The branch, master has been updated
via c5ad502 More for #9374 - Allow smb2.acls torture test to pass
against smbd with a POSIX ACLs backend.
via 4985332 Add comments explaining exactly *why* we don't check
FILE_READ_ATTRIBUTES when evaluating file/directory ACE's.
from e6a100e s3:modules:nfs4_acls remove unused mem_ctx parameter to
smbacl4_fill_ace4
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c5ad5029fd87b36426927d57425d5debbb26394c
Author: Jeremy Allison <j...@samba.org>
Date: Wed Nov 14 14:40:51 2012 -0800
More for #9374 - Allow smb2.acls torture test to pass against smbd with a
POSIX ACLs backend.
Change can_delete_directory() to can_delete_directory_fsp(), as
we only ever call this from an open directory file handle.
This allows us to use OpenDir_fsp() instead of OpenDir().
OpenDir() re-checks the ACL on the directory, which may
refuse DIR_LIST permissions. OpenDir_fsp() does not. As
this is a file-server internal check to see if the directory
actually contains any files before setting delete on close,
we can ignore the ACL here (Windows does).
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
Autobuild-User(master): Michael Adam <ob...@samba.org>
Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104
commit 4985332b951d8cd46c9c0cd877875ab7839b4edb
Author: Jeremy Allison <j...@samba.org>
Date: Wed Nov 14 14:40:50 2012 -0800
Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES
when evaluating file/directory ACE's.
If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 3 +--
source3/smbd/dir.c | 14 +++++++++-----
source3/smbd/file_access.c | 3 +--
source3/smbd/open.c | 24 +++++++++++++++++++++---
4 files changed, 32 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index bcecde9..6856dd7 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1626,8 +1626,7 @@ void cancel_pending_lock_requests_by_fid(files_struct
*fsp,
enum file_close_type close_type);
void send_stat_cache_delete_message(struct messaging_context *msg_ctx,
const char *name);
-NTSTATUS can_delete_directory(struct connection_struct *conn,
- const char *dirname);
+NTSTATUS can_delete_directory_fsp(files_struct *fsp);
bool change_to_root_user(void);
void contend_level2_oplocks_begin(files_struct *fsp,
enum level2_contention_type type);
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index e12812e..525f20e 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1743,16 +1743,20 @@ bool SearchDir(struct smb_Dir *dirp, const char *name,
long *poffset)
Is this directory empty ?
*****************************************************************/
-NTSTATUS can_delete_directory(struct connection_struct *conn,
- const char *dirname)
+NTSTATUS can_delete_directory_fsp(files_struct *fsp)
{
NTSTATUS status = NT_STATUS_OK;
long dirpos = 0;
const char *dname = NULL;
+ const char *dirname = fsp->fsp_name->base_name;
char *talloced = NULL;
SMB_STRUCT_STAT st;
- struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn,
- dirname, NULL, 0);
+ struct connection_struct *conn = fsp->conn;
+ struct smb_Dir *dir_hnd = OpenDir_fsp(talloc_tos(),
+ conn,
+ fsp,
+ NULL,
+ 0);
if (!dir_hnd) {
return map_nt_error_from_unix(errno);
@@ -1772,7 +1776,7 @@ NTSTATUS can_delete_directory(struct connection_struct
*conn,
continue;
}
- DEBUG(10,("can_delete_directory: got name %s - can't delete\n",
+ DEBUG(10,("got name %s - can't delete\n",
dname ));
status = NT_STATUS_DIRECTORY_NOT_EMPTY;
break;
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 0e74207..f4a7bb3 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -228,8 +228,7 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32
dosmode)
return NT_STATUS_ACCESS_DENIED;
}
- return can_delete_directory(fsp->conn,
- fsp->fsp_name->base_name);
+ return can_delete_directory_fsp(fsp);
}
return NT_STATUS_OK;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 7eb9f32..201f698 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -131,7 +131,13 @@ NTSTATUS smbd_check_access_rights(struct connection_struct
*conn,
}
/*
- * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes
care of
+ * If we can access the path to this file, by
+ * default we have FILE_READ_ATTRIBUTES from the
+ * containing directory. See the section:
+ * "Algorithm to Check Access to an Existing File"
+ * in MS-FSA.pdf.
+ *
+ * se_file_access_check() also takes care of
* owner WRITE_DAC and READ_CONTROL.
*/
status = se_file_access_check(sd,
@@ -249,7 +255,13 @@ static NTSTATUS check_parent_access(struct
connection_struct *conn,
}
/*
- * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes
care of
+ * If we can access the path to this file, by
+ * default we have FILE_READ_ATTRIBUTES from the
+ * containing directory. See the section:
+ * "Algorithm to Check Access to an Existing File"
+ * in MS-FSA.pdf.
+ *
+ * se_file_access_check() also takes care of
* owner WRITE_DAC and READ_CONTROL.
*/
status = se_file_access_check(parent_sd,
@@ -1704,7 +1716,13 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
}
/*
- * Never test FILE_READ_ATTRIBUTES. se_file_access_check()
+ * If we can access the path to this file, by
+ * default we have FILE_READ_ATTRIBUTES from the
+ * containing directory. See the section:
+ * "Algorithm to Check Access to an Existing File"
+ * in MS-FSA.pdf.
+ *
+ * se_file_access_check()
* also takes care of owner WRITE_DAC and READ_CONTROL.
*/
status = se_file_access_check(sd,
--
Samba Shared Repository
