search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make cli_getatr() async.
[Samba/gebeck_regimport.git] / source3 / smbd / posix_acls.c
blobbc96838a09aa85d052f6c821459da9d1f44fd1cd
1 /*
2 Unix SMB/CIFS implementation.
3 SMB NT Security Descriptor / Unix permission conversion.
4 Copyright (C) Jeremy Allison 1994-2009.
5 Copyright (C) Andreas Gruenbacher 2002.
6 Copyright (C) Simo Sorce <idra@samba.org> 2009.
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 extern struct current_user current_user;
25 extern const struct generic_mapping file_generic_mapping;
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_ACLS
29
30 /****************************************************************************
31 Data structures representing the internal ACE format.
32 ****************************************************************************/
33
34 enum ace_owner {UID_ACE, GID_ACE, WORLD_ACE};
35 enum ace_attribute {ALLOW_ACE, DENY_ACE}; /* Used for incoming NT ACLS. */
36
37 typedef union posix_id {
38 uid_t uid;
39 gid_t gid;
40 int world;
41 } posix_id;
42
43 typedef struct canon_ace {
44 struct canon_ace *next, *prev;
45 SMB_ACL_TAG_T type;
46 mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
47 DOM_SID trustee;
48 enum ace_owner owner_type;
49 enum ace_attribute attr;
50 posix_id unix_ug;
51 uint8_t ace_flags; /* From windows ACE entry. */
52 } canon_ace;
53
54 #define ALL_ACE_PERMS (S_IRUSR|S_IWUSR|S_IXUSR)
55
56 /*
57 * EA format of user.SAMBA_PAI (Samba_Posix_Acl_Interitance)
58 * attribute on disk - version 1.
59 * All values are little endian.
60 *
61 * | 1 | 1 | 2 | 2 | ....
62 * +------+------+-------------+---------------------+-------------+--------------------+
63 * | vers | flag | num_entries | num_default_entries | ..entries.. | default_entries... |
64 * +------+------+-------------+---------------------+-------------+--------------------+
65 *
66 * Entry format is :
67 *
68 * | 1 | 4 |
69 * +------+-------------------+
70 * | value| uid/gid or world |
71 * | type | value |
72 * +------+-------------------+
73 *
74 * Version 2 format. Stores extra Windows metadata about an ACL.
75 *
76 * | 1 | 2 | 2 | 2 | ....
77 * +------+----------+-------------+---------------------+-------------+--------------------+
78 * | vers | ace | num_entries | num_default_entries | ..entries.. | default_entries... |
79 * | 2 | type | | | | |
80 * +------+----------+-------------+---------------------+-------------+--------------------+
81 *
82 * Entry format is :
83 *
84 * | 1 | 1 | 4 |
85 * +------+------+-------------------+
86 * | ace | value| uid/gid or world |
87 * | flag | type | value |
88 * +------+-------------------+------+
89 *
90 */
91
92 #define PAI_VERSION_OFFSET 0
93
94 #define PAI_V1_FLAG_OFFSET 1
95 #define PAI_V1_NUM_ENTRIES_OFFSET 2
96 #define PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET 4
97 #define PAI_V1_ENTRIES_BASE 6
98 #define PAI_V1_ACL_FLAG_PROTECTED 0x1
99 #define PAI_V1_ENTRY_LENGTH 5
100
101 #define PAI_V1_VERSION 1
102
103 #define PAI_V2_TYPE_OFFSET 1
104 #define PAI_V2_NUM_ENTRIES_OFFSET 3
105 #define PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET 5
106 #define PAI_V2_ENTRIES_BASE 7
107 #define PAI_V2_ENTRY_LENGTH 6
108
109 #define PAI_V2_VERSION 2
110
111 /*
112 * In memory format of user.SAMBA_PAI attribute.
113 */
114
115 struct pai_entry {
116 struct pai_entry *next, *prev;
117 uint8_t ace_flags;
118 enum ace_owner owner_type;
119 posix_id unix_ug;
120 };
121
122 struct pai_val {
123 uint16_t sd_type;
124 unsigned int num_entries;
125 struct pai_entry *entry_list;
126 unsigned int num_def_entries;
127 struct pai_entry *def_entry_list;
128 };
129
130 /************************************************************************
131 Return a uint32 of the pai_entry principal.
132 ************************************************************************/
133
134 static uint32_t get_pai_entry_val(struct pai_entry *paie)
135 {
136 switch (paie->owner_type) {
137 case UID_ACE:
138 DEBUG(10,("get_pai_entry_val: uid = %u\n", (unsigned int)paie->unix_ug.uid ));
139 return (uint32_t)paie->unix_ug.uid;
140 case GID_ACE:
141 DEBUG(10,("get_pai_entry_val: gid = %u\n", (unsigned int)paie->unix_ug.gid ));
142 return (uint32_t)paie->unix_ug.gid;
143 case WORLD_ACE:
144 default:
145 DEBUG(10,("get_pai_entry_val: world ace\n"));
146 return (uint32_t)-1;
147 }
148 }
149
150 /************************************************************************
151 Return a uint32 of the entry principal.
152 ************************************************************************/
153
154 static uint32_t get_entry_val(canon_ace *ace_entry)
155 {
156 switch (ace_entry->owner_type) {
157 case UID_ACE:
158 DEBUG(10,("get_entry_val: uid = %u\n", (unsigned int)ace_entry->unix_ug.uid ));
159 return (uint32_t)ace_entry->unix_ug.uid;
160 case GID_ACE:
161 DEBUG(10,("get_entry_val: gid = %u\n", (unsigned int)ace_entry->unix_ug.gid ));
162 return (uint32_t)ace_entry->unix_ug.gid;
163 case WORLD_ACE:
164 default:
165 DEBUG(10,("get_entry_val: world ace\n"));
166 return (uint32_t)-1;
167 }
168 }
169
170 /************************************************************************
171 Create the on-disk format (always v2 now). Caller must free.
172 ************************************************************************/
173
174 static char *create_pai_buf_v2(canon_ace *file_ace_list,
175 canon_ace *dir_ace_list,
176 uint16_t sd_type,
177 size_t *store_size)
178 {
179 char *pai_buf = NULL;
180 canon_ace *ace_list = NULL;
181 char *entry_offset = NULL;
182 unsigned int num_entries = 0;
183 unsigned int num_def_entries = 0;
184
185 for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
186 num_entries++;
187 }
188
189 for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
190 num_def_entries++;
191 }
192
193 DEBUG(10,("create_pai_buf_v2: num_entries = %u, num_def_entries = %u\n", num_entries, num_def_entries ));
194
195 *store_size = PAI_V2_ENTRIES_BASE +
196 ((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH);
197
198 pai_buf = (char *)SMB_MALLOC(*store_size);
199 if (!pai_buf) {
200 return NULL;
201 }
202
203 /* Set up the header. */
204 memset(pai_buf, '\0', PAI_V2_ENTRIES_BASE);
205 SCVAL(pai_buf,PAI_VERSION_OFFSET,PAI_V2_VERSION);
206 SSVAL(pai_buf,PAI_V2_TYPE_OFFSET, sd_type);
207 SSVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET,num_entries);
208 SSVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET,num_def_entries);
209
210 entry_offset = pai_buf + PAI_V2_ENTRIES_BASE;
211
212 for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
213 uint8_t type_val = (uint8_t)ace_list->owner_type;
214 uint32_t entry_val = get_entry_val(ace_list);
215
216 SCVAL(entry_offset,0,ace_list->ace_flags);
217 SCVAL(entry_offset,1,type_val);
218 SIVAL(entry_offset,2,entry_val);
219 entry_offset += PAI_V2_ENTRY_LENGTH;
220 }
221
222 for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
223 uint8_t type_val = (uint8_t)ace_list->owner_type;
224 uint32_t entry_val = get_entry_val(ace_list);
225
226 SCVAL(entry_offset,0,ace_list->ace_flags);
227 SCVAL(entry_offset,1,type_val);
228 SIVAL(entry_offset,2,entry_val);
229 entry_offset += PAI_V2_ENTRY_LENGTH;
230 }
231
232 return pai_buf;
233 }
234
235 /************************************************************************
236 Store the user.SAMBA_PAI attribute on disk.
237 ************************************************************************/
238
239 static void store_inheritance_attributes(files_struct *fsp,
240 canon_ace *file_ace_list,
241 canon_ace *dir_ace_list,
242 uint16_t sd_type)
243 {
244 int ret;
245 size_t store_size;
246 char *pai_buf;
247
248 if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
249 return;
250 }
251
252 pai_buf = create_pai_buf_v2(file_ace_list, dir_ace_list,
253 sd_type, &store_size);
254
255 if (fsp->fh->fd != -1) {
256 ret = SMB_VFS_FSETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
257 pai_buf, store_size, 0);
258 } else {
259 ret = SMB_VFS_SETXATTR(fsp->conn,fsp->fsp_name, SAMBA_POSIX_INHERITANCE_EA_NAME,
260 pai_buf, store_size, 0);
261 }
262
263 SAFE_FREE(pai_buf);
264
265 DEBUG(10,("store_inheritance_attribute: type 0x%x for file %s\n",
266 (unsigned int)sd_type,
267 fsp->fsp_name));
268
269 if (ret == -1 && !no_acl_syscall_error(errno)) {
270 DEBUG(1,("store_inheritance_attribute: Error %s\n", strerror(errno) ));
271 }
272 }
273
274 /************************************************************************
275 Delete the in memory inheritance info.
276 ************************************************************************/
277
278 static void free_inherited_info(struct pai_val *pal)
279 {
280 if (pal) {
281 struct pai_entry *paie, *paie_next;
282 for (paie = pal->entry_list; paie; paie = paie_next) {
283 paie_next = paie->next;
284 SAFE_FREE(paie);
285 }
286 for (paie = pal->def_entry_list; paie; paie = paie_next) {
287 paie_next = paie->next;
288 SAFE_FREE(paie);
289 }
290 SAFE_FREE(pal);
291 }
292 }
293
294 /************************************************************************
295 Get any stored ACE flags.
296 ************************************************************************/
297
298 static uint16_t get_pai_flags(struct pai_val *pal, canon_ace *ace_entry, bool default_ace)
299 {
300 struct pai_entry *paie;
301
302 if (!pal) {
303 return 0;
304 }
305
306 /* If the entry exists it is inherited. */
307 for (paie = (default_ace ? pal->def_entry_list : pal->entry_list); paie; paie = paie->next) {
308 if (ace_entry->owner_type == paie->owner_type &&
309 get_entry_val(ace_entry) == get_pai_entry_val(paie))
310 return paie->ace_flags;
311 }
312 return 0;
313 }
314
315 /************************************************************************
316 Ensure an attribute just read is valid - v1.
317 ************************************************************************/
318
319 static bool check_pai_ok_v1(const char *pai_buf, size_t pai_buf_data_size)
320 {
321 uint16 num_entries;
322 uint16 num_def_entries;
323
324 if (pai_buf_data_size < PAI_V1_ENTRIES_BASE) {
325 /* Corrupted - too small. */
326 return false;
327 }
328
329 if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V1_VERSION) {
330 return false;
331 }
332
333 num_entries = SVAL(pai_buf,PAI_V1_NUM_ENTRIES_OFFSET);
334 num_def_entries = SVAL(pai_buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
335
336 /* Check the entry lists match. */
337 /* Each entry is 5 bytes (type plus 4 bytes of uid or gid). */
338
339 if (((num_entries + num_def_entries)*PAI_V1_ENTRY_LENGTH) +
340 PAI_V1_ENTRIES_BASE != pai_buf_data_size) {
341 return false;
342 }
343
344 return true;
345 }
346
347 /************************************************************************
348 Ensure an attribute just read is valid - v2.
349 ************************************************************************/
350
351 static bool check_pai_ok_v2(const char *pai_buf, size_t pai_buf_data_size)
352 {
353 uint16 num_entries;
354 uint16 num_def_entries;
355
356 if (pai_buf_data_size < PAI_V2_ENTRIES_BASE) {
357 /* Corrupted - too small. */
358 return false;
359 }
360
361 if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V2_VERSION) {
362 return false;
363 }
364
365 num_entries = SVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET);
366 num_def_entries = SVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
367
368 /* Check the entry lists match. */
369 /* Each entry is 6 bytes (flags + type + 4 bytes of uid or gid). */
370
371 if (((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH) +
372 PAI_V2_ENTRIES_BASE != pai_buf_data_size) {
373 return false;
374 }
375
376 return true;
377 }
378
379 /************************************************************************
380 Decode the owner.
381 ************************************************************************/
382
383 static bool get_pai_owner_type(struct pai_entry *paie, const char *entry_offset)
384 {
385 paie->owner_type = (enum ace_owner)CVAL(entry_offset,0);
386 switch( paie->owner_type) {
387 case UID_ACE:
388 paie->unix_ug.uid = (uid_t)IVAL(entry_offset,1);
389 DEBUG(10,("get_pai_owner_type: uid = %u\n",
390 (unsigned int)paie->unix_ug.uid ));
391 break;
392 case GID_ACE:
393 paie->unix_ug.gid = (gid_t)IVAL(entry_offset,1);
394 DEBUG(10,("get_pai_owner_type: gid = %u\n",
395 (unsigned int)paie->unix_ug.gid ));
396 break;
397 case WORLD_ACE:
398 paie->unix_ug.world = -1;
399 DEBUG(10,("get_pai_owner_type: world ace\n"));
400 break;
401 default:
402 return false;
403 }
404 return true;
405 }
406
407 /************************************************************************
408 Process v2 entries.
409 ************************************************************************/
410
411 static const char *create_pai_v1_entries(struct pai_val *paiv,
412 const char *entry_offset,
413 bool def_entry)
414 {
415 int i;
416
417 for (i = 0; i < paiv->num_entries; i++) {
418 struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry);
419 if (!paie) {
420 return NULL;
421 }
422
423 paie->ace_flags = SEC_ACE_FLAG_INHERITED_ACE;
424 if (!get_pai_owner_type(paie, entry_offset)) {
425 return NULL;
426 }
427
428 if (!def_entry) {
429 DLIST_ADD(paiv->entry_list, paie);
430 } else {
431 DLIST_ADD(paiv->def_entry_list, paie);
432 }
433 entry_offset += PAI_V1_ENTRY_LENGTH;
434 }
435 return entry_offset;
436 }
437
438 /************************************************************************
439 Convert to in-memory format from version 1.
440 ************************************************************************/
441
442 static struct pai_val *create_pai_val_v1(const char *buf, size_t size)
443 {
444 const char *entry_offset;
445 struct pai_val *paiv = NULL;
446
447 if (!check_pai_ok_v1(buf, size)) {
448 return NULL;
449 }
450
451 paiv = SMB_MALLOC_P(struct pai_val);
452 if (!paiv) {
453 return NULL;
454 }
455
456 memset(paiv, '\0', sizeof(struct pai_val));
457
458 paiv->sd_type = (CVAL(buf,PAI_V1_FLAG_OFFSET) == PAI_V1_ACL_FLAG_PROTECTED) ?
459 SE_DESC_DACL_PROTECTED : 0;
460
461 paiv->num_entries = SVAL(buf,PAI_V1_NUM_ENTRIES_OFFSET);
462 paiv->num_def_entries = SVAL(buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
463
464 entry_offset = buf + PAI_V1_ENTRIES_BASE;
465
466 DEBUG(10,("create_pai_val: num_entries = %u, num_def_entries = %u\n",
467 paiv->num_entries, paiv->num_def_entries ));
468
469 entry_offset = create_pai_v1_entries(paiv, entry_offset, false);
470 if (entry_offset == NULL) {
471 free_inherited_info(paiv);
472 return NULL;
473 }
474 entry_offset = create_pai_v1_entries(paiv, entry_offset, true);
475 if (entry_offset == NULL) {
476 free_inherited_info(paiv);
477 return NULL;
478 }
479
480 return paiv;
481 }
482
483 /************************************************************************
484 Process v2 entries.
485 ************************************************************************/
486
487 static const char *create_pai_v2_entries(struct pai_val *paiv,
488 const char *entry_offset,
489 bool def_entry)
490 {
491 int i;
492
493 for (i = 0; i < paiv->num_entries; i++) {
494 struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry);
495 if (!paie) {
496 return NULL;
497 }
498
499 paie->ace_flags = CVAL(entry_offset,0);
500
501 entry_offset++;
502
503 if (!get_pai_owner_type(paie, entry_offset)) {
504 return NULL;
505 }
506 if (!def_entry) {
507 DLIST_ADD(paiv->entry_list, paie);
508 } else {
509 DLIST_ADD(paiv->def_entry_list, paie);
510 }
511 entry_offset += PAI_V2_ENTRY_LENGTH;
512 }
513 return entry_offset;
514 }
515
516 /************************************************************************
517 Convert to in-memory format from version 2.
518 ************************************************************************/
519
520 static struct pai_val *create_pai_val_v2(const char *buf, size_t size)
521 {
522 const char *entry_offset;
523 struct pai_val *paiv = NULL;
524
525 if (!check_pai_ok_v2(buf, size)) {
526 return NULL;
527 }
528
529 paiv = SMB_MALLOC_P(struct pai_val);
530 if (!paiv) {
531 return NULL;
532 }
533
534 memset(paiv, '\0', sizeof(struct pai_val));
535
536 paiv->sd_type = SVAL(buf,PAI_V2_TYPE_OFFSET);
537
538 paiv->num_entries = SVAL(buf,PAI_V2_NUM_ENTRIES_OFFSET);
539 paiv->num_def_entries = SVAL(buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
540
541 entry_offset = buf + PAI_V2_ENTRIES_BASE;
542
543 DEBUG(10,("create_pai_val_v2: num_entries = %u, num_def_entries = %u\n",
544 paiv->num_entries, paiv->num_def_entries ));
545
546 entry_offset = create_pai_v2_entries(paiv, entry_offset, false);
547 if (entry_offset == NULL) {
548 free_inherited_info(paiv);
549 return NULL;
550 }
551 entry_offset = create_pai_v2_entries(paiv, entry_offset, true);
552 if (entry_offset == NULL) {
553 free_inherited_info(paiv);
554 return NULL;
555 }
556
557 return paiv;
558 }
559
560 /************************************************************************
561 Convert to in-memory format - from either version 1 or 2.
562 ************************************************************************/
563
564 static struct pai_val *create_pai_val(const char *buf, size_t size)
565 {
566 if (size < 1) {
567 return NULL;
568 }
569 if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V1_VERSION) {
570 return create_pai_val_v1(buf, size);
571 } else if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V2_VERSION) {
572 return create_pai_val_v2(buf, size);
573 } else {
574 return NULL;
