diff options
-rw-r--r-- | source3/auth/auth_util.c | 6 | ||||
-rw-r--r-- | source3/lib/substitute.c | 34 | ||||
-rw-r--r-- | source3/lib/util_unistr.c | 57 | ||||
-rw-r--r-- | source3/rpc_client/cli_ds.c | 4 | ||||
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 10 | ||||
-rw-r--r-- | source3/rpc_client/cli_srvsvc.c | 44 | ||||
-rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 510 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 26 | ||||
-rw-r--r-- | source3/winbindd/winbindd_ads.c | 4 | ||||
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 4 | ||||
-rw-r--r-- | source3/winbindd/winbindd_rpc.c | 8 |
11 files changed, 412 insertions, 295 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 7ef894239e..c0a9e9bc84 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1452,13 +1452,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - if (!(nt_username = unistr2_tdup(mem_ctx, &(info3->uni_user_name)))) { + if (!(nt_username = unistr2_to_ascii_talloc(mem_ctx, &(info3->uni_user_name)))) { /* If the server didn't give us one, just use the one we sent * them */ nt_username = sent_nt_username; } - if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3->uni_logon_dom)))) { + if (!(nt_domain = unistr2_to_ascii_talloc(mem_ctx, &(info3->uni_logon_dom)))) { /* If the server didn't give us one, just use the one we sent * them */ nt_domain = domain; @@ -1620,7 +1620,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, return nt_status; } - result->login_server = unistr2_tdup(result, + result->login_server = unistr2_to_ascii_talloc(result, &(info3->uni_logon_srv)); /* ensure we are never given NULL session keys */ diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index db79a9f2b5..09604f8442 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -831,8 +831,8 @@ static char *alloc_sub_advanced(const char *servicename, const char *user, */ char *talloc_sub_advanced(TALLOC_CTX *mem_ctx, - const char *servicename, const char *user, - const char *connectpath, gid_t gid, + const char *servicename, const char *user, + const char *connectpath, gid_t gid, const char *smb_name, const char *domain_name, const char *str) { @@ -848,13 +848,13 @@ char *talloc_sub_advanced(TALLOC_CTX *mem_ctx, } -void standard_sub_advanced(const char *servicename, const char *user, - const char *connectpath, gid_t gid, +void standard_sub_advanced(const char *servicename, const char *user, + const char *connectpath, gid_t gid, const char *smb_name, const char *domain_name, char *str, size_t len) { char *s; - + s = alloc_sub_advanced(servicename, user, connectpath, gid, smb_name, domain_name, str); @@ -865,19 +865,17 @@ void standard_sub_advanced(const char *servicename, const char *user, } /**************************************************************************** - * Do some standard substitutions in a string. - * ****************************************************************************/ + Do some standard substitutions in a string. +****************************************************************************/ -void standard_sub_conn(connection_struct *conn, char *str, size_t len) +char *standard_sub_conn(TALLOC_CTX *ctx, connection_struct *conn, const char *str) { - char *s; - - s = alloc_sub_advanced(lp_servicename(SNUM(conn)), conn->user, conn->connectpath, - conn->gid, get_smb_user_name(), "", str); - - if ( s ) { - strncpy( str, s, len ); - SAFE_FREE( s ); - } + return talloc_sub_advanced(ctx, + lp_servicename(SNUM(conn)), + conn->user, + conn->connectpath, + conn->gid, + get_smb_user_name(), + "", + str); } - diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c index bd2cd73cc4..49b0b814f7 100644 --- a/source3/lib/util_unistr.c +++ b/source3/lib/util_unistr.c @@ -408,7 +408,7 @@ int rpcstr_push(void *dest, const char *src, size_t dest_len, int flags) /* Converts a string from internal samba format to unicode. Always terminates. * Actually just a wrapper round push_ucs2_talloc(). - */ + */ int rpcstr_push_talloc(TALLOC_CTX *ctx, smb_ucs2_t **dest, const char *src) { @@ -428,6 +428,7 @@ void unistr2_to_ascii(char *dest, const UNISTR2 *str, size_t maxlen) pull_ucs2(NULL, dest, str->buffer, maxlen, str->uni_str_len*2, STR_NOALIGN); } +#if 0 /******************************************************************* Convert a (little-endian) UNISTR3 structure to an ASCII string. ********************************************************************/ @@ -441,53 +442,51 @@ void unistr3_to_ascii(char *dest, const UNISTR3 *str, size_t maxlen) pull_ucs2(NULL, dest, str->str.buffer, maxlen, str->uni_str_len*2, STR_NOALIGN); } +#endif /******************************************************************* - Return a string for displaying a UNISTR2. Guarentees to return a - valid string - "" if nothing else. - Changed to use talloc_tos() under the covers.... JRA. + Duplicate a UNISTR2 string into a null terminated char* + using a talloc context. ********************************************************************/ -const char *unistr2_static(const UNISTR2 *str) +char *unistr2_to_ascii_talloc(TALLOC_CTX *ctx, const UNISTR2 *str) { - size_t ret = (size_t)-1; - char *dest = NULL; + char *s = NULL; - if ((str == NULL) || (str->uni_str_len == 0)) { - return ""; + if (!str || !str->buffer) { + return NULL; } - - ret = pull_ucs2_base_talloc(talloc_tos(), + if (pull_ucs2_base_talloc(ctx, NULL, - &dest, + &s, str->buffer, str->uni_str_len*2, - STR_NOALIGN); - if (ret == (size_t)-1 || dest == NULL) { - return ""; + STR_NOALIGN) == (size_t)-1) { + return NULL; } - - return dest; + return s; } /******************************************************************* - Duplicate a UNISTR2 string into a null terminated char* - using a talloc context. + Return a string for displaying a UNISTR2. Guarentees to return a + valid string - "" if nothing else. + Changed to use talloc_tos() under the covers.... JRA. ********************************************************************/ -char *unistr2_tdup(TALLOC_CTX *ctx, const UNISTR2 *str) +const char *unistr2_static(const UNISTR2 *str) { - char *s; - int maxlen = (str->uni_str_len+1)*4; - if (!str->buffer) { - return NULL; + char *dest = NULL; + + if ((str == NULL) || (str->uni_str_len == 0)) { + return ""; } - s = (char *)TALLOC(ctx, maxlen); /* convervative */ - if (!s) { - return NULL; + + dest = unistr2_to_ascii_talloc(talloc_tos(), str); + if (!dest) { + return ""; } - pull_ucs2(NULL, s, str->buffer, maxlen, str->uni_str_len*2, STR_NOALIGN); - return s; + + return dest; } /******************************************************************* diff --git a/source3/rpc_client/cli_ds.c b/source3/rpc_client/cli_ds.c index 172445409e..71516b89f2 100644 --- a/source3/rpc_client/cli_ds.c +++ b/source3/rpc_client/cli_ds.c @@ -121,13 +121,13 @@ NTSTATUS rpccli_ds_enum_domain_trusts(struct rpc_pipe_client *cli, } if (r.domains.trusts[i].netbios_ptr) { - (*trusts)[i].netbios_domain = unistr2_tdup( mem_ctx, &r.domains.trusts[i].netbios_domain ); + (*trusts)[i].netbios_domain = unistr2_to_ascii_talloc( mem_ctx, &r.domains.trusts[i].netbios_domain ); } else { (*trusts)[i].netbios_domain = NULL; } if (r.domains.trusts[i].dns_ptr) { - (*trusts)[i].dns_domain = unistr2_tdup( mem_ctx, &r.domains.trusts[i].dns_domain ); + (*trusts)[i].dns_domain = unistr2_to_ascii_talloc( mem_ctx, &r.domains.trusts[i].dns_domain ); } else { (*trusts)[i].dns_domain = NULL; } diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 7e3ce04d6c..6abc67fc35 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -573,7 +573,7 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, case 3: if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) { - *domain_name = unistr2_tdup(mem_ctx, + *domain_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id3. uni_domain_name); if (!*domain_name) { @@ -594,7 +594,7 @@ NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli, case 5: if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) { - *domain_name = unistr2_tdup(mem_ctx, + *domain_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id5. uni_domain_name); if (!*domain_name) { @@ -668,7 +668,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, ZERO_STRUCTP(domain_guid); if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) { - *domain_name = unistr2_tdup(mem_ctx, + *domain_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id12 .uni_nb_dom_name); if (!*domain_name) { @@ -676,7 +676,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, } } if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) { - *dns_name = unistr2_tdup(mem_ctx, + *dns_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id12 .uni_dns_dom_name); if (!*dns_name) { @@ -684,7 +684,7 @@ NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli, } } if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) { - *forest_name = unistr2_tdup(mem_ctx, + *forest_name = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.info.id12 .uni_forest_name); if (!*forest_name) { diff --git a/source3/rpc_client/cli_srvsvc.c b/source3/rpc_client/cli_srvsvc.c index 50a68102a3..e5d9b4cdad 100644 --- a/source3/rpc_client/cli_srvsvc.c +++ b/source3/rpc_client/cli_srvsvc.c @@ -126,11 +126,11 @@ WERROR rpccli_srvsvc_net_share_enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem /* Duplicate strings */ - s = unistr2_tdup(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_netname); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_netname); if (s) init_unistr2(&info1->info_1_str.uni_netname, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_remark); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info1[i].info_1_str.uni_remark); if (s) init_unistr2(&info1->info_1_str.uni_remark, s, UNI_STR_TERMINATE); @@ -156,19 +156,19 @@ WERROR rpccli_srvsvc_net_share_enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem /* Duplicate strings */ - s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_netname); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_netname); if (s) init_unistr2(&info2->info_2_str.uni_netname, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_remark); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_remark); if (s) init_unistr2(&info2->info_2_str.uni_remark, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_path); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_path); if (s) init_unistr2(&info2->info_2_str.uni_path, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_passwd); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info2[i].info_2_str.uni_passwd); if (s) init_unistr2(&info2->info_2_str.uni_passwd, s, UNI_STR_TERMINATE); } @@ -193,19 +193,19 @@ WERROR rpccli_srvsvc_net_share_enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem /* Duplicate strings */ - s = unistr2_tdup(mem_ctx, &r.ctr.share.info502[i].info_502_str.uni_netname); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info502[i].info_502_str.uni_netname); if (s) init_unistr2(&info502->info_502_str.uni_netname, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &r.ctr.share.info502[i].info_502_str.uni_remark); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info502[i].info_502_str.uni_remark); if (s) init_unistr2(&info502->info_502_str.uni_remark, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &r.ctr.share.info502[i].info_502_str.uni_path); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info502[i].info_502_str.uni_path); if (s) init_unistr2(&info502->info_502_str.uni_path, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &r.ctr.share.info502[i].info_502_str.uni_passwd); + s = unistr2_to_ascii_talloc(mem_ctx, &r.ctr.share.info502[i].info_502_str.uni_passwd); if (s) init_unistr2(&info502->info_502_str.uni_passwd, s, UNI_STR_TERMINATE); @@ -271,12 +271,12 @@ WERROR rpccli_srvsvc_net_share_get_info(struct rpc_pipe_client *cli, /* Duplicate strings */ - s = unistr2_tdup(mem_ctx, &info1_str->uni_netname); + s = unistr2_to_ascii_talloc(mem_ctx, &info1_str->uni_netname); if (s) init_unistr2(&info1_str->uni_netname, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info1_str->uni_remark); + s = unistr2_to_ascii_talloc(mem_ctx, &info1_str->uni_remark); if (s) init_unistr2(&info1_str->uni_remark, s, UNI_STR_TERMINATE); @@ -294,22 +294,22 @@ WERROR rpccli_srvsvc_net_share_get_info(struct rpc_pipe_client *cli, /* Duplicate strings */ - s = unistr2_tdup(mem_ctx, &info2_str->uni_netname); + s = unistr2_to_ascii_talloc(mem_ctx, &info2_str->uni_netname); if (s) init_unistr2(&info2_str->uni_netname, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info2_str->uni_remark); + s = unistr2_to_ascii_talloc(mem_ctx, &info2_str->uni_remark); if (s) init_unistr2(&info2_str->uni_remark, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info2_str->uni_path); + s = unistr2_to_ascii_talloc(mem_ctx, &info2_str->uni_path); if (s) init_unistr2(&info2_str->uni_path, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info2_str->uni_passwd); + s = unistr2_to_ascii_talloc(mem_ctx, &info2_str->uni_passwd); if (s) init_unistr2(&info2_str->uni_passwd, s, UNI_STR_TERMINATE); @@ -328,22 +328,22 @@ WERROR rpccli_srvsvc_net_share_get_info(struct rpc_pipe_client *cli, /* Duplicate strings */ - s = unistr2_tdup(mem_ctx, &info502_str->uni_netname); + s = unistr2_to_ascii_talloc(mem_ctx, &info502_str->uni_netname); if (s) init_unistr2(&info502_str->uni_netname, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info502_str->uni_remark); + s = unistr2_to_ascii_talloc(mem_ctx, &info502_str->uni_remark); if (s) init_unistr2(&info502_str->uni_remark, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info502_str->uni_path); + s = unistr2_to_ascii_talloc(mem_ctx, &info502_str->uni_path); if (s) init_unistr2(&info502_str->uni_path, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info502_str->uni_passwd); + s = unistr2_to_ascii_talloc(mem_ctx, &info502_str->uni_passwd); if (s) init_unistr2(&info502_str->uni_passwd, s, UNI_STR_TERMINATE); @@ -564,12 +564,12 @@ WERROR rpccli_srvsvc_net_file_enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ /* Duplicate strings */ - if ( (s = unistr2_tdup(mem_ctx, r.ctr.file.info3[i].path)) != NULL ) { + if ( (s = unistr2_to_ascii_talloc(mem_ctx, r.ctr.file.info3[i].path)) != NULL ) { info3->path = TALLOC_P( mem_ctx, UNISTR2 ); init_unistr2(info3->path, s, UNI_STR_TERMINATE); } - if ( (s = unistr2_tdup(mem_ctx, r.ctr.file.info3[i].user)) != NULL ) { + if ( (s = unistr2_to_ascii_talloc(mem_ctx, r.ctr.file.info3[i].user)) != NULL ) { info3->user = TALLOC_P( mem_ctx, UNISTR2 ); init_unistr2(info3->user, s, UNI_STR_TERMINATE); } diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 9788eb5bcc..b034e7cbd3 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -54,14 +54,14 @@ static int pipe_enum_fn( struct db_record *rec, void *p) struct file_enum_count *fenum = (struct file_enum_count *)p; FILE_INFO_3 *f; int i = fenum->count; - pstring fullpath; + char *fullpath = NULL; const char *username; - + if (rec->value.dsize != sizeof(struct pipe_open_rec)) return 0; memcpy(&prec, rec->value.dptr, sizeof(struct pipe_open_rec)); - + if ( !process_exists(prec.pid) ) { return 0; } @@ -72,22 +72,26 @@ static int pipe_enum_fn( struct db_record *rec, void *p) && !strequal(username, fenum->username)) { return 0; } - - snprintf( fullpath, sizeof(fullpath), "\\PIPE\\%s", prec.name ); - + + fullpath = talloc_asprintf(fenum->ctx, "\\PIPE\\%s", prec.name ); + if (!fullpath) { + return 1; + } + f = TALLOC_REALLOC_ARRAY( fenum->ctx, fenum->info, FILE_INFO_3, i+1 ); if ( !f ) { DEBUG(0,("conn_enum_fn: realloc failed for %d items\n", i+1)); return 1; } fenum->info = f; - + init_srv_file_info3( - &fenum->info[i], + &fenum->info[i], (uint32)((procid_to_pid(&prec.pid)<<16) & prec.pnum), - (FILE_READ_DATA|FILE_WRITE_DATA), + (FILE_READ_DATA|FILE_WRITE_DATA), 0, username, fullpath); - + + TALLOC_FREE(fullpath); fenum->count++; return 0; @@ -112,17 +116,17 @@ static WERROR net_enum_pipes( TALLOC_CTX *ctx, const char *username, "failed\n")); return WERR_NOMEM; } - + *info = fenum.info; *count = fenum.count; - + return WERR_OK; } /******************************************************************* ********************************************************************/ -static void enum_file_fn( const struct share_mode_entry *e, +static void enum_file_fn( const struct share_mode_entry *e, const char *sharepath, const char *fname, void *private_data ) { @@ -134,10 +138,10 @@ static void enum_file_fn( const struct share_mode_entry *e, files_struct fsp; struct byte_range_lock *brl; int num_locks = 0; - pstring fullpath; + char *fullpath = NULL; uint32 permissions; const char *username; - + /* If the pid was not found delete the entry from connections.tdb */ if ( !process_exists(e->pid) ) { @@ -150,7 +154,7 @@ static void enum_file_fn( const struct share_mode_entry *e, && !strequal(username, fenum->username)) { return; } - + f = TALLOC_REALLOC_ARRAY( fenum->ctx, fenum->info, FILE_INFO_3, i+1 ); if ( !f ) { DEBUG(0,("conn_enum_fn: realloc failed for %d items\n", i+1)); @@ -159,33 +163,38 @@ static void enum_file_fn( const struct share_mode_entry *e, fenum->info = f; /* need to count the number of locks on a file */ - - ZERO_STRUCT( fsp ); + + ZERO_STRUCT( fsp ); fsp.file_id = e->id; - + if ( (brl = brl_get_locks(NULL,&fsp)) != NULL ) { num_locks = brl->num_locks; - TALLOC_FREE( brl ); + TALLOC_FREE(brl); } - + if ( strcmp( fname, "." ) == 0 ) { - pstr_sprintf( fullpath, "C:%s", sharepath ); + fullpath = talloc_asprintf(fenum->ctx, "C:%s", sharepath ); } else { - pstr_sprintf( fullpath, "C:%s/%s", sharepath, fname ); + fullpath = talloc_asprintf(fenum->ctx, "C:%s/%s", + sharepath, fname ); + } + if (!fullpath) { + return; } string_replace( fullpath, '/', '\\' ); - + /* mask out create (what ever that is) */ permissions = e->share_access & (FILE_READ_DATA|FILE_WRITE_DATA); /* now fill in the FILE_INFO_3 struct */ - init_srv_file_info3( &fenum->info[i], + init_srv_file_info3( &fenum->info[i], e->share_file_id, permissions, num_locks, username, fullpath ); - + + TALLOC_FREE(fullpath); fenum->count++; } @@ -214,11 +223,11 @@ static WERROR net_enum_files( TALLOC_CTX *ctx, const char *username, /******************************************************************* Utility function to get the 'type' of a share from an snum. ********************************************************************/ -static uint32 get_share_type(int snum) +static uint32 get_share_type(int snum) { char *net_name = lp_servicename(snum); int len_net_name = strlen(net_name); - + /* work out the share type */ uint32 type = STYPE_DISKTREE; @@ -231,16 +240,14 @@ static uint32 get_share_type(int snum) return type; } - + /******************************************************************* Fill