diff options
| -rw-r--r-- | source3/include/vfs.h | 4 | ||||
| -rw-r--r-- | source3/include/vfs_macros.h | 6 | ||||
| -rw-r--r-- | source3/modules/vfs_afsacl.c | 1 | ||||
| -rw-r--r-- | source3/modules/vfs_catia.c | 3 | ||||
| -rw-r--r-- | source3/modules/vfs_default.c | 4 | ||||
| -rw-r--r-- | source3/modules/vfs_full_audit.c | 3 | ||||
| -rw-r--r-- | source3/modules/vfs_gpfs.c | 2 | ||||
| -rw-r--r-- | source3/modules/vfs_zfsacl.c | 1 | ||||
| -rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 26 | ||||
| -rw-r--r-- | source3/smbd/file_access.c | 67 | ||||
| -rw-r--r-- | source3/smbd/nttrans.c | 2 | ||||
| -rw-r--r-- | source3/smbd/posix_acls.c | 2 |
12 files changed, 19 insertions, 102 deletions
diff --git a/source3/include/vfs.h b/source3/include/vfs.h index b45320dd872..e1669a271c4 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -75,6 +75,9 @@ /* Leave at 22 - not yet released. Change all BOOL parameters (int) to bool. jra. */ /* Leave at 22 - not yet released. Added recvfile. */ /* Leave at 22 - not yet released. Change get_nt_acl to return NTSTATUS - vl */ +/* Leave at 22 - not yet released. Change get_nt_acl to *not* take a + * files_struct. - obnox.*/ + #define SMB_VFS_INTERFACE_VERSION 22 @@ -311,7 +314,6 @@ struct vfs_ops { uint32 security_info, struct security_descriptor **ppdesc); NTSTATUS (*get_nt_acl)(struct vfs_handle_struct *handle, - struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc); diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index cc7780f3546..c31d6cfc67a 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -85,7 +85,7 @@ /* NT ACL operations. */ #define SMB_VFS_FGET_NT_ACL(fsp, fd, security_info, ppdesc) ((fsp)->conn->vfs.ops.fget_nt_acl((fsp)->conn->vfs.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc))) -#define SMB_VFS_GET_NT_ACL(fsp, name, security_info, ppdesc) ((fsp)->conn->vfs.ops.get_nt_acl((fsp)->conn->vfs.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc))) +#define SMB_VFS_GET_NT_ACL(conn, name, security_info, ppdesc) ((conn)->vfs.ops.get_nt_acl((conn)->vfs.handles.get_nt_acl, (name), (security_info), (ppdesc))) #define SMB_VFS_FSET_NT_ACL(fsp, fd, security_info_sent, psd) ((fsp)->conn->vfs.ops.fset_nt_acl((fsp)->conn->vfs.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd))) #define SMB_VFS_SET_NT_ACL(fsp, name, security_info_sent, psd) ((fsp)->conn->vfs.ops.set_nt_acl((fsp)->conn->vfs.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd))) @@ -204,7 +204,7 @@ /* NT ACL operations. */ #define SMB_VFS_OPAQUE_FGET_NT_ACL(fsp, fd, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.fget_nt_acl((fsp)->conn->vfs_opaque.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc))) -#define SMB_VFS_OPAQUE_GET_NT_ACL(fsp, name, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.get_nt_acl((fsp)->conn->vfs_opaque.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc))) +#define SMB_VFS_OPAQUE_GET_NT_ACL(conn, name, security_info, ppdesc) ((conn)->vfs_opaque.ops.get_nt_acl((conn)->vfs_opaque.handles.get_nt_acl, (name), (security_info), (ppdesc))) #define SMB_VFS_OPAQUE_FSET_NT_ACL(fsp, fd, security_info_sent, psd) ((fsp)->conn->vfs_opaque.ops.fset_nt_acl((fsp)->conn->vfs_opaque.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd))) #define SMB_VFS_OPAQUE_SET_NT_ACL(fsp, name, security_info_sent, psd) ((fsp)->conn->vfs_opaque.ops.set_nt_acl((fsp)->conn->vfs_opaque.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd))) @@ -324,7 +324,7 @@ /* NT ACL operations. */ #define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info, ppdesc) ((handle)->vfs_next.ops.fget_nt_acl((handle)->vfs_next.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc))) -#define SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, ppdesc) ((handle)->vfs_next.ops.get_nt_acl((handle)->vfs_next.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc))) +#define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc) ((handle)->vfs_next.ops.get_nt_acl((handle)->vfs_next.handles.get_nt_acl, (name), (security_info), (ppdesc))) #define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent, psd) ((handle)->vfs_next.ops.fset_nt_acl((handle)->vfs_next.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd))) #define SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent, psd) ((handle)->vfs_next.ops.set_nt_acl((handle)->vfs_next.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd))) diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 9dd4d7ec931..a14a1172298 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -1015,7 +1015,6 @@ static NTSTATUS afsacl_fget_nt_acl(struct vfs_handle_struct *handle, } static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle, - struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c index 71f478a8a9a..ab48c963ec4 100644 --- a/source3/modules/vfs_catia.c +++ b/source3/modules/vfs_catia.c @@ -290,8 +290,7 @@ static NTSTATUS catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { - return SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, - ppdesc); + return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc); } static NTSTATUS catia_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 3dd3727340b..17b183600a6 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -956,13 +956,13 @@ static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle, } static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle, - files_struct *fsp, const char *name, + const char *name, uint32 security_info, SEC_DESC **ppdesc) { NTSTATUS result; START_PROFILE(get_nt_acl); - result = posix_get_nt_acl(fsp->conn, fsp->fsp_name, security_info, ppdesc); + result = posix_get_nt_acl(handle->conn, name, security_info, ppdesc); END_PROFILE(get_nt_acl); return result; } diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index f4aeefbbf05..f6b6e858374 