Fix access denied opening files quering dos attributes

zentyal · Feb 25, 2014 · c87ed99 · c87ed99
1 parent bc06031
commit c87ed99
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 13 deletions.
diff --git a/main/samba/ChangeLog b/main/samba/ChangeLog
@@ -1,4 +1,6 @@
 HEAD
+	+ Fix NT_STATUS_ACCESS_DENIED opening files quering the DOS attributes
+	  and passing them to open function
 	+ Set OpenChange as not provisioned when Samba is reprovisioned
 	+ Added a way to check whether we are managing the AD schema or not
 	+ Samba provision failures when IPs are not set no longer talk

diff --git a/main/samba/debian/precise/control b/main/samba/debian/precise/control
@@ -16,10 +16,10 @@ Depends: zentyal-core (>= 3.2), zentyal-core (<< 3.3), zentyal-network,
          libdate-calc-perl, libnet-dns-perl, rsync, acl,
          libauthen-krb5-easy-perl (>= 0.91-1),
          libclamav-client-perl, libnet-ntp-perl, libuuid-perl,
-         libfile-libmagic-perl, libsamba-perl (>= 0.10),
+         libfile-libmagic-perl, libsamba-perl (>= 0.11),
          libparse-recdescent-perl, libxs-object-magic-perl,
          libdata-hexdumper-perl, libsys-filesystem-perl,
-         samba4 (>= 4.1.3-zentyal2), ${misc:Depends}
+         samba4 (>= 4.1.5-zentyal1), ${misc:Depends}
 Description: Zentyal - File Sharing and Domain Services
  Zentyal is a Linux small business server that can act as
  a Gateway, Unified Threat Manager, Office Server, Infrastructure

diff --git a/main/samba/src/EBox/Samba/GPO.pm b/main/samba/src/EBox/Samba/GPO.pm
@@ -37,6 +37,7 @@ use Data::UUID;
 use Fcntl;
 use Error qw( :try );
 use Net::LDAP::Control;
+use Samba::Smb qw(NTCREATEX_DISP_OVERWRITE_IF FILE_ATTRIBUTE_NORMAL);
 use Samba::Security::Descriptor;
 
 use constant STATUS_ENABLED                 => 0x00;
@@ -418,8 +419,12 @@ sub create
 
         $smb->mkdir("$path\\USER");
         $smb->mkdir("$path\\MACHINE");
-        my $fd = $smb->open("$path\\GPT.INI", O_CREAT | O_RDWR | O_TRUNC,
-            Samba::Smb::DENY_NONE);
+        my $openParams = {
+            open_disposition => NTCREATEX_DISP_OVERWRITE_IF,
+            access_mask => SEC_RIGHTS_FILE_ALL,
+            file_attr => FILE_ATTRIBUTE_NORMAL,
+        };
+        my $fd = $smb->open("$path\\GPT.INI", $openParams);
         $smb->write($fd, $gptContent, length($gptContent));
         $smb->close($fd);
     } otherwise {
@@ -536,8 +541,16 @@ sub extensionUpdate
     }
 
     # Update GPT.INI file
-    my $fd = $smb->open($gptIniPath,
-        O_CREAT | O_RDWR | O_TRUNC, Samba::Smb::DENY_NONE);
+    my $openParams = {
+        open_disposition => NTCREATEX_DISP_OVERWRITE_IF,
+        access_mask => SEC_RIGHTS_FILE_ALL,
+        file_attr => FILE_ATTRIBUTE_NORMAL,
+    };
+    if ($smb->chkpath($gptIniPath)) {
+        my $finfo = $smb->getattr($gptIniPath);
+        $openParams->{file_attr} = $finfo->{mode};
+    }
+    my $fd = $smb->open($gptIniPath, $openParams);
     my $gptContent;
     foreach my $section (keys %{$data}) {
         my $wrote;

diff --git a/main/samba/src/EBox/Samba/SmbClient.pm b/main/samba/src/EBox/Samba/SmbClient.pm
@@ -29,7 +29,8 @@ use Error qw(:try);
 use Fcntl qw(O_RDONLY O_CREAT O_TRUNC O_RDWR);
 use Samba::Credentials;
 use Samba::LoadParm;
-use Samba::Smb;
+use Samba::Security::Descriptor;
+use Samba::Smb qw(NTCREATEX_DISP_OVERWRITE_IF NTCREATEX_DISP_OPEN FILE_ATTRIBUTE_NORMAL);
 
 sub new
 {
@@ -86,11 +87,21 @@ sub read_file
 {
     my ($self, $path) = @_;
 
+    unless ($self->chkpath($path)) {
+        throw EBox::Exceptions::External("chkpath: Failed. File does not exists.");
+    }
+
     # Open file and get the size
-    my $fd = $self->open($path, O_RDONLY, Samba::Smb::DENY_NONE);
-    my $finfo = $self->getattr($fd);
+    my $finfo = $self->getattr($path);
     my $fileSize = $finfo->{size};
 
+    my $openParams = {
+        open_disposition => NTCREATEX_DISP_OPEN,
+        file_attr => $finfo->{mode},
+        access_mask => SEC_RIGHTS_FILE_READ,
+    };
+    my $fd = $self->open($path, $openParams);
+
     # Read to buffer
     my $buffer;
     my $chunkSize = 4096;
@@ -116,9 +127,17 @@ sub write_file
 {
     my ($self, $dst, $buffer) = @_;
 
-    my $openFlags = O_CREAT | O_TRUNC | O_RDWR;
-    my $fd = $self->open($dst, $openFlags, Samba::Smb::DENY_NONE);
+    my $openParams = {
+        open_disposition => NTCREATEX_DISP_OVERWRITE_IF,
+        access_mask => SEC_RIGHTS_FILE_ALL,
+        file_attr => FILE_ATTRIBUTE_NORMAL,
+    };
+    if ($self->chkpath($dst)) {
+        my $finfo = $self->getattr($dst);
+        $openParams->{file_attr} = $finfo->{mode},
+    }
 
+    my $fd = $self->open($dst, $openParams);
     my $size = length ($buffer);
     my $wrote = $self->write($fd, $buffer, $size);
     if ($wrote == -1) {
@@ -145,8 +164,16 @@ sub copy_file_to_smb
     my $pendingBytes = $srcSize;
     my $writtenBytes = 0;
 
-    my $openFlags = O_CREAT | O_TRUNC | O_RDWR;
-    my $fd = $self->open($dst, $openFlags, Samba::Smb::DENY_NONE);
+    my $openParams = {
+        open_disposition => NTCREATEX_DISP_OVERWRITE_IF,
+        access_mask => SEC_RIGHTS_FILE_ALL,
+        file_attr => FILE_ATTRIBUTE_NORMAL,
+    };
+    if ($self->chkpath($dst)) {
+        my $finfo = $self->getattr($dst);
+        $openParams->{file_attr} = $finfo->{mode},
+    }
+    my $fd = $self->open($dst, $openParams);
     my $ret = open(SRC, $src);
     if ($ret == 0) {
         throw EBox::Exceptions::Internal("Can not open $src: $!");