*/
#include "includes.h"
+#include "system/filesys.h"
#include "version.h"
+#include "smbd/smbd.h"
#include "smbd/globals.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/xattr.h"
#include "../librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
+#include "trans2.h"
+#include "auth.h"
+#include "smbprofile.h"
#define DIR_ENTRY_SAFETY_MARGIN 4096
return NT_STATUS_EAS_NOT_SUPPORTED;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* For now setting EAs on streams isn't supported. */
fname = smb_fname->base_name;
}
mask_contains_wcard = True;
}
- directory = talloc_strdup(talloc_tos(), "./");
+ } else {
+ *p = 0;
+ }
+
+ if (p == NULL || p == directory) {
+ /* Ensure we don't have a directory name of "". */
+ directory = talloc_strdup(talloc_tos(), ".");
if (!directory) {
reply_nterror(req, NT_STATUS_NO_MEMORY);
goto out;
}
- } else {
- *p = 0;
}
DEBUG(5,("dir=%s, mask = %s\n",directory, mask));
needed as lanman2 assumes these are being saved between calls */
ntstatus = dptr_create(conn,
+ NULL, /* fsp */
directory,
False,
True,
fsp.fnum = -1;
/* access check */
- if (conn->server_info->utok.uid != sec_initial_uid()) {
+ if (get_current_uid(conn) != 0) {
DEBUG(0,("set_user_quota: access_denied "
"service [%s] user [%s]\n",
lp_servicename(SNUM(conn)),
- conn->server_info->unix_name));
+ conn->session_info->unix_name));
return NT_STATUS_ACCESS_DENIED;
}
* in our list of SIDs.
*/
if (nt_token_check_sid(&global_sid_Builtin_Guests,
- conn->server_info->ptok)) {
+ conn->session_info->security_token)) {
flags |= SMB_WHOAMI_GUEST;
}
* is in our list of SIDs.
*/
if (nt_token_check_sid(&global_sid_Authenticated_Users,
- conn->server_info->ptok)) {
+ conn->session_info->security_token)) {
flags &= ~SMB_WHOAMI_GUEST;
}
+ 4 /* num_sids */
+ 4 /* SID bytes */
+ 4 /* pad/reserved */
- + (conn->server_info->utok.ngroups * 8)
+ + (conn->session_info->utok.ngroups * 8)
/* groups list */
- + (conn->server_info->ptok->num_sids *
+ + (conn->session_info->security_token->num_sids *
SID_MAX_SIZE)
/* SID list */;
SIVAL(pdata, 0, flags);
SIVAL(pdata, 4, SMB_WHOAMI_MASK);
SBIG_UINT(pdata, 8,
- (uint64_t)conn->server_info->utok.uid);
+ (uint64_t)conn->session_info->utok.uid);
SBIG_UINT(pdata, 16,
- (uint64_t)conn->server_info->utok.gid);
+ (uint64_t)conn->session_info->utok.gid);
if (data_len >= max_data_bytes) {
break;
}
- SIVAL(pdata, 24, conn->server_info->utok.ngroups);
- SIVAL(pdata, 28, conn->server_info->ptok->num_sids);
+ SIVAL(pdata, 24, conn->session_info->utok.ngroups);
+ SIVAL(pdata, 28, conn->session_info->security_token->num_sids);
/* We walk the SID list twice, but this call is fairly
* infrequent, and I don't expect that it's performance
* sensitive -- jpeach
*/
for (i = 0, sid_bytes = 0;
- i < conn->server_info->ptok->num_sids; ++i) {
+ i < conn->session_info->security_token->num_sids; ++i) {
sid_bytes += ndr_size_dom_sid(
- &conn->server_info->ptok->sids[i],
+ &conn->session_info->security_token->sids[i],
0);
}
data_len = 40;
/* GID list */
- for (i = 0; i < conn->server_info->utok.ngroups; ++i) {
+ for (i = 0; i < conn->session_info->utok.ngroups; ++i) {
SBIG_UINT(pdata, data_len,
- (uint64_t)conn->server_info->utok.groups[i]);
+ (uint64_t)conn->session_info->utok.groups[i]);
data_len += 8;
}
/* SID list */
for (i = 0;
- i < conn->server_info->ptok->num_sids; ++i) {
+ i < conn->session_info->security_token->num_sids; ++i) {
int sid_len = ndr_size_dom_sid(
- &conn->server_info->ptok->sids[i],
+ &conn->session_info->security_token->sids[i],
0);
sid_linearize(pdata + data_len, sid_len,
- &conn->server_info->ptok->sids[i]);
+ &conn->session_info->security_token->sids[i]);
data_len += sid_len;
}
ZERO_STRUCT(quotas);
/* access check */
- if ((conn->server_info->utok.uid != sec_initial_uid())
- ||!CAN_WRITE(conn)) {
+ if ((get_current_uid(conn) != 0) || !CAN_WRITE(conn)) {
DEBUG(0,("set_user_quota: access_denied service [%s] user [%s]\n",
lp_servicename(SNUM(conn)),
- conn->server_info->unix_name));
+ conn->session_info->unix_name));
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
uint16 num_file_acls = 0;
uint16 num_def_acls = 0;
- if (fsp && !fsp->is_directory && (fsp->fh->fd != -1)) {
+ if (fsp && fsp->fh->fd != -1) {
file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp);
} else {
file_acl =
enum brl_type lock_type;
/* We need an open file with a real fd for this. */
- if (!fsp || fsp->is_directory || fsp->fh->fd == -1) {
+ if (!fsp || fsp->fh->fd == -1) {
return NT_STATUS_INVALID_LEVEL;
}
/* We know this name is ok, it's already passed the checks. */
- } else if(fsp->is_directory || fsp->fh->fd == -1) {
+ } else if(fsp->fh->fd == -1) {
/*
* This is actually a QFILEINFO on a directory
* handle (returned from an NT SMB). NT5.0 seems
}
fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
- get_file_infos(fileid, &delete_pending, &write_time_ts);
+ get_file_infos(fileid, fsp->name_hash, &delete_pending, &write_time_ts);
} else {
/*
* Original code - this is an open file.
