Changeset 232 for branches/samba-3.2.x/source/smbd
- Timestamp:
- May 27, 2009, 9:09:42 AM (16 years ago)
- Location:
- branches/samba-3.2.x/source/smbd
- Files:
-
- 13 edited
-
build_options.c (modified) (5 diffs)
-
close.c (modified) (1 diff)
-
dosmode.c (modified) (2 diffs)
-
nttrans.c (modified) (2 diffs)
-
open.c (modified) (7 diffs)
-
oplock.c (modified) (5 diffs)
-
password.c (modified) (5 diffs)
-
posix_acls.c (modified) (7 diffs)
-
process.c (modified) (1 diff)
-
reply.c (modified) (9 diffs)
-
server.c (modified) (2 diffs)
-
service.c (modified) (1 diff)
-
trans2.c (modified) (9 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.2.x/source/smbd/build_options.c
r228 r232 2002 2002 output(screen, " HAVE_STAT_ST_ATIMENSEC\n"); 2003 2003 #endif 2004 #ifdef HAVE_STAT_ST_ATIMESPEC 2005 output(screen, " HAVE_STAT_ST_ATIMESPEC\n"); 2006 #endif 2007 #ifdef HAVE_STAT_ST_ATIME_N 2008 output(screen, " HAVE_STAT_ST_ATIME_N\n"); 2009 #endif 2004 2010 #ifdef HAVE_STAT_ST_BIRTHTIME 2005 2011 output(screen, " HAVE_STAT_ST_BIRTHTIME\n"); … … 2023 2029 output(screen, " HAVE_STAT_ST_CTIMENSEC\n"); 2024 2030 #endif 2031 #ifdef HAVE_STAT_ST_CTIMESPEC 2032 output(screen, " HAVE_STAT_ST_CTIMESPEC\n"); 2033 #endif 2034 #ifdef HAVE_STAT_ST_CTIME_N 2035 output(screen, " HAVE_STAT_ST_CTIME_N\n"); 2036 #endif 2025 2037 #ifdef HAVE_STAT_ST_FLAGS 2026 2038 output(screen, " HAVE_STAT_ST_FLAGS\n"); … … 2031 2043 #ifdef HAVE_STAT_ST_MTIMENSEC 2032 2044 output(screen, " HAVE_STAT_ST_MTIMENSEC\n"); 2045 #endif 2046 #ifdef HAVE_STAT_ST_MTIMESPEC 2047 output(screen, " HAVE_STAT_ST_MTIMESPEC\n"); 2048 #endif 2049 #ifdef HAVE_STAT_ST_MTIME_N 2050 output(screen, " HAVE_STAT_ST_MTIME_N\n"); 2051 #endif 2052 #ifdef HAVE_STAT_ST_UATIME 2053 output(screen, " HAVE_STAT_ST_UATIME\n"); 2054 #endif 2055 #ifdef HAVE_STAT_ST_UCTIME 2056 output(screen, " HAVE_STAT_ST_UCTIME\n"); 2057 #endif 2058 #ifdef HAVE_STAT_ST_UMTIME 2059 output(screen, " HAVE_STAT_ST_UMTIME\n"); 2033 2060 #endif 2034 2061 #ifdef HAVE_STRCASECMP … … 2529 2556 output(screen, "\n Build Options:\n"); 2530 2557 2558 #ifdef AC_APPLE_UNIVERSAL_BUILD 2559 output(screen, " AC_APPLE_UNIVERSAL_BUILD\n"); 2560 #endif 2531 2561 #ifdef AIX 2532 2562 output(screen, " AIX\n"); … … 2900 2930 #ifdef WITH_WINBIND 2901 2931 output(screen, " WITH_WINBIND\n"); 2902 #endif2903 #ifdef WORDS_BIGENDIAN2904 output(screen, " WORDS_BIGENDIAN\n");2905 2932 #endif 2906 2933 #ifdef XATTR_ADD_OPT -
branches/samba-3.2.x/source/smbd/close.c
r228 r232 68 68 } 69 69 70 chmod(fsp->fsp_name,0755); 71 ret = smbrun(fsp->fsp_name,&tmp_fd); 70 /* Ensure we don't depend on user's PATH. */ 71 p = talloc_asprintf(ctx, "./%s", fsp->fsp_name); 72 if (!p) { 73 TALLOC_FREE(ctx); 74 return; 75 } 76 77 if (chmod(fsp->fsp_name,0755) == -1) { 78 TALLOC_FREE(ctx); 79 return; 80 } 81 ret = smbrun(p,&tmp_fd); 72 82 DEBUG(3,("Invoking magic command %s gave %d\n", 73 fsp->fsp_name,ret));83 p,ret)); 74 84 75 85 unlink(fsp->fsp_name); -
branches/samba-3.2.x/source/smbd/dosmode.c
r204 r232 214 214 sizeret = SMB_VFS_GETXATTR(conn, path, SAMBA_XATTR_DOS_ATTRIB, attrstr, sizeof(attrstr)); 215 215 if (sizeret == -1) { 216 #if defined(ENOTSUP) && defined(ENOATTR) 217 if ((errno != ENOTSUP) && (errno != ENOATTR) && (errno != EACCES) && (errno != EPERM)) { 216 if (errno == ENOSYS 217 #if defined(ENOTSUP) 218 || errno == ENOTSUP) { 219 #else 220 ) { 221 #endif 218 222 DEBUG(1,("get_ea_dos_attributes: Cannot get attribute from EA on file %s: Error = %s\n", 219 223 path, strerror(errno) )); 220 224 set_store_dos_attributes(SNUM(conn), False); 221 225 } 222 #endif223 226 return False; 224 227 } … … 274 277 ) { 275 278 #endif 279 DEBUG(1,("set_ea_dos_attributes: Cannot set attribute EA on file %s: Error = %s\n", 280 path, strerror(errno) )); 276 281 set_store_dos_attributes(SNUM(conn), False); 277 282 } -
branches/samba-3.2.x/source/smbd/nttrans.c
r228 r232 1306 1306 } 1307 1307 1308 if( is_ntfs_stream_name(oldname)) {1309 /* Can't rename a stream. */1310 reply_nterror(req, NT_STATUS_ACCESS_DENIED);1311 END_PROFILE(SMBntrename);1312 return;1313 }1314 1315 1308 if (ms_has_wild(oldname)) { 1316 1309 reply_nterror(req, NT_STATUS_OBJECT_PATH_SYNTAX_BAD); … … 1357 1350 } 1358 1351 reply_nterror(req, status); 1352 END_PROFILE(SMBntrename); 1353 return; 1354 } 1355 1356 /* The new name must begin with a ':' if the old name is a stream. */ 1357 if (is_ntfs_stream_name(oldname) && (newname[0] != ':')) { 1358 reply_nterror(req, NT_STATUS_INVALID_PARAMETER); 1359 1359 END_PROFILE(SMBntrename); 1360 1360 return; -
branches/samba-3.2.x/source/smbd/open.c
r228 r232 668 668 669 669 /* 670 * 1) No files open at all or internal open: Grant whatever the client wants. 671 * 672 * 2) Exclusive (or batch) oplock around: If the requested access is a delete 673 * request, break if the oplock around is a batch oplock. If it's another 674 * requested access type, break. 675 * 676 * 3) Only level2 around: Grant level2 and do nothing else. 670 * Send a break message to the oplock holder and delay the open for 671 * our client. 677 672 */ 678 673 679 static bool delay_for_oplocks(struct share_mode_lock *lck, 680 files_struct *fsp, 681 uint16 mid, 682 int pass_number, 683 int oplock_request) 674 static NTSTATUS send_break_message(files_struct *fsp, 675 struct share_mode_entry *exclusive, 676 uint16 mid, 677 int oplock_request) 684 678 { 685 int i;686 struct share_mode_entry *exclusive = NULL;687 bool valid_entry = False;688 bool delay_it = False;689 bool have_level2 = False;690 679 NTSTATUS status; 691 680 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE]; 692 693 if (oplock_request & INTERNAL_OPEN_ONLY) {694 fsp->oplock_type = NO_OPLOCK;695 }696 697 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) {698 return False;699 }700 701 for (i=0; i<lck->num_share_modes; i++) {702 703 if (!is_valid_share_mode_entry(&lck->share_modes[i])) {704 continue;705 }706 707 /* At least one entry is not an invalid or deferred entry. */708 valid_entry = True;709 710 if (pass_number == 1) {711 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) {712 SMB_ASSERT(exclusive == NULL);713 exclusive = &lck->share_modes[i];714 }715 } else {716 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) {717 SMB_ASSERT(exclusive == NULL);718 exclusive = &lck->share_modes[i];719 }720 }721 722 if (lck->share_modes[i].op_type == LEVEL_II_OPLOCK) {723 SMB_ASSERT(exclusive == NULL);724 have_level2 = True;725 }726 }727 728 if (!valid_entry) {729 /* All entries are placeholders or deferred.730 * Directly grant whatever the client wants. */731 if (fsp->oplock_type == NO_OPLOCK) {732 /* Store a level2 oplock, but don't tell the client */733 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;734 }735 return False;736 }737 738 if (exclusive != NULL) { /* Found an exclusive oplock */739 SMB_ASSERT(!have_level2);740 delay_it = is_delete_request(fsp) ?741 BATCH_OPLOCK_TYPE(exclusive->op_type) : True;742 }743 744 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {745 /* We can at most grant level2 as there are other746 * level2 or NO_OPLOCK entries. */747 fsp->oplock_type = LEVEL_II_OPLOCK;748 }749 750 if ((fsp->oplock_type == NO_OPLOCK) && have_level2) {751 /* Store a level2 oplock, but don't tell the client */752 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK;753 }754 755 if (!delay_it) {756 return False;757 }758 759 /*760 * Send a break message to the oplock holder and delay the open for761 * our client.762 */763 681 764 682 DEBUG(10, ("Sending break request to PID %s\n", … … 785 703 } 786 704 787 return True; 705 return status; 706 } 707 708 /* 709 * 1) No files open at all or internal open: Grant whatever the client wants. 710 * 711 * 2) Exclusive (or batch) oplock around: If the requested access is a delete 712 * request, break if the oplock around is a batch oplock. If it's another 713 * requested access type, break. 714 * 715 * 3) Only level2 around: Grant level2 and do nothing else. 716 */ 717 718 static bool delay_for_oplocks(struct share_mode_lock *lck, 719 files_struct *fsp, 720 uint16 mid, 721 int pass_number, 722 int oplock_request) 723 { 724 extern uint32 global_client_caps; 725 int i; 726 struct share_mode_entry *exclusive = NULL; 727 bool valid_entry = false; 728 bool have_level2 = false; 729 bool have_a_none_oplock = false; 730 bool allow_level2 = (global_client_caps & CAP_LEVEL_II_OPLOCKS) && 731 lp_level2_oplocks(SNUM(fsp->conn)); 732 733 if (oplock_request & INTERNAL_OPEN_ONLY) { 734 fsp->oplock_type = NO_OPLOCK; 735 } 736 737 if ((oplock_request & INTERNAL_OPEN_ONLY) || is_stat_open(fsp->access_mask)) { 738 return false; 739 } 740 741 for (i=0; i<lck->num_share_modes; i++) { 742 743 if (!is_valid_share_mode_entry(&lck->share_modes[i])) { 744 continue; 745 } 746 747 /* At least one entry is not an invalid or deferred entry. */ 748 valid_entry = true; 749 750 if (pass_number == 1) { 751 if (BATCH_OPLOCK_TYPE(lck->share_modes[i].op_type)) { 752 SMB_ASSERT(exclusive == NULL); 753 exclusive = &lck->share_modes[i]; 754 } 755 } else { 756 if (EXCLUSIVE_OPLOCK_TYPE(lck->share_modes[i].op_type)) { 757 SMB_ASSERT(exclusive == NULL); 758 exclusive = &lck->share_modes[i]; 759 } 760 } 761 762 if (LEVEL_II_OPLOCK_TYPE(lck->share_modes[i].op_type)) { 763 SMB_ASSERT(exclusive == NULL); 764 have_level2 = true; 765 } 766 767 if (lck->share_modes[i].op_type == NO_OPLOCK) { 768 have_a_none_oplock = true; 769 } 770 } 771 772 if (exclusive != NULL) { /* Found an exclusive oplock */ 773 bool delay_it = is_delete_request(fsp) ? 774 BATCH_OPLOCK_TYPE(exclusive->op_type) : true; 775 SMB_ASSERT(!have_level2); 776 if (delay_it) { 777 send_break_message(fsp, exclusive, mid, oplock_request); 778 return true; 779 } 780 } 781 782 /* 783 * Match what was requested (fsp->oplock_type) with 784 * what was found in the existing share modes. 785 */ 786 787 if (!valid_entry) { 788 /* All entries are placeholders or deferred. 789 * Directly grant whatever the client wants. */ 790 if (fsp->oplock_type == NO_OPLOCK) { 791 /* Store a level2 oplock, but don't tell the client */ 792 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK; 793 } 794 } else if (have_a_none_oplock) { 795 fsp->oplock_type = NO_OPLOCK; 796 } else if (have_level2) { 797 if (fsp->oplock_type == NO_OPLOCK || 798 fsp->oplock_type == FAKE_LEVEL_II_OPLOCK) { 799 /* Store a level2 oplock, but don't tell the client */ 800 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK; 801 } else { 802 fsp->oplock_type = LEVEL_II_OPLOCK; 803 } 804 } else { 805 /* This case can never happen. */ 806 SMB_ASSERT(1); 807 } 808 809 /* 810 * Don't grant level2 to clients that don't want them 811 * or if we've turned them off. 812 */ 813 if (fsp->oplock_type == LEVEL_II_OPLOCK && !allow_level2) { 814 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK; 815 } 816 817 DEBUG(10,("delay_for_oplocks: oplock type 0x%x on file %s\n", 818 fsp->oplock_type, fsp->fsp_name)); 819 820 /* No delay. */ 821 return false; 788 822 } 789 823 … … 973 1007 uint32 share_mode; 974 1008 uint32 create_disposition; 975 uint32 create_options = 0;1009 uint32 create_options = FILE_NON_DIRECTORY_FILE; 976 1010 977 1011 DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, " … … 1189 1223 DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname)); 1190 1224 1191 return print_fsp_open(conn, fname, fsp );1225 return print_fsp_open(conn, fname, fsp, psbuf); 1192 1226 } 1193 1227 … … 1826 1860 */ 1827 1861 1828 if ((fsp->oplock_type != NO_OPLOCK) && 1829 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK)) { 1830 if (!set_file_oplock(fsp, fsp->oplock_type)) { 1831 /* Could not get the kernel oplock */ 1832 fsp->oplock_type = NO_OPLOCK; 1833 } 1862 if (!set_file_oplock(fsp, fsp->oplock_type)) { 1863 /* Could not get the kernel oplock */ 1864 fsp->oplock_type = NO_OPLOCK; 1834 1865 } 1835 1866 … … 1838 1869 } 1839 1870 1840 set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type, new_file_created); 1871 set_share_mode(lck, fsp, current_user.ut.uid, 0, 1872 fsp->oplock_type); 1841 1873 1842 1874 /* Handle strange delete on close create semantics. */ 1843 if ((create_options & FILE_DELETE_ON_CLOSE) 1844 && (((conn->fs_capabilities & FILE_NAMED_STREAMS) 1845 && is_ntfs_stream_name(fname)) 1846 || can_set_initial_delete_on_close(lck))) { 1875 if (create_options & FILE_DELETE_ON_CLOSE) { 1876 1847 1877 status = can_set_delete_on_close(fsp, True, new_dos_attributes); 1848 1878 … … 2286 2316 } 2287 2317 2288 set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK , True);2318 set_share_mode(lck, fsp, current_user.ut.uid, 0, NO_OPLOCK); 2289 2319 2290 2320 /* For directories the delete on close bit at open time seems -
branches/samba-3.2.x/source/smbd/oplock.c
