Changeset 221 for branches/samba-3.3.x/source/smbd
- Timestamp:
- May 24, 2009, 7:17:10 AM (16 years ago)
- Location:
- branches/samba-3.3.x/source/smbd
- Files:
-
- 10 edited
-
close.c (modified) (1 diff)
-
connection.c (modified) (1 diff)
-
dnsregister.c (modified) (2 diffs)
-
file_access.c (modified) (1 diff)
-
filename.c (modified) (5 diffs)
-
open.c (modified) (11 diffs)
-
posix_acls.c (modified) (18 diffs)
-
reply.c (modified) (5 diffs)
-
server.c (modified) (2 diffs)
-
sesssetup.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/source/smbd/close.c
r206 r221 168 168 ****************************************************************************/ 169 169 170 staticNTSTATUS delete_all_streams(connection_struct *conn, const char *fname)170 NTSTATUS delete_all_streams(connection_struct *conn, const char *fname) 171 171 { 172 172 struct stream_struct *stream_info; -
branches/samba-3.3.x/source/smbd/connection.c
r206 r221 242 242 243 243 snprintf( key_string, sizeof(key_string), "%s/%d/%d", 244 prec->name, procid_to_pid(&prec->pid), prec->pnum );244 prec->name, (int)procid_to_pid(&prec->pid), prec->pnum ); 245 245 246 246 *kbuf = string_term_tdb_data(talloc_strdup(prec, key_string)); -
branches/samba-3.3.x/source/smbd/dnsregister.c
r206 r221 66 66 static void dns_register_smbd_retry(struct event_context *ctx, 67 67 struct timed_event *te, 68 const struct timeval *now,68 struct timeval now, 69 69 void *private_data) 70 70 { … … 86 86 NULL, 87 87 timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0), 88 "DNS registration handler",89 88 dns_register_smbd_retry, 90 89 dns_state); -
branches/samba-3.3.x/source/smbd/file_access.c
r206 r221 117 117 * not help, by the DELETE_CHILD bit on the containing directory. 118 118 * 119 * Here we check the other way round because with just posix 120 * permissions looking at the file itself will never grant DELETE, so 121 * by looking at the directory first we save one get_acl call. 119 * Here we only check the directory permissions, we will 120 * check the file DELETE permission separately. 122 121 */ 123 122 124 if (can_access_file_acl(conn, dname, FILE_DELETE_CHILD)) { 125 return true; 126 } 127 128 return can_access_file_acl(conn, fname, DELETE_ACCESS); 123 return can_access_file_acl(conn, dname, FILE_DELETE_CHILD); 129 124 } 130 125 -
branches/samba-3.3.x/source/smbd/filename.c
r206 r221 127 127 bool component_was_mangled = False; 128 128 bool name_has_wildcard = False; 129 bool posix_pathnames = false; 129 130 NTSTATUS result; 131 int ret = -1; 130 132 131 133 SET_STAT_INVALID(*pst); … … 226 228 } 227 229 228 if (!lp_posix_pathnames()) { 230 posix_pathnames = lp_posix_pathnames(); 231 232 if (!posix_pathnames) { 229 233 stream = strchr_m(name, ':'); 230 234 … … 269 273 */ 270 274 271 if (SMB_VFS_STAT(conn,name,&st) == 0) { 275 if (posix_pathnames) { 276 ret = SMB_VFS_LSTAT(conn,name,&st); 277 } else { 278 ret = SMB_VFS_STAT(conn,name,&st); 279 } 280 281 if (ret == 0) { 272 282 /* Ensure we catch all names with in "/." 273 283 this is disallowed under Windows. */ … … 381 391 */ 382 392 383 if (SMB_VFS_STAT(conn,name, &st) == 0) { 393 if (posix_pathnames) { 394 ret = SMB_VFS_LSTAT(conn,name, &st); 395 } else { 396 ret = SMB_VFS_STAT(conn,name, &st); 397 } 398 399 if (ret == 0) { 384 400 /* 385 401 * It exists. it must either be a directory or this must … … 599 615 */ 600 616 601 if (SMB_VFS_STAT(conn,name, &st) == 0) { 617 if (posix_pathnames) { 618 ret = SMB_VFS_LSTAT(conn,name, &st); 619 } else { 620 ret = SMB_VFS_STAT(conn,name, &st); 621 } 622 623 if (ret == 0) { 602 624 *pst = st; 603 625 } else { -
branches/samba-3.3.x/source/smbd/open.c
r206 r221 51 51 static NTSTATUS check_open_rights(struct connection_struct *conn, 52 52 const char *fname, 53 uint32_t access_mask) 53 uint32_t access_mask, 54 uint32_t *access_granted) 54 55 { 55 56 /* Check if we have rights to open. */ 56 57 NTSTATUS status; 57 uint32_t access_granted = 0;58 58 struct security_descriptor *sd; 59 60 *access_granted = 0; 59 61 60 62 status = SMB_VFS_GET_NT_ACL(conn, fname, … … 74 76 conn->server_info->ptok, 75 77 access_mask, 76 &access_granted);78 access_granted); 77 79 78 80 TALLOC_FREE(sd); 81 82 DEBUG(10,("check_open_rights: file %s requesting " 83 "0x%x returning 0x%x (%s)\n", 84 fname, 85 (unsigned int)access_mask, 86 (unsigned int)*access_granted, 87 nt_errstr(status) )); 88 79 89 return status; 80 90 } … … 399 409 fsp->fh->fd = -1; /* What we used to call a stat open. */ 400 410 if (file_existed) { 411 uint32_t access_granted = 0; 412 401 413 status = check_open_rights(conn, 402 414 path, 403 access_mask); 415 access_mask, 416 &access_granted); 404 417 if (!NT_STATUS_IS_OK(status)) { 405 DEBUG(10, ("open_file: Access denied on " 406 "file %s\n", 407 path)); 408 return status; 418 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { 419 if ((access_mask & DELETE_ACCESS) && 420 (access_granted == DELETE_ACCESS) && 421 can_delete_file_in_directory(conn, path)) { 422 /* Were we trying to do a stat open 423 * for delete and didn't get DELETE 424 * access (only) ? Check if the 425 * directory allows DELETE_CHILD. 426 * See here: 427 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx 428 * for details. */ 429 430 DEBUG(10,("open_file: overrode ACCESS_DENIED " 431 "on file %s\n", 432 path )); 433 } else { 434 DEBUG(10, ("open_file: Access denied on " 435 "file %s\n", 436 path)); 437 return status; 438 } 439 } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) && 440 fsp->posix_open && 441 S_ISLNK(psbuf->st_mode)) { 442 /* This is a POSIX stat open for delete 443 * or rename on a symlink that points 444 * nowhere. Allow. */ 445 DEBUG(10, ("open_file: allowing POSIX open " 446 "on bad symlink %s\n", 447 path )); 448 } else { 449 DEBUG(10, ("open_file: check_open_rights " 450 "on file %s returned %s\n", 451 path, nt_errstr(status) )); 452 return status; 453 } 409 454 } 410 455 } … … 1314 1359 bool posix_open = False; 1315 1360 bool new_file_created = False; 1361 bool clear_ads = false; 1316 1362 struct file_id id; 1317 1363 NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED; … … 1367 1413 "unix mode=0%o oplock_request=%d\n", 1368 1414 fname, new_dos_attributes, access_mask, share_access, 1369 create_disposition, create_options, unx_mode,1415 create_disposition, create_options, (unsigned int)unx_mode, 1370 1416 oplock_request)); 1371 1417 … … 1446 1492 * exist create. */ 1447 1493 flags2 |= (O_CREAT | O_TRUNC); 1494 clear_ads = true; 1448 1495 break; 1449 1496 … … 1452 1499 * exist create. */ 1453 1500 flags2 |= (O_CREAT | O_TRUNC); 1501 clear_ads = true; 1454 1502 break; 1455 1503 … … 1476 1524 } 1477 1525 flags2 |= O_TRUNC; 1526 clear_ads = true; 1478 1527 break; 1479 1528 … … 1908 1957 1909 1958 SMB_ASSERT(lck != NULL); 1959 1960 /* Delete streams if create_disposition requires it */ 1961 if (file_existed && clear_ads && !is_ntfs_stream_name(fname)) { 1962 status = delete_all_streams(conn, fname); 1963 if (!NT_STATUS_IS_OK(status)) { 1964 