 * Create a canon_ace entry representing this NT DACL ACE.
1982 */
1983
1984 if ((current_ace = talloc(talloc_tos(), canon_ace)) == NULL) {
1985 free_canon_ace_list(file_ace);
1986 free_canon_ace_list(dir_ace);
1987 DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
1988 return False;
1989 }
1990
1991 ZERO_STRUCTP(current_ace);
1992
1993 sid_copy(&current_ace->trustee, &psa->trustee);
1994
1995 /*
1996 * Try and work out if the SID is a user or group
1997 * as we need to flag these differently for POSIX.
1998 * Note what kind of a POSIX ACL this should map to.
1999 */
2000
2001 if( dom_sid_equal(&current_ace->trustee, &global_sid_World)) {
2002 current_ace->owner_type = WORLD_ACE;
2003 current_ace->unix_ug.type = ID_TYPE_NOT_SPECIFIED;
2004 current_ace->unix_ug.id = -1;
2005 current_ace->type = SMB_ACL_OTHER;
2006 } else if (dom_sid_equal(&current_ace->trustee, &global_sid_Creator_Owner)) {
2007 current_ace->owner_type = UID_ACE;
2008 current_ace->unix_ug.type = ID_TYPE_UID;
2009 current_ace->unix_ug.id = pst->st_ex_uid;
2010 current_ace->type = SMB_ACL_USER_OBJ;
2011
2012 /*
2013 * The Creator Owner entry only specifies inheritable permissions,
2014 * never access permissions. WinNT doesn't always set the ACE to
2015 * INHERIT_ONLY, though.
2016 */
2017
2018 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
2019
2020 } else if (dom_sid_equal(&current_ace->trustee, &global_sid_Creator_Group)) {
2021 current_ace->owner_type = GID_ACE;
2022 current_ace->unix_ug.type = ID_TYPE_GID;
2023 current_ace->unix_ug.id = pst->st_ex_gid;
2024 current_ace->type = SMB_ACL_GROUP_OBJ;
2025
2026 /*
2027 * The Creator Group entry only specifies inheritable permissions,
2028 * never access permissions. WinNT doesn't always set the ACE to
2029 * INHERIT_ONLY, though.
2030 */
2031 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
2032
2033 } else {
2034 struct unixid unixid;
2035
2036 if (!sids_to_unixids(&current_ace->trustee, 1, &unixid)) {
2037 free_canon_ace_list(file_ace);
2038 free_canon_ace_list(dir_ace);
2039 TALLOC_FREE(current_ace);
2040 DEBUG(0, ("create_canon_ace_lists: sids_to_unixids "
2041 "failed for %s (allocation failure)\n",
2042 sid_string_dbg(&current_ace->trustee)));
2043 return false;
2044 }
2045
2046 if (unixid.type == ID_TYPE_BOTH) {
2047 /* If it's the owning user, this is a
2048 * user_obj, not a user. This way, we
2049 * get a valid ACL for groups that own
2050 * files, without putting user ACL
2051 * entries in for groups otherwise */
2052 if (unixid.id == pst->st_ex_uid) {
2053 current_ace->owner_type = UID_ACE;
2054 current_ace->unix_ug.type = ID_TYPE_UID;
2055 current_ace->unix_ug.id = unixid.id;
2056 current_ace->type = SMB_ACL_USER_OBJ;
2057
2058 /* Add the user object to the posix ACL,
2059 and proceed to the group mapping
2060 below. This handles the talloc_free
2061 of current_ace if not added for some
2062 reason */
2063 if (!add_current_ace_to_acl(fsp,
2064 psa,
2065 &file_ace,
2066 &dir_ace,
2067 &got_file_allow,
2068 &got_dir_allow,
2069 &all_aces_are_inherit_only,
2070 current_ace)) {
2071 free_canon_ace_list(file_ace);
2072 free_canon_ace_list(dir_ace);
2073 return false;
2074 }
2075
2076 if ((current_ace = talloc(talloc_tos(),
2077 canon_ace)) == NULL) {
2078 free_canon_ace_list(file_ace);
2079 free_canon_ace_list(dir_ace);
2080 DEBUG(0,("create_canon_ace_lists: "
2081 "malloc fail.\n"));
2082 return False;
2083 }
2084
2085 ZERO_STRUCTP(current_ace);
2086 }
2087
2088 sid_copy(&current_ace->trustee, &psa->trustee);
2089
2090 current_ace->unix_ug.type = ID_TYPE_GID;
2091 current_ace->unix_ug.id = unixid.id;
2092 current_ace->owner_type = GID_ACE;
2093 /* If it's the primary group, this is a
2094 group_obj, not a group. */
2095 if (current_ace->unix_ug.id == pst->st_ex_gid) {
2096 current_ace->type = SMB_ACL_GROUP_OBJ;
2097 } else {
2098 current_ace->type = SMB_ACL_GROUP;
2099 }
2100
2101 } else if (unixid.type == ID_TYPE_UID) {
2102 current_ace->owner_type = UID_ACE;
2103 current_ace->unix_ug.type = ID_TYPE_UID;
2104 current_ace->unix_ug.id = unixid.id;
2105 /* If it's the owning user, this is a user_obj,
2106 not a user. */
2107 if (current_ace->unix_ug.id == pst->st_ex_uid) {
2108 current_ace->type = SMB_ACL_USER_OBJ;
2109 } else {
2110 current_ace->type = SMB_ACL_USER;
2111 }
2112 } else if (unixid.type == ID_TYPE_GID) {
2113 current_ace->unix_ug.type = ID_TYPE_GID;
2114 current_ace->unix_ug.id = unixid.id;
2115 current_ace->owner_type = GID_ACE;
2116 /* If it's the primary group, this is a
2117 group_obj, not a group. */
2118 if (current_ace->unix_ug.id == pst->st_ex_gid) {
2119 current_ace->type = SMB_ACL_GROUP_OBJ;
2120 } else {
2121 current_ace->type = SMB_ACL_GROUP;
2122 }
2123 } else {
2124 /*
2125 * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
2126 */
2127
2128 if (non_mappable_sid(&psa->trustee)) {
2129 DEBUG(10, ("create_canon_ace_lists: ignoring "
2130 "non-mappable SID %s\n",
2131 sid_string_dbg(&psa->trustee)));
2132 TALLOC_FREE(current_ace);
2133 continue;
2134 }
2135
2136 if (lp_force_unknown_acl_user(SNUM(fsp->conn))) {
2137 DEBUG(10, ("create_canon_ace_lists: ignoring "
2138 "unknown or foreign SID %s\n",
2139 sid_string_dbg(&psa->trustee)));
2140 TALLOC_FREE(current_ace);
2141 continue;
2142 }
2143
2144 free_canon_ace_list(file_ace);
2145 free_canon_ace_list(dir_ace);
2146 DEBUG(0, ("create_canon_ace_lists: unable to map SID "
2147 "%s to uid or gid.\n",
2148 sid_string_dbg(&current_ace->trustee)));
2149 TALLOC_FREE(current_ace);
2150 return false;
2151 }
2152 }
2153
2154 /* handles the talloc_free of current_ace if not added for some reason */
2155 if (!add_current_ace_to_acl(fsp, psa, &file_ace, &dir_ace,
2156 &got_file_allow, &got_dir_allow,
2157 &all_aces_are_inherit_only, current_ace)) {
2158 free_canon_ace_list(file_ace);
2159 free_canon_ace_list(dir_ace);
2160 return false;
2161 }
2162 }
2163
2164 if (fsp->is_directory && all_aces_are_inherit_only) {
2165 /*
2166 * Windows 2000 is doing one of these weird 'inherit acl'
2167 * traverses to conserve NTFS ACL resources. Just pretend
2168 * there was no DACL sent. JRA.
2169 */
2170
2171 DEBUG(10,("create_canon_ace_lists: Win2k inherit acl traverse. Ignoring DACL.\n"));
2172 free_canon_ace_list(file_ace);
2173 free_canon_ace_list(dir_ace);
2174 file_ace = NULL;
2175 dir_ace = NULL;
2176 } else {
2177 /*
2178 * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in
2179 * the file ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP
2180 * entries can be converted to *_OBJ. Don't do this for the default
2181 * ACL, we will create them separately for this if needed inside
2182 * ensure_canon_entry_valid_on_set().
2183 */
2184 if (file_ace) {
2185 check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid);
2186 }
2187 }
2188
2189 *ppfile_ace = file_ace;
2190 *ppdir_ace = dir_ace;
2191
2192 return True;
2193 }
2194
2195 /****************************************************************************
2196 ASCII art time again... JRA :-).
2197
2198 We have 4 cases to process when moving from an NT ACL to a POSIX ACL. Firstly,
2199 we insist the ACL is in canonical form (ie. all DENY entries preceede ALLOW
2200 entries). Secondly, the merge code has ensured that all duplicate SID entries for
2201 allow or deny have been merged, so the same SID can only appear once in the deny
2202 list or once in the allow list.
2203
2204 We then process as follows :
2205
2206 ---------------------------------------------------------------------------
2207 First pass - look for a Everyone DENY entry.
2208
2209 If it is deny all (rwx) trunate the list at this point.
2210 Else, walk the list from this point and use the deny permissions of this
2211 entry as a mask on all following allow entries. Finally, delete
2212 the Everyone DENY entry (we have applied it to everything possible).
2213
2214 In addition, in this pass we remove any DENY entries that have
2215 no permissions (ie. they are a DENY nothing).
2216 ---------------------------------------------------------------------------
2217 Second pass - only deal with deny user entries.
2218
2219 DENY user1 (perms XXX)
2220
2221 new_perms = 0
2222 for all following allow group entries where user1 is in group
2223 new_perms |= group_perms;
2224
2225 user1 entry perms = new_perms & ~ XXX;
2226
2227 Convert the deny entry to an allow entry with the new perms and
2228 push to the end of the list. Note if the user was in no groups
2229 this maps to a specific allow nothing entry for this user.
2230
2231 The common case from the NT ACL choser (userX deny all) is
2232 optimised so we don't do the group lookup - we just map to
2233 an allow nothing entry.
2234
2235 What we're doing here is inferring the allow permissions the
2236 person setting the ACE on user1 wanted by looking at the allow
2237 permissions on the groups the user is currently in. This will
2238 be a snapshot, depending on group membership but is the best
2239 we can do and has the advantage of failing closed rather than
2240 open.
2241 ---------------------------------------------------------------------------
2242 Third pass - only deal with deny group entries.
2243
2244 DENY group1 (perms XXX)
2245
2246 for all following allow user entries where user is in group1
2247 user entry perms = user entry perms & ~ XXX;
2248
2249 If there is a group Everyone allow entry with permissions YYY,
2250 convert the group1 entry to an allow entry and modify its
2251 permissions to be :
2252
2253 new_perms = YYY & ~ XXX
2254
2255 and push to the end of the list.
2256
2257 If there is no group Everyone allow entry then convert the
2258 group1 entry to a allow nothing entry and push to the end of the list.
2259
2260 Note that the common case from the NT ACL choser (groupX deny all)
2261 cannot be optimised here as we need to modify user entries who are
2262 in the group to change them to a deny all also.
2263
2264 What we're doing here is modifying the allow permissions of
2265 user entries (which are more specific in POSIX ACLs) to mask
2266 out the explicit deny set on the group they are in. This will
2267 be a snapshot depending on current group membership but is the
2268 best we can do and has the advantage of failing closed rather
2269 than open.
2270 ---------------------------------------------------------------------------
2271 Fourth pass - cope with cumulative permissions.
2272
2273 for all allow user entries, if there exists an allow group entry with
2274 more permissive permissions, and the user is in that group, rewrite the
2275 allow user permissions to contain both sets of permissions.
2276
2277 Currently the code for this is #ifdef'ed out as these semantics make
2278 no sense to me. JRA.
2279 ---------------------------------------------------------------------------
2280
2281 Note we *MUST* do the deny user pass first as this will convert deny user
2282 entries into allow user entries which can then be processed by the deny
2283 group pass.
2284
2285 The above algorithm took a *lot* of thinking about - hence this
2286 explaination :-). JRA.
2287 ****************************************************************************/
2288
2289 /****************************************************************************
2290 Process a canon_ace list entries. This is very complex code. We need
2291 to go through and remove the "deny" permissions from any allow entry that matches
2292 the id of this entry. We have already refused any NT ACL that wasn't in correct
2293 order (DENY followed by ALLOW). If any allow entry ends up with zero permissions,
2294 we just remove it (to fail safe). We have already removed any duplicate ace
2295 entries. Treat an "Everyone" DENY_ACE as a special case - use it to mask all
2296 allow entries.
2297 ****************************************************************************/
2298
2299 static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list )
2300 {
2301 canon_ace *ace_list = *pp_ace_list;
2302 canon_ace *curr_ace = NULL;
2303 canon_ace *curr_ace_next = NULL;
2304
2305 /* Pass 1 above - look for an Everyone, deny entry. */
2306
2307 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2308 canon_ace *allow_ace_p;
2309
2310 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2311
2312 if (curr_ace->attr != DENY_ACE)
2313 continue;
2314
2315 if (curr_ace->perms == (mode_t)0) {
2316
2317 /* Deny nothing entry - delete. */
2318
2319 DLIST_REMOVE(ace_list, curr_ace);
2320 continue;
2321 }
2322
2323 if (!dom_sid_equal(&curr_ace->trustee, &global_sid_World))
2324 continue;
2325
2326 /* JRATEST - assert. */
2327 SMB_ASSERT(curr_ace->owner_type == WORLD_ACE);
2328
2329 if (curr_ace->perms == ALL_ACE_PERMS) {
2330
2331 /*
2332 * Optimisation. This is a DENY_ALL to Everyone. Truncate the
2333 * list at this point including this entry.
2334 */
2335
2336 canon_ace *prev_entry = DLIST_PREV(curr_ace);
2337
2338 free_canon_ace_list( curr_ace );
2339 if (prev_entry)
2340 DLIST_REMOVE(ace_list, prev_entry);
2341 else {
2342 /* We deleted the entire list. */
2343 ace_list = NULL;
2344 }
2345 break;
2346 }
2347
2348 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2349
2350 /*
2351 * Only mask off allow entries.
2352 */
2353
2354 if (allow_ace_p->attr != ALLOW_ACE)
2355 continue;
2356
2357 allow_ace_p->perms &= ~curr_ace->perms;
2358 }
2359
2360 /*
2361 * Now it's been applied, remove it.