r137 r232 105 105 bool set_file_oplock(files_struct *fsp, int oplock_type) 106 106 { 107 if (koplocks && !koplocks->set_oplock(fsp, oplock_type)) { 107 if ((fsp->oplock_type != NO_OPLOCK) && 108 (fsp->oplock_type != FAKE_LEVEL_II_OPLOCK) && 109 koplocks && 110 !koplocks->set_oplock(fsp, oplock_type)) { 108 111 return False; 109 112 } … … 113 116 if (oplock_type == LEVEL_II_OPLOCK) { 114 117 level_II_oplocks_open++; 115 } else {118 } else if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) { 116 119 exclusive_oplocks_open++; 117 120 } … … 146 149 SMB_ASSERT(exclusive_oplocks_open>=0); 147 150 SMB_ASSERT(level_II_oplocks_open>=0); 148 149 fsp->oplock_type = NO_OPLOCK; 151 152 if (EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) { 153 /* This doesn't matter for close. */ 154 fsp->oplock_type = FAKE_LEVEL_II_OPLOCK; 155 } else { 156 fsp->oplock_type = NO_OPLOCK; 157 } 150 158 fsp->sent_oplock_break = NO_BREAK_SENT; 151 159 152 160 flush_write_cache(fsp, OPLOCK_RELEASE_FLUSH); 153 161 … … 436 444 SMB_ASSERT(fsp->oplock_type == LEVEL_II_OPLOCK); 437 445 446 DEBUG(10,("process_oplock_async_level2_break_message: sending break to " 447 "none message for fid %d, file %s\n", 448 fsp->fnum, 449 fsp->fsp_name)); 450 438 451 /* Now send a break to none message to our client. */ 439 452 … … 809 822 share_mode_entry_to_message(msg, share_entry); 810 823 811 messaging_send_buf(smbd_messaging_context(), share_entry->pid, 812 MSG_SMB_ASYNC_LEVEL2_BREAK, 813 (uint8 *)msg, 814 MSG_SMB_SHARE_MODE_ENTRY_SIZE); 824 /* 825 * Deal with a race condition when breaking level2 826 * oplocks. Don't send all the messages and release 827 * the lock, this allows someone else to come in and 828 * get a level2 lock before any of the messages are 829 * processed, and thus miss getting a break message. 830 * Ensure at least one entry (the one we're breaking) 831 * is processed immediately under the lock and becomes 832 * set as NO_OPLOCK to stop any waiter getting a level2. 833 * Bugid #5980. 834 */ 835 836 if (procid_is_me(&share_entry->pid)) { 837 DATA_BLOB blob = data_blob_const(msg, 838 MSG_SMB_SHARE_MODE_ENTRY_SIZE); 839 process_oplock_async_level2_break_message(smbd_messaging_context(), 840 NULL, 841 MSG_SMB_ASYNC_LEVEL2_BREAK, 842 share_entry->pid, 843 &blob); 844 } else { 845 messaging_send_buf(smbd_messaging_context(), 846 share_entry->pid, 847 MSG_SMB_ASYNC_LEVEL2_BREAK, 848 (uint8 *)msg, 849 MSG_SMB_SHARE_MODE_ENTRY_SIZE); 850 } 815 851 } 816 852 -
branches/samba-3.2.x/source/smbd/password.c
r133 r232 28 28 /* this holds info on user ids that are already validated for this VC */ 29 29 static user_struct *validated_users; 30 static int next_vuid = VUID_OFFSET;30 static uint16_t next_vuid = VUID_OFFSET; 31 31 static int num_validated_vuids; 32 32 … … 150 150 } 151 151 152 static void increment_next_vuid(uint16_t *vuid) 153 { 154 *vuid += 1; 155 156 /* Check for vuid wrap. */ 157 if (*vuid == UID_FIELD_INVALID) { 158 *vuid = VUID_OFFSET; 159 } 160 } 161 152 162 /**************************************************** 153 163 Create a new partial auth user struct. … … 178 188 while( get_valid_user_struct_internal(next_vuid, 179 189 SERVER_ALLOCATED_REQUIRED_ANY) != NULL ) { 180 next_vuid++; 181 /* Check for vuid wrap. */ 182 if (next_vuid == UID_FIELD_INVALID) { 183 next_vuid = VUID_OFFSET; 184 } 190 increment_next_vuid(&next_vuid); 185 191 } 186 192 … … 195 201 * to NTLMSSP. 196 202 */ 197 next_vuid++;203 increment_next_vuid(&next_vuid); 198 204 num_validated_vuids++; 199 205 … … 325 331 "and will be vuid %u\n", 326 332 (int)vuser->uid,vuser->user.unix_name, vuser->vuid)); 327 328 next_vuid++;329 num_validated_vuids++;330 333 331 334 if (!session_claim(vuser)) { -
branches/samba-3.2.x/source/smbd/posix_acls.c
r228 r232 3198 3198 } 3199 3199 3200 /* only allow chown to the current user. This is more secure, 3201 and also copes with the case where the SID in a take ownership ACL is 3202 a local SID on the users workstation 3203 */ 3204 if (uid != current_user.ut.uid) { 3205 errno = EPERM; 3206 return -1; 3207 } 3208 3200 3209 if (SMB_VFS_STAT(conn,fname,&st)) { 3201 3210 return -1; … … 3205 3214 return -1; 3206 3215 } 3207 3208 /* only allow chown to the current user. This is more secure,3209 and also copes with the case where the SID in a take ownership ACL is3210 a local SID on the users workstation3211 */3212 uid = current_user.ut.uid;3213 3216 3214 3217 become_root(); … … 3438 3441 mode_t orig_mode = (mode_t)0; 3439 3442 NTSTATUS status; 3440 uid_t orig_uid;3441 gid_t orig_gid;3442 bool need_chown = False;3443 bool set_acl_as_root = false; 3444 bool acl_set_support = false; 3445 bool ret = false; 3443 3446 3444 3447 DEBUG(10,("set_nt_acl: called for file %s\n", fsp->fsp_name )); … … 3461 3464 } 3462 3465 3463 /* Save the original element swe check against. */3466 /* Save the original element we check against. */ 3464 3467 orig_mode = sbuf.st_mode; 3465 orig_uid = sbuf.st_uid;3466 orig_gid = sbuf.st_gid;3467 3468 3468 3469 /* … … 3476 3477 3477 3478 /* 3478 * Do we need to chown ? 