The branch, master has been updated via c5ad502 More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. via 4985332 Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's. from e6a100e s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit c5ad5029fd87b36426927d57425d5debbb26394c Author: Jeremy Allison <j...@samba.org> Date: Wed Nov 14 14:40:51 2012 -0800 More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. Change can_delete_directory() to can_delete_directory_fsp(), as we only ever call this from an open directory file handle. This allows us to use OpenDir_fsp() instead of OpenDir(). OpenDir() re-checks the ACL on the directory, which may refuse DIR_LIST permissions. OpenDir_fsp() does not. As this is a file-server internal check to see if the directory actually contains any files before setting delete on close, we can ignore the ACL here (Windows does). Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> Autobuild-User(master): Michael Adam <ob...@samba.org> Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104 commit 4985332b951d8cd46c9c0cd877875ab7839b4edb Author: Jeremy Allison <j...@samba.org> Date: Wed Nov 14 14:40:50 2012 -0800 Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's. If we can access the path to this file, by default we have FILE_READ_ATTRIBUTES from the containing directory. See the section. "Algorithm to Check Access to an Existing File" in MS-FSA.pdf. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/include/proto.h | 3 +-- source3/smbd/dir.c | 14 +++++++++----- source3/smbd/file_access.c | 3 +-- source3/smbd/open.c | 24 +++++++++++++++++++++--- 4 files changed, 32 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index bcecde9..6856dd7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1626,8 +1626,7 @@ void cancel_pending_lock_requests_by_fid(files_struct *fsp, enum file_close_type close_type); void send_stat_cache_delete_message(struct messaging_context *msg_ctx, const char *name); -NTSTATUS can_delete_directory(struct connection_struct *conn, - const char *dirname); +NTSTATUS can_delete_directory_fsp(files_struct *fsp); bool change_to_root_user(void); void contend_level2_oplocks_begin(files_struct *fsp, enum level2_contention_type type); diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index e12812e..525f20e 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1743,16 +1743,20 @@ bool SearchDir(struct smb_Dir *dirp, const char *name, long *poffset) Is this directory empty ? *****************************************************************/ -NTSTATUS can_delete_directory(struct connection_struct *conn, - const char *dirname) +NTSTATUS can_delete_directory_fsp(files_struct *fsp) { NTSTATUS status = NT_STATUS_OK; long dirpos = 0; const char *dname = NULL; + const char *dirname = fsp->fsp_name->base_name; char *talloced = NULL; SMB_STRUCT_STAT st; - struct smb_Dir *dir_hnd = OpenDir(talloc_tos(), conn, - dirname, NULL, 0); + struct connection_struct *conn = fsp->conn; + struct smb_Dir *dir_hnd = OpenDir_fsp(talloc_tos(), + conn, + fsp, + NULL, + 0); if (!dir_hnd) { return map_nt_error_from_unix(errno); @@ -1772,7 +1776,7 @@ NTSTATUS can_delete_directory(struct connection_struct *conn, continue; } - DEBUG(10,("can_delete_directory: got name %s - can't delete\n", + DEBUG(10,("got name %s - can't delete\n", dname )); status = NT_STATUS_DIRECTORY_NOT_EMPTY; break; diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 0e74207..f4a7bb3 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -228,8 +228,7 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode) return NT_STATUS_ACCESS_DENIED; } - return can_delete_directory(fsp->conn, - fsp->fsp_name->base_name); + return can_delete_directory_fsp(fsp); } return NT_STATUS_OK; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 7eb9f32..201f698 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -131,7 +131,13 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, } /* - * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of + * If we can access the path to this file, by + * default we have FILE_READ_ATTRIBUTES from the + * containing directory. See the section: + * "Algorithm to Check Access to an Existing File" + * in MS-FSA.pdf. + * + * se_file_access_check() also takes care of * owner WRITE_DAC and READ_CONTROL. */ status = se_file_access_check(sd, @@ -249,7 +255,13 @@ static NTSTATUS check_parent_access(struct connection_struct *conn, } /* - * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of + * If we can access the path to this file, by + * default we have FILE_READ_ATTRIBUTES from the + * containing directory. See the section: + * "Algorithm to Check Access to an Existing File" + * in MS-FSA.pdf. + * + * se_file_access_check() also takes care of * owner WRITE_DAC and READ_CONTROL. */ status = se_file_access_check(parent_sd, @@ -1704,7 +1716,13 @@ static NTSTATUS smbd_calculate_maximum_allowed_access( } /* - * Never test FILE_READ_ATTRIBUTES. se_file_access_check() + * If we can access the path to this file, by + * default we have FILE_READ_ATTRIBUTES from the + * containing directory. See the section: + * "Algorithm to Check Access to an Existing File" + * in MS-FSA.pdf. + * + * se_file_access_check() * also takes care of owner WRITE_DAC and READ_CONTROL. */ status = se_file_access_check(sd, -- Samba Shared Repository