search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_A...
[Samba/gebeck_regimport.git] / source3 / smbd / posix_acls.c
blobb00f1ec1bcfec482022951305856641dab5b3dbc
1 /*
2 Unix SMB/CIFS implementation.
3 SMB NT Security Descriptor / Unix permission conversion.
4 Copyright (C) Jeremy Allison 1994-2009.
5 Copyright (C) Andreas Gruenbacher 2002.
6 Copyright (C) Simo Sorce <idra@samba.org> 2009.
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "smbd/smbd.h"
24 #include "system/filesys.h"
25 #include "../libcli/security/security.h"
26 #include "trans2.h"
27 #include "passdb/lookup_sid.h"
28 #include "auth.h"
29 #include "../librpc/gen_ndr/idmap.h"
30 #include "lib/param/loadparm.h"
31
32 extern const struct generic_mapping file_generic_mapping;
33
34 #undef DBGC_CLASS
35 #define DBGC_CLASS DBGC_ACLS
36
37 /****************************************************************************
38 Data structures representing the internal ACE format.
39 ****************************************************************************/
40
41 enum ace_owner {UID_ACE, GID_ACE, WORLD_ACE};
42 enum ace_attribute {ALLOW_ACE, DENY_ACE}; /* Used for incoming NT ACLS. */
43
44 typedef struct canon_ace {
45 struct canon_ace *next, *prev;
46 SMB_ACL_TAG_T type;
47 mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
48 struct dom_sid trustee;
49 enum ace_owner owner_type;
50 enum ace_attribute attr;
51 struct unixid unix_ug;
52 uint8_t ace_flags; /* From windows ACE entry. */
53 } canon_ace;
54
55 #define ALL_ACE_PERMS (S_IRUSR|S_IWUSR|S_IXUSR)
56
57 /*
58 * EA format of user.SAMBA_PAI (Samba_Posix_Acl_Interitance)
59 * attribute on disk - version 1.
60 * All values are little endian.
61 *
62 * | 1 | 1 | 2 | 2 | ....
63 * +------+------+-------------+---------------------+-------------+--------------------+
64 * | vers | flag | num_entries | num_default_entries | ..entries.. | default_entries... |
65 * +------+------+-------------+---------------------+-------------+--------------------+
66 *
67 * Entry format is :
68 *
69 * | 1 | 4 |
70 * +------+-------------------+
71 * | value| uid/gid or world |
72 * | type | value |
73 * +------+-------------------+
74 *
75 * Version 2 format. Stores extra Windows metadata about an ACL.
76 *
77 * | 1 | 2 | 2 | 2 | ....
78 * +------+----------+-------------+---------------------+-------------+--------------------+
79 * | vers | ace | num_entries | num_default_entries | ..entries.. | default_entries... |
80 * | 2 | type | | | | |
81 * +------+----------+-------------+---------------------+-------------+--------------------+
82 *
83 * Entry format is :
84 *
85 * | 1 | 1 | 4 |
86 * +------+------+-------------------+
87 * | ace | value| uid/gid or world |
88 * | flag | type | value |
89 * +------+-------------------+------+
90 *
91 */
92
93 #define PAI_VERSION_OFFSET 0
94
95 #define PAI_V1_FLAG_OFFSET 1
96 #define PAI_V1_NUM_ENTRIES_OFFSET 2
97 #define PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET 4
98 #define PAI_V1_ENTRIES_BASE 6
99 #define PAI_V1_ACL_FLAG_PROTECTED 0x1
100 #define PAI_V1_ENTRY_LENGTH 5
101
102 #define PAI_V1_VERSION 1
103
104 #define PAI_V2_TYPE_OFFSET 1
105 #define PAI_V2_NUM_ENTRIES_OFFSET 3
106 #define PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET 5
107 #define PAI_V2_ENTRIES_BASE 7
108 #define PAI_V2_ENTRY_LENGTH 6
109
110 #define PAI_V2_VERSION 2
111
112 /*
113 * In memory format of user.SAMBA_PAI attribute.
114 */
115
116 struct pai_entry {
117 struct pai_entry *next, *prev;
118 uint8_t ace_flags;
119 enum ace_owner owner_type;
120 struct unixid unix_ug;
121 };
122
123 struct pai_val {
124 uint16_t sd_type;
125 unsigned int num_entries;
126 struct pai_entry *entry_list;
127 unsigned int num_def_entries;
128 struct pai_entry *def_entry_list;
129 };
130
131 /************************************************************************
132 Return a uint32 of the pai_entry principal.
133 ************************************************************************/
134
135 static uint32_t get_pai_entry_val(struct pai_entry *paie)
136 {
137 switch (paie->owner_type) {
138 case UID_ACE:
139 DEBUG(10,("get_pai_entry_val: uid = %u\n", (unsigned int)paie->unix_ug.id ));
140 return (uint32_t)paie->unix_ug.id;
141 case GID_ACE:
142 DEBUG(10,("get_pai_entry_val: gid = %u\n", (unsigned int)paie->unix_ug.id ));
143 return (uint32_t)paie->unix_ug.id;
144 case WORLD_ACE:
145 default:
146 DEBUG(10,("get_pai_entry_val: world ace\n"));
147 return (uint32_t)-1;
148 }
149 }
150
151 /************************************************************************
152 Return a uint32 of the entry principal.
153 ************************************************************************/
154
155 static uint32_t get_entry_val(canon_ace *ace_entry)
156 {
157 switch (ace_entry->owner_type) {
158 case UID_ACE:
159 DEBUG(10,("get_entry_val: uid = %u\n", (unsigned int)ace_entry->unix_ug.id ));
160 return (uint32_t)ace_entry->unix_ug.id;
161 case GID_ACE:
162 DEBUG(10,("get_entry_val: gid = %u\n", (unsigned int)ace_entry->unix_ug.id ));
163 return (uint32_t)ace_entry->unix_ug.id;
164 case WORLD_ACE:
165 default:
166 DEBUG(10,("get_entry_val: world ace\n"));
167 return (uint32_t)-1;
168 }
169 }
170
171 /************************************************************************
172 Create the on-disk format (always v2 now). Caller must free.
173 ************************************************************************/
174
175 static char *create_pai_buf_v2(canon_ace *file_ace_list,
176 canon_ace *dir_ace_list,
177 uint16_t sd_type,
178 size_t *store_size)
179 {
180 char *pai_buf = NULL;
181 canon_ace *ace_list = NULL;
182 char *entry_offset = NULL;
183 unsigned int num_entries = 0;
184 unsigned int num_def_entries = 0;
185 unsigned int i;
186
187 for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
188 num_entries++;
189 }
190
191 for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
192 num_def_entries++;
193 }
194
195 DEBUG(10,("create_pai_buf_v2: num_entries = %u, num_def_entries = %u\n", num_entries, num_def_entries ));
196
197 *store_size = PAI_V2_ENTRIES_BASE +
198 ((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH);
199
200 pai_buf = talloc_array(talloc_tos(), char, *store_size);
201 if (!pai_buf) {
202 return NULL;
203 }
204
205 /* Set up the header. */
206 memset(pai_buf, '\0', PAI_V2_ENTRIES_BASE);
207 SCVAL(pai_buf,PAI_VERSION_OFFSET,PAI_V2_VERSION);
208 SSVAL(pai_buf,PAI_V2_TYPE_OFFSET, sd_type);
209 SSVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET,num_entries);
210 SSVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET,num_def_entries);
211
212 DEBUG(10,("create_pai_buf_v2: sd_type = 0x%x\n",
213 (unsigned int)sd_type ));
214
215 entry_offset = pai_buf + PAI_V2_ENTRIES_BASE;
216
217 i = 0;
218 for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
219 uint8_t type_val = (uint8_t)ace_list->owner_type;
220 uint32_t entry_val = get_entry_val(ace_list);
221
222 SCVAL(entry_offset,0,ace_list->ace_flags);
223 SCVAL(entry_offset,1,type_val);
224 SIVAL(entry_offset,2,entry_val);
225 DEBUG(10,("create_pai_buf_v2: entry %u [0x%x] [0x%x] [0x%x]\n",
226 i,
227 (unsigned int)ace_list->ace_flags,
228 (unsigned int)type_val,
229 (unsigned int)entry_val ));
230 i++;
231 entry_offset += PAI_V2_ENTRY_LENGTH;
232 }
233
234 for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
235 uint8_t type_val = (uint8_t)ace_list->owner_type;
236 uint32_t entry_val = get_entry_val(ace_list);
237
238 SCVAL(entry_offset,0,ace_list->ace_flags);
239 SCVAL(entry_offset,1,type_val);
240 SIVAL(entry_offset,2,entry_val);
241 DEBUG(10,("create_pai_buf_v2: entry %u [0x%x] [0x%x] [0x%x]\n",
242 i,
243 (unsigned int)ace_list->ace_flags,
244 (unsigned int)type_val,
245 (unsigned int)entry_val ));
246 i++;
247 entry_offset += PAI_V2_ENTRY_LENGTH;
248 }
249
250 return pai_buf;
251 }
252
253 /************************************************************************
254 Store the user.SAMBA_PAI attribute on disk.
255 ************************************************************************/
256
257 static void store_inheritance_attributes(files_struct *fsp,
258 canon_ace *file_ace_list,
259 canon_ace *dir_ace_list,
260 uint16_t sd_type)
261 {
262 int ret;
263 size_t store_size;
264 char *pai_buf;
265
266 if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
267 return;
268 }
269
270 pai_buf = create_pai_buf_v2(file_ace_list, dir_ace_list,
271 sd_type, &store_size);
272
273 if (fsp->fh->fd != -1) {
274 ret = SMB_VFS_FSETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
275 pai_buf, store_size, 0);
276 } else {
277 ret = SMB_VFS_SETXATTR(fsp->conn, fsp->fsp_name->base_name,
278 SAMBA_POSIX_INHERITANCE_EA_NAME,
279 pai_buf, store_size, 0);
280 }
281
282 TALLOC_FREE(pai_buf);
283
284 DEBUG(10,("store_inheritance_attribute: type 0x%x for file %s\n",
285 (unsigned int)sd_type,
286 fsp_str_dbg(fsp)));
287
288 if (ret == -1 && !no_acl_syscall_error(errno)) {
289 DEBUG(1,("store_inheritance_attribute: Error %s\n", strerror(errno) ));
290 }
291 }
292
293 /************************************************************************
294 Delete the in memory inheritance info.
295 ************************************************************************/
296
297 static void free_inherited_info(struct pai_val *pal)
298 {
299 if (pal) {
300 struct pai_entry *paie, *paie_next;
301 for (paie = pal->entry_list; paie; paie = paie_next) {
302 paie_next = paie->next;
303 TALLOC_FREE(paie);
304 }
305 for (paie = pal->def_entry_list; paie; paie = paie_next) {
306 paie_next = paie->next;
307 TALLOC_FREE(paie);
308 }
309 TALLOC_FREE(pal);
310 }
311 }
312
313 /************************************************************************
314 Get any stored ACE flags.
315 ************************************************************************/
316
317 static uint16_t get_pai_flags(struct pai_val *pal, canon_ace *ace_entry, bool default_ace)
318 {
319 struct pai_entry *paie;
320
321 if (!pal) {
322 return 0;
323 }
324
325 /* If the entry exists it is inherited. */
326 for (paie = (default_ace ? pal->def_entry_list : pal->entry_list); paie; paie = paie->next) {
327 if (ace_entry->owner_type == paie->owner_type &&
328 get_entry_val(ace_entry) == get_pai_entry_val(paie))
329 return paie->ace_flags;
330 }
331 return 0;
332 }
333
334 /************************************************************************
335 Ensure an attribute just read is valid - v1.
336 ************************************************************************/
337
338 static bool check_pai_ok_v1(const char *pai_buf, size_t pai_buf_data_size)
339 {
340 uint16 num_entries;
341 uint16 num_def_entries;
342
343 if (pai_buf_data_size < PAI_V1_ENTRIES_BASE) {
344 /* Corrupted - too small. */
345 return false;
346 }
347
348 if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V1_VERSION) {
349 return false;
350 }
351
352 num_entries = SVAL(pai_buf,PAI_V1_NUM_ENTRIES_OFFSET);
353 num_def_entries = SVAL(pai_buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
354
355 /* Check the entry lists match. */
356 /* Each entry is 5 bytes (type plus 4 bytes of uid or gid). */
357
358 if (((num_entries + num_def_entries)*PAI_V1_ENTRY_LENGTH) +
359 PAI_V1_ENTRIES_BASE != pai_buf_data_size) {
360 return false;
361 }
362
363 return true;
364 }
365
366 /************************************************************************
367 Ensure an attribute just read is valid - v2.
368 ************************************************************************/
369
370 static bool check_pai_ok_v2(const char *pai_buf, size_t pai_buf_data_size)
371 {
372 uint16 num_entries;
373 uint16 num_def_entries;
374
375 if (pai_buf_data_size < PAI_V2_ENTRIES_BASE) {
376 /* Corrupted - too small. */
377 return false;
378 }
379
380 if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V2_VERSION) {
381 return false;
382 }
383
384 num_entries = SVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET);
385 num_def_entries = SVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
386
387 /* Check the entry lists match. */
388 /* Each entry is 6 bytes (flags + type + 4 bytes of uid or gid). */
389
390 if (((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH) +
391 PAI_V2_ENTRIES_BASE != pai_buf_data_size) {
392 return false;
393 }
394
395 return true;
396 }
397
398 /************************************************************************
399 Decode the owner.
400 ************************************************************************/
401
402 static bool get_pai_owner_type(struct pai_entry *paie, const char *entry_offset)
403 {
404 paie->owner_type = (enum ace_owner)CVAL(entry_offset,0);
405 switch( paie->owner_type) {
406 case UID_ACE:
407 paie->unix_ug.type = ID_TYPE_UID;
408 paie->unix_ug.id = (uid_t)IVAL(entry_offset,1);
409 DEBUG(10,("get_pai_owner_type: uid = %u\n",
410 (unsigned int)paie->unix_ug.id ));
411 break;
412 case GID_ACE:
413 paie->unix_ug.type = ID_TYPE_GID;
414 paie->unix_ug.id = (gid_t)IVAL(entry_offset,1);
415 DEBUG(10,("get_pai_owner_type: gid = %u\n",
416 (unsigned int)paie->unix_ug.id ));
417 break;
418 case WORLD_ACE:
419 paie->unix_ug.type = ID_TYPE_NOT_SPECIFIED;
420 paie->unix_ug.id = -1;
421 DEBUG(10,("get_pai_owner_type: world ace\n"));
422 break;
423 default:
424 DEBUG(10,("get_pai_owner_type: unknown type %u\n",
425 (unsigned int)paie->owner_type ));
426 return false;
427 }
428 return true;
429 }
430
431 /************************************************************************
432 Process v2 entries.
433 ************************************************************************/
434
435 static const char *create_pai_v1_entries(struct pai_val *paiv,
436 const char *entry_offset,
437 bool def_entry)
438 {
439 int i;
440
441 for (i = 0; i < paiv->num_entries; i++) {
442 struct pai_entry *paie = talloc(talloc_tos(), struct pai_entry);
443 if (!paie) {
444 return NULL;
445 }
446
447 paie->ace_flags = SEC_ACE_FLAG_INHERITED_ACE;
448 if (!get_pai_owner_type(paie, entry_offset)) {
449 TALLOC_FREE(paie);
450 return NULL;
451 }
452
453 if (!def_entry) {
454 DLIST_ADD(paiv->entry_list, paie);
455 } else {
456 DLIST_ADD(paiv->def_entry_list, paie);
457 }
458 entry_offset += PAI_V1_ENTRY_LENGTH;
459 }
460 return entry_offset;
461 }
462
463 /************************************************************************
464 Convert to in-memory format from version 1.
465 ************************************************************************/
466
467 static struct pai_val *create_pai_val_v1(const char *buf, size_t size)
468 {
469 const char *entry_offset;
470 struct pai_val *paiv = NULL;
471
472 if (!check_pai_ok_v1(buf, size)) {
473 return NULL;
474 }
475
476 paiv = talloc(talloc_tos(), struct pai_val);
477 if (!paiv) {
478 return NULL;
479 }
480
481 memset(paiv, '\0', sizeof(struct pai_val));
482
483 paiv->sd_type = (CVAL(buf,PAI_V1_FLAG_OFFSET) == PAI_V1_ACL_FLAG_PROTECTED) ?
484 SEC_DESC_DACL_PROTECTED : 0;
485
486 paiv->num_entries = SVAL(buf,PAI_V1_NUM_ENTRIES_OFFSET);
487 paiv->num_def_entries = SVAL(buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
488
489 entry_offset = buf + PAI_V1_ENTRIES_BASE;
490
491 DEBUG(10,("create_pai_val: num_entries = %u, num_def_entries = %u\n",
492 paiv->num_entries, paiv->num_def_entries ));
493
494 entry_offset = create_pai_v1_entries(paiv, entry_offset, false);
495 if (entry_offset == NULL) {
496 free_inherited_info(paiv);
497 return NULL;
498 }
499 entry_offset = create_pai_v1_entries(paiv, entry_offset, true);
500 if (entry_offset == NULL) {
501 free_inherited_info(paiv);
502 return NULL;
503 }
504
505 return paiv;
506 }
507
508 /************************************************************************
509 Process v2 entries.
510 ************************************************************************/
511
512 static const char *create_pai_v2_entries(struct pai_val *paiv,
513 unsigned int num_entries,
514 const char *entry_offset,
515 bool def_entry)
516 {
517 unsigned int i;
518
519 for (i = 0; i < num_entries; i++) {
520 struct pai_entry *paie = talloc(talloc_tos(), struct pai_entry);
521 if (!paie) {
522 return NULL;
523 }
524
525 paie->ace_flags = CVAL(entry_offset,0);
526
527 if (!get_pai_owner_type(paie, entry_offset+1)) {
528 TALLOC_FREE(paie);
529 return NULL;
530 }
531 if (!def_entry) {
532 DLIST_ADD(paiv->entry_list, paie);
533 } else {
534 DLIST_ADD(paiv->def_entry_list, paie);
535 }
536 entry_offset += PAI_V2_ENTRY_LENGTH;
537 }
538 return entry_offset;
539 }
540
541 /************************************************************************
542 Convert to in-memory format from version 2.
543 ************************************************************************/
544
545 static struct pai_val *create_pai_val_v2(const char *buf, size_t size)
546 {
547 const char *entry_offset;
548 struct pai_val *paiv = NULL;
549
550 if (!check_pai_ok_v2(buf, size)) {
551 return NULL;
552 }
553
554 paiv = talloc(talloc_tos(), struct pai_val);
555 if (!paiv) {
556 return NULL;
557 }
558
559 memset(paiv, '\0', sizeof(struct pai_val));
560
561 paiv->sd_type = SVAL(buf,PAI_V2_TYPE_OFFSET);
562
563 paiv->num_entries = SVAL(buf,PAI_V2_NUM_ENTRIES_OFFSET);
564 paiv->num_def_entries = SVAL(buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
565
566 entry_offset = buf + PAI_V2_ENTRIES_BASE;
567
568 DEBUG(10,("create_pai_val_v2: sd_type = 0x%x num_entries = %u, num_def_entries = %u\n",
569 (unsigned int)paiv->sd_type,
570 paiv->num_entries, paiv->num_def_entries ));
571
572 entry_offset = create_pai_v2_entries(paiv, paiv->num_entries,
573 entry_offset, false);
574 if (entry_offset == NULL) {
575 free_inherited_info(paiv);
576 return NULL;
577 }
578 entry_offset = create_pai_v2_entries(paiv, paiv->num_def_entries,
579 entry_offset, true);
580 if (entry_offset == NULL) {
581 free_inherited_info(paiv);
582 return NULL;
583 }
584
585 return paiv;
586 }
587
588 /************************************************************************
589 Convert to in-memory format - from either version 1 or 2.
590 ************************************************************************/
591
592 static struct pai_val *create_pai_val(const char *buf, size_t size)
593 {
594 if (size < 1) {
595 return NULL;
596 }
597 if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V1_VERSION) {
598 return create_pai_val_v1(buf, size);
599 } else if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V2_VERSION) {
600 return create_pai_val_v2(buf, size);
601 } else {
602 return NULL;
603 }
604 }
605
606 /************************************************************************
607 Load the user.SAMBA_PAI attribute.
608 ************************************************************************/
609
610 static struct pai_val *fload_inherited_info(files_struct *fsp)
611 {
612 char *pai_buf;
613 size_t pai_buf_size = 1024;
614 struct pai_val *paiv = NULL;
615 ssize_t ret;
616
617 if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
618 return NULL;
619 }
620
621 if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL) {
622 return NULL;
623 }
624
625 do {
626 if (fsp->fh->fd != -1) {
627 ret = SMB_VFS_FGETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
628 pai_buf, pai_buf_size);
629 } else {
630 ret = SMB_VFS_GETXATTR(fsp->conn,
631 fsp->fsp_name->base_name,
632 SAMBA_POSIX_INHERITANCE_EA_NAME,
633 pai_buf, pai_buf_size);
634 }
635
636 if (ret == -1) {
637 if (errno != ERANGE) {
638 break;
639 }
640 /* Buffer too small - enlarge it. */
641 pai_buf_size *= 2;
642 TALLOC_FREE(pai_buf);
643 if (pai_buf_size > 1024*1024) {
644 return NULL; /* Limit malloc to 1mb. */
645 }
646 if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL)
647 return NULL;
648 }
649 } while (ret == -1);
650
651 DEBUG(10,("load_inherited_info: ret = %lu for file %s\n",
652 (unsigned long)ret, fsp_str_dbg(fsp)));
653
654 if (ret == -1) {
655 /* No attribute or not supported. */
656 #if defined(ENOATTR)
657 if (errno != ENOATTR)
658 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
659 #else
660 if (errno != ENOSYS)
661 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
662 #endif
663 TALLOC_FREE(pai_buf);
664 return NULL;
665 }
666
667 paiv = create_pai_val(pai_buf, ret);
668
669 if (paiv) {
670 DEBUG(10,("load_inherited_info: ACL type is 0x%x for file %s\n",
671 (unsigned int)paiv->sd_type, fsp_str_dbg(fsp)));
672 }
673
674 TALLOC_FREE(pai_buf);
675 return paiv;
