The branch, master has been updated
via 1c2aacd Add open_dir_with_privilege() to ensure we're opening the
correct directory when doing backup requests.
via bca3fb3 Implement FLAG_TRANS2_FIND_BACKUP_INTENT for trans2 with
privileges.
via 3ddd991 Add accessor functions to set a bool "priv" on a directory
handle. Not yet used, but will be part of FLAG_TRANS2_FIND_BACKUP_INTENT code.
via 89c55485 Add the implementation of
check_reduced_name_with_privilege(). Now to plumb into SMB1 requests.
via 442e79e Add check_reduced_name_with_privilege(),
filename_convert_with_privilege() (currently unimplemented) in order to prepare
for adding SeBackup/SeRestore code to the main fileserver.
from 7cc19af selftest: add more tests for plugin_s4_dc
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1c2aacd6da923efbc0b87e720399417f008f82c2
Author: Jeremy Allison <[email protected]>
Date: Wed Feb 29 16:05:50 2012 -0800
Add open_dir_with_privilege() to ensure we're opening the correct directory
when doing backup requests.
Autobuild-User: Jeremy Allison <[email protected]>
Autobuild-Date: Thu Mar 1 03:50:40 CET 2012 on sn-devel-104
commit bca3fb3eccef620a47e5088cbd79dfa3ea79e814
Author: Jeremy Allison <[email protected]>
Date: Wed Feb 29 12:15:12 2012 -0800
Implement FLAG_TRANS2_FIND_BACKUP_INTENT for trans2 with privileges.
commit 3ddd9916f51f7b64527e9c33a7c3a4849c6f3017
Author: Jeremy Allison <[email protected]>
Date: Wed Feb 29 11:42:21 2012 -0800
Add accessor functions to set a bool "priv" on a directory handle. Not yet
used, but will be part of FLAG_TRANS2_FIND_BACKUP_INTENT code.
commit 89c55485c3cc6eefdd7af20f79b1d219cace5066
Author: Jeremy Allison <[email protected]>
Date: Wed Feb 29 17:04:08 2012 -0800
Add the implementation of check_reduced_name_with_privilege(). Now to plumb
into
SMB1 requests.
commit 442e79efbdc9dfaf5774c67edb3460603d63d2a5
Author: Jeremy Allison <[email protected]>
Date: Fri Feb 24 14:12:05 2012 -0800
Add check_reduced_name_with_privilege(), filename_convert_with_privilege()
(currently unimplemented) in order to prepare for adding SeBackup/SeRestore
code to the main fileserver.
Not yet plumbed into the main SMB1/SMB2 code.
-----------------------------------------------------------------------
Summary of changes:
source3/include/smb.h | 16 +++++
source3/smbd/dir.c | 79 +++++++++++++++++++++-
source3/smbd/filename.c | 81 +++++++++++++++++++++--
source3/smbd/process.c | 1 +
source3/smbd/proto.h | 16 ++++-
source3/smbd/reply.c | 1 +
source3/smbd/smb2_find.c | 1 +
source3/smbd/trans2.c | 51 +++++++++++++-
source3/smbd/vfs.c | 169 ++++++++++++++++++++++++++++++++++++++++++++++
9 files changed, 403 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 10e4798..a54d206 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -442,6 +442,7 @@ struct current_user {
};
struct smbd_smb2_request;
+struct privilege_paths;
struct smb_request {
uint8_t cmd;
@@ -495,6 +496,12 @@ struct smb_request {
* Back pointer to smb2 request.
*/
struct smbd_smb2_request *smb2req;
+
+ /*
+ * Pathnames used if request done
+ * under privilege.
+ */
+ struct privilege_paths *priv_paths;
};
/* Defines for the sent_oplock_break field above. */
@@ -1349,6 +1356,15 @@ struct smb_filename {
SMB_STRUCT_STAT st;
};
+/*
+ * Pathnames used if request done
+ * under privilege.
+ */
+struct privilege_paths {
+ struct smb_filename parent_name;
+ struct smb_filename file_name;
+};
+
/* Used to keep track of deferred opens. */
struct deferred_open_record;
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index d4faf42..103dbc8 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -64,6 +64,7 @@ struct dptr_struct {
char *path;
bool has_wild; /* Set to true if the wcard entry has MS wildcard
characters in it. */
bool did_stat; /* Optimisation for non-wcard searches. */
+ bool priv; /* Directory handle opened with privilege. */
};
static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct
*conn,
@@ -412,6 +413,60 @@ static void dptr_close_oldest(struct
smbd_server_connection *sconn,
}
/****************************************************************************
+ Safely do an OpenDir as root, ensuring we're in the right place.
+****************************************************************************/
+
+static struct smb_Dir *open_dir_with_privilege(connection_struct *conn,
+ struct smb_request *req,
+ const char *path,
+ const char *wcard,
+ uint32_t attr)
+{
+ NTSTATUS status;
+ struct smb_Dir *dir_hnd = NULL;
+ struct smb_filename *smb_fname_cwd = NULL;
+ char *saved_dir = vfs_GetWd(talloc_tos(), conn);
+ struct privilege_paths *priv_paths = req->priv_paths;
+ int ret;
+
+ if (saved_dir == NULL) {
+ return NULL;
+ }
+
+ if (vfs_ChDir(conn, path) == -1) {
+ return NULL;
+ }
+
+ /* Now check the stat value is the same. */
+ status = create_synthetic_smb_fname(talloc_tos(), ".",
+ NULL, NULL,
+ &smb_fname_cwd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+ ret = SMB_VFS_STAT(conn, smb_fname_cwd);
+ if (ret != 0) {
+ goto out;
+ }
+
+ if (!check_same_stat(&smb_fname_cwd->st, &priv_paths->parent_name.st)) {
+ DEBUG(0,("open_dir_with_privilege: stat mismatch between %s "
+ "and %s\n",
+ path,
+ smb_fname_str_dbg(&priv_paths->parent_name)));
+ goto out;
+ }
+
+ dir_hnd = OpenDir(NULL, conn, ".", wcard, attr);
+
+ out:
+
+ vfs_ChDir(conn, saved_dir);
+ return dir_hnd;
+}
+
+/****************************************************************************
Create a new dir ptr. If the flag old_handle is true then we must allocate
from the bitmap range 0 - 255 as old SMBsearch directory handles are only
one byte long. If old_handle is false we allocate from the range
@@ -420,7 +475,9 @@ static void dptr_close_oldest(struct smbd_server_connection
*sconn,
wcard must not be zero.
****************************************************************************/
-NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
+NTSTATUS dptr_create(connection_struct *conn,
+ struct smb_request *req,
+ files_struct *fsp,
const char *path, bool old_handle, bool expect_close,uint16
spid,
const char *wcard, bool wcard_has_wild, uint32 attr, struct
dptr_struct **dptr_ret)
{
@@ -479,7 +536,15 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct
*fsp,
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- dir_hnd = OpenDir(NULL, conn, path, wcard, attr);
+ if (req && req->priv_paths) {
+ dir_hnd = open_dir_with_privilege(conn,
+ req,
+ path,
+ wcard,
+ attr);
+ } else {
+ dir_hnd = OpenDir(NULL, conn, path, wcard, attr);
+ }
}
if (!dir_hnd) {
@@ -647,6 +712,16 @@ int dptr_dnum(struct dptr_struct *dptr)
return dptr->dnum;
}
+bool dptr_get_priv(struct dptr_struct *dptr)
+{
+ return dptr->priv;
+}
+
+void dptr_set_priv(struct dptr_struct *dptr)
+{
+ dptr->priv = true;
+}
+
/****************************************************************************
Return the next visible file name, skipping veto'd and invisible files.
****************************************************************************/
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 835f3b4..95e8c14 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1021,6 +1021,25 @@ NTSTATUS check_name(connection_struct *conn, const char
*name)
}
/****************************************************************************
+ Must be called as root. Creates the struct privilege_paths
+ attached to the struct smb_request if this call is successful.
+****************************************************************************/
+
+static NTSTATUS check_name_with_privilege(connection_struct *conn,
+ struct smb_request *smbreq,
+ const char *name)
+{
+ NTSTATUS status = check_veto_path(conn, name);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ return check_reduced_name_with_privilege(conn,
+ name,
+ smbreq);
+}
+
+/****************************************************************************
Check if two filenames are equal.
