The branch, v3-6-test has been updated
via 005d7c2 Final part of #9374 - Allow smb2.acls torture test to pass
against smbd with a POSIX ACLs backend.
via cc17ce3 More for #9374 - Allow smb2.acls torture test to pass
against smbd with a POSIX ACLs backend.
via 32892d6 Ensure when calculating the access mask for
MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this
doesn't come from the file/directory ACL.
via a115a4e Add comment explaining exactly *why* we don't check
FILE_READ_ATTRIBUTES when evaluating file/directory ACE's.
via 1c7d00e First part of #9374 - Allow smb2.acls torture test to pass
against smbd with a POSIX ACLs backend.
from de2c0f0 Use work around for 'winbind use default domain' only if it
is set
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 005d7c28e35f58d5f8b114fb6234e663a6c30824
Author: Jeremy Allison <j...@samba.org>
Date: Mon Nov 12 16:30:32 2012 -0800
Final part of #9374 - Allow smb2.acls torture test to pass against smbd
with a POSIX ACLs backend.
We need to do the same check for overriding ACCESS_DENIED on DELETE_ACCESS
as we do in smbd/open.c, as the ACL check is duplicated here. This has
been fixed in 4.0.0 and later code.
commit cc17ce366a459bf1cb2207a45e5528ea0167b323
Author: Jeremy Allison <j...@samba.org>
Date: Mon Nov 12 16:26:25 2012 -0800
More for #9374 - Allow smb2.acls torture test to pass against smbd with a
POSIX ACLs backend.
Change can_delete_directory() to can_delete_directory_fsp(), as
we only ever call this from an open directory file handle.
This allows us to use OpenDir_fsp() instead of OpenDir().
OpenDir() re-checks the ACL on the directory, which may
refuse DIR_LIST permissions. OpenDir_fsp() does not. As
this is a file-server internal check to see if the directory
actually contains any files before setting delete on close,
we can ignore the ACL here (Windows does).
commit 32892d6357469287bf9594b269bde5b9ffabd54e
Author: Jeremy Allison <j...@samba.org>
Date: Mon Nov 12 16:22:52 2012 -0800
Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we
add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory
ACL.
If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
commit a115a4e9799e8e5497232a149d4d927308c81a5b
Author: Jeremy Allison <j...@samba.org>
Date: Mon Nov 12 16:21:15 2012 -0800
Add comment explaining exactly *why* we don't check FILE_READ_ATTRIBUTES
when evaluating file/directory ACE's.
If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
commit 1c7d00e8ef48c2cd57d79a00cb26bc56a2979241
Author: Jeremy Allison <j...@samba.org>
Date: Mon Nov 12 16:17:19 2012 -0800
First part of #9374 - Allow smb2.acls torture test to pass against smbd
with a POSIX ACLs backend.
Use the requested access mask before making the fd_open request in
open_directory() rather than faking up an access mask of
FILE_READ_DATA | FILE_READ_ATTRIBUTES.
The underlying ACL may not permit FILE_READ_DATA.
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 3 +--
source3/lib/dummysmbd.c | 3 +--
source3/locking/locking.c | 3 +--
source3/modules/vfs_acl_common.c | 17 ++++++++++++++++-
source3/smbd/dir.c | 15 +++++++++------
source3/smbd/open.c | 20 +++++++++++++++++---
6 files changed, 45 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 720f431..189b286 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1970,8 +1970,7 @@ void cancel_pending_lock_requests_by_fid(files_struct
*fsp,
enum file_close_type close_type);
void send_stat_cache_delete_message(struct messaging_context *msg_ctx,
const char *name);
-NTSTATUS can_delete_directory(struct connection_struct *conn,
- const char *dirname);
+NTSTATUS can_delete_directory_fsp(files_struct *fsp);
bool change_to_root_user(void);
struct event_context *smbd_event_context(void);
void contend_level2_oplocks_begin(files_struct *fsp,
diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c
index 2465e65..0ff0f2e 100644
--- a/source3/lib/dummysmbd.c
+++ b/source3/lib/dummysmbd.c
@@ -44,8 +44,7 @@ void send_stat_cache_delete_message(struct messaging_context
*msg_ctx,
{
}
-NTSTATUS can_delete_directory(struct connection_struct *conn,
- const char *dirname)
+NTSTATUS can_delete_directory_fsp(files_struct *fsp)
{
return NT_STATUS_OK;
}
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 4379847..e60c4a8 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1476,8 +1476,7 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp,
uint32 dosmode)
return NT_STATUS_ACCESS_DENIED;
}
- return can_delete_directory(fsp->conn,
- fsp->fsp_name->base_name);
+ return can_delete_directory_fsp(fsp);
}
return NT_STATUS_OK;
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index a537011..11c34e0 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -646,7 +646,22 @@ static int open_acl_common(vfs_handle_struct *handle,
get_current_nttok(handle->conn),
fsp->access_mask,
&access_granted);
- if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * Check if we need to override ACCESS_DENIED for DELETE_ACCESS.
+ * Do this if we only failed open on DELETE_ACCESS, and
+ * we have permission to delete from the parent directory.
+ */
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
+ (fsp->access_mask & DELETE_ACCESS) &&
+ (access_granted == DELETE_ACCESS) &&
+ can_delete_file_in_directory(handle->conn, smb_fname)) {
+ DEBUG(10,("open_acl_xattr: "
+ "overrode "
+ "DELETE_ACCESS on "
+ "file %s\n",
+ smb_fname_str_dbg(smb_fname)));
+ status = NT_STATUS_OK;
+ } else if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("open_acl_xattr: %s open "
"for access 0x%x (0x%x) "
"refused with error %s\n",
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 9108a80..92be816 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1643,16 +1643,19 @@ bool SearchDir(struct smb_Dir *dirp, const char *name,
long *poffset)
Is this directory empty ?
*****************************************************************/
-NTSTATUS can_delete_directory(struct connection_struct *conn,
- const char *dirname)
+NTSTATUS can_delete_directory_fsp(files_struct *fsp)
{
NTSTATUS status = NT_STATUS_OK;
long dirpos = 0;
const char *dname = NULL;
char *talloced = NULL;
SMB_STRUCT_STAT st;
- struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
- dirname, NULL, 0);
+ struct connection_struct *conn = fsp->conn;
+ struct smb_Dir *dir_hnd = OpenDir_fsp(talloc_tos(),
+ conn,
+ fsp,
+ NULL,
+ 0);
if (!dir_hnd) {
return map_nt_error_from_unix(errno);
@@ -1667,12 +1670,12 @@ NTSTATUS can_delete_directory(struct connection_struct
*conn,
}
}
- if (!is_visible_file(conn, dirname, dname, &st, True)) {
+ if (!is_visible_file(conn, fsp->fsp_name->base_name, dname,
&st, True)) {
TALLOC_FREE(talloced);
continue;
}
- DEBUG(10,("can_delete_directory: got name %s - can't delete\n",
+ DEBUG(10,("can_delete_directory_fsp: got name %s - can't
delete\n",
dname ));
status = NT_STATUS_DIRECTORY_NOT_EMPTY;
break;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 6b94a6d..d10b697 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -58,6 +58,13 @@ NTSTATUS smb1_file_se_access_check(struct connection_struct
*conn,
return NT_STATUS_OK;
}
+ /*
+ * If we can access the path to this file, by
+ * default we have FILE_READ_ATTRIBUTES from the
+ * containing directory. See the section:
+ * "Algorithm to Check Access to an Existing File"
+ * in MS-FSA.pdf.
+ */
return se_access_check(sd,
token,
(access_desired & ~FILE_READ_ATTRIBUTES),
@@ -1416,7 +1423,14 @@ NTSTATUS smbd_calculate_access_mask(connection_struct
*conn,
}
}
- access_mask = access_granted;
+ /*
+ * If we can access the path to this file, by
+ * default we have FILE_READ_ATTRIBUTES from the
+ * containing directory. See the section.
+ * "Algorithm to Check Access to an Existing File"
+ * in MS-FSA.pdf.
+ */
+ access_mask = access_granted | FILE_READ_ATTRIBUTES;
} else {
access_mask = FILE_GENERIC_ALL;
}
@@ -2752,8 +2766,8 @@ static NTSTATUS open_directory(connection_struct *conn,
mtimespec = smb_dname->st.st_ex_mtime;
- /* Temporary access mask used to open the directory fd. */
- fsp->access_mask = FILE_READ_DATA | FILE_READ_ATTRIBUTES;
+ fsp->access_mask = access_mask;
+
#ifdef O_DIRECTORY
status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0);
#else
--
Samba Shared Repository