TALLOC_FREE(lck); 1965 fd_close(fsp); 1966 return status; 1967 } 1968 } 1910 1969 1911 1970 /* note that we ignore failure for the following. It is … … 2399 2458 2400 2459 if (info == FILE_WAS_OPENED) { 2460 uint32_t access_granted = 0; 2401 2461 status = check_open_rights(conn, 2402 2462 fname, 2403 access_mask); 2463 access_mask, 2464 &access_granted); 2404 2465 if (!NT_STATUS_IS_OK(status)) { 2405 2466 DEBUG(10, ("open_directory: check_open_rights on " … … 2820 2881 && (share_access & FILE_SHARE_DELETE) 2821 2882 && (access_mask & DELETE_ACCESS) 2822 && (!can_delete_file_in_directory(conn, fname))) { 2883 && (!(can_delete_file_in_directory(conn, fname) || 2884 can_access_file_acl(conn, fname, DELETE_ACCESS)))) { 2823 2885 status = NT_STATUS_ACCESS_DENIED; 2886 DEBUG(10,("create_file_unixpath: open file %s " 2887 "for delete ACCESS_DENIED\n", fname )); 2824 2888 goto fail; 2825 2889 } -
branches/samba-3.3.x/source/smbd/posix_acls.c
r206 r221 564 564 ****************************************************************************/ 565 565 566 static size_t count_canon_ace_list( canon_ace *l ist_head )566 static size_t count_canon_ace_list( canon_ace *l_head ) 567 567 { 568 568 size_t count = 0; 569 569 canon_ace *ace; 570 570 571 for (ace = l ist_head; ace; ace = ace->next)571 for (ace = l_head; ace; ace = ace->next) 572 572 count++; 573 573 … … 579 579 ****************************************************************************/ 580 580 581 static void free_canon_ace_list( canon_ace *l ist_head )581 static void free_canon_ace_list( canon_ace *l_head ) 582 582 { 583 583 canon_ace *list, *next; 584 584 585 for (list = l ist_head; list; list = next) {585 for (list = l_head; list; list = next) { 586 586 next = list->next; 587 DLIST_REMOVE(l ist_head, list);587 DLIST_REMOVE(l_head, list); 588 588 SAFE_FREE(list); 589 589 } … … 761 761 static void merge_aces( canon_ace **pp_list_head ) 762 762 { 763 canon_ace *l ist_head = *pp_list_head;763 canon_ace *l_head = *pp_list_head; 764 764 canon_ace *curr_ace_outer; 765 765 canon_ace *curr_ace_outer_next; … … 770 770 */ 771 771 772 for (curr_ace_outer = l ist_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {772 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) { 773 773 canon_ace *curr_ace; 774 774 canon_ace *curr_ace_next; … … 792 792 793 793 curr_ace_outer->perms |= curr_ace->perms; 794 DLIST_REMOVE(l ist_head, curr_ace);794 DLIST_REMOVE(l_head, curr_ace); 795 795 SAFE_FREE(curr_ace); 796 796 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */ … … 805 805 */ 806 806 807 for (curr_ace_outer = l ist_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {807 for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) { 808 808 canon_ace *curr_ace; 809 809 canon_ace *curr_ace_next; … … 837 837 */ 838 838 839 DLIST_REMOVE(l ist_head, curr_ace);839 DLIST_REMOVE(l_head, curr_ace); 840 840 SAFE_FREE(curr_ace); 841 841 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */ … … 853 853 */ 854 854 855 DLIST_REMOVE(l ist_head, curr_ace_outer);855 DLIST_REMOVE(l_head, curr_ace_outer); 856 856 SAFE_FREE(curr_ace_outer); 857 857 break; … … 864 864 /* We may have modified the list. */ 865 865 866 *pp_list_head = l ist_head;866 *pp_list_head = l_head; 867 867 } 868 868 … … 2148 2148 static void arrange_posix_perms(const char *filename, canon_ace **pp_list_head) 2149 2149 { 2150 canon_ace *l ist_head = *pp_list_head;2150 canon_ace *l_head = *pp_list_head; 2151 2151 canon_ace *owner_ace = NULL; 2152 2152 