static int atalk_chmod(struct vfs_handle_struct *handle, struct connection_struct *conn, const char *path, mode_t mode)
{
int ret = 0;
char *adbl_path = 0;
char *orig_path = 0;
SMB_STRUCT_STAT adbl_info;
SMB_STRUCT_STAT orig_info;
TALLOC_CTX *ctx;
ret = SMB_VFS_NEXT_CHMOD(handle, conn, path, mode);
if (!conn || !path) return ret;
if (!(ctx = talloc_init("chmod_file")))
return ret;
if (atalk_build_paths(ctx, conn->origpath, path, &adbl_path, &orig_path,
&adbl_info, &orig_info) != 0)
return ret;
if (!S_ISDIR(orig_info.st_mode) && !S_ISREG(orig_info.st_mode)) {
DEBUG(3, ("ATALK: %s has passed..\n", orig_path));
goto exit_chmod;
}
chmod(adbl_path, ADOUBLEMODE);
exit_chmod:
talloc_destroy(ctx);
return ret;
}
static int chmod_acl_module_common(struct vfs_handle_struct *handle,
const char *path, mode_t mode)
{
if (lp_posix_pathnames()) {
/* Only allow this on POSIX pathnames. */
return SMB_VFS_NEXT_CHMOD(handle, path, mode);
}
return 0;
}
static int audit_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
{
int result;
result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
path, mode,
(result < 0) ? "failed: " : "",
(result < 0) ? strerror(errno) : "");
return result;
}
static int audit_chmod(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode)
{
int result;
result = SMB_VFS_NEXT_CHMOD(handle, smb_fname, mode);
syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
smb_fname->base_name, mode,
(result < 0) ? "failed: " : "",
(result < 0) ? strerror(errno) : "");
return result;
}
static int audit_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
{
int result;
result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
if (lp_syslog() > 0) {
syslog(audit_syslog_priority(handle), "chmod %s mode 0x%x %s%s\n",
path, mode,
(result < 0) ? "failed: " : "",
(result < 0) ? strerror(errno) : "");
}
DEBUG(1, ("vfs_extd_audit: chmod %s mode 0x%x %s %s\n",
path, (unsigned int)mode,
(result < 0) ? "failed: " : "",
(result < 0) ? strerror(errno) : ""));
return result;
}
static int atalk_chmod(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode)
{
int ret = 0;
int ret1 = 0;
char *adbl_path = 0;
char *orig_path = 0;
SMB_STRUCT_STAT adbl_info;
SMB_STRUCT_STAT orig_info;
TALLOC_CTX *ctx;
ret = SMB_VFS_NEXT_CHMOD(handle, smb_fname, mode);
if (!(ctx = talloc_init("chmod_file")))
return ret;
ret1 = atalk_build_paths(ctx,
handle->conn->cwd,
smb_fname->base_name,
&adbl_path,
&orig_path,
&adbl_info,
&orig_info);
if (ret1 != 0) {
goto exit_chmod;
}
if (!S_ISDIR(orig_info.st_ex_mode) && !S_ISREG(orig_info.st_ex_mode)) {
DEBUG(3, ("ATALK: %s has passed..\n", orig_path));
goto exit_chmod;
}
chmod(adbl_path, ADOUBLEMODE);
exit_chmod:
talloc_destroy(ctx);
return ret;
}
static int skel_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
{
return SMB_VFS_NEXT_CHMOD(handle, path, mode);
}
static int cap_chmod(vfs_handle_struct *handle, connection_struct *conn, const char *path, mode_t mode)
{
pstring cappath;
capencode(cappath, path);
return SMB_VFS_NEXT_CHMOD(handle, conn, cappath, mode);
}
static NTSTATUS nfs4acl_xattr_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info_sent,
const struct security_descriptor *psd)
{
struct nfs4acl_config *config = NULL;
const struct security_token *token = NULL;
mode_t existing_mode;
mode_t expected_mode;
mode_t restored_mode;
bool chown_needed = false;
NTSTATUS status;
int ret;
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct nfs4acl_config,
return NT_STATUS_INTERNAL_ERROR);
if (!VALID_STAT(fsp->fsp_name->st)) {
DBG_ERR("Invalid stat info on [%s]\n", fsp_str_dbg(fsp));
return NT_STATUS_INTERNAL_ERROR;
}
existing_mode = fsp->fsp_name->st.st_ex_mode;
if (S_ISDIR(existing_mode)) {
expected_mode = 0777;
} else {
expected_mode = 0666;
}
if ((existing_mode & expected_mode) != expected_mode) {
int saved_errno = 0;
restored_mode = existing_mode | expected_mode;
become_root();
if (fsp->fh->fd != -1) {
ret = SMB_VFS_NEXT_FCHMOD(handle,
fsp,
restored_mode);
} else {
ret = SMB_VFS_NEXT_CHMOD(handle,
fsp->fsp_name,
restored_mode);
}
if (ret != 0) {
saved_errno = errno;
}
unbecome_root();
if (saved_errno != 0) {
errno = saved_errno;
}
if (ret != 0) {
DBG_ERR("Resetting POSIX mode on [%s] from [0%o]: %s\n",
fsp_str_dbg(fsp), existing_mode,
strerror(errno));
return map_nt_error_from_unix(errno);
}
}
status = smb_set_nt_acl_nfs4(handle,
fsp,
&config->nfs4_params,
security_info_sent,
psd,
nfs4acl_smb4acl_set_fn);
if (NT_STATUS_IS_OK(status)) {
return NT_STATUS_OK;
}
/*
* We got access denied. If we're already root, or we didn't
* need to do a chown, or the fsp isn't open with WRITE_OWNER
* access, just return.
*/
if ((security_info_sent & SECINFO_OWNER) &&
(psd->owner_sid != NULL))
{
chown_needed = true;
}
if ((security_info_sent & SECINFO_GROUP) &&
(psd->group_sid != NULL))
{
chown_needed = true;
}
if (get_current_uid(handle->conn) == 0 ||
chown_needed == false ||
!(fsp->access_mask & SEC_STD_WRITE_OWNER))
{
return NT_STATUS_ACCESS_DENIED;
}
/*
* Only allow take-ownership, not give-ownership. That's the way Windows
* implements SEC_STD_WRITE_OWNER. MS-FSA 2.1.5.16 just states: If
* InputBuffer.OwnerSid is not a valid owner SID for a file in the
* objectstore, as determined in an implementation specific manner, the
* object store MUST return STATUS_INVALID_OWNER.
*/
token = get_current_nttok(fsp->conn);
if (!security_token_is_sid(token, psd->owner_sid)) {
return NT_STATUS_INVALID_OWNER;
}
DBG_DEBUG("overriding chown on file %s for sid %s\n",
fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid));
become_root();
status = smb_set_nt_acl_nfs4(handle,
fsp,
&config->nfs4_params,
security_info_sent,
psd,
nfs4acl_smb4acl_set_fn);
unbecome_root();
return status;
}