2362 */
2363
2364 DLIST_REMOVE(ace_list, curr_ace);
2365 }
2366
2367 /* Pass 2 above - deal with deny user entries. */
2368
2369 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2370 mode_t new_perms = (mode_t)0;
2371 canon_ace *allow_ace_p;
2372
2373 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2374
2375 if (curr_ace->attr != DENY_ACE)
2376 continue;
2377
2378 if (curr_ace->owner_type != UID_ACE)
2379 continue;
2380
2381 if (curr_ace->perms == ALL_ACE_PERMS) {
2382
2383 /*
2384 * Optimisation - this is a deny everything to this user.
2385 * Convert to an allow nothing and push to the end of the list.
2386 */
2387
2388 curr_ace->attr = ALLOW_ACE;
2389 curr_ace->perms = (mode_t)0;
2390 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2391 continue;
2392 }
2393
2394 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2395
2396 if (allow_ace_p->attr != ALLOW_ACE)
2397 continue;
2398
2399 /* We process GID_ACE and WORLD_ACE entries only. */
2400
2401 if (allow_ace_p->owner_type == UID_ACE)
2402 continue;
2403
2404 if (uid_entry_in_group(conn, curr_ace, allow_ace_p))
2405 new_perms |= allow_ace_p->perms;
2406 }
2407
2408 /*
2409 * Convert to a allow entry, modify the perms and push to the end
2410 * of the list.
2411 */
2412
2413 curr_ace->attr = ALLOW_ACE;
2414 curr_ace->perms = (new_perms & ~curr_ace->perms);
2415 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2416 }
2417
2418 /* Pass 3 above - deal with deny group entries. */
2419
2420 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2421 canon_ace *allow_ace_p;
2422 canon_ace *allow_everyone_p = NULL;
2423
2424 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2425
2426 if (curr_ace->attr != DENY_ACE)
2427 continue;
2428
2429 if (curr_ace->owner_type != GID_ACE)
2430 continue;
2431
2432 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2433
2434 if (allow_ace_p->attr != ALLOW_ACE)
2435 continue;
2436
2437 /* Store a pointer to the Everyone allow, if it exists. */
2438 if (allow_ace_p->owner_type == WORLD_ACE)
2439 allow_everyone_p = allow_ace_p;
2440
2441 /* We process UID_ACE entries only. */
2442
2443 if (allow_ace_p->owner_type != UID_ACE)
2444 continue;
2445
2446 /* Mask off the deny group perms. */
2447
2448 if (uid_entry_in_group(conn, allow_ace_p, curr_ace))
2449 allow_ace_p->perms &= ~curr_ace->perms;
2450 }
2451
2452 /*
2453 * Convert the deny to an allow with the correct perms and
2454 * push to the end of the list.
2455 */
2456
2457 curr_ace->attr = ALLOW_ACE;
2458 if (allow_everyone_p)
2459 curr_ace->perms = allow_everyone_p->perms & ~curr_ace->perms;
2460 else
2461 curr_ace->perms = (mode_t)0;
2462 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2463 }
2464
2465 /* Doing this fourth pass allows Windows semantics to be layered
2466 * on top of POSIX semantics. I'm not sure if this is desirable.
2467 * For example, in W2K ACLs there is no way to say, "Group X no
2468 * access, user Y full access" if user Y is a member of group X.
2469 * This seems completely broken semantics to me.... JRA.
2470 */
2471
2472 #if 0
2473 /* Pass 4 above - deal with allow entries. */
2474
2475 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2476 canon_ace *allow_ace_p;
2477
2478 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2479
2480 if (curr_ace->attr != ALLOW_ACE)
2481 continue;
2482
2483 if (curr_ace->owner_type != UID_ACE)
2484 continue;
2485
2486 for (allow_ace_p = ace_list; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2487
2488 if (allow_ace_p->attr != ALLOW_ACE)
2489 continue;
2490
2491 /* We process GID_ACE entries only. */
2492
2493 if (allow_ace_p->owner_type != GID_ACE)
2494 continue;
2495
2496 /* OR in the group perms. */
2497
2498 if (uid_entry_in_group(conn, curr_ace, allow_ace_p))
2499 curr_ace->perms |= allow_ace_p->perms;
2500 }
2501 }
2502 #endif
2503
2504 *pp_ace_list = ace_list;
2505 }
2506
2507 /****************************************************************************
2508 Unpack a struct security_descriptor into two canonical ace lists. We don't depend on this
2509 succeeding.
2510 ****************************************************************************/
2511
2512 static bool unpack_canon_ace(files_struct *fsp,
2513 const SMB_STRUCT_STAT *pst,
2514 struct dom_sid *pfile_owner_sid,
2515 struct dom_sid *pfile_grp_sid,
2516 canon_ace **ppfile_ace,
2517 canon_ace **ppdir_ace,
2518 uint32 security_info_sent,
2519 const struct security_descriptor *psd)
2520 {
2521 canon_ace *file_ace = NULL;
2522 canon_ace *dir_ace = NULL;
2523
2524 *ppfile_ace = NULL;
2525 *ppdir_ace = NULL;
2526
2527 if(security_info_sent == 0) {
2528 DEBUG(0,("unpack_canon_ace: no security info sent !\n"));
2529 return False;
2530 }
2531
2532 /*
2533 * If no DACL then this is a chown only security descriptor.
2534 */
2535
2536 if(!(security_info_sent & SECINFO_DACL) || !psd->dacl)
2537 return True;
2538
2539 /*
2540 * Now go through the DACL and create the canon_ace lists.
2541 */
2542
2543 if (!create_canon_ace_lists( fsp, pst, pfile_owner_sid, pfile_grp_sid,
2544 &file_ace, &dir_ace, psd->dacl))
2545 return False;
2546
2547 if ((file_ace == NULL) && (dir_ace == NULL)) {
2548 /* W2K traverse DACL set - ignore. */
2549 return True;
2550 }
2551
2552 /*
2553 * Go through the canon_ace list and merge entries
2554 * belonging to identical users of identical allow or deny type.
2555 * We can do this as all deny entries come first, followed by
2556 * all allow entries (we have mandated this before accepting this acl).
2557 */
2558
2559 print_canon_ace_list( "file ace - before merge", file_ace);
2560 merge_aces( &file_ace, false);
2561
2562 print_canon_ace_list( "dir ace - before merge", dir_ace);
2563 merge_aces( &dir_ace, true);
2564
2565 /*
2566 * NT ACLs are order dependent. Go through the acl lists and
2567 * process DENY entries by masking the allow entries.
2568 */
2569
2570 print_canon_ace_list( "file ace - before deny", file_ace);
2571 process_deny_list(fsp->conn, &file_ace);
2572
2573 print_canon_ace_list( "dir ace - before deny", dir_ace);
2574 process_deny_list(fsp->conn, &dir_ace);
2575
2576 /*
2577 * A well formed POSIX file or default ACL has at least 3 entries, a
2578 * SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ
2579 * and optionally a mask entry. Ensure this is the case.
2580 */
2581
2582 print_canon_ace_list( "file ace - before valid", file_ace);
2583
2584 if (!ensure_canon_entry_valid_on_set(fsp->conn, &file_ace, false, fsp->conn->params,
2585 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst)) {
2586 free_canon_ace_list(file_ace);
2587 free_canon_ace_list(dir_ace);
2588 return False;
2589 }
2590
2591 print_canon_ace_list( "dir ace - before valid", dir_ace);
2592
2593 if (dir_ace && !ensure_canon_entry_valid_on_set(fsp->conn, &dir_ace, true, fsp->conn->params,
2594 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst)) {
2595 free_canon_ace_list(file_ace);
2596 free_canon_ace_list(dir_ace);
2597 return False;
2598 }
2599
2600 print_canon_ace_list( "file ace - return", file_ace);
2601 print_canon_ace_list( "dir ace - return", dir_ace);
2602
2603 *ppfile_ace = file_ace;
2604 *ppdir_ace = dir_ace;
2605 return True;
2606
2607 }
2608
2609 /******************************************************************************
2610 When returning permissions, try and fit NT display
2611 semantics if possible. Note the the canon_entries here must have been malloced.
2612 The list format should be - first entry = owner, followed by group and other user
2613 entries, last entry = other.
2614
2615 Note that this doesn't exactly match the NT semantics for an ACL. As POSIX entries
2616 are not ordered, and match on the most specific entry rather than walking a list,
2617 then a simple POSIX permission of rw-r--r-- should really map to 5 entries,
2618
2619 Entry 0: owner : deny all except read and write.
2620 Entry 1: owner : allow read and write.
2621 Entry 2: group : deny all except read.
2622 Entry 3: group : allow read.
2623 Entry 4: Everyone : allow read.
2624
2625 But NT cannot display this in their ACL editor !
2626 ********************************************************************************/
2627
2628 static void arrange_posix_perms(const char *filename, canon_ace **pp_list_head)
2629 {
2630 canon_ace *l_head = *pp_list_head;
2631 canon_ace *owner_ace = NULL;
2632 canon_ace *other_ace = NULL;
2633 canon_ace *ace = NULL;
2634
2635 for (ace = l_head; ace; ace = ace->next) {
2636 if (ace->type == SMB_ACL_USER_OBJ)
2637 owner_ace = ace;
2638 else if (ace->type == SMB_ACL_OTHER) {
2639 /* Last ace - this is "other" */
2640 other_ace = ace;
2641 }
2642 }
2643
2644 if (!owner_ace || !other_ace) {
2645 DEBUG(0,("arrange_posix_perms: Invalid POSIX permissions for file %s, missing owner or other.\n",
2646 filename ));
2647 return;
2648 }
2649
2650 /*
2651 * The POSIX algorithm applies to owner first, and other last,
2652 * so ensure they are arranged in this order.
2653 */
2654
2655 if (owner_ace) {
2656 DLIST_PROMOTE(l_head, owner_ace);
2657 }
2658
2659 if (other_ace) {
2660 DLIST_DEMOTE(l_head, other_ace, canon_ace *);
2661 }
2662
2663 /* We have probably changed the head of the list. */
2664
2665 *pp_list_head = l_head;
2666 }
2667
2668 /****************************************************************************
2669 Create a linked list of canonical ACE entries.
2670 ****************************************************************************/
2671
2672 static canon_ace *canonicalise_acl(struct connection_struct *conn,
2673 const char *fname, SMB_ACL_T posix_acl,
2674 const SMB_STRUCT_STAT *psbuf,
2675 const struct dom_sid *powner, const struct dom_sid *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type)
2676 {
2677 mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR);
2678 canon_ace *l_head = NULL;
2679 canon_ace *ace = NULL;
2680 canon_ace *next_ace = NULL;
2681 int entry_id = SMB_ACL_FIRST_ENTRY;
2682 bool is_default_acl = (the_acl_type == SMB_ACL_TYPE_DEFAULT);
2683 SMB_ACL_ENTRY_T entry;
2684 size_t ace_count;
2685
2686 while ( posix_acl && (sys_acl_get_entry(posix_acl, entry_id, &entry) == 1)) {
2687 SMB_ACL_TAG_T tagtype;
2688 SMB_ACL_PERMSET_T permset;
2689 struct dom_sid sid;
2690 struct unixid unix_ug;
2691 enum ace_owner owner_type;
2692
2693 entry_id = SMB_ACL_NEXT_ENTRY;
2694
2695 /* Is this a MASK entry ? */
2696 if (sys_acl_get_tag_type(entry, &tagtype) == -1)
2697 continue;
2698
2699 if (sys_acl_get_permset(entry, &permset) == -1)
2700 continue;
2701
2702 /* Decide which SID to use based on the ACL type. */
2703 switch(tagtype) {
2704 case SMB_ACL_USER_OBJ:
2705 /* Get the SID from the owner. */
2706 sid_copy(&sid, powner);
2707 unix_ug.type = ID_TYPE_UID;
2708 unix_ug.id = psbuf->st_ex_uid;
2709 owner_type = UID_ACE;
2710 break;
2711 case SMB_ACL_USER:
2712 {
2713 uid_t *puid = (uid_t *)sys_acl_get_qualifier(entry);
2714 if (puid == NULL) {
2715 DEBUG(0,("canonicalise_acl: Failed to get uid.\n"));
2716 continue;
2717 }
2718 uid_to_sid( &sid, *puid);
2719 unix_ug.type = ID_TYPE_UID;
2720 unix_ug.id = *puid;
2721 owner_type = UID_ACE;
2722 break;
2723 }
2724 case SMB_ACL_GROUP_OBJ:
2725 /* Get the SID from the owning group. */
2726 sid_copy(&sid, pgroup);
2727 unix_ug.type = ID_TYPE_GID;
2728 unix_ug.id = psbuf->st_ex_gid;
2729 owner_type = GID_ACE;
2730 break;
2731 case SMB_ACL_GROUP:
2732 {
2733 gid_t *pgid = (gid_t *)sys_acl_get_qualifier(entry);
2734 if (pgid == NULL) {
2735 DEBUG(0,("canonicalise_acl: Failed to get gid.\n"));
2736 continue;
2737 }
2738 gid_to_sid( &sid, *pgid);
2739 unix_ug.type = ID_TYPE_GID;
2740 unix_ug.id = *pgid;
2741 owner_type = GID_ACE;
2742 break;
2743 }
2744 case SMB_ACL_MASK:
2745 acl_mask = convert_permset_to_mode_t(permset);
2746 continue; /* Don't count the mask as an entry. */
2747 case SMB_ACL_OTHER:
2748 /* Use the Everyone SID */
2749 sid = global_sid_World;
2750 unix_ug.type = ID_TYPE_NOT_SPECIFIED;
2751 unix_ug.id = -1;
2752 owner_type = WORLD_ACE;
2753 break;
2754 default:
2755 DEBUG(0,("canonicalise_acl: Unknown tagtype %u\n", (unsigned int)tagtype));
2756 continue;
2757 }
2758
2759 /*
2760 * Add this entry to the list.
2761 */
2762
2763 if ((ace = talloc(talloc_tos(), canon_ace)) == NULL)
2764 goto fail;
2765
2766 ZERO_STRUCTP(ace);
2767 ace->type = tagtype;
2768 ace->perms = convert_permset_to_mode_t(permset);
2769 ace->attr = ALLOW_ACE;
2770 ace->trustee = sid;
2771 ace->unix_ug = unix_ug;
2772 ace->owner_type = owner_type;
2773 ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
2774
2775 DLIST_ADD(l_head, ace);
2776 }
2777
2778 /*
2779 * This next call will ensure we have at least a user/group/world set.
