diff options
-rw-r--r-- | source3/configure.in | 7 | ||||
-rw-r--r-- | source3/include/rpc_srvsvc.h | 46 | ||||
-rw-r--r-- | source3/libads/kerberos.c | 2 | ||||
-rw-r--r-- | source3/libsmb/async_smb.c | 117 | ||||
-rw-r--r-- | source3/libsmb/clireadwrite.c | 2 | ||||
-rw-r--r-- | source3/libsmb/nmblib.c | 10 | ||||
-rw-r--r-- | source3/libsmb/unexpected.c | 4 | ||||
-rw-r--r-- | source3/rpc_parse/parse_srv.c | 165 | ||||
-rw-r--r-- | source3/rpc_server/srv_srvsvc.c | 46 | ||||
-rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 120 | ||||
-rw-r--r-- | source3/rpcclient/cmd_srvsvc.c | 31 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 2 | ||||
-rw-r--r-- | source3/torture/torture.c | 9 |
13 files changed, 177 insertions, 384 deletions
diff --git a/source3/configure.in b/source3/configure.in index f884d9344a..2e6c109311 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -5341,6 +5341,13 @@ int main() { struct aiocb a; return aio_suspend64(&a, 1, NULL); }], AC_MSG_RESULT(no) ) +if test x"$samba_cv_HAVE_AIO" = x"yes"; then + if test x"$samba_cv_msghdr_msg_control" = x"yes" -o \ + x"$samba_cv_msghdr_msg_acctright" = x"yes"; then + default_shared_modules="$default_shared_modules vfs_aio_fork" + fi +fi + ################################################# # check for sendfile support diff --git a/source3/include/rpc_srvsvc.h b/source3/include/rpc_srvsvc.h index 3ea55bd167..60ad23eb48 100644 --- a/source3/include/rpc_srvsvc.h +++ b/source3/include/rpc_srvsvc.h @@ -652,50 +652,4 @@ typedef struct { WERROR status; } SRV_R_NET_FILE_ENUM; -/* SRV_Q_NET_FILE_QUERY_SECDESC */ -typedef struct q_net_file_query_secdesc -{ - uint32 ptr_srv_name; - UNISTR2 uni_srv_name; - uint32 ptr_qual_name; - UNISTR2 uni_qual_name; - UNISTR2 uni_file_name; - uint32 unknown1; - uint32 unknown2; - uint32 unknown3; -} SRV_Q_NET_FILE_QUERY_SECDESC; - -/* SRV_R_NET_FILE_QUERY_SECDESC */ -typedef struct r_net_file_query_secdesc -{ - uint32 ptr_response; - uint32 size_response; - uint32 ptr_secdesc; - uint32 size_secdesc; - SEC_DESC *sec_desc; - WERROR status; -} SRV_R_NET_FILE_QUERY_SECDESC; - -/* SRV_Q_NET_FILE_SET_SECDESC */ -typedef struct q_net_file_set_secdesc -{ - uint32 ptr_srv_name; - UNISTR2 uni_srv_name; - uint32 ptr_qual_name; - UNISTR2 uni_qual_name; - UNISTR2 uni_file_name; - uint32 sec_info; - uint32 size_set; - uint32 ptr_secdesc; - uint32 size_secdesc; - SEC_DESC *sec_desc; -} SRV_Q_NET_FILE_SET_SECDESC; - -/* SRV_R_NET_FILE_SET_SECDESC */ -typedef struct r_net_file_set_secdesc -{ - WERROR status; -} SRV_R_NET_FILE_SET_SECDESC; - - #endif /* _RPC_SRVSVC_H */ diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index b37b9a500f..ee25fb5551 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -894,6 +894,8 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, DEBUG(0,("create_local_private_krb5_conf_for_domain: smb_mkstemp failed," " for file %s. Errno %s\n", tmpname, strerror(errno) )); + TALLOC_FREE(dname); + return false; } if (fchmod(fd, 0644)==-1) { diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index 21bcd5b9b1..04c22a9d17 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -174,24 +174,72 @@ static void handle_incoming_pdu(struct cli_state *cli) { struct cli_request *req; uint16_t mid; - size_t raw_pdu_len, buf_len, pdu_len; - size_t rest_len; + size_t raw_pdu_len, buf_len, pdu_len, rest_len; + char *pdu; NTSTATUS