*/
#include "includes.h"
+#include "system/filesys.h"
#include "librpc/gen_ndr/ndr_xattr.h"
+#include "../libcli/security/security.h"
+#include "smbd/smbd.h"
+#include "lib/param/loadparm.h"
static uint32_t filter_mode_by_protocol(uint32_t mode)
{
return mode;
}
-static int set_sparse_flag(const SMB_STRUCT_STAT * const sbuf)
-{
-#if defined (HAVE_STAT_ST_BLOCKS) && defined(STAT_ST_BLOCKSIZE)
- if (sbuf->st_ex_size > sbuf->st_ex_blocks * (SMB_OFF_T)STAT_ST_BLOCKSIZE) {
- return FILE_ATTRIBUTE_SPARSE;
- }
-#endif
- return 0;
-}
-
static int set_link_read_only_flag(const SMB_STRUCT_STAT *const sbuf)
{
#ifdef S_ISLNK
#if LINKS_READ_ONLY
if (S_ISLNK(sbuf->st_mode) && S_ISDIR(sbuf->st_mode))
- return aRONLY;
+ return FILE_ATTRIBUTE_READONLY;
#endif
#endif
return 0;
int result = 0;
enum mapreadonly_options ro_opts = (enum mapreadonly_options)lp_map_readonly(SNUM(conn));
+#if defined(UF_IMMUTABLE) && defined(SF_IMMUTABLE)
+ /* if we can find out if a file is immutable we should report it r/o */
+ if (smb_fname->st.st_ex_flags & (UF_IMMUTABLE | SF_IMMUTABLE)) {
+ result |= FILE_ATTRIBUTE_READONLY;
+ }
+#endif
if (ro_opts == MAP_READONLY_YES) {
/* Original Samba method - map inverse of user "w" bit. */
if ((smb_fname->st.st_ex_mode & S_IWUSR) == 0) {
- result |= aRONLY;
+ result |= FILE_ATTRIBUTE_READONLY;
}
} else if (ro_opts == MAP_READONLY_PERMISSIONS) {
/* Check actual permissions for read-only. */
if (!can_write_to_file(conn, smb_fname)) {
- result |= aRONLY;
+ result |= FILE_ATTRIBUTE_READONLY;
}
} /* Else never set the readonly bit. */
if (MAP_ARCHIVE(conn) && ((smb_fname->st.st_ex_mode & S_IXUSR) != 0))
- result |= aARCH;
+ result |= FILE_ATTRIBUTE_ARCHIVE;
if (MAP_SYSTEM(conn) && ((smb_fname->st.st_ex_mode & S_IXGRP) != 0))
- result |= aSYSTEM;
+ result |= FILE_ATTRIBUTE_SYSTEM;
if (MAP_HIDDEN(conn) && ((smb_fname->st.st_ex_mode & S_IXOTH) != 0))
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
if (S_ISDIR(smb_fname->st.st_ex_mode))
- result = aDIR | (result & aRONLY);
+ result = FILE_ATTRIBUTE_DIRECTORY | (result & FILE_ATTRIBUTE_READONLY);
- result |= set_sparse_flag(&smb_fname->st);
result |= set_link_read_only_flag(&smb_fname->st);
DEBUG(8,("dos_mode_from_sbuf returning "));
- if (result & aHIDDEN) DEBUG(8, ("h"));
- if (result & aRONLY ) DEBUG(8, ("r"));
- if (result & aSYSTEM) DEBUG(8, ("s"));
- if (result & aDIR ) DEBUG(8, ("d"));
- if (result & aARCH ) DEBUG(8, ("a"));
+ if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
+ if (result & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
+ if (result & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
+ if (result & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
+ if (result & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
DEBUG(8,("\n"));
return result;
create_time)) ));
}
break;
- default:
- DEBUG(1,("get_ea_dos_attribute: Badly formed DOSATTRIB on "
- "file %s - %s\n", smb_fname_str_dbg(smb_fname),
- attrstr));
+ default:
+ DEBUG(1,("get_ea_dos_attribute: Badly formed DOSATTRIB on "
+ "file %s - %s\n", smb_fname_str_dbg(smb_fname),
+ attrstr));
return false;
}
if (S_ISDIR(smb_fname->st.st_ex_mode)) {
- dosattr |= aDIR;
+ dosattr |= FILE_ATTRIBUTE_DIRECTORY;
}
- *pattr = (uint32)(dosattr & SAMBA_ATTRIBUTES_MASK);
+ /* FILE_ATTRIBUTE_SPARSE is valid on get but not on set. */
+ *pattr = (uint32)(dosattr & (SAMBA_ATTRIBUTES_MASK|FILE_ATTRIBUTE_SPARSE));
DEBUG(8,("get_ea_dos_attribute returning (0x%x)", dosattr));
- if (dosattr & aHIDDEN) DEBUG(8, ("h"));
- if (dosattr & aRONLY ) DEBUG(8, ("r"));
- if (dosattr & aSYSTEM) DEBUG(8, ("s"));
- if (dosattr & aDIR ) DEBUG(8, ("d"));
- if (dosattr & aARCH ) DEBUG(8, ("a"));
+ if (dosattr & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
+ if (dosattr & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
+ if (dosattr & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
+ if (dosattr & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
+ if (dosattr & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
DEBUG(8,("\n"));
struct xattr_DOSATTRIB dosattrib;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
- files_struct *fsp = NULL;
- bool ret = false;
if (!lp_store_dos_attributes(SNUM(conn))) {
return False;
if (SMB_VFS_SETXATTR(conn, smb_fname->base_name,
SAMBA_XATTR_DOS_ATTRIB, blob.data, blob.length,
0) == -1) {
+ bool ret = false;
+ files_struct *fsp = NULL;
+
if((errno != EPERM) && (errno != EACCES)) {
if (errno == ENOSYS
#if defined(ENOTSUP)
if(!CAN_WRITE(conn) || !lp_dos_filemode(SNUM(conn)))
return false;
+ if (!can_write_to_file(conn, smb_fname)) {
+ return false;
+ }
+
/*
* We need to open the file with write access whilst
* still in our current user context. This ensures we
* are not violating security in doing the setxattr.
*/
- if (!NT_STATUS_IS_OK(open_file_fchmod(NULL, conn, smb_fname,
+ if (!NT_STATUS_IS_OK(open_file_fchmod(conn, smb_fname,
&fsp)))
- return ret;
+ return false;
become_root();
- if (SMB_VFS_SETXATTR(conn, smb_fname->base_name,
+ if (SMB_VFS_FSETXATTR(fsp,
SAMBA_XATTR_DOS_ATTRIB, blob.data,
blob.length, 0) == 0) {
ret = true;
}
unbecome_root();
- close_file_fchmod(NULL, fsp);
+ close_file(NULL, fsp, NORMAL_CLOSE);
return ret;
}
DEBUG(10,("set_ea_dos_attribute: set EA 0x%x on file %s\n",
/* Only . and .. are not hidden. */
if (p[0] == '.' && !((p[1] == '\0') ||
(p[1] == '.' && p[2] == '\0'))) {
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
}
}
/* Optimization : Only call is_hidden_path if it's not already
hidden. */
- if (!(result & aHIDDEN) &&
+ if (!(result & FILE_ATTRIBUTE_HIDDEN) &&
IS_HIDDEN_PATH(conn, smb_fname->base_name)) {
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
}
if (result == 0) {
