The Samba-Bugzilla – Attachment 10341 Details for
Bug 10430
VFS_WORM: Deleting/modifying files is possible from Linux client
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
New patch for worm
worm.diff (text/plain), 6.83 KB, created by
Mikhail Skorzhinskiy
on 2014-10-10 13:45:43 UTC
(
hide
)
Description:
New patch for worm
Filename:
MIME Type:
Creator:
Mikhail Skorzhinskiy
Created:
2014-10-10 13:45:43 UTC
Size:
6.83 KB
patch
obsolete
>diff --git a/source3/modules/vfs_worm.c b/source3/modules/vfs_worm.c >index 3097419..eff81ce 100644 >--- a/source3/modules/vfs_worm.c >+++ b/source3/modules/vfs_worm.c >@@ -22,77 +22,173 @@ > #include "system/filesys.h" > #include "libcli/security/security.h" > >+const uint32_t write_access_flags = >+ FILE_WRITE_DATA | FILE_APPEND_DATA | >+ FILE_WRITE_ATTRIBUTES | DELETE_ACCESS | >+ WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS; >+ >+/* >+ * Helpers >+ */ >+ >+static bool is_readonly(vfs_handle_struct *handle, const struct smb_filename *smb_fname) >+{ >+ bool readonly = false; >+ >+ if (VALID_STAT(smb_fname->st)) { >+ double age; >+ age = timespec_elapsed(&smb_fname->st.st_ex_ctime); >+ int grace_period = lp_parm_int(SNUM(handle->conn), "conn", >+ "grace_period", 3600); >+ if (age > grace_period) { >+ readonly = true; >+ } >+ } >+ >+ return readonly; >+} >+ >+static NTSTATUS filename_to_smb_filename_convert(connection_struct *conn, >+ const char *filename, >+ struct smb_filename **smb_fname) >+{ >+ NTSTATUS status; >+ TALLOC_CTX *ctx = talloc_tos(); >+ char *name = talloc_strdup(ctx, filename); >+ >+ if (!name) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ unix_format(name); >+ name = unix_clean_name(ctx, name); >+ if (!name) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ trim_string(name, "/", "/"); >+ >+ status = unix_convert(ctx, conn, name, smb_fname, 0); >+ if (!NT_STATUS_IS_OK(status)) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ return NT_STATUS_OK; >+} >+ >+/* >+ * Wrappers >+ */ >+ > static NTSTATUS vfs_worm_create_file(vfs_handle_struct *handle, >- struct smb_request *req, >- uint16_t root_dir_fid, >- struct smb_filename *smb_fname, >- uint32_t access_mask, >- uint32_t share_access, >- uint32_t create_disposition, >- uint32_t create_options, >- uint32_t file_attributes, >- uint32_t oplock_request, >- struct smb2_lease *lease, >- uint64_t allocation_size, >- uint32_t private_flags, >- struct security_descriptor *sd, >- struct ea_list *ea_list, >- files_struct **result, >- int *pinfo) >+ struct smb_request *req, >+ uint16_t root_dir_fid, >+ struct smb_filename *smb_fname, >+ uint32_t access_mask, >+ uint32_t share_access, >+ uint32_t create_disposition, >+ uint32_t create_options, >+ uint32_t file_attributes, >+ uint32_t oplock_request, >+ struct smb2_lease *lease, >+ uint64_t allocation_size, >+ uint32_t private_flags, >+ struct security_descriptor *sd, >+ struct ea_list *ea_list, >+ files_struct **result, >+ int *pinfo) > { >- bool readonly = false; >- const uint32_t write_access_flags = >- FILE_WRITE_DATA | FILE_APPEND_DATA | >- FILE_WRITE_ATTRIBUTES | DELETE_ACCESS | >- WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS; >- NTSTATUS status; >- >- if (VALID_STAT(smb_fname->st)) { >- double age; >- age = timespec_elapsed(&smb_fname->st.st_ex_ctime); >- if (age > lp_parm_int(SNUM(handle->conn), "worm", >- "grace_period", 3600)) { >- readonly = true; >- } >- } >- >- if (readonly && (access_mask & write_access_flags)) { >- return NT_STATUS_ACCESS_DENIED; >- } >- >- status = SMB_VFS_NEXT_CREATE_FILE( >- handle, req, root_dir_fid, smb_fname, access_mask, >- share_access, create_disposition, create_options, >- file_attributes, oplock_request, lease, allocation_size, >- private_flags, sd, ea_list, result, pinfo); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- >- /* >- * Access via MAXIMUM_ALLOWED_ACCESS? >- */ >- if (readonly && ((*result)->access_mask & write_access_flags)) { >- close_file(req, *result, NORMAL_CLOSE); >- return NT_STATUS_ACCESS_DENIED; >- } >- return NT_STATUS_OK; >+ bool readonly = false; >+ >+ if (readonly && (access_mask & write_access_flags)) { >+ return NT_STATUS_ACCESS_DENIED; >+ } >+ >+ NTSTATUS status = SMB_VFS_NEXT_CREATE_FILE( >+ handle, req, root_dir_fid, smb_fname, access_mask, >+ share_access, create_disposition, create_options, >+ file_attributes, oplock_request, lease, allocation_size, >+ private_flags, sd, ea_list, result, pinfo); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ >+ /* >+ * Access via MAXIMUM_ALLOWED_ACCESS? >+ */ >+ if (readonly && ((*result)->access_mask & write_access_flags)) { >+ close_file(req, *result, NORMAL_CLOSE); >+ return NT_STATUS_ACCESS_DENIED; >+ } >+ return NT_STATUS_OK; > } > >+static int vfs_worm_open(vfs_handle_struct *handle, >+ struct smb_filename *smb_fname, >+ files_struct *fsp, int flags, mode_t mode) >+{ >+ bool readonly = is_readonly(handle, smb_fname); >+ >+ if (readonly && (fsp->access_mask & write_access_flags)) { >+ errno = EACCES; >+ return -1; >+ } >+ >+ return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode); >+} >+ >+static int vfs_worm_ntimes(vfs_handle_struct *handle, >+ const struct smb_filename *smb_fname, >+ struct smb_file_time *ft) >+{ >+ bool readonly = is_readonly(handle, smb_fname); >+ >+ if (readonly) { >+ errno = EACCES; >+ return -1; >+ } >+ >+ return SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft); >+} >+ >+static int vfs_worm_chmod(vfs_handle_struct *handle, const char *file_name, mode_t mode) >+{ >+ struct smb_filename *smb_fname; >+ bool readonly = 1; >+ >+ NTSTATUS status = filename_to_smb_filename_convert(handle->conn, file_name, &smb_fname); >+ >+ if (NT_STATUS_IS_OK(status)) { >+ readonly = is_readonly(handle, smb_fname); >+ } >+ >+ if (readonly) { >+ errno = EACCES; >+ return -1; >+ } >+ >+ return SMB_VFS_NEXT_CHMOD(handle, file_name, mode); >+} >+ >+/* >+ * Init && pointers table >+ */ >+ > static struct vfs_fn_pointers vfs_worm_fns = { >- .create_file_fn = vfs_worm_create_file, >+ .create_file_fn = vfs_worm_create_file, >+ .open_fn = vfs_worm_open, >+ .ntimes_fn = vfs_worm_ntimes, >+ .chmod_fn = vfs_worm_chmod > }; > > NTSTATUS vfs_worm_init(void); > NTSTATUS vfs_worm_init(void) > { >- NTSTATUS ret; >+ NTSTATUS ret; > >- ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "worm", >- &vfs_worm_fns); >- if (!NT_STATUS_IS_OK(ret)) { >- return ret; >- } >+ ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "worm", >+ &vfs_worm_fns); >+ if (!NT_STATUS_IS_OK(ret)) { >+ return ret; >+ } > >- return ret; >+ return ret; > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 10430
:
10267
| 10341