search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: Rename new parameter "ldap ref follow" to "ldap follow referral".
[Samba/gebeck_regimport.git] / source3 / smbd / posix_acls.c
blob32a04c51e4ef7b02c77829925a7ae7b75d104e8e
1 /*
2 Unix SMB/CIFS implementation.
3 SMB NT Security Descriptor / Unix permission conversion.
4 Copyright (C) Jeremy Allison 1994-2009.
5 Copyright (C) Andreas Gruenbacher 2002.
6 Copyright (C) Simo Sorce <idra@samba.org> 2009.
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 extern struct current_user current_user;
25 extern const struct generic_mapping file_generic_mapping;
26
27 #undef DBGC_CLASS
28 #define DBGC_CLASS DBGC_ACLS
29
30 /****************************************************************************
31 Data structures representing the internal ACE format.
32 ****************************************************************************/
33
34 enum ace_owner {UID_ACE, GID_ACE, WORLD_ACE};
35 enum ace_attribute {ALLOW_ACE, DENY_ACE}; /* Used for incoming NT ACLS. */
36
37 typedef union posix_id {
38 uid_t uid;
39 gid_t gid;
40 int world;
41 } posix_id;
42
43 typedef struct canon_ace {
44 struct canon_ace *next, *prev;
45 SMB_ACL_TAG_T type;
46 mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
47 DOM_SID trustee;
48 enum ace_owner owner_type;
49 enum ace_attribute attr;
50 posix_id unix_ug;
51 uint8_t ace_flags; /* From windows ACE entry. */
52 } canon_ace;
53
54 #define ALL_ACE_PERMS (S_IRUSR|S_IWUSR|S_IXUSR)
55
56 /*
57 * EA format of user.SAMBA_PAI (Samba_Posix_Acl_Interitance)
58 * attribute on disk - version 1.
59 * All values are little endian.
60 *
61 * | 1 | 1 | 2 | 2 | ....
62 * +------+------+-------------+---------------------+-------------+--------------------+
63 * | vers | flag | num_entries | num_default_entries | ..entries.. | default_entries... |
64 * +------+------+-------------+---------------------+-------------+--------------------+
65 *
66 * Entry format is :
67 *
68 * | 1 | 4 |
69 * +------+-------------------+
70 * | value| uid/gid or world |
71 * | type | value |
72 * +------+-------------------+
73 *
74 * Version 2 format. Stores extra Windows metadata about an ACL.
75 *
76 * | 1 | 2 | 2 | 2 | ....
77 * +------+----------+-------------+---------------------+-------------+--------------------+
78 * | vers | ace | num_entries | num_default_entries | ..entries.. | default_entries... |
79 * | 2 | type | | | | |
80 * +------+----------+-------------+---------------------+-------------+--------------------+
81 *
82 * Entry format is :
83 *
84 * | 1 | 1 | 4 |
85 * +------+------+-------------------+
86 * | ace | value| uid/gid or world |
87 * | flag | type | value |
88 * +------+-------------------+------+
89 *
90 */
91
92 #define PAI_VERSION_OFFSET 0
93
94 #define PAI_V1_FLAG_OFFSET 1
95 #define PAI_V1_NUM_ENTRIES_OFFSET 2
96 #define PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET 4
97 #define PAI_V1_ENTRIES_BASE 6
98 #define PAI_V1_ACL_FLAG_PROTECTED 0x1
99 #define PAI_V1_ENTRY_LENGTH 5
100
101 #define PAI_V1_VERSION 1
102
103 #define PAI_V2_TYPE_OFFSET 1
104 #define PAI_V2_NUM_ENTRIES_OFFSET 3
105 #define PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET 5
106 #define PAI_V2_ENTRIES_BASE 7
107 #define PAI_V2_ENTRY_LENGTH 6
108
109 #define PAI_V2_VERSION 2
110
111 /*
112 * In memory format of user.SAMBA_PAI attribute.
113 */
114
115 struct pai_entry {
116 struct pai_entry *next, *prev;
117 uint8_t ace_flags;
118 enum ace_owner owner_type;
119 posix_id unix_ug;
120 };
121
122 struct pai_val {
123 uint16_t sd_type;
124 unsigned int num_entries;
125 struct pai_entry *entry_list;
126 unsigned int num_def_entries;
127 struct pai_entry *def_entry_list;
128 };
129
130 /************************************************************************
131 Return a uint32 of the pai_entry principal.
132 ************************************************************************/
133
134 static uint32_t get_pai_entry_val(struct pai_entry *paie)
135 {
136 switch (paie->owner_type) {
137 case UID_ACE:
138 DEBUG(10,("get_pai_entry_val: uid = %u\n", (unsigned int)paie->unix_ug.uid ));
139 return (uint32_t)paie->unix_ug.uid;
140 case GID_ACE:
141 DEBUG(10,("get_pai_entry_val: gid = %u\n", (unsigned int)paie->unix_ug.gid ));
142 return (uint32_t)paie->unix_ug.gid;
143 case WORLD_ACE:
144 default:
145 DEBUG(10,("get_pai_entry_val: world ace\n"));
146 return (uint32_t)-1;
147 }
148 }
149
150 /************************************************************************
151 Return a uint32 of the entry principal.
152 ************************************************************************/
153
154 static uint32_t get_entry_val(canon_ace *ace_entry)
155 {
156 switch (ace_entry->owner_type) {
157 case UID_ACE:
158 DEBUG(10,("get_entry_val: uid = %u\n", (unsigned int)ace_entry->unix_ug.uid ));
159 return (uint32_t)ace_entry->unix_ug.uid;
160 case GID_ACE:
161 DEBUG(10,("get_entry_val: gid = %u\n", (unsigned int)ace_entry->unix_ug.gid ));
162 return (uint32_t)ace_entry->unix_ug.gid;
163 case WORLD_ACE:
164 default:
165 DEBUG(10,("get_entry_val: world ace\n"));
166 return (uint32_t)-1;
167 }
168 }
169
170 /************************************************************************
171 Create the on-disk format (always v2 now). Caller must free.
172 ************************************************************************/
173
174 static char *create_pai_buf_v2(canon_ace *file_ace_list,
175 canon_ace *dir_ace_list,
176 uint16_t sd_type,
177 size_t *store_size)
178 {
179 char *pai_buf = NULL;
180 canon_ace *ace_list = NULL;
181 char *entry_offset = NULL;
182 unsigned int num_entries = 0;
183 unsigned int num_def_entries = 0;
184
185 for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
186 num_entries++;
187 }
188
189 for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
190 num_def_entries++;
191 }
192
193 DEBUG(10,("create_pai_buf_v2: num_entries = %u, num_def_entries = %u\n", num_entries, num_def_entries ));
194
195 *store_size = PAI_V2_ENTRIES_BASE +
196 ((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH);
197
198 pai_buf = (char *)SMB_MALLOC(*store_size);
199 if (!pai_buf) {
200 return NULL;
201 }
202
203 /* Set up the header. */
204 memset(pai_buf, '\0', PAI_V2_ENTRIES_BASE);
205 SCVAL(pai_buf,PAI_VERSION_OFFSET,PAI_V2_VERSION);
206 SSVAL(pai_buf,PAI_V2_TYPE_OFFSET, sd_type);
207 SSVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET,num_entries);
208 SSVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET,num_def_entries);
209
210 entry_offset = pai_buf + PAI_V2_ENTRIES_BASE;
211
212 for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
213 uint8_t type_val = (uint8_t)ace_list->owner_type;
214 uint32_t entry_val = get_entry_val(ace_list);
215
216 SCVAL(entry_offset,0,ace_list->ace_flags);
217 SCVAL(entry_offset,1,type_val);
218 SIVAL(entry_offset,2,entry_val);
219 entry_offset += PAI_V2_ENTRY_LENGTH;
220 }
221
222 for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
223 uint8_t type_val = (uint8_t)ace_list->owner_type;
224 uint32_t entry_val = get_entry_val(ace_list);
225
226 SCVAL(entry_offset,0,ace_list->ace_flags);
227 SCVAL(entry_offset,1,type_val);
228 SIVAL(entry_offset,2,entry_val);
229 entry_offset += PAI_V2_ENTRY_LENGTH;
230 }
231
232 return pai_buf;
233 }
234
235 /************************************************************************
236 Store the user.SAMBA_PAI attribute on disk.
237 ************************************************************************/
238
239 static void store_inheritance_attributes(files_struct *fsp,
240 canon_ace *file_ace_list,
241 canon_ace *dir_ace_list,
242 uint16_t sd_type)
243 {
244 int ret;
245 size_t store_size;
246 char *pai_buf;
247
248 if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
249 return;
250 }
251
252 pai_buf = create_pai_buf_v2(file_ace_list, dir_ace_list,
253 sd_type, &store_size);
254
255 if (fsp->fh->fd != -1) {
256 ret = SMB_VFS_FSETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
257 pai_buf, store_size, 0);
258 } else {
259 ret = SMB_VFS_SETXATTR(fsp->conn, fsp->fsp_name->base_name,
260 SAMBA_POSIX_INHERITANCE_EA_NAME,
261 pai_buf, store_size, 0);
262 }
263
264 SAFE_FREE(pai_buf);
265
266 DEBUG(10,("store_inheritance_attribute: type 0x%x for file %s\n",
267 (unsigned int)sd_type,
268 fsp_str_dbg(fsp)));
269
270 if (ret == -1 && !no_acl_syscall_error(errno)) {
271 DEBUG(1,("store_inheritance_attribute: Error %s\n", strerror(errno) ));
272 }
273 }
274
275 /************************************************************************
276 Delete the in memory inheritance info.
277 ************************************************************************/
278
279 static void free_inherited_info(struct pai_val *pal)
280 {
281 if (pal) {
282 struct pai_entry *paie, *paie_next;
283 for (paie = pal->entry_list; paie; paie = paie_next) {
284 paie_next = paie->next;
285 SAFE_FREE(paie);
286 }
287 for (paie = pal->def_entry_list; paie; paie = paie_next) {
288 paie_next = paie->next;
289 SAFE_FREE(paie);
290 }
291 SAFE_FREE(pal);
292 }
293 }
294
295 /************************************************************************
296 Get any stored ACE flags.
297 ************************************************************************/
298
299 static uint16_t get_pai_flags(struct pai_val *pal, canon_ace *ace_entry, bool default_ace)
300 {
301 struct pai_entry *paie;
302
303 if (!pal) {
304 return 0;
305 }
306
307 /* If the entry exists it is inherited. */
308 for (paie = (default_ace ? pal->def_entry_list : pal->entry_list); paie; paie = paie->next) {
309 if (ace_entry->owner_type == paie->owner_type &&
310 get_entry_val(ace_entry) == get_pai_entry_val(paie))
311 return paie->ace_flags;
312 }
313 return 0;
314 }
315
316 /************************************************************************
317 Ensure an attribute just read is valid - v1.
318 ************************************************************************/
319
320 static bool check_pai_ok_v1(const char *pai_buf, size_t pai_buf_data_size)
321 {
322 uint16 num_entries;
323 uint16 num_def_entries;
324
325 if (pai_buf_data_size < PAI_V1_ENTRIES_BASE) {
326 /* Corrupted - too small. */
327 return false;
328 }
329
330 if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V1_VERSION) {
331 return false;
332 }
333
334 num_entries = SVAL(pai_buf,PAI_V1_NUM_ENTRIES_OFFSET);
335 num_def_entries = SVAL(pai_buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
336
337 /* Check the entry lists match. */
338 /* Each entry is 5 bytes (type plus 4 bytes of uid or gid). */
339
340 if (((num_entries + num_def_entries)*PAI_V1_ENTRY_LENGTH) +
341 PAI_V1_ENTRIES_BASE != pai_buf_data_size) {
342 return false;
343 }
344
345 return true;
346 }
347
348 /************************************************************************
349 Ensure an attribute just read is valid - v2.
350 ************************************************************************/
351
352 static bool check_pai_ok_v2(const char *pai_buf, size_t pai_buf_data_size)
353 {
354 uint16 num_entries;
355 uint16 num_def_entries;
356
357 if (pai_buf_data_size < PAI_V2_ENTRIES_BASE) {
358 /* Corrupted - too small. */
359 return false;
360 }
361
362 if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V2_VERSION) {
363 return false;
364 }
365
366 num_entries = SVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET);
367 num_def_entries = SVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
368
369 /* Check the entry lists match. */
370 /* Each entry is 6 bytes (flags + type + 4 bytes of uid or gid). */
371
372 if (((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH) +
373 PAI_V2_ENTRIES_BASE != pai_buf_data_size) {
374 return false;
375 }
376
377 return true;
378 }
379
380 /************************************************************************
381 Decode the owner.
382 ************************************************************************/
383
384 static bool get_pai_owner_type(struct pai_entry *paie, const char *entry_offset)
385 {
386 paie->owner_type = (enum ace_owner)CVAL(entry_offset,0);
387 switch( paie->owner_type) {
388 case UID_ACE:
389 paie->unix_ug.uid = (uid_t)IVAL(entry_offset,1);
390 DEBUG(10,("get_pai_owner_type: uid = %u\n",
391 (unsigned int)paie->unix_ug.uid ));
392 break;
393 case GID_ACE:
394 paie->unix_ug.gid = (gid_t)IVAL(entry_offset,1);
395 DEBUG(10,("get_pai_owner_type: gid = %u\n",
396 (unsigned int)paie->unix_ug.gid ));
397 break;
398 case WORLD_ACE:
399 paie->unix_ug.world = -1;
400 DEBUG(10,("get_pai_owner_type: world ace\n"));
401 break;
402 default:
403 return false;
404 }
405 return true;
406 }
407
408 /************************************************************************
409 Process v2 entries.
410 ************************************************************************/
411
412 static const char *create_pai_v1_entries(struct pai_val *paiv,
413 const char *entry_offset,
414 bool def_entry)
415 {
416 int i;
417
418 for (i = 0; i < paiv->num_entries; i++) {
419 struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry);
420 if (!paie) {
421 return NULL;
422 }
423
424 paie->ace_flags = SEC_ACE_FLAG_INHERITED_ACE;
425 if (!get_pai_owner_type(paie, entry_offset)) {
426 return NULL;
427 }
428
429 if (!def_entry) {
430 DLIST_ADD(paiv->entry_list, paie);
431 } else {
432 DLIST_ADD(paiv->def_entry_list, paie);
433 }
434 entry_offset += PAI_V1_ENTRY_LENGTH;
435 }
436 return entry_offset;
437 }
438
439 /************************************************************************
440 Convert to in-memory format from version 1.
441 ************************************************************************/
442
443 static struct pai_val *create_pai_val_v1(const char *buf, size_t size)
444 {
445 const char *entry_offset;
446 struct pai_val *paiv = NULL;
447
448 if (!check_pai_ok_v1(buf, size)) {
449 return NULL;
450 }
451
452 paiv = SMB_MALLOC_P(struct pai_val);
453 if (!paiv) {
454 return NULL;
455 }
456
457 memset(paiv, '\0', sizeof(struct pai_val));
458
459 paiv->sd_type = (CVAL(buf,PAI_V1_FLAG_OFFSET) == PAI_V1_ACL_FLAG_PROTECTED) ?
460 SE_DESC_DACL_PROTECTED : 0;
461
462 paiv->num_entries = SVAL(buf,PAI_V1_NUM_ENTRIES_OFFSET);
463 paiv->num_def_entries = SVAL(buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
464
465 entry_offset = buf + PAI_V1_ENTRIES_BASE;
466
467 DEBUG(10,("create_pai_val: num_entries = %u, num_def_entries = %u\n",
468 paiv->num_entries, paiv->num_def_entries ));
469
470 entry_offset = create_pai_v1_entries(paiv, entry_offset, false);
471 if (entry_offset == NULL) {
472 free_inherited_info(paiv);
473 return NULL;
474 }
475 entry_offset = create_pai_v1_entries(paiv, entry_offset, true);
476 if (entry_offset == NULL) {
477 free_inherited_info(paiv);
478 return NULL;
479 }
480
481 return paiv;
482 }
483
484 /************************************************************************
485 Process v2 entries.
486 ************************************************************************/
487
488 static const char *create_pai_v2_entries(struct pai_val *paiv,
489 const char *entry_offset,
490 bool def_entry)
491 {
492 int i;
493
494 for (i = 0; i < paiv->num_entries; i++) {
495 struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry);
496 if (!paie) {
497 return NULL;
498 }
499
500 paie->ace_flags = CVAL(entry_offset,0);
501
502 entry_offset++;
503
504 if (!get_pai_owner_type(paie, entry_offset)) {
505 return NULL;
506 }
507 if (!def_entry) {
508 DLIST_ADD(paiv->entry_list, paie);
509 } else {
510 DLIST_ADD(paiv->def_entry_list, paie);
511 }
512 entry_offset += PAI_V2_ENTRY_LENGTH;
513 }
514 return entry_offset;
515 }
516
517 /************************************************************************
518 Convert to in-memory format from version 2.
519 ************************************************************************/
520
521 static struct pai_val *create_pai_val_v2(const char *buf, size_t size)
522 {
523 const char *entry_offset;
524 struct pai_val *paiv = NULL;
525
526 if (!check_pai_ok_v2(buf, size)) {
527 return NULL;
528 }
529
530 paiv = SMB_MALLOC_P(struct pai_val);
531 if (!paiv) {
532 return NULL;
533 }
534
535 memset(paiv, '\0', sizeof(struct pai_val));
536
537 paiv->sd_type = SVAL(buf,PAI_V2_TYPE_OFFSET);
538
539 paiv->num_entries = SVAL(buf,PAI_V2_NUM_ENTRIES_OFFSET);
540 paiv->num_def_entries = SVAL(buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
541
542 entry_offset = buf + PAI_V2_ENTRIES_BASE;
543
544 DEBUG(10,("create_pai_val_v2: num_entries = %u, num_def_entries = %u\n",
545 paiv->num_entries, paiv->num_def_entries ));
546
547 entry_offset = create_pai_v2_entries(paiv, entry_offset, false);
548 if (entry_offset == NULL) {
549 free_inherited_info(paiv);
550 return NULL;
551 }
552 entry_offset = create_pai_v2_entries(paiv, entry_offset, true);
553 if (entry_offset == NULL) {
554 free_inherited_info(paiv);
555 return NULL;
556 }
557
558 return paiv;
559 }
560
561 /************************************************************************
562 Convert to in-memory format - from either version 1 or 2.
563 ************************************************************************/
564
565 static struct pai_val *create_pai_val(const char *buf, size_t size)
566 {
567 if (size < 1) {
568 return NULL;
569 }
570 if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V1_VERSION) {
571 return create_pai_val_v1(buf, size);
572 } else if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V2_VERSION) {
573 return create_pai_val_v2(buf, size);
574 } else {
575 return NULL;