DEBUG(8,("dos_mode_msdfs returning "));
- if (result & aHIDDEN) DEBUG(8, ("h"));
- if (result & aRONLY ) DEBUG(8, ("r"));
- if (result & aSYSTEM) DEBUG(8, ("s"));
- if (result & aDIR ) DEBUG(8, ("d"));
- if (result & aARCH ) DEBUG(8, ("a"));
+ if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
+ if (result & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
+ if (result & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
+ if (result & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
+ if (result & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
if (result & FILE_ATTRIBUTE_SPARSE ) DEBUG(8, ("[sparse]"));
DEBUG(8,("\n"));
{
uint32_t dos_stat_flags = 0;
- if (dosmode & aARCH)
+ if (dosmode & FILE_ATTRIBUTE_ARCHIVE)
dos_stat_flags |= UF_DOS_ARCHIVE;
- if (dosmode & aHIDDEN)
+ if (dosmode & FILE_ATTRIBUTE_HIDDEN)
dos_stat_flags |= UF_DOS_HIDDEN;
- if (dosmode & aRONLY)
+ if (dosmode & FILE_ATTRIBUTE_READONLY)
dos_stat_flags |= UF_DOS_RO;
- if (dosmode & aSYSTEM)
+ if (dosmode & FILE_ATTRIBUTE_SYSTEM)
dos_stat_flags |= UF_DOS_SYSTEM;
if (dosmode & FILE_ATTRIBUTE_NONINDEXED)
dos_stat_flags |= UF_DOS_NOINDEX;
smb_fname_str_dbg(smb_fname)));
if (smb_fname->st.st_ex_flags & UF_DOS_ARCHIVE)
- *dosmode |= aARCH;
+ *dosmode |= FILE_ATTRIBUTE_ARCHIVE;
if (smb_fname->st.st_ex_flags & UF_DOS_HIDDEN)
- *dosmode |= aHIDDEN;
+ *dosmode |= FILE_ATTRIBUTE_HIDDEN;
if (smb_fname->st.st_ex_flags & UF_DOS_RO)
- *dosmode |= aRONLY;
+ *dosmode |= FILE_ATTRIBUTE_READONLY;
if (smb_fname->st.st_ex_flags & UF_DOS_SYSTEM)
- *dosmode |= aSYSTEM;
+ *dosmode |= FILE_ATTRIBUTE_SYSTEM;
if (smb_fname->st.st_ex_flags & UF_DOS_NOINDEX)
*dosmode |= FILE_ATTRIBUTE_NONINDEXED;
if (smb_fname->st.st_ex_flags & FILE_ATTRIBUTE_SPARSE)
*dosmode |= FILE_ATTRIBUTE_SPARSE;
if (S_ISDIR(smb_fname->st.st_ex_mode))
- *dosmode |= aDIR;
+ *dosmode |= FILE_ATTRIBUTE_DIRECTORY;
- *dosmode |= set_sparse_flag(&smb_fname->st);
*dosmode |= set_link_read_only_flag(&smb_fname->st);
return true;
/* Only . and .. are not hidden. */
if (p[0] == '.' && !((p[1] == '\0') ||
(p[1] == '.' && p[2] == '\0'))) {
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
}
}
#endif
if (!used_stat_dos_flags) {
/* Get the DOS attributes from an EA by preference. */
- if (get_ea_dos_attribute(conn, smb_fname, &result)) {
- result |= set_sparse_flag(&smb_fname->st);
- } else {
+ if (!get_ea_dos_attribute(conn, smb_fname, &result)) {
result |= dos_mode_from_sbuf(conn, smb_fname);
}
}
- offline = SMB_VFS_IS_OFFLINE(conn, smb_fname->base_name, &smb_fname->st);
+ offline = SMB_VFS_IS_OFFLINE(conn, smb_fname, &smb_fname->st);
if (S_ISREG(smb_fname->st.st_ex_mode) && offline) {
result |= FILE_ATTRIBUTE_OFFLINE;
}
/* Optimization : Only call is_hidden_path if it's not already
hidden. */
- if (!(result & aHIDDEN) &&
+ if (!(result & FILE_ATTRIBUTE_HIDDEN) &&
