From e9aa7049f43714d3dadcfbb2aa5c5939121cba6e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 18 Mar 2011 16:45:08 +0100 Subject: [PATCH 1/2] s3:smbd: access checks should not depend on share mode flags metze (cherry picked from commit f0ec69b53544b7ff702f94d58b3d64c33eaabc7a) (cherry picked from commit dca75c8e3ac23256d93269bdc13d1e67571bc9f2) --- source3/smbd/open.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index bd748f9..0d585cf 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2944,7 +2944,6 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, if (lp_acl_check_permissions(SNUM(conn)) && (create_disposition != FILE_CREATE) - && (share_access & FILE_SHARE_DELETE) && (access_mask & DELETE_ACCESS) && (!(can_delete_file_in_directory(conn, smb_fname) || can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) { -- 1.7.0.4 From 702b45f3b7a73ca8a68f468834fe38b2bb6a09c8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 21 Mar 2011 14:15:32 +0100 Subject: [PATCH 2/2] s3:util_seaccess: make sure that we don't grant SEC_STD_DELETE to the owner by default In the file server SEC_STD_DELETE is granted on the file/directory or by FILE_DELETE_CHILD on the parent directory. metze (similar to commit c7d10179108a3ae8af15c838042294f3fdced03c) --- source3/lib/util_seaccess.c | 24 +++++++++++------------- 1 files changed, 11 insertions(+), 13 deletions(-) diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 369f684..058bf32 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -112,9 +112,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, unsigned i; if (is_sid_in_token(token, sd->owner_sid)) { - granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; - } else if (user_has_privileges(token, &se_restore)) { - granted |= SEC_STD_DELETE; + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; } if (sd->dacl == NULL) { @@ -171,7 +169,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, access_desired |= access_check_max_allowed(sd, token); access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED; *access_granted = access_desired; - bits_remaining = access_desired & ~SEC_STD_DELETE; + bits_remaining = access_desired; DEBUG(10,("se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n", orig_access_desired, @@ -187,22 +185,22 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, } } - /* a NULL dacl allows access */ - if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { - *access_granted = access_desired; - return NT_STATUS_OK; - } - - /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */ - if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) && + /* the owner always gets SEC_STD_WRITE_DAC and SEC_STD_READ_CONTROL */ + if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) && is_sid_in_token(token, sd->owner_sid)) { - bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); + bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); } if ((bits_remaining & SEC_STD_DELETE) && user_has_privileges(token, &se_restore)) { bits_remaining &= ~SEC_STD_DELETE; } + /* a NULL dacl allows access */ + if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { + *access_granted = access_desired; + return NT_STATUS_OK; + } + if (sd->dacl == NULL) { goto done; } -- 1.7.0.4