← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/samba/oneiric-security

« back to all changes in this revision

Viewing changes to source3/smbd/open.c

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2011-03-10 10:03:01 UTC
  • mfrom: (0.39.11 sid)
  • Revision ID: james.westby@ubuntu.com-20110310100301-jfjg41wv0iq05zj4
Tags: 2:3.5.8~dfsg-1ubuntu1
https://launchpad.net/bugs/639768
* Merge from debian unstable.  Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - add "(Samba, Ubuntu)" to server string.
    - comment out the default [homes] share, and add a comment about
      "valid users = %S" to show users how to restrict access to
      \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are 
      allowed to create public shares in addition to authenticated
      ones.
    - add map to guest = Bad user, maps bad username to guest access. 
  + debian/samba-common.config:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksmbpasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd
  + debian/control:
    - Make libwbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against or suggest ctdb.
    - Add dependency on samba-common-bin to samba.
    - Add cuups breaks to push the package to aslo upgrade cups (LP: #639768)
  + debian/rules:
    - enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile
    - debian/rules, debian/samba.dirs, debian/samba.files: install
      profile
    - debian/control: have samba suggest ufw
  + Add apport hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + Switch to upstart:
    - Add debian/samba.{nmbd,smbd}.upstart.
    - Don't ship the /etc/network/if-up.d file.
  + debian/samba.postinst: 
    - Fixed bashism.
    - Avoid scary pdbedit warnings on first import.
  + debian/samba-common.postinst: Add more informative error message for
    the case where smb.conf was manually deleted
  + debian/samba.logrotate: Make it upstart compatible
  + debian/samba-common.dhcp: Fix typo to get a proper parsing in
    /etc/samba/dhcp.
  + Dropped:
    - debian/patches/fix-windows7-print-connection.patch: Merged upstream.
    - debian/patches/security-CVE-2011-0719.patch: Merged upstream. 

Show diffs side-by-side

added added

removed removed

Lines of Context:
source3/smbd/open.c
22
22
#include "includes.h"
23
23
#include "smbd/globals.h"
24
24
 
 
25
extern struct current_user current_user;
25
26
extern const struct generic_mapping file_generic_mapping;
26
27
 
27
28
struct deferred_open_record {
1478
1479
 
1479
1480
        ZERO_STRUCT(id);
1480
1481
 
 
1482
        /* Windows allows a new file to be created and
 
1483
           silently removes a FILE_ATTRIBUTE_DIRECTORY
 
1484
           sent by the client. Do the same. */
 
1485
 
 
1486
        new_dos_attributes &= ~FILE_ATTRIBUTE_DIRECTORY;
 
1487
 
1481
1488
        if (conn->printer) {
1482
1489
                /*
1483
1490
                 * Printers are handled completely differently.
1960
1967
 
1961
1968
        if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
1962
1969
            (def_acl = directory_has_default_acl(conn, parent_dir))) {
1963
 
                unx_mode = 0777;
 
1970
                unx_mode = (0777 & lp_create_mask(SNUM(conn)));
1964
1971
        }
1965
1972
 
1966
1973
        DEBUG(4,("calling open_file with flags=0x%X flags2=0x%X mode=0%o, "
2264
2271
 Open a file for for write to ensure that we can fchmod it.
2265
2272
****************************************************************************/
2266
2273
 
2267
 
NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn,
 
2274
NTSTATUS open_file_fchmod(connection_struct *conn,
2268
2275
                          struct smb_filename *smb_fname,
2269
2276
                          files_struct **result)
2270
2277
{
2271
 
        files_struct *fsp = NULL;
2272
 
        NTSTATUS status;
2273
 
 
2274
2278
        if (!VALID_STAT(smb_fname->st)) {
2275
2279
                return NT_STATUS_INVALID_PARAMETER;
2276
2280
        }
2277
2281
 
2278
 
        status = file_new(req, conn, &fsp);
2279
 
        if(!NT_STATUS_IS_OK(status)) {
2280
 
                return status;
2281
 
        }
2282
 
 
2283
 
        status = SMB_VFS_CREATE_FILE(
 
2282
        return SMB_VFS_CREATE_FILE(
2284
2283
                conn,                                   /* conn */
2285
2284
                NULL,                                   /* req */
2286
2285
                0,                                      /* root_dir_fid */
2291
2290
                FILE_OPEN,                              /* create_disposition*/
2292
2291
                0,                                      /* create_options */
2293
2292
                0,                                      /* file_attributes */
2294
 
                0,                                      /* oplock_request */
 
2293
                INTERNAL_OPEN_ONLY,                     /* oplock_request */
2295
2294
                0,                                      /* allocation_size */
2296
2295
                NULL,                                   /* sd */
2297
2296
                NULL,                                   /* ea_list */
2298
 
                &fsp,                                   /* result */
 
2297
                result,                                 /* result */
2299
2298
                NULL);                                  /* pinfo */
2300
 
 
2301
 
        /*
2302
 
         * This is not a user visible file open.
2303
 
         * Don't set a share mode.
2304
 
         */
2305
 
 
2306
 
        if (!NT_STATUS_IS_OK(status)) {
2307
 
                file_free(req, fsp);
2308
 
                return status;
2309
 
        }
2310
 
 
2311
 
        *result = fsp;
2312
 
        return NT_STATUS_OK;
2313
 
}
2314
 
 
2315
 
/****************************************************************************
2316
 