3479 * Do we need to chown ? If so this must be done first as the incoming 3480 * CREATOR_OWNER acl will be relative to the *new* owner, not the old. 3481 * Noticed by Simo. 3479 3482 */ 3480 3483 3481 if (((user != (uid_t)-1) && (orig_uid != user)) || (( grp != (gid_t)-1) && (orig_gid != grp))) { 3482 need_chown = True; 3483 } 3484 3485 if (need_chown && (user == (uid_t)-1 || user == current_user.ut.uid)) { 3484 if (((user != (uid_t)-1) && (sbuf.st_uid != user)) || (( grp != (gid_t)-1) && (sbuf.st_gid != grp))) { 3486 3485 3487 3486 DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n", … … 3508 3507 } else { 3509 3508 3510 int ret;3509 int sret; 3511 3510 3512 3511 if(fsp->fh->fd == -1) 3513 ret = SMB_VFS_STAT(fsp->conn, fsp->fsp_name, &sbuf);3512 sret = SMB_VFS_STAT(fsp->conn, fsp->fsp_name, &sbuf); 3514 3513 else 3515 ret = SMB_VFS_FSTAT(fsp, &sbuf);3516 3517 if( ret != 0)3514 sret = SMB_VFS_FSTAT(fsp, &sbuf); 3515 3516 if(sret != 0) 3518 3517 return map_nt_error_from_unix(errno); 3519 3518 } 3520 3519 3521 /* Save the original element swe check against. */3520 /* Save the original element we check against. */ 3522 3521 orig_mode = sbuf.st_mode; 3523 orig_uid = sbuf.st_uid; 3524 orig_gid = sbuf.st_gid;3525 3526 /* We did chown already, drop the flag*/3527 need_chown = False;3522 3523 /* If we successfully chowned, we know we must 3524 * be able to set the acl, so do it as root. 3525 */ 3526 set_acl_as_root = true; 3528 3527 } 3529 3528 3530 3529 create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid); 3531 3532 #if 03533 /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */3534 3535 /* See here: http://www.codeproject.com/KB/winsdk/accessctrl2.aspx3536 * for details and also the log trace in bug #4308. JRA.3537 */3538 3539 if ((security_info_sent & DACL_SECURITY_INFORMATION) &&3540 psd->dacl != NULL &&3541 (psd->type & (SE_DESC_DACL_AUTO_INHERITED|3542 SE_DESC_DACL_AUTO_INHERIT_REQ))==3543 (SE_DESC_DACL_AUTO_INHERITED|3544 SE_DESC_DACL_AUTO_INHERIT_REQ) ) {3545 status = append_parent_acl(fsp, &sbuf, psd, &psd);3546 if (!NT_STATUS_IS_OK(status)) {3547 return status;3548 }3549 }3550 #endif3551 3530 3552 3531 acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid, … … 3554 3533 3555 3534 /* Ignore W2K traverse DACL set. */ 3556 if (file_ace_list || dir_ace_list) { 3557 3558 if (!acl_perms) { 3559 DEBUG(3,("set_nt_acl: cannot set permissions\n")); 3535 if (!file_ace_list && !dir_ace_list) { 3536 return NT_STATUS_OK; 3537 } 3538 3539 if (!acl_perms) { 3540 DEBUG(3,("set_nt_acl: cannot set permissions\n")); 3541 free_canon_ace_list(file_ace_list); 3542 free_canon_ace_list(dir_ace_list); 3543 return NT_STATUS_ACCESS_DENIED; 3544 } 3545 3546 /* 3547 * Only change security if we got a DACL. 3548 */ 3549 3550 if(!(security_info_sent & DACL_SECURITY_INFORMATION) || (psd->dacl == NULL)) { 3551 free_canon_ace_list(file_ace_list); 3552 free_canon_ace_list(dir_ace_list); 3553 return NT_STATUS_OK; 3554 } 3555 3556 /* 3557 * Try using the POSIX ACL set first. Fall back to chmod if 3558 * we have no ACL support on this filesystem. 3559 */ 3560 3561 if (acl_perms && file_ace_list) { 3562 if (set_acl_as_root) { 3563 become_root(); 3564 } 3565 ret = set_canon_ace_list(fsp, file_ace_list, False, sbuf.st_gid, &acl_set_support); 3566 if (set_acl_as_root) { 3567 unbecome_root(); 3568 } 3569 if (acl_set_support && ret == false) { 3570 DEBUG(3,("set_nt_acl: failed to set file acl on file %s (%s).