575 }
576 }
577
578 /************************************************************************
579 Load the user.SAMBA_PAI attribute.
580 ************************************************************************/
581
582 static struct pai_val *fload_inherited_info(files_struct *fsp)
583 {
584 char *pai_buf;
585 size_t pai_buf_size = 1024;
586 struct pai_val *paiv = NULL;
587 ssize_t ret;
588
589 if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
590 return NULL;
591 }
592
593 if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) {
594 return NULL;
595 }
596
597 do {
598 if (fsp->fh->fd != -1) {
599 ret = SMB_VFS_FGETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
600 pai_buf, pai_buf_size);
601 } else {
602 ret = SMB_VFS_GETXATTR(fsp->conn,fsp->fsp_name,SAMBA_POSIX_INHERITANCE_EA_NAME,
603 pai_buf, pai_buf_size);
604 }
605
606 if (ret == -1) {
607 if (errno != ERANGE) {
608 break;
609 }
610 /* Buffer too small - enlarge it. */
611 pai_buf_size *= 2;
612 SAFE_FREE(pai_buf);
613 if (pai_buf_size > 1024*1024) {
614 return NULL; /* Limit malloc to 1mb. */
615 }
616 if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL)
617 return NULL;
618 }
619 } while (ret == -1);
620
621 DEBUG(10,("load_inherited_info: ret = %lu for file %s\n", (unsigned long)ret, fsp->fsp_name));
622
623 if (ret == -1) {
624 /* No attribute or not supported. */
625 #if defined(ENOATTR)
626 if (errno != ENOATTR)
627 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
628 #else
629 if (errno != ENOSYS)
630 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
631 #endif
632 SAFE_FREE(pai_buf);
633 return NULL;
634 }
635
636 paiv = create_pai_val(pai_buf, ret);
637
638 if (paiv) {
639 DEBUG(10,("load_inherited_info: ACL type is 0x%x for file %s\n",
640 (unsigned int)paiv->sd_type,
641 fsp->fsp_name));
642 }
643
644 SAFE_FREE(pai_buf);
645 return paiv;
646 }
647
648 /************************************************************************
649 Load the user.SAMBA_PAI attribute.
650 ************************************************************************/
651
652 static struct pai_val *load_inherited_info(const struct connection_struct *conn,
653 const char *fname)
654 {
655 char *pai_buf;
656 size_t pai_buf_size = 1024;
657 struct pai_val *paiv = NULL;
658 ssize_t ret;
659
660 if (!lp_map_acl_inherit(SNUM(conn))) {
661 return NULL;
662 }
663
664 if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) {
665 return NULL;
666 }
667
668 do {
669 ret = SMB_VFS_GETXATTR(conn, fname,
670 SAMBA_POSIX_INHERITANCE_EA_NAME,
671 pai_buf, pai_buf_size);
672
673 if (ret == -1) {
674 if (errno != ERANGE) {
675 break;
676 }
677 /* Buffer too small - enlarge it. */
678 pai_buf_size *= 2;
679 SAFE_FREE(pai_buf);
680 if (pai_buf_size > 1024*1024) {
681 return NULL; /* Limit malloc to 1mb. */
682 }
683 if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL)
684 return NULL;
685 }
686 } while (ret == -1);
687
688 DEBUG(10,("load_inherited_info: ret = %lu for file %s\n", (unsigned long)ret, fname));
689
690 if (ret == -1) {
691 /* No attribute or not supported. */
692 #if defined(ENOATTR)
693 if (errno != ENOATTR)
694 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
695 #else
696 if (errno != ENOSYS)
697 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
698 #endif
699 SAFE_FREE(pai_buf);
700 return NULL;
701 }
702
703 paiv = create_pai_val(pai_buf, ret);
704
705 if (paiv) {
706 DEBUG(10,("load_inherited_info: ACL type 0x%x for file %s\n",
707 (unsigned int)paiv->sd_type,
708 fname));
709 }
710
711 SAFE_FREE(pai_buf);
712 return paiv;
713 }
714
715 /****************************************************************************
716 Functions to manipulate the internal ACE format.
717 ****************************************************************************/
718
719 /****************************************************************************
720 Count a linked list of canonical ACE entries.
721 ****************************************************************************/
722
723 static size_t count_canon_ace_list( canon_ace *l_head )
724 {
725 size_t count = 0;
726 canon_ace *ace;
727
728 for (ace = l_head; ace; ace = ace->next)
729 count++;
730
731 return count;
732 }
733
734 /****************************************************************************
735 Free a linked list of canonical ACE entries.
736 ****************************************************************************/
737
738 static void free_canon_ace_list( canon_ace *l_head )
739 {
740 canon_ace *list, *next;
741
742 for (list = l_head; list; list = next) {
743 next = list->next;
744 DLIST_REMOVE(l_head, list);
745 SAFE_FREE(list);
746 }
747 }
748
749 /****************************************************************************
750 Function to duplicate a canon_ace entry.
751 ****************************************************************************/
752
753 static canon_ace *dup_canon_ace( canon_ace *src_ace)
754 {
755 canon_ace *dst_ace = SMB_MALLOC_P(canon_ace);
756
757 if (dst_ace == NULL)
758 return NULL;
759
760 *dst_ace = *src_ace;
761 dst_ace->prev = dst_ace->next = NULL;
762 return dst_ace;
763 }
764
765 /****************************************************************************
766 Print out a canon ace.
767 ****************************************************************************/
768
769 static void print_canon_ace(canon_ace *pace, int num)
770 {
771 dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
772 dbgtext( "SID = %s ", sid_string_dbg(&pace->trustee));
773 if (pace->owner_type == UID_ACE) {
774 const char *u_name = uidtoname(pace->unix_ug.uid);
775 dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, u_name );
776 } else if (pace->owner_type == GID_ACE) {
777 char *g_name = gidtoname(pace->unix_ug.gid);
778 dbgtext( "gid %u (%s) ", (unsigned int)pace->unix_ug.gid, g_name );
779 } else
780 dbgtext( "other ");
781 switch (pace->type) {
782 case SMB_ACL_USER:
783 dbgtext( "SMB_ACL_USER ");
784 break;
785 case SMB_ACL_USER_OBJ:
786 dbgtext( "SMB_ACL_USER_OBJ ");
787 break;
788 case SMB_ACL_GROUP:
789 dbgtext( "SMB_ACL_GROUP ");
790 break;
791 case SMB_ACL_GROUP_OBJ:
792 dbgtext( "SMB_ACL_GROUP_OBJ ");
793 break;
794 case SMB_ACL_OTHER:
795 dbgtext( "SMB_ACL_OTHER ");
796 break;
797 default:
798 dbgtext( "MASK " );
799 break;
800 }
801
802 dbgtext( "ace_flags = 0x%x ", (unsigned int)pace->ace_flags);
803 dbgtext( "perms ");
804 dbgtext( "%c", pace->perms & S_IRUSR ? 'r' : '-');
805 dbgtext( "%c", pace->perms & S_IWUSR ? 'w' : '-');
806 dbgtext( "%c\n", pace->perms & S_IXUSR ? 'x' : '-');
807 }
808
809 /****************************************************************************
810 Print out a canon ace list.
811 ****************************************************************************/
812
813 static void print_canon_ace_list(const char *name, canon_ace *ace_list)
814 {
815 int count = 0;
816
817 if( DEBUGLVL( 10 )) {
818 dbgtext( "print_canon_ace_list: %s\n", name );
819 for (;ace_list; ace_list = ace_list->next, count++)
820 print_canon_ace(ace_list, count );
821 }
822 }
823
824 /****************************************************************************
825 Map POSIX ACL perms to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
826 ****************************************************************************/
827
828 static mode_t convert_permset_to_mode_t(connection_struct *conn, SMB_ACL_PERMSET_T permset)
829 {
830 mode_t ret = 0;
831
832 ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ) ? S_IRUSR : 0);
833 ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
834 ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
835
836 return ret;
837 }
838
839 /****************************************************************************
840 Map generic UNIX permissions to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
841 ****************************************************************************/
842
843 static mode_t unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask)
844 {
845 mode_t ret = 0;
846
847 if (mode & r_mask)
848 ret |= S_IRUSR;
849 if (mode & w_mask)
850 ret |= S_IWUSR;
851 if (mode & x_mask)
852 ret |= S_IXUSR;
853
854 return ret;
855 }
856
857 /****************************************************************************
858 Map canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits) to
859 an SMB_ACL_PERMSET_T.
860 ****************************************************************************/
861
862 static int map_acl_perms_to_permset(connection_struct *conn, mode_t mode, SMB_ACL_PERMSET_T *p_permset)
863 {
864 if (SMB_VFS_SYS_ACL_CLEAR_PERMS(conn, *p_permset) == -1)
865 return -1;
866 if (mode & S_IRUSR) {
867 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_READ) == -1)
868 return -1;
869 }
870 if (mode & S_IWUSR) {
871 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_WRITE) == -1)
872 return -1;
873 }
874 if (mode & S_IXUSR) {
875 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_EXECUTE) == -1)
876 return -1;
877 }
878 return 0;
879 }
880
881 /****************************************************************************
882 Function to create owner and group SIDs from a SMB_STRUCT_STAT.
883 ****************************************************************************/
884
885 void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid)
886 {
887 uid_to_sid( powner_sid, psbuf->st_uid );
888 gid_to_sid( pgroup_sid, psbuf->st_gid );
889 }
890
891 /****************************************************************************
892 Is the identity in two ACEs equal ? Check both SID and uid/gid.
893 ****************************************************************************/
894
895 static bool identity_in_ace_equal(canon_ace *ace1, canon_ace *ace2)
896 {
897 if (sid_equal(&ace1->trustee, &ace2->trustee)) {
898 return True;
899 }
900 if (ace1->owner_type == ace2->owner_type) {
901 if (ace1->owner_type == UID_ACE &&
902 ace1->unix_ug.uid == ace2->unix_ug.uid) {
903 return True;
904 } else if (ace1->owner_type == GID_ACE &&
905 ace1->unix_ug.gid == ace2->unix_ug.gid) {
906 return True;
907 }
908 }
909 return False;
910 }
911
912 /****************************************************************************
913 Merge aces with a common sid - if both are allow or deny, OR the permissions together and
914 delete the second one. If the first is deny, mask the permissions off and delete the allow
915 if the permissions become zero, delete the deny if the permissions are non zero.
916 ****************************************************************************/
917
918 static void merge_aces( canon_ace **pp_list_head )
919 {
920 canon_ace *l_head = *pp_list_head;
921 canon_ace *curr_ace_outer;
922 canon_ace *curr_ace_outer_next;
923
924 /*
925 * First, merge allow entries with identical SIDs, and deny entries
926 * with identical SIDs.
927 */
928
929 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
930 canon_ace *curr_ace;
931 canon_ace *curr_ace_next;
932
933 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
934
935 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
936
937 curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
938
939 if (identity_in_ace_equal(curr_ace, curr_ace_outer) &&
940 (curr_ace->attr == curr_ace_outer->attr)) {
941
942 if( DEBUGLVL( 10 )) {
943 dbgtext("merge_aces: Merging ACE's\n");
944 print_canon_ace( curr_ace_outer, 0);
945 print_canon_ace( curr_ace, 0);
946 }
947
948 /* Merge two allow or two deny ACE's. */
949
950 curr_ace_outer->perms |= curr_ace->perms;
951 DLIST_REMOVE(l_head, curr_ace);
952 SAFE_FREE(curr_ace);
953 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
954 }
955 }
956 }
957
958 /*
959 * Now go through and mask off allow permissions with deny permissions.
960 * We can delete either the allow or deny here as we know that each SID
961 * appears only once in the list.
962 */
963
964 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
965 canon_ace *curr_ace;
966 canon_ace *curr_ace_next;
967
968 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
969
970 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
971
972 curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
973
974 /*
975 * Subtract ACE's with different entries. Due to the ordering constraints
976 * we've put on the ACL, we know the deny must be the first one.
977 */
978
979 if (identity_in_ace_equal(curr_ace, curr_ace_outer) &&
980 (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
981
982 if( DEBUGLVL( 10 )) {
983 dbgtext("merge_aces: Masking ACE's\n");
984 print_canon_ace( curr_ace_outer, 0);
985 print_canon_ace( curr_ace, 0);
986 }
987
988 curr_ace->perms &= ~curr_ace_outer->perms;
989
990 if (curr_ace->perms == 0) {
991
992 /*
993 * The deny overrides the allow. Remove the allow.
994 */
995
996 DLIST_REMOVE(l_head, curr_ace);
997 SAFE_FREE(curr_ace);
998 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
999
1000 } else {
1001
1002 /*
1003 * Even after removing permissions, there
1004 * are still allow permissions - delete the deny.
1005 * It is safe to delete the deny here,
1006 * as we are guarenteed by the deny first
1007 * ordering that all the deny entries for
1008 * this SID have already been merged into one
1009 * before we can get to an allow ace.
1010 */
1011
1012 DLIST_REMOVE(l_head, curr_ace_outer);
1013 SAFE_FREE(curr_ace_outer);
1014 break;
1015 }
1016 }
1017
1018 } /* end for curr_ace */
1019 } /* end for curr_ace_outer */
1020
1021 /* We may have modified the list. */
1022
1023 *pp_list_head = l_head;
1024 }
1025
1026 /****************************************************************************
1027 Check if we need to return NT4.x compatible ACL entries.
1028 ****************************************************************************/
1029
1030 bool nt4_compatible_acls(void)
1031 {
1032 int compat = lp_acl_compatibility();
1033
1034 if (compat == ACL_COMPAT_AUTO) {
1035 enum remote_arch_types ra_type = get_remote_arch();
1036
1037 /* Automatically adapt to client */
1038 return (ra_type <= RA_WINNT);
1039 } else
1040 return (compat == ACL_COMPAT_WINNT);
1041 }
1042
1043
1044 /****************************************************************************
1045 Map canon_ace perms to permission bits NT.
1046 The attr element is not used here - we only process deny entries on set,
1047 not get. Deny entries are implicit on get with ace->perms = 0.
1048 ****************************************************************************/
1049
1050 static uint32_t map_canon_ace_perms(int snum,
1051 enum security_ace_type *pacl_type,
1052 mode_t perms,
1053 bool directory_ace)
1054 {
1055 uint32_t nt_mask = 0;
1056
1057 *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
1058
1059 if (lp_acl_map_full_control(snum) && ((perms & ALL_ACE_PERMS) == ALL_ACE_PERMS)) {
1060 if (directory_ace) {
1061 nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
1062 } else {
1063 nt_mask = (UNIX_ACCESS_RWX & ~DELETE_ACCESS);
1064 }
1065 } else if ((perms & ALL_ACE_PERMS) == (mode_t)0) {
1066 /*
1067 * Windows NT refuses to display ACEs with no permissions in them (but
1068 * they are perfectly legal with Windows 2000). If the ACE has empty
1069 * permissions we cannot use 0, so we use the otherwise unused
1070 * WRITE_OWNER permission, which we ignore when we set an ACL.
1071 * We abstract this into a #define of UNIX_ACCESS_NONE to allow this
1072 * to be changed in the future.
1073 */
1074
1075 if (nt4_compatible_acls())
1076 nt_mask = UNIX_ACCESS_NONE;
1077 else
1078 nt_mask = 0;
1079 } else {
1080 if (directory_ace) {
1081 nt_mask |= ((perms & S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 );
1082 nt_mask |= ((perms & S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 );
1083 nt_mask |= ((perms & S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 );
1084 } else {
1085 nt_mask |= ((perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
1086 nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
1087 nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
1088 }
1089 }
1090
1091 DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
1092 (unsigned int)perms, (unsigned int)nt_mask ));
1093
1094 return nt_mask;
1095 }
1096
1097 /****************************************************************************
1098 Map NT perms to a UNIX mode_t.
1099 ****************************************************************************/
1100
1101 #define FILE_SPECIFIC_READ_BITS (FILE_READ_DATA|FILE_READ_EA|FILE_READ_ATTRIBUTES)
1102 #define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES)
1103 #define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
1104
1105 static mode_t map_nt_perms( uint32 *mask, int type)
1106 {
1107 mode_t mode = 0;
1108
1109 switch(type) {
1110 case S_IRUSR:
1111 if((*mask) & GENERIC_ALL_ACCESS)
1112 mode = S_IRUSR|S_IWUSR|S_IXUSR;
1113 else {
1114 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
1115 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
1116 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
1117 }
1118 break;
1119 case S_IRGRP:
1120 if((*mask) & GENERIC_ALL_ACCESS)
1121 mode = S_IRGRP|S_IWGRP|S_IXGRP;
1122 else {
1123 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
1124 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
1125 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
1126 }
1127 break;
1128 case S_IROTH:
1129 if((*mask) & GENERIC_ALL_ACCESS)
1130 mode = S_IROTH|S_IWOTH|S_IXOTH;
1131 else {
1132 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
1133 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
1134 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
1135 }
1136 break;
1137 }
1138
1139 return mode;
1140 }
1141
1142 /****************************************************************************
1143 Unpack a SEC_DESC into a UNIX owner and group.
1144 ****************************************************************************/
1145
1146 NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd)
1147 {
1148 DOM_SID owner_sid;
1149 DOM_SID grp_sid;
1150
1151 *puser = (uid_t)-1;
1152 *pgrp = (gid_t)-1;
1153
1154 if(security_info_sent == 0) {
1155 DEBUG(0,("unpack_nt_owners: no security info sent !\n"));
1156 return NT_STATUS_OK;
1157 }
1158
1159 /*
1160 * Validate the owner and group SID's.
1161 */
1162
1163 memset(&owner_sid, '\0', sizeof(owner_sid));
1164 memset(&grp_sid, '\0', sizeof(grp_sid));
1165
1166 DEBUG(5,("unpack_nt_owners: validating owner_sids.\n"));
1167
1168 /*
1169 * Don't immediately fail if the owner sid cannot be validated.
1170 * This may be a group chown only set.
1171 */
1172
1173 if (security_info_sent & OWNER_SECURITY_INFORMATION) {
1174 sid_copy(&owner_sid, psd->owner_sid);
1175 if (!sid_to_uid(&owner_sid, puser)) {
1176 if (lp_force_unknown_acl_user(snum)) {
1177 /* this allows take ownership to work
1178 * reasonably */
1179 *puser = current_user.ut.uid;
1180 } else {
1181 DEBUG(3,("unpack_nt_owners: unable to validate"
1182 " owner sid for %s\n",
1183 sid_string_dbg(&owner_sid)));
1184 return NT_STATUS_INVALID_OWNER;
1185 }
1186 }
1187 DEBUG(3,("unpack_nt_owners: owner sid mapped to uid %u\n",
1188 (unsigned int)*puser ));
1189 }
1190
1191 /*
1192 * Don't immediately fail if the group sid cannot be validated.
1193 * This may be an owner chown only set.
