From 7147125e9fc76d115d6eb997e1663c5b7e6c26ef Mon Sep 17 00:00:00 2001 From: Uri Simchoni Date: Tue, 5 Dec 2017 20:49:03 +0200 Subject: [PATCH 1/2] pysmbd: fix use of sysacl API Fix pysmbd to use the sysacl (POSIX ACL support) as intended, and not assume too much about the inner structure and implementation of the permissions in the sysacl API. This will allow the inner structure to change in a following commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13176 Signed-off-by: Uri Simchoni --- source3/smbd/pysmbd.c | 43 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index fca8f10..06a02cb 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -224,6 +224,39 @@ static NTSTATUS get_nt_acl_conn(TALLOC_CTX *mem_ctx, return status; } +static int set_acl_entry_perms(SMB_ACL_ENTRY_T entry, mode_t perm_mask) +{ + SMB_ACL_PERMSET_T perms = NULL; + + if (sys_acl_get_permset(entry, &perms) != 0) { + return -1; + } + + if (sys_acl_clear_perms(perms) != 0) { + return -1; + } + + if ((perm_mask & SMB_ACL_READ) != 0 && + sys_acl_add_perm(perms, SMB_ACL_READ) != 0) { + return -1; + } + + if ((perm_mask & SMB_ACL_WRITE) != 0 && + sys_acl_add_perm(perms, SMB_ACL_WRITE) != 0) { + return -1; + } + + if ((perm_mask & SMB_ACL_EXECUTE) != 0 && + sys_acl_add_perm(perms, SMB_ACL_EXECUTE) != 0) { + return -1; + } + + if (sys_acl_set_permset(entry, perms) != 0) { + return -1; + } + + return 0; +} static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode) { @@ -251,7 +284,7 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode) return NULL; } - if (sys_acl_set_permset(entry, &mode_user) != 0) { + if (set_acl_entry_perms(entry, mode_user) != 0) { TALLOC_FREE(frame); return NULL; } @@ -266,7 +299,7 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode) return NULL; } - if (sys_acl_set_permset(entry, &mode_group) != 0) { + if (set_acl_entry_perms(entry, mode_group) != 0) { TALLOC_FREE(frame); return NULL; } @@ -281,7 +314,7 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode) return NULL; } - if (sys_acl_set_permset(entry, &mode_other) != 0) { + if (set_acl_entry_perms(entry, mode_other) != 0) { TALLOC_FREE(frame); return NULL; } @@ -302,7 +335,7 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode) return NULL; } - if (sys_acl_set_permset(entry, &mode_group) != 0) { + if (set_acl_entry_perms(entry, mode_group) != 0) { TALLOC_FREE(frame); return NULL; } @@ -318,7 +351,7 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode) return NULL; } - if (sys_acl_set_permset(entry, &mode) != 0) { + if (set_acl_entry_perms(entry, mode) != 0) { TALLOC_FREE(frame); return NULL; } -- 2.9.5 From 4bf32d3fb0e33b3c8c184b674b3e94ef9fd4f628 Mon Sep 17 00:00:00 2001 From: Uri Simchoni Date: Tue, 5 Dec 2017 20:56:49 +0200 Subject: [PATCH 2/2] sysacls: change datatypes to 32 bits The SMB_ACL_PERMSET_T and SMB_ACL_PERM_T were defined as mode_t, which is 16-bits on some (non-Linux) systems. That created a bug on big-endian systems. Changing to 32 bits fixes that. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13176 Signed-off-by: Uri Simchoni --- source3/include/smb_acls.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/include/smb_acls.h b/source3/include/smb_acls.h index 3ac23db..fd47c1c 100644 --- a/source3/include/smb_acls.h +++ b/source3/include/smb_acls.h @@ -26,8 +26,8 @@ struct vfs_handle_struct; struct files_struct; typedef int SMB_ACL_TYPE_T; -typedef mode_t *SMB_ACL_PERMSET_T; -typedef mode_t SMB_ACL_PERM_T; +typedef uint32_t *SMB_ACL_PERMSET_T; +typedef uint32_t SMB_ACL_PERM_T; typedef enum smb_acl_tag_t SMB_ACL_TAG_T; typedef struct smb_acl_t *SMB_ACL_T; -- 2.9.5