576 }
577 }
578
579 /************************************************************************
580 Load the user.SAMBA_PAI attribute.
581 ************************************************************************/
582
583 static struct pai_val *fload_inherited_info(files_struct *fsp)
584 {
585 char *pai_buf;
586 size_t pai_buf_size = 1024;
587 struct pai_val *paiv = NULL;
588 ssize_t ret;
589
590 if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
591 return NULL;
592 }
593
594 if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) {
595 return NULL;
596 }
597
598 do {
599 if (fsp->fh->fd != -1) {
600 ret = SMB_VFS_FGETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
601 pai_buf, pai_buf_size);
602 } else {
603 ret = SMB_VFS_GETXATTR(fsp->conn,
604 fsp->fsp_name->base_name,
605 SAMBA_POSIX_INHERITANCE_EA_NAME,
606 pai_buf, pai_buf_size);
607 }
608
609 if (ret == -1) {
610 if (errno != ERANGE) {
611 break;
612 }
613 /* Buffer too small - enlarge it. */
614 pai_buf_size *= 2;
615 SAFE_FREE(pai_buf);
616 if (pai_buf_size > 1024*1024) {
617 return NULL; /* Limit malloc to 1mb. */
618 }
619 if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL)
620 return NULL;
621 }
622 } while (ret == -1);
623
624 DEBUG(10,("load_inherited_info: ret = %lu for file %s\n",
625 (unsigned long)ret, fsp_str_dbg(fsp)));
626
627 if (ret == -1) {
628 /* No attribute or not supported. */
629 #if defined(ENOATTR)
630 if (errno != ENOATTR)
631 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
632 #else
633 if (errno != ENOSYS)
634 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
635 #endif
636 SAFE_FREE(pai_buf);
637 return NULL;
638 }
639
640 paiv = create_pai_val(pai_buf, ret);
641
642 if (paiv) {
643 DEBUG(10,("load_inherited_info: ACL type is 0x%x for file %s\n",
644 (unsigned int)paiv->sd_type, fsp_str_dbg(fsp)));
645 }
646
647 SAFE_FREE(pai_buf);
648 return paiv;
649 }
650
651 /************************************************************************
652 Load the user.SAMBA_PAI attribute.
653 ************************************************************************/
654
655 static struct pai_val *load_inherited_info(const struct connection_struct *conn,
656 const char *fname)
657 {
658 char *pai_buf;
659 size_t pai_buf_size = 1024;
660 struct pai_val *paiv = NULL;
661 ssize_t ret;
662
663 if (!lp_map_acl_inherit(SNUM(conn))) {
664 return NULL;
665 }
666
667 if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) {
668 return NULL;
669 }
670
671 do {
672 ret = SMB_VFS_GETXATTR(conn, fname,
673 SAMBA_POSIX_INHERITANCE_EA_NAME,
674 pai_buf, pai_buf_size);
675
676 if (ret == -1) {
677 if (errno != ERANGE) {
678 break;
679 }
680 /* Buffer too small - enlarge it. */
681 pai_buf_size *= 2;
682 SAFE_FREE(pai_buf);
683 if (pai_buf_size > 1024*1024) {
684 return NULL; /* Limit malloc to 1mb. */
685 }
686 if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL)
687 return NULL;
688 }
689 } while (ret == -1);
690
691 DEBUG(10,("load_inherited_info: ret = %lu for file %s\n", (unsigned long)ret, fname));
692
693 if (ret == -1) {
694 /* No attribute or not supported. */
695 #if defined(ENOATTR)
696 if (errno != ENOATTR)
697 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
698 #else
699 if (errno != ENOSYS)
700 DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
701 #endif
702 SAFE_FREE(pai_buf);
703 return NULL;
704 }
705
706 paiv = create_pai_val(pai_buf, ret);
707
708 if (paiv) {
709 DEBUG(10,("load_inherited_info: ACL type 0x%x for file %s\n",
710 (unsigned int)paiv->sd_type,
711 fname));
712 }
713
714 SAFE_FREE(pai_buf);
715 return paiv;
716 }
717
718 /****************************************************************************
719 Functions to manipulate the internal ACE format.
720 ****************************************************************************/
721
722 /****************************************************************************
723 Count a linked list of canonical ACE entries.
724 ****************************************************************************/
725
726 static size_t count_canon_ace_list( canon_ace *l_head )
727 {
728 size_t count = 0;
729 canon_ace *ace;
730
731 for (ace = l_head; ace; ace = ace->next)
732 count++;
733
734 return count;
735 }
736
737 /****************************************************************************
738 Free a linked list of canonical ACE entries.
739 ****************************************************************************/
740
741 static void free_canon_ace_list( canon_ace *l_head )
742 {
743 canon_ace *list, *next;
744
745 for (list = l_head; list; list = next) {
746 next = list->next;
747 DLIST_REMOVE(l_head, list);
748 SAFE_FREE(list);
749 }
750 }
751
752 /****************************************************************************
753 Function to duplicate a canon_ace entry.
754 ****************************************************************************/
755
756 static canon_ace *dup_canon_ace( canon_ace *src_ace)
757 {
758 canon_ace *dst_ace = SMB_MALLOC_P(canon_ace);
759
760 if (dst_ace == NULL)
761 return NULL;
762
763 *dst_ace = *src_ace;
764 dst_ace->prev = dst_ace->next = NULL;
765 return dst_ace;
766 }
767
768 /****************************************************************************
769 Print out a canon ace.
770 ****************************************************************************/
771
772 static void print_canon_ace(canon_ace *pace, int num)
773 {
774 dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
775 dbgtext( "SID = %s ", sid_string_dbg(&pace->trustee));
776 if (pace->owner_type == UID_ACE) {
777 const char *u_name = uidtoname(pace->unix_ug.uid);
778 dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, u_name );
779 } else if (pace->owner_type == GID_ACE) {
780 char *g_name = gidtoname(pace->unix_ug.gid);
781 dbgtext( "gid %u (%s) ", (unsigned int)pace->unix_ug.gid, g_name );
782 } else
783 dbgtext( "other ");
784 switch (pace->type) {
785 case SMB_ACL_USER:
786 dbgtext( "SMB_ACL_USER ");
787 break;
788 case SMB_ACL_USER_OBJ:
789 dbgtext( "SMB_ACL_USER_OBJ ");
790 break;
791 case SMB_ACL_GROUP:
792 dbgtext( "SMB_ACL_GROUP ");
793 break;
794 case SMB_ACL_GROUP_OBJ:
795 dbgtext( "SMB_ACL_GROUP_OBJ ");
796 break;
797 case SMB_ACL_OTHER:
798 dbgtext( "SMB_ACL_OTHER ");
799 break;
800 default:
801 dbgtext( "MASK " );
802 break;
803 }
804
805 dbgtext( "ace_flags = 0x%x ", (unsigned int)pace->ace_flags);
806 dbgtext( "perms ");
807 dbgtext( "%c", pace->perms & S_IRUSR ? 'r' : '-');
808 dbgtext( "%c", pace->perms & S_IWUSR ? 'w' : '-');
809 dbgtext( "%c\n", pace->perms & S_IXUSR ? 'x' : '-');
810 }
811
812 /****************************************************************************
813 Print out a canon ace list.
814 ****************************************************************************/
815
816 static void print_canon_ace_list(const char *name, canon_ace *ace_list)
817 {
818 int count = 0;
819
820 if( DEBUGLVL( 10 )) {
821 dbgtext( "print_canon_ace_list: %s\n", name );
822 for (;ace_list; ace_list = ace_list->next, count++)
823 print_canon_ace(ace_list, count );
824 }
825 }
826
827 /****************************************************************************
828 Map POSIX ACL perms to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
829 ****************************************************************************/
830
831 static mode_t convert_permset_to_mode_t(connection_struct *conn, SMB_ACL_PERMSET_T permset)
832 {
833 mode_t ret = 0;
834
835 ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ) ? S_IRUSR : 0);
836 ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
837 ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
838
839 return ret;
840 }
841
842 /****************************************************************************
843 Map generic UNIX permissions to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
844 ****************************************************************************/
845
846 static mode_t unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask)
847 {
848 mode_t ret = 0;
849
850 if (mode & r_mask)
851 ret |= S_IRUSR;
852 if (mode & w_mask)
853 ret |= S_IWUSR;
854 if (mode & x_mask)
855 ret |= S_IXUSR;
856
857 return ret;
858 }
859
860 /****************************************************************************
861 Map canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits) to
862 an SMB_ACL_PERMSET_T.
863 ****************************************************************************/
864
865 static int map_acl_perms_to_permset(connection_struct *conn, mode_t mode, SMB_ACL_PERMSET_T *p_permset)
866 {
867 if (SMB_VFS_SYS_ACL_CLEAR_PERMS(conn, *p_permset) == -1)
868 return -1;
869 if (mode & S_IRUSR) {
870 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_READ) == -1)
871 return -1;
872 }
873 if (mode & S_IWUSR) {
874 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_WRITE) == -1)
875 return -1;
876 }
877 if (mode & S_IXUSR) {
878 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_EXECUTE) == -1)
879 return -1;
880 }
881 return 0;
882 }
883
884 /****************************************************************************
885 Function to create owner and group SIDs from a SMB_STRUCT_STAT.
886 ****************************************************************************/
887
888 void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid)
889 {
890 uid_to_sid( powner_sid, psbuf->st_ex_uid );
891 gid_to_sid( pgroup_sid, psbuf->st_ex_gid );
892 }
893
894 /****************************************************************************
895 Is the identity in two ACEs equal ? Check both SID and uid/gid.
896 ****************************************************************************/
897
898 static bool identity_in_ace_equal(canon_ace *ace1, canon_ace *ace2)
899 {
900 if (sid_equal(&ace1->trustee, &ace2->trustee)) {
901 return True;
902 }
903 if (ace1->owner_type == ace2->owner_type) {
904 if (ace1->owner_type == UID_ACE &&
905 ace1->unix_ug.uid == ace2->unix_ug.uid) {
906 return True;
907 } else if (ace1->owner_type == GID_ACE &&
908 ace1->unix_ug.gid == ace2->unix_ug.gid) {
909 return True;
910 }
911 }
912 return False;
913 }
914
915 /****************************************************************************
916 Merge aces with a common sid - if both are allow or deny, OR the permissions together and
917 delete the second one. If the first is deny, mask the permissions off and delete the allow
918 if the permissions become zero, delete the deny if the permissions are non zero.
919 ****************************************************************************/
920
921 static void merge_aces( canon_ace **pp_list_head )
922 {
923 canon_ace *l_head = *pp_list_head;
924 canon_ace *curr_ace_outer;
925 canon_ace *curr_ace_outer_next;
926
927 /*
928 * First, merge allow entries with identical SIDs, and deny entries
929 * with identical SIDs.
930 */
931
932 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
933 canon_ace *curr_ace;
934 canon_ace *curr_ace_next;
935
936 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
937
938 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
939
940 curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
941
942 if (identity_in_ace_equal(curr_ace, curr_ace_outer) &&
943 (curr_ace->attr == curr_ace_outer->attr)) {
944
945 if( DEBUGLVL( 10 )) {
946 dbgtext("merge_aces: Merging ACE's\n");
947 print_canon_ace( curr_ace_outer, 0);
948 print_canon_ace( curr_ace, 0);
949 }
950
951 /* Merge two allow or two deny ACE's. */
952
953 curr_ace_outer->perms |= curr_ace->perms;
954 DLIST_REMOVE(l_head, curr_ace);
955 SAFE_FREE(curr_ace);
956 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
957 }
958 }
959 }
960
961 /*
962 * Now go through and mask off allow permissions with deny permissions.
963 * We can delete either the allow or deny here as we know that each SID
964 * appears only once in the list.
965 */
966
967 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
968 canon_ace *curr_ace;
969 canon_ace *curr_ace_next;
970
971 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
972
973 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
974
975 curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
976
977 /*
978 * Subtract ACE's with different entries. Due to the ordering constraints
979 * we've put on the ACL, we know the deny must be the first one.
980 */
981
982 if (identity_in_ace_equal(curr_ace, curr_ace_outer) &&
983 (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
984
985 if( DEBUGLVL( 10 )) {
986 dbgtext("merge_aces: Masking ACE's\n");
987 print_canon_ace( curr_ace_outer, 0);
988 print_canon_ace( curr_ace, 0);
989 }
990
991 curr_ace->perms &= ~curr_ace_outer->perms;
992
993 if (curr_ace->perms == 0) {
994
995 /*
996 * The deny overrides the allow. Remove the allow.
997 */
998
999 DLIST_REMOVE(l_head, curr_ace);
1000 SAFE_FREE(curr_ace);
1001 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
1002
1003 } else {
1004
1005 /*
1006 * Even after removing permissions, there
1007 * are still allow permissions - delete the deny.
1008 * It is safe to delete the deny here,
1009 * as we are guarenteed by the deny first
1010 * ordering that all the deny entries for
1011 * this SID have already been merged into one
1012 * before we can get to an allow ace.
1013 */
1014
1015 DLIST_REMOVE(l_head, curr_ace_outer);
1016 SAFE_FREE(curr_ace_outer);
1017 break;
1018 }
1019 }
1020
1021 } /* end for curr_ace */
1022 } /* end for curr_ace_outer */
1023
1024 /* We may have modified the list. */
1025
1026 *pp_list_head = l_head;
1027 }
1028
1029 /****************************************************************************
1030 Check if we need to return NT4.x compatible ACL entries.
1031 ****************************************************************************/
1032
1033 bool nt4_compatible_acls(void)
1034 {
1035 int compat = lp_acl_compatibility();
1036
1037 if (compat == ACL_COMPAT_AUTO) {
1038 enum remote_arch_types ra_type = get_remote_arch();
1039
1040 /* Automatically adapt to client */
1041 return (ra_type <= RA_WINNT);
1042 } else
1043 return (compat == ACL_COMPAT_WINNT);
1044 }
1045
1046
1047 /****************************************************************************
1048 Map canon_ace perms to permission bits NT.
1049 The attr element is not used here - we only process deny entries on set,
1050 not get. Deny entries are implicit on get with ace->perms = 0.
1051 ****************************************************************************/
1052
1053 static uint32_t map_canon_ace_perms(int snum,
1054 enum security_ace_type *pacl_type,
1055 mode_t perms,
1056 bool directory_ace)
1057 {
1058 uint32_t nt_mask = 0;
1059
1060 *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
1061
1062 if (lp_acl_map_full_control(snum) && ((perms & ALL_ACE_PERMS) == ALL_ACE_PERMS)) {
1063 if (directory_ace) {
1064 nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
1065 } else {
1066 nt_mask = (UNIX_ACCESS_RWX & ~DELETE_ACCESS);
1067 }
1068 } else if ((perms & ALL_ACE_PERMS) == (mode_t)0) {
1069 /*
1070 * Windows NT refuses to display ACEs with no permissions in them (but
1071 * they are perfectly legal with Windows 2000). If the ACE has empty
1072 * permissions we cannot use 0, so we use the otherwise unused
1073 * WRITE_OWNER permission, which we ignore when we set an ACL.
1074 * We abstract this into a #define of UNIX_ACCESS_NONE to allow this
1075 * to be changed in the future.
1076 */
1077
1078 if (nt4_compatible_acls())
1079 nt_mask = UNIX_ACCESS_NONE;
1080 else
1081 nt_mask = 0;
1082 } else {
1083 if (directory_ace) {
1084 nt_mask |= ((perms & S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 );
1085 nt_mask |= ((perms & S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 );
1086 nt_mask |= ((perms & S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 );
1087 } else {
1088 nt_mask |= ((perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
1089 nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
1090 nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
1091 }
1092 }
1093
1094 DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
1095 (unsigned int)perms, (unsigned int)nt_mask ));
1096
1097 return nt_mask;
1098 }
1099
1100 /****************************************************************************
1101 Map NT perms to a UNIX mode_t.
1102 ****************************************************************************/
1103
1104 #define FILE_SPECIFIC_READ_BITS (FILE_READ_DATA|FILE_READ_EA|FILE_READ_ATTRIBUTES)
1105 #define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES)
1106 #define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
1107
1108 static mode_t map_nt_perms( uint32 *mask, int type)
1109 {
1110 mode_t mode = 0;
1111
1112 switch(type) {
1113 case S_IRUSR:
1114 if((*mask) & GENERIC_ALL_ACCESS)
1115 mode = S_IRUSR|S_IWUSR|S_IXUSR;
1116 else {
1117 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
1118 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
1119 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
1120 }
1121 break;
1122 case S_IRGRP:
1123 if((*mask) & GENERIC_ALL_ACCESS)
1124 mode = S_IRGRP|S_IWGRP|S_IXGRP;
1125 else {
1126 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
1127 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
1128 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
1129 }
1130 break;
1131 case S_IROTH:
1132 if((*mask) & GENERIC_ALL_ACCESS)
1133 mode = S_IROTH|S_IWOTH|S_IXOTH;
1134 else {
1135 mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
1136 mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
1137 mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
1138 }
1139 break;
1140 }
1141
1142 return mode;
1143 }
1144
1145 /****************************************************************************
1146 Unpack a SEC_DESC into a UNIX owner and group.
1147 ****************************************************************************/
1148
1149 NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd)
1150 {
1151 DOM_SID owner_sid;
1152 DOM_SID grp_sid;
1153
1154 *puser = (uid_t)-1;
1155 *pgrp = (gid_t)-1;
1156
1157 if(security_info_sent == 0) {
1158 DEBUG(0,("unpack_nt_owners: no security info sent !\n"));
1159 return NT_STATUS_OK;
1160 }
1161
1162 /*
1163 * Validate the owner and group SID's.
1164 */
1165
1166 memset(&owner_sid, '\0', sizeof(owner_sid));
1167 memset(&grp_sid, '\0', sizeof(grp_sid));
1168
1169 DEBUG(5,("unpack_nt_owners: validating owner_sids.\n"));
1170
1171 /*
1172 * Don't immediately fail if the owner sid cannot be validated.
1173 * This may be a group chown only set.
1174 */
1175
1176 if (security_info_sent & OWNER_SECURITY_INFORMATION) {
1177 sid_copy(&owner_sid, psd->owner_sid);
1178 if (!sid_to_uid(&owner_sid, puser)) {
1179 if (lp_force_unknown_acl_user(snum)) {
1180 /* this allows take ownership to work
1181 * reasonably */
1182 *puser = current_user.ut.uid;
1183 } else {
1184 DEBUG(3,("unpack_nt_owners: unable to validate"
1185 " owner sid for %s\n",
1186 sid_string_dbg(&owner_sid)));
1187 return NT_STATUS_INVALID_OWNER;
1188 }
1189 }
1190 DEBUG(3,("unpack_nt_owners: owner sid mapped to uid %u\n",
1191 (unsigned int)*puser ));
1192 }
1193
1194 /*
1195 * Don't immediately fail if the group sid cannot be validated.
1196 * This may be an owner chown only set.
1197 */
1198
1199 if (security_info_sent & GROUP_SECURITY_INFORMATION) {
1200 sid_copy(&grp_sid, psd->group_sid);
1201 if (!sid_to_gid( &grp_sid, pgrp)) {
1202 if (lp_force_unknown_acl_user(snum)) {
1203 /* this allows take group ownership to work
1204 * reasonably */
1205 *pgrp = current_user.ut.gid;
1206 } else {
1207 DEBUG(3,("unpack_nt_owners: unable to validate"
1208 " group sid.\n"));
1209 return NT_STATUS_INVALID_OWNER;
1210 }
1211 }
1212 DEBUG(3,("unpack_nt_owners: group sid mapped to gid %u\n",
1213 (unsigned int)*pgrp));
1214 }
1215
1216 DEBUG(5,("unpack_nt_owners: owner_sids validated.\n"));
1217
1218 return NT_STATUS_OK;
1219 }
1220
1221 /****************************************************************************
1222 Ensure the enforced permissions for this share apply.
1223 ****************************************************************************/
1224
1225 static void apply_default_perms(const struct share_params *params,
1226 const bool is_directory, canon_ace *pace,
1227 mode_t type)
1228 {
1229 mode_t and_bits = (mode_t)0;
1230 mode_t or_bits = (mode_t)0;
1231
1232 /* Get the initial bits to apply. */
1233
1234 if (is_directory) {
1235 and_bits = lp_dir_security_mask(params->service);
1236 or_bits = lp_force_dir_security_mode(params->service);
1237 } else {
1238 and_bits = lp_security_mask(params->service);
1239 or_bits = lp_force_security_mode(params->service);
1240 }
1241
1242 /* Now bounce them into the S_USR space. */
1243 switch(type) {
1244 case S_IRUSR:
1245 /* Ensure owner has read access. */
1246 pace->perms |= S_IRUSR;
1247 if (is_directory)
1248 pace->perms |= (S_IWUSR|S_IXUSR);
1249 and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1250 or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1251 break;
1252 case S_IRGRP:
1253 and_bits = unix_perms_to_acl_perms(and_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1254 or_bits = unix_perms_to_acl_perms(or_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1255 break;
1256 case S_IROTH:
1257 and_bits = unix_perms_to_acl_perms(and_bits, S_IROTH, S_IWOTH, S_IXOTH);
1258 or_bits = unix_perms_to_acl_perms(or_bits, S_IROTH, S_IWOTH, S_IXOTH);
1259 break;
1260 }
1261
1262 pace->perms = ((pace->perms & and_bits)|or_bits);
1263 }
1264
1265 /****************************************************************************
1266 Check if a given uid/SID is in a group gid/SID. This is probably very
1267 expensive and will need optimisation. A *lot* of optimisation :-). JRA.
