From: Ralph Boehme <slow@samba.org>
Date: Fri, 2 Feb 2024 11:04:10 +0000 (+0100)
Subject: s3/lib: add per-user support to set_namearray()
X-Git-Tag: tdb-1.4.11~60
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b8b2f218352a8432293b74f297be608d4ec4f782;p=thirdparty%2Fsamba.git

s3/lib: add per-user support to set_namearray()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/docs-xml/smbdotconf/filename/hidefiles.xml b/docs-xml/smbdotconf/filename/hidefiles.xml
index d4e3da39ee6..f93885e43a3 100644
--- a/docs-xml/smbdotconf/filename/hidefiles.xml
+++ b/docs-xml/smbdotconf/filename/hidefiles.xml
@@ -13,6 +13,16 @@
 	and '?' can be used to specify multiple files or directories 
 	as in DOS wildcards.</para>
 
+	<para>
+	If a file or directory name is prefixed by &quot;../USERNAME/&quot;
+	or &quot;../GROUPNAME/&quot;, then the subsequent filename is only hidden for the
+	given user or group. Instead of specifying users or groups by name, they
+	can also be specified by SID.
+	</para>
+
+	<para>User and group names use the same format as <smbconfoption
+	name="valid users"/>.</para>
+
 	<para>Each entry must be a Unix path, not a DOS path and must 
 	not include the Unix directory separator '/'.</para>
 
@@ -34,6 +44,12 @@
 	An example of us of this parameter is:
 <programlisting>
 hide files = /.*/DesktopFolderDB/TrashFor%m/resource.frk/
+
+; Hide some files for anyone and some files for specific users and groups
+hide files = hideforall1/../joe/hideforuserjoe/hideforall2/../students/hideforstudents/hideforall3
+hide files = ../UNIVERSITY\Alumnis/somefile.txt/../john@university.org/anotherfile.txt
+hide files = ../S-1-5-21-123-456-789-1000/secretfile.txt
+
 </programlisting>
 	</para>
 </description>
diff --git a/docs-xml/smbdotconf/filename/vetofiles.xml b/docs-xml/smbdotconf/filename/vetofiles.xml
index 11bb51e6c76..e47490ee49d 100644
--- a/docs-xml/smbdotconf/filename/vetofiles.xml
+++ b/docs-xml/smbdotconf/filename/vetofiles.xml
@@ -11,7 +11,18 @@
 	</para>
 
 	<para>
-	Each entry must be a unix path, not a DOS path and must <emphasis>not</emphasis> include the  
+	If a file or directory name is prefixed by &quot;../USERNAME/&quot;
+	or &quot;../GROUPNAME/&quot;, then the subsequent filename is only hidden for the
+	given user or group. Instead of specifying users or groups by name, they
+	can also be specified by SID.
+	</para>
+
+	<para>User and group names use the same format as <smbconfoption
+	name="valid users"/>.</para>
+
+	<para>
+	Each filename must be a unix path, not a DOS path and must
+	<emphasis>not</emphasis> include the
 	unix directory 	separator '/'.
 	</para>
 
@@ -39,6 +50,11 @@
 ; word root.
 veto files = /*Security*/*.tmp/*root*/
 
+; Veto some files for anyone and some files for specific users and groups
+veto files = /vetoforall1/../USER/vetoforuser/vetoforall2/../GROUP/vetoforgroup/vetoforall3/
+veto files = ../UNIVERSITY\Alumnis/somefile.txt/../john@university.org/anotherfile.txt
+veto files = ../S-1-5-21-123-456-789-1000/secretfile.txt
+
 ; Veto the Apple specific files that a NetAtalk server
 ; creates.
 veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6ec4b802eac..b8e4b7de0f5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -326,6 +326,7 @@ bool token_contains_name(TALLOC_CTX *mem_ctx,
 			 const char *name);
 void set_namearray(TALLOC_CTX *mem_ctx,
 		   const char *namelist,
+		   const struct security_token *token,
 		   struct name_compare_entry **_name_array);
 bool fcntl_lock(int fd, int op, off_t offset, off_t count, int type);
 bool fcntl_getlock(int fd, int op, off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid);
diff --git a/source3/lib/util_namearray.c b/source3/lib/util_namearray.c
index 0054ecbfac7..3d74410bea6 100644
--- a/source3/lib/util_namearray.c
+++ b/source3/lib/util_namearray.c
@@ -172,6 +172,7 @@ bool token_contains_name(TALLOC_CTX *mem_ctx,
 
 void set_namearray(TALLOC_CTX *mem_ctx,
 		   const char *namelist_in,
+		   const struct security_token *token,
 		   struct name_compare_entry **_name_array)
 {
 	struct name_compare_entry *name_array = NULL;
@@ -213,6 +214,39 @@ void set_namearray(TALLOC_CTX *mem_ctx,
 			continue;
 		}
 