status; /* * The encrypted PDU len might differ from the unencrypted one */ raw_pdu_len = smb_len(cli->evt_inbuf) + 4; + buf_len = talloc_get_size(cli->evt_inbuf); + rest_len = buf_len - raw_pdu_len; + + if (buf_len == raw_pdu_len) { + /* + * Optimal case: Exactly one PDU was in the socket buffer + */ + pdu = cli->evt_inbuf; + cli->evt_inbuf = NULL; + } + else { + DEBUG(11, ("buf_len = %d, raw_pdu_len = %d, splitting " + "buffer\n", (int)buf_len, (int)raw_pdu_len)); + + if (raw_pdu_len < rest_len) { + /* + * The PDU is shorter, talloc_memdup that one. + */ + pdu = (char *)talloc_memdup( + cli, cli->evt_inbuf, raw_pdu_len); + + memmove(cli->evt_inbuf, cli->evt_inbuf + raw_pdu_len, + buf_len - raw_pdu_len); + + cli->evt_inbuf = TALLOC_REALLOC_ARRAY( + NULL, cli->evt_inbuf, char, rest_len); + + if (pdu == NULL) { + status = NT_STATUS_NO_MEMORY; + goto invalidate_requests; + } + } + else { + /* + * The PDU is larger than the rest, talloc_memdup the + * rest + */ + pdu = cli->evt_inbuf; + + cli->evt_inbuf = (char *)talloc_memdup( + cli, pdu + raw_pdu_len, rest_len); + + if (cli->evt_inbuf == NULL) { + status = NT_STATUS_NO_MEMORY; + goto invalidate_requests; + } + } + + } /* * TODO: Handle oplock break requests */ - if (cli_encryption_on(cli) && CVAL(cli->evt_inbuf, 0) == 0) { + if (cli_encryption_on(cli) && CVAL(pdu, 0) == 0) { uint16_t enc_ctx_num; - status = get_enc_ctx_num((uint8_t *)cli->evt_inbuf, - &enc_ctx_num); + status = get_enc_ctx_num((uint8_t *)pdu, &enc_ctx_num); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("get_enc_ctx_num returned %s\n", nt_errstr(status))); @@ -207,7 +255,7 @@ static void handle_incoming_pdu(struct cli_state *cli) } status = common_decrypt_buffer(cli->trans_enc_state, - cli->evt_inbuf); + pdu); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("common_decrypt_buffer returned %s\n", nt_errstr(status))); @@ -215,13 +263,13 @@ static void handle_incoming_pdu(struct cli_state *cli) } } - if (!cli_check_sign_mac(cli, cli->evt_inbuf)) { + if (!cli_check_sign_mac(cli, pdu)) { DEBUG(10, ("cli_check_sign_mac failed\n")); status = NT_STATUS_ACCESS_DENIED; goto invalidate_requests; } - mid = SVAL(cli->evt_inbuf, smb_mid); + mid = SVAL(pdu, smb_mid); DEBUG(10, ("handle_incoming_pdu: got mid %d\n", mid)); @@ -231,64 +279,17 @@ static void handle_incoming_pdu(struct cli_state *cli) } } - buf_len = talloc_get_size(cli->evt_inbuf); - pdu_len = smb_len(cli->evt_inbuf) + 4; - rest_len = buf_len - raw_pdu_len; + pdu_len = smb_len(pdu) + 4; if (req == NULL) { DEBUG(3, ("Request for mid %d not found, dumping PDU\n", mid)); - memmove(cli->evt_inbuf, cli->evt_inbuf + raw_pdu_len, - buf_len - raw_pdu_len); - - cli->evt_inbuf = TALLOC_REALLOC_ARRAY(NULL, cli->evt_inbuf, - char, rest_len); + TALLOC_FREE(pdu); return; } - if (buf_len == pdu_len) { - /* - * Optimal case: Exactly one PDU was in the socket buffer - */ - req->inbuf = talloc_move(req, &cli->evt_inbuf); - goto done; - } - - DEBUG(11, ("buf_len = %d, pdu_len = %d, splitting buffer\n", - (int)buf_len, (int)pdu_len)); - - if (pdu_len < rest_len) { - /* - * The PDU is shorter, talloc_memdup that one. - */ - req->inbuf = (char *)talloc_memdup( - req, cli->evt_inbuf, pdu_len); - - memmove(cli->evt_inbuf, - cli->evt_inbuf + raw_pdu_len, - buf_len - raw_pdu_len); - - cli->evt_inbuf = TALLOC_REALLOC_ARRAY( - NULL, cli->evt_inbuf, char, rest_len); - } - else { - /* - * The PDU is larger than the rest, - * talloc_memdup the rest - */ - req->inbuf = talloc_move(req, &cli->evt_inbuf); - - cli->evt_inbuf = (char *)talloc_memdup( - cli, req->inbuf + raw_pdu_len, - rest_len); - } - - if ((req->inbuf == NULL) || (cli->evt_inbuf == NULL)) { - status = NT_STATUS_NO_MEMORY; - goto invalidate_requests; - } + req->inbuf = talloc_move(req, &pdu); - done: async_req_done(req->async); return; diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index c618509f01..9bd8170673 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -24,7 +24,7 @@ ****************************************************************************/ static size_t cli_read_max_bufsize(struct cli_state *cli) { - if (!client_is_signing_on(cli) && !cli_encryption_on(cli) == false + if (!client_is_signing_on(cli) && !cli_encryption_on(cli) && (cli->posix_capabilities & CIFS_UNIX_LARGE_READ_CAP)) { return CLI_SAMBA_MAX_POSIX_LARGE_READX_SIZE; } diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c index 15a9a93ff2..bfe5e7b97b 100644 --- a/source3/libsmb/nmblib.c +++ b/source3/libsmb/nmblib.c @@ -849,9 +849,8 @@ static bool send_udp(int fd,char *buf,int len,struct in_addr ip,int port) If buf == NULL this is a length calculation. ******************************************************************/ -static int build_dgram(char *buf, size_t len, struct packet_struct *p) +static int build_dgram(char *buf, size_t len, struct dgram_packet *dgram) { - struct dgram_packet *dgram = &p->packet.dgram; unsigned char *ubuf = (unsigned char *)buf; int offset=0; @@ -926,9 +925,8 @@ bool nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2) If buf == NULL this is a length calculation. ******************************************************************/ -static int build_nmb(char *buf, size_t len, struct packet_struct *p) +static int build_nmb(char *buf, size_t len, struct nmb_packet *nmb) { - struct nmb_packet *nmb = &p->packet.nmb; unsigned char *ubuf = (unsigned char *)buf; int offset=0; @@ -1058,11 +1056,11 @@ int build_packet(char *buf, size_t buflen, struct packet_struct *p) switch (p->packet_type) { case NMB_PACKET: - len = build_nmb(buf,buflen,p); + len = build_nmb(buf,buflen,&p->packet.nmb); break; case DGRAM_PACKET: - len = build_dgram(buf,buflen,p); + len = build_dgram(buf,buflen,&p->packet.dgram); break; } diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c index 5fbc33cdf5..df4d2119e2 100644 --- a/source3/libsmb/unexpected.c +++ b/source3/libsmb/unexpected.c @@ -22,7 +22,7 @@ static TDB_CONTEXT *tdbd = NULL; -/* the key type used in the unexpeceted packet database */ +/* the key type used in the unexpected packet database */ struct unexpected_key { enum packet_type packet_type; time_t timestamp; @@ -32,7 +32,7 @@ struct unexpected_key { /**************************************************************************** All unexpected packets are passed in here, to be stored in a unexpected packet database. This allows nmblookup and other tools to receive packets - erroneoously sent to the wrong port by broken MS systems. + erroneously sent to the wrong port by broken MS systems. **************************************************************************/ void unexpected_packet(struct packet_struct *p) diff --git a/source3/rpc_parse/parse_srv.c b/source3/rpc_parse/parse_srv.c index b4cc08748b..9e42ef6158 100644 --- a/source3/rpc_parse/parse_srv.c +++ b/source3/rpc_parse/parse_srv.c @@ -2692,168 +2692,3 @@ bool srv_io_r_net_disk_enum(const char *desc, SRV_R_NET_DISK_ENUM *r_n, prs_stru return True; } - -/******************************************************************* - Reads or writes a structure. -********************************************************************/ - -bool srv_io_q_net_file_query_secdesc(const char *desc, SRV_Q_NET_FILE_QUERY_SECDESC *q_n, prs_struct *ps, int depth) -{ - if (q_n == NULL) - return False; - - prs_debug(ps, depth, desc, "srv_io_q_net_file_query_secdesc"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name)) - return False; - - if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth)) - return False; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("ptr_qual_name", ps, depth, &q_n->ptr_qual_name)) - return False; - - if(!smb_io_unistr2("", &q_n->uni_qual_name, True, ps, depth)) - return False; - - if(!prs_align(ps)) - return False; - - if(!smb_io_unistr2("", &q_n->uni_file_name, True, ps, depth)) - return False; - - if(!prs_uint32("unknown1", ps, depth, &q_n->unknown1)) - return False; - - if(!prs_uint32("unknown2", ps, depth, &q_n->unknown2)) - return False; - - if(!prs_uint32("unknown3", ps, depth, &q_n->unknown3)) - return False; - - return True; -} - -/******************************************************************* - Reads or writes a structure. -********************************************************************/ - -bool srv_io_r_net_file_query_secdesc(const char *desc, SRV_R_NET_FILE_QUERY_SECDESC *r_n, prs_struct *ps, int depth) -{ - if (r_n == NULL) - return False; - - prs_debug(ps, depth, desc, "srv_io_r_net_file_query_secdesc"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("ptr_response", ps, depth, &r_n->ptr_response)) - return False; - - if(!prs_uint32("size_response", ps, depth, &r_n->size_response)) - return False; - - if(!prs_uint32("ptr_secdesc", ps, depth, &r_n->ptr_secdesc)) - return False; - - if(!prs_uint32("size_secdesc", ps, depth, &r_n->size_secdesc)) - return False; - - if(!sec_io_desc("sec_desc", &r_n->sec_desc, ps, depth)) - return False; - - if(!prs_align(ps)) - return False; - - if(!prs_werror("status", ps, depth, &r_n->status)) - return False; - - return True; -} - -/******************************************************************* - Reads or writes a structure. -********************************************************************/ - -bool srv_io_q_net_file_set_secdesc(const char *desc, SRV_Q_NET_FILE_SET_SECDESC *q_n, prs_struct *ps, int depth) -{ - if (q_n == NULL) - return False; - - prs_debug(ps, depth, desc, "srv_io_q_net_file_set_secdesc"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name)) - return False; - - if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth)) - return False; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("ptr_qual_name", ps, depth, &q_n->ptr_qual_name)) - return False; - - if(!smb_io_unistr2("", &q_n->uni_qual_name, True, ps, depth)) - return False; - - if(!prs_align(ps)) - return False; - - if(!smb_io_unistr2("", &q_n->uni_file_name, True, ps, depth)) - return False; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("sec_info", ps, depth, &q_n->sec_info)) - return False; - - if(!prs_uint32("size_set", ps, depth, &q_n->size_set)) - return False; - - if(!prs_uint32("ptr_secdesc", ps, depth, &q_n->ptr_secdesc)) - return