1268 ****************************************************************************/
1269
1270 static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
1271 {
1272 const char *u_name = NULL;
1273
1274 /* "Everyone" always matches every uid. */
1275
1276 if (sid_equal(&group_ace->trustee, &global_sid_World))
1277 return True;
1278
1279 /*
1280 * if it's the current user, we already have the unix token
1281 * and don't need to do the complex user_in_group_sid() call
1282 */
1283 if (uid_ace->unix_ug.uid == current_user.ut.uid) {
1284 size_t i;
1285
1286 if (group_ace->unix_ug.gid == current_user.ut.gid) {
1287 return True;
1288 }
1289
1290 for (i=0; i < current_user.ut.ngroups; i++) {
1291 if (group_ace->unix_ug.gid == current_user.ut.groups[i]) {
1292 return True;
1293 }
1294 }
1295 }
1296
1297 /* u_name talloc'ed off tos. */
1298 u_name = uidtoname(uid_ace->unix_ug.uid);
1299 if (!u_name) {
1300 return False;
1301 }
1302
1303 /*
1304 * user_in_group_sid() uses create_token_from_username()
1305 * which creates an artificial NT token given just a username,
1306 * so this is not reliable for users from foreign domains
1307 * exported by winbindd!
1308 */
1309 return user_in_group_sid(u_name, &group_ace->trustee);
1310 }
1311
1312 /****************************************************************************
1313 A well formed POSIX file or default ACL has at least 3 entries, a
1314 SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ.
1315 In addition, the owner must always have at least read access.
1316 When using this call on get_acl, the pst struct is valid and contains
1317 the mode of the file. When using this call on set_acl, the pst struct has
1318 been modified to have a mode containing the default for this file or directory
1319 type.
1320 ****************************************************************************/
1321
1322 static bool ensure_canon_entry_valid(canon_ace **pp_ace,
1323 const struct share_params *params,
1324 const bool is_directory,
1325 const DOM_SID *pfile_owner_sid,
1326 const DOM_SID *pfile_grp_sid,
1327 const SMB_STRUCT_STAT *pst,
1328 bool setting_acl)
1329 {
1330 canon_ace *pace;
1331 bool got_user = False;
1332 bool got_grp = False;
1333 bool got_other = False;
1334 canon_ace *pace_other = NULL;
1335
1336 for (pace = *pp_ace; pace; pace = pace->next) {
1337 if (pace->type == SMB_ACL_USER_OBJ) {
1338
1339 if (setting_acl)
1340 apply_default_perms(params, is_directory, pace, S_IRUSR);
1341 got_user = True;
1342
1343 } else if (pace->type == SMB_ACL_GROUP_OBJ) {
1344
1345 /*
1346 * Ensure create mask/force create mode is respected on set.
1347 */
1348
1349 if (setting_acl)
1350 apply_default_perms(params, is_directory, pace, S_IRGRP);
1351 got_grp = True;
1352
1353 } else if (pace->type == SMB_ACL_OTHER) {
1354
1355 /*
1356 * Ensure create mask/force create mode is respected on set.
1357 */
1358
1359 if (setting_acl)
1360 apply_default_perms(params, is_directory, pace, S_IROTH);
1361 got_other = True;
1362 pace_other = pace;
1363 }
1364 }
1365
1366 if (!got_user) {
1367 if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1368 DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1369 return False;
1370 }
1371
1372 ZERO_STRUCTP(pace);
1373 pace->type = SMB_ACL_USER_OBJ;
1374 pace->owner_type = UID_ACE;
1375 pace->unix_ug.uid = pst->st_ex_uid;
1376 pace->trustee = *pfile_owner_sid;
1377 pace->attr = ALLOW_ACE;
1378
1379 if (setting_acl) {
1380 /* See if the owning user is in any of the other groups in
1381 the ACE. If so, OR in the permissions from that group. */
1382
1383 bool group_matched = False;
1384 canon_ace *pace_iter;
1385
1386 for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) {
1387 if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) {
1388 if (uid_entry_in_group(pace, pace_iter)) {
1389 pace->perms |= pace_iter->perms;
1390 group_matched = True;
1391 }
1392 }
1393 }
1394
1395 /* If we only got an "everyone" perm, just use that. */
1396 if (!group_matched) {
1397 if (got_other)
1398 pace->perms = pace_other->perms;
1399 else
1400 pace->perms = 0;
1401 }
1402
1403 apply_default_perms(params, is_directory, pace, S_IRUSR);
1404 } else {
1405 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
1406 }
1407
1408 DLIST_ADD(*pp_ace, pace);
1409 }
1410
1411 if (!got_grp) {
1412 if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1413 DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1414 return False;
1415 }
1416
1417 ZERO_STRUCTP(pace);
1418 pace->type = SMB_ACL_GROUP_OBJ;
1419 pace->owner_type = GID_ACE;
1420 pace->unix_ug.uid = pst->st_ex_gid;
1421 pace->trustee = *pfile_grp_sid;
1422 pace->attr = ALLOW_ACE;
1423 if (setting_acl) {
1424 /* If we only got an "everyone" perm, just use that. */
1425 if (got_other)
1426 pace->perms = pace_other->perms;
1427 else
1428 pace->perms = 0;
1429 apply_default_perms(params, is_directory, pace, S_IRGRP);
1430 } else {
1431 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP);
1432 }
1433
1434 DLIST_ADD(*pp_ace, pace);
1435 }
1436
1437 if (!got_other) {
1438 if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1439 DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1440 return False;
1441 }
1442
1443 ZERO_STRUCTP(pace);
1444 pace->type = SMB_ACL_OTHER;
1445 pace->owner_type = WORLD_ACE;
1446 pace->unix_ug.world = -1;
1447 pace->trustee = global_sid_World;
1448 pace->attr = ALLOW_ACE;
1449 if (setting_acl) {
1450 pace->perms = 0;
1451 apply_default_perms(params, is_directory, pace, S_IROTH);
1452 } else
1453 pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IROTH, S_IWOTH, S_IXOTH);
1454
1455 DLIST_ADD(*pp_ace, pace);
1456 }
1457
1458 return True;
1459 }
1460
1461 /****************************************************************************
1462 Check if a POSIX ACL has the required SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries.
1463 If it does not have them, check if there are any entries where the trustee is the
1464 file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ.
1465 ****************************************************************************/
1466
1467 static void check_owning_objs(canon_ace *ace, DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid)
1468 {
1469 bool got_user_obj, got_group_obj;
1470 canon_ace *current_ace;
1471 int i, entries;
1472
1473 entries = count_canon_ace_list(ace);
1474 got_user_obj = False;
1475 got_group_obj = False;
1476
1477 for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1478 if (current_ace->type == SMB_ACL_USER_OBJ)
1479 got_user_obj = True;
1480 else if (current_ace->type == SMB_ACL_GROUP_OBJ)
1481 got_group_obj = True;
1482 }
1483 if (got_user_obj && got_group_obj) {
1484 DEBUG(10,("check_owning_objs: ACL had owning user/group entries.\n"));
1485 return;
1486 }
1487
1488 for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1489 if (!got_user_obj && current_ace->owner_type == UID_ACE &&
1490 sid_equal(&current_ace->trustee, pfile_owner_sid)) {
1491 current_ace->type = SMB_ACL_USER_OBJ;
1492 got_user_obj = True;
1493 }
1494 if (!got_group_obj && current_ace->owner_type == GID_ACE &&
1495 sid_equal(&current_ace->trustee, pfile_grp_sid)) {
1496 current_ace->type = SMB_ACL_GROUP_OBJ;
1497 got_group_obj = True;
1498 }
1499 }
1500 if (!got_user_obj)
1501 DEBUG(10,("check_owning_objs: ACL is missing an owner entry.\n"));
1502 if (!got_group_obj)
1503 DEBUG(10,("check_owning_objs: ACL is missing an owning group entry.\n"));
1504 }
1505
1506 /****************************************************************************
1507 Unpack a SEC_DESC into two canonical ace lists.
1508 ****************************************************************************/
1509
1510 static bool create_canon_ace_lists(files_struct *fsp,
1511 SMB_STRUCT_STAT *pst,
1512 DOM_SID *pfile_owner_sid,
1513 DOM_SID *pfile_grp_sid,
1514 canon_ace **ppfile_ace,
1515 canon_ace **ppdir_ace,
1516 const SEC_ACL *dacl)
1517 {
1518 bool all_aces_are_inherit_only = (fsp->is_directory ? True : False);
1519 canon_ace *file_ace = NULL;
1520 canon_ace *dir_ace = NULL;
1521 canon_ace *current_ace = NULL;
1522 bool got_dir_allow = False;
1523 bool got_file_allow = False;
1524 int i, j;
1525
1526 *ppfile_ace = NULL;
1527 *ppdir_ace = NULL;
1528
1529 /*
1530 * Convert the incoming ACL into a more regular form.
1531 */
1532
1533 for(i = 0; i < dacl->num_aces; i++) {
1534 SEC_ACE *psa = &dacl->aces[i];
1535
1536 if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
1537 DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
1538 return False;
1539 }
1540
1541 if (nt4_compatible_acls()) {
1542 /*
1543 * The security mask may be UNIX_ACCESS_NONE which should map into
1544 * no permissions (we overload the WRITE_OWNER bit for this) or it
1545 * should be one of the ALL/EXECUTE/READ/WRITE bits. Arrange for this
1546 * to be so. Any other bits override the UNIX_ACCESS_NONE bit.
1547 */
1548
1549 /*
1550 * Convert GENERIC bits to specific bits.
1551 */
1552
1553 se_map_generic(&psa->access_mask, &file_generic_mapping);
1554
1555 psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
1556
1557 if(psa->access_mask != UNIX_ACCESS_NONE)
1558 psa->access_mask &= ~UNIX_ACCESS_NONE;
1559 }
1560 }
1561
1562 /*
1563 * Deal with the fact that NT 4.x re-writes the canonical format
1564 * that we return for default ACLs. If a directory ACE is identical
1565 * to a inherited directory ACE then NT changes the bits so that the
1566 * first ACE is set to OI|IO and the second ACE for this SID is set
1567 * to CI. We need to repair this. JRA.
1568 */
1569
1570 for(i = 0; i < dacl->num_aces; i++) {
1571 SEC_ACE *psa1 = &dacl->aces[i];
1572
1573 for (j = i + 1; j < dacl->num_aces; j++) {
1574 SEC_ACE *psa2 = &dacl->aces[j];
1575
1576 if (psa1->access_mask != psa2->access_mask)
1577 continue;
1578
1579 if (!sid_equal(&psa1->trustee, &psa2->trustee))
1580 continue;
1581
1582 /*
1583 * Ok - permission bits and SIDs are equal.
1584 * Check if flags were re-written.
1585 */
1586
1587 if (psa1->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1588
1589 psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1590 psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1591
1592 } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1593
1594 psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1595 psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1596
1597 }
1598 }
1599 }
1600
1601 for(i = 0; i < dacl->num_aces; i++) {
1602 SEC_ACE *psa = &dacl->aces[i];
1603
1604 /*
1605 * Create a cannon_ace entry representing this NT DACL ACE.
1606 */
1607
1608 if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) {
1609 free_canon_ace_list(file_ace);
1610 free_canon_ace_list(dir_ace);
1611 DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
1612 return False;
1613 }
1614
1615 ZERO_STRUCTP(current_ace);
1616
1617 sid_copy(&current_ace->trustee, &psa->trustee);
1618
1619 /*
1620 * Try and work out if the SID is a user or group
1621 * as we need to flag these differently for POSIX.
1622 * Note what kind of a POSIX ACL this should map to.
1623 */
1624
1625 if( sid_equal(&current_ace->trustee, &global_sid_World)) {
1626 current_ace->owner_type = WORLD_ACE;
1627 current_ace->unix_ug.world = -1;
1628 current_ace->type = SMB_ACL_OTHER;
1629 } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Owner)) {
1630 current_ace->owner_type = UID_ACE;
1631 current_ace->unix_ug.uid = pst->st_ex_uid;
1632 current_ace->type = SMB_ACL_USER_OBJ;
1633
1634 /*
1635 * The Creator Owner entry only specifies inheritable permissions,
1636 * never access permissions. WinNT doesn't always set the ACE to
1637 *INHERIT_ONLY, though.
1638 */
1639
1640 if (nt4_compatible_acls())
1641 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
1642 } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Group)) {
1643 current_ace->owner_type = GID_ACE;
1644 current_ace->unix_ug.gid = pst->st_ex_gid;
1645 current_ace->type = SMB_ACL_GROUP_OBJ;
1646
1647 /*
1648 * The Creator Group entry only specifies inheritable permissions,
1649 * never access permissions. WinNT doesn't always set the ACE to
1650 *INHERIT_ONLY, though.
1651 */
1652 if (nt4_compatible_acls())
1653 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
1654
1655 } else if (sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid)) {
1656 current_ace->owner_type = UID_ACE;
1657 /* If it's the owning user, this is a user_obj, not
1658 * a user. */
1659 if (current_ace->unix_ug.uid == pst->st_ex_uid) {
1660 current_ace->type = SMB_ACL_USER_OBJ;
1661 } else {
1662 current_ace->type = SMB_ACL_USER;
1663 }
1664 } else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid)) {
1665 current_ace->owner_type = GID_ACE;
1666 /* If it's the primary group, this is a group_obj, not
1667 * a group. */
1668 if (current_ace->unix_ug.gid == pst->st_ex_gid) {
1669 current_ace->type = SMB_ACL_GROUP_OBJ;
1670 } else {
1671 current_ace->type = SMB_ACL_GROUP;
1672 }
1673 } else {
1674 /*
1675 * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
1676 */
1677
1678 if (non_mappable_sid(&psa->trustee)) {
1679 DEBUG(10, ("create_canon_ace_lists: ignoring "
1680 "non-mappable SID %s\n",
1681 sid_string_dbg(&psa->trustee)));
1682 SAFE_FREE(current_ace);
1683 continue;
1684 }
1685
1686 free_canon_ace_list(file_ace);
1687 free_canon_ace_list(dir_ace);
1688 DEBUG(0, ("create_canon_ace_lists: unable to map SID "
1689 "%s to uid or gid.\n",
1690 sid_string_dbg(&current_ace->trustee)));
1691 SAFE_FREE(current_ace);
1692 return False;
1693 }
1694
1695 /*
1696 * Map the given NT permissions into a UNIX mode_t containing only
1697 * S_I(R|W|X)USR bits.
1698 */
1699
1700 current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR);
1701 current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
1702
1703 /* Store the ace_flag. */
1704 current_ace->ace_flags = psa->flags;
1705
1706 /*
1707 * Now add the created ace to either the file list, the directory
1708 * list, or both. We *MUST* preserve the order here (hence we use
1709 * DLIST_ADD_END) as NT ACLs are order dependent.
1710 */
1711
1712 if (fsp->is_directory) {
1713
1714 /*
1715 * We can only add to the default POSIX ACE list if the ACE is
1716 * designed to be inherited by both files and directories.
1717 */
1718
1719 if ((psa->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) ==
1720 (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) {
1721
1722 DLIST_ADD_END(dir_ace, current_ace, canon_ace *);
1723
1724 /*
1725 * Note if this was an allow ace. We can't process
1726 * any further deny ace's after this.
1727 */
1728
1729 if (current_ace->attr == ALLOW_ACE)
1730 got_dir_allow = True;
1731
1732 if ((current_ace->attr == DENY_ACE) && got_dir_allow) {
1733 DEBUG(0,("create_canon_ace_lists: "
1734 "malformed ACL in "
1735 "inheritable ACL! Deny entry "
1736 "after Allow entry. Failing "
1737 "to set on file %s.\n",
1738 fsp_str_dbg(fsp)));
1739 free_canon_ace_list(file_ace);
1740 free_canon_ace_list(dir_ace);
1741 return False;
1742 }
1743
1744 if( DEBUGLVL( 10 )) {
1745 dbgtext("create_canon_ace_lists: adding dir ACL:\n");
1746 print_canon_ace( current_ace, 0);
1747 }
1748
1749 /*
1750 * If this is not an inherit only ACE we need to add a duplicate
1751 * to the file acl.
1752 */
1753
1754 if (!(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1755 canon_ace *dup_ace = dup_canon_ace(current_ace);
1756
1757 if (!dup_ace) {
1758 DEBUG(0,("create_canon_ace_lists: malloc fail !\n"));
1759 free_canon_ace_list(file_ace);
1760 free_canon_ace_list(dir_ace);
1761 return False;
1762 }
1763
1764 /*
1765 * We must not free current_ace here as its
1766 * pointer is now owned by the dir_ace list.
1767 */
1768 current_ace = dup_ace;
1769 } else {
1770 /*
1771 * We must not free current_ace here as its
1772 * pointer is now owned by the dir_ace list.
1773 */
1774 current_ace = NULL;
1775 }
1776 }
1777 }
1778
1779 /*
1780 * Only add to the file ACL if not inherit only.
1781 */
1782
1783 if (current_ace && !(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1784 DLIST_ADD_END(file_ace, current_ace, canon_ace *);
1785
1786 /*
1787 * Note if this was an allow ace. We can't process
1788 * any further deny ace's after this.
1789 */
1790
1791 if (current_ace->attr == ALLOW_ACE)
1792 got_file_allow = True;
1793
1794 if ((current_ace->attr == DENY_ACE) && got_file_allow) {
1795 DEBUG(0,("create_canon_ace_lists: malformed "
1796 "ACL in file ACL ! Deny entry after "
1797 "Allow entry. Failing to set on file "
1798 "%s.\n", fsp_str_dbg(fsp)));
1799 free_canon_ace_list(file_ace);
1800 free_canon_ace_list(dir_ace);
1801 return False;
1802 }
1803
1804 if( DEBUGLVL( 10 )) {
1805 dbgtext("create_canon_ace_lists: adding file ACL:\n");
1806 print_canon_ace( current_ace, 0);
1807 }
1808 all_aces_are_inherit_only = False;
1809 /*
1810 * We must not free current_ace here as its
1811 * pointer is now owned by the file_ace list.
1812 */
1813 current_ace = NULL;
1814 }
1815
1816 /*
1817 * Free if ACE was not added.
1818 */
1819
1820 SAFE_FREE(current_ace);
1821 }
1822
1823 if (fsp->is_directory && all_aces_are_inherit_only) {
1824 /*
1825 * Windows 2000 is doing one of these weird 'inherit acl'
1826 * traverses to conserve NTFS ACL resources. Just pretend
1827 * there was no DACL sent. JRA.
1828 */
1829
1830 DEBUG(10,("create_canon_ace_lists: Win2k inherit acl traverse. Ignoring DACL.\n"));
1831 free_canon_ace_list(file_ace);
1832 free_canon_ace_list(dir_ace);
1833 file_ace = NULL;
1834 dir_ace = NULL;
1835 } else {
1836 /*
1837 * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in each
1838 * ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP
1839 * entries can be converted to *_OBJ. Usually we will already have these
1840 * entries in the Default ACL, and the Access ACL will not have them.
