diff options
32 files changed, 302 insertions, 427 deletions
diff --git a/lib/replace/README b/lib/replace/README index 108534d29b..26383bc89a 100644 --- a/lib/replace/README +++ b/lib/replace/README @@ -46,6 +46,8 @@ mkdtemp mkstemp (a secure one!) pread pwrite +chown +lchown getpass readline (the library) inet_ntoa @@ -65,6 +67,10 @@ freeifaddrs utime utimes dup2 +link +readlink +symlink +realpath Types: bool diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4 index 6c72cf8a2c..30d7017d0f 100644 --- a/lib/replace/libreplace.m4 +++ b/lib/replace/libreplace.m4 @@ -108,7 +108,7 @@ AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror) AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename) AC_CHECK_FUNCS(waitpid strlcpy strlcat initgroups memmove strdup) AC_CHECK_FUNCS(pread pwrite strndup strcasestr strtok_r mkdtemp dup2) -AC_CHECK_FUNCS(isatty) +AC_CHECK_FUNCS(isatty chown lchown link readlink symlink realpath) AC_HAVE_DECL(setresuid, [#include <unistd.h>]) AC_HAVE_DECL(setresgid, [#include <unistd.h>]) AC_HAVE_DECL(errno, [#include <errno.h>]) diff --git a/lib/replace/replace.c b/lib/replace/replace.c index 4aa84b886d..78c688d50c 100644 --- a/lib/replace/replace.c +++ b/lib/replace/replace.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. replacement routines for broken systems Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Jelmer Vernooij 2005-2008 ** NOTE! The following LGPL license applies to the replace ** library. This does NOT imply that all of Samba is released @@ -623,3 +624,54 @@ int rep_dup2(int oldfd, int newfd) } #endif +#ifndef HAVE_CHOWN +/** +chown isn't used much but OS/2 doesn't have it +**/ +int rep_chown(const char *fname, uid_t uid, gid_t gid) +{ + errno = ENOSYS; + return -1; +} +#endif + +#ifndef HAVE_LINK +int rep_link(const char *oldpath, const char *newpath) +{ + errno = ENOSYS; + return -1; +} +#endif + +#ifndef HAVE_READLINK +int rep_readlink(const char *path, char *buf, size_t bufsiz) +{ + errno = ENOSYS; + return -1; +} +#endif + +#ifndef HAVE_SYMLINK +int rep_symlink(const char *oldpath, const char *newpath) +{ + errno = ENOSYS; + return -1; +} +#endif + +#ifndef HAVE_LCHOWN +int rep_lchown(const char *fname,uid_t uid,gid_t gid) +{ + errno = ENOSYS; + return -1; +} +#endif + +#ifndef HAVE_REALPATH +char *rep_realpath(const char *path, char *resolved_path) +{ + /* As realpath is not a system call we can't return ENOSYS. */ + errno = EINVAL; + return NULL; +} +#endif diff --git a/lib/replace/replace.h b/lib/replace/replace.h index 70b29722bf..8483d934d8 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -215,6 +215,41 @@ int rep_seteuid(uid_t); int rep_setegid(gid_t); #endif +#ifndef HAVE_CHOWN +#define chown rep_chown +int rep_chown(const char *path, uid_t uid, gid_t gid); +#endif + +#ifndef HAVE_CHROOT +#define chroot rep_chroot +int rep_chroot(const char *dirname); +#endif + +#ifndef HAVE_LINK +#define link rep_link +int rep_link(const char *oldpath, const char *newpath); +#endif + +#ifndef HAVE_READLINK +#define readlink rep_readlink +int rep_readlink(const char *path, char *buf, size_t bufsize); +#endif + +#ifndef HAVE_SYMLINK +#define symlink rep_symlink +int rep_symlink(const char *oldpath, const char *newpath); +#endif + +#ifndef HAVE_REALPATH +#define realpath rep_realpath +char *rep_realpath(const char *path, char *resolved_path); +#endif + +#ifndef HAVE_LCHOWN +#define lchown rep_lchown +int rep_lchown(const char *fname,uid_t uid,gid_t gid); +#endif + #ifndef HAVE_SETLINEBUF #define setlinebuf rep_setlinebuf void rep_setlinebuf(FILE *); diff --git a/lib/util/util.h b/lib/util/util.h index 6a341b218d..66861fba8b 100644 --- a/lib/util/util.h +++ b/lib/util/util.h @@ -49,12 +49,22 @@ extern const char *panic_action; /** * assert macros */ +#ifdef DEVELOPER #define SMB_ASSERT(b) do { if (!