static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
uint32_t security_info_sent, const struct security_descriptor *orig_psd)
{
NTSTATUS status;
DATA_BLOB blob;
struct security_descriptor *pdesc_next = NULL;
struct security_descriptor *psd = NULL;
uint8_t hash[XATTR_SD_HASH_SIZE];
bool chown_needed = false;
if (DEBUGLEVEL >= 10) {
DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n",
fsp_str_dbg(fsp)));
NDR_PRINT_DEBUG(security_descriptor,
discard_const_p(struct security_descriptor, orig_psd));
}
status = get_nt_acl_internal(handle, fsp,
NULL,
SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL,
&psd);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
psd->revision = orig_psd->revision;
/* All our SD's are self relative. */
psd->type = orig_psd->type | SEC_DESC_SELF_RELATIVE;
if ((security_info_sent & SECINFO_OWNER) && (orig_psd->owner_sid != NULL)) {
if (!dom_sid_equal(orig_psd->owner_sid, psd->owner_sid)) {
/* We're changing the owner. */
chown_needed = true;
}
psd->owner_sid = orig_psd->owner_sid;
}
if ((security_info_sent & SECINFO_GROUP) && (orig_psd->group_sid != NULL)) {
if (!dom_sid_equal(orig_psd->group_sid, psd->group_sid)) {
/* We're changing the group. */
chown_needed = true;
}
psd->group_sid = orig_psd->group_sid;
}
if (security_info_sent & SECINFO_DACL) {
psd->dacl = orig_psd->dacl;
psd->type |= SEC_DESC_DACL_PRESENT;
}
if (security_info_sent & SECINFO_SACL) {
psd->sacl = orig_psd->sacl;
psd->type |= SEC_DESC_SACL_PRESENT;
}
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
if (!NT_STATUS_IS_OK(status)) {
if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
return status;
}
/* We got access denied here. If we're already root,
or we didn't need to do a chown, or the fsp isn't
open with WRITE_OWNER access, just return. */
if (get_current_uid(handle->conn) == 0 ||
chown_needed == false ||
!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
return NT_STATUS_ACCESS_DENIED;
}
DEBUG(10,("fset_nt_acl_common: overriding chown on file %s "
"for sid %s\n",
fsp_str_dbg(fsp),
sid_string_tos(psd->owner_sid)
));
/* Ok, we failed to chown and we have
SEC_STD_WRITE_OWNER access - override. */
become_root();
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp,
security_info_sent, psd);
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
/* Get the full underlying sd, then hash. */
status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
fsp,
HASH_SECURITY_INFO,
&pdesc_next);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
status = hash_sd_sha256(pdesc_next, hash);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (DEBUGLEVEL >= 10) {
DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n",
fsp_str_dbg(fsp)));
NDR_PRINT_DEBUG(security_descriptor,
discard_const_p(struct security_descriptor, psd));
}
create_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash);
store_acl_blob_fsp(handle, fsp, &blob);
return NT_STATUS_OK;
}
bool can_delete_file_in_directory(connection_struct *conn,
const struct smb_filename *smb_fname)
{
TALLOC_CTX *ctx = talloc_tos();
char *dname = NULL;
struct smb_filename *smb_fname_parent = NULL;
NTSTATUS status;
bool ret;
if (!CAN_WRITE(conn)) {
return False;
}
if (!lp_acl_check_permissions(SNUM(conn))) {
/* This option means don't check. */
return true;
}
/* Get the parent directory permission mask and owners. */
if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) {
return False;
}
status = create_synthetic_smb_fname(ctx, dname, NULL, NULL,
&smb_fname_parent);
if (!NT_STATUS_IS_OK(status)) {
ret = false;
goto out;
}
if(SMB_VFS_STAT(conn, smb_fname_parent) != 0) {
ret = false;
goto out;
}
/* fast paths first */
if (!S_ISDIR(smb_fname_parent->st.st_ex_mode)) {
ret = false;
goto out;
}
if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
ret = true;
goto out;
}
#ifdef S_ISVTX
/* sticky bit means delete only by owner of file or by root or
* by owner of directory. */
if (smb_fname_parent->st.st_ex_mode & S_ISVTX) {
if (!VALID_STAT(smb_fname->st)) {
/* If the file doesn't already exist then
* yes we'll be able to delete it. */
ret = true;
goto out;
}
/*
* Patch from SATOH Fumiyasu <*****@*****.**>
* for bug #3348. Don't assume owning sticky bit
* directory means write access allowed.