False; - - if(!prs_uint32("size_secdesc", ps, depth, &q_n->size_secdesc)) - return False; - - if(!sec_io_desc("sec_desc", &q_n->sec_desc, ps, depth)) - return False; - - return True; -} - -/******************************************************************* - Reads or writes a structure. -********************************************************************/ - -bool srv_io_r_net_file_set_secdesc(const char *desc, SRV_R_NET_FILE_SET_SECDESC *r_n, prs_struct *ps, int depth) -{ - if (r_n == NULL) - return False; - - prs_debug(ps, depth, desc, "srv_io_r_net_file_set_secdesc"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_werror("status", ps, depth, &r_n->status)) - return False; - - return True; -} diff --git a/source3/rpc_server/srv_srvsvc.c b/source3/rpc_server/srv_srvsvc.c index 1873bcb578..5351f93346 100644 --- a/source3/rpc_server/srv_srvsvc.c +++ b/source3/rpc_server/srv_srvsvc.c @@ -291,28 +291,7 @@ static bool api_srv_net_name_validate(pipes_struct *p) static bool api_srv_net_file_query_secdesc(pipes_struct *p) { - SRV_Q_NET_FILE_QUERY_SECDESC q_u; - SRV_R_NET_FILE_QUERY_SECDESC r_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - /* Unmarshall the net file get info from Win9x */ - if(!srv_io_q_net_file_query_secdesc("", &q_u, data, 0)) { - DEBUG(0,("api_srv_net_file_query_secdesc: Failed to unmarshall SRV_Q_NET_FILE_QUERY_SECDESC.\n")); - return False; - } - - r_u.status = _srv_net_file_query_secdesc(p, &q_u, &r_u); - - if(!srv_io_r_net_file_query_secdesc("", &r_u, rdata, 0)) { - DEBUG(0,("api_srv_net_file_query_secdesc: Failed to marshall SRV_R_NET_FILE_QUERY_SECDESC.\n")); - return False; - } - - return True; + return proxy_srvsvc_call(p, NDR_SRVSVC_NETGETFILESECURITY); } /******************************************************************* @@ -321,28 +300,7 @@ static bool api_srv_net_file_query_secdesc(pipes_struct *p) static bool api_srv_net_file_set_secdesc(pipes_struct *p) { - SRV_Q_NET_FILE_SET_SECDESC q_u; - SRV_R_NET_FILE_SET_SECDESC r_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - /* Unmarshall the net file set info from Win9x */ - if(!srv_io_q_net_file_set_secdesc("", &q_u, data, 0)) { - DEBUG(0,("api_srv_net_file_set_secdesc: Failed to unmarshall SRV_Q_NET_FILE_SET_SECDESC.\n")); - return False; - } - - r_u.status = _srv_net_file_set_secdesc(p, &q_u, &r_u); - - if(!srv_io_r_net_file_set_secdesc("", &r_u, rdata, 0)) { - DEBUG(0,("api_srv_net_file_set_secdesc: Failed to marshall SRV_R_NET_FILE_SET_SECDESC.\n")); - return False; - } - - return True; + return proxy_srvsvc_call(p, NDR_SRVSVC_NETSETFILESECURITY); } /******************************************************************* diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index d45ebb26e6..0d4addde14 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2068,11 +2068,12 @@ WERROR _srvsvc_NetRemoteTOD(pipes_struct *p, } /*********************************************************************************** + _srvsvc_NetGetFileSecurity Win9x NT tools get security descriptor. ***********************************************************************************/ -WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC *q_u, - SRV_R_NET_FILE_QUERY_SECDESC *r_u) +WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, + struct srvsvc_NetGetFileSecurity *r) { SEC_DESC *psd = NULL; size_t sd_size; @@ -2082,18 +2083,20 