This needs to be careful about whether we are case sensitive.
****************************************************************************/
@@ -1257,6 +1276,7 @@ static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
* @param ctx talloc_ctx to allocate memory with.
* @param conn connection struct for vfs calls.
* @param dfs_path Whether this path requires dfs resolution.
+ * @param smbreq SMB request if we're using privilages.
* @param name_in The unconverted name.
* @param ucf_flags flags to pass through to unix_convert().
* UCF_ALWAYS_ALLOW_WCARD_LCOMP will be OR'd in if
@@ -1270,9 +1290,10 @@ static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
* @return NT_STATUS_OK if all operations completed succesfully, appropriate
* error otherwise.
*/
-NTSTATUS filename_convert(TALLOC_CTX *ctx,
+static NTSTATUS filename_convert_internal(TALLOC_CTX *ctx,
connection_struct *conn,
bool dfs_path,
+ struct smb_request *smbreq,
const char *name_in,
uint32_t ucf_flags,
bool *ppath_contains_wcard,
@@ -1291,7 +1312,7 @@ NTSTATUS filename_convert(TALLOC_CTX *ctx,
&fname,
ppath_contains_wcard);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("filename_convert: resolve_dfspath failed "
+ DEBUG(10,("filename_convert_internal: resolve_dfspath failed "
"for name %s with %s\n",
name_in,
nt_errstr(status) ));
@@ -1320,7 +1341,7 @@ NTSTATUS filename_convert(TALLOC_CTX *ctx,
status = unix_convert(ctx, conn, fname, pp_smb_fname, ucf_flags);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("filename_convert: unix_convert failed "
+ DEBUG(10,("filename_convert_internal: unix_convert failed "
"for name %s with %s\n",
fname,
nt_errstr(status) ));
@@ -1333,9 +1354,13 @@ NTSTATUS filename_convert(TALLOC_CTX *ctx,
return check_veto_path(conn, (*pp_smb_fname)->base_name);
}
- status = check_name(conn, (*pp_smb_fname)->base_name);
+ if (!smbreq) {
+ status = check_name(conn, (*pp_smb_fname)->base_name);
+ } else {
+ status = check_name_with_privilege(conn, smbreq,
(*pp_smb_fname)->base_name);
+ }
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(3,("filename_convert: check_name failed "
+ DEBUG(3,("filename_convert_internal: check_name failed "
"for name %s with %s\n",
smb_fname_str_dbg(*pp_smb_fname),
nt_errstr(status) ));
@@ -1345,3 +1370,49 @@ NTSTATUS filename_convert(TALLOC_CTX *ctx,
return status;
}
+
+/*
+ * Go through all the steps to validate a filename.
+ * Non-root version.
+ */
+
+NTSTATUS filename_convert(TALLOC_CTX *ctx,
+ connection_struct *conn,
+ bool dfs_path,
+ const char *name_in,
+ uint32_t ucf_flags,
+ bool *ppath_contains_wcard,
+ struct smb_filename **pp_smb_fname)
+{
+ return filename_convert_internal(ctx,
+ conn,
+ dfs_path,
+ NULL,
+ name_in,
+ ucf_flags,
+ ppath_contains_wcard,
+ pp_smb_fname);
+}
+
+/*
+ * Go through all the steps to validate a filename.
+ * root (privileged) version.