1194 */
1195
1196 if (security_info_sent & GROUP_SECURITY_INFORMATION) {
1197 sid_copy(&grp_sid, psd->group_sid);
1198 if (!sid_to_gid( &grp_sid, pgrp)) {
1199 if (lp_force_unknown_acl_user(snum)) {
1200 /* this allows take group ownership to work
1201 * reasonably */
1202 *pgrp = current_user.ut.gid;
1203 } else {
1204 DEBUG(3,("unpack_nt_owners: unable to validate"
1205 " group sid.\n"));
1206 return NT_STATUS_INVALID_OWNER;
1207 }
1208 }
1209 DEBUG(3,("unpack_nt_owners: group sid mapped to gid %u\n",
1210 (unsigned int)*pgrp));
1211 }
1212
1213 DEBUG(5,("unpack_nt_owners: owner_sids validated.\n"));
1214
1215 return NT_STATUS_OK;
1216 }
1217
1218 /****************************************************************************
1219 Ensure the enforced permissions for this share apply.
1220 ****************************************************************************/
1221
1222 static void apply_default_perms(const struct share_params *params,
1223 const bool is_directory, canon_ace *pace,
1224 mode_t type)
1225 {
1226 mode_t and_bits = (mode_t)0;
1227 mode_t or_bits = (mode_t)0;
1228
1229 /* Get the initial bits to apply. */
1230
1231 if (is_directory) {
1232 and_bits = lp_dir_security_mask(params->service);
1233 or_bits = lp_force_dir_security_mode(params->service);
1234 } else {
1235 and_bits = lp_security_mask(params->service);
1236 or_bits = lp_force_security_mode(params->service);
1237 }
1238
1239 /* Now bounce them into the S_USR space. */
1240 switch(type) {
1241 case S_IRUSR:
1242 /* Ensure owner has read access. */
1243 pace->perms |= S_IRUSR;
1244 if (is_directory)
1245 pace->perms |= (S_IWUSR|S_IXUSR);
1246 and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1247 or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1248 break;
1249 case S_IRGRP:
1250 and_bits = unix_perms_to_acl_perms(and_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1251 or_bits = unix_perms_to_acl_perms(or_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1252 break;
1253 case S_IROTH:
1254 and_bits = unix_perms_to_acl_perms(and_bits, S_IROTH, S_IWOTH, S_IXOTH);
1255 or_bits = unix_perms_to_acl_perms(or_bits, S_IROTH, S_IWOTH, S_IXOTH);
1256 break;
1257 }
1258
1259 pace->perms = ((pace->perms & and_bits)|or_bits);
1260 }
1261
1262 /****************************************************************************
1263 Check if a given uid/SID is in a group gid/SID. This is probably very
1264 expensive and will need optimisation. A *lot* of optimisation :-). JRA.
1265 ****************************************************************************/
1266
1267 static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
1268 {
1269 const char *u_name = NULL;
1270
1271 /* "Everyone" always matches every uid. */
1272
1273 if (sid_equal(&group_ace->trustee, &global_sid_World))
1274 return True;
1275
1276 /* Assume that the current user is in the current group (force group) */
1277
1278 if (uid_ace->unix_ug.uid == current_user.ut.uid && group_ace->unix_ug.gid == current_user.ut.gid)
1279 return True;
1280
1281 /* u_name talloc'ed off tos. */
1282 u_name = uidtoname(uid_ace->unix_ug.uid);
1283 if (!u_name) {
1284 return False;
1285 }
1286 return user_in_group_sid(u_name, &group_ace->trustee);
1287 }
1288
1289 /****************************************************************************
1290 A well formed POSIX file or default ACL has at least 3 entries, a
1291 SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ.
1292 In addition, the owner must always have at least read access.
1293 When using this call on get_acl, the pst struct is valid and contains
1294 the mode of the file. When using this call on set_acl, the pst struct has
1295 been modified to have a mode containing the default for this file or directory
1296 type.
1297 ****************************************************************************/
1298
1299 static bool ensure_canon_entry_valid(canon_ace **pp_ace,
1300 const struct share_params *params,
1301 const bool is_directory,
1302 const DOM_SID *pfile_owner_sid,
1303 const DOM_SID *pfile_grp_sid,
1304 const SMB_STRUCT_STAT *pst,
1305 bool setting_acl)
1306 {
1307 canon_ace *pace;
1308 bool got_user = False;
1309 bool got_grp = False;
1310 bool got_other = False;
1311 canon_ace *pace_other = NULL;
1312
1313 for (pace = *pp_ace; pace; pace = pace->next) {
1314 if (pace->type == SMB_ACL_USER_OBJ) {
1315
1316 if (setting_acl)
1317 apply_default_perms(params, is_directory, pace, S_IRUSR);
1318 got_user = True;
1319
1320 } else if (pace->type == SMB_ACL_GROUP_OBJ) {
1321
1322 /*
1323 * Ensure create mask/force create mode is respected on set.
1324 */
1325
1326 if (setting_acl)
1327 apply_default_perms(params, is_directory, pace, S_IRGRP);
1328 got_grp = True;
1329
1330 } else if (pace->type == SMB_ACL_OTHER) {
1331
1332 /*
1333 * Ensure create mask/force create mode is respected on set.
1334 */
1335
1336 if (setting_acl)
1337 apply_default_perms(params, is_directory, pace, S_IROTH);
1338 got_other = True;
1339 pace_other = pace;
1340 }
1341 }
1342
1343 if (!got_user) {
1344 if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1345 DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1346 return False;
1347 }
1348
1349 ZERO_STRUCTP(pace);
1350 pace->type = SMB_ACL_USER_OBJ;
1351 pace->owner_type = UID_ACE;
1352 pace->unix_ug.uid = pst->st_uid;
1353 pace->trustee = *pfile_owner_sid;
1354 pace->attr = ALLOW_ACE;
1355
1356 if (setting_acl) {
1357 /* See if the owning user is in any of the other groups in
1358 the ACE. If so, OR in the permissions from that group. */
1359
1360 bool group_matched = False;
1361 canon_ace *pace_iter;
1362
1363 for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) {
1364 if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) {
1365 if (uid_entry_in_group(pace, pace_iter)) {
1366 pace->perms |= pace_iter->perms;
1367 group_matched = True;
1368 }
1369 }
1370 }
1371
1372 /* If we only got an "everyone" perm, just use that. */
1373 if (!group_matched) {
1374 if (got_other)
1375 pace->perms = pace_other->perms;
1376 else
1377 pace->perms = 0;
1378 }
1379
1380 apply_default_perms(params, is_directory, pace, S_IRUSR);
1381 } else {
1382 pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
1383 }
1384
1385 DLIST_ADD(*pp_ace, pace);
1386 }
1387
1388 if (!got_grp) {
1389 if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1390 DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1391 return False;
1392 }
1393
1394 ZERO_STRUCTP(pace);
1395 pace->type = SMB_ACL_GROUP_OBJ;
1396 pace->owner_type = GID_ACE;
1397 pace->unix_ug.uid = pst->st_gid;
1398 pace->trustee = *pfile_grp_sid;
1399 pace->attr = ALLOW_ACE;
1400 if (setting_acl) {
1401 /* If we only got an "everyone" perm, just use that. */
1402 if (got_other)
1403 pace->perms = pace_other->perms;
1404 else
1405 pace->perms = 0;
1406 apply_default_perms(params, is_directory, pace, S_IRGRP);
1407 } else {
1408 pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
1409 }
1410
1411 DLIST_ADD(*pp_ace, pace);
1412 }
1413
1414 if (!got_other) {
1415 if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1416 DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1417 return False;
1418 }
1419
1420 ZERO_STRUCTP(pace);
1421 pace->type = SMB_ACL_OTHER;
1422 pace->owner_type = WORLD_ACE;
1423 pace->unix_ug.world = -1;
1424 pace->trustee = global_sid_World;
1425 pace->attr = ALLOW_ACE;
1426 if (setting_acl) {
1427 pace->perms = 0;
1428 apply_default_perms(params, is_directory, pace, S_IROTH);
1429 } else
1430 pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH);
1431
1432 DLIST_ADD(*pp_ace, pace);
1433 }
1434
1435 return True;
1436 }
1437
1438 /****************************************************************************
1439 Check if a POSIX ACL has the required SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries.
1440 If it does not have them, check if there are any entries where the trustee is the
1441 file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ.
1442 ****************************************************************************/
1443
1444 static void check_owning_objs(canon_ace *ace, DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid)
1445 {
1446 bool got_user_obj, got_group_obj;
1447 canon_ace *current_ace;
1448 int i, entries;
1449
1450 entries = count_canon_ace_list(ace);
1451 got_user_obj = False;
1452 got_group_obj = False;
1453
1454 for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1455 if (current_ace->type == SMB_ACL_USER_OBJ)
1456 got_user_obj = True;
1457 else if (current_ace->type == SMB_ACL_GROUP_OBJ)
1458 got_group_obj = True;
1459 }
1460 if (got_user_obj && got_group_obj) {
1461 DEBUG(10,("check_owning_objs: ACL had owning user/group entries.\n"));
1462 return;
1463 }
1464
1465 for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1466 if (!got_user_obj && current_ace->owner_type == UID_ACE &&
1467 sid_equal(&current_ace->trustee, pfile_owner_sid)) {
1468 current_ace->type = SMB_ACL_USER_OBJ;
1469 got_user_obj = True;
1470 }
1471 if (!got_group_obj && current_ace->owner_type == GID_ACE &&
1472 sid_equal(&current_ace->trustee, pfile_grp_sid)) {
1473 current_ace->type = SMB_ACL_GROUP_OBJ;
1474 got_group_obj = True;
1475 }
1476 }
1477 if (!got_user_obj)
1478 DEBUG(10,("check_owning_objs: ACL is missing an owner entry.\n"));
1479 if (!got_group_obj)
1480 DEBUG(10,("check_owning_objs: ACL is missing an owning group entry.\n"));
1481 }
1482
1483 /****************************************************************************
1484 Unpack a SEC_DESC into two canonical ace lists.
1485 ****************************************************************************/
1486
1487 static bool create_canon_ace_lists(files_struct *fsp,
1488 SMB_STRUCT_STAT *pst,
1489 DOM_SID *pfile_owner_sid,
1490 DOM_SID *pfile_grp_sid,
1491 canon_ace **ppfile_ace,
1492 canon_ace **ppdir_ace,
1493 const SEC_ACL *dacl)
1494 {
1495 bool all_aces_are_inherit_only = (fsp->is_directory ? True : False);
1496 canon_ace *file_ace = NULL;
1497 canon_ace *dir_ace = NULL;
1498 canon_ace *current_ace = NULL;
1499 bool got_dir_allow = False;
1500 bool got_file_allow = False;
1501 int i, j;
1502
1503 *ppfile_ace = NULL;
1504 *ppdir_ace = NULL;
1505
1506 /*
1507 * Convert the incoming ACL into a more regular form.
1508 */
1509
1510 for(i = 0; i < dacl->num_aces; i++) {
1511 SEC_ACE *psa = &dacl->aces[i];
1512
1513 if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
1514 DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
1515 return False;
1516 }
1517
1518 if (nt4_compatible_acls()) {
1519 /*
1520 * The security mask may be UNIX_ACCESS_NONE which should map into
1521 * no permissions (we overload the WRITE_OWNER bit for this) or it
1522 * should be one of the ALL/EXECUTE/READ/WRITE bits. Arrange for this
1523 * to be so. Any other bits override the UNIX_ACCESS_NONE bit.
1524 */
1525
1526 /*
1527 * Convert GENERIC bits to specific bits.
1528 */
1529
1530 se_map_generic(&psa->access_mask, &file_generic_mapping);
1531
1532 psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
1533
1534 if(psa->access_mask != UNIX_ACCESS_NONE)
1535 psa->access_mask &= ~UNIX_ACCESS_NONE;
1536 }
1537 }
1538
1539 /*
1540 * Deal with the fact that NT 4.x re-writes the canonical format
1541 * that we return for default ACLs. If a directory ACE is identical
1542 * to a inherited directory ACE then NT changes the bits so that the
1543 * first ACE is set to OI|IO and the second ACE for this SID is set
1544 * to CI. We need to repair this. JRA.
1545 */
1546
1547 for(i = 0; i < dacl->num_aces; i++) {
1548 SEC_ACE *psa1 = &dacl->aces[i];
1549
1550 for (j = i + 1; j < dacl->num_aces; j++) {
1551 SEC_ACE *psa2 = &dacl->aces[j];
1552
1553 if (psa1->access_mask != psa2->access_mask)
1554 continue;
1555
1556 if (!sid_equal(&psa1->trustee, &psa2->trustee))
1557 continue;
1558
1559 /*
1560 * Ok - permission bits and SIDs are equal.
1561 * Check if flags were re-written.
1562 */
1563
1564 if (psa1->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1565
1566 psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1567 psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1568
1569 } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1570
1571 psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1572 psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1573
1574 }
1575 }
1576 }
1577
1578 for(i = 0; i < dacl->num_aces; i++) {
1579 SEC_ACE *psa = &dacl->aces[i];
1580
1581 /*
1582 * Create a cannon_ace entry representing this NT DACL ACE.
1583 */
1584
1585 if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) {
1586 free_canon_ace_list(file_ace);
1587 free_canon_ace_list(dir_ace);
1588 DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
1589 return False;
1590 }
1591
1592 ZERO_STRUCTP(current_ace);
1593
1594 sid_copy(&current_ace->trustee, &psa->trustee);
1595
1596 /*
1597 * Try and work out if the SID is a user or group
1598 * as we need to flag these differently for POSIX.
1599 * Note what kind of a POSIX ACL this should map to.
1600 */
1601
1602 if( sid_equal(&current_ace->trustee, &global_sid_World)) {
1603 current_ace->owner_type = WORLD_ACE;
1604 current_ace->unix_ug.world = -1;
1605 current_ace->type = SMB_ACL_OTHER;
1606 } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Owner)) {
1607 current_ace->owner_type = UID_ACE;
1608 current_ace->unix_ug.uid = pst->st_uid;
1609 current_ace->type = SMB_ACL_USER_OBJ;
1610
1611 /*
1612 * The Creator Owner entry only specifies inheritable permissions,
1613 * never access permissions. WinNT doesn't always set the ACE to
1614 *INHERIT_ONLY, though.
1615 */
1616
1617 if (nt4_compatible_acls())
1618 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
1619 } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Group)) {
1620 current_ace->owner_type = GID_ACE;
1621 current_ace->unix_ug.gid = pst->st_gid;
1622 current_ace->type = SMB_ACL_GROUP_OBJ;
1623
1624 /*
1625 * The Creator Group entry only specifies inheritable permissions,
1626 * never access permissions. WinNT doesn't always set the ACE to
1627 *INHERIT_ONLY, though.
1628 */
1629 if (nt4_compatible_acls())
1630 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
1631
1632 } else if (sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid)) {
1633 current_ace->owner_type = UID_ACE;
1634 /* If it's the owning user, this is a user_obj, not
1635 * a user. */
1636 if (current_ace->unix_ug.uid == pst->st_uid) {
1637 current_ace->type = SMB_ACL_USER_OBJ;
1638 } else {
1639 current_ace->type = SMB_ACL_USER;
1640 }
1641 } else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid)) {
1642 current_ace->owner_type = GID_ACE;
1643 /* If it's the primary group, this is a group_obj, not
1644 * a group. */
1645 if (current_ace->unix_ug.gid == pst->st_gid) {
1646 current_ace->type = SMB_ACL_GROUP_OBJ;
1647 } else {
1648 current_ace->type = SMB_ACL_GROUP;
1649 }
1650 } else {
1651 /*
1652 * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
1653 */
1654
1655 if (non_mappable_sid(&psa->trustee)) {
1656 DEBUG(10, ("create_canon_ace_lists: ignoring "
1657 "non-mappable SID %s\n",
1658 sid_string_dbg(&psa->trustee)));
1659 SAFE_FREE(current_ace);
1660 continue;
1661 }
1662
1663 free_canon_ace_list(file_ace);
1664 free_canon_ace_list(dir_ace);
1665 DEBUG(0, ("create_canon_ace_lists: unable to map SID "
1666 "%s to uid or gid.\n",
1667 sid_string_dbg(&current_ace->trustee)));
1668 SAFE_FREE(current_ace);
1669 return False;
1670 }
1671
1672 /*
1673 * Map the given NT permissions into a UNIX mode_t containing only
1674 * S_I(R|W|X)USR bits.
1675 */
1676
1677 current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR);
1678 current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
1679
1680 /* Store the ace_flag. */
1681 current_ace->ace_flags = psa->flags;
1682
1683 /*
1684 * Now add the created ace to either the file list, the directory
1685 * list, or both. We *MUST* preserve the order here (hence we use
1686 * DLIST_ADD_END) as NT ACLs are order dependent.
1687 */
1688
1689 if (fsp->is_directory) {
1690
1691 /*
1692 * We can only add to the default POSIX ACE list if the ACE is
1693 * designed to be inherited by both files and directories.
1694 */
1695
1696 if ((psa->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) ==
1697 (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) {
1698
1699 DLIST_ADD_END(dir_ace, current_ace, canon_ace *);
1700
1701 /*
1702 * Note if this was an allow ace. We can't process
1703 * any further deny ace's after this.
1704 */
1705
1706 if (current_ace->attr == ALLOW_ACE)
1707 got_dir_allow = True;
1708
1709 if ((current_ace->attr == DENY_ACE) && got_dir_allow) {
1710 DEBUG(0,("create_canon_ace_lists: malformed ACL in inheritable ACL ! \
1711 Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
1712 free_canon_ace_list(file_ace);
1713 free_canon_ace_list(dir_ace);
1714 return False;
1715 }
1716
1717 if( DEBUGLVL( 10 )) {
1718 dbgtext("create_canon_ace_lists: adding dir ACL:\n");
1719 print_canon_ace( current_ace, 0);
1720 }
1721
1722 /*
1723 * If this is not an inherit only ACE we need to add a duplicate
1724 * to the file acl.
1725 */
1726
1727 if (!(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1728 canon_ace *dup_ace = dup_canon_ace(current_ace);
1729
1730 if (!dup_ace) {
1731 DEBUG(0,("create_canon_ace_lists: malloc fail !\n"));
1732 free_canon_ace_list(file_ace);
1733 free_canon_ace_list(dir_ace);
1734 return False;
1735 }
1736
1737 /*
1738 * We must not free current_ace here as its
1739 * pointer is now owned by the dir_ace list.
1740 */
1741 current_ace = dup_ace;
1742 } else {
1743 /*
1744 * We must not free current_ace here as its
1745 * pointer is now owned by the dir_ace list.
1746 */
1747 current_ace = NULL;
1748 }
1749 }
1750 }
1751
1752 /*
1753 * Only add to the file ACL if not inherit only.
1754 */
1755
1756 if (current_ace && !(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1757 DLIST_ADD_END(file_ace, current_ace, canon_ace *);
1758
1759 /*
1760 * Note if this was an allow ace. We can't process
1761 * any further deny ace's after this.
1762 */
1763
1764 if (current_ace->attr == ALLOW_ACE)
1765 got_file_allow = True;
1766
1767 if ((current_ace->attr == DENY_ACE) && got_file_allow) {
1768 DEBUG(0,("create_canon_ace_lists: malformed ACL in file ACL ! \
1769 Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
1770 free_canon_ace_list(file_ace);
1771 free_canon_ace_list(dir_ace);
1772 return False;
1773 }
1774
1775 if( DEBUGLVL( 10 )) {
1776 dbgtext("create_canon_ace_lists: adding file ACL:\n");
1777 print_canon_ace( current_ace, 0);
1778 }
1779 all_aces_are_inherit_only = False;
1780 /*
1781 * We must not free current_ace here as its
1782 * pointer is now owned by the file_ace list.
1783 */
1784 current_ace = NULL;
1785 }
1786
1787 /*
1788 * Free if ACE was not added.