2780 */
2781
2782 if (!ensure_canon_entry_valid_on_get(conn, &l_head,
2783 powner, pgroup,
2784 psbuf))
2785 goto fail;
2786
2787 /*
2788 * Now go through the list, masking the permissions with the
2789 * acl_mask. Ensure all DENY Entries are at the start of the list.
2790 */
2791
2792 DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", is_default_acl ? "Default" : "Access"));
2793
2794 for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {
2795 next_ace = ace->next;
2796
2797 /* Masks are only applied to entries other than USER_OBJ and OTHER. */
2798 if (ace->type != SMB_ACL_OTHER && ace->type != SMB_ACL_USER_OBJ)
2799 ace->perms &= acl_mask;
2800
2801 if (ace->perms == 0) {
2802 DLIST_PROMOTE(l_head, ace);
2803 }
2804
2805 if( DEBUGLVL( 10 ) ) {
2806 print_canon_ace(ace, ace_count);
2807 }
2808 }
2809
2810 arrange_posix_perms(fname,&l_head );
2811
2812 print_canon_ace_list( "canonicalise_acl: ace entries after arrange", l_head );
2813
2814 return l_head;
2815
2816 fail:
2817
2818 free_canon_ace_list(l_head);
2819 return NULL;
2820 }
2821
2822 /****************************************************************************
2823 Check if the current user group list contains a given group.
2824 ****************************************************************************/
2825
2826 bool current_user_in_group(connection_struct *conn, gid_t gid)
2827 {
2828 int i;
2829 const struct security_unix_token *utok = get_current_utok(conn);
2830
2831 for (i = 0; i < utok->ngroups; i++) {
2832 if (utok->groups[i] == gid) {
2833 return True;
2834 }
2835 }
2836
2837 return False;
2838 }
2839
2840 /****************************************************************************
2841 Should we override a deny ? Check 'acl group control' and 'dos filemode'.
2842 ****************************************************************************/
2843
2844 static bool acl_group_override(connection_struct *conn,
2845 const struct smb_filename *smb_fname)
2846 {
2847 if ((errno != EPERM) && (errno != EACCES)) {
2848 return false;
2849 }
2850
2851 /* file primary group == user primary or supplementary group */
2852 if (lp_acl_group_control(SNUM(conn)) &&
2853 current_user_in_group(conn, smb_fname->st.st_ex_gid)) {
2854 return true;
2855 }
2856
2857 /* user has writeable permission */
2858 if (lp_dos_filemode(SNUM(conn)) &&
2859 can_write_to_file(conn, smb_fname)) {
2860 return true;
2861 }
2862
2863 return false;
2864 }
2865
2866 /****************************************************************************
2867 Attempt to apply an ACL to a file or directory.
2868 ****************************************************************************/
2869
2870 static bool set_canon_ace_list(files_struct *fsp,
2871 canon_ace *the_ace,
2872 bool default_ace,
2873 const SMB_STRUCT_STAT *psbuf,
2874 bool *pacl_set_support)
2875 {
2876 connection_struct *conn = fsp->conn;
2877 bool ret = False;
2878 SMB_ACL_T the_acl = sys_acl_init(talloc_tos());
2879 canon_ace *p_ace;
2880 int i;
2881 SMB_ACL_ENTRY_T mask_entry;
2882 bool got_mask_entry = False;
2883 SMB_ACL_PERMSET_T mask_permset;
2884 SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS);
2885 bool needs_mask = False;
2886 mode_t mask_perms = 0;
2887
2888 /* Use the psbuf that was passed in. */
2889 if (psbuf != &fsp->fsp_name->st) {
2890 fsp->fsp_name->st = *psbuf;
2891 }
2892
2893 #if defined(POSIX_ACL_NEEDS_MASK)
2894 /* HP-UX always wants to have a mask (called "class" there). */
2895 needs_mask = True;
2896 #endif
2897
2898 if (the_acl == NULL) {
2899 DEBUG(0, ("sys_acl_init failed to allocate an ACL\n"));
2900 return false;
2901 }
2902
2903 if( DEBUGLVL( 10 )) {
2904 dbgtext("set_canon_ace_list: setting ACL:\n");
2905 for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2906 print_canon_ace( p_ace, i);
2907 }
2908 }
2909
2910 for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2911 SMB_ACL_ENTRY_T the_entry;
2912 SMB_ACL_PERMSET_T the_permset;
2913
2914 /*
2915 * ACLs only "need" an ACL_MASK entry if there are any named user or
2916 * named group entries. But if there is an ACL_MASK entry, it applies
2917 * to ACL_USER, ACL_GROUP, and ACL_GROUP_OBJ entries. Set the mask
2918 * so that it doesn't deny (i.e., mask off) any permissions.
2919 */
2920
2921 if (p_ace->type == SMB_ACL_USER || p_ace->type == SMB_ACL_GROUP) {
2922 needs_mask = True;
2923 mask_perms |= p_ace->perms;
2924 } else if (p_ace->type == SMB_ACL_GROUP_OBJ) {
2925 mask_perms |= p_ace->perms;
2926 }
2927
2928 /*
2929 * Get the entry for this ACE.
2930 */
2931
2932 if (sys_acl_create_entry(&the_acl, &the_entry) == -1) {
2933 DEBUG(0,("set_canon_ace_list: Failed to create entry %d. (%s)\n",
2934 i, strerror(errno) ));
2935 goto fail;
2936 }
2937
2938 if (p_ace->type == SMB_ACL_MASK) {
2939 mask_entry = the_entry;
2940 got_mask_entry = True;
2941 }
2942
2943 /*
2944 * Ok - we now know the ACL calls should be working, don't
2945 * allow fallback to chmod.
2946 */
2947
2948 *pacl_set_support = True;
2949
2950 /*
2951 * Initialise the entry from the canon_ace.
2952 */
2953
2954 /*
2955 * First tell the entry what type of ACE this is.
2956 */
2957
2958 if (sys_acl_set_tag_type(the_entry, p_ace->type) == -1) {
2959 DEBUG(0,("set_canon_ace_list: Failed to set tag type on entry %d. (%s)\n",
2960 i, strerror(errno) ));
2961 goto fail;
2962 }
2963
2964 /*
2965 * Only set the qualifier (user or group id) if the entry is a user
2966 * or group id ACE.
2967 */
2968
2969 if ((p_ace->type == SMB_ACL_USER) || (p_ace->type == SMB_ACL_GROUP)) {
2970 if (sys_acl_set_qualifier(the_entry,(void *)&p_ace->unix_ug.id) == -1) {
2971 DEBUG(0,("set_canon_ace_list: Failed to set qualifier on entry %d. (%s)\n",
2972 i, strerror(errno) ));
2973 goto fail;
2974 }
2975 }
2976
2977 /*
2978 * Convert the mode_t perms in the canon_ace to a POSIX permset.
2979 */
2980
2981 if (sys_acl_get_permset(the_entry, &the_permset) == -1) {
2982 DEBUG(0,("set_canon_ace_list: Failed to get permset on entry %d. (%s)\n",
2983 i, strerror(errno) ));
2984 goto fail;
2985 }
2986
2987 if (map_acl_perms_to_permset(conn, p_ace->perms, &the_permset) == -1) {
2988 DEBUG(0,("set_canon_ace_list: Failed to create permset for mode (%u) on entry %d. (%s)\n",
2989 (unsigned int)p_ace->perms, i, strerror(errno) ));
2990 goto fail;
2991 }
2992
2993 /*
2994 * ..and apply them to the entry.
2995 */
2996
2997 if (sys_acl_set_permset(the_entry, the_permset) == -1) {
2998 DEBUG(0,("set_canon_ace_list: Failed to add permset on entry %d. (%s)\n",
2999 i, strerror(errno) ));
3000 goto fail;
3001 }
3002
3003 if( DEBUGLVL( 10 ))
3004 print_canon_ace( p_ace, i);
3005
3006 }
3007
3008 if (needs_mask && !got_mask_entry) {
3009 if (sys_acl_create_entry(&the_acl, &mask_entry) == -1) {
3010 DEBUG(0,("set_canon_ace_list: Failed to create mask entry. (%s)\n", strerror(errno) ));
3011 goto fail;
3012 }
3013
3014 if (sys_acl_set_tag_type(mask_entry, SMB_ACL_MASK) == -1) {
3015 DEBUG(0,("set_canon_ace_list: Failed to set tag type on mask entry. (%s)\n",strerror(errno) ));
3016 goto fail;
3017 }
3018
3019 if (sys_acl_get_permset(mask_entry, &mask_permset) == -1) {
3020 DEBUG(0,("set_canon_ace_list: Failed to get mask permset. (%s)\n", strerror(errno) ));
3021 goto fail;
3022 }
3023
3024 if (map_acl_perms_to_permset(conn, S_IRUSR|S_IWUSR|S_IXUSR, &mask_permset) == -1) {
3025 DEBUG(0,("set_canon_ace_list: Failed to create mask permset. (%s)\n", strerror(errno) ));
3026 goto fail;
3027 }
3028
3029 if (sys_acl_set_permset(mask_entry, mask_permset) == -1) {
3030 DEBUG(0,("set_canon_ace_list: Failed to add mask permset. (%s)\n", strerror(errno) ));
3031 goto fail;
3032 }
3033 }
3034
3035 /*
3036 * Finally apply it to the file or directory.
3037 */
3038
3039 if(default_ace || fsp->is_directory || fsp->fh->fd == -1) {
3040 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name->base_name,
3041 the_acl_type, the_acl) == -1) {
3042 /*
3043 * Some systems allow all the above calls and only fail with no ACL support
3044 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
3045 */
3046 if (no_acl_syscall_error(errno)) {
3047 *pacl_set_support = False;
3048 }
3049
3050 if (acl_group_override(conn, fsp->fsp_name)) {
3051 int sret;
3052
3053 DEBUG(5,("set_canon_ace_list: acl group "
3054 "control on and current user in file "
3055 "%s primary group.\n",
3056 fsp_str_dbg(fsp)));
3057
3058 become_root();
3059 sret = SMB_VFS_SYS_ACL_SET_FILE(conn,
3060 fsp->fsp_name->base_name, the_acl_type,
3061 the_acl);
3062 unbecome_root();
3063 if (sret == 0) {
3064 ret = True;
3065 }
3066 }
3067
3068 if (ret == False) {
3069 DEBUG(2,("set_canon_ace_list: "
3070 "sys_acl_set_file type %s failed for "
3071 "file %s (%s).\n",
3072 the_acl_type == SMB_ACL_TYPE_DEFAULT ?
3073 "directory default" : "file",
3074 fsp_str_dbg(fsp), strerror(errno)));
3075 goto fail;
3076 }
3077 }
3078 } else {
3079 if (SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl) == -1) {
3080 /*
3081 * Some systems allow all the above calls and only fail with no ACL support
3082 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
3083 */
3084 if (no_acl_syscall_error(errno)) {
3085 *pacl_set_support = False;
3086 }
3087
3088 if (acl_group_override(conn, fsp->fsp_name)) {
3089 int sret;
3090
3091 DEBUG(5,("set_canon_ace_list: acl group "
3092 "control on and current user in file "
3093 "%s primary group.\n",
3094 fsp_str_dbg(fsp)));
3095
3096 become_root();
3097 sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl);
3098 unbecome_root();
3099 if (sret == 0) {
3100 ret = True;
3101 }
3102 }
3103
3104 if (ret == False) {
3105 DEBUG(2,("set_canon_ace_list: "
3106 "sys_acl_set_file failed for file %s "
3107 "(%s).\n",
3108 fsp_str_dbg(fsp), strerror(errno)));
3109 goto fail;
3110 }
3111 }
3112 }
3113
3114 ret = True;
3115
3116 fail:
3117
3118 if (the_acl != NULL) {
3119 TALLOC_FREE(the_acl);
3120 }
3121
3122 return ret;
3123 }
3124
3125 /****************************************************************************
3126
3127 ****************************************************************************/
3128
3129 SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl)
3130 {
3131 SMB_ACL_ENTRY_T entry;
3132
3133 if (!the_acl)
3134 return NULL;
3135 if (sys_acl_get_entry(the_acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) {
3136 TALLOC_FREE(the_acl);
3137 return NULL;
3138 }
3139 return the_acl;
3140 }
3141
3142 /****************************************************************************
3143 Convert a canon_ace to a generic 3 element permission - if possible.
3144 ****************************************************************************/
3145
3146 #define MAP_PERM(p,mask,result) (((p) & (mask)) ? (result) : 0 )
3147
3148 static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms)
3149 {
3150 int snum = SNUM(fsp->conn);
3151 size_t ace_count = count_canon_ace_list(file_ace_list);
3152 canon_ace *ace_p;
3153 canon_ace *owner_ace = NULL;
3154 canon_ace *group_ace = NULL;
3155 canon_ace *other_ace = NULL;
3156 mode_t and_bits;
3157 mode_t or_bits;
3158
3159 if (ace_count != 3) {
3160 DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE "
3161 "entries for file %s to convert to posix perms.\n",
3162 fsp_str_dbg(fsp)));
3163 return False;
3164 }
3165
3166 for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) {
3167 if (ace_p->owner_type == UID_ACE)
3168 owner_ace = ace_p;
3169 else if (ace_p->owner_type == GID_ACE)
3170 group_ace = ace_p;
3171 else if (ace_p->owner_type == WORLD_ACE)
3172 other_ace = ace_p;
3173 }
3174
3175 if (!owner_ace || !group_ace || !other_ace) {
3176 DEBUG(3,("convert_canon_ace_to_posix_perms: Can't get "
3177 "standard entries for file %s.\n", fsp_str_dbg(fsp)));
3178 return False;
3179 }
3180
3181 *posix_perms = (mode_t)0;
3182
3183 *posix_perms |= owner_ace->perms;
3184 *posix_perms |= MAP_PERM(group_ace->perms, S_IRUSR, S_IRGRP);
3185 *posix_perms |= MAP_PERM(group_ace->perms, S_IWUSR, S_IWGRP);
3186 *posix_perms |= MAP_PERM(group_ace->perms, S_IXUSR, S_IXGRP);
3187 *posix_perms |= MAP_PERM(other_ace->perms, S_IRUSR, S_IROTH);
3188 *posix_perms |= MAP_PERM(other_ace->perms, S_IWUSR, S_IWOTH);
3189 *posix_perms |= MAP_PERM(other_ace->perms, S_IXUSR, S_IXOTH);
3190
3191 /* The owner must have at least read access. */
3192
3193 *posix_perms |= S_IRUSR;
3194 if (fsp->is_directory)
3195 *posix_perms |= (S_IWUSR|S_IXUSR);
3196
3197 /* If requested apply the masks. */
3198
3199 /* Get the initial bits to apply. */
3200
3201 if (fsp->is_directory) {
3202 and_bits = lp_dir_mask(snum);
3203 or_bits = lp_force_dir_mode(snum);
3204 } else {
3205 and_bits = lp_create_mask(snum);
3206 or_bits = lp_force_create_mode(snum);
3207 }
3208
3209 *posix_perms = (((*posix_perms) & and_bits)|or_bits);
3210
3211 DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o "
3212 "to perm=0%o for file %s.\n", (int)owner_ace->perms,
3213 (int)group_ace->perms, (int)other_ace->perms,
3214 (int)*posix_perms, fsp_str_dbg(fsp)));
3215
3216 return True;
3217 }
3218
3219 /****************************************************************************
3220 Incoming NT ACLs on a directory can be split into a default POSIX acl (CI|OI|IO) and
3221 a normal POSIX acl. Win2k needs these split acls re-merging into one ACL
3222 with CI|OI set so it is inherited and also applies to the directory.
