Previously, access() and eaccess() does not determine the permissions
for files on samba/SMB share correctly. Even if the user logs-in as
the owner of the file, access() and eaccess() referes to others'
permissions. With this patch, to determine the permissions correctly,
NtOpenFile() with desired access mask is used.
Fixes: cf762b08cfb0 ("* security.cc (check_file_access): Create.")
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
init_reopen_attr() doesn't guard against a NULL handle. However,
there are scenarios calling functions deliberately with a NULL handle,
for instance, av::setup() calling check_file_access() only if opening
the file did NOT succeed.
So check for a NULL handle in init_reopen_attr() and if so, use the
name based approach filling the OBJECT_ATTRIBUTES struct, just as in
the has_buggy_reopen() case.
Fixes: 4c9d01fdad2a ("* mount.h (class fs_info): Add has_buggy_reopen flag and accessor methods.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add FILE_OPEN_NO_RECALL to NtOpenFile calls trying to fetch
or write file security descriptors so as not to recall them
from offline storage inadvertently.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When creating the POSIX ACL rewrite, the code merging permissions from
everyone/group to group/user ACEs was accidentally called for newly
generated files as well.
This could result in broken permissions, if umask used unusual values
like "0100", granted permissions to everyone/group not granted to
group/user.
Make sure to skip permission merging if the file got just created and
we only want to set correct permissions for the first time.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Reported-by: Jon Turney <jon.turney@dronecode.org.uk>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Avoid the mistake fixed in the preceeding commit by passing
the mode_t argument by reference. This also affects a couple
other functions calling get_posix_access in turn.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL changes.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Older coreutils created directories with mode bits filtered through
umask. Newer coreutils creates directories with full permissions,
0777 by default.
This new coreutils behaviour uncovered the fact that default ACEs for
newly created directories were not filtered by umask starting with
commit bc444e5aa4ca.
Fix it by applying umask on the default ACEs.
Fixes: bc444e5aa4ca ("Reapply POSIX ACL change.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far we use a single muto to guard three different datastructures
inside class authz_ctx: the authz HANDLE, the user context HANDLE
and the context cache list. Split the single muto into three
independent SRWLOCKs and guard all datastrcutures as necessary to
avoid thread contention.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