676 }
677
678 /************************************************************************
679 Load the user.SAMBA_PAI attribute.
680 ************************************************************************/
681
682 static struct pai_val *load_inherited_info(const struct connection_struct *conn,
683 const char *fname)
684 {
685 char *pai_buf;
686 size_t pai_buf_size = 1024;
687 struct pai_val *paiv = NULL;
688 ssize_t ret;
689
690 if (!lp_map_acl_inherit(SNUM(conn))) {
691 return NULL;
692 }
693
694 if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL) {
695 return NULL;
696 }
697
698 do {
699 ret = SMB_VFS_GETXATTR(conn, fname,
700 SAMBA_POSIX_INHERITANCE_EA_NAME,
701 pai_buf, pai_buf_size);
702
703 if (ret == -1) {
704 if (errno != ERANGE) {
705 break;
706 }
707 /* Buffer too small - enlarge it. */
708 pai_buf_size *= 2;
709 TALLOC_FREE(pai_buf);
710 if (pai_buf_size > 1024*1024) {
711 return NULL; /* Limit malloc to 1mb. */
712 }
713 if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL)
714 return NULL;
715 }
716 } while (ret == -1);
717
718 DEBUG(10,("load_inherited_info: ret = %lu for file %s\n", (unsigned long)ret, fname));
719
720 if (ret == -1) {
721 /* No attribute or not supported. */
722 #if defined(ENOATTR)
723 if (errno != ENOATTR)
724 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
725 #else
726 if (errno != ENOSYS)
727 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
728 #endif
729 TALLOC_FREE(pai_buf);
730 return NULL;
731 }
732
733 paiv = create_pai_val(pai_buf, ret);
734
735 if (paiv) {
736 DEBUG(10,("load_inherited_info: ACL type 0x%x for file %s\n",
737 (unsigned int)paiv->sd_type,
738 fname));
739 }
740
741 TALLOC_FREE(pai_buf);
742 return paiv;
743 }
744
745 /****************************************************************************
746 Functions to manipulate the internal ACE format.
747 ****************************************************************************/
748
749 /****************************************************************************
750 Count a linked list of canonical ACE entries.
751 ****************************************************************************/
752
753 static size_t count_canon_ace_list( canon_ace *l_head )
754 {
755 size_t count = 0;
756 canon_ace *ace;
757
758 for (ace = l_head; ace; ace = ace->next)
759 count++;
760
761 return count;
762 }
763
764 /****************************************************************************
765 Free a linked list of canonical ACE entries.
766 ****************************************************************************/
767
768 static void free_canon_ace_list( canon_ace *l_head )
769 {
770 canon_ace *list, *next;
771
772 for (list = l_head; list; list = next) {
773 next = list->next;
774 DLIST_REMOVE(l_head, list);
775 TALLOC_FREE(list);
776 }
777 }
778
779 /****************************************************************************
780 Function to duplicate a canon_ace entry.
781 ****************************************************************************/
782
783 static canon_ace *dup_canon_ace( canon_ace *src_ace)
784 {
785 canon_ace *dst_ace = talloc(talloc_tos(), canon_ace);
786
787 if (dst_ace == NULL)
788 return NULL;
789
790 *dst_ace = *src_ace;
791 dst_ace->prev = dst_ace->next = NULL;
792 return dst_ace;
793 }
794
795 /****************************************************************************
796 Print out a canon ace.
797 ****************************************************************************/
798
799 static void print_canon_ace(canon_ace *pace, int num)
800 {
801 dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
802 dbgtext( "SID = %s ", sid_string_dbg(&pace->trustee));
803 if (pace->owner_type == UID_ACE) {
804 const char *u_name = uidtoname(pace->unix_ug.id);
805 dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.id, u_name );
806 } else if (pace->owner_type == GID_ACE) {
807 char *g_name = gidtoname(pace->unix_ug.id);
808 dbgtext( "gid %u (%s) ", (unsigned int)pace->unix_ug.id, g_name );
809 } else
810 dbgtext( "other ");
811 switch (pace->type) {
812 case SMB_ACL_USER:
813 dbgtext( "SMB_ACL_USER ");
814 break;
815 case SMB_ACL_USER_OBJ:
816 dbgtext( "SMB_ACL_USER_OBJ ");
817 break;
818 case SMB_ACL_GROUP:
819 dbgtext( "SMB_ACL_GROUP ");
820 break;
821 case SMB_ACL_GROUP_OBJ:
822 dbgtext( "SMB_ACL_GROUP_OBJ ");
823 break;
824 case SMB_ACL_OTHER:
825 dbgtext( "SMB_ACL_OTHER ");
826 break;
827 default:
828 dbgtext( "MASK " );
829 break;
830 }
831
832 dbgtext( "ace_flags = 0x%x ", (unsigned int)pace->ace_flags);
833 dbgtext( "perms ");
834 dbgtext( "%c", pace->perms & S_IRUSR ? 'r' : '-');
835 dbgtext( "%c", pace->perms & S_IWUSR ? 'w' : '-');
836 dbgtext( "%c\n", pace->perms & S_IXUSR ? 'x' : '-');
837 }
838
839 /****************************************************************************
840 Print out a canon ace list.
841 ****************************************************************************/
842
843 static void print_canon_ace_list(const char *name, canon_ace *ace_list)
844 {
845 int count = 0;
846
847 if( DEBUGLVL( 10 )) {
848 dbgtext( "print_canon_ace_list: %s\n", name );
849 for (;ace_list; ace_list = ace_list->next, count++)
850 print_canon_ace(ace_list, count );
851 }
852 }
853
854 /****************************************************************************
855 Map POSIX ACL perms to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
856 ****************************************************************************/
857
858 static mode_t convert_permset_to_mode_t(SMB_ACL_PERMSET_T permset)
859 {
860 mode_t ret = 0;
861
862 ret |= (sys_acl_get_perm(permset, SMB_ACL_READ) ? S_IRUSR : 0);
863 ret |= (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
864 ret |= (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
865
866 return ret;
867 }
868
869 /****************************************************************************
870 Map generic UNIX permissions to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
871 ****************************************************************************/
872
873 static mode_t unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask)
874 {
875 mode_t ret = 0;
876
877 if (mode & r_mask)
878 ret |= S_IRUSR;
879 if (mode & w_mask)
880 ret |= S_IWUSR;
881 if (mode & x_mask)
882 ret |= S_IXUSR;
883
884 return ret;
885 }
886
887 /****************************************************************************
888 Map canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits) to
889 an SMB_ACL_PERMSET_T.
890 ****************************************************************************/
891
892 static int map_acl_perms_to_permset(connection_struct *conn, mode_t mode, SMB_ACL_PERMSET_T *p_permset)
893 {
894 if (sys_acl_clear_perms(*p_permset) == -1)
895 return -1;
896 if (mode & S_IRUSR) {
897 if (sys_acl_add_perm(*p_permset, SMB_ACL_READ) == -1)
898 return -1;
899 }
900 if (mode & S_IWUSR) {
901 if (sys_acl_add_perm(*p_permset, SMB_ACL_WRITE) == -1)
902 return -1;
903 }
904 if (mode & S_IXUSR) {
905 if (sys_acl_add_perm(*p_permset, SMB_ACL_EXECUTE) == -1)
906 return -1;
907 }
908 return 0;
909 }
910
911 /****************************************************************************
912 Function to create owner and group SIDs from a SMB_STRUCT_STAT.
913 ****************************************************************************/
914
915 void create_file_sids(const SMB_STRUCT_STAT *psbuf, struct dom_sid *powner_sid, struct dom_sid *pgroup_sid)
916 {
917 uid_to_sid( powner_sid, psbuf->st_ex_uid );
918 gid_to_sid( pgroup_sid, psbuf->st_ex_gid );
919 }
920
921 /****************************************************************************
922 Merge aces with a common UID or GID - if both are allow or deny, OR the permissions together and
923 delete the second one. If the first is deny, mask the permissions off and delete the allow
924 if the permissions become zero, delete the deny if the permissions are non zero.
925 ****************************************************************************/
926
927 static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
928 {
929 canon_ace *l_head = *pp_list_head;
930 canon_ace *curr_ace_outer;
931 canon_ace *curr_ace_outer_next;
932
933 /*
934 * First, merge allow entries with identical SIDs, and deny entries
935 * with identical SIDs.
936 */
937
938 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
939 canon_ace *curr_ace;
940 canon_ace *curr_ace_next;
941
942 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
943
944 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
945 bool can_merge = false;
946
947 curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
948
949 /* For file ACLs we can merge if the SIDs and ALLOW/DENY
950 * types are the same. For directory acls we must also
951 * ensure the POSIX ACL types are the same.
952 *
953 * For the IDMAP_BOTH case, we must not merge
954 * the UID and GID ACE values for same SID
955 */
956
957 if (!dir_acl) {
958 can_merge = (curr_ace->unix_ug.id == curr_ace_outer->unix_ug.id &&
959 curr_ace->owner_type == curr_ace_outer->owner_type &&
960 (curr_ace->attr == curr_ace_outer->attr));
961 } else {
962 can_merge = (curr_ace->unix_ug.id == curr_ace_outer->unix_ug.id &&
963 curr_ace->owner_type == curr_ace_outer->owner_type &&
964 (curr_ace->type == curr_ace_outer->type) &&
965 (curr_ace->attr == curr_ace_outer->attr));
966 }
967
968 if (can_merge) {
969 if( DEBUGLVL( 10 )) {
970 dbgtext("merge_aces: Merging ACE's\n");
971 print_canon_ace( curr_ace_outer, 0);
972 print_canon_ace( curr_ace, 0);
973 }
974
975 /* Merge two allow or two deny ACE's. */
976
977 /* Theoretically we shouldn't merge a dir ACE if
978 * one ACE has the CI flag set, and the other
979 * ACE has the OI flag set, but this is rare
980 * enough we can ignore it. */
981
982 curr_ace_outer->perms |= curr_ace->perms;
983 curr_ace_outer->ace_flags |= curr_ace->ace_flags;
984 DLIST_REMOVE(l_head, curr_ace);
985 TALLOC_FREE(curr_ace);
986 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
987 }
988 }
989 }
990
991 /*
992 * Now go through and mask off allow permissions with deny permissions.
993 * We can delete either the allow or deny here as we know that each SID
994 * appears only once in the list.
995 */
996
997 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
998 canon_ace *curr_ace;
999 canon_ace *curr_ace_next;
1000
1001 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
1002
1003 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
1004
1005 curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
1006
1007 /*
1008 * Subtract ACE's with different entries. Due to the ordering constraints
1009 * we've put on the ACL, we know the deny must be the first one.
1010 */
1011
1012 if (curr_ace->unix_ug.id == curr_ace_outer->unix_ug.id &&
1013 (curr_ace->owner_type == curr_ace_outer->owner_type) &&
1014 (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
1015
1016 if( DEBUGLVL( 10 )) {
1017 dbgtext("merge_aces: Masking ACE's\n");
1018 print_canon_ace( curr_ace_outer, 0);
1019 print_canon_ace( curr_ace, 0);
1020 }
1021
1022 curr_ace->perms &= ~curr_ace_outer->perms;
1023
1024 if (curr_ace->perms == 0) {
1025
1026 /*
1027 * The deny overrides the allow. Remove the allow.
1028 */
1029
1030 DLIST_REMOVE(l_head, curr_ace);
1031 TALLOC_FREE(curr_ace);
1032 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
1033
1034 } else {
1035
1036 /*
1037 * Even after removing permissions, there
1038 * are still allow permissions - delete the deny.
1039 * It is safe to delete the deny here,
1040 * as we are guarenteed by the deny first
1041 * ordering that all the deny entries for
1042 * this SID have already been merged into one
1043 * before we can get to an allow ace.
1044 */
1045
1046 DLIST_REMOVE(l_head, curr_ace_outer);
1047 TALLOC_FREE(curr_ace_outer);
1048 break;
1049 }
1050 }
1051
1052 } /* end for curr_ace */
1053 } /* end for curr_ace_outer */
1054
1055 /* We may have modified the list. */
1056
1057 *pp_list_head = l_head;
1058 }
1059
1060 /****************************************************************************
1061 Check if we need to return NT4.x compatible ACL entries.
1062 ****************************************************************************/
1063
1064 bool nt4_compatible_acls(void)
1065 {
1066 int compat = lp_acl_compatibility();
1067
1068 if (compat == ACL_COMPAT_AUTO) {
1069 enum remote_arch_types ra_type = get_remote_arch();
1070
1071 /* Automatically adapt to client */
1072 return (ra_type <= RA_WINNT);
1073 } else
1074 return (compat == ACL_COMPAT_WINNT);
1075 }
1076
1077
1078 /****************************************************************************
1079 Map canon_ace perms to permission bits NT.
1080 The attr element is not used here - we only process deny entries on set,
1081 not get. Deny entries are implicit on get with ace->perms = 0.
1082 ****************************************************************************/
1083
1084 uint32_t map_canon_ace_perms(int snum,
1085 enum security_ace_type *pacl_type,
1086 mode_t perms,
1087 bool directory_ace)
1088 {
1089 uint32_t nt_mask = 0;
1090
1091 *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
1092
1093 if (lp_acl_map_full_control(snum) && ((perms & ALL_ACE_PERMS) == ALL_ACE_PERMS)) {
1094 if (directory_ace) {
1095 nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
1096 } else {
1097 nt_mask = (UNIX_ACCESS_RWX & ~DELETE_ACCESS);
1098 }
1099 } else if ((perms & ALL_ACE_PERMS) == (mode_t)0) {
1100 /*
1101 * Windows NT refuses to display ACEs with no permissions in them (but
1102 * they are perfectly legal with Windows 2000). If the ACE has empty
1103 * permissions we cannot use 0, so we use the otherwise unused
1104 * WRITE_OWNER permission, which we ignore when we set an ACL.
1105 * We abstract this into a #define of UNIX_ACCESS_NONE to allow this
1106 * to be changed in the future.
1107 */
1108
1109 if (nt4_compatible_acls())
1110 nt_mask = UNIX_ACCESS_NONE;
1111 else
1112 nt_mask = 0;
1113 } else {
1114 if (directory_ace) {
1115 nt_mask |= ((perms & S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 );
1116 nt_mask |= ((perms & S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 );
1117 nt_mask |= ((perms & S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 );
1118 } else {
1119 nt_mask |= ((perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
1120 nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
1121 nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
1122 }
1123 }
1124
1125 if ((perms & S_IWUSR) && lp_dos_filemode(snum)) {
1126 nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER|DELETE_ACCESS);
1127 }
1128
1129 DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
1130 (unsigned int)perms, (unsigned int)nt_mask ));
1131
1132 return nt_mask;
1133 }
1134
1135 /****************************************************************************
1136 Map NT perms to a UNIX mode_t.
1137 ****************************************************************************/
1138
1139 #define FILE_SPECIFIC_READ_BITS (FILE_READ_DATA|FILE_READ_EA)
1140 #define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA)
1141 #define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
1142
1143 static mode_t map_nt_perms( uint32 *mask, int type)
1144 {
1145 mode_t mode = 0;
1146
1147 switch(type) {
1148 case S_IRUSR:
1149 if((*mask) & GENERIC_ALL_ACCESS)
1150 mode = S_IRUSR|S_IWUSR|S_IXUSR;
1151 else {
1152 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
1153 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
1154 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
1155 }
1156 break;
1157 case S_IRGRP:
1158 if((*mask) & GENERIC_ALL_ACCESS)
1159 mode = S_IRGRP|S_IWGRP|S_IXGRP;
1160 else {
1161 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
1162 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
1163 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
1164 }
1165 break;
1166 case S_IROTH:
1167 if((*mask) & GENERIC_ALL_ACCESS)
1168 mode = S_IROTH|S_IWOTH|S_IXOTH;
1169 else {
1170 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
1171 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
1172 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
1173 }
1174 break;
1175 }
1176
1177 return mode;
1178 }
1179
1180 /****************************************************************************
1181 Unpack a struct security_descriptor into a UNIX owner and group.
1182 ****************************************************************************/
1183
1184 NTSTATUS unpack_nt_owners(struct connection_struct *conn,
1185 uid_t *puser, gid_t *pgrp,
1186 uint32 security_info_sent, const struct
1187 security_descriptor *psd)
1188 {
1189 struct dom_sid owner_sid;
1190 struct dom_sid grp_sid;
1191
1192 *puser = (uid_t)-1;
1193 *pgrp = (gid_t)-1;
1194
1195 if(security_info_sent == 0) {
1196 DEBUG(0,("unpack_nt_owners: no security info sent !\n"));
1197 return NT_STATUS_OK;
1198 }
1199
1200 /*
1201 * Validate the owner and group SID's.
1202 */
1203
1204 memset(&owner_sid, '\0', sizeof(owner_sid));
1205 memset(&grp_sid, '\0', sizeof(grp_sid));
1206
1207 DEBUG(5,("unpack_nt_owners: validating owner_sids.\n"));
1208
1209 /*
1210 * Don't immediately fail if the owner sid cannot be validated.
1211 * This may be a group chown only set.
1212 */
1213
1214 if (security_info_sent & SECINFO_OWNER) {
1215 sid_copy(&owner_sid, psd->owner_sid);
1216 if (!sid_to_uid(&owner_sid, puser)) {
1217 if (lp_force_unknown_acl_user(SNUM(conn))) {
1218 /* this allows take ownership to work
1219 * reasonably */
1220 *puser = get_current_uid(conn);
1221 } else {
1222 DEBUG(3,("unpack_nt_owners: unable to validate"
1223 " owner sid for %s\n",
1224 sid_string_dbg(&owner_sid)));
1225 return NT_STATUS_INVALID_OWNER;
1226 }
1227 }
1228 DEBUG(3,("unpack_nt_owners: owner sid mapped to uid %u\n",
1229 (unsigned int)*puser ));
1230 }
1231
1232 /*
1233 * Don't immediately fail if the group sid cannot be validated.
1234 * This may be an owner chown only set.
1235 */
1236
1237 if (security_info_sent & SECINFO_GROUP) {
1238 sid_copy(&grp_sid, psd->group_sid);
1239 if (!sid_to_gid( &grp_sid, pgrp)) {
1240 if (lp_force_unknown_acl_user(SNUM(conn))) {
1241 /* this allows take group ownership to work
1242 * reasonably */
1243 *pgrp = get_current_gid(conn);
1244 } else {
1245 DEBUG(3,("unpack_nt_owners: unable to validate"
1246 " group sid.\n"));
1247 return NT_STATUS_INVALID_OWNER;
1248 }
1249 }
1250 DEBUG(3,("unpack_nt_owners: group sid mapped to gid %u\n",
1251 (unsigned int)*pgrp));
1252 }
1253
1254 DEBUG(5,("unpack_nt_owners: owner_sids validated.\n"));
1255
1256 return NT_STATUS_OK;
1257 }
1258
1259 /****************************************************************************
1260 Ensure the enforced permissions for this share apply.
1261 ****************************************************************************/
1262
1263 static void apply_default_perms(const struct share_params *params,
1264 const bool is_directory, canon_ace *pace,
1265 mode_t type)
1266 {
1267 mode_t and_bits = (mode_t)0;
1268 mode_t or_bits = (mode_t)0;
1269
1270 /* Get the initial bits to apply. */
1271
1272 if (is_directory) {
1273 and_bits = lp_dir_security_mask(params->service);
1274 or_bits = lp_force_dir_security_mode(params->service);
1275 } else {
1276 and_bits = lp_security_mask(params->service);
1277 or_bits = lp_force_security_mode(params->service);
1278 }
1279
1280 /* Now bounce them into the S_USR space. */
1281 switch(type) {
1282 case S_IRUSR:
1283 /* Ensure owner has read access. */
1284 pace->perms |= S_IRUSR;
1285 if (is_directory)
1286 pace->perms |= (S_IWUSR|S_IXUSR);
1287 and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1288 or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1289 break;
1290 case S_IRGRP:
1291 and_bits = unix_perms_to_acl_perms(and_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1292 or_bits = unix_perms_to_acl_perms(or_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1293 break;
1294 case S_IROTH:
1295 and_bits = unix_perms_to_acl_perms(and_bits, S_IROTH, S_IWOTH, S_IXOTH);
1296 or_bits = unix_perms_to_acl_perms(or_bits, S_IROTH, S_IWOTH, S_IXOTH);
1297 break;
1298 }
1299
1300 pace->perms = ((pace->perms & and_bits)|or_bits);
1301 }
1302
1303 /****************************************************************************
1304 Check if a given uid/SID is in a group gid/SID. This is probably very
1305 expensive and will need optimisation. A *lot* of optimisation :-). JRA.
1306 ****************************************************************************/
1307
1308 static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, canon_ace *group_ace )
1309 {
1310 /* "Everyone" always matches every uid. */
1311
1312 if (dom_sid_equal(&group_ace->trustee, &global_sid_World))
1313 return True;
1314
1315 /*
1316 * if it's the current user, we already have the unix token
1317 * and don't need to do the complex user_in_group_sid() call
1318 */
1319 if (uid_ace->unix_ug.id == get_current_uid(conn)) {
1320 const struct security_unix_token *curr_utok = NULL;
1321 size_t i;
1322
1323 if (group_ace->unix_ug.id == get_current_gid(conn)) {
1324 return True;
1325 }
1326
1327 curr_utok = get_current_utok(conn);
1328 for (i=0; i < curr_utok->ngroups; i++) {
1329 if (group_ace->unix_ug.id == curr_utok->groups[i]) {
1330 return True;
1331 }
1332 }
1333 }
1334
1335 /*
1336 * user_in_group_sid() uses create_token_from_sid()
1337 * which creates an artificial NT token given just a username,
1338 * so this is not reliable for users from foreign domains
1339 * exported by winbindd!