1841 */
1842 if (file_ace) {
1843 check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid);
1844 }
1845 if (dir_ace) {
1846 check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid);
1847 }
1848 }
1849
1850 *ppfile_ace = file_ace;
1851 *ppdir_ace = dir_ace;
1852
1853 return True;
1854 }
1855
1856 /****************************************************************************
1857 ASCII art time again... JRA :-).
1858
1859 We have 4 cases to process when moving from an NT ACL to a POSIX ACL. Firstly,
1860 we insist the ACL is in canonical form (ie. all DENY entries preceede ALLOW
1861 entries). Secondly, the merge code has ensured that all duplicate SID entries for
1862 allow or deny have been merged, so the same SID can only appear once in the deny
1863 list or once in the allow list.
1864
1865 We then process as follows :
1866
1867 ---------------------------------------------------------------------------
1868 First pass - look for a Everyone DENY entry.
1869
1870 If it is deny all (rwx) trunate the list at this point.
1871 Else, walk the list from this point and use the deny permissions of this
1872 entry as a mask on all following allow entries. Finally, delete
1873 the Everyone DENY entry (we have applied it to everything possible).
1874
1875 In addition, in this pass we remove any DENY entries that have
1876 no permissions (ie. they are a DENY nothing).
1877 ---------------------------------------------------------------------------
1878 Second pass - only deal with deny user entries.
1879
1880 DENY user1 (perms XXX)
1881
1882 new_perms = 0
1883 for all following allow group entries where user1 is in group
1884 new_perms |= group_perms;
1885
1886 user1 entry perms = new_perms & ~ XXX;
1887
1888 Convert the deny entry to an allow entry with the new perms and
1889 push to the end of the list. Note if the user was in no groups
1890 this maps to a specific allow nothing entry for this user.
1891
1892 The common case from the NT ACL choser (userX deny all) is
1893 optimised so we don't do the group lookup - we just map to
1894 an allow nothing entry.
1895
1896 What we're doing here is inferring the allow permissions the
1897 person setting the ACE on user1 wanted by looking at the allow
1898 permissions on the groups the user is currently in. This will
1899 be a snapshot, depending on group membership but is the best
1900 we can do and has the advantage of failing closed rather than
1901 open.
1902 ---------------------------------------------------------------------------
1903 Third pass - only deal with deny group entries.
1904
1905 DENY group1 (perms XXX)
1906
1907 for all following allow user entries where user is in group1
1908 user entry perms = user entry perms & ~ XXX;
1909
1910 If there is a group Everyone allow entry with permissions YYY,
1911 convert the group1 entry to an allow entry and modify its
1912 permissions to be :
1913
1914 new_perms = YYY & ~ XXX
1915
1916 and push to the end of the list.
1917
1918 If there is no group Everyone allow entry then convert the
1919 group1 entry to a allow nothing entry and push to the end of the list.
1920
1921 Note that the common case from the NT ACL choser (groupX deny all)
1922 cannot be optimised here as we need to modify user entries who are
1923 in the group to change them to a deny all also.
1924
1925 What we're doing here is modifying the allow permissions of
1926 user entries (which are more specific in POSIX ACLs) to mask
1927 out the explicit deny set on the group they are in. This will
1928 be a snapshot depending on current group membership but is the
1929 best we can do and has the advantage of failing closed rather
1930 than open.
1931 ---------------------------------------------------------------------------
1932 Fourth pass - cope with cumulative permissions.
1933
1934 for all allow user entries, if there exists an allow group entry with
1935 more permissive permissions, and the user is in that group, rewrite the
1936 allow user permissions to contain both sets of permissions.
1937
1938 Currently the code for this is #ifdef'ed out as these semantics make
1939 no sense to me. JRA.
1940 ---------------------------------------------------------------------------
1941
1942 Note we *MUST* do the deny user pass first as this will convert deny user
1943 entries into allow user entries which can then be processed by the deny
1944 group pass.
1945
1946 The above algorithm took a *lot* of thinking about - hence this
1947 explaination :-). JRA.
1948 ****************************************************************************/
1949
1950 /****************************************************************************
1951 Process a canon_ace list entries. This is very complex code. We need
1952 to go through and remove the "deny" permissions from any allow entry that matches
1953 the id of this entry. We have already refused any NT ACL that wasn't in correct
1954 order (DENY followed by ALLOW). If any allow entry ends up with zero permissions,
1955 we just remove it (to fail safe). We have already removed any duplicate ace
1956 entries. Treat an "Everyone" DENY_ACE as a special case - use it to mask all
1957 allow entries.
1958 ****************************************************************************/
1959
1960 static void process_deny_list( canon_ace **pp_ace_list )
1961 {
1962 canon_ace *ace_list = *pp_ace_list;
1963 canon_ace *curr_ace = NULL;
1964 canon_ace *curr_ace_next = NULL;
1965
1966 /* Pass 1 above - look for an Everyone, deny entry. */
1967
1968 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
1969 canon_ace *allow_ace_p;
1970
1971 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
1972
1973 if (curr_ace->attr != DENY_ACE)
1974 continue;
1975
1976 if (curr_ace->perms == (mode_t)0) {
1977
1978 /* Deny nothing entry - delete. */
1979
1980 DLIST_REMOVE(ace_list, curr_ace);
1981 continue;
1982 }
1983
1984 if (!sid_equal(&curr_ace->trustee, &global_sid_World))
1985 continue;
1986
1987 /* JRATEST - assert. */
1988 SMB_ASSERT(curr_ace->owner_type == WORLD_ACE);
1989
1990 if (curr_ace->perms == ALL_ACE_PERMS) {
1991
1992 /*
1993 * Optimisation. This is a DENY_ALL to Everyone. Truncate the
1994 * list at this point including this entry.
1995 */
1996
1997 canon_ace *prev_entry = curr_ace->prev;
1998
1999 free_canon_ace_list( curr_ace );
2000 if (prev_entry)
2001 prev_entry->next = NULL;
2002 else {
2003 /* We deleted the entire list. */
2004 ace_list = NULL;
2005 }
2006 break;
2007 }
2008
2009 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2010
2011 /*
2012 * Only mask off allow entries.
2013 */
2014
2015 if (allow_ace_p->attr != ALLOW_ACE)
2016 continue;
2017
2018 allow_ace_p->perms &= ~curr_ace->perms;
2019 }
2020
2021 /*
2022 * Now it's been applied, remove it.
2023 */
2024
2025 DLIST_REMOVE(ace_list, curr_ace);
2026 }
2027
2028 /* Pass 2 above - deal with deny user entries. */
2029
2030 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2031 mode_t new_perms = (mode_t)0;
2032 canon_ace *allow_ace_p;
2033
2034 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2035
2036 if (curr_ace->attr != DENY_ACE)
2037 continue;
2038
2039 if (curr_ace->owner_type != UID_ACE)
2040 continue;
2041
2042 if (curr_ace->perms == ALL_ACE_PERMS) {
2043
2044 /*
2045 * Optimisation - this is a deny everything to this user.
2046 * Convert to an allow nothing and push to the end of the list.
2047 */
2048
2049 curr_ace->attr = ALLOW_ACE;
2050 curr_ace->perms = (mode_t)0;
2051 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2052 continue;
2053 }
2054
2055 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2056
2057 if (allow_ace_p->attr != ALLOW_ACE)
2058 continue;
2059
2060 /* We process GID_ACE and WORLD_ACE entries only. */
2061
2062 if (allow_ace_p->owner_type == UID_ACE)
2063 continue;
2064
2065 if (uid_entry_in_group( curr_ace, allow_ace_p))
2066 new_perms |= allow_ace_p->perms;
2067 }
2068
2069 /*
2070 * Convert to a allow entry, modify the perms and push to the end
2071 * of the list.
2072 */
2073
2074 curr_ace->attr = ALLOW_ACE;
2075 curr_ace->perms = (new_perms & ~curr_ace->perms);
2076 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2077 }
2078
2079 /* Pass 3 above - deal with deny group entries. */
2080
2081 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2082 canon_ace *allow_ace_p;
2083 canon_ace *allow_everyone_p = NULL;
2084
2085 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2086
2087 if (curr_ace->attr != DENY_ACE)
2088 continue;
2089
2090 if (curr_ace->owner_type != GID_ACE)
2091 continue;
2092
2093 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2094
2095 if (allow_ace_p->attr != ALLOW_ACE)
2096 continue;
2097
2098 /* Store a pointer to the Everyone allow, if it exists. */
2099 if (allow_ace_p->owner_type == WORLD_ACE)
2100 allow_everyone_p = allow_ace_p;
2101
2102 /* We process UID_ACE entries only. */
2103
2104 if (allow_ace_p->owner_type != UID_ACE)
2105 continue;
2106
2107 /* Mask off the deny group perms. */
2108
2109 if (uid_entry_in_group( allow_ace_p, curr_ace))
2110 allow_ace_p->perms &= ~curr_ace->perms;
2111 }
2112
2113 /*
2114 * Convert the deny to an allow with the correct perms and
2115 * push to the end of the list.
2116 */
2117
2118 curr_ace->attr = ALLOW_ACE;
2119 if (allow_everyone_p)
2120 curr_ace->perms = allow_everyone_p->perms & ~curr_ace->perms;
2121 else
2122 curr_ace->perms = (mode_t)0;
2123 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2124 }
2125
2126 /* Doing this fourth pass allows Windows semantics to be layered
2127 * on top of POSIX semantics. I'm not sure if this is desirable.
2128 * For example, in W2K ACLs there is no way to say, "Group X no
2129 * access, user Y full access" if user Y is a member of group X.
2130 * This seems completely broken semantics to me.... JRA.
2131 */
2132
2133 #if 0
2134 /* Pass 4 above - deal with allow entries. */
2135
2136 for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2137 canon_ace *allow_ace_p;
2138
2139 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2140
2141 if (curr_ace->attr != ALLOW_ACE)
2142 continue;
2143
2144 if (curr_ace->owner_type != UID_ACE)
2145 continue;
2146
2147 for (allow_ace_p = ace_list; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2148
2149 if (allow_ace_p->attr != ALLOW_ACE)
2150 continue;
2151
2152 /* We process GID_ACE entries only. */
2153
2154 if (allow_ace_p->owner_type != GID_ACE)
2155 continue;
2156
2157 /* OR in the group perms. */
2158
2159 if (uid_entry_in_group( curr_ace, allow_ace_p))
2160 curr_ace->perms |= allow_ace_p->perms;
2161 }
2162 }
2163 #endif
2164
2165 *pp_ace_list = ace_list;
2166 }
2167
2168 /****************************************************************************
2169 Create a default mode that will be used if a security descriptor entry has
2170 no user/group/world entries.
2171 ****************************************************************************/
2172
2173 static mode_t create_default_mode(files_struct *fsp, bool interitable_mode)
2174 {
2175 int snum = SNUM(fsp->conn);
2176 mode_t and_bits = (mode_t)0;
2177 mode_t or_bits = (mode_t)0;
2178 mode_t mode;
2179
2180 if (interitable_mode) {
2181 mode = unix_mode(fsp->conn, FILE_ATTRIBUTE_ARCHIVE,
2182 fsp->fsp_name, NULL);
2183 } else {
2184 mode = S_IRUSR;
2185 }
2186
2187 if (fsp->is_directory)
2188 mode |= (S_IWUSR|S_IXUSR);
2189
2190 /*
2191 * Now AND with the create mode/directory mode bits then OR with the
2192 * force create mode/force directory mode bits.
2193 */
2194
2195 if (fsp->is_directory) {
2196 and_bits = lp_dir_security_mask(snum);
2197 or_bits = lp_force_dir_security_mode(snum);
2198 } else {
2199 and_bits = lp_security_mask(snum);
2200 or_bits = lp_force_security_mode(snum);
2201 }
2202
2203 return ((mode & and_bits)|or_bits);
2204 }
2205
2206 /****************************************************************************
2207 Unpack a SEC_DESC into two canonical ace lists. We don't depend on this
2208 succeeding.
2209 ****************************************************************************/
2210
2211 static bool unpack_canon_ace(files_struct *fsp,
2212 SMB_STRUCT_STAT *pst,
2213 DOM_SID *pfile_owner_sid,
2214 DOM_SID *pfile_grp_sid,
2215 canon_ace **ppfile_ace,
2216 canon_ace **ppdir_ace,
2217 uint32 security_info_sent,
2218 const SEC_DESC *psd)
2219 {
2220 canon_ace *file_ace = NULL;
2221 canon_ace *dir_ace = NULL;
2222
2223 *ppfile_ace = NULL;
2224 *ppdir_ace = NULL;
2225
2226 if(security_info_sent == 0) {
2227 DEBUG(0,("unpack_canon_ace: no security info sent !\n"));
2228 return False;
2229 }
2230
2231 /*
2232 * If no DACL then this is a chown only security descriptor.
2233 */
2234
2235 if(!(security_info_sent & DACL_SECURITY_INFORMATION) || !psd->dacl)
2236 return True;
2237
2238 /*
2239 * Now go through the DACL and create the canon_ace lists.
2240 */
2241
2242 if (!create_canon_ace_lists( fsp, pst, pfile_owner_sid, pfile_grp_sid,
2243 &file_ace, &dir_ace, psd->dacl))
2244 return False;
2245
2246 if ((file_ace == NULL) && (dir_ace == NULL)) {
2247 /* W2K traverse DACL set - ignore. */
2248 return True;
2249 }
2250
2251 /*
2252 * Go through the canon_ace list and merge entries
2253 * belonging to identical users of identical allow or deny type.
2254 * We can do this as all deny entries come first, followed by
2255 * all allow entries (we have mandated this before accepting this acl).
2256 */
2257
2258 print_canon_ace_list( "file ace - before merge", file_ace);
2259 merge_aces( &file_ace );
2260
2261 print_canon_ace_list( "dir ace - before merge", dir_ace);
2262 merge_aces( &dir_ace );
2263
2264 /*
2265 * NT ACLs are order dependent. Go through the acl lists and
2266 * process DENY entries by masking the allow entries.
2267 */
2268
2269 print_canon_ace_list( "file ace - before deny", file_ace);
2270 process_deny_list( &file_ace);
2271
2272 print_canon_ace_list( "dir ace - before deny", dir_ace);
2273 process_deny_list( &dir_ace);
2274
2275 /*
2276 * A well formed POSIX file or default ACL has at least 3 entries, a
2277 * SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ
2278 * and optionally a mask entry. Ensure this is the case.
2279 */
2280
2281 print_canon_ace_list( "file ace - before valid", file_ace);
2282
2283 /*
2284 * A default 3 element mode entry for a file should be r-- --- ---.
2285 * A default 3 element mode entry for a directory should be rwx --- ---.
2286 */
2287
2288 pst->st_ex_mode = create_default_mode(fsp, False);
2289
2290 if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
2291 free_canon_ace_list(file_ace);
2292 free_canon_ace_list(dir_ace);
2293 return False;
2294 }
2295
2296 print_canon_ace_list( "dir ace - before valid", dir_ace);
2297
2298 /*
2299 * A default inheritable 3 element mode entry for a directory should be the
2300 * mode Samba will use to create a file within. Ensure user rwx bits are set if
2301 * it's a directory.
2302 */
2303
2304 pst->st_ex_mode = create_default_mode(fsp, True);
2305
2306 if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
2307 free_canon_ace_list(file_ace);
2308 free_canon_ace_list(dir_ace);
2309 return False;
2310 }
2311
2312 print_canon_ace_list( "file ace - return", file_ace);
2313 print_canon_ace_list( "dir ace - return", dir_ace);
2314
2315 *ppfile_ace = file_ace;
2316 *ppdir_ace = dir_ace;
2317 return True;
2318
2319 }
2320
2321 /******************************************************************************
2322 When returning permissions, try and fit NT display
2323 semantics if possible. Note the the canon_entries here must have been malloced.
2324 The list format should be - first entry = owner, followed by group and other user
2325 entries, last entry = other.
2326
2327 Note that this doesn't exactly match the NT semantics for an ACL. As POSIX entries
2328 are not ordered, and match on the most specific entry rather than walking a list,
2329 then a simple POSIX permission of rw-r--r-- should really map to 5 entries,
2330
2331 Entry 0: owner : deny all except read and write.
2332 Entry 1: owner : allow read and write.
2333 Entry 2: group : deny all except read.
2334 Entry 3: group : allow read.
2335 Entry 4: Everyone : allow read.
2336
2337 But NT cannot display this in their ACL editor !
2338 ********************************************************************************/
2339
2340 static void arrange_posix_perms(const char *filename, canon_ace **pp_list_head)
2341 {
2342 canon_ace *l_head = *pp_list_head;
2343 canon_ace *owner_ace = NULL;
2344 canon_ace *other_ace = NULL;
2345 canon_ace *ace = NULL;
2346
2347 for (ace = l_head; ace; ace = ace->next) {
2348 if (ace->type == SMB_ACL_USER_OBJ)
2349 owner_ace = ace;
2350 else if (ace->type == SMB_ACL_OTHER) {
2351 /* Last ace - this is "other" */
2352 other_ace = ace;
2353 }
2354 }
2355
2356 if (!owner_ace || !other_ace) {
2357 DEBUG(0,("arrange_posix_perms: Invalid POSIX permissions for file %s, missing owner or other.\n",
2358 filename ));
2359 return;
2360 }
2361
2362 /*
2363 * The POSIX algorithm applies to owner first, and other last,
2364 * so ensure they are arranged in this order.
2365 */
2366
2367 if (owner_ace) {
2368 DLIST_PROMOTE(l_head, owner_ace);
2369 }
2370
2371 if (other_ace) {
2372 DLIST_DEMOTE(l_head, other_ace, canon_ace *);
2373 }
2374
2375 /* We have probably changed the head of the list. */
2376
2377 *pp_list_head = l_head;
2378 }
2379
2380 /****************************************************************************
2381 Create a linked list of canonical ACE entries.
2382 ****************************************************************************/
2383
2384 static canon_ace *canonicalise_acl(struct connection_struct *conn,
2385 const char *fname, SMB_ACL_T posix_acl,
2386 const SMB_STRUCT_STAT *psbuf,
2387 const DOM_SID *powner, const DOM_SID *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type)
2388 {
2389 mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR);
2390 canon_ace *l_head = NULL;
2391 canon_ace *ace = NULL;
2392 canon_ace *next_ace = NULL;
2393 int entry_id = SMB_ACL_FIRST_ENTRY;
2394 SMB_ACL_ENTRY_T entry;
2395 size_t ace_count;
2396
2397 while ( posix_acl && (SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1)) {
2398 SMB_ACL_TAG_T tagtype;
2399 SMB_ACL_PERMSET_T permset;
2400 DOM_SID sid;
2401 posix_id unix_ug;
2402 enum ace_owner owner_type;
2403
2404 entry_id = SMB_ACL_NEXT_ENTRY;
2405
2406 /* Is this a MASK entry ? */
2407 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1)
2408 continue;
2409
2410 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1)
2411 continue;
2412
2413 /* Decide which SID to use based on the ACL type. */
2414 switch(tagtype) {
2415 case SMB_ACL_USER_OBJ:
2416 /* Get the SID from the owner. */
2417 sid_copy(&sid, powner);
2418 unix_ug.uid = psbuf->st_ex_uid;
2419 owner_type = UID_ACE;
2420 break;
2421 case SMB_ACL_USER:
2422 {
2423 uid_t *puid = (uid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
2424 if (puid == NULL) {
2425 DEBUG(0,("canonicalise_acl: Failed to get uid.\n"));
2426 continue;
2427 }
2428 /*
2429 * A SMB_ACL_USER entry for the owner is shadowed by the
2430 * SMB_ACL_USER_OBJ entry and Windows also cannot represent
2431 * that entry, so we ignore it. We also don't create such
2432 * entries out of the blue when setting ACLs, so a get/set
2433 * cycle will drop them.