+ */
+
+NTSTATUS filename_convert_with_privilege(TALLOC_CTX *ctx,
+ connection_struct *conn,
+ struct smb_request *smbreq,
+ const char *name_in,
+ uint32_t ucf_flags,
+ bool *ppath_contains_wcard,
+ struct smb_filename **pp_smb_fname)
+{
+ return filename_convert_internal(ctx,
+ conn,
+ smbreq->flags2 & FLAGS2_DFS_PATHNAMES,
+ smbreq,
+ name_in,
+ ucf_flags,
+ ppath_contains_wcard,
+ pp_smb_fname);
+}
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index fc18f5e..6ffc067 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -540,6 +540,7 @@ static bool init_smb_request(struct smb_request *req,
req->chain_outbuf = NULL;
req->done = false;
req->smb2req = NULL;
+ req->priv_paths = NULL;
smb_init_perfcount_data(&req->pcd);
/* Ensure we have at least wct words and 2 bytes of bcc. */
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 4ec91a1..5991800 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -197,7 +197,9 @@ void dptr_closecnum(connection_struct *conn);
void dptr_idlecnum(connection_struct *conn);
void dptr_closepath(struct smbd_server_connection *sconn,
char *path,uint16 spid);
-NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp,
+NTSTATUS dptr_create(connection_struct *conn,
+ struct smb_request *req,
+ files_struct *fsp,
const char *path, bool old_handle, bool expect_close,uint16
spid,
const char *wcard, bool wcard_has_wild, uint32 attr, struct
dptr_struct **dptr_ret);
void dptr_CloseDir(files_struct *fsp);
@@ -205,6 +207,8 @@ void dptr_SeekDir(struct dptr_struct *dptr, long offset);
long dptr_TellDir(struct dptr_struct *dptr);
bool dptr_has_wild(struct dptr_struct *dptr);
int dptr_dnum(struct dptr_struct *dptr);
+bool dptr_get_priv(struct dptr_struct *dptr);
+void dptr_set_priv(struct dptr_struct *dptr);
char *dptr_ReadDirName(TALLOC_CTX *ctx,
struct dptr_struct *dptr,
long *poffset,
@@ -349,6 +353,13 @@ NTSTATUS filename_convert(TALLOC_CTX *mem_ctx,
uint32_t ucf_flags,
bool *ppath_contains_wcard,
struct smb_filename **pp_smb_fname);
+NTSTATUS filename_convert_with_privilege(TALLOC_CTX *mem_ctx,
+ connection_struct *conn,
+ struct smb_request *smbreq,
+ const char *name_in,
+ uint32_t ucf_flags,
+ bool *ppath_contains_wcard,
+ struct smb_filename **pp_smb_fname);
/* The following definitions come from smbd/files.c */
@@ -1159,6 +1170,9 @@ const char *vfs_readdirname(connection_struct *conn, void
*p,
int vfs_ChDir(connection_struct *conn, const char *path);
char *vfs_GetWd(TALLOC_CTX *ctx, connection_struct *conn);
NTSTATUS check_reduced_name(connection_struct *conn, const char *fname);
+NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
+ const char *fname,
+ struct smb_request *smbreq);
int vfs_stat_smb_fname(struct connection_struct *conn, const char *fname,
SMB_STRUCT_STAT *psbuf);
int vfs_lstat_smb_fname(struct connection_struct *conn, const char *fname,
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index eebd77d..0ab764c 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1497,6 +1497,7 @@ void reply_search(struct smb_request *req)
SCVAL(status,0,(dirtype & 0x1F));
nt_status = dptr_create(conn,
+ NULL, /* req */
NULL, /* fsp */
directory,
True,
diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c
index 7c19d75..99d3447 100644
--- a/source3/smbd/smb2_find.c
+++ b/source3/smbd/smb2_find.c
@@ -322,6 +322,7 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX
*mem_ctx,
wcard_has_wild = ms_has_wild(in_file_name);
status = dptr_create(conn,
+ NULL, /* req */
fsp,
fsp->fsp_name->base_name,
false, /* old_handle */
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 5ee02c4..24642cd 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2296,6 +2296,7 @@ static void call_trans2findfirst(connection_struct *conn,