1789 */
1790
1791 SAFE_FREE(current_ace);
1792 }
1793
1794 if (fsp->is_directory && all_aces_are_inherit_only) {
1795 /*
1796 * Windows 2000 is doing one of these weird 'inherit acl'
1797 * traverses to conserve NTFS ACL resources. Just pretend
1798 * there was no DACL sent. JRA.
1799 */
1800
1801 DEBUG(10,("create_canon_ace_lists: Win2k inherit acl traverse. Ignoring DACL.\n"));
1802 free_canon_ace_list(file_ace);
1803 free_canon_ace_list(dir_ace);
1804 file_ace = NULL;
1805 dir_ace = NULL;
1806 } else {
1807 /*
1808 * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in each
1809 * ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP
1810 * entries can be converted to *_OBJ. Usually we will already have these
1811 * entries in the Default ACL, and the Access ACL will not have them.
1812 */
1813 if (file_ace) {
1814 check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid);
1815 }
1816 if (dir_ace) {
1817 check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid);
1818 }
1819 }
1820
1821 *ppfile_ace = file_ace;
1822 *ppdir_ace = dir_ace;
1823
1824 return True;
1825 }
1826
1827 /****************************************************************************
1828 ASCII art time again... JRA :-).
1829
1830 We have 4 cases to process when moving from an NT ACL to a POSIX ACL. Firstly,
1831 we insist the ACL is in canonical form (ie. all DENY entries preceede ALLOW
1832 entries). Secondly, the merge code has ensured that all duplicate SID entries for
1833 allow or deny have been merged, so the same SID can only appear once in the deny
1834 list or once in the allow list.
1835
1836 We then process as follows :
1837
1838 ---------------------------------------------------------------------------
1839 First pass - look for a Everyone DENY entry.
1840
1841 If it is deny all (rwx) trunate the list at this point.
1842 Else, walk the list from this point and use the deny permissions of this
1843 entry as a mask on all following allow entries. Finally, delete
1844 the Everyone DENY entry (we have applied it to everything possible).
1845
1846 In addition, in this pass we remove any DENY entries that have
1847 no permissions (ie. they are a DENY nothing).
1848 ---------------------------------------------------------------------------
1849 Second pass - only deal with deny user entries.
1850
1851 DENY user1 (perms XXX)
1852
1853 new_perms = 0
1854 for all following allow group entries where user1 is in group
1855 new_perms |= group_perms;
1856
1857 user1 entry perms = new_perms & ~ XXX;
1858
1859 Convert the deny entry to an allow entry with the new perms and
1860 push to the end of the list. Note if the user was in no groups
1861 this maps to a specific allow nothing entry for this user.
1862
1863 The common case from the NT ACL choser (userX deny all) is
1864 optimised so we don't do the group lookup - we just map to
1865 an allow nothing entry.
1866
1867 What we're doing here is inferring the allow permissions the
1868 person setting the ACE on user1 wanted by looking at the allow
1869 permissions on the groups the user is currently in. This will
1870 be a snapshot, depending on group membership but is the best
1871 we can do and has the advantage of failing closed rather than
1872 open.
1873 ---------------------------------------------------------------------------
1874 Third pass - only deal with deny group entries.
1875
1876 DENY group1 (perms XXX)
1877
1878 for all following allow user entries where user is in group1
1879 user entry perms = user entry perms & ~ XXX;
1880
1881 If there is a group Everyone allow entry with permissions YYY,
1882 convert the group1 entry to an allow entry and modify its
1883 permissions to be :
1884
1885 new_perms = YYY & ~ XXX
1886
1887 and push to the end of the list.
1888
1889 If there is no group Everyone allow entry then convert the
1890 group1 entry to a allow nothing entry and push to the end of the list.
1891
1892 Note that the common case from the NT ACL choser (groupX deny all)
1893 cannot be optimised here as we need to modify user entries who are
1894 in the group to change them to a deny all also.
1895
1896 What we're doing here is modifying the allow permissions of
1897 user entries (which are more specific in POSIX ACLs) to mask
1898 out the explicit deny set on the group they are in. This will
1899 be a snapshot depending on current group membership but is the
1900 best we can do and has the advantage of failing closed rather
1901 than open.
1902 ---------------------------------------------------------------------------
1903 Fourth pass - cope with cumulative permissions.
1904
1905 for all allow user entries, if there exists an allow group entry with
1906 more permissive permissions, and the user is in that group, rewrite the
1907 allow user permissions to contain both sets of permissions.
1908
1909 Currently the code for this is #ifdef'ed out as these semantics make
1910 no sense to me. JRA.
1911 ---------------------------------------------------------------------------
1912
1913 Note we *MUST* do the deny user pass first as this will convert deny user
1914 entries into allow user entries which can then be processed by the deny
1915 group pass.
1916
1917 The above algorithm took a *lot* of thinking about - hence this
1918 explaination :-). JRA.
1919 ****************************************************************************/
1920
1921 /****************************************************************************
1922 Process a canon_ace list entries. This is very complex code. We need
1923 to go through and remove the "deny" permissions from any allow entry that matches
1924 the id of this entry. We have already refused any NT ACL that wasn't in correct
1925 order (DENY followed by ALLOW). If any allow entry ends up with zero permissions,
1926 we just remove it (to fail safe). We have already removed any duplicate ace
1927 entries. Treat an "Everyone" DENY_ACE as a special case - use it to mask all
1928 allow entries.
1929 ****************************************************************************/
1930
1931 static void process_deny_list( canon_ace **pp_ace_list )
1932 {
1933 canon_ace *ace_list = *pp_ace_list;
1934 canon_ace *curr_ace = NULL;
1935 canon_ace *curr_ace_next = NULL;
1936
1937 /* Pass 1 above - look for an Everyone, deny entry. */
1938
1939 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
1940 canon_ace *allow_ace_p;
1941
1942 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
1943
1944 if (curr_ace->attr != DENY_ACE)
1945 continue;
1946
1947 if (curr_ace->perms == (mode_t)0) {
1948
1949 /* Deny nothing entry - delete. */
1950
1951 DLIST_REMOVE(ace_list, curr_ace);
1952 continue;
1953 }
1954
1955 if (!sid_equal(&curr_ace->trustee, &global_sid_World))
1956 continue;
1957
1958 /* JRATEST - assert. */
1959 SMB_ASSERT(curr_ace->owner_type == WORLD_ACE);
1960
1961 if (curr_ace->perms == ALL_ACE_PERMS) {
1962
1963 /*
1964 * Optimisation. This is a DENY_ALL to Everyone. Truncate the
1965 * list at this point including this entry.
1966 */
1967
1968 canon_ace *prev_entry = curr_ace->prev;
1969
1970 free_canon_ace_list( curr_ace );
1971 if (prev_entry)
1972 prev_entry->next = NULL;
1973 else {
1974 /* We deleted the entire list. */
1975 ace_list = NULL;
1976 }
1977 break;
1978 }
1979
1980 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
1981
1982 /*
1983 * Only mask off allow entries.
1984 */
1985
1986 if (allow_ace_p->attr != ALLOW_ACE)
1987 continue;
1988
1989 allow_ace_p->perms &= ~curr_ace->perms;
1990 }
1991
1992 /*
1993 * Now it's been applied, remove it.
1994 */
1995
1996 DLIST_REMOVE(ace_list, curr_ace);
1997 }
1998
1999 /* Pass 2 above - deal with deny user entries. */
2000
2001 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2002 mode_t new_perms = (mode_t)0;
2003 canon_ace *allow_ace_p;
2004
2005 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2006
2007 if (curr_ace->attr != DENY_ACE)
2008 continue;
2009
2010 if (curr_ace->owner_type != UID_ACE)
2011 continue;
2012
2013 if (curr_ace->perms == ALL_ACE_PERMS) {
2014
2015 /*
2016 * Optimisation - this is a deny everything to this user.
2017 * Convert to an allow nothing and push to the end of the list.
2018 */
2019
2020 curr_ace->attr = ALLOW_ACE;
2021 curr_ace->perms = (mode_t)0;
2022 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2023 continue;
2024 }
2025
2026 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2027
2028 if (allow_ace_p->attr != ALLOW_ACE)
2029 continue;
2030
2031 /* We process GID_ACE and WORLD_ACE entries only. */
2032
2033 if (allow_ace_p->owner_type == UID_ACE)
2034 continue;
2035
2036 if (uid_entry_in_group( curr_ace, allow_ace_p))
2037 new_perms |= allow_ace_p->perms;
2038 }
2039
2040 /*
2041 * Convert to a allow entry, modify the perms and push to the end
2042 * of the list.
2043 */
2044
2045 curr_ace->attr = ALLOW_ACE;
2046 curr_ace->perms = (new_perms & ~curr_ace->perms);
2047 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2048 }
2049
2050 /* Pass 3 above - deal with deny group entries. */
2051
2052 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2053 canon_ace *allow_ace_p;
2054 canon_ace *allow_everyone_p = NULL;
2055
2056 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2057
2058 if (curr_ace->attr != DENY_ACE)
2059 continue;
2060
2061 if (curr_ace->owner_type != GID_ACE)
2062 continue;
2063
2064 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2065
2066 if (allow_ace_p->attr != ALLOW_ACE)
2067 continue;
2068
2069 /* Store a pointer to the Everyone allow, if it exists. */
2070 if (allow_ace_p->owner_type == WORLD_ACE)
2071 allow_everyone_p = allow_ace_p;
2072
2073 /* We process UID_ACE entries only. */
2074
2075 if (allow_ace_p->owner_type != UID_ACE)
2076 continue;
2077
2078 /* Mask off the deny group perms. */
2079
2080 if (uid_entry_in_group( allow_ace_p, curr_ace))
2081 allow_ace_p->perms &= ~curr_ace->perms;
2082 }
2083
2084 /*
2085 * Convert the deny to an allow with the correct perms and
2086 * push to the end of the list.
2087 */
2088
2089 curr_ace->attr = ALLOW_ACE;
2090 if (allow_everyone_p)
2091 curr_ace->perms = allow_everyone_p->perms & ~curr_ace->perms;
2092 else
2093 curr_ace->perms = (mode_t)0;
2094 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2095 }
2096
2097 /* Doing this fourth pass allows Windows semantics to be layered
2098 * on top of POSIX semantics. I'm not sure if this is desirable.
2099 * For example, in W2K ACLs there is no way to say, "Group X no
2100 * access, user Y full access" if user Y is a member of group X.
2101 * This seems completely broken semantics to me.... JRA.
2102 */
2103
2104 #if 0
2105 /* Pass 4 above - deal with allow entries. */
2106
2107 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2108 canon_ace *allow_ace_p;
2109
2110 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2111
2112 if (curr_ace->attr != ALLOW_ACE)
2113 continue;
2114
2115 if (curr_ace->owner_type != UID_ACE)
2116 continue;
2117
2118 for (allow_ace_p = ace_list; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2119
2120 if (allow_ace_p->attr != ALLOW_ACE)
2121 continue;
2122
2123 /* We process GID_ACE entries only. */
2124
2125 if (allow_ace_p->owner_type != GID_ACE)
2126 continue;
2127
2128 /* OR in the group perms. */
2129
2130 if (uid_entry_in_group( curr_ace, allow_ace_p))
2131 curr_ace->perms |= allow_ace_p->perms;
2132 }
2133 }
2134 #endif
2135
2136 *pp_ace_list = ace_list;
2137 }
2138
2139 /****************************************************************************
2140 Create a default mode that will be used if a security descriptor entry has
2141 no user/group/world entries.
2142 ****************************************************************************/
2143
2144 static mode_t create_default_mode(files_struct *fsp, bool interitable_mode)
2145 {
2146 int snum = SNUM(fsp->conn);
2147 mode_t and_bits = (mode_t)0;
2148 mode_t or_bits = (mode_t)0;
2149 mode_t mode = interitable_mode
2150 ? unix_mode( fsp->conn, FILE_ATTRIBUTE_ARCHIVE, fsp->fsp_name,
2151 NULL )
2152 : S_IRUSR;
2153
2154 if (fsp->is_directory)
2155 mode |= (S_IWUSR|S_IXUSR);
2156
2157 /*
2158 * Now AND with the create mode/directory mode bits then OR with the
2159 * force create mode/force directory mode bits.
2160 */
2161
2162 if (fsp->is_directory) {
2163 and_bits = lp_dir_security_mask(snum);
2164 or_bits = lp_force_dir_security_mode(snum);
2165 } else {
2166 and_bits = lp_security_mask(snum);
2167 or_bits = lp_force_security_mode(snum);
2168 }
2169
2170 return ((mode & and_bits)|or_bits);
2171 }
2172
2173 /****************************************************************************
2174 Unpack a SEC_DESC into two canonical ace lists. We don't depend on this
2175 succeeding.
2176 ****************************************************************************/
2177
2178 static bool unpack_canon_ace(files_struct *fsp,
2179 SMB_STRUCT_STAT *pst,
2180 DOM_SID *pfile_owner_sid,
2181 DOM_SID *pfile_grp_sid,
2182 canon_ace **ppfile_ace,
2183 canon_ace **ppdir_ace,
2184 uint32 security_info_sent,
2185 const SEC_DESC *psd)
2186 {
2187 canon_ace *file_ace = NULL;
2188 canon_ace *dir_ace = NULL;
2189
2190 *ppfile_ace = NULL;
2191 *ppdir_ace = NULL;
2192
2193 if(security_info_sent == 0) {
2194 DEBUG(0,("unpack_canon_ace: no security info sent !\n"));
2195 return False;
2196 }
2197
2198 /*
2199 * If no DACL then this is a chown only security descriptor.
2200 */
2201
2202 if(!(security_info_sent & DACL_SECURITY_INFORMATION) || !psd->dacl)
2203 return True;
2204
2205 /*
2206 * Now go through the DACL and create the canon_ace lists.
2207 */
2208
2209 if (!create_canon_ace_lists( fsp, pst, pfile_owner_sid, pfile_grp_sid,
2210 &file_ace, &dir_ace, psd->dacl))
2211 return False;
2212
2213 if ((file_ace == NULL) && (dir_ace == NULL)) {
2214 /* W2K traverse DACL set - ignore. */
2215 return True;
2216 }
2217
2218 /*
2219 * Go through the canon_ace list and merge entries
2220 * belonging to identical users of identical allow or deny type.
2221 * We can do this as all deny entries come first, followed by
2222 * all allow entries (we have mandated this before accepting this acl).
2223 */
2224
2225 print_canon_ace_list( "file ace - before merge", file_ace);
2226 merge_aces( &file_ace );
2227
2228 print_canon_ace_list( "dir ace - before merge", dir_ace);
2229 merge_aces( &dir_ace );
2230
2231 /*
2232 * NT ACLs are order dependent. Go through the acl lists and
2233 * process DENY entries by masking the allow entries.
2234 */
2235
2236 print_canon_ace_list( "file ace - before deny", file_ace);
2237 process_deny_list( &file_ace);
2238
2239 print_canon_ace_list( "dir ace - before deny", dir_ace);
2240 process_deny_list( &dir_ace);
2241
2242 /*
2243 * A well formed POSIX file or default ACL has at least 3 entries, a
2244 * SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ
2245 * and optionally a mask entry. Ensure this is the case.
2246 */
2247
2248 print_canon_ace_list( "file ace - before valid", file_ace);
2249
2250 /*
2251 * A default 3 element mode entry for a file should be r-- --- ---.
2252 * A default 3 element mode entry for a directory should be rwx --- ---.
2253 */
2254
2255 pst->st_mode = create_default_mode(fsp, False);
2256
2257 if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
2258 free_canon_ace_list(file_ace);
2259 free_canon_ace_list(dir_ace);
2260 return False;
2261 }
2262
2263 print_canon_ace_list( "dir ace - before valid", dir_ace);
2264
2265 /*
2266 * A default inheritable 3 element mode entry for a directory should be the
2267 * mode Samba will use to create a file within. Ensure user rwx bits are set if
2268 * it's a directory.
2269 */
2270
2271 pst->st_mode = create_default_mode(fsp, True);
2272
2273 if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
2274 free_canon_ace_list(file_ace);
2275 free_canon_ace_list(dir_ace);
2276 return False;
2277 }
2278
2279 print_canon_ace_list( "file ace - return", file_ace);
2280 print_canon_ace_list( "dir ace - return", dir_ace);
2281
2282 *ppfile_ace = file_ace;
2283 *ppdir_ace = dir_ace;
2284 return True;
2285
2286 }
2287
2288 /******************************************************************************
2289 When returning permissions, try and fit NT display
2290 semantics if possible. Note the the canon_entries here must have been malloced.
2291 The list format should be - first entry = owner, followed by group and other user
2292 entries, last entry = other.
2293
2294 Note that this doesn't exactly match the NT semantics for an ACL. As POSIX entries
2295 are not ordered, and match on the most specific entry rather than walking a list,
2296 then a simple POSIX permission of rw-r--r-- should really map to 5 entries,
2297
2298 Entry 0: owner : deny all except read and write.
2299 Entry 1: owner : allow read and write.
2300 Entry 2: group : deny all except read.
2301 Entry 3: group : allow read.
2302 Entry 4: Everyone : allow read.
2303
2304 But NT cannot display this in their ACL editor !
2305 ********************************************************************************/
2306
2307 static void arrange_posix_perms(const char *filename, canon_ace **pp_list_head)
2308 {
2309 canon_ace *l_head = *pp_list_head;
2310 canon_ace *owner_ace = NULL;
2311 canon_ace *other_ace = NULL;
2312 canon_ace *ace = NULL;
2313
2314 for (ace = l_head; ace; ace = ace->next) {
2315 if (ace->type == SMB_ACL_USER_OBJ)
2316 owner_ace = ace;
2317 else if (ace->type == SMB_ACL_OTHER) {
2318 /* Last ace - this is "other" */
2319 other_ace = ace;
2320 }
2321 }
2322
2323 if (!owner_ace || !other_ace) {
2324 DEBUG(0,("arrange_posix_perms: Invalid POSIX permissions for file %s, missing owner or other.\n",
2325 filename ));
2326 return;
2327 }
2328
2329 /*
2330 * The POSIX algorithm applies to owner first, and other last,
2331 * so ensure they are arranged in this order.