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -1547,8 +1547,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, { NTSTATUS result; - result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, - ppdesc); + result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc); do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name); diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index e7331bef29c..24ca3d5e423 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -249,7 +249,7 @@ static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle, } static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle, - files_struct *fsp, const char *name, + const char *name, uint32 security_info, SEC_DESC **ppdesc) { SMB4ACL_T *pacl = NULL; diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 83893c7aea3..060d64cffbb 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -189,7 +189,6 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, } static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, - struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 125ccb4752a..43f57a01097 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2089,7 +2089,6 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC char *filename_in = NULL; char *filename = NULL; char *qualname = NULL; - files_struct *fsp = NULL; SMB_STRUCT_STAT st; NTSTATUS nt_status; struct current_user user; @@ -2149,25 +2148,7 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC goto error_exit; } - nt_status = open_file_stat(conn, NULL, filename, &st, &fsp); - /* Perhaps it is a directory */ - if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_IS_A_DIRECTORY)) { - nt_status = open_directory(conn, NULL, filename, &st, - READ_CONTROL_ACCESS, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_DIRECTORY, - NULL, &fsp); - } - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(3,("_srv_net_file_query_secdesc: Unable to open file %s\n", filename)); - r_u->status = ntstatus_to_werror(nt_status); - goto error_exit; - } - - nt_status = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name, + nt_status = SMB_VFS_GET_NT_ACL(conn, filename, (OWNER_SECURITY_INFORMATION |GROUP_SECURITY_INFORMATION |DACL_SECURITY_INFORMATION), &psd); @@ -2188,17 +2169,12 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC psd->dacl->revision = (uint16) NT4_ACL_REVISION; - close_file(fsp, NORMAL_CLOSE); unbecome_user(); close_cnum(conn, user.vuid); return r_u->status; error_exit: - if(fsp) { - close_file(fsp, NORMAL_CLOSE); - } - if (became_user) unbecome_user(); diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index a58bcdd8915..964d1af2588 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -25,67 +25,6 @@ extern struct current_user current_user; #undef DBGC_CLASS #define DBGC_CLASS DBGC_ACLS -/**************************************************************************** - Helper function that gets a security descriptor by connection and - file name. - NOTE: This is transitional, in the sense that SMB_VFS_GET_NT_ACL really - should *not* get a files_struct pointer but a connection_struct ptr - (automatic by the vfs handle) and the file name and _use_ that! -****************************************************************************/ -static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx, - struct connection_struct *conn, - const char *fname, - SMB_STRUCT_STAT *psbuf, - struct security_descriptor **psd) -{ - NTSTATUS status; - struct files_struct *fsp = NULL; - struct security_descriptor *secdesc = NULL; - - if (!VALID_STAT(*psbuf)) { - if (SMB_VFS_STAT(conn, fname, psbuf) != 0) { - return map_nt_error_from_unix(errno); - } - } - - /* fake a files_struct ptr: */ - - if (S_ISDIR(psbuf->st_mode)) { - status = open_directory(conn, NULL, fname, psbuf, - READ_CONTROL_ACCESS, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_DIRECTORY, - NULL, &fsp); - } - else { - status = open_file_stat(conn, NULL, fname, psbuf, &fsp); - } - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(3, ("Unable to open file %s: %s\n", fname, - nt_errstr(status))); - return status; - } - - status = SMB_VFS_GET_NT_ACL(fsp, fname, - (OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION), - &secdesc); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(5, ("Unable to get NT ACL for file %s\n", fname)); - goto done; - } - - *psd = talloc_move(mem_ctx, &secdesc); - -done: - close_file(fsp, NORMAL_CLOSE); - return status; -} - static bool can_access_file_acl(struct connection_struct *conn, const char * fname, SMB_STRUCT_STAT *psbuf, uint32_t access_mask) @@ -95,7 +34,11 @@ static bool can_access_file_acl(struct connection_struct *conn, uint32_t access_granted; struct security_descriptor *secdesc = NULL; - status = conn_get_nt_acl(talloc_tos(), conn, fname, psbuf, &secdesc); + status = SMB_VFS_GET_NT_ACL(conn, fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &secdesc); if (!NT_STATUS_IS_OK(status)) { DEBUG(5, ("Could not get acl: %s\n", nt_errstr(status))); return false; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 1fbb681c720..cb98a8139c6 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1640,7 +1640,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, } else { status = SMB_VFS_GET_NT_ACL( - fsp, fsp->fsp_name, security_info_wanted, &psd); + conn, fsp->fsp_name, security_info_wanted, &psd); } } diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index d9782cfdb87..d8794e2114e 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3307,7 +3307,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp, return status; } - status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name, + status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, parent_fsp->fsp_name, DACL_SECURITY_INFORMATION, &parent_sd ); close_file(parent_fsp, NORMAL_CLOSE); |