1340 */
1341 return user_sid_in_group_sid(&uid_ace->trustee, &group_ace->trustee);
1342 }
1343
1344 /****************************************************************************
1345 A well formed POSIX file or default ACL has at least 3 entries, a
1346 SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ.
1347 In addition, the owner must always have at least read access.
1348 When using this call on get_acl, the pst struct is valid and contains
1349 the mode of the file. When using this call on set_acl, the pst struct has
1350 been modified to have a mode containing the default for this file or directory
1351 type.
1352 ****************************************************************************/
1353
1354 static bool ensure_canon_entry_valid(connection_struct *conn,
1355 canon_ace **pp_ace,
1356 bool is_default_acl,
1357 const struct share_params *params,
1358 const bool is_directory,
1359 const struct dom_sid *pfile_owner_sid,
1360 const struct dom_sid *pfile_grp_sid,
1361 const SMB_STRUCT_STAT *pst,
1362 bool setting_acl)
1363 {
1364 canon_ace *pace;
1365 canon_ace *pace_user = NULL;
1366 canon_ace *pace_group = NULL;
1367 canon_ace *pace_other = NULL;
1368
1369 for (pace = *pp_ace; pace; pace = pace->next) {
1370 if (pace->type == SMB_ACL_USER_OBJ) {
1371
1372 if (setting_acl && !is_default_acl) {
1373 apply_default_perms(params, is_directory, pace, S_IRUSR);
1374 }
1375 pace_user = pace;
1376
1377 } else if (pace->type == SMB_ACL_GROUP_OBJ) {
1378
1379 /*
1380 * Ensure create mask/force create mode is respected on set.
1381 */
1382
1383 if (setting_acl && !is_default_acl) {
1384 apply_default_perms(params, is_directory, pace, S_IRGRP);
1385 }
1386 pace_group = pace;
1387
1388 } else if (pace->type == SMB_ACL_OTHER) {
1389
1390 /*
1391 * Ensure create mask/force create mode is respected on set.
1392 */
1393
1394 if (setting_acl && !is_default_acl) {
1395 apply_default_perms(params, is_directory, pace, S_IROTH);
1396 }
1397 pace_other = pace;
1398
1399 } else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
1400
1401 /*
1402 * Ensure create mask/force create mode is respected on set.
1403 */
1404
1405 if (setting_acl && !is_default_acl) {
1406 apply_default_perms(params, is_directory, pace, S_IRGRP);
1407 }
1408 }
1409 }
1410
1411 if (!pace_user) {
1412 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1413 DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1414 return False;
1415 }
1416
1417 ZERO_STRUCTP(pace);
1418 pace->type = SMB_ACL_USER_OBJ;
1419 pace->owner_type = UID_ACE;
1420 pace->unix_ug.type = ID_TYPE_UID;
1421 pace->unix_ug.id = pst->st_ex_uid;
1422 pace->trustee = *pfile_owner_sid;
1423 pace->attr = ALLOW_ACE;
1424 /* Start with existing permissions, principle of least
1425 surprises for the user. */
1426 pace->perms = pst->st_ex_mode;
1427
1428 if (setting_acl) {
1429 /* See if the owning user is in any of the other groups in
1430 the ACE, or if there's a matching user entry (by uid
1431 or in the case of ID_TYPE_BOTH by SID).
1432 If so, OR in the permissions from that entry. */
1433
1434 canon_ace *pace_iter;
1435
1436 for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) {
1437 if (pace_iter->type == SMB_ACL_USER &&
1438 pace_iter->unix_ug.id == pace->unix_ug.id) {
1439 pace->perms |= pace_iter->perms;
1440 } else if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) {
1441 if (dom_sid_equal(&pace->trustee, &pace_iter->trustee)) {
1442 pace->perms |= pace_iter->perms;
1443 } else if (uid_entry_in_group(conn, pace, pace_iter)) {
1444 pace->perms |= pace_iter->perms;
1445 }
1446 }
1447 }
1448
1449 if (pace->perms == 0) {
1450 /* If we only got an "everyone" perm, just use that. */
1451 if (pace_other)
1452 pace->perms = pace_other->perms;
1453 }
1454
1455 if (!is_default_acl) {
1456 apply_default_perms(params, is_directory, pace, S_IRUSR);
1457 }
1458 } else {
1459 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
1460 }
1461
1462 DLIST_ADD(*pp_ace, pace);
1463 pace_user = pace;
1464 }
1465
1466 if (!pace_group) {
1467 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1468 DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1469 return False;
1470 }
1471
1472 ZERO_STRUCTP(pace);
1473 pace->type = SMB_ACL_GROUP_OBJ;
1474 pace->owner_type = GID_ACE;
1475 pace->unix_ug.type = ID_TYPE_GID;
1476 pace->unix_ug.id = pst->st_ex_gid;
1477 pace->trustee = *pfile_grp_sid;
1478 pace->attr = ALLOW_ACE;
1479 if (setting_acl) {
1480 /* If we only got an "everyone" perm, just use that. */
1481 if (pace_other)
1482 pace->perms = pace_other->perms;
1483 else
1484 pace->perms = 0;
1485 if (!is_default_acl) {
1486 apply_default_perms(params, is_directory, pace, S_IRGRP);
1487 }
1488 } else {
1489 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP);
1490 }
1491
1492 DLIST_ADD(*pp_ace, pace);
1493 pace_group = pace;
1494 }
1495
1496 if (!pace_other) {
1497 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1498 DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1499 return False;
1500 }
1501
1502 ZERO_STRUCTP(pace);
1503 pace->type = SMB_ACL_OTHER;
1504 pace->owner_type = WORLD_ACE;
1505 pace->unix_ug.type = ID_TYPE_NOT_SPECIFIED;
1506 pace->unix_ug.id = -1;
1507 pace->trustee = global_sid_World;
1508 pace->attr = ALLOW_ACE;
1509 if (setting_acl) {
1510 pace->perms = 0;
1511 if (!is_default_acl) {
1512 apply_default_perms(params, is_directory, pace, S_IROTH);
1513 }
1514 } else
1515 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IROTH, S_IWOTH, S_IXOTH);
1516
1517 DLIST_ADD(*pp_ace, pace);
1518 pace_other = pace;
1519 }
1520
1521 if (setting_acl) {
1522 /* Ensure when setting a POSIX ACL, that the uid for a
1523 SMB_ACL_USER_OBJ ACE (the owner ACE entry) has a duplicate
1524 permission entry as an SMB_ACL_USER, and a gid for a
1525 SMB_ACL_GROUP_OBJ ACE (the primary group ACE entry) also has
1526 a duplicate permission entry as an SMB_ACL_GROUP. If not,
1527 then if the ownership or group ownership of this file or
1528 directory gets changed, the user or group can lose their
1529 access. */
1530 bool got_duplicate_user = false;
1531 bool got_duplicate_group = false;
1532
1533 for (pace = *pp_ace; pace; pace = pace->next) {
1534 if (pace->type == SMB_ACL_USER &&
1535 pace->unix_ug.id == pace_user->unix_ug.id) {
1536 /* Already got one. */
1537 got_duplicate_user = true;
1538 } else if (pace->type == SMB_ACL_GROUP &&
1539 pace->unix_ug.id == pace_user->unix_ug.id) {
1540 /* Already got one. */
1541 got_duplicate_group = true;
1542 } else if ((pace->type == SMB_ACL_GROUP)
1543 && (dom_sid_equal(&pace->trustee, &pace_user->trustee))) {
1544 /* If the SID owning the file appears
1545 * in a group entry, then we have
1546 * enough duplication, they will still
1547 * have access */
1548 got_duplicate_user = true;
1549 }
1550 }
1551
1552 /* If the SID is equal for the user and group that we need
1553 to add the duplicate for, add only the group */
1554 if (!got_duplicate_user && !got_duplicate_group
1555 && dom_sid_equal(&pace_group->trustee,
1556 &pace_user->trustee)) {
1557 /* Add a duplicate SMB_ACL_GROUP entry, this
1558 * will cover the owning SID as well, as it
1559 * will always be mapped to both a uid and
1560 * gid. */
1561
1562 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1563 DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n"));
1564 return false;
1565 }
1566
1567 ZERO_STRUCTP(pace);
1568 pace->type = SMB_ACL_GROUP;;
1569 pace->owner_type = GID_ACE;
1570 pace->unix_ug.type = ID_TYPE_GID;
1571 pace->unix_ug.id = pace_group->unix_ug.id;
1572 pace->trustee = pace_group->trustee;
1573 pace->attr = pace_group->attr;
1574 pace->perms = pace_group->perms;
1575
1576 DLIST_ADD(*pp_ace, pace);
1577
1578 /* We're done here, make sure the
1579 statements below are not executed. */
1580 got_duplicate_user = true;
1581 got_duplicate_group = true;
1582 }
1583
1584 if (!got_duplicate_user) {
1585 /* Add a duplicate SMB_ACL_USER entry. */
1586 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1587 DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n"));
1588 return false;
1589 }
1590
1591 ZERO_STRUCTP(pace);
1592 pace->type = SMB_ACL_USER;;
1593 pace->owner_type = UID_ACE;
1594 pace->unix_ug.type = ID_TYPE_UID;
1595 pace->unix_ug.id = pace_user->unix_ug.id;
1596 pace->trustee = pace_user->trustee;
1597 pace->attr = pace_user->attr;
1598 pace->perms = pace_user->perms;
1599
1600 DLIST_ADD(*pp_ace, pace);
1601
1602 got_duplicate_user = true;
1603 }
1604
1605 if (!got_duplicate_group) {
1606 /* Add a duplicate SMB_ACL_GROUP entry. */
1607 if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
1608 DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n"));
1609 return false;
1610 }
1611
1612 ZERO_STRUCTP(pace);
1613 pace->type = SMB_ACL_GROUP;;
1614 pace->owner_type = GID_ACE;
1615 pace->unix_ug.type = ID_TYPE_GID;
1616 pace->unix_ug.id = pace_group->unix_ug.id;
1617 pace->trustee = pace_group->trustee;
1618 pace->attr = pace_group->attr;
1619 pace->perms = pace_group->perms;
1620
1621 DLIST_ADD(*pp_ace, pace);
1622
1623 got_duplicate_group = true;
1624 }
1625
1626 }
1627
1628 return True;
1629 }
1630
1631 /****************************************************************************
1632 Check if a POSIX ACL has the required SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries.
1633 If it does not have them, check if there are any entries where the trustee is the
1634 file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ.
1635 Note we must not do this to default directory ACLs.
1636 ****************************************************************************/
1637
1638 static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, struct dom_sid *pfile_grp_sid)
1639 {
1640 bool got_user_obj, got_group_obj;
1641 canon_ace *current_ace;
1642 int i, entries;
1643
1644 entries = count_canon_ace_list(ace);
1645 got_user_obj = False;
1646 got_group_obj = False;
1647
1648 for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1649 if (current_ace->type == SMB_ACL_USER_OBJ)
1650 got_user_obj = True;
1651 else if (current_ace->type == SMB_ACL_GROUP_OBJ)
1652 got_group_obj = True;
1653 }
1654 if (got_user_obj && got_group_obj) {
1655 DEBUG(10,("check_owning_objs: ACL had owning user/group entries.\n"));
1656 return;
1657 }
1658
1659 for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1660 if (!got_user_obj && current_ace->owner_type == UID_ACE &&
1661 dom_sid_equal(&current_ace->trustee, pfile_owner_sid)) {
1662 current_ace->type = SMB_ACL_USER_OBJ;
1663 got_user_obj = True;
1664 }
1665 if (!got_group_obj && current_ace->owner_type == GID_ACE &&
1666 dom_sid_equal(&current_ace->trustee, pfile_grp_sid)) {
1667 current_ace->type = SMB_ACL_GROUP_OBJ;
1668 got_group_obj = True;
1669 }
1670 }
1671 if (!got_user_obj)
1672 DEBUG(10,("check_owning_objs: ACL is missing an owner entry.\n"));
1673 if (!got_group_obj)
1674 DEBUG(10,("check_owning_objs: ACL is missing an owning group entry.\n"));
1675 }
1676
1677 static bool add_current_ace_to_acl(files_struct *fsp, struct security_ace *psa,
1678 canon_ace **file_ace, canon_ace **dir_ace,
1679 bool *got_file_allow, bool *got_dir_allow,
1680 bool *all_aces_are_inherit_only,
1681 canon_ace *current_ace)
1682 {
1683
1684 /*
1685 * Map the given NT permissions into a UNIX mode_t containing only
1686 * S_I(R|W|X)USR bits.
1687 */
1688
1689 current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR);
1690 current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
1691
1692 /* Store the ace_flag. */
1693 current_ace->ace_flags = psa->flags;
1694
1695 /*
1696 * Now add the created ace to either the file list, the directory
1697 * list, or both. We *MUST* preserve the order here (hence we use
1698 * DLIST_ADD_END) as NT ACLs are order dependent.
1699 */
1700
1701 if (fsp->is_directory) {
1702
1703 /*
1704 * We can only add to the default POSIX ACE list if the ACE is
1705 * designed to be inherited by both files and directories.
1706 */
1707
1708 if ((psa->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) ==
1709 (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) {
1710
1711 canon_ace *current_dir_ace = current_ace;
1712 DLIST_ADD_END(*dir_ace, current_ace, canon_ace *);
1713
1714 /*
1715 * Note if this was an allow ace. We can't process
1716 * any further deny ace's after this.
1717 */
1718
1719 if (current_ace->attr == ALLOW_ACE)
1720 *got_dir_allow = True;
1721
1722 if ((current_ace->attr == DENY_ACE) && *got_dir_allow) {
1723 DEBUG(0,("add_current_ace_to_acl: "
1724 "malformed ACL in "
1725 "inheritable ACL! Deny entry "
1726 "after Allow entry. Failing "
1727 "to set on file %s.\n",
1728 fsp_str_dbg(fsp)));
1729 return False;
1730 }
1731
1732 if( DEBUGLVL( 10 )) {
1733 dbgtext("add_current_ace_to_acl: adding dir ACL:\n");
1734 print_canon_ace( current_ace, 0);
1735 }
1736
1737 /*
1738 * If this is not an inherit only ACE we need to add a duplicate
1739 * to the file acl.
1740 */
1741
1742 if (!(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1743 canon_ace *dup_ace = dup_canon_ace(current_ace);
1744
1745 if (!dup_ace) {
1746 DEBUG(0,("add_current_ace_to_acl: malloc fail !\n"));
1747 return False;
1748 }
1749
1750 /*
1751 * We must not free current_ace here as its
1752 * pointer is now owned by the dir_ace list.
1753 */
1754 current_ace = dup_ace;
1755 /* We've essentially split this ace into two,
1756 * and added the ace with inheritance request
1757 * bits to the directory ACL. Drop those bits for
1758 * the ACE we're adding to the file list. */
1759 current_ace->ace_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT|
1760 SEC_ACE_FLAG_CONTAINER_INHERIT|
1761 SEC_ACE_FLAG_INHERIT_ONLY);
1762 } else {
1763 /*
1764 * We must not free current_ace here as its
1765 * pointer is now owned by the dir_ace list.
1766 */
1767 current_ace = NULL;
1768 }
1769
1770 /*
1771 * current_ace is now either owned by file_ace
1772 * or is NULL. We can safely operate on current_dir_ace
1773 * to treat mapping for default acl entries differently
1774 * than access acl entries.
1775 */
1776
1777 if (current_dir_ace->owner_type == UID_ACE) {
1778 /*
1779 * We already decided above this is a uid,
1780 * for default acls ace's only CREATOR_OWNER
1781 * maps to ACL_USER_OBJ. All other uid
1782 * ace's are ACL_USER.
1783 */
1784 if (dom_sid_equal(&current_dir_ace->trustee,
1785 &global_sid_Creator_Owner)) {
1786 current_dir_ace->type = SMB_ACL_USER_OBJ;
1787 } else {
1788 current_dir_ace->type = SMB_ACL_USER;
1789 }
1790 }
1791
1792 if (current_dir_ace->owner_type == GID_ACE) {
1793 /*
1794 * We already decided above this is a gid,
1795 * for default acls ace's only CREATOR_GROUP
1796 * maps to ACL_GROUP_OBJ. All other uid
1797 * ace's are ACL_GROUP.
1798 */
1799 if (dom_sid_equal(&current_dir_ace->trustee,
1800 &global_sid_Creator_Group)) {
1801 current_dir_ace->type = SMB_ACL_GROUP_OBJ;
1802 } else {
1803 current_dir_ace->type = SMB_ACL_GROUP;
1804 }
1805 }
1806 }
1807 }
1808
1809 /*
1810 * Only add to the file ACL if not inherit only.
1811 */
1812
1813 if (current_ace && !(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1814 DLIST_ADD_END(*file_ace, current_ace, canon_ace *);
1815
1816 /*
1817 * Note if this was an allow ace. We can't process
1818 * any further deny ace's after this.
1819 */
1820
1821 if (current_ace->attr == ALLOW_ACE)
1822 *got_file_allow = True;
1823
1824 if ((current_ace->attr == DENY_ACE) && got_file_allow) {
1825 DEBUG(0,("add_current_ace_to_acl: malformed "
1826 "ACL in file ACL ! Deny entry after "
1827 "Allow entry. Failing to set on file "
1828 "%s.\n", fsp_str_dbg(fsp)));
1829 return False;
1830 }
1831
1832 if( DEBUGLVL( 10 )) {
1833 dbgtext("add_current_ace_to_acl: adding file ACL:\n");
1834 print_canon_ace( current_ace, 0);
1835 }
1836 *all_aces_are_inherit_only = False;
1837 /*
1838 * We must not free current_ace here as its
1839 * pointer is now owned by the file_ace list.
1840 */
1841 current_ace = NULL;
1842 }
1843
1844 /*
1845 * Free if ACE was not added.
1846 */
1847
1848 TALLOC_FREE(current_ace);
1849 return true;
1850 }
1851
1852 /****************************************************************************
1853 Unpack a struct security_descriptor into two canonical ace lists.
1854 ****************************************************************************/
1855
1856 static bool create_canon_ace_lists(files_struct *fsp,
1857 const SMB_STRUCT_STAT *pst,
1858 struct dom_sid *pfile_owner_sid,
1859 struct dom_sid *pfile_grp_sid,
1860 canon_ace **ppfile_ace,
1861 canon_ace **ppdir_ace,
1862 const struct security_acl *dacl)
1863 {
1864 bool all_aces_are_inherit_only = (fsp->is_directory ? True : False);
1865 canon_ace *file_ace = NULL;
1866 canon_ace *dir_ace = NULL;
1867 canon_ace *current_ace = NULL;
1868 bool got_dir_allow = False;
1869 bool got_file_allow = False;
1870 int i, j;
1871
1872 *ppfile_ace = NULL;
1873 *ppdir_ace = NULL;
1874
1875 /*
1876 * Convert the incoming ACL into a more regular form.
1877 */
1878
1879 for(i = 0; i < dacl->num_aces; i++) {
1880 struct security_ace *psa = &dacl->aces[i];
1881
1882 if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
1883 DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
1884 return False;
1885 }
1886
1887 if (nt4_compatible_acls()) {
1888 /*
1889 * The security mask may be UNIX_ACCESS_NONE which should map into
1890 * no permissions (we overload the WRITE_OWNER bit for this) or it
1891 * should be one of the ALL/EXECUTE/READ/WRITE bits. Arrange for this
1892 * to be so. Any other bits override the UNIX_ACCESS_NONE bit.
1893 */
1894
1895 /*
1896 * Convert GENERIC bits to specific bits.
1897 */
1898
1899 se_map_generic(&psa->access_mask, &file_generic_mapping);
1900
1901 psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
1902
1903 if(psa->access_mask != UNIX_ACCESS_NONE)
1904 psa->access_mask &= ~UNIX_ACCESS_NONE;
1905 }
1906 }
1907
1908 /*
1909 * Deal with the fact that NT 4.x re-writes the canonical format
1910 * that we return for default ACLs. If a directory ACE is identical
1911 * to a inherited directory ACE then NT changes the bits so that the
1912 * first ACE is set to OI|IO and the second ACE for this SID is set
1913 * to CI. We need to repair this. JRA.
1914 */
1915
1916 for(i = 0; i < dacl->num_aces; i++) {
1917 struct security_ace *psa1 = &dacl->aces[i];
1918
1919 for (j = i + 1; j < dacl->num_aces; j++) {
1920 struct security_ace *psa2 = &dacl->aces[j];
1921
1922 if (psa1->access_mask != psa2->access_mask)
1923 continue;
1924
1925 if (!dom_sid_equal(&psa1->trustee, &psa2->trustee))
1926 continue;
1927
1928 /*
1929 * Ok - permission bits and SIDs are equal.
1930 * Check if flags were re-written.
1931 */
1932
1933 if (psa1->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1934
1935 psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1936 psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1937
1938 } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1939
1940 psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1941 psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1942
1943 }
1944 }
1945 }
1946
1947 for(i = 0; i < dacl->num_aces; i++) {
1948 struct security_ace *psa = &dacl->aces[i];
1949
1950 /*
1951 * Create a canon_ace entry representing this NT DACL ACE.
1952 */
1953
1954 if ((current_ace = talloc(talloc_tos(), canon_ace)) == NULL) {
1955 free_canon_ace_list(file_ace);
1956 free_canon_ace_list(dir_ace);
1957 DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
1958 return False;
1959 }
1960
1961 ZERO_STRUCTP(current_ace);
1962
1963 sid_copy(&current_ace->trustee, &psa->trustee);
1964
1965 /*
1966 * Try and work out if the SID is a user or group
1967 * as we need to flag these differently for POSIX.
1968 * Note what kind of a POSIX ACL this should map to.
1969 */
1970
1971 if( dom_sid_equal(&current_ace->trustee, &global_sid_World)) {
1972 current_ace->owner_type = WORLD_ACE;
1973 current_ace->unix_ug.type = ID_TYPE_NOT_SPECIFIED;
1974 current_ace->unix_ug.id = -1;
1975 current_ace->type = SMB_ACL_OTHER;
1976 } else if (dom_sid_equal(&current_ace->trustee, &global_sid_Creator_Owner)) {
1977 current_ace->owner_type = UID_ACE;
1978 current_ace->unix_ug.type = ID_TYPE_UID;
1979 current_ace->unix_ug.id = pst->st_ex_uid;
1980 current_ace->type = SMB_ACL_USER_OBJ;
1981
1982 /*
1983 * The Creator Owner entry only specifies inheritable permissions,
1984 * never access permissions. WinNT doesn't always set the ACE to
1985 * INHERIT_ONLY, though.