in a share info level 0 structure. ********************************************************************/ static void init_srv_share_info_0(pipes_struct *p, SRV_SHARE_INFO_0 *sh0, int snum) { - pstring net_name; - - pstrcpy(net_name, lp_servicename(snum)); + const char *net_name = lp_servicename(snum); init_srv_share_info0(&sh0->info_0, net_name); init_srv_share_info0_str(&sh0->info_0_str, net_name); @@ -252,14 +259,22 @@ static void init_srv_share_info_0(pipes_struct *p, SRV_SHARE_INFO_0 *sh0, int sn static void init_srv_share_info_1(pipes_struct *p, SRV_SHARE_INFO_1 *sh1, int snum) { - pstring remark; - char *net_name = lp_servicename(snum); - pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark,sizeof(remark)); + char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum)); - init_srv_share_info1(&sh1->info_1, net_name, get_share_type(snum), remark); - init_srv_share_info1_str(&sh1->info_1_str, net_name, remark); + if (remark) { + remark = standard_sub_conn(p->mem_ctx, + p->conn, + remark); + } + + init_srv_share_info1(&sh1->info_1, + net_name, + get_share_type(snum), + remark ? remark: ""); + init_srv_share_info1_str(&sh1->info_1_str, + net_name, + remark ? remark: ""); } /******************************************************************* @@ -268,33 +283,48 @@ static void init_srv_share_info_1(pipes_struct *p, SRV_SHARE_INFO_1 *sh1, int sn static void init_srv_share_info_2(pipes_struct *p, SRV_SHARE_INFO_2 *sh2, int snum) { - pstring remark; - pstring path; - pstring passwd; + char *remark = NULL; + char *path = NULL; int max_connections = lp_max_connections(snum); uint32 max_uses = max_connections!=0 ? max_connections : 0xffffffff; int count = 0; char *net_name = lp_servicename(snum); - - pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark,sizeof(remark)); - pstrcpy(path, "C:"); - pstrcat(path, lp_pathname(snum)); - /* - * Change / to \\ so that win2k will see it as a valid path. This was added to - * enable use of browsing in win2k add share dialog. - */ + remark = talloc_strdup(p->mem_ctx, lp_comment(snum)); + if (remark) { + remark = standard_sub_conn(p->mem_ctx, + p->conn, + remark); + } + path = talloc_asprintf(p->mem_ctx, + "C:%s", lp_pathname(snum)); - string_replace(path, '/', '\\'); + if (path) { + /* + * Change / to \\ so that win2k will see it as a valid path. + * This was added to enable use of browsing in win2k add + * share dialog. + */ - pstrcpy(passwd, ""); + string_replace(path, '/', '\\'); + } - count = count_current_connections( net_name, False ); - init_srv_share_info2(&sh2->info_2, net_name, get_share_type(snum), - remark, 0, max_uses, count, path, passwd); + count = count_current_connections(net_name, false); + init_srv_share_info2(&sh2->info_2, + net_name, + get_share_type(snum), + remark ? remark : "", + 0, + max_uses, + count, + path ? path : "", + ""); - init_srv_share_info2_str(&sh2->info_2_str, net_name, remark, path, passwd); + init_srv_share_info2_str(&sh2->info_2_str, + net_name, + remark ? remark : "", + path ? path : "", + ""); } /******************************************************************* @@ -319,7 +349,7 @@ static void map_generic_share_sd_bits(SEC_DESC *psd) se_map_generic(&psa->access_mask, &file_generic_mapping); psa->access_mask |= orig_mask; - } + } } /******************************************************************* @@ -328,14 +358,17 @@ static void map_generic_share_sd_bits(SEC_DESC *psd) static void init_srv_share_info_501(pipes_struct *p, SRV_SHARE_INFO_501 *sh501, int snum) { - pstring remark; - const char *net_name = lp_servicename(snum); - pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark, sizeof(remark)); + char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum)); + + if (remark) { + remark = standard_sub_conn(p->mem_ctx, p->conn, remark); + } - init_srv_share_info501(&sh501->info_501, net_name, get_share_type(snum), remark, (lp_csc_policy(snum) << 4)); - init_srv_share_info501_str(&sh501->info_501_str, net_name, remark); + init_srv_share_info501(&sh501->info_501, net_name, get_share_type(snum), + remark ? remark : "", (lp_csc_policy(snum) << 4)); + init_srv_share_info501_str(&sh501->info_501_str, + net_name, remark ? remark : ""); } /******************************************************************* @@ -344,36 +377,47 @@ static void init_srv_share_info_501(pipes_struct *p, SRV_SHARE_INFO_501 *sh501, static void init_srv_share_info_502(pipes_struct *p, SRV_SHARE_INFO_502 *sh502, int snum) { - pstring net_name; - pstring remark; - pstring path; - pstring passwd; - SEC_DESC *sd; - size_t sd_size; + const char *net_name = lp_servicename(snum); + char *path = NULL; + SEC_DESC *sd = NULL; + size_t sd_size = 0; TALLOC_CTX *ctx = p->mem_ctx; - + char *remark = talloc_strdup(ctx, lp_comment(snum));; ZERO_STRUCTP(sh502); - pstrcpy(net_name, lp_servicename(snum)); - pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark,sizeof(remark)); - pstrcpy(path, "C:"); - pstrcat(path, lp_pathname(snum)); - - /* - * Change / to \\ so that win2k will see it as a valid path. This was added to - * enable use of browsing in win2k add share dialog. - */ - - string_replace(path, '/', '\\'); - - pstrcpy(passwd, ""); + if (remark) { + remark = standard_sub_conn(ctx, p->conn, remark); + } + path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum)); + if (path) { + /* + * Change / to \\ so that win2k will see it as a valid path. This was added to + * enable use of browsing in win2k add share dialog. + */ + string_replace(path, '/', '\\'); + } sd = get_share_security(ctx, lp_servicename(snum), &sd_size); - init_srv_share_info502(&sh502->info_502, net_name, get_share_type(snum), remark, 0, 0xffffffff, 1, path, passwd, sd, sd_size); - init_srv_share_info502_str(&sh502->info_502_str, net_name, remark, path, passwd, sd, sd_size); + init_srv_share_info502(&sh502->info_502, + net_name, + get_share_type(snum), + remark ? remark : "", + 0, + 0xffffffff, + 1, + path ? path : "", + "", + sd, + sd_size); + init_srv_share_info502_str(&sh502->info_502_str, + net_name, + remark ? remark : "", + path ? path : "", + "", + sd, + sd_size); } /*************************************************************************** @@ -382,15 +426,17 @@ static void init_srv_share_info_502(pipes_struct *p, SRV_SHARE_INFO_502 *sh502, static void init_srv_share_info_1004(pipes_struct *p, SRV_SHARE_INFO_1004* sh1004, int snum) { - pstring remark; + char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum)); - pstrcpy(remark, lp_comment(snum)); - standard_sub_conn(p->conn, remark, sizeof(remark)); + if (remark) { + remark = standard_sub_conn(p->mem_ctx, p->conn, remark); + } ZERO_STRUCTP(sh1004); - - init_srv_share_info1004(&sh1004->info_1004, remark); - init_srv_share_info1004_str(&sh1004->info_1004_str, remark); + + init_srv_share_info1004(&sh1004->info_1004, remark ? remark : ""); + init_srv_share_info1004_str(&sh1004->info_1004_str, + remark ? remark : ""); } /*************************************************************************** @@ -402,9 +448,9 @@ static void init_srv_share_info_1005(pipes_struct *p, SRV_SHARE_INFO_1005* sh100 sh1005->share_info_flags = 0; if(lp_host_msdfs() && lp_msdfs_root(snum)) - sh1005->share_info_flags |= + sh1005->share_info_flags |= SHARE_1005_IN_DFS | SHARE_1005_DFS_ROOT; - sh1005->share_info_flags |= + sh1005->share_info_flags |= lp_csc_policy(snum) << SHARE_1005_CSC_POLICY_SHIFT; } /*************************************************************************** @@ -422,13 +468,12 @@ static void init_srv_share_info_1006(pipes_struct *p, SRV_SHARE_INFO_1006* sh100 static void init_srv_share_info_1007(pipes_struct *p, SRV_SHARE_INFO_1007* sh1007, int snum) { - pstring alternate_directory_name = ""; uint32 flags = 0; ZERO_STRUCTP(sh1007); - - init_srv_share_info1007(&sh1007->info_1007, flags, alternate_directory_name); - init_srv_share_info1007_str(&sh1007->info_1007_str, alternate_directory_name); + + init_srv_share_info1007(&sh1007->info_1007, flags, ""); + init_srv_share_info1007_str(&sh1007->info_1007_str, ""); } /******************************************************************* @@ -1465,8 +1510,13 @@ WERROR _srv_net_share_get_info(pipes_struct *p, SRV_Q_NET_SHARE_GET_INFO *q_u, S char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname) { - char *ptr = talloc_strdup(ctx, dos_pathname); + char *ptr = NULL; + + if (!dos_pathname) { + return NULL; + } + ptr = talloc_strdup(ctx, dos_pathname); if (!ptr) { return NULL; } @@ -1495,26 +1545,30 @@ char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname) WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, SRV_R_NET_SHARE_SET_INFO *r_u) { struct current_user user; - pstring command; - fstring share_name; - fstring comment; - pstring pathname; + char *command = NULL; + char *share_name = NULL; + char *comment = NULL; + char *pathname = NULL; int type; int snum; int ret; - char *path; + char *path = NULL; SEC_DESC *psd = NULL; SE_PRIV se_diskop = SE_DISK_OPERATOR; bool is_disk_op = False; int max_connections = 0; + TALLOC_CTX *ctx = p->mem_ctx; DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__)); - unistr2_to_ascii(share_name, &q_u->uni_share_name, sizeof(share_name)); + share_name = unistr2_to_ascii_talloc(ctx, &q_u->uni_share_name); + if (!share_name) { + return WERR_NET_NAME_NOT_FOUND; + } r_u->parm_error = 0; - if ( strequal(share_name,"IPC$") + if ( strequal(share_name,"IPC$") || ( lp_enable_asu_support() && strequal(share_name,"ADMIN$") ) || strequal(share_name,"global") ) { @@ -1534,22 +1588,25 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S get_current_user(&user,p); is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); - + /* fail out now if you are not root and not a disk op */ - + if ( user.ut.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; switch (q_u->info_level) { case 1: - pstrcpy(pathname, lp_pathname(snum)); - unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(comment)); + pathname = talloc_strdup(ctx, lp_pathname(snum)); + comment = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info2.info_2_str.uni_remark); type = q_u->info.share.info2.info_2.type; psd = NULL; break; case 2: - unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(comment)); - unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(pathname)); + comment = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info2.info_2_str.uni_remark); + pathname = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info2.info_2_str.uni_path); type = q_u->info.share.info2.info_2.type; max_connections = (q_u->info.share.info2.info_2.max_uses == 0xffffffff) ? 0 : q_u->info.share.info2.info_2.max_uses; psd = NULL; @@ -1563,15 +1620,18 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S break; #endif case 502: - unistr2_to_ascii(comment, &q_u->info.share.info502.info_502_str.uni_remark, sizeof(comment)); - unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(pathname)); + comment = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info502.info_502_str.uni_remark); + pathname = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info502.info_502_str.uni_path); type = q_u->info.share.info502.info_502.type; psd = q_u->info.share.info502.info_502_str.sd; map_generic_share_sd_bits(psd); break; case 1004: - pstrcpy(pathname, lp_pathname(snum)); - unistr2_to_ascii(comment, &q_u->info.share.info1004.info_1004_str.uni_remark, sizeof(comment)); + pathname = talloc_strdup(ctx, lp_pathname(snum)); + comment = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info1004.info_1004_str.uni_remark); type = STYPE_DISKTREE; break; case 1005: @@ -1591,8 +1651,8 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S case 1007: return WERR_ACCESS_DENIED; case 1501: - pstrcpy(pathname, lp_pathname(snum)); - fstrcpy(comment, lp_comment(snum)); + pathname = talloc_strdup(ctx, lp_pathname(snum)); + comment = talloc_strdup(ctx, lp_comment(snum)); psd = q_u->info.share.info1501.sdb->sd; map_generic_share_sd_bits(psd); type = STYPE_DISKTREE; @@ -1605,7 +1665,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S /* We can only modify disk shares. */ if (type != STYPE_DISKTREE) return WERR_ACCESS_DENIED; - + /* Check if the pathname is valid. */ if (!