IS_HIDDEN_PATH(conn, smb_fname->base_name)) {
- result |= aHIDDEN;
+ result |= FILE_ATTRIBUTE_HIDDEN;
}
if (result == 0) {
DEBUG(8,("dos_mode returning "));
- if (result & aHIDDEN) DEBUG(8, ("h"));
- if (result & aRONLY ) DEBUG(8, ("r"));
- if (result & aSYSTEM) DEBUG(8, ("s"));
- if (result & aDIR ) DEBUG(8, ("d"));
- if (result & aARCH ) DEBUG(8, ("a"));
+ if (result & FILE_ATTRIBUTE_HIDDEN) DEBUG(8, ("h"));
+ if (result & FILE_ATTRIBUTE_READONLY ) DEBUG(8, ("r"));
+ if (result & FILE_ATTRIBUTE_SYSTEM) DEBUG(8, ("s"));
+ if (result & FILE_ATTRIBUTE_DIRECTORY ) DEBUG(8, ("d"));
+ if (result & FILE_ATTRIBUTE_ARCHIVE ) DEBUG(8, ("a"));
if (result & FILE_ATTRIBUTE_SPARSE ) DEBUG(8, ("[sparse]"));
DEBUG(8,("\n"));
int ret = -1, lret = -1;
uint32_t old_mode;
struct timespec new_create_timespec;
+ files_struct *fsp = NULL;
+
+ if (!CAN_WRITE(conn)) {
+ errno = EROFS;
+ return -1;
+ }
/* We only allow READONLY|HIDDEN|SYSTEM|DIRECTORY|ARCHIVE here. */
dosmode &= (SAMBA_ATTRIBUTES_MASK | FILE_ATTRIBUTE_OFFLINE);
&smb_fname->st.st_ex_mode);
if (S_ISDIR(smb_fname->st.st_ex_mode))
- dosmode |= aDIR;
+ dosmode |= FILE_ATTRIBUTE_DIRECTORY;
else
- dosmode &= ~aDIR;
+ dosmode &= ~FILE_ATTRIBUTE_DIRECTORY;
new_create_timespec = smb_fname->st.st_ex_btime;
if (dosmode & FILE_ATTRIBUTE_OFFLINE) {
if (!(old_mode & FILE_ATTRIBUTE_OFFLINE)) {
- lret = SMB_VFS_SET_OFFLINE(conn, smb_fname->base_name);
+ lret = SMB_VFS_SET_OFFLINE(conn, smb_fname);
if (lret == -1) {
DEBUG(0, ("set_dos_mode: client has asked to "
"set FILE_ATTRIBUTE_OFFLINE to "
unixmode |= (smb_fname->st.st_ex_mode & (S_IWUSR|S_IWGRP|S_IWOTH));
}
+ /*
+ * From the chmod 2 man page:
+ *
+ * "If the calling process is not privileged, and the group of the file
+ * does not match the effective group ID of the process or one of its
+ * supplementary group IDs, the S_ISGID bit will be turned off, but
+ * this will not cause an error to be returned."
+ *
+ * Simply refuse to do the chmod in this case.
+ */
+
+ if (S_ISDIR(smb_fname->st.st_ex_mode) && (unixmode & S_ISGID) &&
+ geteuid() != sec_initial_uid() &&
+ !current_user_in_group(conn, smb_fname->st.st_ex_gid)) {
+ DEBUG(3,("file_set_dosmode: setgid bit cannot be "
+ "set for directory %s\n",
+ smb_fname_str_dbg(smb_fname)));
+ errno = EPERM;
+ return -1;
+ }
+
ret = SMB_VFS_CHMOD(conn, smb_fname->base_name, unixmode);
if (ret == 0) {
if(!newfile || (lret != -1)) {
bits on a file. Just like file_ntimes below.
*/
- /* Check if we have write access. */
- if (CAN_WRITE(conn)) {
- /*
- * We need to open the file with write access whilst
- * still in our current user context. This ensures we
- * are not violating security in doing the fchmod.
- * This file open does *not* break any oplocks we are
- * holding. We need to review this.... may need to
- * break batch oplocks open by others. JRA.