1986 */
1987
1988 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
1989
1990 } else if (dom_sid_equal(&current_ace->trustee, &global_sid_Creator_Group)) {
1991 current_ace->owner_type = GID_ACE;
1992 current_ace->unix_ug.type = ID_TYPE_GID;
1993 current_ace->unix_ug.id = pst->st_ex_gid;
1994 current_ace->type = SMB_ACL_GROUP_OBJ;
1995
1996 /*
1997 * The Creator Group entry only specifies inheritable permissions,
1998 * never access permissions. WinNT doesn't always set the ACE to
1999 * INHERIT_ONLY, though.
2000 */
2001 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
2002
2003 } else {
2004 struct unixid unixid;
2005
2006 if (!sids_to_unixids(&current_ace->trustee, 1, &unixid)) {
2007 free_canon_ace_list(file_ace);
2008 free_canon_ace_list(dir_ace);
2009 TALLOC_FREE(current_ace);
2010 DEBUG(0, ("create_canon_ace_lists: sids_to_unixids "
2011 "failed for %s (allocation failure)\n",
2012 sid_string_dbg(&current_ace->trustee)));
2013 return false;
2014 }
2015
2016 if (unixid.type == ID_TYPE_BOTH) {
2017 /* If it's the owning user, this is a
2018 * user_obj, not a user. This way, we
2019 * get a valid ACL for groups that own
2020 * files, without putting user ACL
2021 * entries in for groups otherwise */
2022 if (unixid.id == pst->st_ex_uid) {
2023 current_ace->owner_type = UID_ACE;
2024 current_ace->unix_ug.type = ID_TYPE_UID;
2025 current_ace->unix_ug.id = unixid.id;
2026 current_ace->type = SMB_ACL_USER_OBJ;
2027
2028 /* Add the user object to the posix ACL,
2029 and proceed to the group mapping
2030 below. This handles the talloc_free
2031 of current_ace if not added for some
2032 reason */
2033 if (!add_current_ace_to_acl(fsp,
2034 psa,
2035 &file_ace,
2036 &dir_ace,
2037 &got_file_allow,
2038 &got_dir_allow,
2039 &all_aces_are_inherit_only,
2040 current_ace)) {
2041 free_canon_ace_list(file_ace);
2042 free_canon_ace_list(dir_ace);
2043 return false;
2044 }
2045
2046 if ((current_ace = talloc(talloc_tos(),
2047 canon_ace)) == NULL) {
2048 free_canon_ace_list(file_ace);
2049 free_canon_ace_list(dir_ace);
2050 DEBUG(0,("create_canon_ace_lists: "
2051 "malloc fail.\n"));
2052 return False;
2053 }
2054
2055 ZERO_STRUCTP(current_ace);
2056 }
2057
2058 sid_copy(&current_ace->trustee, &psa->trustee);
2059
2060 current_ace->unix_ug.type = ID_TYPE_GID;
2061 current_ace->unix_ug.id = unixid.id;
2062 current_ace->owner_type = GID_ACE;
2063 /* If it's the primary group, this is a
2064 group_obj, not a group. */
2065 if (current_ace->unix_ug.id == pst->st_ex_gid) {
2066 current_ace->type = SMB_ACL_GROUP_OBJ;
2067 } else {
2068 current_ace->type = SMB_ACL_GROUP;
2069 }
2070
2071 } else if (unixid.type == ID_TYPE_UID) {
2072 current_ace->owner_type = UID_ACE;
2073 current_ace->unix_ug.type = ID_TYPE_UID;
2074 current_ace->unix_ug.id = unixid.id;
2075 /* If it's the owning user, this is a user_obj,
2076 not a user. */
2077 if (current_ace->unix_ug.id == pst->st_ex_uid) {
2078 current_ace->type = SMB_ACL_USER_OBJ;
2079 } else {
2080 current_ace->type = SMB_ACL_USER;
2081 }
2082 } else if (unixid.type == ID_TYPE_GID) {
2083 current_ace->unix_ug.type = ID_TYPE_GID;
2084 current_ace->unix_ug.id = unixid.id;
2085 current_ace->owner_type = GID_ACE;
2086 /* If it's the primary group, this is a
2087 group_obj, not a group. */
2088 if (current_ace->unix_ug.id == pst->st_ex_gid) {
2089 current_ace->type = SMB_ACL_GROUP_OBJ;
2090 } else {
2091 current_ace->type = SMB_ACL_GROUP;
2092 }
2093 } else {
2094 /*
2095 * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
2096 */
2097
2098 if (non_mappable_sid(&psa->trustee)) {
2099 DEBUG(10, ("create_canon_ace_lists: ignoring "
2100 "non-mappable SID %s\n",
2101 sid_string_dbg(&psa->trustee)));
2102 TALLOC_FREE(current_ace);
2103 continue;
2104 }
2105
2106 if (lp_force_unknown_acl_user(SNUM(fsp->conn))) {
2107 DEBUG(10, ("create_canon_ace_lists: ignoring "
2108 "unknown or foreign SID %s\n",
2109 sid_string_dbg(&psa->trustee)));
2110 TALLOC_FREE(current_ace);
2111 continue;
2112 }
2113
2114 free_canon_ace_list(file_ace);
2115 free_canon_ace_list(dir_ace);
2116 DEBUG(0, ("create_canon_ace_lists: unable to map SID "
2117 "%s to uid or gid.\n",
2118 sid_string_dbg(&current_ace->trustee)));
2119 TALLOC_FREE(current_ace);
2120 return false;
2121 }
2122 }
2123
2124 /* handles the talloc_free of current_ace if not added for some reason */
2125 if (!add_current_ace_to_acl(fsp, psa, &file_ace, &dir_ace,
2126 &got_file_allow, &got_dir_allow,
2127 &all_aces_are_inherit_only, current_ace)) {
2128 free_canon_ace_list(file_ace);
2129 free_canon_ace_list(dir_ace);
2130 return false;
2131 }
2132 }
2133
2134 if (fsp->is_directory && all_aces_are_inherit_only) {
2135 /*
2136 * Windows 2000 is doing one of these weird 'inherit acl'
2137 * traverses to conserve NTFS ACL resources. Just pretend
2138 * there was no DACL sent. JRA.
2139 */
2140
2141 DEBUG(10,("create_canon_ace_lists: Win2k inherit acl traverse. Ignoring DACL.\n"));
2142 free_canon_ace_list(file_ace);
2143 free_canon_ace_list(dir_ace);
2144 file_ace = NULL;
2145 dir_ace = NULL;
2146 } else {
2147 /*
2148 * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in
2149 * the file ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP
2150 * entries can be converted to *_OBJ. Don't do this for the default
2151 * ACL, we will create them separately for this if needed inside
2152 * ensure_canon_entry_valid().
2153 */
2154 if (file_ace) {
2155 check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid);
2156 }
2157 }
2158
2159 *ppfile_ace = file_ace;
2160 *ppdir_ace = dir_ace;
2161
2162 return True;
2163 }
2164
2165 /****************************************************************************
2166 ASCII art time again... JRA :-).
2167
2168 We have 4 cases to process when moving from an NT ACL to a POSIX ACL. Firstly,
2169 we insist the ACL is in canonical form (ie. all DENY entries preceede ALLOW
2170 entries). Secondly, the merge code has ensured that all duplicate SID entries for
2171 allow or deny have been merged, so the same SID can only appear once in the deny
2172 list or once in the allow list.
2173
2174 We then process as follows :
2175
2176 ---------------------------------------------------------------------------
2177 First pass - look for a Everyone DENY entry.
2178
2179 If it is deny all (rwx) trunate the list at this point.
2180 Else, walk the list from this point and use the deny permissions of this
2181 entry as a mask on all following allow entries. Finally, delete
2182 the Everyone DENY entry (we have applied it to everything possible).
2183
2184 In addition, in this pass we remove any DENY entries that have
2185 no permissions (ie. they are a DENY nothing).
2186 ---------------------------------------------------------------------------
2187 Second pass - only deal with deny user entries.
2188
2189 DENY user1 (perms XXX)
2190
2191 new_perms = 0
2192 for all following allow group entries where user1 is in group
2193 new_perms |= group_perms;
2194
2195 user1 entry perms = new_perms & ~ XXX;
2196
2197 Convert the deny entry to an allow entry with the new perms and
2198 push to the end of the list. Note if the user was in no groups
2199 this maps to a specific allow nothing entry for this user.
2200
2201 The common case from the NT ACL choser (userX deny all) is
2202 optimised so we don't do the group lookup - we just map to
2203 an allow nothing entry.
2204
2205 What we're doing here is inferring the allow permissions the
2206 person setting the ACE on user1 wanted by looking at the allow
2207 permissions on the groups the user is currently in. This will
2208 be a snapshot, depending on group membership but is the best
2209 we can do and has the advantage of failing closed rather than
2210 open.
2211 ---------------------------------------------------------------------------
2212 Third pass - only deal with deny group entries.
2213
2214 DENY group1 (perms XXX)
2215
2216 for all following allow user entries where user is in group1
2217 user entry perms = user entry perms & ~ XXX;
2218
2219 If there is a group Everyone allow entry with permissions YYY,
2220 convert the group1 entry to an allow entry and modify its
2221 permissions to be :
2222
2223 new_perms = YYY & ~ XXX
2224
2225 and push to the end of the list.
2226
2227 If there is no group Everyone allow entry then convert the
2228 group1 entry to a allow nothing entry and push to the end of the list.
2229
2230 Note that the common case from the NT ACL choser (groupX deny all)
2231 cannot be optimised here as we need to modify user entries who are
2232 in the group to change them to a deny all also.
2233
2234 What we're doing here is modifying the allow permissions of
2235 user entries (which are more specific in POSIX ACLs) to mask
2236 out the explicit deny set on the group they are in. This will
2237 be a snapshot depending on current group membership but is the
2238 best we can do and has the advantage of failing closed rather
2239 than open.
2240 ---------------------------------------------------------------------------
2241 Fourth pass - cope with cumulative permissions.
2242
2243 for all allow user entries, if there exists an allow group entry with
2244 more permissive permissions, and the user is in that group, rewrite the
2245 allow user permissions to contain both sets of permissions.
2246
2247 Currently the code for this is #ifdef'ed out as these semantics make
2248 no sense to me. JRA.
2249 ---------------------------------------------------------------------------
2250
2251 Note we *MUST* do the deny user pass first as this will convert deny user
2252 entries into allow user entries which can then be processed by the deny
2253 group pass.
2254
2255 The above algorithm took a *lot* of thinking about - hence this
2256 explaination :-). JRA.
2257 ****************************************************************************/
2258
2259 /****************************************************************************
2260 Process a canon_ace list entries. This is very complex code. We need
2261 to go through and remove the "deny" permissions from any allow entry that matches
2262 the id of this entry. We have already refused any NT ACL that wasn't in correct
2263 order (DENY followed by ALLOW). If any allow entry ends up with zero permissions,
2264 we just remove it (to fail safe). We have already removed any duplicate ace
2265 entries. Treat an "Everyone" DENY_ACE as a special case - use it to mask all
2266 allow entries.
2267 ****************************************************************************/
2268
2269 static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list )
2270 {
2271 canon_ace *ace_list = *pp_ace_list;
2272 canon_ace *curr_ace = NULL;
2273 canon_ace *curr_ace_next = NULL;
2274
2275 /* Pass 1 above - look for an Everyone, deny entry. */
2276
2277 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2278 canon_ace *allow_ace_p;
2279
2280 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2281
2282 if (curr_ace->attr != DENY_ACE)
2283 continue;
2284
2285 if (curr_ace->perms == (mode_t)0) {
2286
2287 /* Deny nothing entry - delete. */
2288
2289 DLIST_REMOVE(ace_list, curr_ace);
2290 continue;
2291 }
2292
2293 if (!dom_sid_equal(&curr_ace->trustee, &global_sid_World))
2294 continue;
2295
2296 /* JRATEST - assert. */
2297 SMB_ASSERT(curr_ace->owner_type == WORLD_ACE);
2298
2299 if (curr_ace->perms == ALL_ACE_PERMS) {
2300
2301 /*
2302 * Optimisation. This is a DENY_ALL to Everyone. Truncate the
2303 * list at this point including this entry.
2304 */
2305
2306 canon_ace *prev_entry = DLIST_PREV(curr_ace);
2307
2308 free_canon_ace_list( curr_ace );
2309 if (prev_entry)
2310 DLIST_REMOVE(ace_list, prev_entry);
2311 else {
2312 /* We deleted the entire list. */
2313 ace_list = NULL;
2314 }
2315 break;
2316 }
2317
2318 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2319
2320 /*
2321 * Only mask off allow entries.
2322 */
2323
2324 if (allow_ace_p->attr != ALLOW_ACE)
2325 continue;
2326
2327 allow_ace_p->perms &= ~curr_ace->perms;
2328 }
2329
2330 /*
2331 * Now it's been applied, remove it.
2332 */
2333
2334 DLIST_REMOVE(ace_list, curr_ace);
2335 }
2336
2337 /* Pass 2 above - deal with deny user entries. */
2338
2339 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2340 mode_t new_perms = (mode_t)0;
2341 canon_ace *allow_ace_p;
2342
2343 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2344
2345 if (curr_ace->attr != DENY_ACE)
2346 continue;
2347
2348 if (curr_ace->owner_type != UID_ACE)
2349 continue;
2350
2351 if (curr_ace->perms == ALL_ACE_PERMS) {
2352
2353 /*
2354 * Optimisation - this is a deny everything to this user.
2355 * Convert to an allow nothing and push to the end of the list.
2356 */
2357
2358 curr_ace->attr = ALLOW_ACE;
2359 curr_ace->perms = (mode_t)0;
2360 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2361 continue;
2362 }
2363
2364 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2365
2366 if (allow_ace_p->attr != ALLOW_ACE)
2367 continue;
2368
2369 /* We process GID_ACE and WORLD_ACE entries only. */
2370
2371 if (allow_ace_p->owner_type == UID_ACE)
2372 continue;
2373
2374 if (uid_entry_in_group(conn, curr_ace, allow_ace_p))
2375 new_perms |= allow_ace_p->perms;
2376 }
2377
2378 /*
2379 * Convert to a allow entry, modify the perms and push to the end
2380 * of the list.
2381 */
2382
2383 curr_ace->attr = ALLOW_ACE;
2384 curr_ace->perms = (new_perms & ~curr_ace->perms);
2385 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2386 }
2387
2388 /* Pass 3 above - deal with deny group entries. */
2389
2390 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2391 canon_ace *allow_ace_p;
2392 canon_ace *allow_everyone_p = NULL;
2393
2394 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2395
2396 if (curr_ace->attr != DENY_ACE)
2397 continue;
2398
2399 if (curr_ace->owner_type != GID_ACE)
2400 continue;
2401
2402 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2403
2404 if (allow_ace_p->attr != ALLOW_ACE)
2405 continue;
2406
2407 /* Store a pointer to the Everyone allow, if it exists. */
2408 if (allow_ace_p->owner_type == WORLD_ACE)
2409 allow_everyone_p = allow_ace_p;
2410
2411 /* We process UID_ACE entries only. */
2412
2413 if (allow_ace_p->owner_type != UID_ACE)
2414 continue;
2415
2416 /* Mask off the deny group perms. */
2417
2418 if (uid_entry_in_group(conn, allow_ace_p, curr_ace))
2419 allow_ace_p->perms &= ~curr_ace->perms;
2420 }
2421
2422 /*
2423 * Convert the deny to an allow with the correct perms and
2424 * push to the end of the list.
2425 */
2426
2427 curr_ace->attr = ALLOW_ACE;
2428 if (allow_everyone_p)
2429 curr_ace->perms = allow_everyone_p->perms & ~curr_ace->perms;
2430 else
2431 curr_ace->perms = (mode_t)0;
2432 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2433 }
2434
2435 /* Doing this fourth pass allows Windows semantics to be layered
2436 * on top of POSIX semantics. I'm not sure if this is desirable.
2437 * For example, in W2K ACLs there is no way to say, "Group X no
2438 * access, user Y full access" if user Y is a member of group X.
2439 * This seems completely broken semantics to me.... JRA.
2440 */
2441
2442 #if 0
2443 /* Pass 4 above - deal with allow entries. */
2444
2445 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2446 canon_ace *allow_ace_p;
2447
2448 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2449
2450 if (curr_ace->attr != ALLOW_ACE)
2451 continue;
2452
2453 if (curr_ace->owner_type != UID_ACE)
2454 continue;
2455
2456 for (allow_ace_p = ace_list; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2457
2458 if (allow_ace_p->attr != ALLOW_ACE)
2459 continue;
2460
2461 /* We process GID_ACE entries only. */
2462
2463 if (allow_ace_p->owner_type != GID_ACE)
2464 continue;
2465
2466 /* OR in the group perms. */
2467
2468 if (uid_entry_in_group(conn, curr_ace, allow_ace_p))
2469 curr_ace->perms |= allow_ace_p->perms;
2470 }
2471 }
2472 #endif
2473
2474 *pp_ace_list = ace_list;
2475 }
2476
2477 /****************************************************************************
2478 Unpack a struct security_descriptor into two canonical ace lists. We don't depend on this
2479 succeeding.
2480 ****************************************************************************/
2481
2482 static bool unpack_canon_ace(files_struct *fsp,
2483 const SMB_STRUCT_STAT *pst,
2484 struct dom_sid *pfile_owner_sid,
2485 struct dom_sid *pfile_grp_sid,
2486 canon_ace **ppfile_ace,
2487 canon_ace **ppdir_ace,
2488 uint32 security_info_sent,
2489 const struct security_descriptor *psd)
2490 {
2491 canon_ace *file_ace = NULL;
2492 canon_ace *dir_ace = NULL;
2493
2494 *ppfile_ace = NULL;
2495 *ppdir_ace = NULL;
2496
2497 if(security_info_sent == 0) {
2498 DEBUG(0,("unpack_canon_ace: no security info sent !\n"));
2499 return False;
2500 }
2501
2502 /*
2503 * If no DACL then this is a chown only security descriptor.
2504 */
2505
2506 if(!(security_info_sent & SECINFO_DACL) || !psd->dacl)
2507 return True;
2508
2509 /*
2510 * Now go through the DACL and create the canon_ace lists.
2511 */
2512
2513 if (!create_canon_ace_lists( fsp, pst, pfile_owner_sid, pfile_grp_sid,
2514 &file_ace, &dir_ace, psd->dacl))
2515 return False;
2516
2517 if ((file_ace == NULL) && (dir_ace == NULL)) {
2518 /* W2K traverse DACL set - ignore. */
2519 return True;
2520 }
2521
2522 /*
2523 * Go through the canon_ace list and merge entries
2524 * belonging to identical users of identical allow or deny type.
2525 * We can do this as all deny entries come first, followed by
2526 * all allow entries (we have mandated this before accepting this acl).
2527 */
2528
2529 print_canon_ace_list( "file ace - before merge", file_ace);
2530 merge_aces( &file_ace, false);
2531
2532 print_canon_ace_list( "dir ace - before merge", dir_ace);
2533 merge_aces( &dir_ace, true);
2534
2535 /*
2536 * NT ACLs are order dependent. Go through the acl lists and
2537 * process DENY entries by masking the allow entries.
2538 */
2539
2540 print_canon_ace_list( "file ace - before deny", file_ace);
2541 process_deny_list(fsp->conn, &file_ace);
2542
2543 print_canon_ace_list( "dir ace - before deny", dir_ace);
2544 process_deny_list(fsp->conn, &dir_ace);
2545
2546 /*
2547 * A well formed POSIX file or default ACL has at least 3 entries, a
2548 * SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ
2549 * and optionally a mask entry. Ensure this is the case.
2550 */
2551
2552 print_canon_ace_list( "file ace - before valid", file_ace);
2553
2554 if (!ensure_canon_entry_valid(fsp->conn, &file_ace, false, fsp->conn->params,
2555 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
2556 free_canon_ace_list(file_ace);
2557 free_canon_ace_list(dir_ace);
2558 return False;
2559 }
2560
2561 print_canon_ace_list( "dir ace - before valid", dir_ace);
2562
2563 if (dir_ace && !ensure_canon_entry_valid(fsp->conn, &dir_ace, true, fsp->conn->params,
2564 fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
2565 free_canon_ace_list(file_ace);
2566 free_canon_ace_list(dir_ace);
2567 return False;
2568 }
2569
2570 print_canon_ace_list( "file ace - return", file_ace);
2571 print_canon_ace_list( "dir ace - return", dir_ace);
2572
2573 *ppfile_ace = file_ace;
2574 *ppdir_ace = dir_ace;
2575 return True;
2576
2577 }
2578
2579 /******************************************************************************
2580 When returning permissions, try and fit NT display
2581 semantics if possible. Note the the canon_entries here must have been malloced.
2582 The list format should be - first entry = owner, followed by group and other user
2583 entries, last entry = other.
2584
2585 Note that this doesn't exactly match the NT semantics for an ACL. As POSIX entries
2586 are not ordered, and match on the most specific entry rather than walking a list,
2587 then a simple POSIX permission of rw-r--r-- should really map to 5 entries,
2588
2589 Entry 0: owner : deny all except read and write.
2590 Entry 1: owner : allow read and write.
2591 Entry 2: group : deny all except read.
2592 Entry 3: group : allow read.
2593 Entry 4: Everyone : allow read.
2594
2595 But NT cannot display this in their ACL editor !
2596 ********************************************************************************/
2597
2598 static void arrange_posix_perms(const char *filename, canon_ace **pp_list_head)
2599 {
2600 canon_ace *l_head = *pp_list_head;
2601 canon_ace *owner_ace = NULL;
2602 canon_ace *other_ace = NULL;
2603 canon_ace *ace = NULL;
2604
2605 for (ace = l_head; ace; ace = ace->next) {
2606 if (ace->type == SMB_ACL_USER_OBJ)
2607 owner_ace = ace;
2608 else if (ace->type == SMB_ACL_OTHER) {
2609 /* Last ace - this is "other" */
2610 other_ace = ace;
2611 }
2612 }
2613
2614 if (!owner_ace || !other_ace) {
2615 DEBUG(0,("arrange_posix_perms: Invalid POSIX permissions for file %s, missing owner or other.\n",
2616 filename ));
2617 return;
2618 }
2619
2620 /*
2621 * The POSIX algorithm applies to owner first, and other last,
2622 * so ensure they are arranged in this order.
