From 17f0456b9ff06450bc9ee4e0d03bcb34ea39aea9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 14 Mar 2019 18:20:06 +1300 Subject: [PATCH] pysmbd: Move umask manipuations out of init_files_struct() and into callers Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012 and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and restore tools, which needed to write files with full metadata). This in turn avoids leaving init_files_struct() without resetting the umask to the original, saved, value. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett --- source3/smbd/pysmbd.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index fd0c9fd46a7..77f1ee63602 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -122,7 +122,6 @@ static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx, { struct smb_filename *smb_fname = NULL; int ret; - mode_t saved_umask; struct files_struct *fsp; fsp = talloc_zero(mem_ctx, struct files_struct); @@ -135,15 +134,10 @@ static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx, } fsp->conn = conn; - /* we want total control over the permissions on created files, - so set our umask to 0 */ - saved_umask = umask(0); - smb_fname = synthetic_smb_fname_split(fsp, fname, lp_posix_pathnames()); if (smb_fname == NULL) { - umask(saved_umask); return NT_STATUS_NO_MEMORY; } @@ -151,7 +145,6 @@ static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx, fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, 00644); if (fsp->fh->fd == -1) { int err = errno; - umask(saved_umask); if (err == ENOENT) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } @@ -164,7 +157,6 @@ static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx, DEBUG(0,("Error doing fstat on open file %s (%s)\n", smb_fname_str_dbg(smb_fname), strerror(errno) )); - umask(saved_umask); return map_nt_error_from_unix(errno); } @@ -191,8 +183,12 @@ static NTSTATUS set_nt_acl_conn(const char *fname, TALLOC_CTX *frame = talloc_stackframe(); struct files_struct *fsp = NULL; NTSTATUS status = NT_STATUS_OK; + mode_t saved_umask; - /* first, try to open it as a file with flag O_RDWR */ + /* + * first, try to open it as a file with flag O_RDWR. No need + * to save the umask here, as O_CREAT is not specified + */ status = init_files_struct(frame, fname, conn, @@ -217,7 +213,14 @@ static NTSTATUS set_nt_acl_conn(const char *fname, return status; } + /* we want total control over the permissions on created files, + so set our umask to 0 */ + saved_umask = umask(0); + status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, sd); + + umask(saved_umask); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned %s.\n", nt_errstr(status))); } @@ -849,6 +852,7 @@ static PyObject *py_smbd_create_file(PyObject *self, PyObject *args, PyObject *k struct connection_struct *conn = NULL; struct files_struct *fsp = NULL; NTSTATUS status; + mode_t saved_umask; if (!PyArg_ParseTupleAndKeywords(args, kwargs, @@ -867,11 +871,17 @@ static PyObject *py_smbd_create_file(PyObject *self, PyObject *args, PyObject *k return NULL; } + /* we want total control over the permissions on created files, + so set our umask to 0 */ + saved_umask = umask(0); + status = init_files_struct(frame, fname, conn, O_CREAT|O_EXCL|O_RDWR, &fsp); + umask(saved_umask); + if (!NT_STATUS_IS_OK(status)) { DBG_ERR("init_files_struct failed: %s\n", nt_errstr(status)); -- 2.11.0