canon_ace *other_ace = NULL; 2153 2153 canon_ace *ace = NULL; 2154 2154 2155 for (ace = l ist_head; ace; ace = ace->next) {2155 for (ace = l_head; ace; ace = ace->next) { 2156 2156 if (ace->type == SMB_ACL_USER_OBJ) 2157 2157 owner_ace = ace; … … 2174 2174 2175 2175 if (owner_ace) { 2176 DLIST_PROMOTE(l ist_head, owner_ace);2176 DLIST_PROMOTE(l_head, owner_ace); 2177 2177 } 2178 2178 2179 2179 if (other_ace) { 2180 DLIST_DEMOTE(l ist_head, other_ace, canon_ace *);2180 DLIST_DEMOTE(l_head, other_ace, canon_ace *); 2181 2181 } 2182 2182 2183 2183 /* We have probably changed the head of the list. */ 2184 2184 2185 *pp_list_head = l ist_head;2185 *pp_list_head = l_head; 2186 2186 } 2187 2187 … … 2196 2196 { 2197 2197 mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR); 2198 canon_ace *l ist_head = NULL;2198 canon_ace *l_head = NULL; 2199 2199 canon_ace *ace = NULL; 2200 2200 canon_ace *next_ace = NULL; … … 2300 2300 ace->inherited = get_inherited_flag(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT)); 2301 2301 2302 DLIST_ADD(l ist_head, ace);2302 DLIST_ADD(l_head, ace); 2303 2303 } 2304 2304 … … 2307 2307 */ 2308 2308 2309 if (!ensure_canon_entry_valid(&l ist_head, conn->params,2309 if (!ensure_canon_entry_valid(&l_head, conn->params, 2310 2310 S_ISDIR(psbuf->st_mode), powner, pgroup, 2311 2311 psbuf, False)) … … 2319 2319 DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", the_acl_type == SMB_ACL_TYPE_ACCESS ? "Access" : "Default" )); 2320 2320 2321 for ( ace_count = 0, ace = l ist_head; ace; ace = next_ace, ace_count++) {2321 for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) { 2322 2322 next_ace = ace->next; 2323 2323 … … 2327 2327 2328 2328 if (ace->perms == 0) { 2329 DLIST_PROMOTE(l ist_head, ace);2329 DLIST_PROMOTE(l_head, ace); 2330 2330 } 2331 2331 … … 2335 2335 } 2336 2336 2337 arrange_posix_perms(fname,&l ist_head );2338 2339 print_canon_ace_list( "canonicalise_acl: ace entries after arrange", l ist_head );2340 2341 return l ist_head;2337 arrange_posix_perms(fname,&l_head ); 2338 2339 print_canon_ace_list( "canonicalise_acl: ace entries after arrange", l_head ); 2340 2341 return l_head; 2342 2342 2343 2343 fail: 2344 2344 2345 free_canon_ace_list(l ist_head);2345 free_canon_ace_list(l_head); 2346 2346 return NULL; 2347 2347 } … … 4046 4046 SMB_ACL_T def_acl = NULL; 4047 4047 4048 if (num_def_acls && !S_ISDIR(psbuf->st_mode)) { 4049 DEBUG(5,("set_unix_posix_default_acl: Can't set default ACL on non-directory file %s\n", fname )); 4050 errno = EISDIR; 4051 return False; 4048 if (!S_ISDIR(psbuf->st_mode)) { 4049 if (num_def_acls) { 4050 DEBUG(5,("set_unix_posix_default_acl: Can't set default ACL on non-directory file %s\n", fname )); 4051 errno = EISDIR; 4052 return False; 4053 } else { 4054 return True; 4055 } 4052 4056 } 4053 4057 -
branches/samba-3.3.x/source/smbd/reply.c
r206 r221 5615 5615 } 5616 5616 } else { 5617 if (SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf) == -1) { 5617 int ret = -1; 5618 if (fsp->posix_open) { 5619 ret = SMB_VFS_LSTAT(conn,fsp->fsp_name,&sbuf); 5620 } else { 5621 ret = SMB_VFS_STAT(conn,fsp->fsp_name,&sbuf); 5622 } 5623 if (ret == -1) { 5618 5624 return map_nt_error_from_unix(errno); 5619 5625 } … … 5719 5725 const char *dname; 5720 5726 long offset = 0; 5727 bool posix_pathnames = lp_posix_pathnames(); 5721 5728 5722 5729 ZERO_STRUCT(sbuf1); … … 5830 5837 5831 5838 ZERO_STRUCT(sbuf1); 5832 SMB_VFS_STAT(conn, directory, &sbuf1); 5839 if (posix_pathnames) { 5840 SMB_VFS_LSTAT(conn, directory, &sbuf1); 5841 } else { 5842 SMB_VFS_STAT(conn, directory, &sbuf1); 5843 } 5833 5844 5834 5845 status = S_ISDIR(sbuf1.st_mode) ? 