(path = valid_share_pathname(p->mem_ctx, pathname ))) return WERR_OBJECT_PATH_INVALID; @@ -1613,45 +1673,57 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S /* Ensure share name, pathname and comment don't contain '"' characters. */ string_replace(share_name, '"', ' '); string_replace(path, '"', ' '); - string_replace(comment, '"', ' '); + if (comment) { + string_replace(comment, '"', ' '); + } DEBUG(10,("_srv_net_share_set_info: change share command = %s\n", lp_change_share_cmd() ? lp_change_share_cmd() : "NULL" )); /* Only call modify function if something changed. */ - - if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) - || (lp_max_connections(snum) != max_connections) ) - { + + if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) + || (lp_max_connections(snum) != max_connections)) { if (!lp_change_share_cmd() || !*lp_change_share_cmd()) { DEBUG(10,("_srv_net_share_set_info: No change share command\n")); return WERR_ACCESS_DENIED; } - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" %d", - lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment, max_connections ); + command = talloc_asprintf(p->mem_ctx, + "%s \"%s\" \"%s\" \"%s\" \"%s\" %d", + lp_change_share_cmd(), + dyn_CONFIGFILE, + share_name, + path, + comment ? comment : "", + max_connections); + if (!command) { + return WERR_NOMEM; + } DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command )); - + /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/ - - if ( is_disk_op ) + + if (is_disk_op) become_root(); - + if ( (ret = smbrun(command, NULL)) == 0 ) { /* Tell everyone we updated smb.conf. */ message_send_all(smbd_messaging_context(), MSG_SMB_CONF_UPDATED, NULL, 0, NULL); } - + if ( is_disk_op ) unbecome_root(); - + /********* END SeDiskOperatorPrivilege BLOCK *********/ DEBUG(3,("_srv_net_share_set_info: Running [%s] returned (%d)\n", command, ret )); - + + TALLOC_FREE(command); + if ( ret != 0 ) return WERR_ACCESS_DENIED; } else { @@ -1671,24 +1743,24 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S share_name )); } } - + DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__)); return WERR_OK; } /******************************************************************* - Net share add. Call 'add_share_command "sharename" "pathname" + Net share add. Call 'add_share_command "sharename" "pathname" "comment" "max connections = " ********************************************************************/ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_SHARE_ADD *r_u) { struct current_user user; - pstring command; - fstring share_name; - fstring comment; - pstring pathname; + char *command = NULL; + char *share_name = NULL; + char *comment = NULL; + char *pathname = NULL; int type; int snum; int ret; @@ -1697,6 +1769,7 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S SE_PRIV se_diskop = SE_DISK_OPERATOR; bool is_disk_op; int max_connections = 0; + TALLOC_CTX *ctx = p->mem_ctx; DEBUG(5,("_srv_net_share_add: %d\n", __LINE__)); @@ -1706,14 +1779,14 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); - if (user.ut.uid != sec_initial_uid() && !is_disk_op ) + if (user.ut.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_add_share_cmd() || !*lp_add_share_cmd()) { DEBUG(10,("_srv_net_share_add: No add share command\n")); return WERR_ACCESS_DENIED; } - + switch (q_u->info_level) { case 0: /* No path. Not enough info in a level 0 to do anything. */ @@ -1722,9 +1795,12 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S /* Not enough info in a level 1 to do anything. */ return WERR_ACCESS_DENIED; case 2: - unistr2_to_ascii(share_name, &q_u->info.share.info2.info_2_str.uni_netname, sizeof(share_name)); - unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(share_name)); - unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(share_name)); + share_name = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info2.info_2_str.uni_netname); + comment = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info2.info_2_str.uni_remark); + pathname = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info2.info_2_str.uni_path); max_connections = (q_u->info.share.info2.info_2.max_uses == 0xffffffff) ? 0 : q_u->info.share.info2.info_2.max_uses; type = q_u->info.share.info2.info_2.type; break; @@ -1732,9 +1808,12 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S /* No path. Not enough info in a level 501 to do anything. */ return WERR_ACCESS_DENIED; case 502: - unistr2_to_ascii(share_name, &q_u->info.share.info502.info_502_str.uni_netname, sizeof(share_name)); - unistr2_to_ascii(comment, &q_u->info.share.info502.info_502_str.uni_remark, sizeof(share_name)); - unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(share_name)); + share_name = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info502.info_502_str.uni_netname); + comment = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info502.info_502_str.uni_remark); + pathname = unistr2_to_ascii_talloc(ctx, + &q_u->info.share.info502.info_502_str.uni_path); type = q_u->info.share.info502.info_502.type; psd = q_u->info.share.info502.info_502_str.sd; map_generic_share_sd_bits(psd); @@ -1757,48 +1836,60 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S /* check for invalid share names */ - if ( !validate_net_name( share_name, INVALID_SHARENAME_CHARS, sizeof(share_name) ) ) { - DEBUG(5,("_srv_net_name_validate: Bad sharename \"%s\"\n", share_name)); + if (!share_name || !validate_net_name(share_name, + INVALID_SHARENAME_CHARS, + strlen(share_name))) { + DEBUG(5,("_srv_net_name_validate: Bad sharename \"%s\"\n", + share_name ? share_name : "")); return WERR_INVALID_NAME; } - if ( strequal(share_name,"IPC$") || strequal(share_name,"global") - || ( lp_enable_asu_support() && strequal(share_name,"ADMIN$") ) ) - { + if (strequal(share_name,"IPC$") || strequal(share_name,"global") + || (lp_enable_asu_support() && + strequal(share_name,"ADMIN$"))) { return WERR_ACCESS_DENIED; } snum = find_service(share_name); /* Share already exists. */ - if (snum >= 0) + if (snum >= 0) { return WERR_ALREADY_EXISTS; + } /* We can only add disk shares. */ - if (type != STYPE_DISKTREE) + if (type != STYPE_DISKTREE) { return WERR_ACCESS_DENIED; - + } + /* Check if the pathname is valid. */ - if (!(path = valid_share_pathname(p->mem_ctx, pathname ))) + if (!