source: vendor/3.6.9/source3/smbd/file_access.c

Last change on this file was 746, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated vendor to 3.6.9
File size: 8.1 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 Check access to files based on security descriptors.
4 Copyright (C) Jeremy Allison 2005-2006.
5 Copyright (C) Michael Adam 2007.
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19*/
20
21#include "includes.h"
22#include "system/filesys.h"
23#include "../libcli/security/security.h"
24#include "../librpc/gen_ndr/ndr_security.h"
25#include "smbd/smbd.h"
26
27#undef DBGC_CLASS
28#define DBGC_CLASS DBGC_ACLS
29
30/**
31 * Security descriptor / NT Token level access check function.
32 */
33bool can_access_file_acl(struct connection_struct *conn,
34 const struct smb_filename *smb_fname,
35 uint32_t access_mask)
36{
37 NTSTATUS status;
38 uint32_t access_granted;
39 struct security_descriptor *secdesc = NULL;
40 bool ret;
41
42 if (get_current_uid(conn) == (uid_t)0) {
43 /* I'm sorry sir, I didn't know you were root... */
44 return true;
45 }
46
47 if (access_mask == DELETE_ACCESS &&
48 VALID_STAT(smb_fname->st) &&
49 S_ISLNK(smb_fname->st.st_ex_mode)) {
50 /* We can always delete a symlink. */
51 return true;
52 }
53
54 status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
55 (SECINFO_OWNER |
56 SECINFO_GROUP |
57 SECINFO_DACL),
58 &secdesc);
59 if (!NT_STATUS_IS_OK(status)) {
60 DEBUG(5, ("Could not get acl: %s\n", nt_errstr(status)));
61 ret = false;
62 goto out;
63 }
64
65 status = se_access_check(secdesc, get_current_nttok(conn),
66 access_mask, &access_granted);
67 ret = NT_STATUS_IS_OK(status);
68
69 if (DEBUGLEVEL >= 10) {
70 DEBUG(10,("can_access_file_acl for file %s "
71 "access_mask 0x%x, access_granted 0x%x "
72 "access %s\n",
73 smb_fname_str_dbg(smb_fname),
74 (unsigned int)access_mask,
75 (unsigned int)access_granted,
76 ret ? "ALLOWED" : "DENIED" ));
77 NDR_PRINT_DEBUG(security_descriptor, secdesc);
78 }
79 out:
80 TALLOC_FREE(secdesc);
81 return ret;
82}
83
84/****************************************************************************
85 Actually emulate the in-kernel access checking for delete access. We need
86 this to successfully return ACCESS_DENIED on a file open for delete access.
87****************************************************************************/
88
89bool can_delete_file_in_directory(connection_struct *conn,
90 const struct smb_filename *smb_fname)
91{
92 TALLOC_CTX *ctx = talloc_tos();
93 char *dname = NULL;
94 struct smb_filename *smb_fname_parent = NULL;
95 NTSTATUS status;
96 bool ret;
97
98 if (!CAN_WRITE(conn)) {
99 return False;
100 }
101
102 if (!lp_acl_check_permissions(SNUM(conn))) {
103 /* This option means don't check. */
104 return true;
105 }
106
107 /* Get the parent directory permission mask and owners. */
108 if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) {
109 return False;
110 }
111
112 status = create_synthetic_smb_fname(ctx, dname, NULL, NULL,
113 &smb_fname_parent);
114 if (!NT_STATUS_IS_OK(status)) {
115 ret = false;
116 goto out;
117 }
118
119 if(SMB_VFS_STAT(conn, smb_fname_parent) != 0) {
120 ret = false;
121 goto out;
122 }
123
124 /* fast paths first */
125
126 if (!S_ISDIR(smb_fname_parent->st.st_ex_mode)) {
127 ret = false;
128 goto out;
129 }
130 if (get_current_uid(conn) == (uid_t)0) {
131 /* I'm sorry sir, I didn't know you were root... */
132 ret = true;
133 goto out;
134 }
135
136#ifdef S_ISVTX
137 /* sticky bit means delete only by owner of file or by root or
138 * by owner of directory. */
139 if (smb_fname_parent->st.st_ex_mode & S_ISVTX) {
140 if (!VALID_STAT(smb_fname->st)) {
141 /* If the file doesn't already exist then
142 * yes we'll be able to delete it. */
143 ret = true;
144 goto out;
145 }
146
147 /*
148 * Patch from SATOH Fumiyasu <fumiyas@miraclelinux.com>
149 * for bug #3348. Don't assume owning sticky bit
150 * directory means write access allowed.