* Fail to delete if we're not the owner of the file,
* or the owner of the directory as we have no possible
* chance of deleting. Otherwise, go on and check the ACL.
*/
if ((get_current_uid(conn) !=
smb_fname_parent->st.st_ex_uid) &&
(get_current_uid(conn) != smb_fname->st.st_ex_uid)) {
DEBUG(10,("can_delete_file_in_directory: not "
"owner of file %s or directory %s",
smb_fname_str_dbg(smb_fname),
smb_fname_str_dbg(smb_fname_parent)));
ret = false;
goto out;
}
}
#endif
/* now for ACL checks */
/*
* There's two ways to get the permission to delete a file: First by
* having the DELETE bit on the file itself and second if that does
* not help, by the DELETE_CHILD bit on the containing directory.
*
* Here we only check the directory permissions, we will
* check the file DELETE permission separately.
*/
ret = NT_STATUS_IS_OK(smbd_check_access_rights(conn,
smb_fname_parent,
FILE_DELETE_CHILD));
out:
TALLOC_FREE(dname);
TALLOC_FREE(smb_fname_parent);
return ret;
}
static NTSTATUS nfs4acl_xattr_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info_sent,
const struct security_descriptor *psd)
{
struct nfs4acl_config *config = NULL;
const struct security_token *token = NULL;
mode_t existing_mode;
mode_t expected_mode;
mode_t restored_mode;
bool chown_needed = false;
NTSTATUS status;
int ret;
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct nfs4acl_config,
return NT_STATUS_INTERNAL_ERROR);
if (!VALID_STAT(fsp->fsp_name->st)) {
DBG_ERR("Invalid stat info on [%s]\n", fsp_str_dbg(fsp));
return NT_STATUS_INTERNAL_ERROR;
}
existing_mode = fsp->fsp_name->st.st_ex_mode;
if (S_ISDIR(existing_mode)) {
expected_mode = 0777;
} else {
expected_mode = 0666;
}
if ((existing_mode & expected_mode) != expected_mode) {
int saved_errno = 0;
restored_mode = existing_mode | expected_mode;
become_root();
if (fsp->fh->fd != -1) {
ret = SMB_VFS_NEXT_FCHMOD(handle,
fsp,
restored_mode);
} else {
ret = SMB_VFS_NEXT_CHMOD(handle,
fsp->fsp_name,
restored_mode);
}
if (ret != 0) {
saved_errno = errno;
}
unbecome_root();
if (saved_errno != 0) {
errno = saved_errno;
}
if (ret != 0) {
DBG_ERR("Resetting POSIX mode on [%s] from [0%o]: %s\n",
fsp_str_dbg(fsp), existing_mode,
strerror(errno));
return map_nt_error_from_unix(errno);
}
}
status = smb_set_nt_acl_nfs4(handle,
fsp,
&config->nfs4_params,
security_info_sent,
psd,
nfs4acl_smb4acl_set_fn);
if (NT_STATUS_IS_OK(status)) {
return NT_STATUS_OK;
}
/*
* We got access denied. If we're already root, or we didn't
* need to do a chown, or the fsp isn't open with WRITE_OWNER
* access, just return.
*/
if ((security_info_sent & SECINFO_OWNER) &&
(psd->owner_sid != NULL))
{
chown_needed = true;
}
if ((security_info_sent & SECINFO_GROUP) &&
(psd->group_sid != NULL))
{
chown_needed = true;
}
if (get_current_uid(handle->conn) == 0 ||
chown_needed == false ||
!(fsp->access_mask & SEC_STD_WRITE_OWNER))
{
return NT_STATUS_ACCESS_DENIED;
}
/*
* Only allow take-ownership, not give-ownership. That's the way Windows
* implements SEC_STD_WRITE_OWNER. MS-FSA 2.1.5.16 just states: If
* InputBuffer.OwnerSid is not a valid owner SID for a file in the
* objectstore, as determined in an implementation specific manner, the
* object store MUST return STATUS_INVALID_OWNER.
*/
token = get_current_nttok(fsp->conn);
if (!security_token_is_sid(token, psd->owner_sid)) {
return NT_STATUS_INVALID_OWNER;
}
DBG_DEBUG("overriding chown on file %s for sid %s\n",
fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid));
become_root();
status = smb_set_nt_acl_nfs4(handle,
fsp,
&config->nfs4_params,
security_info_sent,
psd,
nfs4acl_smb4acl_set_fn);
unbecome_root();
return status;
}