+		if (ISDOTDOT(p) && token != NULL) {
+			const char *username = NULL;
+			bool match;
+
+			/* Get the username */
+			p = strv_next(namelist, p);
+			if (p == NULL) {
+				DBG_ERR("Missing username\n");
+				TALLOC_FREE(namelist);
+				return;
+			}
+			username = p;
+
+			/* Get the filename */
+			p = strv_next(namelist, p);
+			if (p == NULL) {
+				DBG_ERR("Missing filename after username '%s'\n",
+					username);
+				TALLOC_FREE(namelist);
+				return;
+			}
+
+			match = token_contains_name(talloc_tos(),
+						    NULL,
+						    NULL,
+						    NULL,
+						    token,
+						    username);
+			if (!match) {
+				continue;
+			}
+		}
+
 		e->name = p;
 		e->is_wild = ms_has_wild(e->name);
 		e++;
diff --git a/source3/modules/vfs_virusfilter.c b/source3/modules/vfs_virusfilter.c
index 471eff94e89..dbf069e1bc4 100644
--- a/source3/modules/vfs_virusfilter.c
+++ b/source3/modules/vfs_virusfilter.c
@@ -257,6 +257,7 @@ static int virusfilter_vfs_connect(
 	if (exclude_files != NULL) {
 		set_namearray(config,
 			      exclude_files,
+			      NULL,
 			      &config->exclude_files);
 	}
 
@@ -265,6 +266,7 @@ static int virusfilter_vfs_connect(
 	if (infected_files != NULL) {
 		set_namearray(config,
 			      infected_files,
+			      NULL,
 			      &config->infected_files);
 	}
 
diff --git a/source3/smbd/smb2_service.c b/source3/smbd/smb2_service.c
index 9e0065ea900..e8f1a0db26c 100644
--- a/source3/smbd/smb2_service.c
+++ b/source3/smbd/smb2_service.c
@@ -755,9 +755,11 @@ NTSTATUS make_connection_snum(struct smbXsrv_connection *xconn,
 	if (!IS_IPC(conn) && !IS_PRINT(conn)) {
 		set_namearray(conn,
 			      lp_veto_oplock_files(talloc_tos(), lp_sub, snum),
+			      NULL,
 			      &conn->veto_oplock_list);
 		set_namearray(conn,
 			      lp_aio_write_behind(talloc_tos(), lp_sub, snum),
+			      NULL,
 			      &conn->aio_write_behind_list);
 	}
 	smb_fname_cpath = synthetic_smb_fname(talloc_tos(),
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index b93818e02d4..78ad8d6e7c2 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -273,9 +273,11 @@ static bool check_user_ok(connection_struct *conn,
 	if (!IS_IPC(conn) && !IS_PRINT(conn)) {
 		set_namearray(conn,
 			      lp_veto_files(talloc_tos(), lp_sub, snum),
+			      session_info->security_token,
 			      &ent->veto_list);
 		set_namearray(conn,
 			      lp_hide_files(talloc_tos(), lp_sub, snum),
+			      session_info->security_token,
 			      &ent->hide_list);
 	}
 
diff --git a/source3/torture/test_matching.c b/source3/torture/test_matching.c
index 2b867fb37de..715271c2b56 100644
--- a/source3/torture/test_matching.c
+++ b/source3/torture/test_matching.c
@@ -66,7 +66,7 @@ bool run_str_match_mswild(int dummy)
 
 	d_fprintf(stderr, "namelist: %s\n", namelist);
 
-	set_namearray(talloc_tos(), namelist, &name_entries);
+	set_namearray(talloc_tos(), namelist, NULL, &name_entries);
 	SMB_ASSERT(name_entries != NULL);
 
 	status = samba_path_matching_mswild_create(talloc_tos(),
diff --git a/source3/wscript_build b/source3/wscript_build
index 64969dbbefa..0c0fbe85032 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -318,6 +318,7 @@ bld.SAMBA3_SUBSYSTEM('samba3-namearray',
                           lib/util_namearray.c
                           ''',
                    deps='''
+                        samba-passdb
                         ''')
 
 if bld.env.with_ctdb: