diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /source3/smbd/dosmode.c | |
parent | Initial commit. (diff) | |
download | samba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source3/smbd/dosmode.c')
-rw-r--r-- | source3/smbd/dosmode.c | 1306 |
1 files changed, 1306 insertions, 0 deletions
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c new file mode 100644 index 0000000..4faa270 --- /dev/null +++ b/source3/smbd/dosmode.c @@ -0,0 +1,1306 @@ +/* + Unix SMB/CIFS implementation. + dos mode handling functions + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) James Peach 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "globals.h" +#include "system/filesys.h" +#include "librpc/gen_ndr/ndr_xattr.h" +#include "librpc/gen_ndr/ioctl.h" +#include "../libcli/security/security.h" +#include "smbd/smbd.h" +#include "lib/param/loadparm.h" +#include "lib/util/tevent_ntstatus.h" +#include "lib/util/string_wrappers.h" +#include "fake_file.h" + +static void dos_mode_debug_print(const char *func, uint32_t mode) +{ + fstring modestr; + + if (DEBUGLEVEL < DBGLVL_INFO) { + return; + } + + modestr[0] = '\0'; + + if (mode & FILE_ATTRIBUTE_HIDDEN) { + fstrcat(modestr, "h"); + } + if (mode & FILE_ATTRIBUTE_READONLY) { + fstrcat(modestr, "r"); + } + if (mode & FILE_ATTRIBUTE_SYSTEM) { + fstrcat(modestr, "s"); + } + if (mode & FILE_ATTRIBUTE_DIRECTORY) { + fstrcat(modestr, "d"); + } + if (mode & FILE_ATTRIBUTE_ARCHIVE) { + fstrcat(modestr, "a"); + } + if (mode & FILE_ATTRIBUTE_SPARSE) { + fstrcat(modestr, "[sparse]"); + } + if (mode & FILE_ATTRIBUTE_OFFLINE) { + fstrcat(modestr, "[offline]"); + } + if (mode & FILE_ATTRIBUTE_COMPRESSED) { + fstrcat(modestr, "[compressed]"); + } + + DBG_INFO("%s returning (0x%x): \"%s\"\n", func, (unsigned)mode, + modestr); +} + +static uint32_t filter_mode_by_protocol(uint32_t mode) +{ + if (get_Protocol() <= PROTOCOL_LANMAN2) { + DEBUG(10,("filter_mode_by_protocol: " + "filtering result 0x%x to 0x%x\n", + (unsigned int)mode, + (unsigned int)(mode & 0x3f) )); + mode &= 0x3f; + } + return mode; +} + +/**************************************************************************** + Change a dos mode to a unix mode. + Base permission for files: + if creating file and inheriting (i.e. parent_dir != NULL) + apply read/write bits from parent directory. + else + everybody gets read bit set + dos readonly is represented in unix by removing everyone's write bit + dos archive is represented in unix by the user's execute bit + dos system is represented in unix by the group's execute bit + dos hidden is represented in unix by the other's execute bit + if !inheriting { + Then apply create mask, + then add force bits. + } + Base permission for directories: + dos directory is represented in unix by unix's dir bit and the exec bit + if !inheriting { + Then apply create mask, + then add force bits. + } +****************************************************************************/ + +mode_t unix_mode(connection_struct *conn, int dosmode, + const struct smb_filename *smb_fname, + struct files_struct *parent_dirfsp) +{ + mode_t result = (S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR | S_IWGRP | S_IWOTH); + mode_t dir_mode = 0; /* Mode of the inherit_from directory if + * inheriting. */ + + if (!lp_store_dos_attributes(SNUM(conn)) && IS_DOS_READONLY(dosmode)) { + result &= ~(S_IWUSR | S_IWGRP | S_IWOTH); + } + + if ((parent_dirfsp != NULL) && lp_inherit_permissions(SNUM(conn))) { + struct stat_ex sbuf = { .st_ex_nlink = 0, }; + int ret; + + DBG_DEBUG("[%s] inheriting from [%s]\n", + smb_fname_str_dbg(smb_fname), + smb_fname_str_dbg(parent_dirfsp->fsp_name)); + + ret = SMB_VFS_FSTAT(parent_dirfsp, &sbuf); + if (ret != 0) { + DBG_ERR("fstat failed [%s]: %s\n", + smb_fname_str_dbg(parent_dirfsp->fsp_name), + strerror(errno)); + return(0); /* *** shouldn't happen! *** */ + } + + /* Save for later - but explicitly remove setuid bit for safety. */ + dir_mode = sbuf.st_ex_mode & ~S_ISUID; + DEBUG(2,("unix_mode(%s) inherit mode %o\n", + smb_fname_str_dbg(smb_fname), (int)dir_mode)); + /* Clear "result" */ + result = 0; + } + + if (IS_DOS_DIR(dosmode)) { + /* We never make directories read only for the owner as under DOS a user + can always create a file in a read-only directory. */ + result |= (S_IFDIR | S_IWUSR); + + if (dir_mode) { + /* Inherit mode of parent directory. */ + result |= dir_mode; + } else { + /* Provisionally add all 'x' bits */ + result |= (S_IXUSR | S_IXGRP | S_IXOTH); + + /* Apply directory mask */ + result &= lp_directory_mask(SNUM(conn)); + /* Add in force bits */ + result |= lp_force_directory_mode(SNUM(conn)); + } + } else { + if (lp_map_archive(SNUM(conn)) && IS_DOS_ARCHIVE(dosmode)) + result |= S_IXUSR; + + if (lp_map_system(SNUM(conn)) && IS_DOS_SYSTEM(dosmode)) + result |= S_IXGRP; + + if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode)) + result |= S_IXOTH; + + if (dir_mode) { + /* Inherit 666 component of parent directory mode */ + result |= dir_mode & (S_IRUSR | S_IRGRP | S_IROTH | S_IWUSR | S_IWGRP | S_IWOTH); + } else { + /* Apply mode mask */ + result &= lp_create_mask(SNUM(conn)); + /* Add in force bits */ + result |= lp_force_create_mode(SNUM(conn)); + } + } + + DBG_INFO("unix_mode(%s) returning 0%o\n", + smb_fname_str_dbg(smb_fname), (int)result); + + return(result); +} + +/**************************************************************************** + Change a unix mode to a dos mode. +****************************************************************************/ + +static uint32_t dos_mode_from_sbuf(connection_struct *conn, + const struct smb_filename *smb_fname) +{ + int result = 0; + enum mapreadonly_options ro_opts = (enum mapreadonly_options)lp_map_readonly(SNUM(conn)); + +#if defined(UF_IMMUTABLE) && defined(SF_IMMUTABLE) + /* if we can find out if a file is immutable we should report it r/o */ + if (smb_fname->st.st_ex_flags & (UF_IMMUTABLE | SF_IMMUTABLE)) { + result |= FILE_ATTRIBUTE_READONLY; + } +#endif + if (ro_opts == MAP_READONLY_YES) { + /* Original Samba method - map inverse of user "w" bit. */ + if ((smb_fname->st.st_ex_mode & S_IWUSR) == 0) { + result |= FILE_ATTRIBUTE_READONLY; + } + } else if (ro_opts == MAP_READONLY_PERMISSIONS) { + /* smb_fname->fsp can be NULL for an MS-DFS link. */ + /* Check actual permissions for read-only. */ + if (smb_fname->fsp != NULL) { + if (!can_write_to_fsp(smb_fname->fsp)) + { + result |= FILE_ATTRIBUTE_READONLY; + } + } + } /* Else never set the readonly bit. */ + + if (MAP_ARCHIVE(conn) && ((smb_fname->st.st_ex_mode & S_IXUSR) != 0)) + result |= FILE_ATTRIBUTE_ARCHIVE; + + if (MAP_SYSTEM(conn) && ((smb_fname->st.st_ex_mode & S_IXGRP) != 0)) + result |= FILE_ATTRIBUTE_SYSTEM; + + if (MAP_HIDDEN(conn) && ((smb_fname->st.st_ex_mode & S_IXOTH) != 0)) + result |= FILE_ATTRIBUTE_HIDDEN; + + if (S_ISDIR(smb_fname->st.st_ex_mode)) + result = FILE_ATTRIBUTE_DIRECTORY | (result & FILE_ATTRIBUTE_READONLY); + + dos_mode_debug_print(__func__, result); + + return result; +} + +/**************************************************************************** + Get DOS attributes from an EA. + This can also pull the create time into the stat struct inside smb_fname. +****************************************************************************/ + +NTSTATUS parse_dos_attribute_blob(struct smb_filename *smb_fname, + DATA_BLOB blob, + uint32_t *pattr) +{ + struct xattr_DOSATTRIB dosattrib; + enum ndr_err_code ndr_err; + uint32_t dosattr; + + ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &dosattrib, + (ndr_pull_flags_fn_t)ndr_pull_xattr_DOSATTRIB); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DBG_WARNING("bad ndr decode " + "from EA on file %s: Error = %s\n", + smb_fname_str_dbg(smb_fname), + ndr_errstr(ndr_err)); + return ndr_map_error2ntstatus(ndr_err); + } + + DBG_DEBUG("%s attr = %s\n", + smb_fname_str_dbg(smb_fname), dosattrib.attrib_hex); + + switch (dosattrib.version) { + case 0xFFFF: + dosattr = dosattrib.info.compatinfoFFFF.attrib; + break; + case 1: + dosattr = dosattrib.info.info1.attrib; + if (!null_nttime(dosattrib.info.info1.create_time)) { + struct timespec create_time = + nt_time_to_unix_timespec( + dosattrib.info.info1.create_time); + + update_stat_ex_create_time(&smb_fname->st, + create_time); + + DBG_DEBUG("file %s case 1 set btime %s\n", + smb_fname_str_dbg(smb_fname), + time_to_asc(convert_timespec_to_time_t( + create_time))); + } + break; + case 2: + dosattr = dosattrib.info.oldinfo2.attrib; + /* Don't know what flags to check for this case. */ + break; + case 3: + dosattr = dosattrib.info.info3.attrib; + if ((dosattrib.info.info3.valid_flags & XATTR_DOSINFO_CREATE_TIME) && + !null_nttime(dosattrib.info.info3.create_time)) { + struct timespec create_time = + nt_time_to_full_timespec( + dosattrib.info.info3.create_time); + + update_stat_ex_create_time(&smb_fname->st, + create_time); + + DBG_DEBUG("file %s case 3 set btime %s\n", + smb_fname_str_dbg(smb_fname), + time_to_asc(convert_timespec_to_time_t( + create_time))); + } + break; + case 4: + case 5: + { + uint32_t info_valid_flags; + NTTIME info_create_time; + + if (dosattrib.version == 4) { + info_valid_flags = dosattrib.info.info4.valid_flags; + info_create_time = dosattrib.info.info4.create_time; + dosattr = dosattrib.info.info4.attrib; + } else { + info_valid_flags = dosattrib.info.info5.valid_flags; + info_create_time = dosattrib.info.info5.create_time; + dosattr = dosattrib.info.info5.attrib; + } + + if ((info_valid_flags & XATTR_DOSINFO_CREATE_TIME) && + !null_nttime(info_create_time)) + { + struct timespec creat_time; + + creat_time = nt_time_to_full_timespec(info_create_time); + update_stat_ex_create_time(&smb_fname->st, creat_time); + + DBG_DEBUG("file [%s] creation time [%s]\n", + smb_fname_str_dbg(smb_fname), + nt_time_string(talloc_tos(), info_create_time)); + } + + break; + } + default: + DBG_WARNING("Badly formed DOSATTRIB on file %s - %s\n", + smb_fname_str_dbg(smb_fname), blob.data); + /* Should this be INTERNAL_ERROR? */ + return NT_STATUS_INVALID_PARAMETER; + } + + if (S_ISDIR(smb_fname->st.st_ex_mode)) { + dosattr |= FILE_ATTRIBUTE_DIRECTORY; + } + + /* FILE_ATTRIBUTE_SPARSE is valid on get but not on set. */ + *pattr |= (uint32_t)(dosattr & (SAMBA_ATTRIBUTES_MASK|FILE_ATTRIBUTE_SPARSE)); + + dos_mode_debug_print(__func__, *pattr); + + return NT_STATUS_OK; +} + +NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp, + uint32_t *pattr) +{ + DATA_BLOB blob; + ssize_t sizeret; + fstring attrstr; + NTSTATUS status; + + if (!lp_store_dos_attributes(SNUM(fsp->conn))) { + return NT_STATUS_NOT_IMPLEMENTED; + } + + /* Don't reset pattr to zero as we may already have filename-based attributes we + need to preserve. */ + + sizeret = SMB_VFS_FGETXATTR(fsp, + SAMBA_XATTR_DOS_ATTRIB, + attrstr, + sizeof(attrstr)); + if (sizeret == -1 && ( errno == EPERM || errno == EACCES )) { + /* we may also retrieve dos attribs for unreadable files, this + is why we'll retry as root. We don't use root in the first + run because in cases like NFS, root might have even less + rights than the real user + */ + become_root(); + sizeret = SMB_VFS_FGETXATTR(fsp, + SAMBA_XATTR_DOS_ATTRIB, + attrstr, + sizeof(attrstr)); + unbecome_root(); + } + if (sizeret == -1) { + DBG_INFO("Cannot get attribute " + "from EA on file %s: Error = %s\n", + fsp_str_dbg(fsp), strerror(errno)); + return map_nt_error_from_unix(errno); + } + + blob.data = (uint8_t *)attrstr; + blob.length = sizeret; + + status = parse_dos_attribute_blob(fsp->fsp_name, blob, pattr); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return NT_STATUS_OK; +} + +/**************************************************************************** + Set DOS attributes in an EA. + Also sets the create time. +****************************************************************************/ + +NTSTATUS set_ea_dos_attribute(connection_struct *conn, + const struct smb_filename *smb_fname, + uint32_t dosmode) +{ + struct xattr_DOSATTRIB dosattrib; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + int ret; + + if (!lp_store_dos_attributes(SNUM(conn))) { + return NT_STATUS_NOT_IMPLEMENTED; + } + + if (smb_fname->fsp == NULL) { + /* symlink */ + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + /* + * Don't store FILE_ATTRIBUTE_OFFLINE, it's dealt with in + * vfs_default via DMAPI if that is enabled. + */ + dosmode &= ~FILE_ATTRIBUTE_OFFLINE; + + ZERO_STRUCT(dosattrib); + ZERO_STRUCT(blob); + + dosattrib.version = 5; + dosattrib.info.info5.valid_flags = XATTR_DOSINFO_ATTRIB | + XATTR_DOSINFO_CREATE_TIME; + dosattrib.info.info5.attrib = dosmode; + dosattrib.info.info5.create_time = full_timespec_to_nt_time( + &smb_fname->st.st_ex_btime); + + DEBUG(10,("set_ea_dos_attributes: set attribute 0x%x, btime = %s on file %s\n", + (unsigned int)dosmode, + time_to_asc(convert_timespec_to_time_t(smb_fname->st.st_ex_btime)), + smb_fname_str_dbg(smb_fname) )); + + ndr_err = ndr_push_struct_blob( + &blob, talloc_tos(), &dosattrib, + (ndr_push_flags_fn_t)ndr_push_xattr_DOSATTRIB); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(5, ("create_acl_blob: ndr_push_xattr_DOSATTRIB failed: %s\n", + ndr_errstr(ndr_err))); + return ndr_map_error2ntstatus(ndr_err); + } + + if (blob.data == NULL || blob.length == 0) { + /* Should this be INTERNAL_ERROR? */ + return NT_STATUS_INVALID_PARAMETER; + } + + ret = SMB_VFS_FSETXATTR(smb_fname->fsp, + SAMBA_XATTR_DOS_ATTRIB, + blob.data, blob.length, 0); + if (ret != 0) { + NTSTATUS status = NT_STATUS_OK; + bool set_dosmode_ok = false; + + if ((errno != EPERM) && (errno != EACCES)) { + DBG_INFO("Cannot set " + "attribute EA on file %s: Error = %s\n", + smb_fname_str_dbg(smb_fname), strerror(errno)); + return map_nt_error_from_unix(errno); + } + + /* We want DOS semantics, ie allow non owner with write permission to change the + bits on a file. Just like file_ntimes below. + */ + + /* Check if we have write access. */ + if (!CAN_WRITE(conn)) { + return NT_STATUS_ACCESS_DENIED; + } + + status = smbd_check_access_rights_fsp(conn->cwd_fsp, + smb_fname->fsp, + false, + FILE_WRITE_ATTRIBUTES); + if (NT_STATUS_IS_OK(status)) { + set_dosmode_ok = true; + } + + if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) { + set_dosmode_ok = can_write_to_fsp(smb_fname->fsp); + } + + if (!set_dosmode_ok) { + return NT_STATUS_ACCESS_DENIED; + } + + become_root(); + ret = SMB_VFS_FSETXATTR(smb_fname->fsp, + SAMBA_XATTR_DOS_ATTRIB, + blob.data, blob.length, 0); + if (ret == 0) { + status = NT_STATUS_OK; + } + unbecome_root(); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + /* + * We correctly stored the create time. + * We *always* set XATTR_DOSINFO_CREATE_TIME, + * so now it can no longer be considered + * calculated. + */ + update_stat_ex_create_time( + &smb_fname->fsp->fsp_name->st, + smb_fname->st.st_ex_btime); + + DEBUG(10,("set_ea_dos_attribute: set EA 0x%x on file %s\n", + (unsigned int)dosmode, + smb_fname_str_dbg(smb_fname))); + return NT_STATUS_OK; +} + +/**************************************************************************** + Change a unix mode to a dos mode for an ms dfs link. +****************************************************************************/ + +uint32_t dos_mode_msdfs(connection_struct *conn, + const struct smb_filename *smb_fname) +{ + uint32_t result = 0; + + DEBUG(8,("dos_mode_msdfs: %s\n", smb_fname_str_dbg(smb_fname))); + + if (!VALID_STAT(smb_fname->st)) { + return 0; + } + + /* First do any modifications that depend on the path name. */ + /* hide files with a name starting with a . */ + if (lp_hide_dot_files(SNUM(conn))) { + const char *p = strrchr_m(smb_fname->base_name, '/'); + if (p) { + p++; + } else { + p = smb_fname->base_name; + } + + /* Only . and .. are not hidden. */ + if (p[0] == '.' && !((p[1] == '\0') || + (p[1] == '.' && p[2] == '\0'))) { + result |= FILE_ATTRIBUTE_HIDDEN; + } + } + + result |= dos_mode_from_sbuf(conn, smb_fname); + + /* Optimization : Only call is_hidden_path if it's not already + hidden. */ + if (!(result & FILE_ATTRIBUTE_HIDDEN) && + IS_HIDDEN_PATH(conn, smb_fname->base_name)) { + result |= FILE_ATTRIBUTE_HIDDEN; + } + + if (result == 0) { + result = FILE_ATTRIBUTE_NORMAL; + } + + result = filter_mode_by_protocol(result); + + /* + * Add in that it is a reparse point + */ + result |= FILE_ATTRIBUTE_REPARSE_POINT; + + dos_mode_debug_print(__func__, result); + + return(result); +} + +/* + * check whether a file or directory is flagged as compressed. + */ +static NTSTATUS dos_mode_check_compressed(struct files_struct *fsp, + bool *is_compressed) +{ + NTSTATUS status; + uint16_t compression_fmt; + + status = SMB_VFS_FGET_COMPRESSION( + fsp->conn, talloc_tos(), fsp, &compression_fmt); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (compression_fmt == COMPRESSION_FORMAT_LZNT1) { + *is_compressed = true; + } else { + *is_compressed = false; + } + return NT_STATUS_OK; +} + +static uint32_t dos_mode_from_name(connection_struct *conn, + const struct smb_filename *smb_fname, + uint32_t dosmode) +{ + const char *p = NULL; + uint32_t result = dosmode; + + if (!(result & FILE_ATTRIBUTE_HIDDEN) && + lp_hide_dot_files(SNUM(conn))) + { + p = strrchr_m(smb_fname->base_name, '/'); + if (p) { + p++; + } else { + p = smb_fname->base_name; + } + + /* Only . and .. are not hidden. */ + if ((p[0] == '.') && !