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC char *qualname = NULL; SMB_STRUCT_STAT st; NTSTATUS nt_status; + WERROR werr; struct current_user user; connection_struct *conn = NULL; bool became_user = False; TALLOC_CTX *ctx = p->mem_ctx; + struct sec_desc_buf *sd_buf; ZERO_STRUCT(st); - r_u->status = WERR_OK; + werr = WERR_OK; - qualname = unistr2_to_ascii_talloc(ctx, &q_u->uni_qual_name); + qualname = talloc_strdup(ctx, r->in.share); if (!qualname) { - r_u->status = WERR_ACCESS_DENIED; + werr = WERR_ACCESS_DENIED; goto error_exit; } @@ -2107,35 +2110,38 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC unbecome_root(); if (conn == NULL) { - DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname)); - r_u->status = ntstatus_to_werror(nt_status); + DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to connect to %s\n", + qualname)); + werr = ntstatus_to_werror(nt_status); goto error_exit; } if (!become_user(conn, conn->vuid)) { - DEBUG(0,("_srv_net_file_query_secdesc: Can't become connected user!\n")); - r_u->status = WERR_ACCESS_DENIED; + DEBUG(0,("_srvsvc_NetGetFileSecurity: Can't become connected user!\n")); + werr = WERR_ACCESS_DENIED; goto error_exit; } became_user = True; - filename_in = unistr2_to_ascii_talloc(ctx, &q_u->uni_file_name); + filename_in = talloc_strdup(ctx, r->in.file); if (!filename_in) { - r_u->status = WERR_ACCESS_DENIED; + werr = WERR_ACCESS_DENIED; goto error_exit; } nt_status = unix_convert(ctx, conn, filename_in, False, &filename, NULL, &st); if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(3,("_srv_net_file_query_secdesc: bad pathname %s\n", filename)); - r_u->status = WERR_ACCESS_DENIED; + DEBUG(3,("_srvsvc_NetGetFileSecurity: bad pathname %s\n", + filename)); + werr = WERR_ACCESS_DENIED; goto error_exit; } nt_status = check_name(conn, filename); if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(3,("_srv_net_file_query_secdesc: can't access %s\n", filename)); - r_u->status = WERR_ACCESS_DENIED; + DEBUG(3,("_srvsvc_NetGetFileSecurity: can't access %s\n", + filename)); + werr = WERR_ACCESS_DENIED; goto error_exit; } @@ -2145,24 +2151,30 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC |DACL_SECURITY_INFORMATION), &psd); if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename)); - r_u->status = ntstatus_to_werror(nt_status); + DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL for file %s\n", + filename)); + werr = ntstatus_to_werror(nt_status); goto error_exit; } sd_size = ndr_size_security_descriptor(psd, 0); - r_u->ptr_response = 1; - r_u->size_response = sd_size; - r_u->ptr_secdesc = 1; - r_u->size_secdesc = sd_size; - r_u->sec_desc = psd; + sd_buf = TALLOC_ZERO_P(ctx, struct sec_desc_buf); + if (!sd_buf) { + werr = WERR_NOMEM; + goto error_exit; + } + + sd_buf->sd_size = sd_size; + sd_buf->sd = psd; + + *r->out.sd_buf = sd_buf; psd->dacl->revision = NT4_ACL_REVISION; unbecome_user(); close_cnum(conn, user.vuid); - return r_u->status; + return werr; error_exit: @@ -2172,15 +2184,16 @@ error_exit: if (conn) close_cnum(conn, user.vuid); - return r_u->status; + return werr; } /*********************************************************************************** + _srvsvc_NetSetFileSecurity Win9x NT tools set security descriptor. ***********************************************************************************/ -WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_u, - SRV_R_NET_FILE_SET_SECDESC *r_u) +WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, + struct srvsvc_NetSetFileSecurity *r) { char *filename_in = NULL; char *filename = NULL; @@ -2189,6 +2202,7 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ files_struct *fsp = NULL; SMB_STRUCT_STAT st; NTSTATUS nt_status; + WERROR werr; struct current_user user; connection_struct *conn = NULL; bool became_user = False; @@ -2196,11 +2210,11 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ ZERO_STRUCT(st); - r_u->status = WERR_OK; + werr = WERR_OK; - qualname = unistr2_to_ascii_talloc(ctx, &q_u->uni_qual_name); + qualname = talloc_strdup(ctx, r->in.share); if (!qualname) { - r_u->status = WERR_ACCESS_DENIED; + werr = WERR_ACCESS_DENIED; goto error_exit; } @@ -2214,35 +2228,35 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ unbecome_root(); if (conn == NULL) { - DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname)); - r_u->status = ntstatus_to_werror(nt_status); + DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to connect to %s\n", qualname)); + werr = ntstatus_to_werror(nt_status); goto error_exit; } if (!become_user(conn, conn->vuid)) { - DEBUG(0,("_srv_net_file_set_secdesc: Can't become connected user!\n")); - r_u->status = WERR_ACCESS_DENIED; + DEBUG(0,("_srvsvc_NetSetFileSecurity: Can't become connected user!\n")); + werr = WERR_ACCESS_DENIED; goto error_exit; } became_user = True; - filename_in= unistr2_to_ascii_talloc(ctx, &q_u->uni_file_name); + filename_in = talloc_strdup(ctx, r->in.file); if (!filename_in) { - r_u->status = WERR_ACCESS_DENIED; + werr = WERR_ACCESS_DENIED; goto error_exit; } nt_status = unix_convert(ctx, conn, filename, False, &filename, NULL, &st); if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(3,("_srv_net_file_set_secdesc: bad pathname %s\n", filename)); - r_u->status = WERR_ACCESS_DENIED; + DEBUG(3,("_srvsvc_NetSetFileSecurity: bad pathname %s\n", filename)); + werr = WERR_ACCESS_DENIED; goto error_exit; } nt_status = check_name(conn, filename); if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(3,("_srv_net_file_set_secdesc: can't access %s\n", filename)); - r_u->status = WERR_ACCESS_DENIED; + DEBUG(3,("_srvsvc_NetSetFileSecurity: can't access %s\n", filename)); + werr = WERR_ACCESS_DENIED; goto error_exit; } @@ -2260,24 +2274,26 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ NULL, &fsp); if ( !NT_STATUS_IS_OK(nt_status) ) { - DEBUG(3,("_srv_net_file_set_secdesc: Unable to open file %s\n", filename)); - r_u->status = ntstatus_to_werror(nt_status); + DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to open file %s\n", filename)); + werr = ntstatus_to_werror(nt_status); goto error_exit; } } - nt_status = SMB_VFS_SET_NT_ACL(fsp, fsp->fsp_name, q_u->sec_info, q_u->sec_desc); + nt_status = SMB_VFS_SET_NT_ACL(fsp, fsp->fsp_name, + r->in.securityinformation, + r->in.sd_buf->sd); if (!NT_STATUS_IS_OK(nt_status) ) { - DEBUG(3,("_srv_net_file_set_secdesc: Unable to set NT ACL on file %s\n", filename)); - r_u->status = WERR_ACCESS_DENIED; + DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL on file %s\n", filename)); + werr = WERR_ACCESS_DENIED; goto error_exit; } close_file(fsp, NORMAL_CLOSE); unbecome_user(); close_cnum(conn, user.vuid); - return r_u->status; + return werr; error_exit: @@ -2293,7 +2309,7 @@ error_exit: close_cnum(conn, user.vuid); } - return