 Close the fchmod file fd - ensure no locks are lost.
2317
 
****************************************************************************/
2318
 
 
2319
 
NTSTATUS close_file_fchmod(struct smb_request *req, files_struct *fsp)
2320
 
{
2321
 
        NTSTATUS status = fd_close(fsp);
2322
 
        file_free(req, fsp);
2323
 
        return status;
2324
2299
}
2325
2300
 
2326
2301
static NTSTATUS mkdir_internal(connection_struct *conn,
2439
2414
 
2440
2415
        SMB_ASSERT(!is_ntfs_stream_smb_fname(smb_dname));
2441
2416
 
 
2417
        /* Ensure we have a directory attribute. */
 
2418
        file_attributes |= FILE_ATTRIBUTE_DIRECTORY;
 
2419
 
2442
2420
        DEBUG(5,("open_directory: opening directory %s, access_mask = 0x%x, "
2443
2421
                 "share_access = 0x%x create_options = 0x%x, "
2444
2422
                 "create_disposition = 0x%x, file_attributes = 0x%x\n",
2467
2445
                return status;
2468
2446
        }
2469
2447
 
2470
 
        /* We need to support SeSecurityPrivilege for this. */
2471
 
        if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
 
2448
        if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
 
2449
                        !user_has_privileges(current_user.nt_user_token, &se_security)) {
2472
2450
                DEBUG(10, ("open_directory: open on %s "
2473
2451
                        "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
2474
2452
                        smb_fname_str_dbg(smb_dname)));
2977
2955
                goto fail;
2978
2956
        }
2979
2957
 
2980
 
#if 0
2981
 
        /* We need to support SeSecurityPrivilege for this. */
2982
2958
        if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
2983
 
            !user_has_privileges(current_user.nt_user_token,
2984
 
                                 &se_security)) {
2985
 
                status = NT_STATUS_PRIVILEGE_NOT_HELD;
2986
 
                goto fail;
2987
 
        }
2988
 
#else
2989
 
        /* We need to support SeSecurityPrivilege for this. */
2990
 
        if (access_mask & SEC_FLAG_SYSTEM_SECURITY) {
2991
 
                status = NT_STATUS_PRIVILEGE_NOT_HELD;
2992
 
                goto fail;
2993
 
        }
2994
 
        /* Don't allow a SACL set from an NTtrans create until we
2995
 
         * support SeSecurityPrivilege. */
2996
 
        if (!VALID_STAT(smb_fname->st) &&
2997
 
                        lp_nt_acl_support(SNUM(conn)) &&
2998
 
                        sd && (sd->sacl != NULL)) {
2999
 
                status = NT_STATUS_PRIVILEGE_NOT_HELD;
3000
 
                goto fail;
3001
 
        }
3002
 
#endif
 
2959
                        !user_has_privileges(current_user.nt_user_token, &se_security)) {
 
2960
                DEBUG(10, ("create_file_unixpath:: open on %s "
 
2961
                        "failed - SEC_FLAG_SYSTEM_SECURITY denied.\n",
 
2962
                        smb_fname_str_dbg(smb_fname)));
 
2963
                status = NT_STATUS_PRIVILEGE_NOT_HELD;
 
2964
                goto fail;
 
2965
        }
3003
2966
 
3004
2967
        if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
3005
2968
            && is_ntfs_stream_smb_fname(smb_fname)
3270
3233
NTSTATUS get_relative_fid_filename(connection_struct *conn,
3271
3234
                                   struct smb_request *req,
3272
3235
                                   uint16_t root_dir_fid,
3273
 
                                   struct smb_filename *smb_fname)
 
3236
                                   const struct smb_filename *smb_fname,
 
3237
                                   struct smb_filename **smb_fname_out)
3274
3238
{
3275
3239
        files_struct *dir_fsp;
3276
3240
        char *parent_fname = NULL;
3358
3322
                }
3359
3323
        }
3360
3324
 
3361
 
        new_base_name = talloc_asprintf(smb_fname, "%s%s", parent_fname,
 
3325
        new_base_name = talloc_asprintf(talloc_tos(), "%s%s", parent_fname,
3362
3326
                                        smb_fname->base_name);
3363
3327
        if (new_base_name == NULL) {
3364
3328
                status = NT_STATUS_NO_MEMORY;
3365
3329
                goto out;
3366
3330
        }
3367
3331
 
3368
 
        TALLOC_FREE(smb_fname->base_name);
3369
 
        smb_fname->base_name = new_base_name;
3370
 
        status = NT_STATUS_OK;
 
3332
        status = filename_convert(req,
 
3333
                                conn,
 
3334
                                req->flags2 & FLAGS2_DFS_PATHNAMES,
 
3335
                                new_base_name,
 
3336
                                0,
 
3337
                                NULL,
 
3338
                                smb_fname_out);
 
3339
        if (!NT_STATUS_IS_OK(status)) {
 
3340
                goto out;
 
3341
        }
3371
3342
 
3372
3343
 out:
3373
3344
        TALLOC_FREE(parent_fname);
3414
3385
         */
3415
3386
 
3416
3387
        if (root_dir_fid != 0) {
 
3388
                struct smb_filename *smb_fname_out = NULL;
3417
3389
                status = get_relative_fid_filename(conn, req, root_dir_fid,
3418
 
                                                   smb_fname);
 
3390
                                                   smb_fname, &smb_fname_out);
3419
3391
                if (!NT_STATUS_IS_OK(status)) {
3420
3392
                        goto fail;
3421
3393
                }
 
3394
                smb_fname = smb_fname_out;
3422
3395
        }
3423
3396
 
3424
3397
        /*