(ISDOT(p) || ISDOTDOT(p))) { + result |= FILE_ATTRIBUTE_HIDDEN; + } + } + + if (!(result & FILE_ATTRIBUTE_HIDDEN) && + IS_HIDDEN_PATH(conn, smb_fname->base_name)) + { + result |= FILE_ATTRIBUTE_HIDDEN; + } + + return result; +} + +static uint32_t dos_mode_post(uint32_t dosmode, + struct files_struct *fsp, + const char *func) +{ + struct smb_filename *smb_fname = NULL; + NTSTATUS status; + + if (fsp != NULL) { + smb_fname = fsp->fsp_name; + } + SMB_ASSERT(smb_fname != NULL); + + /* + * According to MS-FSA a stream name does not have + * separate DOS attribute metadata, so we must return + * the DOS attribute from the base filename. With one caveat, + * a non-default stream name can never be a directory. + * + * As this is common to all streams data stores, we handle + * it here instead of inside all stream VFS modules. + * + * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380 + */ + + if (is_named_stream(smb_fname)) { + /* is_ntfs_stream_smb_fname() returns false for a POSIX path. */ + dosmode &= ~(FILE_ATTRIBUTE_DIRECTORY); + } + + if (fsp->conn->fs_capabilities & FILE_FILE_COMPRESSION) { + bool compressed = false; + + status = dos_mode_check_compressed(fsp, &compressed); + if (NT_STATUS_IS_OK(status) && compressed) { + dosmode |= FILE_ATTRIBUTE_COMPRESSED; + } + } + + dosmode |= dos_mode_from_name(fsp->conn, smb_fname, dosmode); + + if (S_ISDIR(smb_fname->st.st_ex_mode)) { + dosmode |= FILE_ATTRIBUTE_DIRECTORY; + } else if (dosmode == 0) { + dosmode = FILE_ATTRIBUTE_NORMAL; + } + + dosmode = filter_mode_by_protocol(dosmode); + + dos_mode_debug_print(func, dosmode); + return dosmode; +} + +/**************************************************************************** + Change a unix mode to a dos mode. + May also read the create timespec into the stat struct in smb_fname + if "store dos attributes" is true. +****************************************************************************/ + +uint32_t fdos_mode(struct files_struct *fsp) +{ + uint32_t result = 0; + NTSTATUS status = NT_STATUS_OK; + + if (fsp == NULL) { + /* + * The pathological case where a callers does + * fdos_mode(smb_fname->fsp) passing a pathref fsp. But as + * smb_fname points at a symlink in POSIX context smb_fname->fsp + * is NULL. + */ + return FILE_ATTRIBUTE_NORMAL; + } + + DBG_DEBUG("%s\n", fsp_str_dbg(fsp)); + + if (fsp->fake_file_handle != NULL) { + return dosmode_from_fake_filehandle(fsp->fake_file_handle); + } + + if (!VALID_STAT(fsp->fsp_name->st)) { + return 0; + } + + if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { + return FILE_ATTRIBUTE_NORMAL; + } + + /* Get the DOS attributes via the VFS if we can */ + status = vfs_fget_dos_attributes(fsp, &result); + if (!NT_STATUS_IS_OK(status)) { + /* + * Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. + */ + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) { + result |= dos_mode_from_sbuf(fsp->conn, fsp->fsp_name); + } + } + + result = dos_mode_post(result, fsp, __func__); + return result; +} + +struct dos_mode_at_state { + files_struct *dir_fsp; + struct smb_filename *smb_fname; + uint32_t dosmode; +}; + +static void dos_mode_at_vfs_get_dosmode_done(struct tevent_req *subreq); + +struct tevent_req *dos_mode_at_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + files_struct *dir_fsp, + struct smb_filename *smb_fname) +{ + struct tevent_req *req = NULL; + struct dos_mode_at_state *state = NULL; + struct tevent_req *subreq = NULL; + + DBG_DEBUG("%s\n", smb_fname_str_dbg(smb_fname)); + + req = tevent_req_create(mem_ctx, &state, + struct dos_mode_at_state); + if (req == NULL) { + return NULL; + } + + *state = (struct dos_mode_at_state) { + .dir_fsp = dir_fsp, + .smb_fname = smb_fname, + }; + + if (!VALID_STAT(smb_fname->st)) { + tevent_req_done(req); + return tevent_req_post(req, ev); + } + + if (smb_fname->fsp == NULL) { + if (ISDOTDOT(smb_fname->base_name)) { + /* + * smb_fname->fsp is explicitly closed + * for ".." to prevent meta-data leakage. + */ + state->dosmode = FILE_ATTRIBUTE_DIRECTORY; + } else { + /* + * This is a symlink in POSIX context. + * FIXME ? Should we move to returning + * FILE_ATTRIBUTE_REPARSE_POINT here ? + */ + state->dosmode = FILE_ATTRIBUTE_NORMAL; + } + tevent_req_done(req); + return tevent_req_post(req, ev); + } + + subreq = SMB_VFS_GET_DOS_ATTRIBUTES_SEND(state, + ev, + dir_fsp, + smb_fname); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, dos_mode_at_vfs_get_dosmode_done, req); + + return req; +} + +static void dos_mode_at_vfs_get_dosmode_done(struct tevent_req *subreq) +{ + struct tevent_req *req = + tevent_req_callback_data(subreq, + struct tevent_req); + struct dos_mode_at_state *state = + tevent_req_data(req, + struct dos_mode_at_state); + struct vfs_aio_state aio_state; + NTSTATUS status; + bool ok; + + /* + * Make sure we run as the user again + */ + ok = change_to_user_and_service_by_fsp(state->dir_fsp); + SMB_ASSERT(ok); + + status = SMB_VFS_GET_DOS_ATTRIBUTES_RECV(subreq, + &aio_state, + &state->dosmode); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + /* + * Both the sync dos_mode() as well as the async + * dos_mode_at_[send|recv] have no real error return, the only + * unhandled error is when the stat info in smb_fname is not + * valid (cf the checks in dos_mode() and dos_mode_at_send(). + * + * If SMB_VFS_GET_DOS_ATTRIBUTES[_SEND|_RECV] fails we must call + * dos_mode_post() which also does the mapping of a last resort + * from S_IFMT(st_mode). + * + * Only if we get NT_STATUS_NOT_IMPLEMENTED or + * NT_STATUS_NOT_SUPPORTED from a stacked VFS module we must + * fallback to sync processing. + */ + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED) && + !NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) + { + /* + * state->dosmode should still be 0, but reset + * it to be sure. + */ + state->dosmode = 0; + status = NT_STATUS_OK; + } + } + if (NT_STATUS_IS_OK(status)) { + state->dosmode = dos_mode_post(state->dosmode, + state->smb_fname->fsp, + __func__); + tevent_req_done(req); + return; + } + + /* + * Fall back to sync dos_mode() if we got NOT_IMPLEMENTED. + */ + + state->dosmode = fdos_mode(state->smb_fname->fsp); + tevent_req_done(req); + return; +} + +NTSTATUS dos_mode_at_recv(struct tevent_req *req, uint32_t *dosmode) +{ + struct dos_mode_at_state *state = + tevent_req_data(req, + struct dos_mode_at_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + tevent_req_received(req); + return status; + } + + *dosmode = state->dosmode; + tevent_req_received(req); + return NT_STATUS_OK; +} + +/******************************************************************* + chmod a file - but preserve some bits. + If "store dos attributes" is also set it will store the create time + from the stat struct in smb_fname (in NTTIME format) in the EA + attribute also. +********************************************************************/ + +int file_set_dosmode(connection_struct *conn, + struct smb_filename *smb_fname, + uint32_t dosmode, + struct smb_filename *parent_dir, + bool newfile) +{ + int mask=0; + mode_t tmp; + mode_t unixmode; + int ret = -1; + NTSTATUS status; + + if (!CAN_WRITE(conn)) { + errno = EROFS; + return -1; + } + + if ((S_ISDIR(smb_fname->st.st_ex_mode)) && + (dosmode & FILE_ATTRIBUTE_TEMPORARY)) + { + errno = EINVAL; + return -1; + } + + dosmode &= SAMBA_ATTRIBUTES_MASK; + + DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n", + dosmode, smb_fname_str_dbg(smb_fname))); + + unixmode = smb_fname->st.st_ex_mode; + + if (smb_fname->fsp != NULL) { + get_acl_group_bits( + conn, smb_fname->fsp, &smb_fname->st.st_ex_mode); + } + + if (S_ISDIR(smb_fname->st.st_ex_mode)) + dosmode |= FILE_ATTRIBUTE_DIRECTORY; + else + dosmode &= ~FILE_ATTRIBUTE_DIRECTORY; + + if (smb_fname->fsp != NULL) { + /* Store the DOS attributes in an EA by preference. */ + status = SMB_VFS_FSET_DOS_ATTRIBUTES( + conn, metadata_fsp(smb_fname->fsp), dosmode); + } else { + status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + if (NT_STATUS_IS_OK(status)) { + ret = 0; + goto done; + } + + /* + * Only fall back to using UNIX modes if + * we get NOT_IMPLEMENTED. + */ + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) { + errno = map_errno_from_nt_status(status); + return -1; + } + + /* Fall back to UNIX modes. */ + unixmode = unix_mode( + conn, + dosmode, + smb_fname, + parent_dir != NULL ? parent_dir->fsp : NULL); + + /* preserve the file type bits */ + mask |= S_IFMT; + + /* preserve the s bits */ + mask |= (S_ISUID | S_ISGID); + + /* preserve the t bit */ +#ifdef S_ISVTX + mask |= S_ISVTX; +#endif + + /* possibly preserve the x bits */ + if (!MAP_ARCHIVE(conn)) + mask |= S_IXUSR; + if (!MAP_SYSTEM(conn)) + mask |= S_IXGRP; + if (!MAP_HIDDEN(conn)) + mask |= S_IXOTH; + + unixmode |= (smb_fname->st.st_ex_mode & mask); + + /* if we previously had any r bits set then leave them alone */ + if ((tmp = smb_fname->st.st_ex_mode & (S_IRUSR|S_IRGRP|S_IROTH))) { + unixmode &= ~(S_IRUSR|S_IRGRP|S_IROTH); + unixmode |= tmp; + } + + /* if we previously had any w bits set then leave them alone + whilst adding in the new w bits, if the new mode is not rdonly */ + if (!IS_DOS_READONLY(dosmode)) { + unixmode |= (smb_fname->st.st_ex_mode & (S_IWUSR|S_IWGRP|S_IWOTH)); + } + + /* + * From the chmod 2 man page: + * + * "If the calling process is not privileged, and the group of the file + * does not match the effective group ID of the process or one of its + * supplementary group IDs, the S_ISGID bit will be turned off, but + * this will not cause an error to be returned." + * + * Simply refuse to do the chmod in this case. + */ + + if (S_ISDIR(smb_fname->st.st_ex_mode) && + (unixmode & S_ISGID) && + geteuid() != sec_initial_uid() && + !current_user_in_group(conn, smb_fname->st.st_ex_gid)) + { + DEBUG(3,("file_set_dosmode: setgid bit cannot be " + "set for directory %s\n", + smb_fname_str_dbg(smb_fname))); + errno = EPERM; + return -1; + } + + ret = SMB_VFS_FCHMOD(smb_fname->fsp, unixmode); + if (ret == 0) { + goto done; + } + + if((errno != EPERM) && (errno != EACCES)) + return -1; + + if(!lp_dos_filemode(SNUM(conn))) + return -1; + + /* We want DOS semantics, ie allow non owner with write permission to change the + bits on a file. Just like file_ntimes below. + */ + + if (!can_write_to_fsp(smb_fname->fsp)) + { + errno = EACCES; + return -1; + } + + become_root(); + ret = SMB_VFS_FCHMOD(smb_fname->fsp, unixmode); + unbecome_root(); + +done: + if (!newfile) { + notify_fname(conn, NOTIFY_ACTION_MODIFIED, + FILE_NOTIFY_CHANGE_ATTRIBUTES, + smb_fname->base_name); + } + if (ret == 0) { + smb_fname->st.st_ex_mode = unixmode; + } + + return( ret ); +} + + +NTSTATUS file_set_sparse(connection_struct *conn, + files_struct *fsp, + bool sparse) +{ + const struct loadparm_substitution *lp_sub = + loadparm_s3_global_substitution(); + uint32_t old_dosmode; + uint32_t new_dosmode; + NTSTATUS status; + + if (!CAN_WRITE(conn)) { + DEBUG(9,("file_set_sparse: fname[%s] set[%u] " + "on readonly share[%s]\n", + smb_fname_str_dbg(fsp->fsp_name), + sparse, + lp_servicename(talloc_tos(), lp_sub, SNUM(conn)))); + return NT_STATUS_MEDIA_WRITE_PROTECTED; + } + + /* + * Windows Server 2008 & 2012 permit FSCTL_SET_SPARSE if any of the + * following access flags are granted. + */ + if ((fsp->access_mask & (FILE_WRITE_DATA + | FILE_WRITE_ATTRIBUTES + | SEC_FILE_APPEND_DATA)) == 0) { + DEBUG(9,("file_set_sparse: fname[%s] set[%u] " + "access_mask[0x%08X] - access denied\n", + smb_fname_str_dbg(fsp->fsp_name), + sparse, + fsp->access_mask)); + return NT_STATUS_ACCESS_DENIED; + } + + if (fsp->fsp_flags.is_directory) { + DEBUG(9, ("invalid attempt to %s sparse flag on dir %s\n", + (sparse ? "set" : "clear"), + smb_fname_str_dbg(fsp->fsp_name))); + return NT_STATUS_INVALID_PARAMETER; + } + + if (IS_IPC(conn) || IS_PRINT(conn)) { + DEBUG(9, ("attempt to %s sparse flag over invalid conn\n", + (sparse ? "set" : "clear"))); + return NT_STATUS_INVALID_PARAMETER; + } + + if (fsp_is_alternate_stream(fsp)) { + /* + * MS-FSA 2.1.1.5 IsSparse + * + * This is a per stream attribute, but our backends don't + * support it a consistent way, therefor just pretend + * success and ignore the request. + */ + DBG_DEBUG("Ignoring request to set FILE_ATTRIBUTE_SPARSE on " + "[%s]\n", fsp_str_dbg(fsp)); + return NT_STATUS_OK; + } + + DEBUG(10,("file_set_sparse: setting sparse bit %u on file %s\n", + sparse, smb_fname_str_dbg(fsp->fsp_name))); + + if (!lp_store_dos_attributes(SNUM(conn))) { + return NT_STATUS_INVALID_DEVICE_REQUEST; + } + + status = vfs_stat_fsp(fsp); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + old_dosmode = fdos_mode(fsp); + + if (sparse && !