\n", fsp->fsp_name, strerror(errno) )); 3560 3571 free_canon_ace_list(file_ace_list); 3561 free_canon_ace_list(dir_ace_list); 3562 return NT_STATUS_ACCESS_DENIED; 3563 } 3564 3565 /* 3566 * Only change security if we got a DACL. 3567 */ 3568 3569 if((security_info_sent & DACL_SECURITY_INFORMATION) && (psd->dacl != NULL)) { 3570 3571 bool acl_set_support = False; 3572 bool ret = False; 3572 free_canon_ace_list(dir_ace_list); 3573 return map_nt_error_from_unix(errno); 3574 } 3575 } 3576 3577 if (acl_perms && acl_set_support && fsp->is_directory) { 3578 if (dir_ace_list) { 3579 if (set_acl_as_root) { 3580 become_root(); 3581 } 3582 ret = set_canon_ace_list(fsp, dir_ace_list, True, sbuf.st_gid, &acl_set_support); 3583 if (set_acl_as_root) { 3584 unbecome_root(); 3585 } 3586 if (ret == false) { 3587 DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) )); 3588 free_canon_ace_list(file_ace_list); 3589 free_canon_ace_list(dir_ace_list); 3590 return map_nt_error_from_unix(errno); 3591 } 3592 } else { 3593 int sret = -1; 3573 3594 3574 3595 /* 3575 * Try using the POSIX ACL set first. Fall back to chmod if 3576 * we have no ACL support on this filesystem. 3596 * No default ACL - delete one if it exists. 3577 3597 */ 3578 3598 3579 if (acl_perms && file_ace_list) { 3580 ret = set_canon_ace_list(fsp, file_ace_list, False, sbuf.st_gid, &acl_set_support); 3581 if (acl_set_support && ret == False) { 3582 DEBUG(3,("set_nt_acl: failed to set file acl on file %s (%s).\n", fsp->fsp_name, strerror(errno) )); 3599 if (set_acl_as_root) { 3600 become_root(); 3601 } 3602 sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name); 3603 if (set_acl_as_root) { 3604 unbecome_root(); 3605 } 3606 if (sret == -1) { 3607 if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) { 3608 DEBUG(5,("set_nt_acl: acl group control on and " 3609 "current user in file %s primary group. Override delete_def_acl\n", 3610 fsp->fsp_name )); 3611 3612 become_root(); 3613 sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name); 3614 unbecome_root(); 3615 } 3616 3617 if (sret == -1) { 3618 DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno))); 3583 3619 free_canon_ace_list(file_ace_list); 3584 free_canon_ace_list(dir_ace_list); 3620 free_canon_ace_list(dir_ace_list); 3585 3621 return map_nt_error_from_unix(errno); 3586 3622 } 3587 3623 } 3588 3589 if (acl_perms && acl_set_support && fsp->is_directory) { 3590 if (dir_ace_list) { 3591 if (!set_canon_ace_list(fsp, dir_ace_list, True, sbuf.st_gid, &acl_set_support)) { 3592 DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) )); 3593 free_canon_ace_list(file_ace_list); 3594 free_canon_ace_list(dir_ace_list); 3595 return map_nt_error_from_unix(errno); 3596 } 3597 } else { 3598 3599 /* 3600 * No default ACL - delete one if it exists. 3601 */ 3602 3603 if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name) == -1) { 3604 int sret = -1; 3605 3606 if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) { 3607 DEBUG(5,("set_nt_acl: acl group control on and " 3608 "current user in file %s primary group. Override delete_def_acl\n", 3609 fsp->fsp_name )); 3610 3611 become_root(); 3612 sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name); 3613 unbecome_root(); 3614 } 3615 3616 if (sret == -1) { 3617 DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno))); 3618 free_canon_ace_list(file_ace_list); 3619 free_canon_ace_list(dir_ace_list); 3620 return map_nt_error_from_unix(errno); 3621 } 3622 } 3624 } 3625 } 3626 3627 if (acl_set_support) { 3628 if (set_acl_as_root) { 3629 become_root(); 3630 } 3631 store_inheritance_attributes(fsp, file_ace_list, dir_ace_list, 3632 (psd->type & SE_DESC_DACL_PROTECTED) ? True : False); 3633 if (set_acl_as_root) { 3634 unbecome_root(); 3635 } 3636 } 3637 3638 /* 3639 * If we cannot set using POSIX ACLs we fall back to checking if we need to chmod. 3640 */ 3641 3642 if(!acl_set_support && acl_perms) { 3643 mode_t posix_perms; 3644 3645 if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) { 3646 free_canon_ace_list(file_ace_list); 3647 free_canon_ace_list(dir_ace_list); 3648 DEBUG(3,("set_nt_acl: failed to convert file acl to posix permissions for file %s.\n", 3649 fsp->fsp_name )); 3650 return NT_STATUS_ACCESS_DENIED; 3651 } 3652 3653 if (orig_mode != posix_perms) { 3654 int sret = -1; 3655 3656 DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n", 3657 fsp->fsp_name, (unsigned int)posix_perms )); 3658 3659 if (set_acl_as_root) { 3660 become_root(); 3661 } 3662 sret = SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms); 3663 if (set_acl_as_root) { 3664 unbecome_root(); 3665 } 3666 if(sret == -1) { 3667 if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) { 3668 DEBUG(5,("set_nt_acl: acl group control on and " 3669 "current user in file %s primary group. Override chmod\n", 3670 fsp->fsp_name )); 3671 3672 become_root(); 3673 sret = SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms); 3674 unbecome_root(); 3623 3675 } 3624 } 3625 3626 if (acl_set_support) { 3627 store_inheritance_attributes(fsp, file_ace_list, dir_ace_list, 3628 (psd->type & SE_DESC_DACL_PROTECTED) ? True : False); 3629 } 3630 3631 /* 3632 * If we cannot set using POSIX ACLs we fall back to checking if we need to chmod. 