2434 */
2435 if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_ex_uid) {
2436 SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
2437 continue;
2438 }
2439 uid_to_sid( &sid, *puid);
2440 unix_ug.uid = *puid;
2441 owner_type = UID_ACE;
2442 SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
2443 break;
2444 }
2445 case SMB_ACL_GROUP_OBJ:
2446 /* Get the SID from the owning group. */
2447 sid_copy(&sid, pgroup);
2448 unix_ug.gid = psbuf->st_ex_gid;
2449 owner_type = GID_ACE;
2450 break;
2451 case SMB_ACL_GROUP:
2452 {
2453 gid_t *pgid = (gid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
2454 if (pgid == NULL) {
2455 DEBUG(0,("canonicalise_acl: Failed to get gid.\n"));
2456 continue;
2457 }
2458 gid_to_sid( &sid, *pgid);
2459 unix_ug.gid = *pgid;
2460 owner_type = GID_ACE;
2461 SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)pgid,tagtype);
2462 break;
2463 }
2464 case SMB_ACL_MASK:
2465 acl_mask = convert_permset_to_mode_t(conn, permset);
2466 continue; /* Don't count the mask as an entry. */
2467 case SMB_ACL_OTHER:
2468 /* Use the Everyone SID */
2469 sid = global_sid_World;
2470 unix_ug.world = -1;
2471 owner_type = WORLD_ACE;
2472 break;
2473 default:
2474 DEBUG(0,("canonicalise_acl: Unknown tagtype %u\n", (unsigned int)tagtype));
2475 continue;
2476 }
2477
2478 /*
2479 * Add this entry to the list.
2480 */
2481
2482 if ((ace = SMB_MALLOC_P(canon_ace)) == NULL)
2483 goto fail;
2484
2485 ZERO_STRUCTP(ace);
2486 ace->type = tagtype;
2487 ace->perms = convert_permset_to_mode_t(conn, permset);
2488 ace->attr = ALLOW_ACE;
2489 ace->trustee = sid;
2490 ace->unix_ug = unix_ug;
2491 ace->owner_type = owner_type;
2492 ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT));
2493
2494 DLIST_ADD(l_head, ace);
2495 }
2496
2497 /*
2498 * This next call will ensure we have at least a user/group/world set.
2499 */
2500
2501 if (!ensure_canon_entry_valid(&l_head, conn->params,
2502 S_ISDIR(psbuf->st_ex_mode), powner, pgroup,
2503 psbuf, False))
2504 goto fail;
2505
2506 /*
2507 * Now go through the list, masking the permissions with the
2508 * acl_mask. Ensure all DENY Entries are at the start of the list.
2509 */
2510
2511 DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", the_acl_type == SMB_ACL_TYPE_ACCESS ? "Access" : "Default" ));
2512
2513 for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {
2514 next_ace = ace->next;
2515
2516 /* Masks are only applied to entries other than USER_OBJ and OTHER. */
2517 if (ace->type != SMB_ACL_OTHER && ace->type != SMB_ACL_USER_OBJ)
2518 ace->perms &= acl_mask;
2519
2520 if (ace->perms == 0) {
2521 DLIST_PROMOTE(l_head, ace);
2522 }
2523
2524 if( DEBUGLVL( 10 ) ) {
2525 print_canon_ace(ace, ace_count);
2526 }
2527 }
2528
2529 arrange_posix_perms(fname,&l_head );
2530
2531 print_canon_ace_list( "canonicalise_acl: ace entries after arrange", l_head );
2532
2533 return l_head;
2534
2535 fail:
2536
2537 free_canon_ace_list(l_head);
2538 return NULL;
2539 }
2540
2541 /****************************************************************************
2542 Check if the current user group list contains a given group.
2543 ****************************************************************************/
2544
2545 static bool current_user_in_group(gid_t gid)
2546 {
2547 int i;
2548
2549 for (i = 0; i < current_user.ut.ngroups; i++) {
2550 if (current_user.ut.groups[i] == gid) {
2551 return True;
2552 }
2553 }
2554
2555 return False;
2556 }
2557
2558 /****************************************************************************
2559 Should we override a deny ? Check 'acl group control' and 'dos filemode'.
2560 ****************************************************************************/
2561
2562 static bool acl_group_override(connection_struct *conn,
2563 const struct smb_filename *smb_fname)
2564 {
2565 if ((errno != EPERM) && (errno != EACCES)) {
2566 return false;
2567 }
2568
2569 /* file primary group == user primary or supplementary group */
2570 if (lp_acl_group_control(SNUM(conn)) &&
2571 current_user_in_group(smb_fname->st.st_ex_gid)) {
2572 return true;
2573 }
2574
2575 /* user has writeable permission */
2576 if (lp_dos_filemode(SNUM(conn)) &&
2577 can_write_to_file(conn, smb_fname)) {
2578 return true;
2579 }
2580
2581 return false;
2582 }
2583
2584 /****************************************************************************
2585 Attempt to apply an ACL to a file or directory.
2586 ****************************************************************************/
2587
2588 static bool set_canon_ace_list(files_struct *fsp,
2589 canon_ace *the_ace,
2590 bool default_ace,
2591 const SMB_STRUCT_STAT *psbuf,
2592 bool *pacl_set_support)
2593 {
2594 connection_struct *conn = fsp->conn;
2595 bool ret = False;
2596 SMB_ACL_T the_acl = SMB_VFS_SYS_ACL_INIT(conn, (int)count_canon_ace_list(the_ace) + 1);
2597 canon_ace *p_ace;
2598 int i;
2599 SMB_ACL_ENTRY_T mask_entry;
2600 bool got_mask_entry = False;
2601 SMB_ACL_PERMSET_T mask_permset;
2602 SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS);
2603 bool needs_mask = False;
2604 mode_t mask_perms = 0;
2605
2606 /* Use the psbuf that was passed in. */
2607 fsp->fsp_name->st = *psbuf;
2608
2609 #if defined(POSIX_ACL_NEEDS_MASK)
2610 /* HP-UX always wants to have a mask (called "class" there). */
2611 needs_mask = True;
2612 #endif
2613
2614 if (the_acl == NULL) {
2615
2616 if (!no_acl_syscall_error(errno)) {
2617 /*
2618 * Only print this error message if we have some kind of ACL
2619 * support that's not working. Otherwise we would always get this.
2620 */
2621 DEBUG(0,("set_canon_ace_list: Unable to init %s ACL. (%s)\n",
2622 default_ace ? "default" : "file", strerror(errno) ));
2623 }
2624 *pacl_set_support = False;
2625 goto fail;
2626 }
2627
2628 if( DEBUGLVL( 10 )) {
2629 dbgtext("set_canon_ace_list: setting ACL:\n");
2630 for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2631 print_canon_ace( p_ace, i);
2632 }
2633 }
2634
2635 for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2636 SMB_ACL_ENTRY_T the_entry;
2637 SMB_ACL_PERMSET_T the_permset;
2638
2639 /*
2640 * ACLs only "need" an ACL_MASK entry if there are any named user or
2641 * named group entries. But if there is an ACL_MASK entry, it applies
2642 * to ACL_USER, ACL_GROUP, and ACL_GROUP_OBJ entries. Set the mask
2643 * so that it doesn't deny (i.e., mask off) any permissions.
2644 */
2645
2646 if (p_ace->type == SMB_ACL_USER || p_ace->type == SMB_ACL_GROUP) {
2647 needs_mask = True;
2648 mask_perms |= p_ace->perms;
2649 } else if (p_ace->type == SMB_ACL_GROUP_OBJ) {
2650 mask_perms |= p_ace->perms;
2651 }
2652
2653 /*
2654 * Get the entry for this ACE.
2655 */
2656
2657 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &the_entry) == -1) {
2658 DEBUG(0,("set_canon_ace_list: Failed to create entry %d. (%s)\n",
2659 i, strerror(errno) ));
2660 goto fail;
2661 }
2662
2663 if (p_ace->type == SMB_ACL_MASK) {
2664 mask_entry = the_entry;
2665 got_mask_entry = True;
2666 }
2667
2668 /*
2669 * Ok - we now know the ACL calls should be working, don't
2670 * allow fallback to chmod.
2671 */
2672
2673 *pacl_set_support = True;
2674
2675 /*
2676 * Initialise the entry from the canon_ace.
2677 */
2678
2679 /*
2680 * First tell the entry what type of ACE this is.
2681 */
2682
2683 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, the_entry, p_ace->type) == -1) {
2684 DEBUG(0,("set_canon_ace_list: Failed to set tag type on entry %d. (%s)\n",
2685 i, strerror(errno) ));
2686 goto fail;
2687 }
2688
2689 /*
2690 * Only set the qualifier (user or group id) if the entry is a user
2691 * or group id ACE.
2692 */
2693
2694 if ((p_ace->type == SMB_ACL_USER) || (p_ace->type == SMB_ACL_GROUP)) {
2695 if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&p_ace->unix_ug.uid) == -1) {
2696 DEBUG(0,("set_canon_ace_list: Failed to set qualifier on entry %d. (%s)\n",
2697 i, strerror(errno) ));
2698 goto fail;
2699 }
2700 }
2701
2702 /*
2703 * Convert the mode_t perms in the canon_ace to a POSIX permset.
2704 */
2705
2706 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, the_entry, &the_permset) == -1) {
2707 DEBUG(0,("set_canon_ace_list: Failed to get permset on entry %d. (%s)\n",
2708 i, strerror(errno) ));
2709 goto fail;
2710 }
2711
2712 if (map_acl_perms_to_permset(conn, p_ace->perms, &the_permset) == -1) {
2713 DEBUG(0,("set_canon_ace_list: Failed to create permset for mode (%u) on entry %d. (%s)\n",
2714 (unsigned int)p_ace->perms, i, strerror(errno) ));
2715 goto fail;
2716 }
2717
2718 /*
2719 * ..and apply them to the entry.
2720 */
2721
2722 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, the_entry, the_permset) == -1) {
2723 DEBUG(0,("set_canon_ace_list: Failed to add permset on entry %d. (%s)\n",
2724 i, strerror(errno) ));
2725 goto fail;
2726 }
2727
2728 if( DEBUGLVL( 10 ))
2729 print_canon_ace( p_ace, i);
2730
2731 }
2732
2733 if (needs_mask && !got_mask_entry) {
2734 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &mask_entry) == -1) {
2735 DEBUG(0,("set_canon_ace_list: Failed to create mask entry. (%s)\n", strerror(errno) ));
2736 goto fail;
2737 }
2738
2739 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, mask_entry, SMB_ACL_MASK) == -1) {
2740 DEBUG(0,("set_canon_ace_list: Failed to set tag type on mask entry. (%s)\n",strerror(errno) ));
2741 goto fail;
2742 }
2743
2744 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, mask_entry, &mask_permset) == -1) {
2745 DEBUG(0,("set_canon_ace_list: Failed to get mask permset. (%s)\n", strerror(errno) ));
2746 goto fail;
2747 }
2748
2749 if (map_acl_perms_to_permset(conn, S_IRUSR|S_IWUSR|S_IXUSR, &mask_permset) == -1) {
2750 DEBUG(0,("set_canon_ace_list: Failed to create mask permset. (%s)\n", strerror(errno) ));
2751 goto fail;
2752 }
2753
2754 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, mask_entry, mask_permset) == -1) {
2755 DEBUG(0,("set_canon_ace_list: Failed to add mask permset. (%s)\n", strerror(errno) ));
2756 goto fail;
2757 }
2758 }
2759
2760 /*
2761 * Finally apply it to the file or directory.
2762 */
2763
2764 if(default_ace || fsp->is_directory || fsp->fh->fd == -1) {
2765 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name->base_name,
2766 the_acl_type, the_acl) == -1) {
2767 /*
2768 * Some systems allow all the above calls and only fail with no ACL support
2769 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
2770 */
2771 if (no_acl_syscall_error(errno)) {
2772 *pacl_set_support = False;
2773 }
2774
2775 if (acl_group_override(conn, fsp->fsp_name)) {
2776 int sret;
2777
2778 DEBUG(5,("set_canon_ace_list: acl group "
2779 "control on and current user in file "
2780 "%s primary group.\n",
2781 fsp_str_dbg(fsp)));
2782
2783 become_root();
2784 sret = SMB_VFS_SYS_ACL_SET_FILE(conn,
2785 fsp->fsp_name->base_name, the_acl_type,
2786 the_acl);
2787 unbecome_root();
2788 if (sret == 0) {
2789 ret = True;
2790 }
2791 }
2792
2793 if (ret == False) {
2794 DEBUG(2,("set_canon_ace_list: "
2795 "sys_acl_set_file type %s failed for "
2796 "file %s (%s).\n",
2797 the_acl_type == SMB_ACL_TYPE_DEFAULT ?
2798 "directory default" : "file",
2799 fsp_str_dbg(fsp), strerror(errno)));
2800 goto fail;
2801 }
2802 }
2803 } else {
2804 if (SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl) == -1) {
2805 /*
2806 * Some systems allow all the above calls and only fail with no ACL support
2807 * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
2808 */
2809 if (no_acl_syscall_error(errno)) {
2810 *pacl_set_support = False;
2811 }
2812
2813 if (acl_group_override(conn, fsp->fsp_name)) {
2814 int sret;
2815
2816 DEBUG(5,("set_canon_ace_list: acl group "
2817 "control on and current user in file "
2818 "%s primary group.\n",
2819 fsp_str_dbg(fsp)));
2820
2821 become_root();
2822 sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl);
2823 unbecome_root();
2824 if (sret == 0) {
2825 ret = True;
2826 }
2827 }
2828
2829 if (ret == False) {
2830 DEBUG(2,("set_canon_ace_list: "
2831 "sys_acl_set_file failed for file %s "
2832 "(%s).\n",
2833 fsp_str_dbg(fsp), strerror(errno)));
2834 goto fail;
2835 }
2836 }
2837 }
2838
2839 ret = True;
2840
2841 fail:
2842
2843 if (the_acl != NULL) {
2844 SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
2845 }
2846
2847 return ret;
2848 }
2849
2850 /****************************************************************************
2851 Find a particular canon_ace entry.
2852 ****************************************************************************/
2853
2854 static struct canon_ace *canon_ace_entry_for(struct canon_ace *list, SMB_ACL_TAG_T type, posix_id *id)
2855 {
2856 while (list) {
2857 if (list->type == type && ((type != SMB_ACL_USER && type != SMB_ACL_GROUP) ||
2858 (type == SMB_ACL_USER && id && id->uid == list->unix_ug.uid) ||
2859 (type == SMB_ACL_GROUP && id && id->gid == list->unix_ug.gid)))
2860 break;
2861 list = list->next;
2862 }
2863 return list;
2864 }
2865
2866 /****************************************************************************
2867
2868 ****************************************************************************/
2869
2870 SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl)
2871 {
2872 SMB_ACL_ENTRY_T entry;
2873
2874 if (!the_acl)
2875 return NULL;
2876 if (SMB_VFS_SYS_ACL_GET_ENTRY(conn, the_acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) {
2877 SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
2878 return NULL;
2879 }
2880 return the_acl;
2881 }
2882
2883 /****************************************************************************
2884 Convert a canon_ace to a generic 3 element permission - if possible.
2885 ****************************************************************************/
2886
2887 #define MAP_PERM(p,mask,result) (((p) & (mask)) ? (result) : 0 )
2888
2889 static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms)
2890 {
2891 int snum = SNUM(fsp->conn);
2892 size_t ace_count = count_canon_ace_list(file_ace_list);
2893 canon_ace *ace_p;
2894 canon_ace *owner_ace = NULL;
2895 canon_ace *group_ace = NULL;
2896 canon_ace *other_ace = NULL;
2897 mode_t and_bits;
2898 mode_t or_bits;
2899
2900 if (ace_count != 3) {
2901 DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE "
2902 "entries for file %s to convert to posix perms.\n",
2903 fsp_str_dbg(fsp)));
2904 return False;
2905 }
2906
2907 for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) {
2908 if (ace_p->owner_type == UID_ACE)
2909 owner_ace = ace_p;
2910 else if (ace_p->owner_type == GID_ACE)
2911 group_ace = ace_p;
2912 else if (ace_p->owner_type == WORLD_ACE)
2913 other_ace = ace_p;
2914 }
2915
2916 if (!owner_ace || !group_ace || !other_ace) {
2917 DEBUG(3,("convert_canon_ace_to_posix_perms: Can't get "
2918 "standard entries for file %s.\n", fsp_str_dbg(fsp)));
2919 return False;
2920 }
2921
2922 *posix_perms = (mode_t)0;
2923
2924 *posix_perms |= owner_ace->perms;
2925 *posix_perms |= MAP_PERM(group_ace->perms, S_IRUSR, S_IRGRP);
2926 *posix_perms |= MAP_PERM(group_ace->perms, S_IWUSR, S_IWGRP);
2927 *posix_perms |= MAP_PERM(group_ace->perms, S_IXUSR, S_IXGRP);
2928 *posix_perms |= MAP_PERM(other_ace->perms, S_IRUSR, S_IROTH);
2929 *posix_perms |= MAP_PERM(other_ace->perms, S_IWUSR, S_IWOTH);
2930 *posix_perms |= MAP_PERM(other_ace->perms, S_IXUSR, S_IXOTH);
2931
2932 /* The owner must have at least read access. */
2933
2934 *posix_perms |= S_IRUSR;
2935 if (fsp->is_directory)
2936 *posix_perms |= (S_IWUSR|S_IXUSR);
2937
2938 /* If requested apply the masks. */
2939
2940 /* Get the initial bits to apply. */
2941
2942 if (fsp->is_directory) {
2943 and_bits = lp_dir_security_mask(snum);
2944 or_bits = lp_force_dir_security_mode(snum);
2945 } else {
2946 and_bits = lp_security_mask(snum);
2947 or_bits = lp_force_security_mode(snum);
2948 }
2949
2950 *posix_perms = (((*posix_perms) & and_bits)|or_bits);
2951
2952 DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o "
2953 "to perm=0%o for file %s.\n", (int)owner_ace->perms,
2954 (int)group_ace->perms, (int)other_ace->perms,
2955 (int)*posix_perms, fsp_str_dbg(fsp)));
2956
2957 return True;
2958 }
2959
2960 /****************************************************************************
2961 Incoming NT ACLs on a directory can be split into a default POSIX acl (CI|OI|IO) and
2962 a normal POSIX acl. Win2k needs these split acls re-merging into one ACL
2963 with CI|OI set so it is inherited and also applies to the directory.
2964 Based on code from "Jim McDonough" <jmcd@us.ibm.com>.
2965 ****************************************************************************/
2966
2967 static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
2968 {
2969 size_t i, j;
2970
2971 for (i = 0; i < num_aces; i++) {
2972 for (j = i+1; j < num_aces; j++) {
2973 uint32 i_flags_ni = (nt_ace_list[i].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
2974 uint32 j_flags_ni = (nt_ace_list[j].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
2975 bool i_inh = (nt_ace_list[i].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
2976 bool j_inh = (nt_ace_list[j].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
2977
2978 /* We know the lower number ACE's are file entries. */
2979 if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
2980 (nt_ace_list[i].size == nt_ace_list[j].size) &&
2981 (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
2982 sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
2983 (i_inh == j_inh) &&
2984 (i_flags_ni == 0) &&
2985 (j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT|
2986 SEC_ACE_FLAG_CONTAINER_INHERIT|
2987 SEC_ACE_FLAG_INHERIT_ONLY))) {
2988 /*
2989 * W2K wants to have access allowed zero access ACE's
2990 * at the end of the list. If the mask is zero, merge
2991 * the non-inherited ACE onto the inherited ACE.