r_u->status; + return werr; } /*********************************************************************************** @@ -2582,18 +2598,6 @@ WERROR _srvsvc_NetShareDelCommit(pipes_struct *p, struct srvsvc_NetShareDelCommi return WERR_NOT_SUPPORTED; } -WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, struct srvsvc_NetGetFileSecurity *r) -{ - p->rng_fault_state = True; - return WERR_NOT_SUPPORTED; -} - -WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, struct srvsvc_NetSetFileSecurity *r) -{ - p->rng_fault_state = True; - return WERR_NOT_SUPPORTED; -} - WERROR _srvsvc_NetServerTransportAddEx(pipes_struct *p, struct srvsvc_NetServerTransportAddEx *r) { p->rng_fault_state = True; diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c index 8c85372bf5..25a33baa27 100644 --- a/source3/rpcclient/cmd_srvsvc.c +++ b/source3/rpcclient/cmd_srvsvc.c @@ -604,6 +604,36 @@ static WERROR cmd_srvsvc_net_name_validate(struct rpc_pipe_client *cli, return result; } +static WERROR cmd_srvsvc_net_file_get_sec(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, const char **argv) +{ + WERROR result; + NTSTATUS status; + struct sec_desc_buf *sd_buf = NULL; + + if (argc < 2 || argc > 4) { + printf("Usage: %s [sharename] [file]\n", argv[0]); + return WERR_OK; + } + + status = rpccli_srvsvc_NetGetFileSecurity(cli, mem_ctx, + cli->cli->desthost, + argv[1], + argv[2], + SECINFO_DACL, + &sd_buf, + &result); + + if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) { + goto done; + } + + display_sec_desc(sd_buf->sd); + + done: + return result; +} /* List of commands exported by this module */ @@ -619,6 +649,7 @@ struct cmd_set srvsvc_commands[] = { { "netfileenum", RPC_RTYPE_WERROR, NULL, cmd_srvsvc_net_file_enum, PI_SRVSVC, NULL, "Enumerate open files", "" }, { "netremotetod",RPC_RTYPE_WERROR, NULL, cmd_srvsvc_net_remote_tod, PI_SRVSVC, NULL, "Fetch remote time of day", "" }, { "netnamevalidate", RPC_RTYPE_WERROR, NULL, cmd_srvsvc_net_name_validate, PI_SRVSVC, NULL, "Validate sharename", "" }, + { "netfilegetsec", RPC_RTYPE_WERROR, NULL, cmd_srvsvc_net_file_get_sec, PI_SRVSVC, NULL, "Get File security", "" }, { NULL } }; diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index dc908846b3..008ffed5a1 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3189,7 +3189,7 @@ cap_low = 0x%x, cap_high = 0x%x\n", } DEBUG( 4,("call_trans2setfsinfo: " - "request transport encrption.\n")); + "request transport encryption.\n")); status = srv_request_encryption_setup(conn, (unsigned char **)ppdata, diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 8d67e512fe..d8add208f5 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -5502,6 +5502,7 @@ static void usage(void) int gotpass = 0; bool correct = True; TALLOC_CTX *frame = talloc_stackframe(); + int seed = time(NULL); dbf = x_stdout; @@ -5547,8 +5548,6 @@ static void usage(void) argc--; argv++; - srandom(time(NULL)); - fstrcpy(workgroup, lp_workgroup()); while ((opt = getopt(argc, argv, "p:hW:U:n:N:O:o:m:Ld:Aec:ks:b:")) != EOF) { @@ -5557,7 +5556,7 @@ static void usage(void) port_to_use = atoi(optarg); break; case 's': - srandom(atoi(optarg)); + seed = atoi(optarg); break; case 'W': fstrcpy(workgroup,optarg); @@ -5620,6 +5619,10 @@ static void usage(void) } } + d_printf("using seed %d\n", seed); + + srandom(seed); + if(use_kerberos && !gotuser) gotpass = True; while (!gotpass) { |