2332 */
2333
2334 if (owner_ace) {
2335 DLIST_PROMOTE(l_head, owner_ace);
2336 }
2337
2338 if (other_ace) {
2339 DLIST_DEMOTE(l_head, other_ace, canon_ace *);
2340 }
2341
2342 /* We have probably changed the head of the list. */
2343
2344 *pp_list_head = l_head;
2345 }
2346
2347 /****************************************************************************
2348 Create a linked list of canonical ACE entries.
2349 ****************************************************************************/
2350
2351 static canon_ace *canonicalise_acl(struct connection_struct *conn,
2352 const char *fname, SMB_ACL_T posix_acl,
2353 const SMB_STRUCT_STAT *psbuf,
2354 const DOM_SID *powner, const DOM_SID *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type)
2355 {
2356 mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR);
2357 canon_ace *l_head = NULL;
2358 canon_ace *ace = NULL;
2359 canon_ace *next_ace = NULL;
2360 int entry_id = SMB_ACL_FIRST_ENTRY;
2361 SMB_ACL_ENTRY_T entry;
2362 size_t ace_count;
2363
2364 while ( posix_acl && (SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1)) {
2365 SMB_ACL_TAG_T tagtype;
2366 SMB_ACL_PERMSET_T permset;
2367 DOM_SID sid;
2368 posix_id unix_ug;
2369 enum ace_owner owner_type;
2370
2371 entry_id = SMB_ACL_NEXT_ENTRY;
2372
2373 /* Is this a MASK entry ? */
2374 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1)
2375 continue;
2376
2377 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1)
2378 continue;
2379
2380 /* Decide which SID to use based on the ACL type. */
2381 switch(tagtype) {
2382 case SMB_ACL_USER_OBJ:
2383 /* Get the SID from the owner. */
2384 sid_copy(&sid, powner);
2385 unix_ug.uid = psbuf->st_uid;
2386 owner_type = UID_ACE;
2387 break;
2388 case SMB_ACL_USER:
2389 {
2390 uid_t *puid = (uid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
2391 if (puid == NULL) {
2392 DEBUG(0,("canonicalise_acl: Failed to get uid.\n"));
2393 continue;
2394 }
2395 /*
2396 * A SMB_ACL_USER entry for the owner is shadowed by the
2397 * SMB_ACL_USER_OBJ entry and Windows also cannot represent
2398 * that entry, so we ignore it. We also don't create such
2399 * entries out of the blue when setting ACLs, so a get/set
2400 * cycle will drop them.
2401 */
2402 if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid) {
2403 SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
2404 continue;
2405 }
2406 uid_to_sid( &sid, *puid);
2407 unix_ug.uid = *puid;
2408 owner_type = UID_ACE;
2409 SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
2410 break;
2411 }
2412 case SMB_ACL_GROUP_OBJ:
2413 /* Get the SID from the owning group. */
2414 sid_copy(&sid, pgroup);
2415 unix_ug.gid = psbuf->st_gid;
2416 owner_type = GID_ACE;
2417 break;
2418 case SMB_ACL_GROUP:
2419 {
2420 gid_t *pgid = (gid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
2421 if (pgid == NULL) {
2422 DEBUG(0,("canonicalise_acl: Failed to get gid.\n"));
2423 continue;
2424 }
2425 gid_to_sid( &sid, *pgid);
2426 unix_ug.gid = *pgid;
2427 owner_type = GID_ACE;
2428 SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)pgid,tagtype);
2429 break;
2430 }
2431 case SMB_ACL_MASK:
2432 acl_mask = convert_permset_to_mode_t(conn, permset);
2433 continue; /* Don't count the mask as an entry. */
2434 case SMB_ACL_OTHER:
2435 /* Use the Everyone SID */
2436 sid = global_sid_World;
2437 unix_ug.world = -1;
2438 owner_type = WORLD_ACE;
2439 break;
2440 default:
2441 DEBUG(0,("canonicalise_acl: Unknown tagtype %u\n", (unsigned int)tagtype));
2442 continue;
2443 }
2444
2445 /*
2446 * Add this entry to the list.
2447 */
2448
2449 if ((ace = SMB_MALLOC_P(canon_ace)) == NULL)
2450 goto fail;
2451
2452 ZERO_STRUCTP(ace);
2453 ace->type = tagtype;
2454 ace->perms = convert_permset_to_mode_t(conn, permset);
2455 ace->attr = ALLOW_ACE;
2456 ace->trustee = sid;
2457 ace->unix_ug = unix_ug;
2458 ace->owner_type = owner_type;
2459 ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT));
2460
2461 DLIST_ADD(l_head, ace);
2462 }
2463
2464 /*
2465 * This next call will ensure we have at least a user/group/world set.
2466 */
2467
2468 if (!ensure_canon_entry_valid(&l_head, conn->params,
2469 S_ISDIR(psbuf->st_mode), powner, pgroup,
2470 psbuf, False))
2471 goto fail;
2472
2473 /*
2474 * Now go through the list, masking the permissions with the
2475 * acl_mask. Ensure all DENY Entries are at the start of the list.
2476 */
2477
2478 DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", the_acl_type == SMB_ACL_TYPE_ACCESS ? "Access" : "Default" ));
2479
2480 for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {
2481 next_ace = ace->next;
2482
2483 /* Masks are only applied to entries other than USER_OBJ and OTHER. */
2484 if (ace->type != SMB_ACL_OTHER && ace->type != SMB_ACL_USER_OBJ)
2485 ace->perms &= acl_mask;
2486
2487 if (ace->perms == 0) {
2488 DLIST_PROMOTE(l_head, ace);
2489 }
2490
2491 if( DEBUGLVL( 10 ) ) {
2492 print_canon_ace(ace, ace_count);
2493 }
2494 }
2495
2496 arrange_posix_perms(fname,&l_head );
2497
2498 print_canon_ace_list( "canonicalise_acl: ace entries after arrange", l_head );
2499
2500 return l_head;
2501
2502 fail:
2503
2504 free_canon_ace_list(l_head);
2505 return NULL;
2506 }
2507
2508 /****************************************************************************
2509 Check if the current user group list contains a given group.
2510 ****************************************************************************/
2511
2512 static bool current_user_in_group(gid_t gid)
2513 {
2514 int i;
2515
2516 for (i = 0; i < current_user.ut.ngroups; i++) {
2517 if (current_user.ut.groups[i] == gid) {
2518 return True;
2519 }
2520 }
2521
2522 return False;
2523 }
2524
2525 /****************************************************************************
2526 Should we override a deny ? Check 'acl group control' and 'dos filemode'.
2527 ****************************************************************************/
2528
2529 static bool acl_group_override(connection_struct *conn,
2530 gid_t prim_gid,
2531 const char *fname)
2532 {
2533 SMB_STRUCT_STAT sbuf;
2534
2535 if ((errno != EPERM) && (errno != EACCES)) {
2536 return false;
2537 }
2538
2539 /* file primary group == user primary or supplementary group */
2540 if (lp_acl_group_control(SNUM(conn)) &&
2541 current_user_in_group(prim_gid)) {
2542 return true;
2543 }
2544
2545 /* user has writeable permission */
2546 if (lp_dos_filemode(SNUM(conn)) &&
2547 can_write_to_file(conn, fname, &sbuf)) {
2548 return true;
2549 }
2550
2551 return false;
2552 }
2553
2554 /****************************************************************************
2555 Attempt to apply an ACL to a file or directory.
2556 ****************************************************************************/
2557
2558 static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool default_ace, gid_t prim_gid, bool *pacl_set_support)
2559 {
2560 connection_struct *conn = fsp->conn;
2561 bool ret = False;
2562 SMB_ACL_T the_acl = SMB_VFS_SYS_ACL_INIT(conn, (int)count_canon_ace_list(the_ace) + 1);
2563 canon_ace *p_ace;
2564 int i;
2565 SMB_ACL_ENTRY_T mask_entry;
2566 bool got_mask_entry = False;
2567 SMB_ACL_PERMSET_T mask_permset;
2568 SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS);
2569 bool needs_mask = False;
2570 mode_t mask_perms = 0;
2571
2572 #if defined(POSIX_ACL_NEEDS_MASK)
2573 /* HP-UX always wants to have a mask (called "class" there). */
2574 needs_mask = True;
2575 #endif
2576
2577 if (the_acl == NULL) {
2578
2579 if (!no_acl_syscall_error(errno)) {
2580 /*
2581 * Only print this error message if we have some kind of ACL
2582 * support that's not working. Otherwise we would always get this.
2583 */
2584 DEBUG(0,("set_canon_ace_list: Unable to init %s ACL. (%s)\n",
2585 default_ace ? "default" : "file", strerror(errno) ));
2586 }
2587 *pacl_set_support = False;
2588 return False;
2589 }
2590
2591 if( DEBUGLVL( 10 )) {
2592 dbgtext("set_canon_ace_list: setting ACL:\n");
2593 for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2594 print_canon_ace( p_ace, i);
2595 }
2596 }
2597
2598 for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2599 SMB_ACL_ENTRY_T the_entry;
2600 SMB_ACL_PERMSET_T the_permset;
2601
2602 /*
2603 * ACLs only "need" an ACL_MASK entry if there are any named user or
2604 * named group entries. But if there is an ACL_MASK entry, it applies
2605 * to ACL_USER, ACL_GROUP, and ACL_GROUP_OBJ entries. Set the mask
2606 * so that it doesn't deny (i.e., mask off) any permissions.
2607 */
2608
2609 if (p_ace->type == SMB_ACL_USER || p_ace->type == SMB_ACL_GROUP) {
2610 needs_mask = True;
2611 mask_perms |= p_ace->perms;
2612 } else if (p_ace->type == SMB_ACL_GROUP_OBJ) {
2613 mask_perms |= p_ace->perms;
2614 }
2615
2616 /*
2617 * Get the entry for this ACE.
2618 */
2619
2620 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &the_entry) == -1) {
2621 DEBUG(0,("set_canon_ace_list: Failed to create entry %d. (%s)\n",
2622 i, strerror(errno) ));
2623 goto fail;
2624 }
2625
2626 if (p_ace->type == SMB_ACL_MASK) {
2627 mask_entry = the_entry;
2628 got_mask_entry = True;
2629 }
2630
2631 /*
2632 * Ok - we now know the ACL calls should be working, don't
2633 * allow fallback to chmod.
2634 */
2635
2636 *pacl_set_support = True;
2637
2638 /*
2639 * Initialise the entry from the canon_ace.
2640 */
2641
2642 /*
2643 * First tell the entry what type of ACE this is.
2644 */
2645
2646 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, the_entry, p_ace->type) == -1) {
2647 DEBUG(0,("set_canon_ace_list: Failed to set tag type on entry %d. (%s)\n",
2648 i, strerror(errno) ));
2649 goto fail;
2650 }
2651
2652 /*
2653 * Only set the qualifier (user or group id) if the entry is a user
2654 * or group id ACE.
2655 */
2656
2657 if ((p_ace->type == SMB_ACL_USER) || (p_ace->type == SMB_ACL_GROUP)) {
2658 if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&p_ace->unix_ug.uid) == -1) {
2659 DEBUG(0,("set_canon_ace_list: Failed to set qualifier on entry %d. (%s)\n",
2660 i, strerror(errno) ));
2661 goto fail;
2662 }
2663 }
2664
2665 /*
2666 * Convert the mode_t perms in the canon_ace to a POSIX permset.
2667 */
2668
2669 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, the_entry, &the_permset) == -1) {
2670 DEBUG(0,("set_canon_ace_list: Failed to get permset on entry %d. (%s)\n",
2671 i, strerror(errno) ));
2672 goto fail;
2673 }
2674
2675 if (map_acl_perms_to_permset(conn, p_ace->perms, &the_permset) == -1) {
2676 DEBUG(0,("set_canon_ace_list: Failed to create permset for mode (%u) on entry %d. (%s)\n",
2677 (unsigned int)p_ace->perms, i, strerror(errno) ));
2678 goto fail;
2679 }
2680
2681 /*
2682 * ..and apply them to the entry.
2683 */
2684
2685 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, the_entry, the_permset) == -1) {
2686 DEBUG(0,("set_canon_ace_list: Failed to add permset on entry %d. (%s)\n",
2687 i, strerror(errno) ));
2688 goto fail;
2689 }
2690
2691 if( DEBUGLVL( 10 ))
2692 print_canon_ace( p_ace, i);
2693
2694 }
2695
2696 if (needs_mask && !got_mask_entry) {
2697 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &mask_entry) == -1) {
2698 DEBUG(0,("set_canon_ace_list: Failed to create mask entry. (%s)\n", strerror(errno) ));
2699 goto fail;
2700 }
2701
2702 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, mask_entry, SMB_ACL_MASK) == -1) {
2703 DEBUG(0,("set_canon_ace_list: Failed to set tag type on mask entry. (%s)\n",strerror(errno) ));
2704 goto fail;
2705 }
2706
2707 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, mask_entry, &mask_permset) == -1) {
2708 DEBUG(0,("set_canon_ace_list: Failed to get mask permset. (%s)\n", strerror(errno) ));
2709 goto fail;
2710 }
2711
2712 if (map_acl_perms_to_permset(conn, S_IRUSR|S_IWUSR|S_IXUSR, &mask_permset) == -1) {
2713 DEBUG(0,("set_canon_ace_list: Failed to create mask permset. (%s)\n", strerror(errno) ));
2714 goto fail;
2715 }
2716
2717 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, mask_entry, mask_permset) == -1) {
2718 DEBUG(0,("set_canon_ace_list: Failed to add mask permset. (%s)\n", strerror(errno) ));
2719 goto fail;
2720 }
2721 }
2722
2723 /*
2724 * Finally apply it to the file or directory.
2725 */
2726
2727 if(default_ace || fsp->is_directory || fsp->fh->fd == -1) {
2728 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, the_acl_type, the_acl) == -1) {
2729 /*
2730 * Some systems allow all the above calls and only fail with no ACL support
2731 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
2732 */
2733 if (no_acl_syscall_error(errno)) {
2734 *pacl_set_support = False;
2735 }
2736
2737 if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
2738 int sret;
2739
2740 DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
2741 fsp->fsp_name ));
2742
2743 become_root();
2744 sret = SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, the_acl_type, the_acl);
2745 unbecome_root();
2746 if (sret == 0) {
2747 ret = True;
2748 }
2749 }
2750
2751 if (ret == False) {
2752 DEBUG(2,("set_canon_ace_list: sys_acl_set_file type %s failed for file %s (%s).\n",
2753 the_acl_type == SMB_ACL_TYPE_DEFAULT ? "directory default" : "file",
2754 fsp->fsp_name, strerror(errno) ));
2755 goto fail;
2756 }
2757 }
2758 } else {
2759 if (SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl) == -1) {
2760 /*
2761 * Some systems allow all the above calls and only fail with no ACL support
2762 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
2763 */
2764 if (no_acl_syscall_error(errno)) {
2765 *pacl_set_support = False;
2766 }
2767
2768 if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
2769 int sret;
2770
2771 DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
2772 fsp->fsp_name ));
2773
2774 become_root();
2775 sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl);
2776 unbecome_root();
2777 if (sret == 0) {
2778 ret = True;
2779 }
2780 }
2781
2782 if (ret == False) {
2783 DEBUG(2,("set_canon_ace_list: sys_acl_set_file failed for file %s (%s).\n",
2784 fsp->fsp_name, strerror(errno) ));
2785 goto fail;
2786 }
2787 }
2788 }
2789
2790 ret = True;
2791
2792 fail:
2793
2794 if (the_acl != NULL) {
2795 SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
2796 }
2797
2798 return ret;
2799 }
2800
2801 /****************************************************************************
2802 Find a particular canon_ace entry.
2803 ****************************************************************************/
2804
2805 static struct canon_ace *canon_ace_entry_for(struct canon_ace *list, SMB_ACL_TAG_T type, posix_id *id)
2806 {
2807 while (list) {
2808 if (list->type == type && ((type != SMB_ACL_USER && type != SMB_ACL_GROUP) ||
2809 (type == SMB_ACL_USER && id && id->uid == list->unix_ug.uid) ||
2810 (type == SMB_ACL_GROUP && id && id->gid == list->unix_ug.gid)))
2811 break;
2812 list = list->next;
2813 }
2814 return list;
2815 }
2816
2817 /****************************************************************************
2818
2819 ****************************************************************************/
2820
2821 SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl)
2822 {
2823 SMB_ACL_ENTRY_T entry;
2824
2825 if (!the_acl)
2826 return NULL;
2827 if (SMB_VFS_SYS_ACL_GET_ENTRY(conn, the_acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) {
2828 SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
2829 return NULL;
2830 }
2831 return the_acl;
2832 }
2833
2834 /****************************************************************************
2835 Convert a canon_ace to a generic 3 element permission - if possible.
2836 ****************************************************************************/
2837
2838 #define MAP_PERM(p,mask,result) (((p) & (mask)) ? (result) : 0 )
2839
2840 static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms)
2841 {
2842 int snum = SNUM(fsp->conn);
2843 size_t ace_count = count_canon_ace_list(file_ace_list);
2844 canon_ace *ace_p;
2845 canon_ace *owner_ace = NULL;
2846 canon_ace *group_ace = NULL;
2847 canon_ace *other_ace = NULL;
2848 mode_t and_bits;
2849 mode_t or_bits;
2850
2851 if (ace_count != 3) {
2852 DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE entries for file %s to convert to \
2853 posix perms.\n", fsp->fsp_name ));
2854 return False;
2855 }
2856
2857 for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) {
2858 if (ace_p->owner_type == UID_ACE)
2859 owner_ace = ace_p;
2860 else if (ace_p->owner_type == GID_ACE)
2861 group_ace = ace_p;
2862 else if (ace_p->owner_type == WORLD_ACE)
2863 other_ace = ace_p;
2864 }
2865
2866 if (!owner_ace || !group_ace || !other_ace) {
2867 DEBUG(3,("convert_canon_ace_to_posix_perms: Can't get standard entries for file %s.\n",
2868 fsp->fsp_name ));
2869 return False;
2870 }
2871
2872 *posix_perms = (mode_t)0;
2873
2874 *posix_perms |= owner_ace->perms;
2875 *posix_perms |= MAP_PERM(group_ace->perms, S_IRUSR, S_IRGRP);
2876 *posix_perms |= MAP_PERM(group_ace->perms, S_IWUSR, S_IWGRP);
2877 *posix_perms |= MAP_PERM(group_ace->perms, S_IXUSR, S_IXGRP);
2878 *posix_perms |= MAP_PERM(other_ace->perms, S_IRUSR, S_IROTH);
2879 *posix_perms |= MAP_PERM(other_ace->perms, S_IWUSR, S_IWOTH);
2880 *posix_perms |= MAP_PERM(other_ace->perms, S_IXUSR, S_IXOTH);
2881
2882 /* The owner must have at least read access. */
2883
2884 *posix_perms |= S_IRUSR;
2885 if (fsp->is_directory)
2886 *posix_perms |= (S_IWUSR|S_IXUSR);
2887
2888 /* If requested apply the masks. */
2889
2890 /* Get the initial bits to apply. */
2891
2892 if (fsp->is_directory) {
2893 and_bits = lp_dir_security_mask(snum);
2894 or_bits = lp_force_dir_security_mode(snum);
2895 } else {
2896 and_bits = lp_security_mask(snum);
2897 or_bits = lp_force_security_mode(snum);
2898 }
2899
2900 *posix_perms = (((*posix_perms) & and_bits)|or_bits);
2901
2902 DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o to perm=0%o for file %s.\n",
2903 (int)owner_ace->perms, (int)group_ace->perms, (int)other_ace->perms, (int)*posix_perms,
2904 fsp->fsp_name ));
2905
2906 return True;
2907 }
2908
2909 /****************************************************************************
2910 Incoming NT ACLs on a directory can be split into a default POSIX acl (CI|OI|IO) and
2911 a normal POSIX acl. Win2k needs these split acls re-merging into one ACL
2912 with CI|OI set so it is inherited and also applies to the directory.