3223 Based on code from "Jim McDonough" <jmcd@us.ibm.com>.
3224 ****************************************************************************/
3225
3226 static size_t merge_default_aces( struct security_ace *nt_ace_list, size_t num_aces)
3227 {
3228 size_t i, j;
3229
3230 for (i = 0; i < num_aces; i++) {
3231 for (j = i+1; j < num_aces; j++) {
3232 uint32 i_flags_ni = (nt_ace_list[i].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
3233 uint32 j_flags_ni = (nt_ace_list[j].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
3234 bool i_inh = (nt_ace_list[i].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
3235 bool j_inh = (nt_ace_list[j].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
3236
3237 /* We know the lower number ACE's are file entries. */
3238 if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
3239 (nt_ace_list[i].size == nt_ace_list[j].size) &&
3240 (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
3241 dom_sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
3242 (i_inh == j_inh) &&
3243 (i_flags_ni == 0) &&
3244 (j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT|
3245 SEC_ACE_FLAG_CONTAINER_INHERIT|
3246 SEC_ACE_FLAG_INHERIT_ONLY))) {
3247 /*
3248 * W2K wants to have access allowed zero access ACE's
3249 * at the end of the list. If the mask is zero, merge
3250 * the non-inherited ACE onto the inherited ACE.
3251 */
3252
3253 if (nt_ace_list[i].access_mask == 0) {
3254 nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
3255 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
3256 if (num_aces - i - 1 > 0)
3257 memmove(&nt_ace_list[i], &nt_ace_list[i+1], (num_aces-i-1) *
3258 sizeof(struct security_ace));
3259
3260 DEBUG(10,("merge_default_aces: Merging zero access ACE %u onto ACE %u.\n",
3261 (unsigned int)i, (unsigned int)j ));
3262 } else {
3263 /*
3264 * These are identical except for the flags.
3265 * Merge the inherited ACE onto the non-inherited ACE.
3266 */
3267
3268 nt_ace_list[i].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
3269 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
3270 if (num_aces - j - 1 > 0)
3271 memmove(&nt_ace_list[j], &nt_ace_list[j+1], (num_aces-j-1) *
3272 sizeof(struct security_ace));
3273
3274 DEBUG(10,("merge_default_aces: Merging ACE %u onto ACE %u.\n",
3275 (unsigned int)j, (unsigned int)i ));
3276 }
3277 num_aces--;
3278 break;
3279 }
3280 }
3281 }
3282
3283 return num_aces;
3284 }
3285
3286 /*
3287 * Add or Replace ACE entry.
3288 * In some cases we need to add a specific ACE for compatibility reasons.
3289 * When doing that we must make sure we are not actually creating a duplicate
3290 * entry. So we need to search whether an ACE entry already exist and eventually
3291 * replacce the access mask, or add a completely new entry if none was found.
3292 *
3293 * This function assumes the array has enough space to add a new entry without
3294 * any reallocation of memory.
3295 */
3296
3297 static void add_or_replace_ace(struct security_ace *nt_ace_list, size_t *num_aces,
3298 const struct dom_sid *sid, enum security_ace_type type,
3299 uint32_t mask, uint8_t flags)
3300 {
3301 int i;
3302
3303 /* first search for a duplicate */
3304 for (i = 0; i < *num_aces; i++) {
3305 if (dom_sid_equal(&nt_ace_list[i].trustee, sid) &&
3306 (nt_ace_list[i].flags == flags)) break;
3307 }
3308
3309 if (i < *num_aces) { /* found */
3310 nt_ace_list[i].type = type;
3311 nt_ace_list[i].access_mask = mask;
3312 DEBUG(10, ("Replacing ACE %d with SID %s and flags %02x\n",
3313 i, sid_string_dbg(sid), flags));
3314 return;
3315 }
3316
3317 /* not found, append it */
3318 init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags);
3319 }
3320
3321
3322 /****************************************************************************
3323 Reply to query a security descriptor from an fsp. If it succeeds it allocates
3324 the space for the return elements and returns the size needed to return the
3325 security descriptor. This should be the only external function needed for
3326 the UNIX style get ACL.
3327 ****************************************************************************/
3328
3329 static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
3330 const char *name,
3331 const SMB_STRUCT_STAT *sbuf,
3332 struct pai_val *pal,
3333 SMB_ACL_T posix_acl,
3334 SMB_ACL_T def_acl,
3335 uint32_t security_info,
3336 TALLOC_CTX *mem_ctx,
3337 struct security_descriptor **ppdesc)
3338 {
3339 struct dom_sid owner_sid;
3340 struct dom_sid group_sid;
3341 size_t sd_size = 0;
3342 struct security_acl *psa = NULL;
3343 size_t num_acls = 0;
3344 size_t num_def_acls = 0;
3345 size_t num_aces = 0;
3346 canon_ace *file_ace = NULL;
3347 canon_ace *dir_ace = NULL;
3348 struct security_ace *nt_ace_list = NULL;
3349 size_t num_profile_acls = 0;
3350 struct dom_sid orig_owner_sid;
3351 struct security_descriptor *psd = NULL;
3352 int i;
3353
3354 /*
3355 * Get the owner, group and world SIDs.
3356 */
3357
3358 create_file_sids(sbuf, &owner_sid, &group_sid);
3359
3360 if (lp_profile_acls(SNUM(conn))) {
3361 /* For WXP SP1 the owner must be administrators. */
3362 sid_copy(&orig_owner_sid, &owner_sid);
3363 sid_copy(&owner_sid, &global_sid_Builtin_Administrators);
3364 sid_copy(&group_sid, &global_sid_Builtin_Users);
3365 num_profile_acls = 3;
3366 }
3367
3368 if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) {
3369
3370 /*
3371 * In the optimum case Creator Owner and Creator Group would be used for
3372 * the ACL_USER_OBJ and ACL_GROUP_OBJ entries, respectively, but this
3373 * would lead to usability problems under Windows: The Creator entries
3374 * are only available in browse lists of directories and not for files;
3375 * additionally the identity of the owning group couldn't be determined.
3376 * We therefore use those identities only for Default ACLs.
3377 */
3378
3379 /* Create the canon_ace lists. */
3380 file_ace = canonicalise_acl(conn, name, posix_acl, sbuf,
3381 &owner_sid, &group_sid, pal,
3382 SMB_ACL_TYPE_ACCESS);
3383
3384 /* We must have *some* ACLS. */
3385
3386 if (count_canon_ace_list(file_ace) == 0) {
3387 DEBUG(0,("get_nt_acl : No ACLs on file (%s) !\n", name));
3388 goto done;
3389 }
3390
3391 if (S_ISDIR(sbuf->st_ex_mode) && def_acl) {
3392 dir_ace = canonicalise_acl(conn, name, def_acl,
3393 sbuf,
3394 &global_sid_Creator_Owner,
3395 &global_sid_Creator_Group,
3396 pal, SMB_ACL_TYPE_DEFAULT);
3397 }
3398
3399 /*
3400 * Create the NT ACE list from the canonical ace lists.
3401 */
3402
3403 {
3404 canon_ace *ace;
3405 enum security_ace_type nt_acl_type;
3406
3407 num_acls = count_canon_ace_list(file_ace);
3408 num_def_acls = count_canon_ace_list(dir_ace);
3409
3410 /* Allocate the ace list. */
3411 if ((nt_ace_list = talloc_array(talloc_tos(), struct security_ace,num_acls + num_profile_acls + num_def_acls)) == NULL) {
3412 DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
3413 goto done;
3414 }
3415
3416 memset(nt_ace_list, '\0', (num_acls + num_def_acls) * sizeof(struct security_ace) );
3417
3418 /*
3419 * Create the NT ACE list from the canonical ace lists.
3420 */
3421
3422 for (ace = file_ace; ace != NULL; ace = ace->next) {
3423 uint32_t acc = map_canon_ace_perms(SNUM(conn),
3424 &nt_acl_type,
3425 ace->perms,
3426 S_ISDIR(sbuf->st_ex_mode));
3427 init_sec_ace(&nt_ace_list[num_aces++],
3428 &ace->trustee,
3429 nt_acl_type,
3430 acc,
3431 ace->ace_flags);
3432 }
3433
3434 /* The User must have access to a profile share - even
3435 * if we can't map the SID. */
3436 if (lp_profile_acls(SNUM(conn))) {
3437 add_or_replace_ace(nt_ace_list, &num_aces,
3438 &global_sid_Builtin_Users,
3439 SEC_ACE_TYPE_ACCESS_ALLOWED,
3440 FILE_GENERIC_ALL, 0);
3441 }
3442
3443 for (ace = dir_ace; ace != NULL; ace = ace->next) {
3444 uint32_t acc = map_canon_ace_perms(SNUM(conn),
3445 &nt_acl_type,
3446 ace->perms,
3447 S_ISDIR(sbuf->st_ex_mode));
3448 init_sec_ace(&nt_ace_list[num_aces++],
3449 &ace->trustee,
3450 nt_acl_type,
3451 acc,
3452 ace->ace_flags |
3453 SEC_ACE_FLAG_OBJECT_INHERIT|
3454 SEC_ACE_FLAG_CONTAINER_INHERIT|
3455 SEC_ACE_FLAG_INHERIT_ONLY);
3456 }
3457
3458 /* The User must have access to a profile share - even
3459 * if we can't map the SID. */
3460 if (lp_profile_acls(SNUM(conn))) {
3461 add_or_replace_ace(nt_ace_list, &num_aces,
3462 &global_sid_Builtin_Users,
3463 SEC_ACE_TYPE_ACCESS_ALLOWED,
3464 FILE_GENERIC_ALL,
3465 SEC_ACE_FLAG_OBJECT_INHERIT |
3466 SEC_ACE_FLAG_CONTAINER_INHERIT |
3467 SEC_ACE_FLAG_INHERIT_ONLY);
3468 }
3469
3470 /*
3471 * Merge POSIX default ACLs and normal ACLs into one NT ACE.
3472 * Win2K needs this to get the inheritance correct when replacing ACLs
3473 * on a directory tree. Based on work by Jim @ IBM.
3474 */
3475
3476 num_aces = merge_default_aces(nt_ace_list, num_aces);
3477
3478 if (lp_profile_acls(SNUM(conn))) {
3479 for (i = 0; i < num_aces; i++) {
3480 if (dom_sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
3481 add_or_replace_ace(nt_ace_list, &num_aces,
3482 &orig_owner_sid,
3483 nt_ace_list[i].type,
3484 nt_ace_list[i].access_mask,
3485 nt_ace_list[i].flags);
3486 break;
3487 }
3488 }
3489 }
3490 }
3491
3492 if (num_aces) {
3493 if((psa = make_sec_acl( talloc_tos(), NT4_ACL_REVISION, num_aces, nt_ace_list)) == NULL) {
3494 DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
3495 goto done;
3496 }
3497 }
3498 } /* security_info & SECINFO_DACL */
3499
3500 psd = make_standard_sec_desc(mem_ctx,
3501 (security_info & SECINFO_OWNER) ? &owner_sid : NULL,
3502 (security_info & SECINFO_GROUP) ? &group_sid : NULL,
3503 psa,
3504 &sd_size);
3505
3506 if(!psd) {
3507 DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
3508 sd_size = 0;
3509 goto done;
3510 }
3511
3512 /*
3513 * Windows 2000: The DACL_PROTECTED flag in the security
3514 * descriptor marks the ACL as non-inheriting, i.e., no
3515 * ACEs from higher level directories propagate to this
3516 * ACL. In the POSIX ACL model permissions are only
3517 * inherited at file create time, so ACLs never contain
3518 * any ACEs that are inherited dynamically. The DACL_PROTECTED
3519 * flag doesn't seem to bother Windows NT.
3520 * Always set this if map acl inherit is turned off.