2623 */
2624
2625 if (owner_ace) {
2626 DLIST_PROMOTE(l_head, owner_ace);
2627 }
2628
2629 if (other_ace) {
2630 DLIST_DEMOTE(l_head, other_ace, canon_ace *);
2631 }
2632
2633 /* We have probably changed the head of the list. */
2634
2635 *pp_list_head = l_head;
2636 }
2637
2638 /****************************************************************************
2639 Create a linked list of canonical ACE entries.
2640 ****************************************************************************/
2641
2642 static canon_ace *canonicalise_acl(struct connection_struct *conn,
2643 const char *fname, SMB_ACL_T posix_acl,
2644 const SMB_STRUCT_STAT *psbuf,
2645 const struct dom_sid *powner, const struct dom_sid *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type)
2646 {
2647 mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR);
2648 canon_ace *l_head = NULL;
2649 canon_ace *ace = NULL;
2650 canon_ace *next_ace = NULL;
2651 int entry_id = SMB_ACL_FIRST_ENTRY;
2652 bool is_default_acl = (the_acl_type == SMB_ACL_TYPE_DEFAULT);
2653 SMB_ACL_ENTRY_T entry;
2654 size_t ace_count;
2655
2656 while ( posix_acl && (sys_acl_get_entry(posix_acl, entry_id, &entry) == 1)) {
2657 SMB_ACL_TAG_T tagtype;
2658 SMB_ACL_PERMSET_T permset;
2659 struct dom_sid sid;
2660 struct unixid unix_ug;
2661 enum ace_owner owner_type;
2662
2663 entry_id = SMB_ACL_NEXT_ENTRY;
2664
2665 /* Is this a MASK entry ? */
2666 if (sys_acl_get_tag_type(entry, &tagtype) == -1)
2667 continue;
2668
2669 if (sys_acl_get_permset(entry, &permset) == -1)
2670 continue;
2671
2672 /* Decide which SID to use based on the ACL type. */
2673 switch(tagtype) {
2674 case SMB_ACL_USER_OBJ:
2675 /* Get the SID from the owner. */
2676 sid_copy(&sid, powner);
2677 unix_ug.type = ID_TYPE_UID;
2678 unix_ug.id = psbuf->st_ex_uid;
2679 owner_type = UID_ACE;
2680 break;
2681 case SMB_ACL_USER:
2682 {
2683 uid_t *puid = (uid_t *)sys_acl_get_qualifier(entry);
2684 if (puid == NULL) {
2685 DEBUG(0,("canonicalise_acl: Failed to get uid.\n"));
2686 continue;
2687 }
2688 uid_to_sid( &sid, *puid);
2689 unix_ug.type = ID_TYPE_UID;
2690 unix_ug.id = *puid;
2691 owner_type = UID_ACE;
2692 break;
2693 }
2694 case SMB_ACL_GROUP_OBJ:
2695 /* Get the SID from the owning group. */
2696 sid_copy(&sid, pgroup);
2697 unix_ug.type = ID_TYPE_GID;
2698 unix_ug.id = psbuf->st_ex_gid;
2699 owner_type = GID_ACE;
2700 break;
2701 case SMB_ACL_GROUP:
2702 {
2703 gid_t *pgid = (gid_t *)sys_acl_get_qualifier(entry);
2704 if (pgid == NULL) {
2705 DEBUG(0,("canonicalise_acl: Failed to get gid.\n"));
2706 continue;
2707 }
2708 gid_to_sid( &sid, *pgid);
2709 unix_ug.type = ID_TYPE_GID;
2710 unix_ug.id = *pgid;
2711 owner_type = GID_ACE;
2712 break;
2713 }
2714 case SMB_ACL_MASK:
2715 acl_mask = convert_permset_to_mode_t(permset);
2716 continue; /* Don't count the mask as an entry. */
2717 case SMB_ACL_OTHER:
2718 /* Use the Everyone SID */
2719 sid = global_sid_World;
2720 unix_ug.type = ID_TYPE_NOT_SPECIFIED;
2721 unix_ug.id = -1;
2722 owner_type = WORLD_ACE;
2723 break;
2724 default:
2725 DEBUG(0,("canonicalise_acl: Unknown tagtype %u\n", (unsigned int)tagtype));
2726 continue;
2727 }
2728
2729 /*
2730 * Add this entry to the list.
2731 */
2732
2733 if ((ace = talloc(talloc_tos(), canon_ace)) == NULL)
2734 goto fail;
2735
2736 ZERO_STRUCTP(ace);
2737 ace->type = tagtype;
2738 ace->perms = convert_permset_to_mode_t(permset);
2739 ace->attr = ALLOW_ACE;
2740 ace->trustee = sid;
2741 ace->unix_ug = unix_ug;
2742 ace->owner_type = owner_type;
2743 ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
2744
2745 DLIST_ADD(l_head, ace);
2746 }
2747
2748 /*
2749 * This next call will ensure we have at least a user/group/world set.
2750 */
2751
2752 if (!ensure_canon_entry_valid(conn, &l_head, is_default_acl, conn->params,
2753 S_ISDIR(psbuf->st_ex_mode), powner, pgroup,
2754 psbuf, False))
2755 goto fail;
2756
2757 /*
2758 * Now go through the list, masking the permissions with the
2759 * acl_mask. Ensure all DENY Entries are at the start of the list.
2760 */
2761
2762 DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", is_default_acl ? "Default" : "Access"));
2763
2764 for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {
2765 next_ace = ace->next;
2766
2767 /* Masks are only applied to entries other than USER_OBJ and OTHER. */
2768 if (ace->type != SMB_ACL_OTHER && ace->type != SMB_ACL_USER_OBJ)
2769 ace->perms &= acl_mask;
2770
2771 if (ace->perms == 0) {
2772 DLIST_PROMOTE(l_head, ace);
2773 }
2774
2775 if( DEBUGLVL( 10 ) ) {
2776 print_canon_ace(ace, ace_count);
2777 }
2778 }
2779
2780 arrange_posix_perms(fname,&l_head );
2781
2782 print_canon_ace_list( "canonicalise_acl: ace entries after arrange", l_head );
2783
2784 return l_head;
2785
2786 fail:
2787
2788 free_canon_ace_list(l_head);
2789 return NULL;
2790 }
2791
2792 /****************************************************************************
2793 Check if the current user group list contains a given group.
2794 ****************************************************************************/
2795
2796 bool current_user_in_group(connection_struct *conn, gid_t gid)
2797 {
2798 int i;
2799 const struct security_unix_token *utok = get_current_utok(conn);
2800
2801 for (i = 0; i < utok->ngroups; i++) {
2802 if (utok->groups[i] == gid) {
2803 return True;
2804 }
2805 }
2806
2807 return False;
2808 }
2809
2810 /****************************************************************************
2811 Should we override a deny ? Check 'acl group control' and 'dos filemode'.
2812 ****************************************************************************/
2813
2814 static bool acl_group_override(connection_struct *conn,
2815 const struct smb_filename *smb_fname)
2816 {
2817 if ((errno != EPERM) && (errno != EACCES)) {
2818 return false;
2819 }
2820
2821 /* file primary group == user primary or supplementary group */
2822 if (lp_acl_group_control(SNUM(conn)) &&
2823 current_user_in_group(conn, smb_fname->st.st_ex_gid)) {
2824 return true;
2825 }
2826
2827 /* user has writeable permission */
2828 if (lp_dos_filemode(SNUM(conn)) &&
2829 can_write_to_file(conn, smb_fname)) {
2830 return true;
2831 }
2832
2833 return false;
2834 }
2835
2836 /****************************************************************************
2837 Attempt to apply an ACL to a file or directory.
2838 ****************************************************************************/
2839
2840 static bool set_canon_ace_list(files_struct *fsp,
2841 canon_ace *the_ace,
2842 bool default_ace,
2843 const SMB_STRUCT_STAT *psbuf,
2844 bool *pacl_set_support)
2845 {
2846 connection_struct *conn = fsp->conn;
2847 bool ret = False;
2848 SMB_ACL_T the_acl = sys_acl_init();
2849 canon_ace *p_ace;
2850 int i;
2851 SMB_ACL_ENTRY_T mask_entry;
2852 bool got_mask_entry = False;
2853 SMB_ACL_PERMSET_T mask_permset;
2854 SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS);
2855 bool needs_mask = False;
2856 mode_t mask_perms = 0;
2857
2858 /* Use the psbuf that was passed in. */
2859 if (psbuf != &fsp->fsp_name->st) {
2860 fsp->fsp_name->st = *psbuf;
2861 }
2862
2863 #if defined(POSIX_ACL_NEEDS_MASK)
2864 /* HP-UX always wants to have a mask (called "class" there). */
2865 needs_mask = True;
2866 #endif
2867
2868 if (the_acl == NULL) {
2869 DEBUG(0, ("sys_acl_init failed to allocate an ACL\n"));
2870 return false;
2871 }
2872
2873 if( DEBUGLVL( 10 )) {
2874 dbgtext("set_canon_ace_list: setting ACL:\n");
2875 for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2876 print_canon_ace( p_ace, i);
2877 }
2878 }
2879
2880 for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2881 SMB_ACL_ENTRY_T the_entry;
2882 SMB_ACL_PERMSET_T the_permset;
2883
2884 /*
2885 * ACLs only "need" an ACL_MASK entry if there are any named user or
2886 * named group entries. But if there is an ACL_MASK entry, it applies
2887 * to ACL_USER, ACL_GROUP, and ACL_GROUP_OBJ entries. Set the mask
2888 * so that it doesn't deny (i.e., mask off) any permissions.
2889 */
2890
2891 if (p_ace->type == SMB_ACL_USER || p_ace->type == SMB_ACL_GROUP) {
2892 needs_mask = True;
2893 mask_perms |= p_ace->perms;
2894 } else if (p_ace->type == SMB_ACL_GROUP_OBJ) {
2895 mask_perms |= p_ace->perms;
2896 }
2897
2898 /*
2899 * Get the entry for this ACE.
2900 */
2901
2902 if (sys_acl_create_entry(&the_acl, &the_entry) == -1) {
2903 DEBUG(0,("set_canon_ace_list: Failed to create entry %d. (%s)\n",
2904 i, strerror(errno) ));
2905 goto fail;
2906 }
2907
2908 if (p_ace->type == SMB_ACL_MASK) {
2909 mask_entry = the_entry;
2910 got_mask_entry = True;
2911 }
2912
2913 /*
2914 * Ok - we now know the ACL calls should be working, don't
2915 * allow fallback to chmod.
2916 */
2917
2918 *pacl_set_support = True;
2919
2920 /*
2921 * Initialise the entry from the canon_ace.
2922 */
2923
2924 /*
2925 * First tell the entry what type of ACE this is.
2926 */
2927
2928 if (sys_acl_set_tag_type(the_entry, p_ace->type) == -1) {
2929 DEBUG(0,("set_canon_ace_list: Failed to set tag type on entry %d. (%s)\n",
2930 i, strerror(errno) ));
2931 goto fail;
2932 }
2933
2934 /*
2935 * Only set the qualifier (user or group id) if the entry is a user
2936 * or group id ACE.
2937 */
2938
2939 if ((p_ace->type == SMB_ACL_USER) || (p_ace->type == SMB_ACL_GROUP)) {
2940 if (sys_acl_set_qualifier(the_entry,(void *)&p_ace->unix_ug.id) == -1) {
2941 DEBUG(0,("set_canon_ace_list: Failed to set qualifier on entry %d. (%s)\n",
2942 i, strerror(errno) ));
2943 goto fail;
2944 }
2945 }
2946
2947 /*
2948 * Convert the mode_t perms in the canon_ace to a POSIX permset.
2949 */
2950
2951 if (sys_acl_get_permset(the_entry, &the_permset) == -1) {
2952 DEBUG(0,("set_canon_ace_list: Failed to get permset on entry %d. (%s)\n",
2953 i, strerror(errno) ));
2954 goto fail;
2955 }
2956
2957 if (map_acl_perms_to_permset(conn, p_ace->perms, &the_permset) == -1) {
2958 DEBUG(0,("set_canon_ace_list: Failed to create permset for mode (%u) on entry %d. (%s)\n",
2959 (unsigned int)p_ace->perms, i, strerror(errno) ));
2960 goto fail;
2961 }
2962
2963 /*
2964 * ..and apply them to the entry.
2965 */
2966
2967 if (sys_acl_set_permset(the_entry, the_permset) == -1) {
2968 DEBUG(0,("set_canon_ace_list: Failed to add permset on entry %d. (%s)\n",
2969 i, strerror(errno) ));
2970 goto fail;
2971 }
2972
2973 if( DEBUGLVL( 10 ))
2974 print_canon_ace( p_ace, i);
2975
2976 }
2977
2978 if (needs_mask && !got_mask_entry) {
2979 if (sys_acl_create_entry(&the_acl, &mask_entry) == -1) {
2980 DEBUG(0,("set_canon_ace_list: Failed to create mask entry. (%s)\n", strerror(errno) ));
2981 goto fail;
2982 }
2983
2984 if (sys_acl_set_tag_type(mask_entry, SMB_ACL_MASK) == -1) {
2985 DEBUG(0,("set_canon_ace_list: Failed to set tag type on mask entry. (%s)\n",strerror(errno) ));
2986 goto fail;
2987 }
2988
2989 if (sys_acl_get_permset(mask_entry, &mask_permset) == -1) {
2990 DEBUG(0,("set_canon_ace_list: Failed to get mask permset. (%s)\n", strerror(errno) ));
2991 goto fail;
2992 }
2993
2994 if (map_acl_perms_to_permset(conn, S_IRUSR|S_IWUSR|S_IXUSR, &mask_permset) == -1) {
2995 DEBUG(0,("set_canon_ace_list: Failed to create mask permset. (%s)\n", strerror(errno) ));
2996 goto fail;
2997 }
2998
2999 if (sys_acl_set_permset(mask_entry, mask_permset) == -1) {
3000 DEBUG(0,("set_canon_ace_list: Failed to add mask permset. (%s)\n", strerror(errno) ));
3001 goto fail;
3002 }
3003 }
3004
3005 /*
3006 * Finally apply it to the file or directory.
3007 */
3008
3009 if(default_ace || fsp->is_directory || fsp->fh->fd == -1) {
3010 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name->base_name,
3011 the_acl_type, the_acl) == -1) {
3012 /*
3013 * Some systems allow all the above calls and only fail with no ACL support
3014 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
3015 */
3016 if (no_acl_syscall_error(errno)) {
3017 *pacl_set_support = False;
3018 }
3019
3020 if (acl_group_override(conn, fsp->fsp_name)) {
3021 int sret;
3022
3023 DEBUG(5,("set_canon_ace_list: acl group "
3024 "control on and current user in file "
3025 "%s primary group.\n",
3026 fsp_str_dbg(fsp)));
3027
3028 become_root();
3029 sret = SMB_VFS_SYS_ACL_SET_FILE(conn,
3030 fsp->fsp_name->base_name, the_acl_type,
3031 the_acl);
3032 unbecome_root();
3033 if (sret == 0) {
3034 ret = True;
3035 }
3036 }
3037
3038 if (ret == False) {
3039 DEBUG(2,("set_canon_ace_list: "
3040 "sys_acl_set_file type %s failed for "
3041 "file %s (%s).\n",
3042 the_acl_type == SMB_ACL_TYPE_DEFAULT ?
3043 "directory default" : "file",
3044 fsp_str_dbg(fsp), strerror(errno)));
3045 goto fail;
3046 }
3047 }
3048 } else {
3049 if (SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl) == -1) {
3050 /*
3051 * Some systems allow all the above calls and only fail with no ACL support
3052 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
3053 */
3054 if (no_acl_syscall_error(errno)) {
3055 *pacl_set_support = False;
3056 }
3057
3058 if (acl_group_override(conn, fsp->fsp_name)) {
3059 int sret;
3060
3061 DEBUG(5,("set_canon_ace_list: acl group "
3062 "control on and current user in file "
3063 "%s primary group.\n",
3064 fsp_str_dbg(fsp)));
3065
3066 become_root();
3067 sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl);
3068 unbecome_root();
3069 if (sret == 0) {
3070 ret = True;
3071 }
3072 }
3073
3074 if (ret == False) {
3075 DEBUG(2,("set_canon_ace_list: "
3076 "sys_acl_set_file failed for file %s "
3077 "(%s).\n",
3078 fsp_str_dbg(fsp), strerror(errno)));
3079 goto fail;
3080 }
3081 }
3082 }
3083
3084 ret = True;
3085
3086 fail:
3087
3088 if (the_acl != NULL) {
3089 TALLOC_FREE(the_acl);
3090 }
3091
3092 return ret;
3093 }
3094
3095 /****************************************************************************
3096 Find a particular canon_ace entry.
3097 ****************************************************************************/
3098
3099 static struct canon_ace *canon_ace_entry_for(struct canon_ace *list, SMB_ACL_TAG_T type, struct unixid *id)
3100 {
3101 while (list) {
3102 if (list->type == type && ((type != SMB_ACL_USER && type != SMB_ACL_GROUP) ||
3103 (type == SMB_ACL_USER && id && id->id == list->unix_ug.id) ||
3104 (type == SMB_ACL_GROUP && id && id->id == list->unix_ug.id)))
3105 break;
3106 list = list->next;
3107 }
3108 return list;
3109 }
3110
3111 /****************************************************************************
3112
3113 ****************************************************************************/
3114
3115 SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl)
3116 {
3117 SMB_ACL_ENTRY_T entry;
3118
3119 if (!the_acl)
3120 return NULL;
3121 if (sys_acl_get_entry(the_acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) {
3122 TALLOC_FREE(the_acl);
3123 return NULL;
3124 }
3125 return the_acl;
3126 }
3127
3128 /****************************************************************************
3129 Convert a canon_ace to a generic 3 element permission - if possible.
3130 ****************************************************************************/
3131
3132 #define MAP_PERM(p,mask,result) (((p) & (mask)) ? (result) : 0 )
3133
3134 static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms)
3135 {
3136 int snum = SNUM(fsp->conn);
3137 size_t ace_count = count_canon_ace_list(file_ace_list);
3138 canon_ace *ace_p;
3139 canon_ace *owner_ace = NULL;
3140 canon_ace *group_ace = NULL;
3141 canon_ace *other_ace = NULL;
3142 mode_t and_bits;
3143 mode_t or_bits;
3144
3145 if (ace_count != 3) {
3146 DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE "
3147 "entries for file %s to convert to posix perms.\n",
3148 fsp_str_dbg(fsp)));
3149 return False;
3150 }
3151
3152 for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) {
3153 if (ace_p->owner_type == UID_ACE)
3154 owner_ace = ace_p;
3155 else if (ace_p->owner_type == GID_ACE)
3156 group_ace = ace_p;
3157 else if (ace_p->owner_type == WORLD_ACE)
3158 other_ace = ace_p;
3159 }
3160
3161 if (!owner_ace || !group_ace || !other_ace) {
3162 DEBUG(3,("convert_canon_ace_to_posix_perms: Can't get "
3163 "standard entries for file %s.\n", fsp_str_dbg(fsp)));
3164 return False;
3165 }
3166
3167 *posix_perms = (mode_t)0;
3168
3169 *posix_perms |= owner_ace->perms;
3170 *posix_perms |= MAP_PERM(group_ace->perms, S_IRUSR, S_IRGRP);
3171 *posix_perms |= MAP_PERM(group_ace->perms, S_IWUSR, S_IWGRP);
3172 *posix_perms |= MAP_PERM(group_ace->perms, S_IXUSR, S_IXGRP);
3173 *posix_perms |= MAP_PERM(other_ace->perms, S_IRUSR, S_IROTH);
3174 *posix_perms |= MAP_PERM(other_ace->perms, S_IWUSR, S_IWOTH);
3175 *posix_perms |= MAP_PERM(other_ace->perms, S_IXUSR, S_IXOTH);
3176
3177 /* The owner must have at least read access. */
3178
3179 *posix_perms |= S_IRUSR;
3180 if (fsp->is_directory)
3181 *posix_perms |= (S_IWUSR|S_IXUSR);
3182
3183 /* If requested apply the masks. */
3184
3185 /* Get the initial bits to apply. */
3186
3187 if (fsp->is_directory) {
3188 and_bits = lp_dir_security_mask(snum);
3189 or_bits = lp_force_dir_security_mode(snum);
3190 } else {
3191 and_bits = lp_security_mask(snum);
3192 or_bits = lp_force_security_mode(snum);
3193 }
3194
3195 *posix_perms = (((*posix_perms) & and_bits)|or_bits);
3196
3197 DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o "
3198 "to perm=0%o for file %s.\n", (int)owner_ace->perms,
3199 (int)group_ace->perms, (int)other_ace->perms,
3200 (int)*posix_perms, fsp_str_dbg(fsp)));
3201
3202 return True;
3203 }
3204
3205 /****************************************************************************
3206 Incoming NT ACLs on a directory can be split into a default POSIX acl (CI|OI|IO) and
3207 a normal POSIX acl. Win2k needs these split acls re-merging into one ACL
3208 with CI|OI set so it is inherited and also applies to the directory.