2913 Based on code from "Jim McDonough" <jmcd@us.ibm.com>.
2914 ****************************************************************************/
2915
2916 static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
2917 {
2918 size_t i, j;
2919
2920 for (i = 0; i < num_aces; i++) {
2921 for (j = i+1; j < num_aces; j++) {
2922 uint32 i_flags_ni = (nt_ace_list[i].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
2923 uint32 j_flags_ni = (nt_ace_list[j].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
2924 bool i_inh = (nt_ace_list[i].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
2925 bool j_inh = (nt_ace_list[j].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
2926
2927 /* We know the lower number ACE's are file entries. */
2928 if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
2929 (nt_ace_list[i].size == nt_ace_list[j].size) &&
2930 (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
2931 sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
2932 (i_inh == j_inh) &&
2933 (i_flags_ni == 0) &&
2934 (j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT|
2935 SEC_ACE_FLAG_CONTAINER_INHERIT|
2936 SEC_ACE_FLAG_INHERIT_ONLY))) {
2937 /*
2938 * W2K wants to have access allowed zero access ACE's
2939 * at the end of the list. If the mask is zero, merge
2940 * the non-inherited ACE onto the inherited ACE.
2941 */
2942
2943 if (nt_ace_list[i].access_mask == 0) {
2944 nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
2945 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
2946 if (num_aces - i - 1 > 0)
2947 memmove(&nt_ace_list[i], &nt_ace_list[i+1], (num_aces-i-1) *
2948 sizeof(SEC_ACE));
2949
2950 DEBUG(10,("merge_default_aces: Merging zero access ACE %u onto ACE %u.\n",
2951 (unsigned int)i, (unsigned int)j ));
2952 } else {
2953 /*
2954 * These are identical except for the flags.
2955 * Merge the inherited ACE onto the non-inherited ACE.
2956 */
2957
2958 nt_ace_list[i].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
2959 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
2960 if (num_aces - j - 1 > 0)
2961 memmove(&nt_ace_list[j], &nt_ace_list[j+1], (num_aces-j-1) *
2962 sizeof(SEC_ACE));
2963
2964 DEBUG(10,("merge_default_aces: Merging ACE %u onto ACE %u.\n",
2965 (unsigned int)j, (unsigned int)i ));
2966 }
2967 num_aces--;
2968 break;
2969 }
2970 }
2971 }
2972
2973 return num_aces;
2974 }
2975
2976 /*
2977 * Add or Replace ACE entry.
2978 * In some cases we need to add a specific ACE for compatibility reasons.
2979 * When doing that we must make sure we are not actually creating a duplicate
2980 * entry. So we need to search whether an ACE entry already exist and eventually
2981 * replacce the access mask, or add a completely new entry if none was found.
2982 *
2983 * This function assumes the array has enough space to add a new entry without
2984 * any reallocation of memory.
2985 */
2986
2987 static void add_or_replace_ace(SEC_ACE *nt_ace_list, size_t *num_aces,
2988 const DOM_SID *sid, enum security_ace_type type,
2989 uint32_t mask, uint8_t flags)
2990 {
2991 int i;
2992
2993 /* first search for a duplicate */
2994 for (i = 0; i < *num_aces; i++) {
2995 if (sid_equal(&nt_ace_list[i].trustee, sid) &&
2996 (nt_ace_list[i].flags == flags)) break;
2997 }
2998
2999 if (i < *num_aces) { /* found */
3000 nt_ace_list[i].type = type;
3001 nt_ace_list[i].access_mask = mask;
3002 DEBUG(10, ("Replacing ACE %d with SID %s and flags %02x\n",
3003 i, sid_string_dbg(sid), flags));
3004 return;
3005 }
3006
3007 /* not found, append it */
3008 init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags);
3009 }
3010
3011
3012 /****************************************************************************
3013 Reply to query a security descriptor from an fsp. If it succeeds it allocates
3014 the space for the return elements and returns the size needed to return the
3015 security descriptor. This should be the only external function needed for
3016 the UNIX style get ACL.
3017 ****************************************************************************/
3018
3019 static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
3020 const char *name,
3021 const SMB_STRUCT_STAT *sbuf,
3022 struct pai_val *pal,
3023 SMB_ACL_T posix_acl,
3024 SMB_ACL_T def_acl,
3025 uint32_t security_info,
3026 SEC_DESC **ppdesc)
3027 {
3028 DOM_SID owner_sid;
3029 DOM_SID group_sid;
3030 size_t sd_size = 0;
3031 SEC_ACL *psa = NULL;
3032 size_t num_acls = 0;
3033 size_t num_def_acls = 0;
3034 size_t num_aces = 0;
3035 canon_ace *file_ace = NULL;
3036 canon_ace *dir_ace = NULL;
3037 SEC_ACE *nt_ace_list = NULL;
3038 size_t num_profile_acls = 0;
3039 DOM_SID orig_owner_sid;
3040 SEC_DESC *psd = NULL;
3041 int i;
3042
3043 /*
3044 * Get the owner, group and world SIDs.
3045 */
3046
3047 create_file_sids(sbuf, &owner_sid, &group_sid);
3048
3049 if (lp_profile_acls(SNUM(conn))) {
3050 /* For WXP SP1 the owner must be administrators. */
3051 sid_copy(&orig_owner_sid, &owner_sid);
3052 sid_copy(&owner_sid, &global_sid_Builtin_Administrators);
3053 sid_copy(&group_sid, &global_sid_Builtin_Users);
3054 num_profile_acls = 3;
3055 }
3056
3057 if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
3058
3059 /*
3060 * In the optimum case Creator Owner and Creator Group would be used for
3061 * the ACL_USER_OBJ and ACL_GROUP_OBJ entries, respectively, but this
3062 * would lead to usability problems under Windows: The Creator entries
3063 * are only available in browse lists of directories and not for files;
3064 * additionally the identity of the owning group couldn't be determined.
3065 * We therefore use those identities only for Default ACLs.
3066 */
3067
3068 /* Create the canon_ace lists. */
3069 file_ace = canonicalise_acl(conn, name, posix_acl, sbuf,
3070 &owner_sid, &group_sid, pal,
3071 SMB_ACL_TYPE_ACCESS);
3072
3073 /* We must have *some* ACLS. */
3074
3075 if (count_canon_ace_list(file_ace) == 0) {
3076 DEBUG(0,("get_nt_acl : No ACLs on file (%s) !\n", name));
3077 goto done;
3078 }
3079
3080 if (S_ISDIR(sbuf->st_mode) && def_acl) {
3081 dir_ace = canonicalise_acl(conn, name, def_acl,
3082 sbuf,
3083 &global_sid_Creator_Owner,
3084 &global_sid_Creator_Group,
3085 pal, SMB_ACL_TYPE_DEFAULT);
3086 }
3087
3088 /*
3089 * Create the NT ACE list from the canonical ace lists.
3090 */
3091
3092 {
3093 canon_ace *ace;
3094 enum security_ace_type nt_acl_type;
3095
3096 if (nt4_compatible_acls() && dir_ace) {
3097 /*
3098 * NT 4 chokes if an ACL contains an INHERIT_ONLY entry
3099 * but no non-INHERIT_ONLY entry for one SID. So we only
3100 * remove entries from the Access ACL if the
3101 * corresponding Default ACL entries have also been
3102 * removed. ACEs for CREATOR-OWNER and CREATOR-GROUP
3103 * are exceptions. We can do nothing
3104 * intelligent if the Default ACL contains entries that
3105 * are not also contained in the Access ACL, so this
3106 * case will still fail under NT 4.
3107 */
3108
3109 ace = canon_ace_entry_for(dir_ace, SMB_ACL_OTHER, NULL);
3110 if (ace && !ace->perms) {
3111 DLIST_REMOVE(dir_ace, ace);
3112 SAFE_FREE(ace);
3113
3114 ace = canon_ace_entry_for(file_ace, SMB_ACL_OTHER, NULL);
3115 if (ace && !ace->perms) {
3116 DLIST_REMOVE(file_ace, ace);
3117 SAFE_FREE(ace);
3118 }
3119 }
3120
3121 /*
3122 * WinNT doesn't usually have Creator Group
3123 * in browse lists, so we send this entry to
3124 * WinNT even if it contains no relevant
3125 * permissions. Once we can add
3126 * Creator Group to browse lists we can
3127 * re-enable this.
3128 */
3129
3130 #if 0
3131 ace = canon_ace_entry_for(dir_ace, SMB_ACL_GROUP_OBJ, NULL);
3132 if (ace && !ace->perms) {
3133 DLIST_REMOVE(dir_ace, ace);
3134 SAFE_FREE(ace);
3135 }
3136 #endif
3137
3138 ace = canon_ace_entry_for(file_ace, SMB_ACL_GROUP_OBJ, NULL);
3139 if (ace && !ace->perms) {
3140 DLIST_REMOVE(file_ace, ace);
3141 SAFE_FREE(ace);
3142 }
3143 }
3144
3145 num_acls = count_canon_ace_list(file_ace);
3146 num_def_acls = count_canon_ace_list(dir_ace);
3147
3148 /* Allocate the ace list. */
3149 if ((nt_ace_list = SMB_MALLOC_ARRAY(SEC_ACE,num_acls + num_profile_acls + num_def_acls)) == NULL) {
3150 DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
3151 goto done;
3152 }
3153
3154 memset(nt_ace_list, '\0', (num_acls + num_def_acls) * sizeof(SEC_ACE) );
3155
3156 /*
3157 * Create the NT ACE list from the canonical ace lists.
3158 */
3159
3160 for (ace = file_ace; ace != NULL; ace = ace->next) {
3161 uint32_t acc = map_canon_ace_perms(SNUM(conn),
3162 &nt_acl_type,
3163 ace->perms,
3164 S_ISDIR(sbuf->st_mode));
3165 init_sec_ace(&nt_ace_list[num_aces++],
3166 &ace->trustee,
3167 nt_acl_type,
3168 acc,
3169 ace->ace_flags);
3170 }
3171
3172 /* The User must have access to a profile share - even
3173 * if we can't map the SID. */
3174 if (lp_profile_acls(SNUM(conn))) {
3175 add_or_replace_ace(nt_ace_list, &num_aces,
3176 &global_sid_Builtin_Users,
3177 SEC_ACE_TYPE_ACCESS_ALLOWED,
3178 FILE_GENERIC_ALL, 0);
3179 }
3180
3181 for (ace = dir_ace; ace != NULL; ace = ace->next) {
3182 uint32_t acc = map_canon_ace_perms(SNUM(conn),
3183 &nt_acl_type,
3184 ace->perms,
3185 S_ISDIR(sbuf->st_mode));
3186 init_sec_ace(&nt_ace_list[num_aces++],
3187 &ace->trustee,
3188 nt_acl_type,
3189 acc,
3190 ace->ace_flags |
3191 SEC_ACE_FLAG_OBJECT_INHERIT|
3192 SEC_ACE_FLAG_CONTAINER_INHERIT|
3193 SEC_ACE_FLAG_INHERIT_ONLY);
3194 }
3195
3196 /* The User must have access to a profile share - even
3197 * if we can't map the SID. */
3198 if (lp_profile_acls(SNUM(conn))) {
3199 add_or_replace_ace(nt_ace_list, &num_aces,
3200 &global_sid_Builtin_Users,
3201 SEC_ACE_TYPE_ACCESS_ALLOWED,
3202 FILE_GENERIC_ALL,
3203 SEC_ACE_FLAG_OBJECT_INHERIT |
3204 SEC_ACE_FLAG_CONTAINER_INHERIT |
3205 SEC_ACE_FLAG_INHERIT_ONLY);
3206 }
3207
3208 /*
3209 * Merge POSIX default ACLs and normal ACLs into one NT ACE.
3210 * Win2K needs this to get the inheritance correct when replacing ACLs
3211 * on a directory tree. Based on work by Jim @ IBM.
3212 */
3213
3214 num_aces = merge_default_aces(nt_ace_list, num_aces);
3215
3216 if (lp_profile_acls(SNUM(conn))) {
3217 for (i = 0; i < num_aces; i++) {
3218 if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
3219 add_or_replace_ace(nt_ace_list, &num_aces,
3220 &orig_owner_sid,
3221 nt_ace_list[i].type,
3222 nt_ace_list[i].access_mask,
3223 nt_ace_list[i].flags);
3224 break;
3225 }
3226 }
3227 }
3228 }
3229
3230 if (num_aces) {
3231 if((psa = make_sec_acl( talloc_tos(), NT4_ACL_REVISION, num_aces, nt_ace_list)) == NULL) {
3232 DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
3233 goto done;
3234 }
3235 }
3236 } /* security_info & DACL_SECURITY_INFORMATION */
3237
3238 psd = make_standard_sec_desc( talloc_tos(),
3239 (security_info & OWNER_SECURITY_INFORMATION) ? &owner_sid : NULL,
3240 (security_info & GROUP_SECURITY_INFORMATION) ? &group_sid : NULL,
3241 psa,
3242 &sd_size);
3243
3244 if(!psd) {
3245 DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
3246 sd_size = 0;
3247 goto done;
3248 }
3249
3250 /*
3251 * Windows 2000: The DACL_PROTECTED flag in the security
3252 * descriptor marks the ACL as non-inheriting, i.e., no
3253 * ACEs from higher level directories propagate to this
3254 * ACL. In the POSIX ACL model permissions are only
3255 * inherited at file create time, so ACLs never contain
3256 * any ACEs that are inherited dynamically. The DACL_PROTECTED
3257 * flag doesn't seem to bother Windows NT.
3258 * Always set this if map acl inherit is turned off.
3259 */
3260 if (pal == NULL || !lp_map_acl_inherit(SNUM(conn))) {
3261 psd->type |= SEC_DESC_DACL_PROTECTED;
3262 } else {
3263 psd->type |= pal->sd_type;
3264 }
3265
3266 if (psd->dacl) {
3267 dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces);
3268 }
3269
3270 *ppdesc = psd;
3271
3272 done:
3273
3274 if (posix_acl) {
3275 SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
3276 }
3277 if (def_acl) {
3278 SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
3279 }
3280 free_canon_ace_list(file_ace);
3281 free_canon_ace_list(dir_ace);
3282 free_inherited_info(pal);
3283 SAFE_FREE(nt_ace_list);
3284
3285 return NT_STATUS_OK;
3286 }
3287
3288 NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
3289 SEC_DESC **ppdesc)
3290 {
3291 SMB_STRUCT_STAT sbuf;
3292 SMB_ACL_T posix_acl = NULL;
3293 struct pai_val *pal;
3294
3295 *ppdesc = NULL;
3296
3297 DEBUG(10,("posix_fget_nt_acl: called for file %s\n", fsp->fsp_name ));
3298
3299 /* can it happen that fsp_name == NULL ? */
3300 if (fsp->is_directory || fsp->fh->fd == -1) {
3301 return posix_get_nt_acl(fsp->conn, fsp->fsp_name,
3302 security_info, ppdesc);
3303 }
3304
3305 /* Get the stat struct for the owner info. */
3306 if(SMB_VFS_FSTAT(fsp, &sbuf) != 0) {
3307 return map_nt_error_from_unix(errno);
3308 }
3309
3310 /* Get the ACL from the fd. */
3311 posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
3312
3313 pal = fload_inherited_info(fsp);
3314
3315 return posix_get_nt_acl_common(fsp->conn, fsp->fsp_name, &sbuf, pal,
3316 posix_acl, NULL, security_info, ppdesc);
3317 }
3318
3319 NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
3320 uint32_t security_info, SEC_DESC **ppdesc)
3321 {
3322 SMB_STRUCT_STAT sbuf;
3323 SMB_ACL_T posix_acl = NULL;
3324 SMB_ACL_T def_acl = NULL;
3325 struct pai_val *pal;
3326
3327 *ppdesc = NULL;
3328
3329 DEBUG(10,("posix_get_nt_acl: called for file %s\n", name ));
3330
3331 /* Get the stat struct for the owner info. */
3332 if(SMB_VFS_STAT(conn, name, &sbuf) != 0) {
3333 return map_nt_error_from_unix(errno);
3334 }
3335
3336 /* Get the ACL from the path. */
3337 posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name, SMB_ACL_TYPE_ACCESS);
3338
3339 /* If it's a directory get the default POSIX ACL. */
3340 if(S_ISDIR(sbuf.st_mode)) {
3341 def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name, SMB_ACL_TYPE_DEFAULT);
3342 def_acl = free_empty_sys_acl(conn, def_acl);
3343 }
3344
3345 pal = load_inherited_info(conn, name);
3346
3347 return posix_get_nt_acl_common(conn, name, &sbuf, pal, posix_acl,
3348 def_acl, security_info, ppdesc);
3349 }
3350
3351 /****************************************************************************
3352 Try to chown a file. We will be able to chown it under the following conditions.
3353
3354 1) If we have root privileges, then it will just work.
3355 2) If we have SeTakeOwnershipPrivilege we can change the user to the current user.
3356 3) If we have SeRestorePrivilege we can change the user to any other user.
3357 4) If we have write permission to the file and dos_filemodes is set
3358 then allow chown to the currently authenticated user.