(path = valid_share_pathname(p->mem_ctx, pathname))) { return WERR_OBJECT_PATH_INVALID; + } /* Ensure share name, pathname and comment don't contain '"' characters. */ string_replace(share_name, '"', ' '); string_replace(path, '"', ' '); - string_replace(comment, '"', ' '); - - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" %d", - lp_add_share_cmd(), - dyn_CONFIGFILE, - share_name, - path, - comment, + if (comment) { + string_replace(comment, '"', ' '); + } + + command = talloc_asprintf(ctx, + "%s \"%s\" \"%s\" \"%s\" \"%s\" %d", + lp_add_share_cmd(), + dyn_CONFIGFILE, + share_name, + path, + comment ? comment : "", max_connections); - + if (!command) { + return WERR_NOMEM; + } + DEBUG(10,("_srv_net_share_add: Running [%s]\n", command )); - + /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/ - + if ( is_disk_op ) become_root(); @@ -1810,11 +1901,13 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S if ( is_disk_op ) unbecome_root(); - + /********* END SeDiskOperatorPrivilege BLOCK *********/ DEBUG(3,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret )); + TALLOC_FREE(command); + if ( ret != 0 ) return WERR_ACCESS_DENIED; @@ -1843,29 +1936,33 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S WERROR _srv_net_share_del(pipes_struct *p, SRV_Q_NET_SHARE_DEL *q_u, SRV_R_NET_SHARE_DEL *r_u) { struct current_user user; - pstring command; - fstring share_name; + char *command = NULL; + char *share_name = NULL; int ret; int snum; SE_PRIV se_diskop = SE_DISK_OPERATOR; bool is_disk_op; - struct share_params *params; + struct share_params *params; + TALLOC_CTX *ctx = p->mem_ctx; DEBUG(5,("_srv_net_share_del: %d\n", __LINE__)); - unistr2_to_ascii(share_name, &q_u->uni_share_name, sizeof(share_name)); + share_name = unistr2_to_ascii_talloc(ctx, &q_u->uni_share_name); - if ( strequal(share_name,"IPC$") + if (!share_name) { + return WERR_NET_NAME_NOT_FOUND; + } + if ( strequal(share_name,"IPC$") || ( lp_enable_asu_support() && strequal(share_name,"ADMIN$") ) || strequal(share_name,"global") ) { return WERR_ACCESS_DENIED; } - if (!(params = get_share_params(p->mem_ctx, share_name))) { - return WERR_NO_SUCH_SHARE; - } - + if (!(params = get_share_params(p->mem_ctx, share_name))) { + return WERR_NO_SUCH_SHARE; + } + snum = find_service(share_name); /* No change to printer shares. */ @@ -1876,21 +1973,27 @@ WERROR _srv_net_share_del(pipes_struct *p, SRV_Q_NET_SHARE_DEL *q_u, SRV_R_NET_S is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); - if (user.ut.uid != sec_initial_uid() && !is_disk_op ) + if (user.ut.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) { DEBUG(10,("_srv_net_share_del: No delete share command\n")); return WERR_ACCESS_DENIED; } - - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", - lp_delete_share_cmd(), dyn_CONFIGFILE, lp_servicename(snum)); + + command = talloc_asprintf(ctx, + "%s \"%s\" \"%s\"", + lp_delete_share_cmd(), + dyn_CONFIGFILE, + lp_servicename(snum)); + if (!command) { + return WERR_NOMEM; + } DEBUG(10,("_srv_net_share_del: Running [%s]\n", command )); /********* BEGIN SeDiskOperatorPrivilege BLOCK *********/ - + if ( is_disk_op ) become_root(); @@ -1902,7 +2005,7 @@ WERROR _srv_net_share_del(pipes_struct *p, SRV_Q_NET_SHARE_DEL *q_u, SRV_R_NET_S if ( is_disk_op ) unbecome_root(); - + /********* END SeDiskOperatorPrivilege BLOCK *********/ DEBUG(3,("_srv_net_share_del: Running [%s] returned (%d)\n", command, ret )); @@ -1983,22 +2086,26 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC SEC_DESC *psd = NULL; size_t sd_size; DATA_BLOB null_pw; - pstring filename_in; + char *filename_in = NULL; char *filename = NULL; - pstring qualname; + char *qualname = NULL; files_struct *fsp = NULL; SMB_STRUCT_STAT st; NTSTATUS nt_status; struct current_user user; connection_struct *conn = NULL; bool became_user = False; - TALLOC_CTX *ctx = talloc_tos(); + TALLOC_CTX *ctx = p->mem_ctx; ZERO_STRUCT(st); r_u->status = WERR_OK; - unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname)); + qualname = unistr2_to_ascii_talloc(ctx, &q_u->uni_qual_name); + if (!qualname) { + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } /* Null password is ok - we are already an authenticated user... */ null_pw = data_blob_null; @@ -2022,7 +2129,12 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC } became_user = True; - unistr2_to_ascii(filename_in, &q_u->uni_file_name, sizeof(filename_in)); + filename_in = unistr2_to_ascii_talloc(ctx, &q_u->uni_file_name); + if (!filename_in) { + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } + nt_status = unix_convert(ctx, conn, filename_in, False, &filename, NULL, &st); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(3,("_srv_net_file_query_secdesc: bad pathname %s\n", filename)); @@ -2090,7 +2202,7 @@ error_exit: if (became_user) unbecome_user(); - if (conn) + if (conn) close_cnum(conn, user.vuid); return r_u->status; @@ -2103,9 +2215,9 @@ error_exit: WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_u, SRV_R_NET_FILE_SET_SECDESC *r_u) { - pstring filename_in; + char *filename_in = NULL; char *filename = NULL; - pstring qualname; + char *qualname = NULL; DATA_BLOB null_pw; files_struct *fsp = NULL; SMB_STRUCT_STAT st; @@ -2113,13 +2225,17 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ struct current_user user; connection_struct *conn = NULL; bool became_user = False; - TALLOC_CTX *ctx = talloc_tos(); + TALLOC_CTX *ctx = p->mem_ctx; ZERO_STRUCT(st); r_u->status = WERR_OK; - unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname)); + qualname = unistr2_to_ascii_talloc(ctx, &q_u->uni_qual_name); + if (!qualname) { + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } /* Null password is ok - we are already an authenticated user... */ null_pw = data_blob_null; @@ -2143,7 +2259,12 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ } became_user = True; - unistr2_to_ascii(filename_in, &q_u->uni_file_name, sizeof(filename_in)); + filename_in= unistr2_to_ascii_talloc(ctx, &q_u->uni_file_name); + if (!filename_in) { + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } + nt_status = unix_convert(ctx, conn, filename, False, &filename, NULL, &st); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(3,("_srv_net_file_set_secdesc: bad pathname %s\n", filename)); @@ -2158,7 +2279,6 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_ goto error_exit; } - nt_status = open_file_stat(conn, NULL, filename, &st, &fsp); if ( !NT_STATUS_IS_OK(nt_status) ) { diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 5c5bb97bf6..a89f1bf81a 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -465,7 +465,7 @@ NTSTATUS rpc_info_internals(const DOM_SID *domain_sid, 2, &ctr); if (NT_STATUS_IS_OK(result)) { TALLOC_CTX *ctx = talloc_init("rpc_info_internals"); - d_printf("Domain Name: %s\n", unistr2_tdup(ctx, &ctr.info.inf2.uni_domain)); + d_printf("Domain Name: %s\n", unistr2_to_ascii_talloc(ctx, &ctr.info.inf2.uni_domain)); d_printf("Domain SID: %s\n", sid_str); d_printf("Sequence number: %llu\n", (unsigned long long)ctr.info.inf2.seq_num); d_printf("Num users: %u\n", ctr.info.inf2.num_domain_usrs); @@ -2563,7 +2563,7 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, &ctr))) && (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx, &alias_pol)))) { - description = unistr2_tdup(mem_ctx, + description = unistr2_to_ascii_talloc(mem_ctx, ctr.alias.info3.description.string); } } @@ -2618,7 +2618,7 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid, &ctr))) && (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx, &alias_pol)))) { - description = unistr2_tdup(mem_ctx, + description = unistr2_to_ascii_talloc(mem_ctx, ctr.alias.info3.description.string); } } @@ -3181,11 +3181,11 @@ static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd, /* Duplicate strings */ - s = unistr2_tdup(mem_ctx, &info.share.info1.info_1_str.uni_netname); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info1.info_1_str.uni_netname); if (s) init_unistr2(&info1->info_1_str.uni_netname, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info.share.info1.info_1_str.uni_remark); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info1.info_1_str.uni_remark); if (s) init_unistr2(&info1->info_1_str.uni_remark, s, UNI_STR_TERMINATE); } @@ -3209,19 +3209,19 @@ static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd, /* Duplicate strings */ - s = unistr2_tdup(mem_ctx, &info.share.info2.info_2_str.uni_netname); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_netname); if (s) init_unistr2(&info2->info_2_str.uni_netname, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info.share.info2.info_2_str.uni_remark); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_remark); if (s) init_unistr2(&info2->info_2_str.uni_remark, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info.share.info2.info_2_str.uni_path); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_path); if (s) init_unistr2(&info2->info_2_str.uni_path, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info.share.info2.info_2_str.uni_passwd); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info2.info_2_str.uni_passwd); if (s) init_unistr2(&info2->info_2_str.uni_passwd, s, UNI_STR_TERMINATE); } @@ -3245,19 +3245,19 @@ static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd, /* Duplicate strings */ - s = unistr2_tdup(mem_ctx, &info.share.info502.info_502_str.uni_netname); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_netname); if (s) init_unistr2(&info502->info_502_str.uni_netname, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info.share.info502.info_502_str.uni_remark); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_remark); if (s) init_unistr2(&info502->info_502_str.uni_remark, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info.share.info502.info_502_str.uni_path); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_path); if (s) init_unistr2(&info502->info_502_str.uni_path, s, UNI_STR_TERMINATE); - s = unistr2_tdup(mem_ctx, &info.share.info502.info_502_str.uni_passwd); + s = unistr2_to_ascii_talloc(mem_ctx, &info.share.info502.info_502_str.uni_passwd); if (s) init_unistr2(&info502->info_502_str.uni_passwd, s, UNI_STR_TERMINATE); diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 6549c6d7d2..71ce3dd364 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -440,8 +440,8 @@ static NTSTATUS query_user(struct winbindd_domain *domain, sid_compose(&info->user_sid, &domain->sid, user->user_rid); sid_compose(&info->group_sid, &domain->sid, user->group_rid); - info->acct_name = unistr2_tdup(mem_ctx, &user->uni_user_name); - info->full_name = unistr2_tdup(mem_ctx, &user->uni_full_name); + info->acct_name = unistr2_to_ascii_talloc(mem_ctx, &user->uni_user_name); + info->full_name = unistr2_to_ascii_talloc(mem_ctx, &user->uni_full_name); nss_get_info_cached( domain, sid, mem_ctx, NULL, NULL, &info->homedir, &info->shell, &info->full_name, diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 640eb5a519..4b052a8576 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -129,14 +129,14 @@ static NTSTATUS append_unix_username(TALLOC_CTX *mem_ctx, fstring username_out; const char *nt_username, *nt_domain; - if (!(nt_domain = unistr2_tdup(mem_ctx, + if (!(nt_domain = unistr2_to_ascii_talloc(mem_ctx, &info3->uni_logon_dom))) { /* If the server didn't give us one, just use the one * we sent them */ nt_domain = name_domain; } - if (!(nt_username = unistr2_tdup(mem_ctx, + if (!(nt_username = unistr2_to_ascii_talloc(mem_ctx, &info3->uni_user_name))) { /* If the server didn't give us one, just use the one * we sent them */ diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 55212a84b8..dd45060412 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -436,9 +436,9 @@ static NTSTATUS query_user(struct winbindd_domain *domain, sid_compose(&user_info->group_sid, &domain->sid, user->group_rid); - user_info->acct_name = unistr2_tdup(mem_ctx, + user_info->acct_name = unistr2_to_ascii_talloc(mem_ctx, &user->uni_user_name); - user_info->full_name = unistr2_tdup(mem_ctx, + user_info->full_name = unistr2_to_ascii_talloc(mem_ctx, &user->uni_full_name); TALLOC_FREE(user); @@ -484,9 +484,9 @@ static NTSTATUS query_user(struct winbindd_domain *domain, sid_compose(&user_info->user_sid, &domain->sid, user_rid); sid_compose(&user_info->group_sid, &domain->sid, ctr->info.id21->group_rid); - user_info->acct_name = unistr2_tdup(mem_ctx, + user_info->acct_name = unistr2_to_ascii_talloc(mem_ctx, &ctr->info.id21->uni_user_name); - user_info->full_name = unistr2_tdup(mem_ctx, + user_info->full_name = unistr2_to_ascii_talloc(mem_ctx, &ctr->info.id21->uni_full_name); user_info->homedir = NULL; user_info->shell = NULL; |