3521 */
3522 if (pal == NULL || !lp_map_acl_inherit(SNUM(conn))) {
3523 psd->type |= SEC_DESC_DACL_PROTECTED;
3524 } else {
3525 psd->type |= pal->sd_type;
3526 }
3527
3528 if (psd->dacl) {
3529 dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces);
3530 }
3531
3532 *ppdesc = psd;
3533
3534 done:
3535
3536 if (posix_acl) {
3537 TALLOC_FREE(posix_acl);
3538 }
3539 if (def_acl) {
3540 TALLOC_FREE(def_acl);
3541 }
3542 free_canon_ace_list(file_ace);
3543 free_canon_ace_list(dir_ace);
3544 free_inherited_info(pal);
3545 TALLOC_FREE(nt_ace_list);
3546
3547 return NT_STATUS_OK;
3548 }
3549
3550 NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
3551 TALLOC_CTX *mem_ctx,
3552 struct security_descriptor **ppdesc)
3553 {
3554 SMB_STRUCT_STAT sbuf;
3555 SMB_ACL_T posix_acl = NULL;
3556 struct pai_val *pal;
3557 TALLOC_CTX *frame = talloc_stackframe();
3558 NTSTATUS status;
3559
3560 *ppdesc = NULL;
3561
3562 DEBUG(10,("posix_fget_nt_acl: called for file %s\n",
3563 fsp_str_dbg(fsp)));
3564
3565 /* can it happen that fsp_name == NULL ? */
3566 if (fsp->is_directory || fsp->fh->fd == -1) {
3567 status = posix_get_nt_acl(fsp->conn, fsp->fsp_name->base_name,
3568 security_info, mem_ctx, ppdesc);
3569 TALLOC_FREE(frame);
3570 return status;
3571 }
3572
3573 /* Get the stat struct for the owner info. */
3574 if(SMB_VFS_FSTAT(fsp, &sbuf) != 0) {
3575 TALLOC_FREE(frame);
3576 return map_nt_error_from_unix(errno);
3577 }
3578
3579 /* Get the ACL from the fd. */
3580 posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, frame);
3581
3582 pal = fload_inherited_info(fsp);
3583
3584 status = posix_get_nt_acl_common(fsp->conn, fsp->fsp_name->base_name,
3585 &sbuf, pal, posix_acl, NULL,
3586 security_info, mem_ctx, ppdesc);
3587 TALLOC_FREE(frame);
3588 return status;
3589 }
3590
3591 NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
3592 uint32_t security_info,
3593 TALLOC_CTX *mem_ctx,
3594 struct security_descriptor **ppdesc)
3595 {
3596 SMB_ACL_T posix_acl = NULL;
3597 SMB_ACL_T def_acl = NULL;
3598 struct pai_val *pal;
3599 struct smb_filename smb_fname;
3600 int ret;
3601 TALLOC_CTX *frame = talloc_stackframe();
3602 NTSTATUS status;
3603
3604 *ppdesc = NULL;
3605
3606 DEBUG(10,("posix_get_nt_acl: called for file %s\n", name ));
3607
3608 ZERO_STRUCT(smb_fname);
3609 smb_fname.base_name = discard_const_p(char, name);
3610
3611 /* Get the stat struct for the owner info. */
3612 if (lp_posix_pathnames()) {
3613 ret = SMB_VFS_LSTAT(conn, &smb_fname);
3614 } else {
3615 ret = SMB_VFS_STAT(conn, &smb_fname);
3616 }
3617
3618 if (ret == -1) {
3619 TALLOC_FREE(frame);
3620 return map_nt_error_from_unix(errno);
3621 }
3622
3623 /* Get the ACL from the path. */
3624 posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name,
3625 SMB_ACL_TYPE_ACCESS, frame);
3626
3627 /* If it's a directory get the default POSIX ACL. */
3628 if(S_ISDIR(smb_fname.st.st_ex_mode)) {
3629 def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name,
3630 SMB_ACL_TYPE_DEFAULT, frame);
3631 def_acl = free_empty_sys_acl(conn, def_acl);
3632 }
3633
3634 pal = load_inherited_info(conn, name);
3635
3636 status = posix_get_nt_acl_common(conn, name, &smb_fname.st, pal,
3637 posix_acl, def_acl, security_info,
3638 mem_ctx,
3639 ppdesc);
3640 TALLOC_FREE(frame);
3641 return status;
3642 }
3643
3644 /****************************************************************************
3645 Try to chown a file. We will be able to chown it under the following conditions.
3646
3647 1) If we have root privileges, then it will just work.
3648 2) If we have SeRestorePrivilege we can change the user + group to any other user.
3649 3) If we have SeTakeOwnershipPrivilege we can change the user to the current user.
3650 4) If we have write permission to the file and dos_filemodes is set
3651 then allow chown to the currently authenticated user.
3652 ****************************************************************************/
3653
3654 NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid)
3655 {
3656 NTSTATUS status;
3657
3658 if(!CAN_WRITE(fsp->conn)) {
3659 return NT_STATUS_MEDIA_WRITE_PROTECTED;
3660 }
3661
3662 /* Case (1). */
3663 status = vfs_chown_fsp(fsp, uid, gid);
3664 if (NT_STATUS_IS_OK(status)) {
3665 return status;
3666 }
3667
3668 /* Case (2) / (3) */
3669 if (lp_enable_privileges()) {
3670 bool has_take_ownership_priv = security_token_has_privilege(
3671 get_current_nttok(fsp->conn),
3672 SEC_PRIV_TAKE_OWNERSHIP);
3673 bool has_restore_priv = security_token_has_privilege(
3674 get_current_nttok(fsp->conn),
3675 SEC_PRIV_RESTORE);
3676
3677 if (has_restore_priv) {
3678 ; /* Case (2) */
3679 } else if (has_take_ownership_priv) {
3680 /* Case (3) */
3681 if (uid == get_current_uid(fsp->conn)) {
3682 gid = (gid_t)-1;
3683 } else {
3684 has_take_ownership_priv = false;
3685 }
3686 }
3687
3688 if (has_take_ownership_priv || has_restore_priv) {
3689 become_root();
3690 status = vfs_chown_fsp(fsp, uid, gid);
3691 unbecome_root();
3692 return status;
3693 }
3694 }
3695
3696 /* Case (4). */
3697 if (!lp_dos_filemode(SNUM(fsp->conn))) {
3698 return NT_STATUS_ACCESS_DENIED;
3699 }
3700
3701 /* only allow chown to the current user. This is more secure,
3702 and also copes with the case where the SID in a take ownership ACL is
3703 a local SID on the users workstation
3704 */
3705 if (uid != get_current_uid(fsp->conn)) {
3706 return NT_STATUS_ACCESS_DENIED;
3707 }
3708
3709 become_root();
3710 /* Keep the current file gid the same. */
3711 status = vfs_chown_fsp(fsp, uid, (gid_t)-1);
3712 unbecome_root();
3713
3714 return status;
3715 }
3716
3717 #if 0
3718 /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */
3719
3720 /****************************************************************************
3721 Take care of parent ACL inheritance.
3722 ****************************************************************************/
3723
3724 NTSTATUS append_parent_acl(files_struct *fsp,
3725 const struct security_descriptor *pcsd,
3726 struct security_descriptor **pp_new_sd)
3727 {
3728 struct smb_filename *smb_dname = NULL;
3729 struct security_descriptor *parent_sd = NULL;
3730 files_struct *parent_fsp = NULL;
3731 TALLOC_CTX *mem_ctx = talloc_tos();
3732 char *parent_name = NULL;
3733 struct security_ace *new_ace = NULL;
3734 unsigned int num_aces = pcsd->dacl->num_aces;
3735 NTSTATUS status;
3736 int info;
3737 unsigned int i, j;
3738 struct security_descriptor *psd = dup_sec_desc(talloc_tos(), pcsd);
3739 bool is_dacl_protected = (pcsd->type & SEC_DESC_DACL_PROTECTED);
3740
3741 if (psd == NULL) {
3742 return NT_STATUS_NO_MEMORY;
3743 }
3744
3745 if (!parent_dirname(mem_ctx, fsp->fsp_name->base_name, &parent_name,
3746 NULL)) {
3747 return NT_STATUS_NO_MEMORY;
3748 }
3749
3750 status = create_synthetic_smb_fname(mem_ctx, parent_name, NULL, NULL,
3751 &smb_dname);
3752 if (!NT_STATUS_IS_OK(status)) {
3753 goto fail;
3754 }
3755
3756 status = SMB_VFS_CREATE_FILE(
3757 fsp->conn, /* conn */
3758 NULL, /* req */
3759 0, /* root_dir_fid */
3760 smb_dname, /* fname */
3761 FILE_READ_ATTRIBUTES, /* access_mask */
3762 FILE_SHARE_NONE, /* share_access */
3763 FILE_OPEN, /* create_disposition*/
3764 FILE_DIRECTORY_FILE, /* create_options */
3765 0, /* file_attributes */
3766 INTERNAL_OPEN_ONLY, /* oplock_request */
3767 0, /* allocation_size */
3768 NULL, /* sd */
3769 NULL, /* ea_list */
3770 &parent_fsp, /* result */
3771 &info); /* pinfo */
3772
3773 if (!NT_STATUS_IS_OK(status)) {
3774 TALLOC_FREE(smb_dname);
3775 return status;
3776 }
3777
3778 status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, smb_dname->base_name,
3779 SECINFO_DACL, &parent_sd );
3780
3781 close_file(NULL, parent_fsp, NORMAL_CLOSE);
3782 TALLOC_FREE(smb_dname);
3783
3784 if (!NT_STATUS_IS_OK(status)) {
3785 return status;
3786 }
3787
3788 /*
3789 * Make room for potentially all the ACLs from
3790 * the parent. We used to add the ugw triple here,
3791 * as we knew we were dealing with POSIX ACLs.
3792 * We no longer need to do so as we can guarentee
3793 * that a default ACL from the parent directory will
3794 * be well formed for POSIX ACLs if it came from a
3795 * POSIX ACL source, and if we're not writing to a
3796 * POSIX ACL sink then we don't care if it's not well
3797 * formed. JRA.
3798 */
3799
3800 num_aces += parent_sd->dacl->num_aces;
3801
3802 if((new_ace = talloc_zero_array(mem_ctx, struct security_ace,
3803 num_aces)) == NULL) {
3804 return NT_STATUS_NO_MEMORY;
3805 }
3806
3807 /* Start by copying in all the given ACE entries. */
3808 for (i = 0; i < psd->dacl->num_aces; i++) {
3809 sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]);
3810 }
3811
3812 /*
3813 * Note that we're ignoring "inherit permissions" here
3814 * as that really only applies to newly created files. JRA.
3815 */
3816
3817 /* Finally append any inherited ACEs. */
3818 for (j = 0; j < parent_sd->dacl->num_aces; j++) {
3819 struct security_ace *se = &parent_sd->dacl->aces[j];
3820
3821 if (fsp->is_directory) {
3822 if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
3823 /* Doesn't apply to a directory - ignore. */
3824 DEBUG(10,("append_parent_acl: directory %s "
3825 "ignoring non container "
3826 "inherit flags %u on ACE with sid %s "
3827 "from parent %s\n",
3828 fsp_str_dbg(fsp),
3829 (unsigned int)se->flags,
3830 sid_string_dbg(&se->trustee),
3831 parent_name));
3832 continue;
3833 }
3834 } else {
3835 if (!(se->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
3836 /* Doesn't apply to a file - ignore. */
3837 DEBUG(10,("append_parent_acl: file %s "
3838 "ignoring non object "
3839 "inherit flags %u on ACE with sid %s "
3840 "from parent %s\n",
3841 fsp_str_dbg(fsp),
3842 (unsigned int)se->flags,
3843 sid_string_dbg(&se->trustee),
3844 parent_name));
3845 continue;
3846 }
3847 }
3848
3849 if (is_dacl_protected) {
3850 /* If the DACL is protected it means we must
3851 * not overwrite an existing ACE entry with the
3852 * same SID. This is order N^2. Ouch :-(. JRA. */
3853 unsigned int k;
3854 for (k = 0; k < psd->dacl->num_aces; k++) {
3855 if (dom_sid_equal(&psd->dacl->aces[k].trustee,
3856 &se->trustee)) {
3857 break;
3858 }
3859 }
3860 if (k < psd->dacl->num_aces) {
3861 /* SID matched. Ignore. */
3862 DEBUG(10,("append_parent_acl: path %s "
3863 "ignoring ACE with protected sid %s "
3864 "from parent %s\n",
3865 fsp_str_dbg(fsp),
3866 sid_string_dbg(&se->trustee),
3867 parent_name));
3868 continue;
3869 }
3870 }
3871
3872 sec_ace_copy(&new_ace[i], se);
3873 if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
3874 new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT);
3875 }
3876 new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE;
3877
3878 if (fsp->is_directory) {
3879 /*
3880 * Strip off any inherit only. It's applied.
3881 */
3882 new_ace[i].flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY);
3883 if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
3884 /* No further inheritance. */
3885 new_ace[i].flags &=
3886 ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
3887 SEC_ACE_FLAG_OBJECT_INHERIT);
3888 }
3889 } else {
3890 /*
3891 * Strip off any container or inherit
3892 * flags, they can't apply to objects.
3893 */
3894 new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
3895 SEC_ACE_FLAG_INHERIT_ONLY|
3896 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
3897 }
3898 i++;
3899
3900 DEBUG(10,("append_parent_acl: path %s "
3901 "inheriting ACE with sid %s "
3902 "from parent %s\n",
3903 fsp_str_dbg(fsp),
3904 sid_string_dbg(&se->trustee),
3905 parent_name));
3906 }
3907
3908 psd->dacl->aces = new_ace;
3909 psd->dacl->num_aces = i;
3910 psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|
3911 SEC_DESC_DACL_AUTO_INHERIT_REQ);
3912
3913 *pp_new_sd = psd;
3914 return status;
3915 }
3916 #endif
3917
3918 /****************************************************************************
3919 Reply to set a security descriptor on an fsp. security_info_sent is the
3920 description of the following NT ACL.
3921 This should be the only external function needed for the UNIX style set ACL.
3922 We make a copy of psd_orig as internal functions modify the elements inside
3923 it, even though it's a const pointer.
3924 ****************************************************************************/
3925
3926 NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd_orig)
3927 {
3928 connection_struct *conn = fsp->conn;
3929 uid_t user = (uid_t)-1;
3930 gid_t grp = (gid_t)-1;
3931 struct dom_sid file_owner_sid;
3932 struct dom_sid file_grp_sid;
3933 canon_ace *file_ace_list = NULL;
3934 canon_ace *dir_ace_list = NULL;
3935 bool acl_perms = False;
3936 mode_t orig_mode = (mode_t)0;
3937 NTSTATUS status;
3938 bool set_acl_as_root = false;
3939 bool acl_set_support = false;
3940 bool ret = false;
3941 struct security_descriptor *psd = NULL;
3942
3943 DEBUG(10,("set_nt_acl: called for file %s\n",
3944 fsp_str_dbg(fsp)));
3945
3946 if (!CAN_WRITE(conn)) {
3947 DEBUG(10,("set acl rejected on read-only share\n"));
3948 return NT_STATUS_MEDIA_WRITE_PROTECTED;
3949 }
3950
3951 if (!psd_orig) {
3952 return NT_STATUS_INVALID_PARAMETER;
3953 }
3954
3955 psd = dup_sec_desc(talloc_tos(), psd_orig);
3956 if (!psd) {
3957 return NT_STATUS_NO_MEMORY;
3958 }
3959
3960 /*
3961 * Get the current state of the file.
