Author: jra Date: 2005-05-18 23:39:02 +0000 (Wed, 18 May 2005) New Revision: 6896
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6896 Log: Add "acl check permissions" to turn on/off the new behaviour of checking for write access in a directory before delete. Also controls checking for write access before labeling a file read-only if DOS attributes are not being stored in EA's. Docuementation to follow. Jeremy. Modified: trunk/source/param/loadparm.c trunk/source/smbd/dosmode.c trunk/source/smbd/nttrans.c trunk/source/smbd/posix_acls.c Changeset: Modified: trunk/source/param/loadparm.c =================================================================== --- trunk/source/param/loadparm.c 2005-05-18 23:37:35 UTC (rev 6895) +++ trunk/source/param/loadparm.c 2005-05-18 23:39:02 UTC (rev 6896) @@ -441,6 +441,7 @@ BOOL bMap_acl_inherit; BOOL bAfs_Share; BOOL bEASupport; + BOOL bAclCheckPermissions; int iallocation_roundup_size; param_opt_struct *param_opt; @@ -568,6 +569,7 @@ False, /* bMap_acl_inherit */ False, /* bAfs_Share */ False, /* bEASupport */ + True, /* bAclCheckPermissions */ SMB_ROUNDUP_ALLOCATION_SIZE, /* iallocation_roundup_size */ NULL, /* Parametric options */ @@ -871,6 +873,7 @@ {"writeable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE}, {"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE}, + {"acl check permissions", P_BOOL, P_LOCAL, &sDefault.bAclCheckPermissions, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, {"create mask", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, {"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_HIDE}, {"force create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_force_mode, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, @@ -1990,6 +1993,7 @@ FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls) FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit) FN_LOCAL_BOOL(lp_afs_share, bAfs_Share) +FN_LOCAL_BOOL(lp_acl_check_permissions, bAclCheckPermissions) FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask) FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode) FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask) Modified: trunk/source/smbd/dosmode.c =================================================================== --- trunk/source/smbd/dosmode.c 2005-05-18 23:37:35 UTC (rev 6895) +++ trunk/source/smbd/dosmode.c 2005-05-18 23:39:02 UTC (rev 6896) @@ -116,13 +116,18 @@ Change a unix mode to a dos mode. ****************************************************************************/ -uint32 dos_mode_from_sbuf(connection_struct *conn, SMB_STRUCT_STAT *sbuf) +uint32 dos_mode_from_sbuf(connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf) { int result = 0; - if ((sbuf->st_mode & S_IWUSR) == 0) + if (lp_acl_check_permissions(SNUM(conn))) { + if (!can_write_to_file(conn, path, sbuf)) { + result |= aRONLY; + } + } else if ((sbuf->st_mode & S_IWUSR) == 0) { result |= aRONLY; - + } + if (MAP_ARCHIVE(conn) && ((sbuf->st_mode & S_IXUSR) != 0)) result |= aARCH; @@ -291,7 +296,7 @@ return result; } - result = dos_mode_from_sbuf(conn, sbuf); + result = dos_mode_from_sbuf(conn, path, sbuf); /* Now do any modifications that depend on the path name. */ /* hide files with a name starting with a . */ @@ -433,9 +438,11 @@ int file_utime(connection_struct *conn, const char *fname, struct utimbuf *times) { + SMB_STRUCT_STAT sbuf; int ret = -1; errno = 0; + ZERO_STRUCT(sbuf); if(SMB_VFS_UTIME(conn,fname, times) == 0) return 0; @@ -453,7 +460,7 @@ */ /* Check if we have write access. */ - if (can_write_to_file(conn, fname)) { + if (can_write_to_file(conn, fname, &sbuf)) { /* We are allowed to become root and change the filetime. */ become_root(); ret = SMB_VFS_UTIME(conn,fname, times); Modified: trunk/source/smbd/nttrans.c =================================================================== --- trunk/source/smbd/nttrans.c 2005-05-18 23:37:35 UTC (rev 6895) +++ trunk/source/smbd/nttrans.c 2005-05-18 23:39:02 UTC (rev 6896) @@ -802,7 +802,7 @@ if (desired_access & DELETE_ACCESS) { #else /* Setting FILE_SHARE_DELETE is the hint. */ - if ((share_access & FILE_SHARE_DELETE) && (desired_access & DELETE_ACCESS)) { + if (lp_acl_check_permissions(SNUM(conn)) && (share_access & FILE_SHARE_DELETE) && (desired_access & DELETE_ACCESS)) { #endif status = can_delete(conn, fname, file_attributes, bad_path, True); /* We're only going to fail here if it's access denied, as that's the @@ -1422,7 +1422,7 @@ if (desired_access & DELETE_ACCESS) { #else /* Setting FILE_SHARE_DELETE is the hint. */ - if ((share_access & FILE_SHARE_DELETE) && (desired_access & DELETE_ACCESS)) { + if (lp_acl_check_permissions(SNUM(conn)) && (share_access & FILE_SHARE_DELETE) && (desired_access & DELETE_ACCESS)) { #endif status = can_delete(conn, fname, file_attributes, bad_path, True); /* We're only going to fail here if it's access denied, as that's the Modified: trunk/source/smbd/posix_acls.c =================================================================== --- trunk/source/smbd/posix_acls.c 2005-05-18 23:37:35 UTC (rev 6895) +++ trunk/source/smbd/posix_acls.c 2005-05-18 23:39:02 UTC (rev 6896) @@ -4006,9 +4006,8 @@ this to successfully check for ability to write for dos filetimes. ****************************************************************************/ -BOOL can_write_to_file(connection_struct *conn, const char *fname) +BOOL can_write_to_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf) { - SMB_STRUCT_STAT sbuf; int ret; if (!CAN_WRITE(conn)) { @@ -4020,22 +4019,24 @@ return True; } - /* Get the file permission mask and owners. */ - if(SMB_VFS_STAT(conn, fname, &sbuf) != 0) { - return False; + if (!VALID_STAT(*psbuf)) { + /* Get the file permission mask and owners. */ + if(SMB_VFS_STAT(conn, fname, psbuf) != 0) { + return False; + } } /* Check primary owner write access. */ - if (current_user.uid == sbuf.st_uid) { - return (sbuf.st_mode & S_IWUSR) ? True : False; + if (current_user.uid == psbuf->st_uid) { + return (psbuf->st_mode & S_IWUSR) ? True : False; } /* Check group or explicit user acl entry write access. */ - ret = check_posix_acl_group_write(conn, fname, &sbuf); + ret = check_posix_acl_group_write(conn, fname, psbuf); if (ret == 0 || ret == 1) { return ret ? True : False; } /* Finally check other write access. */ - return (sbuf.st_mode & S_IWOTH) ? True : False; + return (psbuf->st_mode & S_IWOTH) ? True : False; }