5835 5846 open_directory(conn, req, directory, &sbuf1, 5836 access_mask, 5837 FILE_SHARE_READ|FILE_SHARE_WRITE, 5838 FILE_OPEN, 0, 0, NULL, 5839 &fsp) 5847 access_mask, 5848 FILE_SHARE_READ|FILE_SHARE_WRITE, 5849 FILE_OPEN, 5850 0, 5851 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, 5852 NULL, 5853 &fsp) 5840 5854 : open_file_ntcreate(conn, req, directory, &sbuf1, 5841 access_mask, 5842 FILE_SHARE_READ|FILE_SHARE_WRITE, 5843 FILE_OPEN, 0, 0, 0, NULL, 5844 &fsp); 5855 access_mask, 5856 FILE_SHARE_READ|FILE_SHARE_WRITE, 5857 FILE_OPEN, 5858 0, 5859 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, 5860 0, 5861 NULL, 5862 &fsp); 5845 5863 5846 5864 if (!NT_STATUS_IS_OK(status)) { … … 5934 5952 5935 5953 ZERO_STRUCT(sbuf1); 5936 SMB_VFS_STAT(conn, fname, &sbuf1); 5954 if (posix_pathnames) { 5955 SMB_VFS_LSTAT(conn, fname, &sbuf1); 5956 } else { 5957 SMB_VFS_STAT(conn, fname, &sbuf1); 5958 } 5937 5959 5938 5960 status = S_ISDIR(sbuf1.st_mode) ? 5939 5961 open_directory(conn, req, fname, &sbuf1, 5940 access_mask, 5941 FILE_SHARE_READ|FILE_SHARE_WRITE, 5942 FILE_OPEN, 0, 0, NULL, 5943 &fsp) 5962 access_mask, 5963 FILE_SHARE_READ|FILE_SHARE_WRITE, 5964 FILE_OPEN, 5965 0, 5966 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, 5967 NULL, 5968 &fsp) 5944 5969 : open_file_ntcreate(conn, req, fname, &sbuf1, 5945 access_mask, 5946 FILE_SHARE_READ|FILE_SHARE_WRITE, 5947 FILE_OPEN, 0, 0, 0, NULL, 5948 &fsp); 5970 access_mask, 5971 FILE_SHARE_READ|FILE_SHARE_WRITE, 5972 FILE_OPEN, 5973 0, 5974 posix_pathnames ? FILE_FLAG_POSIX_SEMANTICS|0777 : 0, 5975 0, 5976 NULL, 5977 &fsp); 5949 5978 5950 5979 if (!NT_STATUS_IS_OK(status)) { … … 7124 7153 } 7125 7154 } else { 7126 if (SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf) == -1) { 7155 int ret = -1; 7156 7157 if (fsp->posix_open) { 7158 ret = SMB_VFS_LSTAT(conn, fsp->fsp_name, &sbuf); 7159 } else { 7160 ret = SMB_VFS_STAT(conn, fsp->fsp_name, &sbuf); 7161 } 7162 if (ret == -1) { 7127 7163 status = map_nt_error_from_unix(errno); 7128 7164 reply_nterror(req, status); -
branches/samba-3.3.x/source/smbd/server.c
r206 r221 300 300 if they can grab any of the pending locks 301 301 */ 302 DEBUG(3,(__location__ " Unclean shutdown of pid %u\n", pid));302 DEBUG(3,(__location__ " Unclean shutdown of pid %u\n", (unsigned int)pid)); 303 303 messaging_send_buf(smbd_messaging_context(), procid_self(), 304 304 MSG_SMB_BRL_VALIDATE, NULL, 0); … … 1439 1439 1440 1440 if (*lp_rootdir()) { 1441 if (sys_chroot(lp_rootdir()) == 0) 1442 DEBUG(2,("Changed root to %s\n", lp_rootdir())); 1441 if (sys_chroot(lp_rootdir()) != 0) { 1442 DEBUG(0,("Failed to change root to %s\n", lp_rootdir())); 1443 exit(1); 1444 } 1445 if (chdir("/") == -1) { 1446 DEBUG(0,("Failed to chdir to / on chroot to %s\n", lp_rootdir())); 1447 exit(1); 1448 } 1449 DEBUG(0,("Changed root to %s\n", lp_rootdir())); 1443 1450 } 1444 1451 -
branches/samba-3.3.x/source/smbd/sesssetup.c
r206 r221 1357 1357 } 1358 1358 1359 DEBUG(0,("shutdown_other_smbds: shutting down pid % d"1360 "(IP %s)\n", procid_to_pid(&crec->pid), ip));1359 DEBUG(0,("shutdown_other_smbds: shutting down pid %u " 1360 "(IP %s)\n", (unsigned int)procid_to_pid(&crec->pid), ip)); 1361 1361 1362 1362 messaging_send(smbd_messaging_context(), crec->pid, MSG_SHUTDOWN,
Note:
See TracChangeset
for help on using the changeset viewer.