3962 */
3963
3964 status = vfs_stat_fsp(fsp);
3965 if (!NT_STATUS_IS_OK(status)) {
3966 return status;
3967 }
3968
3969 /* Save the original element we check against. */
3970 orig_mode = fsp->fsp_name->st.st_ex_mode;
3971
3972 /*
3973 * Unpack the user/group/world id's.
3974 */
3975
3976 /* POSIX can't cope with missing owner/group. */
3977 if ((security_info_sent & SECINFO_OWNER) && (psd->owner_sid == NULL)) {
3978 security_info_sent &= ~SECINFO_OWNER;
3979 }
3980 if ((security_info_sent & SECINFO_GROUP) && (psd->group_sid == NULL)) {
3981 security_info_sent &= ~SECINFO_GROUP;
3982 }
3983
3984 status = unpack_nt_owners( conn, &user, &grp, security_info_sent, psd);
3985 if (!NT_STATUS_IS_OK(status)) {
3986 return status;
3987 }
3988
3989 /*
3990 * Do we need to chown ? If so this must be done first as the incoming
3991 * CREATOR_OWNER acl will be relative to the *new* owner, not the old.
3992 * Noticed by Simo.
3993 */
3994
3995 if (((user != (uid_t)-1) && (fsp->fsp_name->st.st_ex_uid != user)) ||
3996 (( grp != (gid_t)-1) && (fsp->fsp_name->st.st_ex_gid != grp))) {
3997
3998 DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
3999 fsp_str_dbg(fsp), (unsigned int)user,
4000 (unsigned int)grp));
4001
4002 status = try_chown(fsp, user, grp);
4003 if(!NT_STATUS_IS_OK(status)) {
4004 DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error "
4005 "= %s.\n", fsp_str_dbg(fsp),
4006 (unsigned int)user,
4007 (unsigned int)grp,
4008 nt_errstr(status)));
4009 return status;
4010 }
4011
4012 /*
4013 * Recheck the current state of the file, which may have changed.
4014 * (suid/sgid bits, for instance)
4015 */
4016
4017 status = vfs_stat_fsp(fsp);
4018 if (!NT_STATUS_IS_OK(status)) {
4019 return status;
4020 }
4021
4022 /* Save the original element we check against. */
4023 orig_mode = fsp->fsp_name->st.st_ex_mode;
4024
4025 /* If we successfully chowned, we know we must
4026 * be able to set the acl, so do it as root.
4027 */
4028 set_acl_as_root = true;
4029 }
4030
4031 create_file_sids(&fsp->fsp_name->st, &file_owner_sid, &file_grp_sid);
4032
4033 if((security_info_sent & SECINFO_DACL) &&
4034 (psd->type & SEC_DESC_DACL_PRESENT) &&
4035 (psd->dacl == NULL)) {
4036 struct security_ace ace[3];
4037
4038 /* We can't have NULL DACL in POSIX.
4039 Use owner/group/Everyone -> full access. */
4040
4041 init_sec_ace(&ace[0],
4042 &file_owner_sid,
4043 SEC_ACE_TYPE_ACCESS_ALLOWED,
4044 GENERIC_ALL_ACCESS,
4045 0);
4046 init_sec_ace(&ace[1],
4047 &file_grp_sid,
4048 SEC_ACE_TYPE_ACCESS_ALLOWED,
4049 GENERIC_ALL_ACCESS,
4050 0);
4051 init_sec_ace(&ace[2],
4052 &global_sid_World,
4053 SEC_ACE_TYPE_ACCESS_ALLOWED,
4054 GENERIC_ALL_ACCESS,
4055 0);
4056 psd->dacl = make_sec_acl(talloc_tos(),
4057 NT4_ACL_REVISION,
4058 3,
4059 ace);
4060 if (psd->dacl == NULL) {
4061 return NT_STATUS_NO_MEMORY;
4062 }
4063 security_acl_map_generic(psd->dacl, &file_generic_mapping);
4064 }
4065
4066 acl_perms = unpack_canon_ace(fsp, &fsp->fsp_name->st, &file_owner_sid,
4067 &file_grp_sid, &file_ace_list,
4068 &dir_ace_list, security_info_sent, psd);
4069
4070 /* Ignore W2K traverse DACL set. */
4071 if (!file_ace_list && !dir_ace_list) {
4072 return NT_STATUS_OK;
4073 }
4074
4075 if (!acl_perms) {
4076 DEBUG(3,("set_nt_acl: cannot set permissions\n"));
4077 free_canon_ace_list(file_ace_list);
4078 free_canon_ace_list(dir_ace_list);
4079 return NT_STATUS_ACCESS_DENIED;
4080 }
4081
4082 /*
4083 * Only change security if we got a DACL.
4084 */
4085
4086 if(!(security_info_sent & SECINFO_DACL) || (psd->dacl == NULL)) {
4087 free_canon_ace_list(file_ace_list);
4088 free_canon_ace_list(dir_ace_list);
4089 return NT_STATUS_OK;
4090 }
4091
4092 /*
4093 * Try using the POSIX ACL set first. Fall back to chmod if
4094 * we have no ACL support on this filesystem.
4095 */
4096
4097 if (acl_perms && file_ace_list) {
4098 if (set_acl_as_root) {
4099 become_root();
4100 }
4101 ret = set_canon_ace_list(fsp, file_ace_list, false,
4102 &fsp->fsp_name->st, &acl_set_support);
4103 if (set_acl_as_root) {
4104 unbecome_root();
4105 }
4106 if (acl_set_support && ret == false) {
4107 DEBUG(3,("set_nt_acl: failed to set file acl on file "
4108 "%s (%s).\n", fsp_str_dbg(fsp),
4109 strerror(errno)));
4110 free_canon_ace_list(file_ace_list);
4111 free_canon_ace_list(dir_ace_list);
4112 return map_nt_error_from_unix(errno);
4113 }
4114 }
4115
4116 if (acl_perms && acl_set_support && fsp->is_directory) {
4117 if (dir_ace_list) {
4118 if (set_acl_as_root) {
4119 become_root();
4120 }
4121 ret = set_canon_ace_list(fsp, dir_ace_list, true,
4122 &fsp->fsp_name->st,
4123 &acl_set_support);
4124 if (set_acl_as_root) {
4125 unbecome_root();
4126 }
4127 if (ret == false) {
4128 DEBUG(3,("set_nt_acl: failed to set default "
4129 "acl on directory %s (%s).\n",
4130 fsp_str_dbg(fsp), strerror(errno)));
4131 free_canon_ace_list(file_ace_list);
4132 free_canon_ace_list(dir_ace_list);
4133 return map_nt_error_from_unix(errno);
4134 }
4135 } else {
4136 int sret = -1;
4137
4138 /*
4139 * No default ACL - delete one if it exists.
4140 */
4141
4142 if (set_acl_as_root) {
4143 become_root();
4144 }
4145 sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn,
4146 fsp->fsp_name->base_name);
4147 if (set_acl_as_root) {
4148 unbecome_root();
4149 }
4150 if (sret == -1) {
4151 if (acl_group_override(conn, fsp->fsp_name)) {
4152 DEBUG(5,("set_nt_acl: acl group "
4153 "control on and current user "
4154 "in file %s primary group. "
4155 "Override delete_def_acl\n",
4156 fsp_str_dbg(fsp)));
4157
4158 become_root();
4159 sret =
4160 SMB_VFS_SYS_ACL_DELETE_DEF_FILE(
4161 conn,
4162 fsp->fsp_name->base_name);
4163 unbecome_root();
4164 }
4165
4166 if (sret == -1) {
4167 DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno)));
4168 free_canon_ace_list(file_ace_list);
4169 free_canon_ace_list(dir_ace_list);
4170 return map_nt_error_from_unix(errno);
4171 }
4172 }
4173 }
4174 }
4175
4176 if (acl_set_support) {
4177 if (set_acl_as_root) {
4178 become_root();
4179 }
4180 store_inheritance_attributes(fsp,
4181 file_ace_list,
4182 dir_ace_list,
4183 psd->type);
4184 if (set_acl_as_root) {
4185 unbecome_root();
4186 }
4187 }
4188
4189 /*
4190 * If we cannot set using POSIX ACLs we fall back to checking if we need to chmod.
4191 */
4192
4193 if(!acl_set_support && acl_perms) {
4194 mode_t posix_perms;
4195
4196 if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) {
4197 free_canon_ace_list(file_ace_list);
4198 free_canon_ace_list(dir_ace_list);
4199 DEBUG(3,("set_nt_acl: failed to convert file acl to "
4200 "posix permissions for file %s.\n",
4201 fsp_str_dbg(fsp)));
4202 return NT_STATUS_ACCESS_DENIED;
4203 }
4204
4205 if (orig_mode != posix_perms) {
4206 int sret = -1;
4207
4208 DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n",
4209 fsp_str_dbg(fsp), (unsigned int)posix_perms));
4210
4211 if (set_acl_as_root) {
4212 become_root();
4213 }
4214 sret = SMB_VFS_CHMOD(conn, fsp->fsp_name->base_name,
4215 posix_perms);
4216 if (set_acl_as_root) {
4217 unbecome_root();
4218 }
4219 if(sret == -1) {
4220 if (acl_group_override(conn, fsp->fsp_name)) {
4221 DEBUG(5,("set_nt_acl: acl group "
4222 "control on and current user "
4223 "in file %s primary group. "
4224 "Override chmod\n",
4225 fsp_str_dbg(fsp)));
4226
4227 become_root();
4228 sret = SMB_VFS_CHMOD(conn,
4229 fsp->fsp_name->base_name,
4230 posix_perms);
4231 unbecome_root();
4232 }
4233
4234 if (sret == -1) {
4235 DEBUG(3,("set_nt_acl: chmod %s, 0%o "
4236 "failed. Error = %s.\n",
4237 fsp_str_dbg(fsp),
4238 (unsigned int)posix_perms,
4239 strerror(errno)));
4240 free_canon_ace_list(file_ace_list);
4241 free_canon_ace_list(dir_ace_list);
4242 return map_nt_error_from_unix(errno);
4243 }
4244 }
4245 }
4246 }
4247
4248 free_canon_ace_list(file_ace_list);
4249 free_canon_ace_list(dir_ace_list);
4250
4251 /* Ensure the stat struct in the fsp is correct. */
4252 status = vfs_stat_fsp(fsp);
4253
4254 return NT_STATUS_OK;
4255 }
4256
4257 /****************************************************************************
4258 Get the actual group bits stored on a file with an ACL. Has no effect if
4259 the file has no ACL. Needed in dosmode code where the stat() will return
4260 the mask bits, not the real group bits, for a file with an ACL.
4261 ****************************************************************************/
4262
4263 int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode )
4264 {
4265 int entry_id = SMB_ACL_FIRST_ENTRY;
4266 SMB_ACL_ENTRY_T entry;
4267 SMB_ACL_T posix_acl;
4268 int result = -1;
4269
4270 posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname,
4271 SMB_ACL_TYPE_ACCESS, talloc_tos());
4272 if (posix_acl == (SMB_ACL_T)NULL)
4273 return -1;
4274
4275 while (sys_acl_get_entry(posix_acl, entry_id, &entry) == 1) {
4276 SMB_ACL_TAG_T tagtype;
4277 SMB_ACL_PERMSET_T permset;
4278
4279 entry_id = SMB_ACL_NEXT_ENTRY;
4280
4281 if (sys_acl_get_tag_type(entry, &tagtype) ==-1)
4282 break;
4283
4284 if (tagtype == SMB_ACL_GROUP_OBJ) {
4285 if (sys_acl_get_permset(entry, &permset) == -1) {
4286 break;
4287 } else {
4288 *mode &= ~(S_IRGRP|S_IWGRP|S_IXGRP);
4289 *mode |= (sys_acl_get_perm(permset, SMB_ACL_READ) ? S_IRGRP : 0);
4290 *mode |= (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? S_IWGRP : 0);
4291 *mode |= (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? S_IXGRP : 0);
4292 result = 0;
4293 break;
4294 }
4295 }
4296 }
4297 TALLOC_FREE(posix_acl);
4298 return result;
4299 }
4300
4301 /****************************************************************************
4302 Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4303 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4304 ****************************************************************************/
4305
4306 static int chmod_acl_internals( connection_struct *conn, SMB_ACL_T posix_acl, mode_t mode)
4307 {
4308 int entry_id = SMB_ACL_FIRST_ENTRY;
4309 SMB_ACL_ENTRY_T entry;
4310 int num_entries = 0;
4311
4312 while ( sys_acl_get_entry(posix_acl, entry_id, &entry) == 1) {
4313 SMB_ACL_TAG_T tagtype;
4314 SMB_ACL_PERMSET_T permset;
4315 mode_t perms;
4316
4317 entry_id = SMB_ACL_NEXT_ENTRY;
4318
4319 if (sys_acl_get_tag_type(entry, &tagtype) == -1)
4320 return -1;
4321
4322 if (sys_acl_get_permset(entry, &permset) == -1)
4323 return -1;
4324
4325 num_entries++;
4326
4327 switch(tagtype) {
4328 case SMB_ACL_USER_OBJ:
4329 perms = unix_perms_to_acl_perms(mode, S_IRUSR, S_IWUSR, S_IXUSR);
4330 break;
4331 case SMB_ACL_GROUP_OBJ:
4332 perms = unix_perms_to_acl_perms(mode, S_IRGRP, S_IWGRP, S_IXGRP);
4333 break;
4334 case SMB_ACL_MASK:
4335 /*
4336 * FIXME: The ACL_MASK entry permissions should really be set to
4337 * the union of the permissions of all ACL_USER,
4338 * ACL_GROUP_OBJ, and ACL_GROUP entries. That's what
4339 * acl_calc_mask() does, but Samba ACLs doesn't provide it.