(old_dosmode & FILE_ATTRIBUTE_SPARSE)) { + new_dosmode = old_dosmode | FILE_ATTRIBUTE_SPARSE; + } else if (!sparse && (old_dosmode & FILE_ATTRIBUTE_SPARSE)) { + new_dosmode = old_dosmode & ~FILE_ATTRIBUTE_SPARSE; + } else { + return NT_STATUS_OK; + } + + /* Store the DOS attributes in an EA. */ + status = SMB_VFS_FSET_DOS_ATTRIBUTES(conn, fsp, new_dosmode); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + notify_fname(conn, NOTIFY_ACTION_MODIFIED, + FILE_NOTIFY_CHANGE_ATTRIBUTES, + fsp->fsp_name->base_name); + + fsp->fsp_flags.is_sparse = sparse; + + return NT_STATUS_OK; +} + +/******************************************************************* + Wrapper around the VFS ntimes that possibly allows DOS semantics rather + than POSIX. +*******************************************************************/ + +int file_ntimes(connection_struct *conn, + files_struct *fsp, + struct smb_file_time *ft) +{ + int ret = -1; + + errno = 0; + + DBG_INFO("actime: %s", + time_to_asc(convert_timespec_to_time_t(ft->atime))); + DBG_INFO("modtime: %s", + time_to_asc(convert_timespec_to_time_t(ft->mtime))); + DBG_INFO("ctime: %s", + time_to_asc(convert_timespec_to_time_t(ft->ctime))); + DBG_INFO("createtime: %s", + time_to_asc(convert_timespec_to_time_t(ft->create_time))); + + /* Don't update the time on read-only shares */ + /* We need this as set_filetime (which can be called on + close and other paths) can end up calling this function + without the NEED_WRITE protection. Found by : + Leo Weppelman <leo@wau.mis.ah.nl> + */ + + if (!CAN_WRITE(conn)) { + return 0; + } + + if (SMB_VFS_FNTIMES(fsp, ft) == 0) { + return 0; + } + + if((errno != EPERM) && (errno != EACCES)) { + return -1; + } + + if(!lp_dos_filetimes(SNUM(conn))) { + return -1; + } + + /* We have permission (given by the Samba admin) to + break POSIX semantics and allow a user to change + the time on a file they don't own but can write to + (as DOS does). + */ + + /* Check if we have write access. */ + if (can_write_to_fsp(fsp)) { + /* We are allowed to become root and change the filetime. */ + become_root(); + ret = SMB_VFS_FNTIMES(fsp, ft); + unbecome_root(); + } + + return ret; +} + +/****************************************************************** + Force a "sticky" write time on a pathname. This will always be + returned on all future write time queries and set on close. +******************************************************************/ + +bool set_sticky_write_time_path(struct file_id fileid, struct timespec mtime) +{ + if (is_omit_timespec(&mtime)) { + return true; + } + + if (!set_sticky_write_time(fileid, mtime)) { + return false; + } + + return true; +} + +/****************************************************************** + Force a "sticky" write time on an fsp. This will always be + returned on all future write time queries and set on close. +******************************************************************/ + +bool set_sticky_write_time_fsp(struct files_struct *fsp, struct timespec mtime) +{ + if (is_omit_timespec(&mtime)) { + return true; + } + + fsp->fsp_flags.write_time_forced = true; + TALLOC_FREE(fsp->update_write_time_event); + + return set_sticky_write_time_path(fsp->file_id, mtime); +} + +/****************************************************************** + Set a create time EA. +******************************************************************/ + +NTSTATUS set_create_timespec_ea(struct files_struct *fsp, + struct timespec create_time) +{ + uint32_t dosmode; + int ret; + + if (!lp_store_dos_attributes(SNUM(fsp->conn))) { + return NT_STATUS_OK; + } + + dosmode = fdos_mode(fsp); + + fsp->fsp_name->st.st_ex_btime = create_time; + ret = file_set_dosmode(fsp->conn, fsp->fsp_name, dosmode, NULL, false); + if (ret == -1) { + return map_nt_error_from_unix(errno); + } + + DBG_DEBUG("wrote create time EA for file %s\n", + smb_fname_str_dbg(fsp->fsp_name)); + + return NT_STATUS_OK; +} + +/****************************************************************** + Return a create time. +******************************************************************/ + +struct timespec get_create_timespec(connection_struct *conn, + struct files_struct *fsp, + const struct smb_filename *smb_fname) +{ + return smb_fname->st.st_ex_btime; +} + +/****************************************************************** + Return a change time (may look at EA in future). +******************************************************************/ + +struct timespec get_change_timespec(connection_struct *conn, + struct files_struct *fsp, + const struct smb_filename *smb_fname) +{ + return smb_fname->st.st_ex_mtime; +} |