3359 ****************************************************************************/
3360
3361 int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid)
3362 {
3363 int ret;
3364 files_struct *fsp;
3365 SMB_STRUCT_STAT st;
3366
3367 if(!CAN_WRITE(conn)) {
3368 return -1;
3369 }
3370
3371 /* Case (1). */
3372 /* try the direct way first */
3373 ret = SMB_VFS_CHOWN(conn, fname, uid, gid);
3374 if (ret == 0)
3375 return 0;
3376
3377 /* Case (2) / (3) */
3378 if (lp_enable_privileges()) {
3379
3380 bool has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
3381 &se_take_ownership);
3382 bool has_restore_priv = user_has_privileges(current_user.nt_user_token,
3383 &se_restore);
3384
3385 /* Case (2) */
3386 if ( ( has_take_ownership_priv && ( uid == current_user.ut.uid ) ) ||
3387 /* Case (3) */
3388 ( has_restore_priv ) ) {
3389
3390 become_root();
3391 /* Keep the current file gid the same - take ownership doesn't imply group change. */
3392 ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
3393 unbecome_root();
3394 return ret;
3395 }
3396 }
3397
3398 /* Case (4). */
3399 if (!lp_dos_filemode(SNUM(conn))) {
3400 errno = EPERM;
3401 return -1;
3402 }
3403
3404 /* only allow chown to the current user. This is more secure,
3405 and also copes with the case where the SID in a take ownership ACL is
3406 a local SID on the users workstation
3407 */
3408 if (uid != current_user.ut.uid) {
3409 errno = EPERM;
3410 return -1;
3411 }
3412
3413 if (SMB_VFS_STAT(conn,fname,&st)) {
3414 return -1;
3415 }
3416
3417 if (!NT_STATUS_IS_OK(open_file_fchmod(NULL, conn, fname, &st, &fsp))) {
3418 return -1;
3419 }
3420
3421 become_root();
3422 /* Keep the current file gid the same. */
3423 ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1);
3424 unbecome_root();
3425
3426 close_file_fchmod(NULL, fsp);
3427
3428 return ret;
3429 }
3430
3431 #if 0
3432 /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */
3433
3434 /****************************************************************************
3435 Take care of parent ACL inheritance.
3436 ****************************************************************************/
3437
3438 NTSTATUS append_parent_acl(files_struct *fsp,
3439 const SEC_DESC *pcsd,
3440 SEC_DESC **pp_new_sd)
3441 {
3442 SEC_DESC *parent_sd = NULL;
3443 files_struct *parent_fsp = NULL;
3444 TALLOC_CTX *mem_ctx = talloc_tos();
3445 char *parent_name = NULL;
3446 SEC_ACE *new_ace = NULL;
3447 unsigned int num_aces = pcsd->dacl->num_aces;
3448 SMB_STRUCT_STAT sbuf;
3449 NTSTATUS status;
3450 int info;
3451 unsigned int i, j;
3452 SEC_DESC *psd = dup_sec_desc(talloc_tos(), pcsd);
3453 bool is_dacl_protected = (pcsd->type & SEC_DESC_DACL_PROTECTED);
3454
3455 ZERO_STRUCT(sbuf);
3456
3457 if (psd == NULL) {
3458 return NT_STATUS_NO_MEMORY;
3459 }
3460
3461 if (!parent_dirname(mem_ctx, fsp->fsp_name, &parent_name, NULL)) {
3462 return NT_STATUS_NO_MEMORY;
3463 }
3464
3465 status = SMB_VFS_CREATE_FILE(
3466 fsp->conn, /* conn */
3467 NULL, /* req */
3468 0, /* root_dir_fid */
3469 parent_name, /* fname */
3470 0, /* create_file_flags */
3471 FILE_READ_ATTRIBUTES, /* access_mask */
3472 FILE_SHARE_NONE, /* share_access */
3473 FILE_OPEN, /* create_disposition*/
3474 FILE_DIRECTORY_FILE, /* create_options */
3475 0, /* file_attributes */
3476 INTERNAL_OPEN_ONLY, /* oplock_request */
3477 0, /* allocation_size */
3478 NULL, /* sd */
3479 NULL, /* ea_list */
3480 &parent_fsp, /* result */
3481 &info, /* pinfo */
3482 &sbuf); /* psbuf */
3483
3484 if (!NT_STATUS_IS_OK(status)) {
3485 return status;
3486 }
3487
3488 status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, parent_fsp->fsp_name,
3489 DACL_SECURITY_INFORMATION, &parent_sd );
3490
3491 close_file(NULL, parent_fsp, NORMAL_CLOSE);
3492
3493 if (!NT_STATUS_IS_OK(status)) {
3494 return status;
3495 }
3496
3497 /*
3498 * Make room for potentially all the ACLs from
3499 * the parent. We used to add the ugw triple here,
3500 * as we knew we were dealing with POSIX ACLs.
3501 * We no longer need to do so as we can guarentee
3502 * that a default ACL from the parent directory will
3503 * be well formed for POSIX ACLs if it came from a
3504 * POSIX ACL source, and if we're not writing to a
3505 * POSIX ACL sink then we don't care if it's not well
3506 * formed. JRA.
3507 */
3508
3509 num_aces += parent_sd->dacl->num_aces;
3510
3511 if((new_ace = TALLOC_ZERO_ARRAY(mem_ctx, SEC_ACE,
3512 num_aces)) == NULL) {
3513 return NT_STATUS_NO_MEMORY;
3514 }
3515
3516 /* Start by copying in all the given ACE entries. */
3517 for (i = 0; i < psd->dacl->num_aces; i++) {
3518 sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]);
3519 }
3520
3521 /*
3522 * Note that we're ignoring "inherit permissions" here
3523 * as that really only applies to newly created files. JRA.
3524 */
3525
3526 /* Finally append any inherited ACEs. */
3527 for (j = 0; j < parent_sd->dacl->num_aces; j++) {
3528 SEC_ACE *se = &parent_sd->dacl->aces[j];
3529
3530 if (fsp->is_directory) {
3531 if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
3532 /* Doesn't apply to a directory - ignore. */
3533 DEBUG(10,("append_parent_acl: directory %s "
3534 "ignoring non container "
3535 "inherit flags %u on ACE with sid %s "
3536 "from parent %s\n",
3537 fsp->fsp_name,
3538 (unsigned int)se->flags,
3539 sid_string_dbg(&se->trustee),
3540 parent_name));
3541 continue;
3542 }
3543 } else {
3544 if (!(se->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
3545 /* Doesn't apply to a file - ignore. */
3546 DEBUG(10,("append_parent_acl: file %s "
3547 "ignoring non object "
3548 "inherit flags %u on ACE with sid %s "
3549 "from parent %s\n",
3550 fsp->fsp_name,
3551 (unsigned int)se->flags,
3552 sid_string_dbg(&se->trustee),
3553 parent_name));
3554 continue;
3555 }
3556 }
3557
3558 if (is_dacl_protected) {
3559 /* If the DACL is protected it means we must
3560 * not overwrite an existing ACE entry with the
3561 * same SID. This is order N^2. Ouch :-(. JRA. */
3562 unsigned int k;
3563 for (k = 0; k < psd->dacl->num_aces; k++) {
3564 if (sid_equal(&psd->dacl->aces[k].trustee,
3565 &se->trustee)) {
3566 break;
3567 }
3568 }
3569 if (k < psd->dacl->num_aces) {
3570 /* SID matched. Ignore. */
3571 DEBUG(10,("append_parent_acl: path %s "
3572 "ignoring ACE with protected sid %s "
3573 "from parent %s\n",
3574 fsp->fsp_name,
3575 sid_string_dbg(&se->trustee),
3576 parent_name));
3577 continue;
3578 }
3579 }
3580
3581 sec_ace_copy(&new_ace[i], se);
3582 if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
3583 new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT);
3584 }
3585 new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE;
3586
3587 if (fsp->is_directory) {
3588 /*
3589 * Strip off any inherit only. It's applied.
3590 */
3591 new_ace[i].flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY);
3592 if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
3593 /* No further inheritance. */
3594 new_ace[i].flags &=
3595 ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
3596 SEC_ACE_FLAG_OBJECT_INHERIT);
3597 }
3598 } else {
3599 /*
3600 * Strip off any container or inherit
3601 * flags, they can't apply to objects.
3602 */
3603 new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
3604 SEC_ACE_FLAG_INHERIT_ONLY|
3605 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
3606 }
3607 i++;
3608
3609 DEBUG(10,("append_parent_acl: path %s "
3610 "inheriting ACE with sid %s "
3611 "from parent %s\n",
3612 fsp->fsp_name,
3613 sid_string_dbg(&se->trustee),
3614 parent_name));
3615 }
3616
3617 psd->dacl->aces = new_ace;
3618 psd->dacl->num_aces = i;
3619 psd->type &= ~(SE_DESC_DACL_AUTO_INHERITED|
3620 SE_DESC_DACL_AUTO_INHERIT_REQ);
3621
3622 *pp_new_sd = psd;
3623 return status;
3624 }
3625 #endif
3626
3627 /****************************************************************************
3628 Reply to set a security descriptor on an fsp. security_info_sent is the
3629 description of the following NT ACL.
3630 This should be the only external function needed for the UNIX style set ACL.
3631 ****************************************************************************/
3632
3633 NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
3634 {
3635 connection_struct *conn = fsp->conn;
3636 uid_t user = (uid_t)-1;
3637 gid_t grp = (gid_t)-1;
3638 SMB_STRUCT_STAT sbuf;
3639 DOM_SID file_owner_sid;
3640 DOM_SID file_grp_sid;
3641 canon_ace *file_ace_list = NULL;
3642 canon_ace *dir_ace_list = NULL;
3643 bool acl_perms = False;
3644 mode_t orig_mode = (mode_t)0;
3645 NTSTATUS status;
3646 bool set_acl_as_root = false;
3647 bool acl_set_support = false;
3648 bool ret = false;
3649
3650 DEBUG(10,("set_nt_acl: called for file %s\n", fsp->fsp_name ));
3651
3652 if (!CAN_WRITE(conn)) {
3653 DEBUG(10,("set acl rejected on read-only share\n"));
3654 return NT_STATUS_MEDIA_WRITE_PROTECTED;
3655 }
3656
3657 /*
3658 * Get the current state of the file.
3659 */
3660
3661 if(fsp->is_directory || fsp->fh->fd == -1) {
3662 if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0)
3663 return map_nt_error_from_unix(errno);
3664 } else {
3665 if(SMB_VFS_FSTAT(fsp, &sbuf) != 0)
3666 return map_nt_error_from_unix(errno);
3667 }
3668
3669 /* Save the original element we check against. */
3670 orig_mode = sbuf.st_mode;
3671
3672 /*
3673 * Unpack the user/group/world id's.
3674 */
3675
3676 status = unpack_nt_owners( SNUM(conn), &user, &grp, security_info_sent, psd);
3677 if (!NT_STATUS_IS_OK(status)) {
3678 return status;
3679 }
3680
3681 /*
3682 * Do we need to chown ? If so this must be done first as the incoming
3683 * CREATOR_OWNER acl will be relative to the *new* owner, not the old.
3684 * Noticed by Simo.
3685 */
3686
3687 if (((user != (uid_t)-1) && (sbuf.st_uid != user)) || (( grp != (gid_t)-1) && (sbuf.st_gid != grp))) {
3688
3689 DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
3690 fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
3691
3692 if(try_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) {
3693 DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error = %s.\n",
3694 fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) ));
3695 if (errno == EPERM) {
3696 return NT_STATUS_INVALID_OWNER;
3697 }
3698 return map_nt_error_from_unix(errno);
3699 }
3700
3701 /*
3702 * Recheck the current state of the file, which may have changed.
3703 * (suid/sgid bits, for instance)
3704 */
3705
3706 if(fsp->is_directory) {
3707 if(SMB_VFS_STAT(fsp->conn, fsp->fsp_name, &sbuf) != 0) {
3708 return map_nt_error_from_unix(errno);
3709 }
3710 } else {
3711
3712 int sret;
3713
3714 if(fsp->fh->fd == -1)
3715 sret = SMB_VFS_STAT(fsp->conn, fsp->fsp_name, &sbuf);
3716 else
3717 sret = SMB_VFS_FSTAT(fsp, &sbuf);
3718
3719 if(sret != 0)
3720 return map_nt_error_from_unix(errno);
3721 }
3722
3723 /* Save the original element we check against. */
3724 orig_mode = sbuf.st_mode;
3725
3726 /* If we successfully chowned, we know we must
3727 * be able to set the acl, so do it as root.
3728 */
3729 set_acl_as_root = true;
3730 }
3731
3732 create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid);
3733
3734 acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid,
3735 &file_ace_list, &dir_ace_list, security_info_sent, psd);
3736
3737 /* Ignore W2K traverse DACL set. */
3738 if (!file_ace_list && !dir_ace_list) {
3739 return NT_STATUS_OK;
3740 }
3741
3742 if (!acl_perms) {
3743 DEBUG(3,("set_nt_acl: cannot set permissions\n"));
3744 free_canon_ace_list(file_ace_list);
3745 free_canon_ace_list(dir_ace_list);
3746 return NT_STATUS_ACCESS_DENIED;
3747 }
3748
3749 /*
3750 * Only change security if we got a DACL.
3751 */
3752
3753 if(!(security_info_sent & DACL_SECURITY_INFORMATION) || (psd->dacl == NULL)) {
3754 free_canon_ace_list(file_ace_list);
3755 free_canon_ace_list(dir_ace_list);
3756 return NT_STATUS_OK;
3757 }
3758
3759 /*
3760 * Try using the POSIX ACL set first. Fall back to chmod if
3761 * we have no ACL support on this filesystem.
3762 */
3763
3764 if (acl_perms && file_ace_list) {
3765 if (set_acl_as_root) {
3766 become_root();
3767 }
3768 ret = set_canon_ace_list(fsp, file_ace_list, False, sbuf.st_gid, &acl_set_support);
3769 if (set_acl_as_root) {
3770 unbecome_root();
3771 }
3772 if (acl_set_support && ret == false) {
3773 DEBUG(3,("set_nt_acl: failed to set file acl on file %s (%s).\n", fsp->fsp_name, strerror(errno) ));
3774 free_canon_ace_list(file_ace_list);
3775 free_canon_ace_list(dir_ace_list);
3776 return map_nt_error_from_unix(errno);
3777 }
3778 }
3779
3780 if (acl_perms && acl_set_support && fsp->is_directory) {
3781 if (dir_ace_list) {
3782 if (set_acl_as_root) {
3783 become_root();
3784 }
3785 ret = set_canon_ace_list(fsp, dir_ace_list, True, sbuf.st_gid, &acl_set_support);
3786 if (set_acl_as_root) {
3787 unbecome_root();
3788 }
3789 if (ret == false) {
3790 DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) ));
3791 free_canon_ace_list(file_ace_list);
3792 free_canon_ace_list(dir_ace_list);
3793 return map_nt_error_from_unix(errno);
3794 }
3795 } else {
3796 int sret = -1;
3797
3798 /*
3799 * No default ACL - delete one if it exists.
3800 */
3801
3802 if (set_acl_as_root) {
3803 become_root();
3804 }
3805 sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name);
3806 if (set_acl_as_root) {
3807 unbecome_root();
3808 }
3809 if (sret == -1) {
3810 if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) {
3811 DEBUG(5,("set_nt_acl: acl group control on and "
3812 "current user in file %s primary group. Override delete_def_acl\n",
3813 fsp->fsp_name ));
3814
3815 become_root();
3816 sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name);
3817 unbecome_root();
3818 }
3819
3820 if (sret == -1) {
3821 DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno)));
3822 free_canon_ace_list(file_ace_list);
3823 free_canon_ace_list(dir_ace_list);
3824 return map_nt_error_from_unix(errno);
3825 }
3826 }
3827 }
3828 }
3829
3830 if (acl_set_support) {
3831 if (set_acl_as_root) {
3832 become_root();
3833 }
3834 store_inheritance_attributes(fsp,
3835 file_ace_list,
3836 dir_ace_list,
3837 psd->type);
3838 if (set_acl_as_root) {
3839 unbecome_root();
3840 }
3841 }
3842
3843 /*
3844 * If we cannot set using POSIX ACLs we fall back to checking if we need to chmod.
3845 */
3846
3847 if(!acl_set_support && acl_perms) {
3848 mode_t posix_perms;
3849
3850 if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) {
3851 free_canon_ace_list(file_ace_list);
3852 free_canon_ace_list(dir_ace_list);
3853 DEBUG(3,("set_nt_acl: failed to convert file acl to posix permissions for file %s.\n",
3854 fsp->fsp_name ));
3855 return NT_STATUS_ACCESS_DENIED;
3856 }
3857
3858 if (orig_mode != posix_perms) {
3859 int sret = -1;
3860
3861 DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n",
3862 fsp->fsp_name, (unsigned int)posix_perms ));
3863
3864 if (set_acl_as_root) {
3865 become_root();
3866 }
3867 sret = SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms);
3868 if (set_acl_as_root) {
3869 unbecome_root();
3870 }
3871 if(sret == -1) {
3872 if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) {
3873 DEBUG(5,("set_nt_acl: acl group control on and "
3874 "current user in file %s primary group. Override chmod\n",
3875 fsp->fsp_name ));
3876
3877 become_root();
3878 sret = SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms);
3879 unbecome_root();
3880 }
3881
3882 if (sret == -1) {
3883 DEBUG(3,("set_nt_acl: chmod %s, 0%o failed. Error = %s.\n",
3884 fsp->fsp_name, (unsigned int)posix_perms, strerror(errno) ));
3885 free_canon_ace_list(file_ace_list);
3886 free_canon_ace_list(dir_ace_list);
3887 return map_nt_error_from_unix(errno);
3888 }
3889 }
3890 }
3891 }
3892
3893 free_canon_ace_list(file_ace_list);
3894 free_canon_ace_list(dir_ace_list);
3895
3896 return NT_STATUS_OK;
3897 }
3898
3899 /****************************************************************************
3900 Get the actual group bits stored on a file with an ACL. Has no effect if
3901 the file has no ACL. Needed in dosmode code where the stat() will return
3902 the mask bits, not the real group bits, for a file with an ACL.
3903 ****************************************************************************/
3904
3905 int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode )
3906 {
3907 int entry_id = SMB_ACL_FIRST_ENTRY;
3908 SMB_ACL_ENTRY_T entry;
3909 SMB_ACL_T posix_acl;
3910 int result = -1;
3911
3912 posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS);
3913 if (posix_acl == (SMB_ACL_T)NULL)
3914 return -1;
3915
3916 while (SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) {
3917 SMB_ACL_TAG_T tagtype;
3918 SMB_ACL_PERMSET_T permset;
3919
3920 entry_id = SMB_ACL_NEXT_ENTRY;
3921
3922 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) ==-1)
3923 break;
3924
3925 if (tagtype == SMB_ACL_GROUP_OBJ) {
3926 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) {
3927 break;
3928 } else {
3929 *mode &= ~(S_IRGRP|S_IWGRP|S_IXGRP);
3930 *mode |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ) ? S_IRGRP : 0);
3931 *mode |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE) ? S_IWGRP : 0);
3932 *mode |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_EXECUTE) ? S_IXGRP : 0);
3933 result = 0;
3934 break;
3935 }
3936 }
3937 }
3938 SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
3939 return result;
3940 }
3941
3942 /****************************************************************************
3943 Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
3944 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
3945 ****************************************************************************/
3946
3947 static int chmod_acl_internals( connection_struct *conn, SMB_ACL_T posix_acl, mode_t mode)
3948 {
3949 int entry_id = SMB_ACL_FIRST_ENTRY;
3950 SMB_ACL_ENTRY_T entry;
3951 int num_entries = 0;
3952
3953 while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) {
3954 SMB_ACL_TAG_T tagtype;
3955 SMB_ACL_PERMSET_T permset;
3956 mode_t perms;
3957
3958 entry_id = SMB_ACL_NEXT_ENTRY;
3959
3960 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1)
3961 return -1;
3962
3963 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1)
3964 return -1;
3965
3966 num_entries++;
3967
3968 switch(tagtype) {
3969 case SMB_ACL_USER_OBJ:
3970 perms = unix_perms_to_acl_perms(mode, S_IRUSR, S_IWUSR, S_IXUSR);
3971 break;
3972 case SMB_ACL_GROUP_OBJ:
3973 perms = unix_perms_to_acl_perms(mode, S_IRGRP, S_IWGRP, S_IXGRP);
3974 break;
3975 case SMB_ACL_MASK:
3976 /*
3977 * FIXME: The ACL_MASK entry permissions should really be set to
3978 * the union of the permissions of all ACL_USER,
3979 * ACL_GROUP_OBJ, and ACL_GROUP entries. That's what
3980 * acl_calc_mask() does, but Samba ACLs doesn't provide it.
3981 */
3982 perms = S_IRUSR|S_IWUSR|S_IXUSR;
3983 break;
3984 case SMB_ACL_OTHER:
3985 perms = unix_perms_to_acl_perms(mode, S_IROTH, S_IWOTH, S_IXOTH);
3986 break;
3987 default:
3988 continue;
3989 }
3990
3991 if (map_acl_perms_to_permset(conn, perms, &permset) == -1)
3992 return -1;
3993
3994 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, entry, permset) == -1)
3995 return -1;
3996 }
3997
3998 /*
3999 * If this is a simple 3 element ACL or no elements then it's a standard
4000 * UNIX permission set. Just use chmod...