2992 */
2993
2994 if (nt_ace_list[i].access_mask == 0) {
2995 nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
2996 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
2997 if (num_aces - i - 1 > 0)
2998 memmove(&nt_ace_list[i], &nt_ace_list[i+1], (num_aces-i-1) *
2999 sizeof(SEC_ACE));
3000
3001 DEBUG(10,("merge_default_aces: Merging zero access ACE %u onto ACE %u.\n",
3002 (unsigned int)i, (unsigned int)j ));
3003 } else {
3004 /*
3005 * These are identical except for the flags.
3006 * Merge the inherited ACE onto the non-inherited ACE.
3007 */
3008
3009 nt_ace_list[i].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
3010 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
3011 if (num_aces - j - 1 > 0)
3012 memmove(&nt_ace_list[j], &nt_ace_list[j+1], (num_aces-j-1) *
3013 sizeof(SEC_ACE));
3014
3015 DEBUG(10,("merge_default_aces: Merging ACE %u onto ACE %u.\n",
3016 (unsigned int)j, (unsigned int)i ));
3017 }
3018 num_aces--;
3019 break;
3020 }
3021 }
3022 }
3023
3024 return num_aces;
3025 }
3026
3027 /*
3028 * Add or Replace ACE entry.
3029 * In some cases we need to add a specific ACE for compatibility reasons.
3030 * When doing that we must make sure we are not actually creating a duplicate
3031 * entry. So we need to search whether an ACE entry already exist and eventually
3032 * replacce the access mask, or add a completely new entry if none was found.
3033 *
3034 * This function assumes the array has enough space to add a new entry without
3035 * any reallocation of memory.
3036 */
3037
3038 static void add_or_replace_ace(SEC_ACE *nt_ace_list, size_t *num_aces,
3039 const DOM_SID *sid, enum security_ace_type type,
3040 uint32_t mask, uint8_t flags)
3041 {
3042 int i;
3043
3044 /* first search for a duplicate */
3045 for (i = 0; i < *num_aces; i++) {
3046 if (sid_equal(&nt_ace_list[i].trustee, sid) &&
3047 (nt_ace_list[i].flags == flags)) break;
3048 }
3049
3050 if (i < *num_aces) { /* found */
3051 nt_ace_list[i].type = type;
3052 nt_ace_list[i].access_mask = mask;
3053 DEBUG(10, ("Replacing ACE %d with SID %s and flags %02x\n",
3054 i, sid_string_dbg(sid), flags));
3055 return;
3056 }
3057
3058 /* not found, append it */
3059 init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags);
3060 }
3061
3062
3063 /****************************************************************************
3064 Reply to query a security descriptor from an fsp. If it succeeds it allocates
3065 the space for the return elements and returns the size needed to return the
3066 security descriptor. This should be the only external function needed for
3067 the UNIX style get ACL.
3068 ****************************************************************************/
3069
3070 static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
3071 const char *name,
3072 const SMB_STRUCT_STAT *sbuf,
3073 struct pai_val *pal,
3074 SMB_ACL_T posix_acl,
3075 SMB_ACL_T def_acl,
3076 uint32_t security_info,
3077 SEC_DESC **ppdesc)
3078 {
3079 DOM_SID owner_sid;
3080 DOM_SID group_sid;
3081 size_t sd_size = 0;
3082 SEC_ACL *psa = NULL;
3083 size_t num_acls = 0;
3084 size_t num_def_acls = 0;
3085 size_t num_aces = 0;
3086 canon_ace *file_ace = NULL;
3087 canon_ace *dir_ace = NULL;
3088 SEC_ACE *nt_ace_list = NULL;
3089 size_t num_profile_acls = 0;
3090 DOM_SID orig_owner_sid;
3091 SEC_DESC *psd = NULL;
3092 int i;
3093
3094 /*
3095 * Get the owner, group and world SIDs.
3096 */
3097
3098 create_file_sids(sbuf, &owner_sid, &group_sid);
3099
3100 if (lp_profile_acls(SNUM(conn))) {
3101 /* For WXP SP1 the owner must be administrators. */
3102 sid_copy(&orig_owner_sid, &owner_sid);
3103 sid_copy(&owner_sid, &global_sid_Builtin_Administrators);
3104 sid_copy(&group_sid, &global_sid_Builtin_Users);
3105 num_profile_acls = 3;
3106 }
3107
3108 if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
3109
3110 /*
3111 * In the optimum case Creator Owner and Creator Group would be used for
3112 * the ACL_USER_OBJ and ACL_GROUP_OBJ entries, respectively, but this
3113 * would lead to usability problems under Windows: The Creator entries
3114 * are only available in browse lists of directories and not for files;
3115 * additionally the identity of the owning group couldn't be determined.
3116 * We therefore use those identities only for Default ACLs.
3117 */
3118
3119 /* Create the canon_ace lists. */
3120 file_ace = canonicalise_acl(conn, name, posix_acl, sbuf,
3121 &owner_sid, &group_sid, pal,
3122 SMB_ACL_TYPE_ACCESS);
3123
3124 /* We must have *some* ACLS. */
3125
3126 if (count_canon_ace_list(file_ace) == 0) {
3127 DEBUG(0,("get_nt_acl : No ACLs on file (%s) !\n", name));
3128 goto done;
3129 }
3130
3131 if (S_ISDIR(sbuf->st_ex_mode) && def_acl) {
3132 dir_ace = canonicalise_acl(conn, name, def_acl,
3133 sbuf,
3134 &global_sid_Creator_Owner,
3135 &global_sid_Creator_Group,
3136 pal, SMB_ACL_TYPE_DEFAULT);
3137 }
3138
3139 /*
3140 * Create the NT ACE list from the canonical ace lists.
3141 */
3142
3143 {
3144 canon_ace *ace;
3145 enum security_ace_type nt_acl_type;
3146
3147 if (nt4_compatible_acls() && dir_ace) {
3148 /*
3149 * NT 4 chokes if an ACL contains an INHERIT_ONLY entry
3150 * but no non-INHERIT_ONLY entry for one SID. So we only
3151 * remove entries from the Access ACL if the
3152 * corresponding Default ACL entries have also been
3153 * removed. ACEs for CREATOR-OWNER and CREATOR-GROUP
3154 * are exceptions. We can do nothing
3155 * intelligent if the Default ACL contains entries that
3156 * are not also contained in the Access ACL, so this
3157 * case will still fail under NT 4.
3158 */
3159
3160 ace = canon_ace_entry_for(dir_ace, SMB_ACL_OTHER, NULL);
3161 if (ace && !ace->perms) {
3162 DLIST_REMOVE(dir_ace, ace);
3163 SAFE_FREE(ace);
3164
3165 ace = canon_ace_entry_for(file_ace, SMB_ACL_OTHER, NULL);
3166 if (ace && !ace->perms) {
3167 DLIST_REMOVE(file_ace, ace);
3168 SAFE_FREE(ace);
3169 }
3170 }
3171
3172 /*
3173 * WinNT doesn't usually have Creator Group
3174 * in browse lists, so we send this entry to
3175 * WinNT even if it contains no relevant
3176 * permissions. Once we can add
3177 * Creator Group to browse lists we can
3178 * re-enable this.
3179 */
3180
3181 #if 0
3182 ace = canon_ace_entry_for(dir_ace, SMB_ACL_GROUP_OBJ, NULL);
3183 if (ace && !ace->perms) {
3184 DLIST_REMOVE(dir_ace, ace);
3185 SAFE_FREE(ace);
3186 }
3187 #endif
3188
3189 ace = canon_ace_entry_for(file_ace, SMB_ACL_GROUP_OBJ, NULL);
3190 if (ace && !ace->perms) {
3191 DLIST_REMOVE(file_ace, ace);
3192 SAFE_FREE(ace);
3193 }
3194 }
3195
3196 num_acls = count_canon_ace_list(file_ace);
3197 num_def_acls = count_canon_ace_list(dir_ace);
3198
3199 /* Allocate the ace list. */
3200 if ((nt_ace_list = SMB_MALLOC_ARRAY(SEC_ACE,num_acls + num_profile_acls + num_def_acls)) == NULL) {
3201 DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
3202 goto done;
3203 }
3204
3205 memset(nt_ace_list, '\0', (num_acls + num_def_acls) * sizeof(SEC_ACE) );
3206
3207 /*
3208 * Create the NT ACE list from the canonical ace lists.
3209 */
3210
3211 for (ace = file_ace; ace != NULL; ace = ace->next) {
3212 uint32_t acc = map_canon_ace_perms(SNUM(conn),
3213 &nt_acl_type,
3214 ace->perms,
3215 S_ISDIR(sbuf->st_ex_mode));
3216 init_sec_ace(&nt_ace_list[num_aces++],
3217 &ace->trustee,
3218 nt_acl_type,
3219 acc,
3220 ace->ace_flags);
3221 }
3222
3223 /* The User must have access to a profile share - even
3224 * if we can't map the SID. */
3225 if (lp_profile_acls(SNUM(conn))) {
3226 add_or_replace_ace(nt_ace_list, &num_aces,
3227 &global_sid_Builtin_Users,
3228 SEC_ACE_TYPE_ACCESS_ALLOWED,
3229 FILE_GENERIC_ALL, 0);
3230 }
3231
3232 for (ace = dir_ace; ace != NULL; ace = ace->next) {
3233 uint32_t acc = map_canon_ace_perms(SNUM(conn),
3234 &nt_acl_type,
3235 ace->perms,
3236 S_ISDIR(sbuf->st_ex_mode));
3237 init_sec_ace(&nt_ace_list[num_aces++],
3238 &ace->trustee,
3239 nt_acl_type,
3240 acc,
3241 ace->ace_flags |
3242 SEC_ACE_FLAG_OBJECT_INHERIT|
3243 SEC_ACE_FLAG_CONTAINER_INHERIT|
3244 SEC_ACE_FLAG_INHERIT_ONLY);
3245 }
3246
3247 /* The User must have access to a profile share - even
3248 * if we can't map the SID. */
3249 if (lp_profile_acls(SNUM(conn))) {
3250 add_or_replace_ace(nt_ace_list, &num_aces,
3251 &global_sid_Builtin_Users,
3252 SEC_ACE_TYPE_ACCESS_ALLOWED,
3253 FILE_GENERIC_ALL,
3254 SEC_ACE_FLAG_OBJECT_INHERIT |
3255 SEC_ACE_FLAG_CONTAINER_INHERIT |
3256 SEC_ACE_FLAG_INHERIT_ONLY);
3257 }
3258
3259 /*
3260 * Merge POSIX default ACLs and normal ACLs into one NT ACE.
3261 * Win2K needs this to get the inheritance correct when replacing ACLs
3262 * on a directory tree. Based on work by Jim @ IBM.
3263 */
3264
3265 num_aces = merge_default_aces(nt_ace_list, num_aces);
3266
3267 if (lp_profile_acls(SNUM(conn))) {
3268 for (i = 0; i < num_aces; i++) {
3269 if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
3270 add_or_replace_ace(nt_ace_list, &num_aces,
3271 &orig_owner_sid,
3272 nt_ace_list[i].type,
3273 nt_ace_list[i].access_mask,
3274 nt_ace_list[i].flags);
3275 break;
3276 }
3277 }
3278 }
3279 }
3280
3281 if (num_aces) {
3282 if((psa = make_sec_acl( talloc_tos(), NT4_ACL_REVISION, num_aces, nt_ace_list)) == NULL) {
3283 DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n"));
3284 goto done;
3285 }
3286 }
3287 } /* security_info & DACL_SECURITY_INFORMATION */
3288
3289 psd = make_standard_sec_desc( talloc_tos(),
3290 (security_info & OWNER_SECURITY_INFORMATION) ? &owner_sid : NULL,
3291 (security_info & GROUP_SECURITY_INFORMATION) ? &group_sid : NULL,
3292 psa,
3293 &sd_size);
3294
3295 if(!psd) {
3296 DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
3297 sd_size = 0;
3298 goto done;
3299 }
3300
3301 /*
3302 * Windows 2000: The DACL_PROTECTED flag in the security
3303 * descriptor marks the ACL as non-inheriting, i.e., no
3304 * ACEs from higher level directories propagate to this
3305 * ACL. In the POSIX ACL model permissions are only
3306 * inherited at file create time, so ACLs never contain
3307 * any ACEs that are inherited dynamically. The DACL_PROTECTED
3308 * flag doesn't seem to bother Windows NT.
3309 * Always set this if map acl inherit is turned off.
3310 */
3311 if (pal == NULL || !lp_map_acl_inherit(SNUM(conn))) {
3312 psd->type |= SEC_DESC_DACL_PROTECTED;
3313 } else {
3314 psd->type |= pal->sd_type;
3315 }
3316
3317 if (psd->dacl) {
3318 dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces);
3319 }
3320
3321 *ppdesc = psd;
3322
3323 done:
3324
3325 if (posix_acl) {
3326 SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
3327 }
3328 if (def_acl) {
3329 SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
3330 }
3331 free_canon_ace_list(file_ace);
3332 free_canon_ace_list(dir_ace);
3333 free_inherited_info(pal);
3334 SAFE_FREE(nt_ace_list);
3335
3336 return NT_STATUS_OK;
3337 }
3338
3339 NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
3340 SEC_DESC **ppdesc)
3341 {
3342 SMB_STRUCT_STAT sbuf;
3343 SMB_ACL_T posix_acl = NULL;
3344 struct pai_val *pal;
3345
3346 *ppdesc = NULL;
3347
3348 DEBUG(10,("posix_fget_nt_acl: called for file %s\n",
3349 fsp_str_dbg(fsp)));
3350
3351 /* can it happen that fsp_name == NULL ? */
3352 if (fsp->is_directory || fsp->fh->fd == -1) {
3353 return posix_get_nt_acl(fsp->conn, fsp->fsp_name->base_name,
3354 security_info, ppdesc);
3355 }
3356
3357 /* Get the stat struct for the owner info. */
3358 if(SMB_VFS_FSTAT(fsp, &sbuf) != 0) {
3359 return map_nt_error_from_unix(errno);
3360 }
3361
3362 /* Get the ACL from the fd. */
3363 posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
3364
3365 pal = fload_inherited_info(fsp);
3366
3367 return posix_get_nt_acl_common(fsp->conn, fsp->fsp_name->base_name,
3368 &sbuf, pal, posix_acl, NULL,
3369 security_info, ppdesc);
3370 }
3371
3372 NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
3373 uint32_t security_info, SEC_DESC **ppdesc)
3374 {
3375 SMB_ACL_T posix_acl = NULL;
3376 SMB_ACL_T def_acl = NULL;
3377 struct pai_val *pal;
3378 struct smb_filename *smb_fname = NULL;
3379 NTSTATUS status;
3380 int ret;
3381
3382 *ppdesc = NULL;
3383
3384 DEBUG(10,("posix_get_nt_acl: called for file %s\n", name ));
3385
3386 status = create_synthetic_smb_fname(talloc_tos(), name, NULL, NULL,
3387 &smb_fname);
3388 if (!NT_STATUS_IS_OK(status)) {
3389 return status;
3390 }
3391
3392 /* Get the stat struct for the owner info. */
3393 if (lp_posix_pathnames()) {
3394 ret = SMB_VFS_LSTAT(conn, smb_fname);
3395 } else {
3396 ret = SMB_VFS_STAT(conn, smb_fname);
3397 }
3398
3399 if (ret == -1) {
3400 status = map_nt_error_from_unix(errno);
3401 goto out;
3402 }
3403
3404 /* Get the ACL from the path. */
3405 posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name, SMB_ACL_TYPE_ACCESS);
3406
3407 /* If it's a directory get the default POSIX ACL. */
3408 if(S_ISDIR(smb_fname->st.st_ex_mode)) {
3409 def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name, SMB_ACL_TYPE_DEFAULT);
3410 def_acl = free_empty_sys_acl(conn, def_acl);
3411 }
3412
3413 pal = load_inherited_info(conn, name);
3414
3415 status = posix_get_nt_acl_common(conn, name, &smb_fname->st, pal,
3416 posix_acl, def_acl, security_info,
3417 ppdesc);
3418 out:
3419 TALLOC_FREE(smb_fname);
3420 return status;
3421 }
3422
3423 /****************************************************************************
3424 Try to chown a file. We will be able to chown it under the following conditions.
3425
3426 1) If we have root privileges, then it will just work.
3427 2) If we have SeTakeOwnershipPrivilege we can change the user to the current user.
3428 3) If we have SeRestorePrivilege we can change the user to any other user.
3429 4) If we have write permission to the file and dos_filemodes is set
3430 then allow chown to the currently authenticated user.
3431 ****************************************************************************/
3432
3433 int try_chown(connection_struct *conn, struct smb_filename *smb_fname,
3434 uid_t uid, gid_t gid)
3435 {
3436 int ret;
3437 files_struct *fsp;
3438
3439 if(!CAN_WRITE(conn)) {
3440 return -1;
3441 }
3442
3443 /* Case (1). */
3444 /* try the direct way first */
3445 if (lp_posix_pathnames()) {
3446 ret = SMB_VFS_LCHOWN(conn, smb_fname->base_name, uid, gid);
3447 } else {
3448 ret = SMB_VFS_CHOWN(conn, smb_fname->base_name, uid, gid);
3449 }
3450
3451 if (ret == 0)
3452 return 0;
3453
3454 /* Case (2) / (3) */
3455 if (lp_enable_privileges()) {
3456
3457 bool has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
3458 &se_take_ownership);
3459 bool has_restore_priv = user_has_privileges(current_user.nt_user_token,
3460 &se_restore);
3461
3462 /* Case (2) */
3463 if ( ( has_take_ownership_priv && ( uid == current_user.ut.uid ) ) ||
3464 /* Case (3) */
3465 ( has_restore_priv ) ) {
3466
3467 become_root();
3468 /* Keep the current file gid the same - take ownership doesn't imply group change. */
3469 if (lp_posix_pathnames()) {
3470 ret = SMB_VFS_LCHOWN(conn, smb_fname->base_name, uid,
3471 (gid_t)-1);
3472 } else {
3473 ret = SMB_VFS_CHOWN(conn, smb_fname->base_name, uid,
3474 (gid_t)-1);
3475 }
3476 unbecome_root();
3477 return ret;
3478 }
3479 }
3480
3481 /* Case (4). */
3482 if (!lp_dos_filemode(SNUM(conn))) {
3483 errno = EPERM;
3484 return -1;
3485 }
3486
3487 /* only allow chown to the current user. This is more secure,
3488 and also copes with the case where the SID in a take ownership ACL is
3489 a local SID on the users workstation
3490 */
3491 if (uid != current_user.ut.uid) {
3492 errno = EPERM;
3493 return -1;
3494 }
3495
3496 if (lp_posix_pathnames()) {
3497 ret = SMB_VFS_LSTAT(conn, smb_fname);
3498 } else {
3499 ret = SMB_VFS_STAT(conn, smb_fname);
3500 }
3501
3502 if (ret == -1) {
3503 return -1;
3504 }
3505
3506 if (!NT_STATUS_IS_OK(open_file_fchmod(NULL, conn, smb_fname, &fsp))) {
3507 return -1;
3508 }
3509
3510 become_root();
3511 /* Keep the current file gid the same. */
3512 ret = SMB_VFS_FCHOWN(fsp, uid, (gid_t)-1);
3513 unbecome_root();
3514
3515 close_file_fchmod(NULL, fsp);
3516
3517 return ret;
3518 }
3519
3520 #if 0
3521 /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */
3522
3523 /****************************************************************************
3524 Take care of parent ACL inheritance.
3525 ****************************************************************************/
3526
3527 NTSTATUS append_parent_acl(files_struct *fsp,
3528 const SEC_DESC *pcsd,
3529 SEC_DESC **pp_new_sd)
3530 {
3531 struct smb_filename *smb_dname = NULL;
3532 SEC_DESC *parent_sd = NULL;
3533 files_struct *parent_fsp = NULL;
3534 TALLOC_CTX *mem_ctx = talloc_tos();
3535 char *parent_name = NULL;
3536 SEC_ACE *new_ace = NULL;
3537 unsigned int num_aces = pcsd->dacl->num_aces;
3538 NTSTATUS status;
3539 int info;
3540 unsigned int i, j;
3541 SEC_DESC *psd = dup_sec_desc(talloc_tos(), pcsd);
3542 bool is_dacl_protected = (pcsd->type & SEC_DESC_DACL_PROTECTED);
3543
3544 if (psd == NULL) {
3545 return NT_STATUS_NO_MEMORY;
3546 }
3547
3548 if (!parent_dirname(mem_ctx, fsp->fsp_name->base_name, &parent_name,
3549 NULL)) {
3550 return NT_STATUS_NO_MEMORY;
3551 }
3552
3553 status = create_synthetic_smb_fname(mem_ctx, parent_name, NULL, NULL,
3554 &smb_dname);
3555 if (!NT_STATUS_IS_OK(status)) {
3556 goto fail;
3557 }
3558
3559 status = SMB_VFS_CREATE_FILE(
3560 fsp->conn, /* conn */
3561 NULL, /* req */
3562 0, /* root_dir_fid */
3563 smb_dname, /* fname */
3564 FILE_READ_ATTRIBUTES, /* access_mask */
3565 FILE_SHARE_NONE, /* share_access */
3566 FILE_OPEN, /* create_disposition*/
3567 FILE_DIRECTORY_FILE, /* create_options */
3568 0, /* file_attributes */
3569 INTERNAL_OPEN_ONLY, /* oplock_request */
3570 0, /* allocation_size */
3571 NULL, /* sd */
3572 NULL, /* ea_list */
3573 &parent_fsp, /* result */
3574 &info); /* pinfo */
3575
3576 if (!NT_STATUS_IS_OK(status)) {
3577 TALLOC_FREE(smb_dname);
3578 return status;
3579 }
3580
3581 status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, smb_dname->base_name,
3582 DACL_SECURITY_INFORMATION, &parent_sd );
3583
3584 close_file(NULL, parent_fsp, NORMAL_CLOSE);
3585 TALLOC_FREE(smb_dname);
3586
3587 if (!NT_STATUS_IS_OK(status)) {
3588 return status;
3589 }
3590
3591 /*
3592 * Make room for potentially all the ACLs from
3593 * the parent. We used to add the ugw triple here,
3594 * as we knew we were dealing with POSIX ACLs.