*/
- if (!check_fsp(conn, req, fsp)) {
- return;
- }
-
if (SMB_VFS_FSTAT(fsp, &smb_fname->st) != 0) {
DEBUG(3, ("fstat of fnum %d failed (%s)\n",
fsp->fnum, strerror(errno)));
return;
}
fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
- get_file_infos(fileid, &delete_pending, &write_time_ts);
+ get_file_infos(fileid, fsp->name_hash, &delete_pending, &write_time_ts);
}
} else {
+ uint32_t name_hash;
char *fname = NULL;
/* qpathinfo */
}
}
+ status = file_name_hash(conn,
+ smb_fname_str_dbg(smb_fname_base),
+ &name_hash);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(smb_fname_base);
+ reply_nterror(req, status);
+ return;
+ }
+
fileid = vfs_file_id_from_sbuf(conn,
&smb_fname_base->st);
TALLOC_FREE(smb_fname_base);
- get_file_infos(fileid, &delete_pending, NULL);
+ get_file_infos(fileid, name_hash, &delete_pending, NULL);
if (delete_pending) {
reply_nterror(req, NT_STATUS_DELETE_PENDING);
return;
}
}
+ status = file_name_hash(conn,
+ smb_fname_str_dbg(smb_fname),
+ &name_hash);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
+
fileid = vfs_file_id_from_sbuf(conn, &smb_fname->st);
- get_file_infos(fileid, &delete_pending, &write_time_ts);
+ get_file_infos(fileid, name_hash, &delete_pending, &write_time_ts);
if (delete_pending) {
reply_nterror(req, NT_STATUS_DELETE_PENDING);
return;
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* get some defaults (no modifications) if any info is zero or -1. */
if (null_timespec(ft->create_time)) {
action &= ~FILE_NOTIFY_CHANGE_CREATION;
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
DEBUG(6,("smb_set_file_size: size: %.0f ", (double)size));
if (size == get_file_size_stat(psbuf)) {
if (!ea_list) {
return NT_STATUS_INVALID_PARAMETER;
}
+
+ if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
status = set_ea(conn, fsp, smb_fname, ea_list);
return status;
if (!ea_list) {
return NT_STATUS_INVALID_PARAMETER;
}
+
+ if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
DEBUG(10, ("smb_set_file_full_ea_info on file %s returned %s\n",
/* The set is across all open files on this dev/inode pair. */
if (!set_delete_on_close(fsp, delete_on_close,
- &conn->server_info->utok)) {
+ &conn->session_info->utok)) {
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
if (p) {
p[1] = '\0';
} else {
- base_name = talloc_strdup(ctx, "./");
+ base_name = talloc_strdup(ctx, "");
if (!base_name) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_INVALID_PARAMETER;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* Set the attributes */
dosmode = IVAL(pdata,32);
status = smb_set_file_dosmode(conn, smb_fname, dosmode);
return NT_STATUS_INVALID_PARAMETER;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* create time */
ft.create_time = convert_time_t_to_timespec(srv_make_unix_date2(pdata));
/* access time */
allocation_size = smb_roundup(conn, allocation_size);
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
DEBUG(10,("smb_set_file_allocation_info: file %s : setting new "
"allocation size to %.0f\n", smb_fname_str_dbg(smb_fname),
(double)allocation_size));
"file %s to %.0f\n", smb_fname_str_dbg(smb_fname),
(double)size));
+ if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
return smb_set_file_size(conn, req,
fsp,
smb_fname,
return;
}
- if(fsp->is_directory || fsp->fh->fd == -1) {
+ if(fsp->fh->fd == -1) {
/*
* This is actually a SETFILEINFO on a directory
* handle (returned from an NT SMB). NT5.0 seems
/*
* Original code - this is an open file.
*/
- if (!check_fsp(conn, req, fsp)) {
- return;
- }
-
if (SMB_VFS_FSTAT(fsp, &smb_fname->st) != 0) {
DEBUG(3,("call_trans2setfilepathinfo: fstat "
"of fnum %d failed (%s)\n", fsp->fnum,
git.samba.org / nivanova / samba-autobuild / .git / blobdiff