4001 */
4002
4003 if ((num_entries == 3) || (num_entries == 0))
4004 return -1;
4005
4006 return 0;
4007 }
4008
4009 /****************************************************************************
4010 Get the access ACL of FROM, do a chmod by setting the ACL USER_OBJ,
4011 GROUP_OBJ and OTHER bits in an ACL and set the mask to rwx. Set the
4012 resulting ACL on TO. Note that name is in UNIX character set.
4013 ****************************************************************************/
4014
4015 static int copy_access_posix_acl(connection_struct *conn, const char *from, const char *to, mode_t mode)
4016 {
4017 SMB_ACL_T posix_acl = NULL;
4018 int ret = -1;
4019
4020 if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, from, SMB_ACL_TYPE_ACCESS)) == NULL)
4021 return -1;
4022
4023 if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
4024 goto done;
4025
4026 ret = SMB_VFS_SYS_ACL_SET_FILE(conn, to, SMB_ACL_TYPE_ACCESS, posix_acl);
4027
4028 done:
4029
4030 SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
4031 return ret;
4032 }
4033
4034 /****************************************************************************
4035 Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4036 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4037 Note that name is in UNIX character set.
4038 ****************************************************************************/
4039
4040 int chmod_acl(connection_struct *conn, const char *name, mode_t mode)
4041 {
4042 return copy_access_posix_acl(conn, name, name, mode);
4043 }
4044
4045 /****************************************************************************
4046 Check for an existing default POSIX ACL on a directory.
4047 ****************************************************************************/
4048
4049 static bool directory_has_default_posix_acl(connection_struct *conn, const char *fname)
4050 {
4051 SMB_ACL_T def_acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, SMB_ACL_TYPE_DEFAULT);
4052 bool has_acl = False;
4053 SMB_ACL_ENTRY_T entry;
4054
4055 if (def_acl != NULL && (SMB_VFS_SYS_ACL_GET_ENTRY(conn, def_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1)) {
4056 has_acl = True;
4057 }
4058
4059 if (def_acl) {
4060 SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
4061 }
4062 return has_acl;
4063 }
4064
4065 /****************************************************************************
4066 If the parent directory has no default ACL but it does have an Access ACL,
4067 inherit this Access ACL to file name.
4068 ****************************************************************************/
4069
4070 int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir,
4071 const char *name, mode_t mode)
4072 {
4073 if (directory_has_default_posix_acl(conn, inherit_from_dir))
4074 return 0;
4075
4076 return copy_access_posix_acl(conn, inherit_from_dir, name, mode);
4077 }
4078
4079 /****************************************************************************
4080 Do an fchmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4081 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4082 ****************************************************************************/
4083
4084 int fchmod_acl(files_struct *fsp, mode_t mode)
4085 {
4086 connection_struct *conn = fsp->conn;
4087 SMB_ACL_T posix_acl = NULL;
4088 int ret = -1;
4089
4090 if ((posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp)) == NULL)
4091 return -1;
4092
4093 if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
4094 goto done;
4095
4096 ret = SMB_VFS_SYS_ACL_SET_FD(fsp, posix_acl);
4097
4098 done:
4099
4100 SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
4101 return ret;
4102 }
4103
4104 /****************************************************************************
4105 Map from wire type to permset.
4106 ****************************************************************************/
4107
4108 static bool unix_ex_wire_to_permset(connection_struct *conn, unsigned char wire_perm, SMB_ACL_PERMSET_T *p_permset)
4109 {
4110 if (wire_perm & ~(SMB_POSIX_ACL_READ|SMB_POSIX_ACL_WRITE|SMB_POSIX_ACL_EXECUTE)) {
4111 return False;
4112 }
4113
4114 if (SMB_VFS_SYS_ACL_CLEAR_PERMS(conn, *p_permset) == -1) {
4115 return False;
4116 }
4117
4118 if (wire_perm & SMB_POSIX_ACL_READ) {
4119 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_READ) == -1) {
4120 return False;
4121 }
4122 }
4123 if (wire_perm & SMB_POSIX_ACL_WRITE) {
4124 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_WRITE) == -1) {
4125 return False;
4126 }
4127 }
4128 if (wire_perm & SMB_POSIX_ACL_EXECUTE) {
4129 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_EXECUTE) == -1) {
4130 return False;
4131 }
4132 }
4133 return True;
4134 }
4135
4136 /****************************************************************************
4137 Map from wire type to tagtype.
4138 ****************************************************************************/
4139
4140 static bool unix_ex_wire_to_tagtype(unsigned char wire_tt, SMB_ACL_TAG_T *p_tt)
4141 {
4142 switch (wire_tt) {
4143 case SMB_POSIX_ACL_USER_OBJ:
4144 *p_tt = SMB_ACL_USER_OBJ;
4145 break;
4146 case SMB_POSIX_ACL_USER:
4147 *p_tt = SMB_ACL_USER;
4148 break;
4149 case SMB_POSIX_ACL_GROUP_OBJ:
4150 *p_tt = SMB_ACL_GROUP_OBJ;
4151 break;
4152 case SMB_POSIX_ACL_GROUP:
4153 *p_tt = SMB_ACL_GROUP;
4154 break;
4155 case SMB_POSIX_ACL_MASK:
4156 *p_tt = SMB_ACL_MASK;
4157 break;
4158 case SMB_POSIX_ACL_OTHER:
4159 *p_tt = SMB_ACL_OTHER;
4160 break;
4161 default:
4162 return False;
4163 }
4164 return True;
4165 }
4166
4167 /****************************************************************************
4168 Create a new POSIX acl from wire permissions.
4169 FIXME ! How does the share mask/mode fit into this.... ?
4170 ****************************************************************************/
4171
4172 static SMB_ACL_T create_posix_acl_from_wire(connection_struct *conn, uint16 num_acls, const char *pdata)
4173 {
4174 unsigned int i;
4175 SMB_ACL_T the_acl = SMB_VFS_SYS_ACL_INIT(conn, num_acls);
4176
4177 if (the_acl == NULL) {
4178 return NULL;
4179 }
4180
4181 for (i = 0; i < num_acls; i++) {
4182 SMB_ACL_ENTRY_T the_entry;
4183 SMB_ACL_PERMSET_T the_permset;
4184 SMB_ACL_TAG_T tag_type;
4185
4186 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &the_entry) == -1) {
4187 DEBUG(0,("create_posix_acl_from_wire: Failed to create entry %u. (%s)\n",
4188 i, strerror(errno) ));
4189 goto fail;
4190 }
4191
4192 if (!unix_ex_wire_to_tagtype(CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), &tag_type)) {
4193 DEBUG(0,("create_posix_acl_from_wire: invalid wire tagtype %u on entry %u.\n",
4194 CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), i ));
4195 goto fail;
4196 }
4197
4198 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, the_entry, tag_type) == -1) {
4199 DEBUG(0,("create_posix_acl_from_wire: Failed to set tagtype on entry %u. (%s)\n",
4200 i, strerror(errno) ));
4201 goto fail;
4202 }
4203
4204 /* Get the permset pointer from the new ACL entry. */
4205 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, the_entry, &the_permset) == -1) {
4206 DEBUG(0,("create_posix_acl_from_wire: Failed to get permset on entry %u. (%s)\n",
4207 i, strerror(errno) ));
4208 goto fail;
4209 }
4210
4211 /* Map from wire to permissions. */
4212 if (!unix_ex_wire_to_permset(conn, CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+1), &the_permset)) {
4213 DEBUG(0,("create_posix_acl_from_wire: invalid permset %u on entry %u.\n",
4214 CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE) + 1), i ));
4215 goto fail;
4216 }
4217
4218 /* Now apply to the new ACL entry. */
4219 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, the_entry, the_permset) == -1) {
4220 DEBUG(0,("create_posix_acl_from_wire: Failed to add permset on entry %u. (%s)\n",
4221 i, strerror(errno) ));
4222 goto fail;
4223 }
4224
4225 if (tag_type == SMB_ACL_USER) {
4226 uint32 uidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
4227 uid_t uid = (uid_t)uidval;
4228 if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&uid) == -1) {
4229 DEBUG(0,("create_posix_acl_from_wire: Failed to set uid %u on entry %u. (%s)\n",
4230 (unsigned int)uid, i, strerror(errno) ));
4231 goto fail;
4232 }
4233 }
4234
4235 if (tag_type == SMB_ACL_GROUP) {
4236 uint32 gidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
4237 gid_t gid = (uid_t)gidval;
4238 if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&gid) == -1) {
4239 DEBUG(0,("create_posix_acl_from_wire: Failed to set gid %u on entry %u. (%s)\n",
4240 (unsigned int)gid, i, strerror(errno) ));
4241 goto fail;
4242 }
4243 }
4244 }
4245
4246 return the_acl;
4247
4248 fail:
4249
4250 if (the_acl != NULL) {
4251 SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
4252 }
4253 return NULL;
4254 }
4255
4256 /****************************************************************************
4257 Calls from UNIX extensions - Default POSIX ACL set.
4258 If num_def_acls == 0 and not a directory just return. If it is a directory
4259 and num_def_acls == 0 then remove the default acl. Else set the default acl
4260 on the directory.
4261 ****************************************************************************/
4262
4263 bool set_unix_posix_default_acl(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf,
4264 uint16 num_def_acls, const char *pdata)
4265 {
4266 SMB_ACL_T def_acl = NULL;
4267
4268 if (!S_ISDIR(psbuf->st_mode)) {
4269 if (num_def_acls) {
4270 DEBUG(5,("set_unix_posix_default_acl: Can't set default ACL on non-directory file %s\n", fname ));
4271 errno = EISDIR;
4272 return False;
4273 } else {
4274 return True;
4275 }
4276 }
4277
4278 if (!num_def_acls) {
4279 /* Remove the default ACL. */
4280 if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fname) == -1) {
4281 DEBUG(5,("set_unix_posix_default_acl: acl_delete_def_file failed on directory %s (%s)\n",
4282 fname, strerror(errno) ));
4283 return False;
4284 }
4285 return True;
4286 }
4287
4288 if ((def_acl = create_posix_acl_from_wire(conn, num_def_acls, pdata)) == NULL) {
4289 return False;
4290 }
4291
4292 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_DEFAULT, def_acl) == -1) {
4293 DEBUG(5,("set_unix_posix_default_acl: acl_set_file failed on directory %s (%s)\n",
4294 fname, strerror(errno) ));
4295 SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
4296 return False;
4297 }
4298
4299 DEBUG(10,("set_unix_posix_default_acl: set default acl for file %s\n", fname ));
4300 SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
4301 return True;
4302 }
4303
4304 /****************************************************************************
4305 Remove an ACL from a file. As we don't have acl_delete_entry() available
4306 we must read the current acl and copy all entries except MASK, USER and GROUP
4307 to a new acl, then set that. This (at least on Linux) causes any ACL to be
4308 removed.
4309 FIXME ! How does the share mask/mode fit into this.... ?
4310 ****************************************************************************/
4311
4312 static bool remove_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname)
4313 {
4314 SMB_ACL_T file_acl = NULL;
4315 int entry_id = SMB_ACL_FIRST_ENTRY;
4316 SMB_ACL_ENTRY_T entry;
4317 bool ret = False;
4318 /* Create a new ACL with only 3 entries, u/g/w. */
4319 SMB_ACL_T new_file_acl = SMB_VFS_SYS_ACL_INIT(conn, 3);
4320 SMB_ACL_ENTRY_T user_ent = NULL;
4321 SMB_ACL_ENTRY_T group_ent = NULL;
4322 SMB_ACL_ENTRY_T other_ent = NULL;
4323
4324 if (new_file_acl == NULL) {
4325 DEBUG(5,("remove_posix_acl: failed to init new ACL with 3 entries for file %s.\n", fname));
4326 return False;
4327 }
4328
4329 /* Now create the u/g/w entries. */
4330 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &user_ent) == -1) {
4331 DEBUG(5,("remove_posix_acl: Failed to create user entry for file %s. (%s)\n",
4332 fname, strerror(errno) ));
4333 goto done;
4334 }
4335 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, user_ent, SMB_ACL_USER_OBJ) == -1) {
4336 DEBUG(5,("remove_posix_acl: Failed to set user entry for file %s. (%s)\n",
4337 fname, strerror(errno) ));
4338 goto done;
4339 }
4340
4341 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &group_ent) == -1) {
4342 DEBUG(5,("remove_posix_acl: Failed to create group entry for file %s. (%s)\n",
4343 fname, strerror(errno) ));
4344 goto done;
4345 }
4346 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, group_ent, SMB_ACL_GROUP_OBJ) == -1) {
4347 DEBUG(5,("remove_posix_acl: Failed to set group entry for file %s. (%s)\n",
4348 fname, strerror(errno) ));
4349 goto done;
4350 }
4351
4352 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &other_ent) == -1) {
4353 DEBUG(5,("remove_posix_acl: Failed to create other entry for file %s. (%s)\n",
4354 fname, strerror(errno) ));
4355 goto done;
4356 }
4357 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, other_ent, SMB_ACL_OTHER) == -1) {
4358 DEBUG(5,("remove_posix_acl: Failed to set other entry for file %s. (%s)\n",
4359 fname, strerror(errno) ));
4360 goto done;
4361 }
4362
4363 /* Get the current file ACL. */
4364 if (fsp && fsp->fh->fd != -1) {
4365 file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
4366 } else {
4367 file_acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, SMB_ACL_TYPE_ACCESS);
4368 }
4369
4370 if (file_acl == NULL) {
4371 /* This is only returned if an error occurred. Even for a file with
4372 no acl a u/g/w acl should be returned. */
4373 DEBUG(5,("remove_posix_acl: failed to get ACL from file %s (%s).\n",
4374 fname, strerror(errno) ));
4375 goto done;
4376 }
4377
4378 while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, file_acl, entry_id, &entry) == 1) {
4379 SMB_ACL_TAG_T tagtype;
4380 SMB_ACL_PERMSET_T permset;
4381
4382 entry_id = SMB_ACL_NEXT_ENTRY;
4383
4384 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1) {
4385 DEBUG(5,("remove_posix_acl: failed to get tagtype from ACL on file %s (%s).\n",
4386 fname, strerror(errno) ));
4387 goto done;
4388 }
4389
4390 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) {
4391 DEBUG(5,("remove_posix_acl: failed to get permset from ACL on file %s (%s).\n",
4392 fname, strerror(errno) ));
4393 goto done;
4394 }
4395
4396 if (tagtype == SMB_ACL_USER_OBJ) {
4397 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, user_ent, permset) == -1) {
4398 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4399 fname, strerror(errno) ));
4400 }
4401 } else if (tagtype == SMB_ACL_GROUP_OBJ) {
4402 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, group_ent, permset) == -1) {
4403 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4404 fname, strerror(errno) ));
4405 }
4406 } else if (tagtype == SMB_ACL_OTHER) {
4407 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, other_ent, permset) == -1) {
4408 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4409 fname, strerror(errno) ));
4410 }
4411 }
4412 }
4413
4414 /* Set the new empty file ACL. */
4415 if (fsp && fsp->fh->fd != -1) {
4416 if (SMB_VFS_SYS_ACL_SET_FD(fsp, new_file_acl) == -1) {
4417 DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
4418 fname, strerror(errno) ));
4419 goto done;
4420 }
4421 } else {
4422 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, new_file_acl) == -1) {
4423 DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
4424 fname, strerror(errno) ));
4425 goto done;
4426 }
4427 }
4428
4429 ret = True;
4430
4431 done:
4432
4433 if (file_acl) {
4434 SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
4435 }
4436 if (new_file_acl) {
4437 SMB_VFS_SYS_ACL_FREE_ACL(conn, new_file_acl);
4438 }
4439 return ret;
4440 }
4441
4442 /****************************************************************************
4443 Calls from UNIX extensions - POSIX ACL set.
4444 If num_def_acls == 0 then read/modify/write acl after removing all entries
4445 except SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER.
4446 ****************************************************************************/
4447
4448 bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata)
4449 {
4450 SMB_ACL_T file_acl = NULL;
4451
4452 if (!num_acls) {
4453 /* Remove the ACL from the file. */
4454 return remove_posix_acl(conn, fsp, fname);
4455 }
4456
4457 if ((file_acl = create_posix_acl_from_wire(conn, num_acls, pdata)) == NULL) {
4458 return False;
4459 }
4460
4461 if (fsp && fsp->fh->fd != -1) {
4462 /* The preferred way - use an open fd. */
4463 if (SMB_VFS_SYS_ACL_SET_FD(fsp, file_acl) == -1) {
4464 DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
4465 fname, strerror(errno) ));
4466 SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
4467 return False;
4468 }
4469 } else {
4470 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, file_acl) == -1) {
4471 DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
4472 fname, strerror(errno) ));
4473 SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
4474 return False;
4475 }
4476 }
4477
4478 DEBUG(10,("set_unix_posix_acl: set acl for file %s\n", fname ));
4479 SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
4480 return True;
4481 }
4482
4483 /********************************************************************
4484 Pull the NT ACL from a file on disk or the OpenEventlog() access
4485 check. Caller is responsible for freeing the returned security
4486 descriptor via TALLOC_FREE(). This is designed for dealing with
4487 user space access checks in smbd outside of the VFS. For example,
4488 checking access rights in OpenEventlog().
4489
4490 Assume we are dealing with files (for now)
4491 ********************************************************************/
4492
4493 SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
4494 {
4495 SEC_DESC *psd, *ret_sd;
4496 connection_struct *conn;
4497 files_struct finfo;
4498 struct fd_handle fh;
4499
4500 conn = TALLOC_ZERO_P(ctx, connection_struct);
4501 if (conn == NULL) {
4502 DEBUG(0, ("talloc failed\n"));
4503 return NULL;
4504 }
4505
4506 if (!(conn->params = TALLOC_P(conn, struct share_params))) {
4507 DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n"));
4508 TALLOC_FREE(conn);
4509 return NULL;
4510 }
4511
4512 conn->params->service = -1;
4513
4514 set_conn_connectpath(conn, "/");
4515
4516 if (!smbd_vfs_init(conn)) {
4517 DEBUG(0,("get_nt_acl_no_snum: Unable to create a fake connection struct!\n"));
4518 conn_free_internal( conn );
4519 return NULL;
4520 }
4521
4522 ZERO_STRUCT( finfo );
4523 ZERO_STRUCT( fh );
4524
4525 finfo.fnum = -1;
4526 finfo.conn = conn;
4527 finfo.fh = &fh;
4528 finfo.fh->fd = -1;
4529 finfo.fsp_name = CONST_DISCARD(char *,fname);
4530
4531 if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, DACL_SECURITY_INFORMATION, &psd))) {
4532 DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
4533 conn_free_internal( conn );
4534 return NULL;
4535 }
4536
4537 ret_sd = dup_sec_desc( ctx, psd );
4538
4539 conn_free_internal( conn );
4540
4541 return ret_sd;
4542 }
reg import