4340 */
4341 perms = S_IRUSR|S_IWUSR|S_IXUSR;
4342 break;
4343 case SMB_ACL_OTHER:
4344 perms = unix_perms_to_acl_perms(mode, S_IROTH, S_IWOTH, S_IXOTH);
4345 break;
4346 default:
4347 continue;
4348 }
4349
4350 if (map_acl_perms_to_permset(conn, perms, &permset) == -1)
4351 return -1;
4352
4353 if (sys_acl_set_permset(entry, permset) == -1)
4354 return -1;
4355 }
4356
4357 /*
4358 * If this is a simple 3 element ACL or no elements then it's a standard
4359 * UNIX permission set. Just use chmod...
4360 */
4361
4362 if ((num_entries == 3) || (num_entries == 0))
4363 return -1;
4364
4365 return 0;
4366 }
4367
4368 /****************************************************************************
4369 Get the access ACL of FROM, do a chmod by setting the ACL USER_OBJ,
4370 GROUP_OBJ and OTHER bits in an ACL and set the mask to rwx. Set the
4371 resulting ACL on TO. Note that name is in UNIX character set.
4372 ****************************************************************************/
4373
4374 static int copy_access_posix_acl(connection_struct *conn, const char *from, const char *to, mode_t mode)
4375 {
4376 SMB_ACL_T posix_acl = NULL;
4377 int ret = -1;
4378
4379 if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, from,
4380 SMB_ACL_TYPE_ACCESS,
4381 talloc_tos())) == NULL)
4382 return -1;
4383
4384 if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
4385 goto done;
4386
4387 ret = SMB_VFS_SYS_ACL_SET_FILE(conn, to, SMB_ACL_TYPE_ACCESS, posix_acl);
4388
4389 done:
4390
4391 TALLOC_FREE(posix_acl);
4392 return ret;
4393 }
4394
4395 /****************************************************************************
4396 Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4397 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4398 Note that name is in UNIX character set.
4399 ****************************************************************************/
4400
4401 int chmod_acl(connection_struct *conn, const char *name, mode_t mode)
4402 {
4403 return copy_access_posix_acl(conn, name, name, mode);
4404 }
4405
4406 /****************************************************************************
4407 Check for an existing default POSIX ACL on a directory.
4408 ****************************************************************************/
4409
4410 static bool directory_has_default_posix_acl(connection_struct *conn, const char *fname)
4411 {
4412 SMB_ACL_T def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname,
4413 SMB_ACL_TYPE_DEFAULT,
4414 talloc_tos());
4415 bool has_acl = False;
4416 SMB_ACL_ENTRY_T entry;
4417
4418 if (def_acl != NULL && (sys_acl_get_entry(def_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1)) {
4419 has_acl = True;
4420 }
4421
4422 if (def_acl) {
4423 TALLOC_FREE(def_acl);
4424 }
4425 return has_acl;
4426 }
4427
4428 /****************************************************************************
4429 If the parent directory has no default ACL but it does have an Access ACL,
4430 inherit this Access ACL to file name.
4431 ****************************************************************************/
4432
4433 int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir,
4434 const char *name, mode_t mode)
4435 {
4436 if (directory_has_default_posix_acl(conn, inherit_from_dir))
4437 return 0;
4438
4439 return copy_access_posix_acl(conn, inherit_from_dir, name, mode);
4440 }
4441
4442 /****************************************************************************
4443 Do an fchmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4444 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4445 ****************************************************************************/
4446
4447 int fchmod_acl(files_struct *fsp, mode_t mode)
4448 {
4449 connection_struct *conn = fsp->conn;
4450 SMB_ACL_T posix_acl = NULL;
4451 int ret = -1;
4452
4453 if ((posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos())) == NULL)
4454 return -1;
4455
4456 if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
4457 goto done;
4458
4459 ret = SMB_VFS_SYS_ACL_SET_FD(fsp, posix_acl);
4460
4461 done:
4462
4463 TALLOC_FREE(posix_acl);
4464 return ret;
4465 }
4466
4467 /****************************************************************************
4468 Map from wire type to permset.
4469 ****************************************************************************/
4470
4471 static bool unix_ex_wire_to_permset(connection_struct *conn, unsigned char wire_perm, SMB_ACL_PERMSET_T *p_permset)
4472 {
4473 if (wire_perm & ~(SMB_POSIX_ACL_READ|SMB_POSIX_ACL_WRITE|SMB_POSIX_ACL_EXECUTE)) {
4474 return False;
4475 }
4476
4477 if (sys_acl_clear_perms(*p_permset) == -1) {
4478 return False;
4479 }
4480
4481 if (wire_perm & SMB_POSIX_ACL_READ) {
4482 if (sys_acl_add_perm(*p_permset, SMB_ACL_READ) == -1) {
4483 return False;
4484 }
4485 }
4486 if (wire_perm & SMB_POSIX_ACL_WRITE) {
4487 if (sys_acl_add_perm(*p_permset, SMB_ACL_WRITE) == -1) {
4488 return False;
4489 }
4490 }
4491 if (wire_perm & SMB_POSIX_ACL_EXECUTE) {
4492 if (sys_acl_add_perm(*p_permset, SMB_ACL_EXECUTE) == -1) {
4493 return False;
4494 }
4495 }
4496 return True;
4497 }
4498
4499 /****************************************************************************
4500 Map from wire type to tagtype.
4501 ****************************************************************************/
4502
4503 static bool unix_ex_wire_to_tagtype(unsigned char wire_tt, SMB_ACL_TAG_T *p_tt)
4504 {
4505 switch (wire_tt) {
4506 case SMB_POSIX_ACL_USER_OBJ:
4507 *p_tt = SMB_ACL_USER_OBJ;
4508 break;
4509 case SMB_POSIX_ACL_USER:
4510 *p_tt = SMB_ACL_USER;
4511 break;
4512 case SMB_POSIX_ACL_GROUP_OBJ:
4513 *p_tt = SMB_ACL_GROUP_OBJ;
4514 break;
4515 case SMB_POSIX_ACL_GROUP:
4516 *p_tt = SMB_ACL_GROUP;
4517 break;
4518 case SMB_POSIX_ACL_MASK:
4519 *p_tt = SMB_ACL_MASK;
4520 break;
4521 case SMB_POSIX_ACL_OTHER:
4522 *p_tt = SMB_ACL_OTHER;
4523 break;
4524 default:
4525 return False;
4526 }
4527 return True;
4528 }
4529
4530 /****************************************************************************
4531 Create a new POSIX acl from wire permissions.
4532 FIXME ! How does the share mask/mode fit into this.... ?
4533 ****************************************************************************/
4534
4535 static SMB_ACL_T create_posix_acl_from_wire(connection_struct *conn,
4536 uint16 num_acls,
4537 const char *pdata,
4538 TALLOC_CTX *mem_ctx)
4539 {
4540 unsigned int i;
4541 SMB_ACL_T the_acl = sys_acl_init(mem_ctx);
4542
4543 if (the_acl == NULL) {
4544 return NULL;
4545 }
4546
4547 for (i = 0; i < num_acls; i++) {
4548 SMB_ACL_ENTRY_T the_entry;
4549 SMB_ACL_PERMSET_T the_permset;
4550 SMB_ACL_TAG_T tag_type;
4551
4552 if (sys_acl_create_entry(&the_acl, &the_entry) == -1) {
4553 DEBUG(0,("create_posix_acl_from_wire: Failed to create entry %u. (%s)\n",
4554 i, strerror(errno) ));
4555 goto fail;
4556 }
4557
4558 if (!unix_ex_wire_to_tagtype(CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), &tag_type)) {
4559 DEBUG(0,("create_posix_acl_from_wire: invalid wire tagtype %u on entry %u.\n",
4560 CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), i ));
4561 goto fail;
4562 }
4563
4564 if (sys_acl_set_tag_type(the_entry, tag_type) == -1) {
4565 DEBUG(0,("create_posix_acl_from_wire: Failed to set tagtype on entry %u. (%s)\n",
4566 i, strerror(errno) ));
4567 goto fail;
4568 }
4569
4570 /* Get the permset pointer from the new ACL entry. */
4571 if (sys_acl_get_permset(the_entry, &the_permset) == -1) {
4572 DEBUG(0,("create_posix_acl_from_wire: Failed to get permset on entry %u. (%s)\n",
4573 i, strerror(errno) ));
4574 goto fail;
4575 }
4576
4577 /* Map from wire to permissions. */
4578 if (!unix_ex_wire_to_permset(conn, CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+1), &the_permset)) {
4579 DEBUG(0,("create_posix_acl_from_wire: invalid permset %u on entry %u.\n",
4580 CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE) + 1), i ));
4581 goto fail;
4582 }
4583
4584 /* Now apply to the new ACL entry. */
4585 if (sys_acl_set_permset(the_entry, the_permset) == -1) {
4586 DEBUG(0,("create_posix_acl_from_wire: Failed to add permset on entry %u. (%s)\n",
4587 i, strerror(errno) ));
4588 goto fail;
4589 }
4590
4591 if (tag_type == SMB_ACL_USER) {
4592 uint32 uidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
4593 uid_t uid = (uid_t)uidval;
4594 if (sys_acl_set_qualifier(the_entry,(void *)&uid) == -1) {
4595 DEBUG(0,("create_posix_acl_from_wire: Failed to set uid %u on entry %u. (%s)\n",
4596 (unsigned int)uid, i, strerror(errno) ));
4597 goto fail;
4598 }
4599 }
4600
4601 if (tag_type == SMB_ACL_GROUP) {
4602 uint32 gidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
4603 gid_t gid = (uid_t)gidval;
4604 if (sys_acl_set_qualifier(the_entry,(void *)&gid) == -1) {
4605 DEBUG(0,("create_posix_acl_from_wire: Failed to set gid %u on entry %u. (%s)\n",
4606 (unsigned int)gid, i, strerror(errno) ));
4607 goto fail;
4608 }
4609 }
4610 }
4611
4612 return the_acl;
4613
4614 fail:
4615
4616 if (the_acl != NULL) {
4617 TALLOC_FREE(the_acl);
4618 }
4619 return NULL;
4620 }
4621
4622 /****************************************************************************
4623 Calls from UNIX extensions - Default POSIX ACL set.
4624 If num_def_acls == 0 and not a directory just return. If it is a directory
4625 and num_def_acls == 0 then remove the default acl. Else set the default acl
4626 on the directory.
4627 ****************************************************************************/
4628
4629 bool set_unix_posix_default_acl(connection_struct *conn, const char *fname, const SMB_STRUCT_STAT *psbuf,
4630 uint16 num_def_acls, const char *pdata)
4631 {
4632 SMB_ACL_T def_acl = NULL;
4633
4634 if (!S_ISDIR(psbuf->st_ex_mode)) {
4635 if (num_def_acls) {
4636 DEBUG(5,("set_unix_posix_default_acl: Can't set default ACL on non-directory file %s\n", fname ));
4637 errno = EISDIR;
4638 return False;
4639 } else {
4640 return True;
4641 }
4642 }
4643
4644 if (!num_def_acls) {
4645 /* Remove the default ACL. */
4646 if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fname) == -1) {
4647 DEBUG(5,("set_unix_posix_default_acl: acl_delete_def_file failed on directory %s (%s)\n",
4648 fname, strerror(errno) ));
4649 return False;
4650 }
4651 return True;
4652 }
4653
4654 if ((def_acl = create_posix_acl_from_wire(conn, num_def_acls,
4655 pdata,
4656 talloc_tos())) == NULL) {
4657 return False;
4658 }
4659
4660 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_DEFAULT, def_acl) == -1) {
4661 DEBUG(5,("set_unix_posix_default_acl: acl_set_file failed on directory %s (%s)\n",
4662 fname, strerror(errno) ));
4663 TALLOC_FREE(def_acl);
4664 return False;
4665 }
4666
4667 DEBUG(10,("set_unix_posix_default_acl: set default acl for file %s\n", fname ));
4668 TALLOC_FREE(def_acl);
4669 return True;
4670 }
4671
4672 /****************************************************************************
4673 Remove an ACL from a file. As we don't have acl_delete_entry() available
4674 we must read the current acl and copy all entries except MASK, USER and GROUP
4675 to a new acl, then set that. This (at least on Linux) causes any ACL to be
4676 removed.