151 * Fail to delete if we're not the owner of the file,
152 * or the owner of the directory as we have no possible
153 * chance of deleting. Otherwise, go on and check the ACL.
154 */
155 if ((get_current_uid(conn) !=
156 smb_fname_parent->st.st_ex_uid) &&
157 (get_current_uid(conn) != smb_fname->st.st_ex_uid)) {
158 DEBUG(10,("can_delete_file_in_directory: not "
159 "owner of file %s or directory %s",
160 smb_fname_str_dbg(smb_fname),
161 smb_fname_str_dbg(smb_fname_parent)));
162 ret = false;
163 goto out;
164 }
165 }
166#endif
167
168 /* now for ACL checks */
169
170 /*
171 * There's two ways to get the permission to delete a file: First by
172 * having the DELETE bit on the file itself and second if that does
173 * not help, by the DELETE_CHILD bit on the containing directory.
174 *
175 * Here we only check the directory permissions, we will
176 * check the file DELETE permission separately.
177 */
178
179 ret = can_access_file_acl(conn, smb_fname_parent, FILE_DELETE_CHILD);
180 out:
181 TALLOC_FREE(dname);
182 TALLOC_FREE(smb_fname_parent);
183 return ret;
184}
185
186/****************************************************************************
187 Actually emulate the in-kernel access checking for read/write access. We need
188 this to successfully check for ability to write for dos filetimes.
189 Note this doesn't take into account share write permissions.
190****************************************************************************/
191
192bool can_access_file_data(connection_struct *conn,
193 const struct smb_filename *smb_fname,
194 uint32 access_mask)
195{
196 if (!(access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))) {
197 return False;
198 }
199 access_mask &= (FILE_READ_DATA|FILE_WRITE_DATA);
200
201 /* some fast paths first */
202
203 DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n",
204 (unsigned int)access_mask, smb_fname_str_dbg(smb_fname)));
205
206 if (get_current_uid(conn) == (uid_t)0) {
207 /* I'm sorry sir, I didn't know you were root... */
208 return True;
209 }
210
211 SMB_ASSERT(VALID_STAT(smb_fname->st));
212
213 /* Check primary owner access. */
214 if (get_current_uid(conn) == smb_fname->st.st_ex_uid) {
215 switch (access_mask) {
216 case FILE_READ_DATA:
217 return (smb_fname->st.st_ex_mode & S_IRUSR) ?
218 True : False;
219
220 case FILE_WRITE_DATA:
221 return (smb_fname->st.st_ex_mode & S_IWUSR) ?
222 True : False;
223
224 default: /* FILE_READ_DATA|FILE_WRITE_DATA */
225
226 if ((smb_fname->st.st_ex_mode &
227 (S_IWUSR|S_IRUSR)) ==
228 (S_IWUSR|S_IRUSR)) {
229 return True;
230 } else {
231 return False;
232 }
233 }
234 }
235
236 /* now for ACL checks */
237
238 return can_access_file_acl(conn, smb_fname, access_mask);
239}
240
241/****************************************************************************
242 Userspace check for write access.
243 Note this doesn't take into account share write permissions.
244****************************************************************************/
245
246bool can_write_to_file(connection_struct *conn,
247 const struct smb_filename *smb_fname)
248{
249 return can_access_file_data(conn, smb_fname, FILE_WRITE_DATA);
250}
251
252/****************************************************************************
253 Check for an existing default Windows ACL on a directory.
254****************************************************************************/
255
256bool directory_has_default_acl(connection_struct *conn, const char *fname)
257{
258 /* returns talloced off tos. */
259 struct security_descriptor *secdesc = NULL;
260 unsigned int i;
261 NTSTATUS status = SMB_VFS_GET_NT_ACL(conn, fname,
262 SECINFO_DACL, &secdesc);
263
264 if (!NT_STATUS_IS_OK(status) ||
265 secdesc == NULL ||
266 secdesc->dacl == NULL) {
267 TALLOC_FREE(secdesc);
268 return false;
269 }
270
271 for (i = 0; i < secdesc->dacl->num_aces; i++) {
272 struct security_ace *psa = &secdesc->dacl->aces[i];
273 if (psa->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|
274 SEC_ACE_FLAG_CONTAINER_INHERIT)) {
275 TALLOC_FREE(secdesc);
276 return true;
277 }
278 }
279 TALLOC_FREE(secdesc);
280 return false;
281}
Note: See TracBrowser for help on using the repository browser.