3209 Based on code from "Jim McDonough" <jmcd@us.ibm.com>.
3210 ****************************************************************************/
3211
3212 static size_t merge_default_aces( struct security_ace *nt_ace_list, size_t num_aces)
3213 {
3214 size_t i, j;
3215
3216 for (i = 0; i < num_aces; i++) {
3217 for (j = i+1; j < num_aces; j++) {
3218 uint32 i_flags_ni = (nt_ace_list[i].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
3219 uint32 j_flags_ni = (nt_ace_list[j].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
3220 bool i_inh = (nt_ace_list[i].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
3221 bool j_inh = (nt_ace_list[j].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
3222
3223 /* We know the lower number ACE's are file entries. */
3224 if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
3225 (nt_ace_list[i].size == nt_ace_list[j].size) &&
3226 (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
3227 dom_sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
3228 (i_inh == j_inh) &&
3229 (i_flags_ni == 0) &&
3230 (j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT|
3231 SEC_ACE_FLAG_CONTAINER_INHERIT|
3232 SEC_ACE_FLAG_INHERIT_ONLY))) {
3233 /*
3234 * W2K wants to have access allowed zero access ACE's
3235 * at the end of the list. If the mask is zero, merge
3236 * the non-inherited ACE onto the inherited ACE.
3237 */
3238
3239 if (nt_ace_list[i].access_mask == 0) {
3240 nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
3241 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
3242 if (num_aces - i - 1 > 0)
3243 memmove(&nt_ace_list[i], &nt_ace_list[i+1], (num_aces-i-1) *
3244 sizeof(struct security_ace));
3245
3246 DEBUG(10,("merge_default_aces: Merging zero access ACE %u onto ACE %u.\n",
3247 (unsigned int)i, (unsigned int)j ));
3248 } else {
3249 /*
3250 * These are identical except for the flags.
3251 * Merge the inherited ACE onto the non-inherited ACE.
3252 */
3253
3254 nt_ace_list[i].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
3255 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
3256 if (num_aces - j - 1 > 0)
3257 memmove(&nt_ace_list[j], &nt_ace_list[j+1], (num_aces-j-1) *
3258 sizeof(struct security_ace));
3259
3260 DEBUG(10,("merge_default_aces: Merging ACE %u onto ACE %u.\n",
3261 (unsigned int)j, (unsigned int)i ));
3262 }
3263 num_aces--;
3264 break;
3265 }
3266 }
3267 }
3268
3269 return num_aces;
3270 }
3271
3272 /*
3273 * Add or Replace ACE entry.
3274 * In some cases we need to add a specific ACE for compatibility reasons.
3275 * When doing that we must make sure we are not actually creating a duplicate
3276 * entry. So we need to search whether an ACE entry already exist and eventually
3277 * replacce the access mask, or add a completely new entry if none was found.
3278 *
3279 * This function assumes the array has enough space to add a new entry without
3280 * any reallocation of memory.
3281 */
3282
3283 static void add_or_replace_ace(struct security_ace *nt_ace_list, size_t *num_aces,
3284 const struct dom_sid *sid, enum security_ace_type type,
3285 uint32_t mask, uint8_t flags)
3286 {
3287 int i;
3288
3289 /* first search for a duplicate */
3290 for (i = 0; i < *num_aces; i++) {
3291 if (dom_sid_equal(&nt_ace_list[i].trustee, sid) &&
3292 (nt_ace_list[i].flags == flags)) break;
3293 }
3294
3295 if (i < *num_aces) { /* found */
3296 nt_ace_list[i].type = type;
3297 nt_ace_list[i].access_mask = mask;
3298 DEBUG(10, ("Replacing ACE %d with SID %s and flags %02x\n",
3299 i, sid_string_dbg(sid), flags));
3300 return;
3301 }
3302
3303 /* not found, append it */
3304 init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags);
3305 }
3306
3307
3308 /****************************************************************************
3309 Reply to query a security descriptor from an fsp. If it succeeds it allocates
3310 the space for the return elements and returns the size needed to return the
3311 security descriptor. This should be the only external function needed for
3312 the UNIX style get ACL.
3313 ****************************************************************************/
3314
3315 static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
3316 const char *name,
3317 const SMB_STRUCT_STAT *sbuf,
3318 struct pai_val *pal,
3319 SMB_ACL_T posix_acl,
3320 SMB_ACL_T def_acl,
3321 uint32_t security_info,
3322 struct security_descriptor **ppdesc)
3323 {
3324 struct dom_sid owner_sid;
3325 struct dom_sid group_sid;
3326 size_t sd_size = 0;
3327 struct security_acl *psa = NULL;
3328 size_t num_acls = 0;
3329 size_t num_def_acls = 0;
3330 size_t num_aces = 0;
3331 canon_ace *file_ace = NULL;
3332 canon_ace *dir_ace = NULL;
3333 struct security_ace *nt_ace_list = NULL;
3334 size_t num_profile_acls = 0;
3335 struct dom_sid orig_owner_sid;
3336 struct security_descriptor *psd = NULL;
3337 int i;
3338
3339 /*
3340 * Get the owner, group and world SIDs.
3341 */
3342
3343 create_file_sids(sbuf, &owner_sid, &group_sid);
3344
3345 if (lp_profile_acls(SNUM(conn))) {
3346 /* For WXP SP1 the owner must be administrators. */
3347 sid_copy(&orig_owner_sid, &owner_sid);
3348 sid_copy(&owner_sid, &global_sid_Builtin_Administrators);
3349 sid_copy(&group_sid, &global_sid_Builtin_Users);
3350 num_profile_acls = 3;
3351 }
3352
3353 if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) {
3354
3355 /*
3356 * In the optimum case Creator Owner and Creator Group would be used for
3357 * the ACL_USER_OBJ and ACL_GROUP_OBJ entries, respectively, but this
3358 * would lead to usability problems under Windows: The Creator entries
3359 * are only available in browse lists of directories and not for files;
3360 * additionally the identity of the owning group couldn't be determined.
3361 * We therefore use those identities only for Default ACLs.
3362 */
3363
3364 /* Create the canon_ace lists. */
3365 file_ace = canonicalise_acl(conn, name, posix_acl, sbuf,
3366 &owner_sid, &group_sid, pal,
3367 SMB_ACL_TYPE_ACCESS);
3368
3369 /* We must have *some* ACLS. */
3370
3371 if (count_canon_ace_list(file_ace) == 0) {
3372 DEBUG(0,("get_nt_acl : No ACLs on file (%s) !\n", name));
3373 goto done;
3374 }
3375
3376 if (S_ISDIR(sbuf->st_ex_mode) && def_acl) {
3377 dir_ace = canonicalise_acl(conn, name, def_acl,
3378 sbuf,
3379 &global_sid_Creator_Owner,
3380 &global_sid_Creator_Group,
3381 pal, SMB_ACL_TYPE_DEFAULT);
3382 }
3383
3384 /*
3385 * Create the NT ACE list from the canonical ace lists.
3386 */
3387
3388 {
3389 canon_ace *ace;
3390 enum security_ace_type nt_acl_type;
3391
3392 if (nt4_compatible_acls() && dir_ace) {
3393 /*
3394 * NT 4 chokes if an ACL contains an INHERIT_ONLY entry
3395 * but no non-INHERIT_ONLY entry for one SID. So we only
3396 * remove entries from the Access ACL if the
3397 * corresponding Default ACL entries have also been
3398 * removed. ACEs for CREATOR-OWNER and CREATOR-GROUP
3399 * are exceptions. We can do nothing
3400 * intelligent if the Default ACL contains entries that
3401 * are not also contained in the Access ACL, so this
3402 * case will still fail under NT 4.
3403 */
3404
3405 ace = canon_ace_entry_for(dir_ace, SMB_ACL_OTHER, NULL);
3406 if (ace && !ace->perms) {
3407 DLIST_REMOVE(dir_ace, ace);
3408 TALLOC_FREE(ace);
3409
3410 ace = canon_ace_entry_for(file_ace, SMB_ACL_OTHER, NULL);
3411 if (ace && !ace->perms) {
3412 DLIST_REMOVE(file_ace, ace);
3413 TALLOC_FREE(ace);
3414 }
3415 }
3416
3417 /*
3418 * WinNT doesn't usually have Creator Group
3419 * in browse lists, so we send this entry to
3420 * WinNT even if it contains no relevant
3421 * permissions. Once we can add
3422 * Creator Group to browse lists we can
3423 * re-enable this.
3424 */
3425
3426 #if 0
3427 ace = canon_ace_entry_for(dir_ace, SMB_ACL_GROUP_OBJ, NULL);
3428 if (ace && !ace->perms) {
3429 DLIST_REMOVE(dir_ace, ace);
3430 TALLOC_FREE(ace);
3431 }
3432 #endif
3433
3434 ace = canon_ace_entry_for(file_ace, SMB_ACL_GROUP_OBJ, NULL);
3435 if (ace && !ace->perms) {
3436 DLIST_REMOVE(file_ace, ace);
3437 TALLOC_FREE(ace);
3438 }
3439 }
3440
3441 num_acls = count_canon_ace_list(file_ace);
3442 num_def_acls = count_canon_ace_list(dir_ace);
3443
3444 /* Allocate the ace list. */
3445 if ((nt_ace_list = talloc_array(talloc_tos(), struct security_ace,num_acls + num_profile_acls + num_def_acls)) == NULL) {
3446 DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
3447 goto done;
3448 }
3449
3450 memset(nt_ace_list, '\0', (num_acls + num_def_acls) * sizeof(struct security_ace) );
3451
3452 /*
3453 * Create the NT ACE list from the canonical ace lists.
3454 */
3455
3456 for (ace = file_ace; ace != NULL; ace = ace->next) {
3457 uint32_t acc = map_canon_ace_perms(SNUM(conn),
3458 &nt_acl_type,
3459 ace->perms,
3460 S_ISDIR(sbuf->st_ex_mode));
3461 init_sec_ace(&nt_ace_list[num_aces++],
3462 &ace->trustee,
3463 nt_acl_type,
3464 acc,
3465 ace->ace_flags);
3466 }
3467
3468 /* The User must have access to a profile share - even
3469 * if we can't map the SID. */
3470 if (lp_profile_acls(SNUM(conn))) {
3471 add_or_replace_ace(nt_ace_list, &num_aces,
3472 &global_sid_Builtin_Users,
3473 SEC_ACE_TYPE_ACCESS_ALLOWED,
3474 FILE_GENERIC_ALL, 0);
3475 }
3476
3477 for (ace = dir_ace; ace != NULL; ace = ace->next) {
3478 uint32_t acc = map_canon_ace_perms(SNUM(conn),
3479 &nt_acl_type,
3480 ace->perms,
3481 S_ISDIR(sbuf->st_ex_mode));
3482 init_sec_ace(&nt_ace_list[num_aces++],
3483 &ace->trustee,
3484 nt_acl_type,
3485 acc,
3486 ace->ace_flags |
3487 SEC_ACE_FLAG_OBJECT_INHERIT|
3488 SEC_ACE_FLAG_CONTAINER_INHERIT|
3489 SEC_ACE_FLAG_INHERIT_ONLY);
3490 }
3491
3492 /* The User must have access to a profile share - even
3493 * if we can't map the SID. */
3494 if (lp_profile_acls(SNUM(conn))) {
3495 add_or_replace_ace(nt_ace_list, &num_aces,
3496 &global_sid_Builtin_Users,
3497 SEC_ACE_TYPE_ACCESS_ALLOWED,
3498 FILE_GENERIC_ALL,
3499 SEC_ACE_FLAG_OBJECT_INHERIT |
3500 SEC_ACE_FLAG_CONTAINER_INHERIT |
3501 SEC_ACE_FLAG_INHERIT_ONLY);
3502 }
3503
3504 /*
3505 * Merge POSIX default ACLs and normal ACLs into one NT ACE.
3506 * Win2K needs this to get the inheritance correct when replacing ACLs
3507 * on a directory tree. Based on work by Jim @ IBM.
3508 */
3509
3510 num_aces = merge_default_aces(nt_ace_list, num_aces);
3511
3512 if (lp_profile_acls(SNUM(conn))) {
3513 for (i = 0; i < num_aces; i++) {
3514 if (dom_sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
3515 add_or_replace_ace(nt_ace_list, &num_aces,
3516 &orig_owner_sid,
3517 nt_ace_list[i].type,
3518 nt_ace_list[i].access_mask,
3519 nt_ace_list[i].flags);
3520 break;
3521 }
3522 }
3523 }
3524 }
3525
3526 if (num_aces) {
3527 if((psa = make_sec_acl( talloc_tos(), NT4_ACL_REVISION, num_aces, nt_ace_list)) == NULL) {
3528 DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
3529 goto done;
3530 }
3531 }
3532 } /* security_info & SECINFO_DACL */
3533
3534 psd = make_standard_sec_desc( talloc_tos(),
3535 (security_info & SECINFO_OWNER) ? &owner_sid : NULL,
3536 (security_info & SECINFO_GROUP) ? &group_sid : NULL,
3537 psa,
3538 &sd_size);
3539
3540 if(!psd) {
3541 DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
3542 sd_size = 0;
3543 goto done;
3544 }
3545
3546 /*
3547 * Windows 2000: The DACL_PROTECTED flag in the security
3548 * descriptor marks the ACL as non-inheriting, i.e., no
3549 * ACEs from higher level directories propagate to this
3550 * ACL. In the POSIX ACL model permissions are only
3551 * inherited at file create time, so ACLs never contain
3552 * any ACEs that are inherited dynamically. The DACL_PROTECTED
3553 * flag doesn't seem to bother Windows NT.
3554 * Always set this if map acl inherit is turned off.
3555 */
3556 if (pal == NULL || !lp_map_acl_inherit(SNUM(conn))) {
3557 psd->type |= SEC_DESC_DACL_PROTECTED;
3558 } else {
3559 psd->type |= pal->sd_type;
3560 }
3561
3562 if (psd->dacl) {
3563 dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces);
3564 }
3565
3566 *ppdesc = psd;
3567
3568 done:
3569
3570 if (posix_acl) {
3571 TALLOC_FREE(posix_acl);
3572 }
3573 if (def_acl) {
3574 TALLOC_FREE(def_acl);
3575 }
3576 free_canon_ace_list(file_ace);
3577 free_canon_ace_list(dir_ace);
3578 free_inherited_info(pal);
3579 TALLOC_FREE(nt_ace_list);
3580
3581 return NT_STATUS_OK;
3582 }
3583
3584 NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
3585 struct security_descriptor **ppdesc)
3586 {
3587 SMB_STRUCT_STAT sbuf;
3588 SMB_ACL_T posix_acl = NULL;
3589 struct pai_val *pal;
3590
3591 *ppdesc = NULL;
3592
3593 DEBUG(10,("posix_fget_nt_acl: called for file %s\n",
3594 fsp_str_dbg(fsp)));
3595
3596 /* can it happen that fsp_name == NULL ? */
3597 if (fsp->is_directory || fsp->fh->fd == -1) {
3598 return posix_get_nt_acl(fsp->conn, fsp->fsp_name->base_name,
3599 security_info, ppdesc);
3600 }
3601
3602 /* Get the stat struct for the owner info. */
3603 if(SMB_VFS_FSTAT(fsp, &sbuf) != 0) {
3604 return map_nt_error_from_unix(errno);
3605 }
3606
3607 /* Get the ACL from the fd. */
3608 posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
3609
3610 pal = fload_inherited_info(fsp);
3611
3612 return posix_get_nt_acl_common(fsp->conn, fsp->fsp_name->base_name,
3613 &sbuf, pal, posix_acl, NULL,
3614 security_info, ppdesc);
3615 }
3616
3617 NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
3618 uint32_t security_info, struct security_descriptor **ppdesc)
3619 {
3620 SMB_ACL_T posix_acl = NULL;
3621 SMB_ACL_T def_acl = NULL;
3622 struct pai_val *pal;
3623 struct smb_filename smb_fname;
3624 int ret;
3625
3626 *ppdesc = NULL;
3627
3628 DEBUG(10,("posix_get_nt_acl: called for file %s\n", name ));
3629
3630 ZERO_STRUCT(smb_fname);
3631 smb_fname.base_name = discard_const_p(char, name);
3632
3633 /* Get the stat struct for the owner info. */
3634 if (lp_posix_pathnames()) {
3635 ret = SMB_VFS_LSTAT(conn, &smb_fname);
3636 } else {
3637 ret = SMB_VFS_STAT(conn, &smb_fname);
3638 }
3639
3640 if (ret == -1) {
3641 return map_nt_error_from_unix(errno);
3642 }
3643
3644 /* Get the ACL from the path. */
3645 posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name, SMB_ACL_TYPE_ACCESS);
3646
3647 /* If it's a directory get the default POSIX ACL. */
3648 if(S_ISDIR(smb_fname.st.st_ex_mode)) {
3649 def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name, SMB_ACL_TYPE_DEFAULT);
3650 def_acl = free_empty_sys_acl(conn, def_acl);
3651 }
3652
3653 pal = load_inherited_info(conn, name);
3654
3655 return posix_get_nt_acl_common(conn, name, &smb_fname.st, pal,
3656 posix_acl, def_acl, security_info,
3657 ppdesc);
3658 }
3659
3660 /****************************************************************************
3661 Try to chown a file. We will be able to chown it under the following conditions.
3662
3663 1) If we have root privileges, then it will just work.
3664 2) If we have SeRestorePrivilege we can change the user + group to any other user.
3665 3) If we have SeTakeOwnershipPrivilege we can change the user to the current user.
3666 4) If we have write permission to the file and dos_filemodes is set
3667 then allow chown to the currently authenticated user.
3668 ****************************************************************************/
3669
3670 NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid)
3671 {
3672 NTSTATUS status;
3673
3674 if(!CAN_WRITE(fsp->conn)) {
3675 return NT_STATUS_MEDIA_WRITE_PROTECTED;
3676 }
3677
3678 /* Case (1). */
3679 status = vfs_chown_fsp(fsp, uid, gid);
3680 if (NT_STATUS_IS_OK(status)) {
3681 return status;
3682 }
3683
3684 /* Case (2) / (3) */
3685 if (lp_enable_privileges()) {
3686 bool has_take_ownership_priv = security_token_has_privilege(
3687 get_current_nttok(fsp->conn),
3688 SEC_PRIV_TAKE_OWNERSHIP);
3689 bool has_restore_priv = security_token_has_privilege(
3690 get_current_nttok(fsp->conn),
3691 SEC_PRIV_RESTORE);
3692
3693 if (has_restore_priv) {
3694 ; /* Case (2) */
3695 } else if (has_take_ownership_priv) {
3696 /* Case (3) */
3697 if (uid == get_current_uid(fsp->conn)) {
3698 gid = (gid_t)-1;
3699 } else {
3700 has_take_ownership_priv = false;
3701 }
3702 }
3703
3704 if (has_take_ownership_priv || has_restore_priv) {
3705 become_root();
3706 status = vfs_chown_fsp(fsp, uid, gid);
3707 unbecome_root();
3708 return status;
3709 }
3710 }
3711
3712 /* Case (4). */
3713 if (!lp_dos_filemode(SNUM(fsp->conn))) {
3714 return NT_STATUS_ACCESS_DENIED;
3715 }
3716
3717 /* only allow chown to the current user. This is more secure,
3718 and also copes with the case where the SID in a take ownership ACL is
3719 a local SID on the users workstation
3720 */
3721 if (uid != get_current_uid(fsp->conn)) {
3722 return NT_STATUS_ACCESS_DENIED;
3723 }
3724
3725 become_root();
3726 /* Keep the current file gid the same. */
3727 status = vfs_chown_fsp(fsp, uid, (gid_t)-1);
3728 unbecome_root();
3729
3730 return status;
3731 }
3732
3733 #if 0
3734 /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */
3735
3736 /****************************************************************************
3737 Take care of parent ACL inheritance.
3738 ****************************************************************************/
3739
3740 NTSTATUS append_parent_acl(files_struct *fsp,
3741 const struct security_descriptor *pcsd,
3742 struct security_descriptor **pp_new_sd)
3743 {
3744 struct smb_filename *smb_dname = NULL;
3745 struct security_descriptor *parent_sd = NULL;
3746 files_struct *parent_fsp = NULL;
3747 TALLOC_CTX *mem_ctx = talloc_tos();
3748 char *parent_name = NULL;
3749 struct security_ace *new_ace = NULL;
3750 unsigned int num_aces = pcsd->dacl->num_aces;
3751 NTSTATUS status;
3752 int info;
3753 unsigned int i, j;
3754 struct security_descriptor *psd = dup_sec_desc(talloc_tos(), pcsd);
3755 bool is_dacl_protected = (pcsd->type & SEC_DESC_DACL_PROTECTED);
3756
3757 if (psd == NULL) {
3758 return NT_STATUS_NO_MEMORY;
3759 }
3760
3761 if (!parent_dirname(mem_ctx, fsp->fsp_name->base_name, &parent_name,
3762 NULL)) {
3763 return NT_STATUS_NO_MEMORY;
3764 }
3765
3766 status = create_synthetic_smb_fname(mem_ctx, parent_name, NULL, NULL,
3767 &smb_dname);
3768 if (!NT_STATUS_IS_OK(status)) {
3769 goto fail;
3770 }
3771
3772 status = SMB_VFS_CREATE_FILE(
3773 fsp->conn, /* conn */
3774 NULL, /* req */
3775 0, /* root_dir_fid */
3776 smb_dname, /* fname */
3777 FILE_READ_ATTRIBUTES, /* access_mask */
3778 FILE_SHARE_NONE, /* share_access */
3779 FILE_OPEN, /* create_disposition*/
3780 FILE_DIRECTORY_FILE, /* create_options */
3781 0, /* file_attributes */
3782 INTERNAL_OPEN_ONLY, /* oplock_request */
3783 0, /* allocation_size */
3784 NULL, /* sd */
3785 NULL, /* ea_list */
3786 &parent_fsp, /* result */
3787 &info); /* pinfo */
3788
3789 if (!NT_STATUS_IS_OK(status)) {
3790 TALLOC_FREE(smb_dname);
3791 return status;
3792 }
3793
3794 status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, smb_dname->base_name,
3795 SECINFO_DACL, &parent_sd );
3796
3797 close_file(NULL, parent_fsp, NORMAL_CLOSE);
3798 TALLOC_FREE(smb_dname);
3799
3800 if (!NT_STATUS_IS_OK(status)) {
3801 return status;
3802 }
3803
3804 /*
3805 * Make room for potentially all the ACLs from
3806 * the parent. We used to add the ugw triple here,
3807 * as we knew we were dealing with POSIX ACLs.