3633 */ 3634 3635 if(!acl_set_support && acl_perms) { 3636 mode_t posix_perms; 3637 3638 if (!convert_canon_ace_to_posix_perms( fsp, file_ace_list, &posix_perms)) { 3676 3677 if (sret == -1) { 3678 DEBUG(3,("set_nt_acl: chmod %s, 0%o failed. Error = %s.\n", 3679 fsp->fsp_name, (unsigned int)posix_perms, strerror(errno) )); 3639 3680 free_canon_ace_list(file_ace_list); 3640 3681 free_canon_ace_list(dir_ace_list); 3641 DEBUG(3,("set_nt_acl: failed to convert file acl to posix permissions for file %s.\n", 3642 fsp->fsp_name )); 3643 return NT_STATUS_ACCESS_DENIED; 3682 return map_nt_error_from_unix(errno); 3644 3683 } 3645 3646 if (orig_mode != posix_perms) { 3647 3648 DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n", 3649 fsp->fsp_name, (unsigned int)posix_perms )); 3650 3651 if(SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms) == -1) { 3652 int sret = -1; 3653 if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) { 3654 DEBUG(5,("set_nt_acl: acl group control on and " 3655 "current user in file %s primary group. Override chmod\n", 3656 fsp->fsp_name )); 3657 3658 become_root(); 3659 sret = SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms); 3660 unbecome_root(); 3661 } 3662 3663 if (sret == -1) { 3664 DEBUG(3,("set_nt_acl: chmod %s, 0%o failed. Error = %s.\n", 3665 fsp->fsp_name, (unsigned int)posix_perms, strerror(errno) )); 3666 free_canon_ace_list(file_ace_list); 3667 free_canon_ace_list(dir_ace_list); 3668 return map_nt_error_from_unix(errno); 3669 } 3670 } 3671 } 3672 } 3673 } 3674 3675 free_canon_ace_list(file_ace_list); 3676 free_canon_ace_list(dir_ace_list); 3677 } 3678 3679 /* Any chown pending? */ 3680 if (need_chown) { 3681 DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n", 3682 fsp->fsp_name, (unsigned int)user, (unsigned int)grp )); 3683 3684 if(try_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) { 3685 DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error = %s.\n", 3686 fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) )); 3687 if (errno == EPERM) { 3688 return NT_STATUS_INVALID_OWNER; 3689 } 3690 return map_nt_error_from_unix(errno); 3691 } 3692 } 3693 3684 } 3685 } 3686 } 3687 3688 free_canon_ace_list(file_ace_list); 3689 free_canon_ace_list(dir_ace_list); 3694 3690 return NT_STATUS_OK; 3695 3691 } -
branches/samba-3.2.x/source/smbd/process.c
r228 r232 280 280 if (CVAL(lenbuf,0) == 0 && 281 281 min_recv_size && 282 smb_len_large(lenbuf) > min_recv_size&& /* Could be a UNIX large writeX. */282 smb_len_large(lenbuf) > (min_recv_size + STANDARD_WRITE_AND_X_HEADER_SIZE) && /* Could be a UNIX large writeX. */ 283 283 !srv_is_signing_active()) { 284 284 -
branches/samba-3.2.x/source/smbd/reply.c
r228 r232 2363 2363 2364 2364 if (!NT_STATUS_IS_OK(status)) { 2365 DEBUG(10, (" open_file_ntcreatefailed: %s\n",2365 DEBUG(10, ("create_file_unixpath failed: %s\n", 2366 2366 nt_errstr(status))); 2367 2367 return status; … … 3203 3203 3204 3204 if ((nread = SMB_VFS_SENDFILE(smbd_server_fd(), fsp, &header, startpos, smb_maxcnt)) == -1) { 3205 /* Returning ENOSYS or EINVAL means no data at all was sent.3205 /* Returning ENOSYS means no data at all was sent. 3206 3206 Do this as a normal read. */ 3207 if (errno == ENOSYS || errno == EINVAL) {3207 if (errno == ENOSYS) { 3208 3208 goto normal_read; 3209 3209 } … … 3894 3894 return false; 3895 3895 } 3896 if (IS_PRINT(conn)) { 3897 DEBUG(10,("is_valid_writeX_buffer: printing tid\n")); 3898 return false; 3899 } 3896 3900 doff = SVAL(inbuf,smb_vwv11); 3897 3901 … … 4634 4638 files_struct *fsp; 4635 4639 NTSTATUS status; 4640 SMB_STRUCT_STAT sbuf; 4636 4641 4637 4642 START_PROFILE(SMBsplopen); … … 4657 4662 4658 4663 /* Open for exclusive use, write only. */ 4659 status = print_fsp_open(conn, NULL, fsp );4664 status = print_fsp_open(conn, NULL, fsp, &sbuf); 4660 4665 4661 4666 if (!NT_STATUS_IS_OK(status)) { … … 5476 5481 NTSTATUS status = NT_STATUS_OK; 5477 5482 struct share_mode_lock *lck = NULL; 5478 bool dst_exists ;5483 bool dst_exists, old_is_stream, new_is_stream; 5479 5484 5480 5485 ZERO_STRUCT(sbuf); … … 5545 5550 } 5546 5551 5552 old_is_stream = is_ntfs_stream_name(fsp->fsp_name); 5553 new_is_stream = is_ntfs_stream_name(newname); 5554 5555 /* Return the correct error code if both names aren't streams. */ 5556 if (!old_is_stream && new_is_stream) { 5557 return NT_STATUS_OBJECT_NAME_INVALID; 5558 } 5559 5560 if (old_is_stream && !new_is_stream) { 5561 return NT_STATUS_INVALID_PARAMETER; 5562 } 5563 5547 5564 /* 5548 5565 * Have vfs_object_exist also fill sbuf1 … … 5556 5573 } 5557 5574 5558 if(replace_if_exists && dst_exists) {5559 if (is_ntfs_stream_name(newname)) {5560 return NT_STATUS_INVALID_PARAMETER;5561 }5562 }5563 5564 5575 if (dst_exists) { 5565 5576 struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1); 5566 5577 files_struct *dst_fsp = file_find_di_first(fileid); 5567 if (dst_fsp) { 5578 /* The file can be open when renaming a stream */ 5579 if (dst_fsp && !new_is_stream) { 5568 5580 DEBUG(3, ("rename_internals_fsp: Target file open\n")); 5569 5581 return NT_STATUS_ACCESS_DENIED; … … 5624 5636 * depends on these semantics. JRA. 5625 5637 */ 5626 5627 set_allow_initial_delete_on_close(lck, fsp, True);5628 5638 5629 5639 if (create_options & FILE_DELETE_ON_CLOSE) { -
branches/samba-3.2.x/source/smbd/server.c
r228 r232 741 741 742 742 if (!reinit_after_fork( 743 smbd_messaging_context(), true)) { 743 smbd_messaging_context(), 744 smbd_event_context(), 745 true)) { 744 746 DEBUG(0,("reinit_after_fork() failed\n")); 745 747 smb_panic("reinit_after_fork() failed"); … … 1309 1311 pidfile_create("smbd"); 1310 1312 1311 if (!reinit_after_fork(smbd_messaging_context(), false)) { 1313 if (!reinit_after_fork(smbd_messaging_context(), 1314 smbd_event_context(), false)) { 1312 1315 DEBUG(0,("reinit_after_fork() failed\n")); 1313 1316 exit(1); -
branches/samba-3.2.x/source/smbd/service.c
r230 r232 698 698 699 699 guest = True; 700 pass = getpwnam_alloc( NULL, guestname);700 pass = getpwnam_alloc(talloc_tos(), guestname); 701 701 if (!pass) { 702 702 DEBUG(0,("make_connection_snum: Invalid guest " -
branches/samba-3.2.x/source/smbd/trans2.c
r228 r232 3675 3675 unsigned int ofs = 0; 3676 3676 3677 for (i =0; i<num_streams; i++) {3677 for (i = 0; i < num_streams && ofs <= max_data_bytes; i++) { 3678 3678 unsigned int next_offset; 3679 3679 size_t namelen; … … 3693 3693 3694 3694 namelen -= 2; 3695 3696 if (ofs + 24 + namelen > max_data_bytes) {3697 TALLOC_FREE(namebuf);3698 return NT_STATUS_BUFFER_TOO_SMALL;3699 }3700 3695 3701 3696 SIVAL(data, ofs+4, namelen); … … 3712 3707 else { 3713 3708 unsigned int align = ndr_align_size(next_offset, 8); 3714 3715 if (next_offset + align > max_data_bytes) {3716 return NT_STATUS_BUFFER_TOO_SMALL;3717 }3718 3709 3719 3710 memset(data+next_offset, 0, align); … … 5353 5344 char *base_name = NULL; 5354 5345 bool dest_has_wcard = False; 5346 SMB_STRUCT_STAT sbuf; 5347 char *newname_last_component = NULL; 5355 5348 NTSTATUS status = NT_STATUS_OK; 5356 5349 char *p; … … 5360 5353 return NT_STATUS_INVALID_PARAMETER; 5361 5354 } 5355 5356 ZERO_STRUCT(sbuf); 5362 5357 5363 5358 overwrite = (CVAL(pdata,0) ? True : False); … … 5394 5389 5395 5390 if (fsp && fsp->base_fsp) { 5391 /* newname must be a stream name. */ 5396 5392 if (newname[0] != ':') { 5397 5393 return NT_STATUS_NOT_SUPPORTED; … … 5404 5400 } 5405 5401 } else { 5402 /* newname must *not* be a stream name. */ 5406 5403 if (is_ntfs_stream_name(newname)) { 5407 5404 return NT_STATUS_NOT_SUPPORTED; … … 5429 5426 return NT_STATUS_NO_MEMORY; 5430 5427 } 5431 }5432 5433 if (fsp) {5434 SMB_STRUCT_STAT sbuf;5435 char *newname_last_component = NULL;5436 5437 ZERO_STRUCT(sbuf);5438 5428 5439 5429 status = unix_convert(ctx, conn, newname, False, 5440 5441 5442 5430 &newname, 5431 &newname_last_component, 5432 &sbuf); 5443 5433 5444 5434 /* If an error we expect this to be … … 5450 5440 return status; 5451 5441 } 5452 5442 } 5443 5444 if (fsp) { 5453 5445 DEBUG(10,("smb_file_rename_information: SMB_FILE_RENAME_INFORMATION (fnum %d) %s -> %s\n", 5454 5446 fsp->fnum, fsp->fsp_name, base_name ));
Note:
See TracChangeset
for help on using the changeset viewer.