struct dptr_struct *dirptr = NULL;
struct smbd_server_connection *sconn = req->sconn;
uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP);
+ bool backup_priv = false;
if (total_params < 13) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -2308,11 +2309,16 @@ static void call_trans2findfirst(connection_struct
*conn,
close_after_first = (findfirst_flags & FLAG_TRANS2_FIND_CLOSE);
close_if_end = (findfirst_flags & FLAG_TRANS2_FIND_CLOSE_IF_END);
requires_resume_key = (findfirst_flags &
FLAG_TRANS2_FIND_REQUIRE_RESUME);
+ backup_priv = ((findfirst_flags & FLAG_TRANS2_FIND_BACKUP_INTENT) &&
+
security_token_has_privilege(get_current_nttok(conn),
+ SEC_PRIV_BACKUP));
+
info_level = SVAL(params,6);
DEBUG(3,("call_trans2findfirst: dirtype = %x, maxentries = %d,
close_after_first=%d, \
-close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes =
%d\n",
+close_if_end = %d requires_resume_key = %d backup_priv = %d level = 0x%x,
max_data_bytes = %d\n",
(unsigned int)dirtype, maxentries, close_after_first,
close_if_end, requires_resume_key,
+ (int)backup_priv,
info_level, max_data_bytes));
if (!maxentries) {
@@ -2354,12 +2360,24 @@ close_if_end = %d requires_resume_key = %d level =
0x%x, max_data_bytes = %d\n",
goto out;
}
- ntstatus = filename_convert(ctx, conn,
+ if (backup_priv) {
+ become_root();
+ ntstatus = filename_convert_with_privilege(ctx,
+ conn,
+ req,
+ directory,
+ ucf_flags,
+ &mask_contains_wcard,
+ &smb_dname);
+ } else {
+ ntstatus = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
directory,
ucf_flags,
&mask_contains_wcard,
&smb_dname);
+ }
+
if (!NT_STATUS_IS_OK(ntstatus)) {
if (NT_STATUS_EQUAL(ntstatus,NT_STATUS_PATH_NOT_COVERED)) {
reply_botherror(req, NT_STATUS_PATH_NOT_COVERED,
@@ -2450,6 +2468,7 @@ total_data=%u (should be %u)\n", (unsigned
int)total_data, (unsigned int)IVAL(pd
needed as lanman2 assumes these are being saved between calls */
ntstatus = dptr_create(conn,
+ req,
NULL, /* fsp */
directory,
False,
@@ -2465,6 +2484,12 @@ total_data=%u (should be %u)\n", (unsigned
int)total_data, (unsigned int)IVAL(pd
goto out;
}
+ if (backup_priv) {
+ /* Remember this in case we have
+ to do a findnext. */
+ dptr_set_priv(dirptr);
+ }
+
dptr_num = dptr_dnum(dirptr);
DEBUG(4,("dptr_num is %d, wcard = %s, attr = %d\n", dptr_num, mask,
dirtype));
@@ -2591,6 +2616,11 @@ total_data=%u (should be %u)\n", (unsigned
int)total_data, (unsigned int)IVAL(pd
name_to_8_3(mask, mangled_name, True, conn->params);
}
out:
+
+ if (backup_priv) {
+ unbecome_root();
+ }
+
TALLOC_FREE(smb_dname);
return;
}
@@ -2640,6 +2670,7 @@ static void call_trans2findnext(connection_struct *conn,
TALLOC_CTX *ctx = talloc_tos();
struct dptr_struct *dirptr;
struct smbd_server_connection *sconn = req->sconn;
+ bool backup_priv = false;
if (total_params < 13) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -2782,10 +2813,14 @@ total_data=%u (should be %u)\n", (unsigned
int)total_data, (unsigned int)IVAL(pd
/* Get the attr mask from the dptr */
dirtype = dptr_attr(sconn, dptr_num);
- DEBUG(3,("dptr_num is %d, mask = %s, attr = %x, dirptr=(0x%lX,%ld)\n",
+ backup_priv = dptr_get_priv(dirptr);
+
+ DEBUG(3,("dptr_num is %d, mask = %s, attr = %x, dirptr=(0x%lX,%ld) "
+ "backup_priv = %d\n",
dptr_num, mask, dirtype,
(long)dirptr,
- dptr_TellDir(dirptr)));
+ dptr_TellDir(dirptr),
+ (int)backup_priv));
/* Initialize per TRANS2_FIND_NEXT operation data */
dptr_init_search_op(dirptr);
@@ -2802,6 +2837,10 @@ total_data=%u (should be %u)\n", (unsigned
int)total_data, (unsigned int)IVAL(pd
space_remaining = max_data_bytes;
out_of_space = False;
+ if (backup_priv) {
+ become_root();
+ }
+
/*
--
Samba Shared Repository