(b)) { \ - DEBUG(0,("PANIC: assert failed at %s(%d)\n", __FILE__, __LINE__)); \ - smb_panic("assert failed"); }} while (0) + DEBUG(0,("PANIC: assert failed at %s(%d): %s\n", \ + __FILE__, __LINE__, #b)), smb_panic("assert failed: " #b); }} while(0) +#else +/* redefine the assert macro for non-developer builds */ +#define SMB_ASSERT(b) do { if (!(b)) { \ + DEBUG(0,("PANIC: assert failed at %s(%d): %s\n", \ + __FILE__, __LINE__, #b)); }} while (0) +#endif -#if defined(VALGRIND) +#if _SAMBA_BUILD_ == 4 +#ifdef VALGRIND #define strlen(x) valgrind_strlen(x) +size_t valgrind_strlen(const char *s); +#endif #endif #include "../lib/util/memory.h" @@ -69,10 +79,12 @@ _PUBLIC_ void call_backtrace(void); **/ _PUBLIC_ _NORETURN_ void smb_panic(const char *why); +#if _SAMBA_BUILD_ == 4 /** setup our fault handlers **/ _PUBLIC_ void fault_setup(const char *pname); +#endif /** register a fault handler. @@ -168,12 +180,14 @@ _PUBLIC_ char *generate_random_str_list(TALLOC_CTX *mem_ctx, size_t len, const c _PUBLIC_ char *generate_random_str(TALLOC_CTX *mem_ctx, size_t len); /* The following definitions come from lib/util/dprintf.c */ +#if _SAMBA_BUILD_ == 4 _PUBLIC_ void d_set_iconv(smb_iconv_t); _PUBLIC_ int d_vfprintf(FILE *f, const char *format, va_list ap) PRINTF_ATTRIBUTE(2,0); _PUBLIC_ int d_fprintf(FILE *f, const char *format, ...) PRINTF_ATTRIBUTE(2,3); _PUBLIC_ int d_printf(const char *format, ...) PRINTF_ATTRIBUTE(1,2); _PUBLIC_ void display_set_stderr(void); +#endif /* The following definitions come from lib/util/util_str.c */ @@ -256,7 +270,6 @@ _PUBLIC_ void all_string_sub(char *s,const char *pattern,const char *insert, siz Unescape a URL encoded string, in place. **/ _PUBLIC_ void rfc1738_unescape(char *buf); -size_t valgrind_strlen(const char *s); /** format a string into length-prefixed dotted domain format, as used in NBT @@ -286,11 +299,6 @@ limited by 'n' bytes _PUBLIC_ size_t ascii_len_n(const char *src, size_t n); /** - Return a string representing a CIFS attribute for a file. -**/ -_PUBLIC_ char *attrib_string(TALLOC_CTX *mem_ctx, uint32_t attrib); - -/** Set a boolean variable from the text value stored in the passed string. Returns true in success, false if the passed string does not correctly represent a boolean. @@ -306,10 +314,12 @@ _PUBLIC_ bool set_boolean(const char *boolean_string, bool *boolean); */ _PUBLIC_ bool conv_str_bool(const char * str, bool * val); +#if _SAMBA_BUILD_ == 4 /** * Convert a size specification like 16K into an integral number of bytes. **/ _PUBLIC_ bool conv_str_size(const char * str, uint64_t * val); +#endif /** * Parse a uint64_t value from a string @@ -354,7 +364,9 @@ _PUBLIC_ bool strequal(const char *s1, const char *s2); /* The following definitions come from lib/util/util_strlist.c */ /* separators for lists */ +#ifndef LIST_SEP #define LIST_SEP " \t,\n\r" +#endif /** build a null terminated list of strings from a input string and a @@ -642,6 +654,7 @@ _PUBLIC_ int sys_fsusage(const char *path, uint64_t *dfree, uint64_t *dsize); * @brief MS-style Filename matching */ +#if _SAMBA_BUILD_ == 4 /* protocol types. It assumes that higher protocols include lower protocols as subsets. FIXME: Move to one of the smb-specific headers */ enum protocol_types { @@ -658,6 +671,7 @@ int ms_fnmatch(const char *pattern, const char *string, enum protocol_types prot /** a generic fnmatch function - uses for non-CIFS pattern matching */ int gen_fnmatch(const char *pattern, const char *string); +#endif /* The following definitions come from lib/util/mutex.c */ @@ -707,10 +721,12 @@ _PUBLIC_ int idr_remove(struct idr_context *idp, int id); /* The