3808 * We no longer need to do so as we can guarentee
3809 * that a default ACL from the parent directory will
3810 * be well formed for POSIX ACLs if it came from a
3811 * POSIX ACL source, and if we're not writing to a
3812 * POSIX ACL sink then we don't care if it's not well
3813 * formed. JRA.
3814 */
3815
3816 num_aces += parent_sd->dacl->num_aces;
3817
3818 if((new_ace = talloc_zero_array(mem_ctx, struct security_ace,
3819 num_aces)) == NULL) {
3820 return NT_STATUS_NO_MEMORY;
3821 }
3822
3823 /* Start by copying in all the given ACE entries. */
3824 for (i = 0; i < psd->dacl->num_aces; i++) {
3825 sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]);
3826 }
3827
3828 /*
3829 * Note that we're ignoring "inherit permissions" here
3830 * as that really only applies to newly created files. JRA.
3831 */
3832
3833 /* Finally append any inherited ACEs. */
3834 for (j = 0; j < parent_sd->dacl->num_aces; j++) {
3835 struct security_ace *se = &parent_sd->dacl->aces[j];
3836
3837 if (fsp->is_directory) {
3838 if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
3839 /* Doesn't apply to a directory - ignore. */
3840 DEBUG(10,("append_parent_acl: directory %s "
3841 "ignoring non container "
3842 "inherit flags %u on ACE with sid %s "
3843 "from parent %s\n",
3844 fsp_str_dbg(fsp),
3845 (unsigned int)se->flags,
3846 sid_string_dbg(&se->trustee),
3847 parent_name));
3848 continue;
3849 }
3850 } else {
3851 if (!(se->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
3852 /* Doesn't apply to a file - ignore. */
3853 DEBUG(10,("append_parent_acl: file %s "
3854 "ignoring non object "
3855 "inherit flags %u on ACE with sid %s "
3856 "from parent %s\n",
3857 fsp_str_dbg(fsp),
3858 (unsigned int)se->flags,
3859 sid_string_dbg(&se->trustee),
3860 parent_name));
3861 continue;
3862 }
3863 }
3864
3865 if (is_dacl_protected) {
3866 /* If the DACL is protected it means we must
3867 * not overwrite an existing ACE entry with the
3868 * same SID. This is order N^2. Ouch :-(. JRA. */
3869 unsigned int k;
3870 for (k = 0; k < psd->dacl->num_aces; k++) {
3871 if (dom_sid_equal(&psd->dacl->aces[k].trustee,
3872 &se->trustee)) {
3873 break;
3874 }
3875 }
3876 if (k < psd->dacl->num_aces) {
3877 /* SID matched. Ignore. */
3878 DEBUG(10,("append_parent_acl: path %s "
3879 "ignoring ACE with protected sid %s "
3880 "from parent %s\n",
3881 fsp_str_dbg(fsp),
3882 sid_string_dbg(&se->trustee),
3883 parent_name));
3884 continue;
3885 }
3886 }
3887
3888 sec_ace_copy(&new_ace[i], se);
3889 if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
3890 new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT);
3891 }
3892 new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE;
3893
3894 if (fsp->is_directory) {
3895 /*
3896 * Strip off any inherit only. It's applied.
3897 */
3898 new_ace[i].flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY);
3899 if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
3900 /* No further inheritance. */
3901 new_ace[i].flags &=
3902 ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
3903 SEC_ACE_FLAG_OBJECT_INHERIT);
3904 }
3905 } else {
3906 /*
3907 * Strip off any container or inherit
3908 * flags, they can't apply to objects.
3909 */
3910 new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
3911 SEC_ACE_FLAG_INHERIT_ONLY|
3912 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
3913 }
3914 i++;
3915
3916 DEBUG(10,("append_parent_acl: path %s "
3917 "inheriting ACE with sid %s "
3918 "from parent %s\n",
3919 fsp_str_dbg(fsp),
3920 sid_string_dbg(&se->trustee),
3921 parent_name));
3922 }
3923
3924 psd->dacl->aces = new_ace;
3925 psd->dacl->num_aces = i;
3926 psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|
3927 SEC_DESC_DACL_AUTO_INHERIT_REQ);
3928
3929 *pp_new_sd = psd;
3930 return status;
3931 }
3932 #endif
3933
3934 /****************************************************************************
3935 Reply to set a security descriptor on an fsp. security_info_sent is the
3936 description of the following NT ACL.
3937 This should be the only external function needed for the UNIX style set ACL.
3938 We make a copy of psd_orig as internal functions modify the elements inside
3939 it, even though it's a const pointer.
3940 ****************************************************************************/
3941
3942 NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd_orig)
3943 {
3944 connection_struct *conn = fsp->conn;
3945 uid_t user = (uid_t)-1;
3946 gid_t grp = (gid_t)-1;
3947 struct dom_sid file_owner_sid;
3948 struct dom_sid file_grp_sid;
3949 canon_ace *file_ace_list = NULL;
3950 canon_ace *dir_ace_list = NULL;
3951 bool acl_perms = False;
3952 mode_t orig_mode = (mode_t)0;
3953 NTSTATUS status;
3954 bool set_acl_as_root = false;
3955 bool acl_set_support = false;
3956 bool ret = false;
3957 struct security_descriptor *psd = NULL;
3958
3959 DEBUG(10,("set_nt_acl: called for file %s\n",
3960 fsp_str_dbg(fsp)));
3961
3962 if (!CAN_WRITE(conn)) {
3963 DEBUG(10,("set acl rejected on read-only share\n"));
3964 return NT_STATUS_MEDIA_WRITE_PROTECTED;
3965 }
3966
3967 if (!psd_orig) {
3968 return NT_STATUS_INVALID_PARAMETER;
3969 }
3970
3971 psd = dup_sec_desc(talloc_tos(), psd_orig);
3972 if (!psd) {
3973 return NT_STATUS_NO_MEMORY;
3974 }
3975
3976 /*
3977 * Get the current state of the file.
3978 */
3979
3980 status = vfs_stat_fsp(fsp);
3981 if (!NT_STATUS_IS_OK(status)) {
3982 return status;
3983 }
3984
3985 /* Save the original element we check against. */
3986 orig_mode = fsp->fsp_name->st.st_ex_mode;
3987
3988 /*
3989 * Unpack the user/group/world id's.
3990 */
3991
3992 /* POSIX can't cope with missing owner/group. */
3993 if ((security_info_sent & SECINFO_OWNER) && (psd->owner_sid == NULL)) {
3994 security_info_sent &= ~SECINFO_OWNER;
3995 }
3996 if ((security_info_sent & SECINFO_GROUP) && (psd->group_sid == NULL)) {
3997 security_info_sent &= ~SECINFO_GROUP;
3998 }
3999
4000 status = unpack_nt_owners( conn, &user, &grp, security_info_sent, psd);
4001 if (!NT_STATUS_IS_OK(status)) {
4002 return status;
4003 }
4004
4005 /*
4006 * Do we need to chown ? If so this must be done first as the incoming
4007 * CREATOR_OWNER acl will be relative to the *new* owner, not the old.
4008 * Noticed by Simo.
4009 */
4010
4011 if (((user != (uid_t)-1) && (fsp->fsp_name->st.st_ex_uid != user)) ||
4012 (( grp != (gid_t)-1) && (fsp->fsp_name->st.st_ex_gid != grp))) {
4013
4014 DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
4015 fsp_str_dbg(fsp), (unsigned int)user,
4016 (unsigned int)grp));
4017
4018 status = try_chown(fsp, user, grp);
4019 if(!NT_STATUS_IS_OK(status)) {
4020 DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error "
4021 "= %s.\n", fsp_str_dbg(fsp),
4022 (unsigned int)user,
4023 (unsigned int)grp,
4024 nt_errstr(status)));
4025 return status;
4026 }
4027
4028 /*
4029 * Recheck the current state of the file, which may have changed.
4030 * (suid/sgid bits, for instance)
4031 */
4032
4033 status = vfs_stat_fsp(fsp);
4034 if (!NT_STATUS_IS_OK(status)) {
4035 return status;
4036 }
4037
4038 /* Save the original element we check against. */
4039 orig_mode = fsp->fsp_name->st.st_ex_mode;
4040
4041 /* If we successfully chowned, we know we must
4042 * be able to set the acl, so do it as root.
4043 */
4044 set_acl_as_root = true;
4045 }
4046
4047 create_file_sids(&fsp->fsp_name->st, &file_owner_sid, &file_grp_sid);
4048
4049 if((security_info_sent & SECINFO_DACL) &&
4050 (psd->type & SEC_DESC_DACL_PRESENT) &&
4051 (psd->dacl == NULL)) {
4052 struct security_ace ace[3];
4053
4054 /* We can't have NULL DACL in POSIX.
4055 Use owner/group/Everyone -> full access. */
4056
4057 init_sec_ace(&ace[0],
4058 &file_owner_sid,
4059 SEC_ACE_TYPE_ACCESS_ALLOWED,
4060 GENERIC_ALL_ACCESS,
4061 0);
4062 init_sec_ace(&ace[1],
4063 &file_grp_sid,
4064 SEC_ACE_TYPE_ACCESS_ALLOWED,
4065 GENERIC_ALL_ACCESS,
4066 0);
4067 init_sec_ace(&ace[2],
4068 &global_sid_World,
4069 SEC_ACE_TYPE_ACCESS_ALLOWED,
4070 GENERIC_ALL_ACCESS,
4071 0);
4072 psd->dacl = make_sec_acl(talloc_tos(),
4073 NT4_ACL_REVISION,
4074 3,
4075 ace);
4076 if (psd->dacl == NULL) {
4077 return NT_STATUS_NO_MEMORY;
4078 }
4079 security_acl_map_generic(psd->dacl, &file_generic_mapping);
4080 }
4081
4082 acl_perms = unpack_canon_ace(fsp, &fsp->fsp_name->st, &file_owner_sid,
4083 &file_grp_sid, &file_ace_list,
4084 &dir_ace_list, security_info_sent, psd);
4085
4086 /* Ignore W2K traverse DACL set. */
4087 if (!file_ace_list && !dir_ace_list) {
4088 return NT_STATUS_OK;
4089 }
4090
4091 if (!acl_perms) {
4092 DEBUG(3,("set_nt_acl: cannot set permissions\n"));
4093 free_canon_ace_list(file_ace_list);
4094 free_canon_ace_list(dir_ace_list);
4095 return NT_STATUS_ACCESS_DENIED;
4096 }
4097
4098 /*
4099 * Only change security if we got a DACL.
4100 */
4101
4102 if(!(security_info_sent & SECINFO_DACL) || (psd->dacl == NULL)) {
4103 free_canon_ace_list(file_ace_list);
4104 free_canon_ace_list(dir_ace_list);
4105 return NT_STATUS_OK;
4106 }
4107
4108 /*
4109 * Try using the POSIX ACL set first. Fall back to chmod if
4110 * we have no ACL support on this filesystem.
4111 */
4112
4113 if (acl_perms && file_ace_list) {
4114 if (set_acl_as_root) {
4115 become_root();
4116 }
4117 ret = set_canon_ace_list(fsp, file_ace_list, false,
4118 &fsp->fsp_name->st, &acl_set_support);
4119 if (set_acl_as_root) {
4120 unbecome_root();
4121 }
4122 if (acl_set_support && ret == false) {
4123 DEBUG(3,("set_nt_acl: failed to set file acl on file "
4124 "%s (%s).\n", fsp_str_dbg(fsp),
4125 strerror(errno)));
4126 free_canon_ace_list(file_ace_list);
4127 free_canon_ace_list(dir_ace_list);
4128 return map_nt_error_from_unix(errno);
4129 }
4130 }
4131
4132 if (acl_perms && acl_set_support && fsp->is_directory) {
4133 if (dir_ace_list) {
4134 if (set_acl_as_root) {
4135 become_root();
4136 }
4137 ret = set_canon_ace_list(fsp, dir_ace_list, true,
4138 &fsp->fsp_name->st,
4139 &acl_set_support);
4140 if (set_acl_as_root) {
4141 unbecome_root();
4142 }
4143 if (ret == false) {
4144 DEBUG(3,("set_nt_acl: failed to set default "
4145 "acl on directory %s (%s).\n",
4146 fsp_str_dbg(fsp), strerror(errno)));
4147 free_canon_ace_list(file_ace_list);
4148 free_canon_ace_list(dir_ace_list);
4149 return map_nt_error_from_unix(errno);
4150 }
4151 } else {
4152 int sret = -1;
4153
4154 /*
4155 * No default ACL - delete one if it exists.
4156 */
4157
4158 if (set_acl_as_root) {
4159 become_root();
4160 }
4161 sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn,
4162 fsp->fsp_name->base_name);
4163 if (set_acl_as_root) {
4164 unbecome_root();
4165 }
4166 if (sret == -1) {
4167 if (acl_group_override(conn, fsp->fsp_name)) {
4168 DEBUG(5,("set_nt_acl: acl group "
4169 "control on and current user "
4170 "in file %s primary group. "
4171 "Override delete_def_acl\n",
4172 fsp_str_dbg(fsp)));
4173
4174 become_root();
4175 sret =
4176 SMB_VFS_SYS_ACL_DELETE_DEF_FILE(
4177 conn,
4178 fsp->fsp_name->base_name);
4179 unbecome_root();
4180 }
4181
4182 if (sret == -1) {
4183 DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno)));
4184 free_canon_ace_list(file_ace_list);
4185 free_canon_ace_list(dir_ace_list);
4186 return map_nt_error_from_unix(errno);
4187 }
4188 }
4189 }
4190 }
4191
4192 if (acl_set_support) {
4193 if (set_acl_as_root) {
4194 become_root();
4195 }
4196 store_inheritance_attributes(fsp,
4197 file_ace_list,
4198 dir_ace_list,
4199 psd->type);
4200 if (set_acl_as_root) {
4201 unbecome_root();
4202 }
4203 }
4204
4205 /*
4206 * If we cannot set using POSIX ACLs we fall back to checking if we need to chmod.
4207 */
4208
4209 if(!acl_set_support && acl_perms) {
4210 mode_t posix_perms;
4211
4212 if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) {
4213 free_canon_ace_list(file_ace_list);
4214 free_canon_ace_list(dir_ace_list);
4215 DEBUG(3,("set_nt_acl: failed to convert file acl to "
4216 "posix permissions for file %s.\n",
4217 fsp_str_dbg(fsp)));
4218 return NT_STATUS_ACCESS_DENIED;
4219 }
4220
4221 if (orig_mode != posix_perms) {
4222 int sret = -1;
4223
4224 DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n",
4225 fsp_str_dbg(fsp), (unsigned int)posix_perms));
4226
4227 if (set_acl_as_root) {
4228 become_root();
4229 }
4230 sret = SMB_VFS_CHMOD(conn, fsp->fsp_name->base_name,
4231 posix_perms);
4232 if (set_acl_as_root) {
4233 unbecome_root();
4234 }
4235 if(sret == -1) {
4236 if (acl_group_override(conn, fsp->fsp_name)) {
4237 DEBUG(5,("set_nt_acl: acl group "
4238 "control on and current user "
4239 "in file %s primary group. "
4240 "Override chmod\n",
4241 fsp_str_dbg(fsp)));
4242
4243 become_root();
4244 sret = SMB_VFS_CHMOD(conn,
4245 fsp->fsp_name->base_name,
4246 posix_perms);
4247 unbecome_root();
4248 }
4249
4250 if (sret == -1) {
4251 DEBUG(3,("set_nt_acl: chmod %s, 0%o "
4252 "failed. Error = %s.\n",
4253 fsp_str_dbg(fsp),
4254 (unsigned int)posix_perms,
4255 strerror(errno)));
4256 free_canon_ace_list(file_ace_list);
4257 free_canon_ace_list(dir_ace_list);
4258 return map_nt_error_from_unix(errno);
4259 }
4260 }
4261 }
4262 }
4263
4264 free_canon_ace_list(file_ace_list);
4265 free_canon_ace_list(dir_ace_list);
4266
4267 /* Ensure the stat struct in the fsp is correct. */
4268 status = vfs_stat_fsp(fsp);
4269
4270 return NT_STATUS_OK;
4271 }
4272
4273 /****************************************************************************
4274 Get the actual group bits stored on a file with an ACL. Has no effect if
4275 the file has no ACL. Needed in dosmode code where the stat() will return
4276 the mask bits, not the real group bits, for a file with an ACL.
4277 ****************************************************************************/
4278
4279 int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode )
4280 {
4281 int entry_id = SMB_ACL_FIRST_ENTRY;
4282 SMB_ACL_ENTRY_T entry;
4283 SMB_ACL_T posix_acl;
4284 int result = -1;
4285
4286 posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS);
4287 if (posix_acl == (SMB_ACL_T)NULL)
4288 return -1;
4289
4290 while (sys_acl_get_entry(posix_acl, entry_id, &entry) == 1) {
4291 SMB_ACL_TAG_T tagtype;
4292 SMB_ACL_PERMSET_T permset;
4293
4294 entry_id = SMB_ACL_NEXT_ENTRY;
4295
4296 if (sys_acl_get_tag_type(entry, &tagtype) ==-1)
4297 break;
4298
4299 if (tagtype == SMB_ACL_GROUP_OBJ) {
4300 if (sys_acl_get_permset(entry, &permset) == -1) {
4301 break;
4302 } else {
4303 *mode &= ~(S_IRGRP|S_IWGRP|S_IXGRP);
4304 *mode |= (sys_acl_get_perm(permset, SMB_ACL_READ) ? S_IRGRP : 0);
4305 *mode |= (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? S_IWGRP : 0);
4306 *mode |= (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? S_IXGRP : 0);
4307 result = 0;
4308 break;
4309 }
4310 }
4311 }
4312 TALLOC_FREE(posix_acl);
4313 return result;
4314 }
4315
4316 /****************************************************************************
4317 Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4318 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4319 ****************************************************************************/
4320
4321 static int chmod_acl_internals( connection_struct *conn, SMB_ACL_T posix_acl, mode_t mode)
4322 {
4323 int entry_id = SMB_ACL_FIRST_ENTRY;
4324 SMB_ACL_ENTRY_T entry;
4325 int num_entries = 0;
4326
4327 while ( sys_acl_get_entry(posix_acl, entry_id, &entry) == 1) {
4328 SMB_ACL_TAG_T tagtype;
4329 SMB_ACL_PERMSET_T permset;
4330 mode_t perms;
4331
4332 entry_id = SMB_ACL_NEXT_ENTRY;
4333
4334 if (sys_acl_get_tag_type(entry, &tagtype) == -1)
4335 return -1;
4336
4337 if (sys_acl_get_permset(entry, &permset) == -1)
4338 return -1;
4339
4340 num_entries++;
4341
4342 switch(tagtype) {
4343 case SMB_ACL_USER_OBJ:
4344 perms = unix_perms_to_acl_perms(mode, S_IRUSR, S_IWUSR, S_IXUSR);
4345 break;
4346 case SMB_ACL_GROUP_OBJ:
4347 perms = unix_perms_to_acl_perms(mode, S_IRGRP, S_IWGRP, S_IXGRP);
4348 break;
4349 case SMB_ACL_MASK:
4350 /*
4351 * FIXME: The ACL_MASK entry permissions should really be set to
4352 * the union of the permissions of all ACL_USER,
4353 * ACL_GROUP_OBJ, and ACL_GROUP entries. That's what
4354 * acl_calc_mask() does, but Samba ACLs doesn't provide it.
4355 */
4356 perms = S_IRUSR|S_IWUSR|S_IXUSR;
4357 break;
4358 case SMB_ACL_OTHER:
4359 perms = unix_perms_to_acl_perms(mode, S_IROTH, S_IWOTH, S_IXOTH);
4360 break;
4361 default:
4362 continue;
4363 }
4364
4365 if (map_acl_perms_to_permset(conn, perms, &permset) == -1)
4366 return -1;
4367
4368 if (sys_acl_set_permset(entry, permset) == -1)
4369 return -1;
4370 }
4371
4372 /*
4373 * If this is a simple 3 element ACL or no elements then it's a standard
4374 * UNIX permission set. Just use chmod...
4375 */
4376
4377 if ((num_entries == 3) || (num_entries == 0))
4378 return -1;
4379
4380 return 0;
4381 }
4382
4383 /****************************************************************************
4384 Get the access ACL of FROM, do a chmod by setting the ACL USER_OBJ,
4385 GROUP_OBJ and OTHER bits in an ACL and set the mask to rwx. Set the
4386 resulting ACL on TO. Note that name is in UNIX character set.
4387 ****************************************************************************/
4388
4389 static int copy_access_posix_acl(connection_struct *conn, const char *from, const char *to, mode_t mode)
4390 {
4391 SMB_ACL_T posix_acl = NULL;
4392 int ret = -1;
4393
4394 if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, from, SMB_ACL_TYPE_ACCESS)) == NULL)
4395 return -1;
4396
4397 if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
4398 goto done;
4399
4400 ret = SMB_VFS_SYS_ACL_SET_FILE(conn, to, SMB_ACL_TYPE_ACCESS, posix_acl);
4401
4402 done:
4403
4404 TALLOC_FREE(posix_acl);
4405 return ret;
4406 }
4407
4408 /****************************************************************************
4409 Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4410 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4411 Note that name is in UNIX character set.
4412 ****************************************************************************/
4413
4414 int chmod_acl(connection_struct *conn, const char *name, mode_t mode)
4415 {
4416 return copy_access_posix_acl(conn, name, name, mode);
4417 }
4418
4419 /****************************************************************************
4420 Check for an existing default POSIX ACL on a directory.
4421 ****************************************************************************/
4422
4423 static bool directory_has_default_posix_acl(connection_struct *conn, const char *fname)
4424 {
4425 SMB_ACL_T def_acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, SMB_ACL_TYPE_DEFAULT);
4426 bool has_acl = False;
4427 SMB_ACL_ENTRY_T entry;
4428
4429 if (def_acl != NULL && (sys_acl_get_entry(def_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1)) {
4430 has_acl = True;
4431 }
4432
4433 if (def_acl) {
4434 TALLOC_FREE(def_acl);
4435 }
4436 return has_acl;
4437 }
4438
4439 /****************************************************************************
4440 If the parent directory has no default ACL but it does have an Access ACL,
4441 inherit this Access ACL to file name.