4677 FIXME ! How does the share mask/mode fit into this.... ?
4678 ****************************************************************************/
4679
4680 static bool remove_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname)
4681 {
4682 SMB_ACL_T file_acl = NULL;
4683 int entry_id = SMB_ACL_FIRST_ENTRY;
4684 SMB_ACL_ENTRY_T entry;
4685 bool ret = False;
4686 /* Create a new ACL with only 3 entries, u/g/w. */
4687 SMB_ACL_T new_file_acl = sys_acl_init(talloc_tos());
4688 SMB_ACL_ENTRY_T user_ent = NULL;
4689 SMB_ACL_ENTRY_T group_ent = NULL;
4690 SMB_ACL_ENTRY_T other_ent = NULL;
4691
4692 if (new_file_acl == NULL) {
4693 DEBUG(5,("remove_posix_acl: failed to init new ACL with 3 entries for file %s.\n", fname));
4694 return False;
4695 }
4696
4697 /* Now create the u/g/w entries. */
4698 if (sys_acl_create_entry(&new_file_acl, &user_ent) == -1) {
4699 DEBUG(5,("remove_posix_acl: Failed to create user entry for file %s. (%s)\n",
4700 fname, strerror(errno) ));
4701 goto done;
4702 }
4703 if (sys_acl_set_tag_type(user_ent, SMB_ACL_USER_OBJ) == -1) {
4704 DEBUG(5,("remove_posix_acl: Failed to set user entry for file %s. (%s)\n",
4705 fname, strerror(errno) ));
4706 goto done;
4707 }
4708
4709 if (sys_acl_create_entry(&new_file_acl, &group_ent) == -1) {
4710 DEBUG(5,("remove_posix_acl: Failed to create group entry for file %s. (%s)\n",
4711 fname, strerror(errno) ));
4712 goto done;
4713 }
4714 if (sys_acl_set_tag_type(group_ent, SMB_ACL_GROUP_OBJ) == -1) {
4715 DEBUG(5,("remove_posix_acl: Failed to set group entry for file %s. (%s)\n",
4716 fname, strerror(errno) ));
4717 goto done;
4718 }
4719
4720 if (sys_acl_create_entry(&new_file_acl, &other_ent) == -1) {
4721 DEBUG(5,("remove_posix_acl: Failed to create other entry for file %s. (%s)\n",
4722 fname, strerror(errno) ));
4723 goto done;
4724 }
4725 if (sys_acl_set_tag_type(other_ent, SMB_ACL_OTHER) == -1) {
4726 DEBUG(5,("remove_posix_acl: Failed to set other entry for file %s. (%s)\n",
4727 fname, strerror(errno) ));
4728 goto done;
4729 }
4730
4731 /* Get the current file ACL. */
4732 if (fsp && fsp->fh->fd != -1) {
4733 file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos());
4734 } else {
4735 file_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname,
4736 SMB_ACL_TYPE_ACCESS,
4737 talloc_tos());
4738 }
4739
4740 if (file_acl == NULL) {
4741 /* This is only returned if an error occurred. Even for a file with
4742 no acl a u/g/w acl should be returned. */
4743 DEBUG(5,("remove_posix_acl: failed to get ACL from file %s (%s).\n",
4744 fname, strerror(errno) ));
4745 goto done;
4746 }
4747
4748 while ( sys_acl_get_entry(file_acl, entry_id, &entry) == 1) {
4749 SMB_ACL_TAG_T tagtype;
4750 SMB_ACL_PERMSET_T permset;
4751
4752 entry_id = SMB_ACL_NEXT_ENTRY;
4753
4754 if (sys_acl_get_tag_type(entry, &tagtype) == -1) {
4755 DEBUG(5,("remove_posix_acl: failed to get tagtype from ACL on file %s (%s).\n",
4756 fname, strerror(errno) ));
4757 goto done;
4758 }
4759
4760 if (sys_acl_get_permset(entry, &permset) == -1) {
4761 DEBUG(5,("remove_posix_acl: failed to get permset from ACL on file %s (%s).\n",
4762 fname, strerror(errno) ));
4763 goto done;
4764 }
4765
4766 if (tagtype == SMB_ACL_USER_OBJ) {
4767 if (sys_acl_set_permset(user_ent, permset) == -1) {
4768 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4769 fname, strerror(errno) ));
4770 }
4771 } else if (tagtype == SMB_ACL_GROUP_OBJ) {
4772 if (sys_acl_set_permset(group_ent, permset) == -1) {
4773 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4774 fname, strerror(errno) ));
4775 }
4776 } else if (tagtype == SMB_ACL_OTHER) {
4777 if (sys_acl_set_permset(other_ent, permset) == -1) {
4778 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4779 fname, strerror(errno) ));
4780 }
4781 }
4782 }
4783
4784 /* Set the new empty file ACL. */
4785 if (fsp && fsp->fh->fd != -1) {
4786 if (SMB_VFS_SYS_ACL_SET_FD(fsp, new_file_acl) == -1) {
4787 DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
4788 fname, strerror(errno) ));
4789 goto done;
4790 }
4791 } else {
4792 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, new_file_acl) == -1) {
4793 DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
4794 fname, strerror(errno) ));
4795 goto done;
4796 }
4797 }
4798
4799 ret = True;
4800
4801 done:
4802
4803 if (file_acl) {
4804 TALLOC_FREE(file_acl);
4805 }
4806 if (new_file_acl) {
4807 TALLOC_FREE(new_file_acl);
4808 }
4809 return ret;
4810 }
4811
4812 /****************************************************************************
4813 Calls from UNIX extensions - POSIX ACL set.
4814 If num_def_acls == 0 then read/modify/write acl after removing all entries
4815 except SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER.
4816 ****************************************************************************/
4817
4818 bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata)
4819 {
4820 SMB_ACL_T file_acl = NULL;
4821
4822 if (!num_acls) {
4823 /* Remove the ACL from the file. */
4824 return remove_posix_acl(conn, fsp, fname);
4825 }
4826
4827 if ((file_acl = create_posix_acl_from_wire(conn, num_acls,
4828 pdata,
4829 talloc_tos())) == NULL) {
4830 return False;
4831 }
4832
4833 if (fsp && fsp->fh->fd != -1) {
4834 /* The preferred way - use an open fd. */
4835 if (SMB_VFS_SYS_ACL_SET_FD(fsp, file_acl) == -1) {
4836 DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
4837 fname, strerror(errno) ));
4838 TALLOC_FREE(file_acl);
4839 return False;
4840 }
4841 } else {
4842 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, file_acl) == -1) {
4843 DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
4844 fname, strerror(errno) ));
4845 TALLOC_FREE(file_acl);
4846 return False;
4847 }
4848 }
4849
4850 DEBUG(10,("set_unix_posix_acl: set acl for file %s\n", fname ));
4851 TALLOC_FREE(file_acl);
4852 return True;
4853 }
4854
4855 /********************************************************************
4856 Pull the NT ACL from a file on disk or the OpenEventlog() access
4857 check. Caller is responsible for freeing the returned security
4858 descriptor via TALLOC_FREE(). This is designed for dealing with
4859 user space access checks in smbd outside of the VFS. For example,
4860 checking access rights in OpenEventlog() or from python.
4861
4862 ********************************************************************/
4863
4864 NTSTATUS get_nt_acl_no_snum(TALLOC_CTX *ctx, const char *fname,
4865 uint32 security_info_wanted,
4866 struct security_descriptor **sd)
4867 {
4868 TALLOC_CTX *frame = talloc_stackframe();
4869 connection_struct *conn;
4870 NTSTATUS status = NT_STATUS_OK;
4871
4872 if (!posix_locking_init(false)) {
4873 TALLOC_FREE(frame);
4874 return NT_STATUS_NO_MEMORY;
4875 }
4876
4877 conn = talloc_zero(frame, connection_struct);
4878 if (conn == NULL) {
4879 TALLOC_FREE(frame);
4880 DEBUG(0, ("talloc failed\n"));
4881 return NT_STATUS_NO_MEMORY;
4882 }
4883
4884 if (!(conn->params = talloc(conn, struct share_params))) {
4885 DEBUG(0, ("talloc failed\n"));
4886 TALLOC_FREE(frame);
4887 return NT_STATUS_NO_MEMORY;
4888 }
4889
4890 conn->params->service = -1;
4891
4892 set_conn_connectpath(conn, "/");
4893
4894 if (!smbd_vfs_init(conn)) {
4895 DEBUG(0,("smbd_vfs_init() failed!\n"));
4896 TALLOC_FREE(frame);
4897 return NT_STATUS_INTERNAL_ERROR;
4898 }
4899
4900 status = SMB_VFS_GET_NT_ACL(conn, fname, security_info_wanted, ctx, sd);
4901 if (!NT_STATUS_IS_OK(status)) {
4902 DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned %s.\n",
4903 nt_errstr(status)));
4904 }
4905
4906 conn_free(conn);
4907 TALLOC_FREE(frame);
4908
4909 return status;
4910 }
4911
4912 /* Stolen shamelessly from pvfs_default_acl() in source4 :-). */
4913
4914 NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
4915 const char *name,
4916 SMB_STRUCT_STAT *psbuf,
4917 struct security_descriptor **ppdesc)
4918 {
4919 struct dom_sid owner_sid, group_sid;
4920 size_t size = 0;
4921 struct security_ace aces[4];
4922 uint32_t access_mask = 0;
4923 mode_t mode = psbuf->st_ex_mode;
4924 struct security_acl *new_dacl = NULL;
4925 int idx = 0;
4926
4927 DEBUG(10,("make_default_filesystem_acl: file %s mode = 0%o\n",
4928 name, (int)mode ));
4929
4930 uid_to_sid(&owner_sid, psbuf->st_ex_uid);
4931 gid_to_sid(&group_sid, psbuf->st_ex_gid);
4932
4933 /*
4934 We provide up to 4 ACEs
4935 - Owner
4936 - Group
4937 - Everyone
4938 - NT System
4939 */
4940
4941 if (mode & S_IRUSR) {
4942 if (mode & S_IWUSR) {
4943 access_mask |= SEC_RIGHTS_FILE_ALL;
4944 } else {
4945 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
4946 }
4947 }
4948 if (mode & S_IWUSR) {
4949 access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
4950 }
4951
4952 init_sec_ace(&aces[idx],
4953 &owner_sid,
4954 SEC_ACE_TYPE_ACCESS_ALLOWED,
4955 access_mask,
4956 0);
4957 idx++;
4958
4959 access_mask = 0;
4960 if (mode & S_IRGRP) {
4961 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
4962 }
4963 if (mode & S_IWGRP) {
4964 /* note that delete is not granted - this matches posix behaviour */
4965 access_mask |= SEC_RIGHTS_FILE_WRITE;
4966 }
4967 if (access_mask) {
4968 init_sec_ace(&aces[idx],
4969 &group_sid,
4970 SEC_ACE_TYPE_ACCESS_ALLOWED,
4971 access_mask,
4972 0);
4973 idx++;
4974 }
4975
4976 access_mask = 0;
4977 if (mode & S_IROTH) {
4978 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
4979 }
4980 if (mode & S_IWOTH) {
4981 access_mask |= SEC_RIGHTS_FILE_WRITE;
4982 }
4983 if (access_mask) {
4984 init_sec_ace(&aces[idx],
4985 &global_sid_World,
4986 SEC_ACE_TYPE_ACCESS_ALLOWED,
4987 access_mask,
4988 0);
4989 idx++;
4990 }
4991
4992 init_sec_ace(&aces[idx],
4993 &global_sid_System,
4994 SEC_ACE_TYPE_ACCESS_ALLOWED,
4995 SEC_RIGHTS_FILE_ALL,
4996 0);
4997 idx++;
4998
4999 new_dacl = make_sec_acl(ctx,
5000 NT4_ACL_REVISION,
5001 idx,
5002 aces);
5003
5004 if (!new_dacl) {
5005 return NT_STATUS_NO_MEMORY;
5006 }
5007
5008 *ppdesc = make_sec_desc(ctx,
5009 SECURITY_DESCRIPTOR_REVISION_1,
5010 SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
5011 &owner_sid,
5012 &group_sid,
5013 NULL,
5014 new_dacl,
5015 &size);
5016 if (!*ppdesc) {
5017 return NT_STATUS_NO_MEMORY;
5018 }
5019 return NT_STATUS_OK;
5020 }
5021
5022 int posix_sys_acl_blob_get_file(vfs_handle_struct *handle,
5023 const char *path_p,
5024 TALLOC_CTX *mem_ctx,
5025 char **blob_description,
5026 DATA_BLOB *blob)
5027 {
5028 int ret;
5029 TALLOC_CTX *frame = talloc_stackframe();
5030 struct smb_acl_wrapper acl_wrapper = {};
5031 struct smb_filename *smb_fname = NULL;
5032 NTSTATUS status = create_synthetic_smb_fname_split(frame, path_p,
5033 NULL,
5034 &smb_fname);
5035 if (!NT_STATUS_IS_OK(status)) {
5036 errno = map_errno_from_nt_status(status);
5037 TALLOC_FREE(frame);
5038 return -1;
5039 }
5040
5041 acl_wrapper.access_acl
5042 = smb_vfs_call_sys_acl_get_file(handle,
5043 path_p,
5044 SMB_ACL_TYPE_ACCESS,
5045 frame);
5046
5047 ret = smb_vfs_call_stat(handle, smb_fname);
5048 if (ret == -1) {
5049 TALLOC_FREE(frame);
5050 return -1;
5051 }
5052
5053 if (S_ISDIR(smb_fname->st.st_ex_mode)) {
5054 acl_wrapper.default_acl
5055 = smb_vfs_call_sys_acl_get_file(handle,
5056 path_p,
5057 SMB_ACL_TYPE_DEFAULT,
5058 frame);
5059 }
5060
5061 acl_wrapper.owner = smb_fname->st.st_ex_uid;
5062 acl_wrapper.group = smb_fname->st.st_ex_gid;
5063 acl_wrapper.mode = smb_fname->st.st_ex_mode;
5064
5065 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_push_struct_blob(blob, mem_ctx,
5066 &acl_wrapper,
5067 (ndr_push_flags_fn_t)ndr_push_smb_acl_wrapper))) {
5068 errno = EINVAL;
5069 TALLOC_FREE(frame);
5070 return -1;
5071 }
5072
5073 *blob_description = talloc_strdup(mem_ctx, "posix_acl");
5074 if (!*blob_description) {
5075 errno = EINVAL;
5076 TALLOC_FREE(frame);
5077 return -1;
5078 }
5079
5080 TALLOC_FREE(frame);
5081 return 0;
5082 }
5083
5084 int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle,
5085 files_struct *fsp,
5086 TALLOC_CTX *mem_ctx,
5087 char **blob_description,
5088 DATA_BLOB *blob)
5089 {
5090 SMB_STRUCT_STAT sbuf;
5091 TALLOC_CTX *frame;
5092 struct smb_acl_wrapper acl_wrapper;
5093 int ret;
5094
5095 /* This ensures that we also consider the default ACL */
5096 if (fsp->is_directory || fsp->fh->fd == -1) {
5097 return posix_sys_acl_blob_get_file(handle, fsp->fsp_name->base_name,
5098 mem_ctx, blob_description, blob);
5099 }
5100 frame = talloc_stackframe();
5101
5102 acl_wrapper.default_acl = NULL;
5103
5104 acl_wrapper.access_acl = smb_vfs_call_sys_acl_get_file(handle, fsp->fsp_name->base_name,
5105 SMB_ACL_TYPE_ACCESS, frame);
5106
5107 ret = smb_vfs_call_fstat(handle, fsp, &sbuf);
5108 if (ret == -1) {
5109 TALLOC_FREE(frame);
5110 return -1;
5111 }
5112
5113 acl_wrapper.owner = sbuf.st_ex_uid;
5114 acl_wrapper.group = sbuf.st_ex_gid;
5115 acl_wrapper.mode = sbuf.st_ex_mode;
5116
5117 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_push_struct_blob(blob, mem_ctx,
5118 &acl_wrapper,
5119 (ndr_push_flags_fn_t)ndr_push_smb_acl_wrapper))) {
5120 errno = EINVAL;
5121 TALLOC_FREE(frame);
5122 return -1;
5123 }
5124
5125 *blob_description = talloc_strdup(mem_ctx, "posix_acl");
5126 if (!*blob_description) {
5127 errno = EINVAL;
5128 TALLOC_FREE(frame);
5129 return -1;
5130 }
5131
5132 TALLOC_FREE(frame);
5133 return 0;
5134 }
WIP