3595 * We no longer need to do so as we can guarentee
3596 * that a default ACL from the parent directory will
3597 * be well formed for POSIX ACLs if it came from a
3598 * POSIX ACL source, and if we're not writing to a
3599 * POSIX ACL sink then we don't care if it's not well
3600 * formed. JRA.
3601 */
3602
3603 num_aces += parent_sd->dacl->num_aces;
3604
3605 if((new_ace = TALLOC_ZERO_ARRAY(mem_ctx, SEC_ACE,
3606 num_aces)) == NULL) {
3607 return NT_STATUS_NO_MEMORY;
3608 }
3609
3610 /* Start by copying in all the given ACE entries. */
3611 for (i = 0; i < psd->dacl->num_aces; i++) {
3612 sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]);
3613 }
3614
3615 /*
3616 * Note that we're ignoring "inherit permissions" here
3617 * as that really only applies to newly created files. JRA.
3618 */
3619
3620 /* Finally append any inherited ACEs. */
3621 for (j = 0; j < parent_sd->dacl->num_aces; j++) {
3622 SEC_ACE *se = &parent_sd->dacl->aces[j];
3623
3624 if (fsp->is_directory) {
3625 if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
3626 /* Doesn't apply to a directory - ignore. */
3627 DEBUG(10,("append_parent_acl: directory %s "
3628 "ignoring non container "
3629 "inherit flags %u on ACE with sid %s "
3630 "from parent %s\n",
3631 fsp_str_dbg(fsp),
3632 (unsigned int)se->flags,
3633 sid_string_dbg(&se->trustee),
3634 parent_name));
3635 continue;
3636 }
3637 } else {
3638 if (!(se->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
3639 /* Doesn't apply to a file - ignore. */
3640 DEBUG(10,("append_parent_acl: file %s "
3641 "ignoring non object "
3642 "inherit flags %u on ACE with sid %s "
3643 "from parent %s\n",
3644 fsp_str_dbg(fsp),
3645 (unsigned int)se->flags,
3646 sid_string_dbg(&se->trustee),
3647 parent_name));
3648 continue;
3649 }
3650 }
3651
3652 if (is_dacl_protected) {
3653 /* If the DACL is protected it means we must
3654 * not overwrite an existing ACE entry with the
3655 * same SID. This is order N^2. Ouch :-(. JRA. */
3656 unsigned int k;
3657 for (k = 0; k < psd->dacl->num_aces; k++) {
3658 if (sid_equal(&psd->dacl->aces[k].trustee,
3659 &se->trustee)) {
3660 break;
3661 }
3662 }
3663 if (k < psd->dacl->num_aces) {
3664 /* SID matched. Ignore. */
3665 DEBUG(10,("append_parent_acl: path %s "
3666 "ignoring ACE with protected sid %s "
3667 "from parent %s\n",
3668 fsp_str_dbg(fsp),
3669 sid_string_dbg(&se->trustee),
3670 parent_name));
3671 continue;
3672 }
3673 }
3674
3675 sec_ace_copy(&new_ace[i], se);
3676 if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
3677 new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT);
3678 }
3679 new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE;
3680
3681 if (fsp->is_directory) {
3682 /*
3683 * Strip off any inherit only. It's applied.
3684 */
3685 new_ace[i].flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY);
3686 if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
3687 /* No further inheritance. */
3688 new_ace[i].flags &=
3689 ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
3690 SEC_ACE_FLAG_OBJECT_INHERIT);
3691 }
3692 } else {
3693 /*
3694 * Strip off any container or inherit
3695 * flags, they can't apply to objects.
3696 */
3697 new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
3698 SEC_ACE_FLAG_INHERIT_ONLY|
3699 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
3700 }
3701 i++;
3702
3703 DEBUG(10,("append_parent_acl: path %s "
3704 "inheriting ACE with sid %s "
3705 "from parent %s\n",
3706 fsp_str_dbg(fsp),
3707 sid_string_dbg(&se->trustee),
3708 parent_name));
3709 }
3710
3711 psd->dacl->aces = new_ace;
3712 psd->dacl->num_aces = i;
3713 psd->type &= ~(SE_DESC_DACL_AUTO_INHERITED|
3714 SE_DESC_DACL_AUTO_INHERIT_REQ);
3715
3716 *pp_new_sd = psd;
3717 return status;
3718 }
3719 #endif
3720
3721 /****************************************************************************
3722 Reply to set a security descriptor on an fsp. security_info_sent is the
3723 description of the following NT ACL.
3724 This should be the only external function needed for the UNIX style set ACL.
3725 ****************************************************************************/
3726
3727 NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
3728 {
3729 connection_struct *conn = fsp->conn;
3730 uid_t user = (uid_t)-1;
3731 gid_t grp = (gid_t)-1;
3732 DOM_SID file_owner_sid;
3733 DOM_SID file_grp_sid;
3734 canon_ace *file_ace_list = NULL;
3735 canon_ace *dir_ace_list = NULL;
3736 bool acl_perms = False;
3737 mode_t orig_mode = (mode_t)0;
3738 NTSTATUS status;
3739 bool set_acl_as_root = false;
3740 bool acl_set_support = false;
3741 bool ret = false;
3742
3743 DEBUG(10,("set_nt_acl: called for file %s\n",
3744 fsp_str_dbg(fsp)));
3745
3746 if (!CAN_WRITE(conn)) {
3747 DEBUG(10,("set acl rejected on read-only share\n"));
3748 return NT_STATUS_MEDIA_WRITE_PROTECTED;
3749 }
3750
3751 /*
3752 * Get the current state of the file.
3753 */
3754
3755 status = vfs_stat_fsp(fsp);
3756 if (!NT_STATUS_IS_OK(status)) {
3757 return status;
3758 }
3759
3760 /* Save the original element we check against. */
3761 orig_mode = fsp->fsp_name->st.st_ex_mode;
3762
3763 /*
3764 * Unpack the user/group/world id's.
3765 */
3766
3767 status = unpack_nt_owners( SNUM(conn), &user, &grp, security_info_sent, psd);
3768 if (!NT_STATUS_IS_OK(status)) {
3769 return status;
3770 }
3771
3772 /*
3773 * Do we need to chown ? If so this must be done first as the incoming
3774 * CREATOR_OWNER acl will be relative to the *new* owner, not the old.
3775 * Noticed by Simo.
3776 */
3777
3778 if (((user != (uid_t)-1) && (fsp->fsp_name->st.st_ex_uid != user)) ||
3779 (( grp != (gid_t)-1) && (fsp->fsp_name->st.st_ex_gid != grp))) {
3780
3781 DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
3782 fsp_str_dbg(fsp), (unsigned int)user,
3783 (unsigned int)grp));
3784
3785 if(try_chown(fsp->conn, fsp->fsp_name, user, grp) == -1) {
3786 DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error "
3787 "= %s.\n", fsp_str_dbg(fsp),
3788 (unsigned int)user, (unsigned int)grp,
3789 strerror(errno)));
3790 if (errno == EPERM) {
3791 return NT_STATUS_INVALID_OWNER;
3792 }
3793 return map_nt_error_from_unix(errno);
3794 }
3795
3796 /*
3797 * Recheck the current state of the file, which may have changed.
3798 * (suid/sgid bits, for instance)
3799 */
3800
3801 status = vfs_stat_fsp(fsp);
3802 if (!NT_STATUS_IS_OK(status)) {
3803 return status;
3804 }
3805
3806 /* Save the original element we check against. */
3807 orig_mode = fsp->fsp_name->st.st_ex_mode;
3808
3809 /* If we successfully chowned, we know we must
3810 * be able to set the acl, so do it as root.
3811 */
3812 set_acl_as_root = true;
3813 }
3814
3815 create_file_sids(&fsp->fsp_name->st, &file_owner_sid, &file_grp_sid);
3816
3817 acl_perms = unpack_canon_ace(fsp, &fsp->fsp_name->st, &file_owner_sid,
3818 &file_grp_sid, &file_ace_list,
3819 &dir_ace_list, security_info_sent, psd);
3820
3821 /* Ignore W2K traverse DACL set. */
3822 if (!file_ace_list && !dir_ace_list) {
3823 return NT_STATUS_OK;
3824 }
3825
3826 if (!acl_perms) {
3827 DEBUG(3,("set_nt_acl: cannot set permissions\n"));
3828 free_canon_ace_list(file_ace_list);
3829 free_canon_ace_list(dir_ace_list);
3830 return NT_STATUS_ACCESS_DENIED;
3831 }
3832
3833 /*
3834 * Only change security if we got a DACL.
3835 */
3836
3837 if(!(security_info_sent & DACL_SECURITY_INFORMATION) || (psd->dacl == NULL)) {
3838 free_canon_ace_list(file_ace_list);
3839 free_canon_ace_list(dir_ace_list);
3840 return NT_STATUS_OK;
3841 }
3842
3843 /*
3844 * Try using the POSIX ACL set first. Fall back to chmod if
3845 * we have no ACL support on this filesystem.
3846 */
3847
3848 if (acl_perms && file_ace_list) {
3849 if (set_acl_as_root) {
3850 become_root();
3851 }
3852 ret = set_canon_ace_list(fsp, file_ace_list, false,
3853 &fsp->fsp_name->st, &acl_set_support);
3854 if (set_acl_as_root) {
3855 unbecome_root();
3856 }
3857 if (acl_set_support && ret == false) {
3858 DEBUG(3,("set_nt_acl: failed to set file acl on file "
3859 "%s (%s).\n", fsp_str_dbg(fsp),
3860 strerror(errno)));
3861 free_canon_ace_list(file_ace_list);
3862 free_canon_ace_list(dir_ace_list);
3863 return map_nt_error_from_unix(errno);
3864 }
3865 }
3866
3867 if (acl_perms && acl_set_support && fsp->is_directory) {
3868 if (dir_ace_list) {
3869 if (set_acl_as_root) {
3870 become_root();
3871 }
3872 ret = set_canon_ace_list(fsp, dir_ace_list, true,
3873 &fsp->fsp_name->st,
3874 &acl_set_support);
3875 if (set_acl_as_root) {
3876 unbecome_root();
3877 }
3878 if (ret == false) {
3879 DEBUG(3,("set_nt_acl: failed to set default "
3880 "acl on directory %s (%s).\n",
3881 fsp_str_dbg(fsp), strerror(errno)));
3882 free_canon_ace_list(file_ace_list);
3883 free_canon_ace_list(dir_ace_list);
3884 return map_nt_error_from_unix(errno);
3885 }
3886 } else {
3887 int sret = -1;
3888
3889 /*
3890 * No default ACL - delete one if it exists.
3891 */
3892
3893 if (set_acl_as_root) {
3894 become_root();
3895 }
3896 sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn,
3897 fsp->fsp_name->base_name);
3898 if (set_acl_as_root) {
3899 unbecome_root();
3900 }
3901 if (sret == -1) {
3902 if (acl_group_override(conn, fsp->fsp_name)) {
3903 DEBUG(5,("set_nt_acl: acl group "
3904 "control on and current user "
3905 "in file %s primary group. "
3906 "Override delete_def_acl\n",
3907 fsp_str_dbg(fsp)));
3908
3909 become_root();
3910 sret =
3911 SMB_VFS_SYS_ACL_DELETE_DEF_FILE(
3912 conn,
3913 fsp->fsp_name->base_name);
3914 unbecome_root();
3915 }
3916
3917 if (sret == -1) {
3918 DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno)));
3919 free_canon_ace_list(file_ace_list);
3920 free_canon_ace_list(dir_ace_list);
3921 return map_nt_error_from_unix(errno);
3922 }
3923 }
3924 }
3925 }
3926
3927 if (acl_set_support) {
3928 if (set_acl_as_root) {
3929 become_root();
3930 }
3931 store_inheritance_attributes(fsp,
3932 file_ace_list,
3933 dir_ace_list,
3934 psd->type);
3935 if (set_acl_as_root) {
3936 unbecome_root();
3937 }
3938 }
3939
3940 /*
3941 * If we cannot set using POSIX ACLs we fall back to checking if we need to chmod.
3942 */
3943
3944 if(!acl_set_support && acl_perms) {
3945 mode_t posix_perms;
3946
3947 if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) {
3948 free_canon_ace_list(file_ace_list);
3949 free_canon_ace_list(dir_ace_list);
3950 DEBUG(3,("set_nt_acl: failed to convert file acl to "
3951 "posix permissions for file %s.\n",
3952 fsp_str_dbg(fsp)));
3953 return NT_STATUS_ACCESS_DENIED;
3954 }
3955
3956 if (orig_mode != posix_perms) {
3957 int sret = -1;
3958
3959 DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n",
3960 fsp_str_dbg(fsp), (unsigned int)posix_perms));
3961
3962 if (set_acl_as_root) {
3963 become_root();
3964 }
3965 sret = SMB_VFS_CHMOD(conn, fsp->fsp_name->base_name,
3966 posix_perms);
3967 if (set_acl_as_root) {
3968 unbecome_root();
3969 }
3970 if(sret == -1) {
3971 if (acl_group_override(conn, fsp->fsp_name)) {
3972 DEBUG(5,("set_nt_acl: acl group "
3973 "control on and current user "
3974 "in file %s primary group. "
3975 "Override chmod\n",
3976 fsp_str_dbg(fsp)));
3977
3978 become_root();
3979 sret = SMB_VFS_CHMOD(conn,
3980 fsp->fsp_name->base_name,
3981 posix_perms);
3982 unbecome_root();
3983 }
3984
3985 if (sret == -1) {
3986 DEBUG(3,("set_nt_acl: chmod %s, 0%o "
3987 "failed. Error = %s.\n",
3988 fsp_str_dbg(fsp),
3989 (unsigned int)posix_perms,
3990 strerror(errno)));
3991 free_canon_ace_list(file_ace_list);
3992 free_canon_ace_list(dir_ace_list);
3993 return map_nt_error_from_unix(errno);
3994 }
3995 }
3996 }
3997 }
3998
3999 free_canon_ace_list(file_ace_list);
4000 free_canon_ace_list(dir_ace_list);
4001
4002 return NT_STATUS_OK;
4003 }
4004
4005 /****************************************************************************
4006 Get the actual group bits stored on a file with an ACL. Has no effect if
4007 the file has no ACL. Needed in dosmode code where the stat() will return
4008 the mask bits, not the real group bits, for a file with an ACL.
4009 ****************************************************************************/
4010
4011 int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode )
4012 {
4013 int entry_id = SMB_ACL_FIRST_ENTRY;
4014 SMB_ACL_ENTRY_T entry;
4015 SMB_ACL_T posix_acl;
4016 int result = -1;
4017
4018 posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS);
4019 if (posix_acl == (SMB_ACL_T)NULL)
4020 return -1;
4021
4022 while (SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) {
4023 SMB_ACL_TAG_T tagtype;
4024 SMB_ACL_PERMSET_T permset;
4025
4026 entry_id = SMB_ACL_NEXT_ENTRY;
4027
4028 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) ==-1)
4029 break;
4030
4031 if (tagtype == SMB_ACL_GROUP_OBJ) {
4032 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) {
4033 break;
4034 } else {
4035 *mode &= ~(S_IRGRP|S_IWGRP|S_IXGRP);
4036 *mode |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ) ? S_IRGRP : 0);
4037 *mode |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE) ? S_IWGRP : 0);
4038 *mode |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_EXECUTE) ? S_IXGRP : 0);
4039 result = 0;
4040 break;
4041 }
4042 }
4043 }
4044 SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
4045 return result;
4046 }
4047
4048 /****************************************************************************
4049 Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4050 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4051 ****************************************************************************/
4052
4053 static int chmod_acl_internals( connection_struct *conn, SMB_ACL_T posix_acl, mode_t mode)
4054 {
4055 int entry_id = SMB_ACL_FIRST_ENTRY;
4056 SMB_ACL_ENTRY_T entry;
4057 int num_entries = 0;
4058
4059 while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) {
4060 SMB_ACL_TAG_T tagtype;
4061 SMB_ACL_PERMSET_T permset;
4062 mode_t perms;
4063
4064 entry_id = SMB_ACL_NEXT_ENTRY;
4065
4066 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1)
4067 return -1;
4068
4069 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1)
4070 return -1;
4071
4072 num_entries++;
4073
4074 switch(tagtype) {
4075 case SMB_ACL_USER_OBJ:
4076 perms = unix_perms_to_acl_perms(mode, S_IRUSR, S_IWUSR, S_IXUSR);
4077 break;
4078 case SMB_ACL_GROUP_OBJ:
4079 perms = unix_perms_to_acl_perms(mode, S_IRGRP, S_IWGRP, S_IXGRP);
4080 break;
4081 case SMB_ACL_MASK:
4082 /*
4083 * FIXME: The ACL_MASK entry permissions should really be set to
4084 * the union of the permissions of all ACL_USER,
4085 * ACL_GROUP_OBJ, and ACL_GROUP entries. That's what
4086 * acl_calc_mask() does, but Samba ACLs doesn't provide it.
4087 */
4088 perms = S_IRUSR|S_IWUSR|S_IXUSR;
4089 break;
4090 case SMB_ACL_OTHER:
4091 perms = unix_perms_to_acl_perms(mode, S_IROTH, S_IWOTH, S_IXOTH);
4092 break;
4093 default:
4094 continue;
4095 }
4096
4097 if (map_acl_perms_to_permset(conn, perms, &permset) == -1)
4098 return -1;
4099
4100 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, entry, permset) == -1)
4101 return -1;
4102 }
4103
4104 /*
4105 * If this is a simple 3 element ACL or no elements then it's a standard
4106 * UNIX permission set. Just use chmod...