4442 ****************************************************************************/
4443
4444 int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir,
4445 const char *name, mode_t mode)
4446 {
4447 if (directory_has_default_posix_acl(conn, inherit_from_dir))
4448 return 0;
4449
4450 return copy_access_posix_acl(conn, inherit_from_dir, name, mode);
4451 }
4452
4453 /****************************************************************************
4454 Do an fchmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4455 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4456 ****************************************************************************/
4457
4458 int fchmod_acl(files_struct *fsp, mode_t mode)
4459 {
4460 connection_struct *conn = fsp->conn;
4461 SMB_ACL_T posix_acl = NULL;
4462 int ret = -1;
4463
4464 if ((posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp)) == NULL)
4465 return -1;
4466
4467 if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
4468 goto done;
4469
4470 ret = SMB_VFS_SYS_ACL_SET_FD(fsp, posix_acl);
4471
4472 done:
4473
4474 TALLOC_FREE(posix_acl);
4475 return ret;
4476 }
4477
4478 /****************************************************************************
4479 Map from wire type to permset.
4480 ****************************************************************************/
4481
4482 static bool unix_ex_wire_to_permset(connection_struct *conn, unsigned char wire_perm, SMB_ACL_PERMSET_T *p_permset)
4483 {
4484 if (wire_perm & ~(SMB_POSIX_ACL_READ|SMB_POSIX_ACL_WRITE|SMB_POSIX_ACL_EXECUTE)) {
4485 return False;
4486 }
4487
4488 if (sys_acl_clear_perms(*p_permset) == -1) {
4489 return False;
4490 }
4491
4492 if (wire_perm & SMB_POSIX_ACL_READ) {
4493 if (sys_acl_add_perm(*p_permset, SMB_ACL_READ) == -1) {
4494 return False;
4495 }
4496 }
4497 if (wire_perm & SMB_POSIX_ACL_WRITE) {
4498 if (sys_acl_add_perm(*p_permset, SMB_ACL_WRITE) == -1) {
4499 return False;
4500 }
4501 }
4502 if (wire_perm & SMB_POSIX_ACL_EXECUTE) {
4503 if (sys_acl_add_perm(*p_permset, SMB_ACL_EXECUTE) == -1) {
4504 return False;
4505 }
4506 }
4507 return True;
4508 }
4509
4510 /****************************************************************************
4511 Map from wire type to tagtype.
4512 ****************************************************************************/
4513
4514 static bool unix_ex_wire_to_tagtype(unsigned char wire_tt, SMB_ACL_TAG_T *p_tt)
4515 {
4516 switch (wire_tt) {
4517 case SMB_POSIX_ACL_USER_OBJ:
4518 *p_tt = SMB_ACL_USER_OBJ;
4519 break;
4520 case SMB_POSIX_ACL_USER:
4521 *p_tt = SMB_ACL_USER;
4522 break;
4523 case SMB_POSIX_ACL_GROUP_OBJ:
4524 *p_tt = SMB_ACL_GROUP_OBJ;
4525 break;
4526 case SMB_POSIX_ACL_GROUP:
4527 *p_tt = SMB_ACL_GROUP;
4528 break;
4529 case SMB_POSIX_ACL_MASK:
4530 *p_tt = SMB_ACL_MASK;
4531 break;
4532 case SMB_POSIX_ACL_OTHER:
4533 *p_tt = SMB_ACL_OTHER;
4534 break;
4535 default:
4536 return False;
4537 }
4538 return True;
4539 }
4540
4541 /****************************************************************************
4542 Create a new POSIX acl from wire permissions.
4543 FIXME ! How does the share mask/mode fit into this.... ?
4544 ****************************************************************************/
4545
4546 static SMB_ACL_T create_posix_acl_from_wire(connection_struct *conn, uint16 num_acls, const char *pdata)
4547 {
4548 unsigned int i;
4549 SMB_ACL_T the_acl = sys_acl_init();
4550
4551 if (the_acl == NULL) {
4552 return NULL;
4553 }
4554
4555 for (i = 0; i < num_acls; i++) {
4556 SMB_ACL_ENTRY_T the_entry;
4557 SMB_ACL_PERMSET_T the_permset;
4558 SMB_ACL_TAG_T tag_type;
4559
4560 if (sys_acl_create_entry(&the_acl, &the_entry) == -1) {
4561 DEBUG(0,("create_posix_acl_from_wire: Failed to create entry %u. (%s)\n",
4562 i, strerror(errno) ));
4563 goto fail;
4564 }
4565
4566 if (!unix_ex_wire_to_tagtype(CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), &tag_type)) {
4567 DEBUG(0,("create_posix_acl_from_wire: invalid wire tagtype %u on entry %u.\n",
4568 CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), i ));
4569 goto fail;
4570 }
4571
4572 if (sys_acl_set_tag_type(the_entry, tag_type) == -1) {
4573 DEBUG(0,("create_posix_acl_from_wire: Failed to set tagtype on entry %u. (%s)\n",
4574 i, strerror(errno) ));
4575 goto fail;
4576 }
4577
4578 /* Get the permset pointer from the new ACL entry. */
4579 if (sys_acl_get_permset(the_entry, &the_permset) == -1) {
4580 DEBUG(0,("create_posix_acl_from_wire: Failed to get permset on entry %u. (%s)\n",
4581 i, strerror(errno) ));
4582 goto fail;
4583 }
4584
4585 /* Map from wire to permissions. */
4586 if (!unix_ex_wire_to_permset(conn, CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+1), &the_permset)) {
4587 DEBUG(0,("create_posix_acl_from_wire: invalid permset %u on entry %u.\n",
4588 CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE) + 1), i ));
4589 goto fail;
4590 }
4591
4592 /* Now apply to the new ACL entry. */
4593 if (sys_acl_set_permset(the_entry, the_permset) == -1) {
4594 DEBUG(0,("create_posix_acl_from_wire: Failed to add permset on entry %u. (%s)\n",
4595 i, strerror(errno) ));
4596 goto fail;
4597 }
4598
4599 if (tag_type == SMB_ACL_USER) {
4600 uint32 uidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
4601 uid_t uid = (uid_t)uidval;
4602 if (sys_acl_set_qualifier(the_entry,(void *)&uid) == -1) {
4603 DEBUG(0,("create_posix_acl_from_wire: Failed to set uid %u on entry %u. (%s)\n",
4604 (unsigned int)uid, i, strerror(errno) ));
4605 goto fail;
4606 }
4607 }
4608
4609 if (tag_type == SMB_ACL_GROUP) {
4610 uint32 gidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
4611 gid_t gid = (uid_t)gidval;
4612 if (sys_acl_set_qualifier(the_entry,(void *)&gid) == -1) {
4613 DEBUG(0,("create_posix_acl_from_wire: Failed to set gid %u on entry %u. (%s)\n",
4614 (unsigned int)gid, i, strerror(errno) ));
4615 goto fail;
4616 }
4617 }
4618 }
4619
4620 return the_acl;
4621
4622 fail:
4623
4624 if (the_acl != NULL) {
4625 TALLOC_FREE(the_acl);
4626 }
4627 return NULL;
4628 }
4629
4630 /****************************************************************************
4631 Calls from UNIX extensions - Default POSIX ACL set.
4632 If num_def_acls == 0 and not a directory just return. If it is a directory
4633 and num_def_acls == 0 then remove the default acl. Else set the default acl
4634 on the directory.
4635 ****************************************************************************/
4636
4637 bool set_unix_posix_default_acl(connection_struct *conn, const char *fname, const SMB_STRUCT_STAT *psbuf,
4638 uint16 num_def_acls, const char *pdata)
4639 {
4640 SMB_ACL_T def_acl = NULL;
4641
4642 if (!S_ISDIR(psbuf->st_ex_mode)) {
4643 if (num_def_acls) {
4644 DEBUG(5,("set_unix_posix_default_acl: Can't set default ACL on non-directory file %s\n", fname ));
4645 errno = EISDIR;
4646 return False;
4647 } else {
4648 return True;
4649 }
4650 }
4651
4652 if (!num_def_acls) {
4653 /* Remove the default ACL. */
4654 if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fname) == -1) {
4655 DEBUG(5,("set_unix_posix_default_acl: acl_delete_def_file failed on directory %s (%s)\n",
4656 fname, strerror(errno) ));
4657 return False;
4658 }
4659 return True;
4660 }
4661
4662 if ((def_acl = create_posix_acl_from_wire(conn, num_def_acls, pdata)) == NULL) {
4663 return False;
4664 }
4665
4666 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_DEFAULT, def_acl) == -1) {
4667 DEBUG(5,("set_unix_posix_default_acl: acl_set_file failed on directory %s (%s)\n",
4668 fname, strerror(errno) ));
4669 TALLOC_FREE(def_acl);
4670 return False;
4671 }
4672
4673 DEBUG(10,("set_unix_posix_default_acl: set default acl for file %s\n", fname ));
4674 TALLOC_FREE(def_acl);
4675 return True;
4676 }
4677
4678 /****************************************************************************
4679 Remove an ACL from a file. As we don't have acl_delete_entry() available
4680 we must read the current acl and copy all entries except MASK, USER and GROUP
4681 to a new acl, then set that. This (at least on Linux) causes any ACL to be
4682 removed.
4683 FIXME ! How does the share mask/mode fit into this.... ?
4684 ****************************************************************************/
4685
4686 static bool remove_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname)
4687 {
4688 SMB_ACL_T file_acl = NULL;
4689 int entry_id = SMB_ACL_FIRST_ENTRY;
4690 SMB_ACL_ENTRY_T entry;
4691 bool ret = False;
4692 /* Create a new ACL with only 3 entries, u/g/w. */
4693 SMB_ACL_T new_file_acl = sys_acl_init();
4694 SMB_ACL_ENTRY_T user_ent = NULL;
4695 SMB_ACL_ENTRY_T group_ent = NULL;
4696 SMB_ACL_ENTRY_T other_ent = NULL;
4697
4698 if (new_file_acl == NULL) {
4699 DEBUG(5,("remove_posix_acl: failed to init new ACL with 3 entries for file %s.\n", fname));
4700 return False;
4701 }
4702
4703 /* Now create the u/g/w entries. */
4704 if (sys_acl_create_entry(&new_file_acl, &user_ent) == -1) {
4705 DEBUG(5,("remove_posix_acl: Failed to create user entry for file %s. (%s)\n",
4706 fname, strerror(errno) ));
4707 goto done;
4708 }
4709 if (sys_acl_set_tag_type(user_ent, SMB_ACL_USER_OBJ) == -1) {
4710 DEBUG(5,("remove_posix_acl: Failed to set user entry for file %s. (%s)\n",
4711 fname, strerror(errno) ));
4712 goto done;
4713 }
4714
4715 if (sys_acl_create_entry(&new_file_acl, &group_ent) == -1) {
4716 DEBUG(5,("remove_posix_acl: Failed to create group entry for file %s. (%s)\n",
4717 fname, strerror(errno) ));
4718 goto done;
4719 }
4720 if (sys_acl_set_tag_type(group_ent, SMB_ACL_GROUP_OBJ) == -1) {
4721 DEBUG(5,("remove_posix_acl: Failed to set group entry for file %s. (%s)\n",
4722 fname, strerror(errno) ));
4723 goto done;
4724 }
4725
4726 if (sys_acl_create_entry(&new_file_acl, &other_ent) == -1) {
4727 DEBUG(5,("remove_posix_acl: Failed to create other entry for file %s. (%s)\n",
4728 fname, strerror(errno) ));
4729 goto done;
4730 }
4731 if (sys_acl_set_tag_type(other_ent, SMB_ACL_OTHER) == -1) {
4732 DEBUG(5,("remove_posix_acl: Failed to set other entry for file %s. (%s)\n",
4733 fname, strerror(errno) ));
4734 goto done;
4735 }
4736
4737 /* Get the current file ACL. */
4738 if (fsp && fsp->fh->fd != -1) {
4739 file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
4740 } else {
4741 file_acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, SMB_ACL_TYPE_ACCESS);
4742 }
4743
4744 if (file_acl == NULL) {
4745 /* This is only returned if an error occurred. Even for a file with
4746 no acl a u/g/w acl should be returned. */
4747 DEBUG(5,("remove_posix_acl: failed to get ACL from file %s (%s).\n",
4748 fname, strerror(errno) ));
4749 goto done;
4750 }
4751
4752 while ( sys_acl_get_entry(file_acl, entry_id, &entry) == 1) {
4753 SMB_ACL_TAG_T tagtype;
4754 SMB_ACL_PERMSET_T permset;
4755
4756 entry_id = SMB_ACL_NEXT_ENTRY;
4757
4758 if (sys_acl_get_tag_type(entry, &tagtype) == -1) {
4759 DEBUG(5,("remove_posix_acl: failed to get tagtype from ACL on file %s (%s).\n",
4760 fname, strerror(errno) ));
4761 goto done;
4762 }
4763
4764 if (sys_acl_get_permset(entry, &permset) == -1) {
4765 DEBUG(5,("remove_posix_acl: failed to get permset from ACL on file %s (%s).\n",
4766 fname, strerror(errno) ));
4767 goto done;
4768 }
4769
4770 if (tagtype == SMB_ACL_USER_OBJ) {
4771 if (sys_acl_set_permset(user_ent, permset) == -1) {
4772 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4773 fname, strerror(errno) ));
4774 }
4775 } else if (tagtype == SMB_ACL_GROUP_OBJ) {
4776 if (sys_acl_set_permset(group_ent, permset) == -1) {
4777 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4778 fname, strerror(errno) ));
4779 }
4780 } else if (tagtype == SMB_ACL_OTHER) {
4781 if (sys_acl_set_permset(other_ent, permset) == -1) {
4782 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4783 fname, strerror(errno) ));
4784 }
4785 }
4786 }
4787
4788 /* Set the new empty file ACL. */
4789 if (fsp && fsp->fh->fd != -1) {
4790 if (SMB_VFS_SYS_ACL_SET_FD(fsp, new_file_acl) == -1) {
4791 DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
4792 fname, strerror(errno) ));
4793 goto done;
4794 }
4795 } else {
4796 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, new_file_acl) == -1) {
4797 DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
4798 fname, strerror(errno) ));
4799 goto done;
4800 }
4801 }
4802
4803 ret = True;
4804
4805 done:
4806
4807 if (file_acl) {
4808 TALLOC_FREE(file_acl);
4809 }
4810 if (new_file_acl) {
4811 TALLOC_FREE(new_file_acl);
4812 }
4813 return ret;
4814 }
4815
4816 /****************************************************************************
4817 Calls from UNIX extensions - POSIX ACL set.
4818 If num_def_acls == 0 then read/modify/write acl after removing all entries
4819 except SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER.
4820 ****************************************************************************/
4821
4822 bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata)
4823 {
4824 SMB_ACL_T file_acl = NULL;
4825
4826 if (!num_acls) {
4827 /* Remove the ACL from the file. */
4828 return remove_posix_acl(conn, fsp, fname);
4829 }
4830
4831 if ((file_acl = create_posix_acl_from_wire(conn, num_acls, pdata)) == NULL) {
4832 return False;
4833 }
4834
4835 if (fsp && fsp->fh->fd != -1) {
4836 /* The preferred way - use an open fd. */
4837 if (SMB_VFS_SYS_ACL_SET_FD(fsp, file_acl) == -1) {
4838 DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
4839 fname, strerror(errno) ));
4840 TALLOC_FREE(file_acl);
4841 return False;
4842 }
4843 } else {
4844 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, file_acl) == -1) {
4845 DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
4846 fname, strerror(errno) ));
4847 TALLOC_FREE(file_acl);
4848 return False;
4849 }
4850 }
4851
4852 DEBUG(10,("set_unix_posix_acl: set acl for file %s\n", fname ));
4853 TALLOC_FREE(file_acl);
4854 return True;
4855 }
4856
4857 /********************************************************************
4858 Pull the NT ACL from a file on disk or the OpenEventlog() access
4859 check. Caller is responsible for freeing the returned security
4860 descriptor via TALLOC_FREE(). This is designed for dealing with
4861 user space access checks in smbd outside of the VFS. For example,
4862 checking access rights in OpenEventlog().
4863
4864 Assume we are dealing with files (for now)
4865 ********************************************************************/
4866
4867 struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname, uint32 security_info_wanted)
4868 {
4869 struct security_descriptor *psd, *ret_sd;
4870 connection_struct *conn;
4871 files_struct finfo;
4872 struct fd_handle fh;
4873 NTSTATUS status;
4874 TALLOC_CTX *frame = talloc_stackframe();
4875
4876 conn = talloc_zero(frame, connection_struct);
4877 if (conn == NULL) {
4878 DEBUG(0, ("talloc failed\n"));
4879 return NULL;
4880 }
4881
4882 if (!(conn->params = talloc(conn, struct share_params))) {
4883 DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n"));
4884 TALLOC_FREE(frame);
4885 return NULL;
4886 }
4887
4888 conn->params->service = -1;
4889
4890 set_conn_connectpath(conn, "/");
4891
4892 if (!smbd_vfs_init(conn)) {
4893 DEBUG(0,("get_nt_acl_no_snum: Unable to create a fake connection struct!\n"));
4894 conn_free(conn);
4895 TALLOC_FREE(frame);
4896 return NULL;
4897 }
4898
4899 ZERO_STRUCT( finfo );
4900 ZERO_STRUCT( fh );
4901
4902 finfo.fnum = FNUM_FIELD_INVALID;
4903 finfo.conn = conn;
4904 finfo.fh = &fh;
4905 finfo.fh->fd = -1;
4906
4907 status = create_synthetic_smb_fname(frame, fname, NULL, NULL,
4908 &finfo.fsp_name);
4909 if (!NT_STATUS_IS_OK(status)) {
4910 conn_free(conn);
4911 TALLOC_FREE(frame);
4912 return NULL;
4913 }
4914
4915 if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, security_info_wanted, &psd))) {
4916 DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
4917 TALLOC_FREE(finfo.fsp_name);
4918 conn_free(conn);
4919 TALLOC_FREE(frame);
4920 return NULL;
4921 }
4922
4923 ret_sd = dup_sec_desc( ctx, psd );
4924
4925 TALLOC_FREE(finfo.fsp_name);
4926 conn_free(conn);
4927 TALLOC_FREE(frame);
4928
4929 return ret_sd;
4930 }
4931
4932 /* Stolen shamelessly from pvfs_default_acl() in source4 :-). */
4933
4934 NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
4935 const char *name,
4936 SMB_STRUCT_STAT *psbuf,
4937 struct security_descriptor **ppdesc)
4938 {
4939 struct dom_sid owner_sid, group_sid;
4940 size_t size = 0;
4941 struct security_ace aces[4];
4942 uint32_t access_mask = 0;
4943 mode_t mode = psbuf->st_ex_mode;
4944 struct security_acl *new_dacl = NULL;
4945 int idx = 0;
4946
4947 DEBUG(10,("make_default_filesystem_acl: file %s mode = 0%o\n",
4948 name, (int)mode ));
4949
4950 uid_to_sid(&owner_sid, psbuf->st_ex_uid);
4951 gid_to_sid(&group_sid, psbuf->st_ex_gid);
4952
4953 /*
4954 We provide up to 4 ACEs
4955 - Owner
4956 - Group
4957 - Everyone
4958 - NT System
4959 */
4960
4961 if (mode & S_IRUSR) {
4962 if (mode & S_IWUSR) {
4963 access_mask |= SEC_RIGHTS_FILE_ALL;
4964 } else {
4965 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
4966 }
4967 }
4968 if (mode & S_IWUSR) {
4969 access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
4970 }
4971
4972 init_sec_ace(&aces[idx],
4973 &owner_sid,
4974 SEC_ACE_TYPE_ACCESS_ALLOWED,
4975 access_mask,
4976 0);
4977 idx++;
4978
4979 access_mask = 0;
4980 if (mode & S_IRGRP) {
4981 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
4982 }
4983 if (mode & S_IWGRP) {
4984 /* note that delete is not granted - this matches posix behaviour */
4985 access_mask |= SEC_RIGHTS_FILE_WRITE;
4986 }
4987 if (access_mask) {
4988 init_sec_ace(&aces[idx],
4989 &group_sid,
4990 SEC_ACE_TYPE_ACCESS_ALLOWED,
4991 access_mask,
4992 0);
4993 idx++;
4994 }
4995
4996 access_mask = 0;
4997 if (mode & S_IROTH) {
4998 access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
4999 }
5000 if (mode & S_IWOTH) {
5001 access_mask |= SEC_RIGHTS_FILE_WRITE;
5002 }
5003 if (access_mask) {
5004 init_sec_ace(&aces[idx],
5005 &global_sid_World,
5006 SEC_ACE_TYPE_ACCESS_ALLOWED,
5007 access_mask,
5008 0);
5009 idx++;
5010 }
5011
5012 init_sec_ace(&aces[idx],
5013 &global_sid_System,
5014 SEC_ACE_TYPE_ACCESS_ALLOWED,
5015 SEC_RIGHTS_FILE_ALL,
5016 0);
5017 idx++;
5018
5019 new_dacl = make_sec_acl(ctx,
5020 NT4_ACL_REVISION,
5021 idx,
5022 aces);
5023
5024 if (!new_dacl) {
5025 return NT_STATUS_NO_MEMORY;
5026 }
5027
5028 *ppdesc = make_sec_desc(ctx,
5029 SECURITY_DESCRIPTOR_REVISION_1,
5030 SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
5031 &owner_sid,
5032 &group_sid,
5033 NULL,
5034 new_dacl,
5035 &size);
5036 if (!*ppdesc) {
5037 return NT_STATUS_NO_MEMORY;
5038 }
5039 return NT_STATUS_OK;
5040 }
reg import