- */
- files_struct *fsp;
- if (!NT_STATUS_IS_OK(open_file_fchmod(NULL, conn, smb_fname,
- &fsp)))
- return -1;
- become_root();
- ret = SMB_VFS_FCHMOD(fsp, unixmode);
- unbecome_root();
- close_file_fchmod(NULL, fsp);
- if (!newfile) {
- notify_fname(conn, NOTIFY_ACTION_MODIFIED,
- FILE_NOTIFY_CHANGE_ATTRIBUTES,
- smb_fname->base_name);
- }
- if (ret == 0) {
- smb_fname->st.st_ex_mode = unixmode;
- }
+ if (!can_write_to_file(conn, smb_fname)) {
+ errno = EACCES;
+ return -1;
+ }
+
+ /*
+ * We need to open the file with write access whilst
+ * still in our current user context. This ensures we
+ * are not violating security in doing the fchmod.
+ */
+ if (!NT_STATUS_IS_OK(open_file_fchmod(conn, smb_fname,
+ &fsp)))
+ return -1;
+ become_root();
+ ret = SMB_VFS_FCHMOD(fsp, unixmode);
+ unbecome_root();
+ close_file(NULL, fsp, NORMAL_CLOSE);
+ if (!newfile) {
+ notify_fname(conn, NOTIFY_ACTION_MODIFIED,
+ FILE_NOTIFY_CHANGE_ATTRIBUTES,
+ smb_fname->base_name);
+ }
+ if (ret == 0) {
+ smb_fname->st.st_ex_mode = unixmode;
}
return( ret );
}
+
+NTSTATUS file_set_sparse(connection_struct *conn,
+ files_struct *fsp,
+ bool sparse)
+{
+ uint32_t old_dosmode;
+ uint32_t new_dosmode;
+ NTSTATUS status;
+
+ if (!CAN_WRITE(conn)) {
+ DEBUG(9,("file_set_sparse: fname[%s] set[%u] "
+ "on readonly share[%s]\n",
+ smb_fname_str_dbg(fsp->fsp_name),
+ sparse,
+ lp_servicename(talloc_tos(), SNUM(conn))));
+ return NT_STATUS_MEDIA_WRITE_PROTECTED;
+ }
+
+ if (!(fsp->access_mask & FILE_WRITE_DATA) &&
+ !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ DEBUG(9,("file_set_sparse: fname[%s] set[%u] "
+ "access_mask[0x%08X] - access denied\n",
+ smb_fname_str_dbg(fsp->fsp_name),
+ sparse,
+ fsp->access_mask));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ DEBUG(10,("file_set_sparse: setting sparse bit %u on file %s\n",
+ sparse, smb_fname_str_dbg(fsp->fsp_name)));
+
+ if (!lp_store_dos_attributes(SNUM(conn))) {
+ return NT_STATUS_INVALID_DEVICE_REQUEST;
+ }
+
+ status = vfs_stat_fsp(fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ old_dosmode = dos_mode(conn, fsp->fsp_name);
+
+ if (sparse && !(old_dosmode & FILE_ATTRIBUTE_SPARSE)) {
+ new_dosmode = old_dosmode | FILE_ATTRIBUTE_SPARSE;
+ } else if (!sparse && (old_dosmode & FILE_ATTRIBUTE_SPARSE)) {
+ new_dosmode = old_dosmode & ~FILE_ATTRIBUTE_SPARSE;
+ } else {
+ return NT_STATUS_OK;
+ }
+
+ /* Store the DOS attributes in an EA. */
+ if (!set_ea_dos_attribute(conn, fsp->fsp_name,
+ new_dosmode)) {
+ if (errno == 0) {
+ errno = EIO;
+ }
+ return map_nt_error_from_unix(errno);
+ }
+
+ notify_fname(conn, NOTIFY_ACTION_MODIFIED,
+ FILE_NOTIFY_CHANGE_ATTRIBUTES,
+ fsp->fsp_name->base_name);
+
+ fsp->is_sparse = sparse;
+
+ return NT_STATUS_OK;
+}
+
/*******************************************************************
Wrapper around the VFS ntimes that possibly allows DOS semantics rather
than POSIX.
git.samba.org / samba.git / blobdiff