4107 */
4108
4109 if ((num_entries == 3) || (num_entries == 0))
4110 return -1;
4111
4112 return 0;
4113 }
4114
4115 /****************************************************************************
4116 Get the access ACL of FROM, do a chmod by setting the ACL USER_OBJ,
4117 GROUP_OBJ and OTHER bits in an ACL and set the mask to rwx. Set the
4118 resulting ACL on TO. Note that name is in UNIX character set.
4119 ****************************************************************************/
4120
4121 static int copy_access_posix_acl(connection_struct *conn, const char *from, const char *to, mode_t mode)
4122 {
4123 SMB_ACL_T posix_acl = NULL;
4124 int ret = -1;
4125
4126 if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, from, SMB_ACL_TYPE_ACCESS)) == NULL)
4127 return -1;
4128
4129 if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
4130 goto done;
4131
4132 ret = SMB_VFS_SYS_ACL_SET_FILE(conn, to, SMB_ACL_TYPE_ACCESS, posix_acl);
4133
4134 done:
4135
4136 SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
4137 return ret;
4138 }
4139
4140 /****************************************************************************
4141 Do a chmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4142 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4143 Note that name is in UNIX character set.
4144 ****************************************************************************/
4145
4146 int chmod_acl(connection_struct *conn, const char *name, mode_t mode)
4147 {
4148 return copy_access_posix_acl(conn, name, name, mode);
4149 }
4150
4151 /****************************************************************************
4152 Check for an existing default POSIX ACL on a directory.
4153 ****************************************************************************/
4154
4155 static bool directory_has_default_posix_acl(connection_struct *conn, const char *fname)
4156 {
4157 SMB_ACL_T def_acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, SMB_ACL_TYPE_DEFAULT);
4158 bool has_acl = False;
4159 SMB_ACL_ENTRY_T entry;
4160
4161 if (def_acl != NULL && (SMB_VFS_SYS_ACL_GET_ENTRY(conn, def_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1)) {
4162 has_acl = True;
4163 }
4164
4165 if (def_acl) {
4166 SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
4167 }
4168 return has_acl;
4169 }
4170
4171 /****************************************************************************
4172 If the parent directory has no default ACL but it does have an Access ACL,
4173 inherit this Access ACL to file name.
4174 ****************************************************************************/
4175
4176 int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir,
4177 const char *name, mode_t mode)
4178 {
4179 if (directory_has_default_posix_acl(conn, inherit_from_dir))
4180 return 0;
4181
4182 return copy_access_posix_acl(conn, inherit_from_dir, name, mode);
4183 }
4184
4185 /****************************************************************************
4186 Do an fchmod by setting the ACL USER_OBJ, GROUP_OBJ and OTHER bits in an ACL
4187 and set the mask to rwx. Needed to preserve complex ACLs set by NT.
4188 ****************************************************************************/
4189
4190 int fchmod_acl(files_struct *fsp, mode_t mode)
4191 {
4192 connection_struct *conn = fsp->conn;
4193 SMB_ACL_T posix_acl = NULL;
4194 int ret = -1;
4195
4196 if ((posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp)) == NULL)
4197 return -1;
4198
4199 if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
4200 goto done;
4201
4202 ret = SMB_VFS_SYS_ACL_SET_FD(fsp, posix_acl);
4203
4204 done:
4205
4206 SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
4207 return ret;
4208 }
4209
4210 /****************************************************************************
4211 Map from wire type to permset.
4212 ****************************************************************************/
4213
4214 static bool unix_ex_wire_to_permset(connection_struct *conn, unsigned char wire_perm, SMB_ACL_PERMSET_T *p_permset)
4215 {
4216 if (wire_perm & ~(SMB_POSIX_ACL_READ|SMB_POSIX_ACL_WRITE|SMB_POSIX_ACL_EXECUTE)) {
4217 return False;
4218 }
4219
4220 if (SMB_VFS_SYS_ACL_CLEAR_PERMS(conn, *p_permset) == -1) {
4221 return False;
4222 }
4223
4224 if (wire_perm & SMB_POSIX_ACL_READ) {
4225 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_READ) == -1) {
4226 return False;
4227 }
4228 }
4229 if (wire_perm & SMB_POSIX_ACL_WRITE) {
4230 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_WRITE) == -1) {
4231 return False;
4232 }
4233 }
4234 if (wire_perm & SMB_POSIX_ACL_EXECUTE) {
4235 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_EXECUTE) == -1) {
4236 return False;
4237 }
4238 }
4239 return True;
4240 }
4241
4242 /****************************************************************************
4243 Map from wire type to tagtype.
4244 ****************************************************************************/
4245
4246 static bool unix_ex_wire_to_tagtype(unsigned char wire_tt, SMB_ACL_TAG_T *p_tt)
4247 {
4248 switch (wire_tt) {
4249 case SMB_POSIX_ACL_USER_OBJ:
4250 *p_tt = SMB_ACL_USER_OBJ;
4251 break;
4252 case SMB_POSIX_ACL_USER:
4253 *p_tt = SMB_ACL_USER;
4254 break;
4255 case SMB_POSIX_ACL_GROUP_OBJ:
4256 *p_tt = SMB_ACL_GROUP_OBJ;
4257 break;
4258 case SMB_POSIX_ACL_GROUP:
4259 *p_tt = SMB_ACL_GROUP;
4260 break;
4261 case SMB_POSIX_ACL_MASK:
4262 *p_tt = SMB_ACL_MASK;
4263 break;
4264 case SMB_POSIX_ACL_OTHER:
4265 *p_tt = SMB_ACL_OTHER;
4266 break;
4267 default:
4268 return False;
4269 }
4270 return True;
4271 }
4272
4273 /****************************************************************************
4274 Create a new POSIX acl from wire permissions.
4275 FIXME ! How does the share mask/mode fit into this.... ?
4276 ****************************************************************************/
4277
4278 static SMB_ACL_T create_posix_acl_from_wire(connection_struct *conn, uint16 num_acls, const char *pdata)
4279 {
4280 unsigned int i;
4281 SMB_ACL_T the_acl = SMB_VFS_SYS_ACL_INIT(conn, num_acls);
4282
4283 if (the_acl == NULL) {
4284 return NULL;
4285 }
4286
4287 for (i = 0; i < num_acls; i++) {
4288 SMB_ACL_ENTRY_T the_entry;
4289 SMB_ACL_PERMSET_T the_permset;
4290 SMB_ACL_TAG_T tag_type;
4291
4292 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &the_entry) == -1) {
4293 DEBUG(0,("create_posix_acl_from_wire: Failed to create entry %u. (%s)\n",
4294 i, strerror(errno) ));
4295 goto fail;
4296 }
4297
4298 if (!unix_ex_wire_to_tagtype(CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), &tag_type)) {
4299 DEBUG(0,("create_posix_acl_from_wire: invalid wire tagtype %u on entry %u.\n",
4300 CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)), i ));
4301 goto fail;
4302 }
4303
4304 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, the_entry, tag_type) == -1) {
4305 DEBUG(0,("create_posix_acl_from_wire: Failed to set tagtype on entry %u. (%s)\n",
4306 i, strerror(errno) ));
4307 goto fail;
4308 }
4309
4310 /* Get the permset pointer from the new ACL entry. */
4311 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, the_entry, &the_permset) == -1) {
4312 DEBUG(0,("create_posix_acl_from_wire: Failed to get permset on entry %u. (%s)\n",
4313 i, strerror(errno) ));
4314 goto fail;
4315 }
4316
4317 /* Map from wire to permissions. */
4318 if (!unix_ex_wire_to_permset(conn, CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+1), &the_permset)) {
4319 DEBUG(0,("create_posix_acl_from_wire: invalid permset %u on entry %u.\n",
4320 CVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE) + 1), i ));
4321 goto fail;
4322 }
4323
4324 /* Now apply to the new ACL entry. */
4325 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, the_entry, the_permset) == -1) {
4326 DEBUG(0,("create_posix_acl_from_wire: Failed to add permset on entry %u. (%s)\n",
4327 i, strerror(errno) ));
4328 goto fail;
4329 }
4330
4331 if (tag_type == SMB_ACL_USER) {
4332 uint32 uidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
4333 uid_t uid = (uid_t)uidval;
4334 if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&uid) == -1) {
4335 DEBUG(0,("create_posix_acl_from_wire: Failed to set uid %u on entry %u. (%s)\n",
4336 (unsigned int)uid, i, strerror(errno) ));
4337 goto fail;
4338 }
4339 }
4340
4341 if (tag_type == SMB_ACL_GROUP) {
4342 uint32 gidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
4343 gid_t gid = (uid_t)gidval;
4344 if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&gid) == -1) {
4345 DEBUG(0,("create_posix_acl_from_wire: Failed to set gid %u on entry %u. (%s)\n",
4346 (unsigned int)gid, i, strerror(errno) ));
4347 goto fail;
4348 }
4349 }
4350 }
4351
4352 return the_acl;
4353
4354 fail:
4355
4356 if (the_acl != NULL) {
4357 SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
4358 }
4359 return NULL;
4360 }
4361
4362 /****************************************************************************
4363 Calls from UNIX extensions - Default POSIX ACL set.
4364 If num_def_acls == 0 and not a directory just return. If it is a directory
4365 and num_def_acls == 0 then remove the default acl. Else set the default acl
4366 on the directory.
4367 ****************************************************************************/
4368
4369 bool set_unix_posix_default_acl(connection_struct *conn, const char *fname, const SMB_STRUCT_STAT *psbuf,
4370 uint16 num_def_acls, const char *pdata)
4371 {
4372 SMB_ACL_T def_acl = NULL;
4373
4374 if (!S_ISDIR(psbuf->st_ex_mode)) {
4375 if (num_def_acls) {
4376 DEBUG(5,("set_unix_posix_default_acl: Can't set default ACL on non-directory file %s\n", fname ));
4377 errno = EISDIR;
4378 return False;
4379 } else {
4380 return True;
4381 }
4382 }
4383
4384 if (!num_def_acls) {
4385 /* Remove the default ACL. */
4386 if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fname) == -1) {
4387 DEBUG(5,("set_unix_posix_default_acl: acl_delete_def_file failed on directory %s (%s)\n",
4388 fname, strerror(errno) ));
4389 return False;
4390 }
4391 return True;
4392 }
4393
4394 if ((def_acl = create_posix_acl_from_wire(conn, num_def_acls, pdata)) == NULL) {
4395 return False;
4396 }
4397
4398 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_DEFAULT, def_acl) == -1) {
4399 DEBUG(5,("set_unix_posix_default_acl: acl_set_file failed on directory %s (%s)\n",
4400 fname, strerror(errno) ));
4401 SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
4402 return False;
4403 }
4404
4405 DEBUG(10,("set_unix_posix_default_acl: set default acl for file %s\n", fname ));
4406 SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
4407 return True;
4408 }
4409
4410 /****************************************************************************
4411 Remove an ACL from a file. As we don't have acl_delete_entry() available
4412 we must read the current acl and copy all entries except MASK, USER and GROUP
4413 to a new acl, then set that. This (at least on Linux) causes any ACL to be
4414 removed.
4415 FIXME ! How does the share mask/mode fit into this.... ?
4416 ****************************************************************************/
4417
4418 static bool remove_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname)
4419 {
4420 SMB_ACL_T file_acl = NULL;
4421 int entry_id = SMB_ACL_FIRST_ENTRY;
4422 SMB_ACL_ENTRY_T entry;
4423 bool ret = False;
4424 /* Create a new ACL with only 3 entries, u/g/w. */
4425 SMB_ACL_T new_file_acl = SMB_VFS_SYS_ACL_INIT(conn, 3);
4426 SMB_ACL_ENTRY_T user_ent = NULL;
4427 SMB_ACL_ENTRY_T group_ent = NULL;
4428 SMB_ACL_ENTRY_T other_ent = NULL;
4429
4430 if (new_file_acl == NULL) {
4431 DEBUG(5,("remove_posix_acl: failed to init new ACL with 3 entries for file %s.\n", fname));
4432 return False;
4433 }
4434
4435 /* Now create the u/g/w entries. */
4436 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &user_ent) == -1) {
4437 DEBUG(5,("remove_posix_acl: Failed to create user entry for file %s. (%s)\n",
4438 fname, strerror(errno) ));
4439 goto done;
4440 }
4441 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, user_ent, SMB_ACL_USER_OBJ) == -1) {
4442 DEBUG(5,("remove_posix_acl: Failed to set user entry for file %s. (%s)\n",
4443 fname, strerror(errno) ));
4444 goto done;
4445 }
4446
4447 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &group_ent) == -1) {
4448 DEBUG(5,("remove_posix_acl: Failed to create group entry for file %s. (%s)\n",
4449 fname, strerror(errno) ));
4450 goto done;
4451 }
4452 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, group_ent, SMB_ACL_GROUP_OBJ) == -1) {
4453 DEBUG(5,("remove_posix_acl: Failed to set group entry for file %s. (%s)\n",
4454 fname, strerror(errno) ));
4455 goto done;
4456 }
4457
4458 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &other_ent) == -1) {
4459 DEBUG(5,("remove_posix_acl: Failed to create other entry for file %s. (%s)\n",
4460 fname, strerror(errno) ));
4461 goto done;
4462 }
4463 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, other_ent, SMB_ACL_OTHER) == -1) {
4464 DEBUG(5,("remove_posix_acl: Failed to set other entry for file %s. (%s)\n",
4465 fname, strerror(errno) ));
4466 goto done;
4467 }
4468
4469 /* Get the current file ACL. */
4470 if (fsp && fsp->fh->fd != -1) {
4471 file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
4472 } else {
4473 file_acl = SMB_VFS_SYS_ACL_GET_FILE( conn, fname, SMB_ACL_TYPE_ACCESS);
4474 }
4475
4476 if (file_acl == NULL) {
4477 /* This is only returned if an error occurred. Even for a file with
4478 no acl a u/g/w acl should be returned. */
4479 DEBUG(5,("remove_posix_acl: failed to get ACL from file %s (%s).\n",
4480 fname, strerror(errno) ));
4481 goto done;
4482 }
4483
4484 while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, file_acl, entry_id, &entry) == 1) {
4485 SMB_ACL_TAG_T tagtype;
4486 SMB_ACL_PERMSET_T permset;
4487
4488 entry_id = SMB_ACL_NEXT_ENTRY;
4489
4490 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1) {
4491 DEBUG(5,("remove_posix_acl: failed to get tagtype from ACL on file %s (%s).\n",
4492 fname, strerror(errno) ));
4493 goto done;
4494 }
4495
4496 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) {
4497 DEBUG(5,("remove_posix_acl: failed to get permset from ACL on file %s (%s).\n",
4498 fname, strerror(errno) ));
4499 goto done;
4500 }
4501
4502 if (tagtype == SMB_ACL_USER_OBJ) {
4503 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, user_ent, permset) == -1) {
4504 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4505 fname, strerror(errno) ));
4506 }
4507 } else if (tagtype == SMB_ACL_GROUP_OBJ) {
4508 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, group_ent, permset) == -1) {
4509 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4510 fname, strerror(errno) ));
4511 }
4512 } else if (tagtype == SMB_ACL_OTHER) {
4513 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, other_ent, permset) == -1) {
4514 DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
4515 fname, strerror(errno) ));
4516 }
4517 }
4518 }
4519
4520 /* Set the new empty file ACL. */
4521 if (fsp && fsp->fh->fd != -1) {
4522 if (SMB_VFS_SYS_ACL_SET_FD(fsp, new_file_acl) == -1) {
4523 DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
4524 fname, strerror(errno) ));
4525 goto done;
4526 }
4527 } else {
4528 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, new_file_acl) == -1) {
4529 DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
4530 fname, strerror(errno) ));
4531 goto done;
4532 }
4533 }
4534
4535 ret = True;
4536
4537 done:
4538
4539 if (file_acl) {
4540 SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
4541 }
4542 if (new_file_acl) {
4543 SMB_VFS_SYS_ACL_FREE_ACL(conn, new_file_acl);
4544 }
4545 return ret;
4546 }
4547
4548 /****************************************************************************
4549 Calls from UNIX extensions - POSIX ACL set.
4550 If num_def_acls == 0 then read/modify/write acl after removing all entries
4551 except SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER.
4552 ****************************************************************************/
4553
4554 bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata)
4555 {
4556 SMB_ACL_T file_acl = NULL;
4557
4558 if (!num_acls) {
4559 /* Remove the ACL from the file. */
4560 return remove_posix_acl(conn, fsp, fname);
4561 }
4562
4563 if ((file_acl = create_posix_acl_from_wire(conn, num_acls, pdata)) == NULL) {
4564 return False;
4565 }
4566
4567 if (fsp && fsp->fh->fd != -1) {
4568 /* The preferred way - use an open fd. */
4569 if (SMB_VFS_SYS_ACL_SET_FD(fsp, file_acl) == -1) {
4570 DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
4571 fname, strerror(errno) ));
4572 SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
4573 return False;
4574 }
4575 } else {
4576 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, file_acl) == -1) {
4577 DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
4578 fname, strerror(errno) ));
4579 SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
4580 return False;
4581 }
4582 }
4583
4584 DEBUG(10,("set_unix_posix_acl: set acl for file %s\n", fname ));
4585 SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
4586 return True;
4587 }
4588
4589 /********************************************************************
4590 Pull the NT ACL from a file on disk or the OpenEventlog() access
4591 check. Caller is responsible for freeing the returned security
4592 descriptor via TALLOC_FREE(). This is designed for dealing with
4593 user space access checks in smbd outside of the VFS. For example,
4594 checking access rights in OpenEventlog().
4595
4596 Assume we are dealing with files (for now)
4597 ********************************************************************/
4598
4599 SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
4600 {
4601 SEC_DESC *psd, *ret_sd;
4602 connection_struct *conn;
4603 files_struct finfo;
4604 struct fd_handle fh;
4605 NTSTATUS status;
4606
4607 conn = TALLOC_ZERO_P(ctx, connection_struct);
4608 if (conn == NULL) {
4609 DEBUG(0, ("talloc failed\n"));
4610 return NULL;
4611 }
4612
4613 if (!(conn->params = TALLOC_P(conn, struct share_params))) {
4614 DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n"));
4615 TALLOC_FREE(conn);
4616 return NULL;
4617 }
4618
4619 conn->params->service = -1;
4620
4621 set_conn_connectpath(conn, "/");
4622
4623 if (!smbd_vfs_init(conn)) {
4624 DEBUG(0,("get_nt_acl_no_snum: Unable to create a fake connection struct!\n"));
4625 conn_free(conn);
4626 return NULL;
4627 }
4628
4629 ZERO_STRUCT( finfo );
4630 ZERO_STRUCT( fh );
4631
4632 finfo.fnum = -1;
4633 finfo.conn = conn;
4634 finfo.fh = &fh;
4635 finfo.fh->fd = -1;
4636
4637 status = create_synthetic_smb_fname(talloc_tos(), fname, NULL, NULL,
4638 &finfo.fsp_name);
4639 if (!NT_STATUS_IS_OK(status)) {
4640 conn_free(conn);
4641 return NULL;
4642 }
4643
4644 if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, DACL_SECURITY_INFORMATION, &psd))) {
4645 DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
4646 TALLOC_FREE(finfo.fsp_name);
4647 conn_free(conn);
4648 return NULL;
4649 }
4650
4651 ret_sd = dup_sec_desc( ctx, psd );
4652
4653 TALLOC_FREE(finfo.fsp_name);
4654 conn_free(conn);
4655
4656 return ret_sd;
4657 }
reg import