following definitions come from lib/util/become_daemon.c */ +#if _SAMBA_BUILD_ == 4 /** Become a daemon, discarding the controlling terminal. **/ _PUBLIC_ void become_daemon(bool fork); +#endif /** * Load a ini-style file. diff --git a/lib/util/util_ldb.h b/lib/util/util_ldb.h index 43f98ae1a9..f9eb028916 100644 --- a/lib/util/util_ldb.h +++ b/lib/util/util_ldb.h @@ -1,6 +1,8 @@ #ifndef __LIB_UTIL_UTIL_LDB_H__ #define __LIB_UTIL_UTIL_LDB_H__ +struct ldb_dn; + /* The following definitions come from lib/util/util_ldb.c */ int gendb_search_v(struct ldb_context *ldb, diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index a313a2ccee..690f406081 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -138,9 +138,9 @@ interface security /* combinations of standard masks. */ const int STANDARD_RIGHTS_ALL_ACCESS = SEC_STD_ALL; /* 0x001f0000 */ - const int STANDARD_RIGHTS_MODIFY_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */ - const int STANDARD_RIGHTS_EXECUTE_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */ - const int STANDARD_RIGHTS_READ_ACCESS = SEC_STD_READ_CONTROLS; /* 0x00020000 */ + const int STANDARD_RIGHTS_MODIFY_ACCESS = SEC_STD_READ_CONTROL; /* 0x00020000 */ + const int STANDARD_RIGHTS_EXECUTE_ACCESS = SEC_STD_READ_CONTROL; /* 0x00020000 */ + const int STANDARD_RIGHTS_READ_ACCESS = SEC_STD_READ_CONTROL; /* 0x00020000 */ const int STANDARD_RIGHTS_WRITE_ACCESS = (SEC_STD_WRITE_OWNER | SEC_STD_WRITE_DAC | diff --git a/source3/configure.in b/source3/configure.in index a59fe32aff..c2a5d1a75f 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1025,20 +1025,20 @@ if test x"$ac_cv_func_execl" = x"no"; then EXTRA_BIN_PROGS="$EXTRA_BIN_PROGS bin/smbrun\$(EXEEXT)" fi -AC_CHECK_FUNCS(waitpid getcwd strdup strndup strnlen strerror chown fchown lchown chmod fchmod chroot link mknod mknod64) +AC_CHECK_FUNCS(waitpid getcwd strdup strndup strnlen strerror fchown chmod fchmod mknod mknod64) AC_CHECK_FUNCS(strtol strtoll strtoul strtoull strtouq __strtoull) AC_CHECK_FUNCS(fstat strchr chflags) AC_CHECK_FUNCS(getrlimit fsync fdatasync memset strlcpy strlcat setpgid) AC_CHECK_FUNCS(memmove setsid glob strpbrk pipe crypt16 getauthuid) AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent) -AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf realpath) +AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf) AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate chsize stat64 fstat64) AC_CHECK_FUNCS(lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64) AC_CHECK_FUNCS(fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf) AC_CHECK_FUNCS(opendir64 readdir64 seekdir64 telldir64 rewinddir64 closedir64) AC_CHECK_FUNCS(getpwent_r) AC_CHECK_FUNCS(getdents getdents64) -AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink) +AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl) AC_CHECK_FUNCS(syslog vsyslog timegm) AC_CHECK_FUNCS(setlocale nl_langinfo) AC_CHECK_FUNCS(nanosleep) diff --git a/source3/include/includes.h b/source3/include/includes.h index 24e33c1720..73600e379b 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -572,6 +572,7 @@ extern void *cmdline_lp_ctx; struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx); /* Lists, trees, caching, database... */ +#include "../lib/util/util.h" #include "../lib/util/xfile.h" #include "../lib/util/memory.h" #include "../lib/util/attr.h" @@ -619,6 +620,7 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx); #include "msdfs.h" #include "rap.h" #include "../lib/crypto/md5.h" +#include "../lib/crypto/md4.h" #include "../lib/crypto/arcfour.h" #include "../lib/crypto/crc32.h" #include "../lib/crypto/hmacmd5.h" diff --git a/source3/include/proto.h b/source3/include/proto.h index 6e0bde3a14..9d7d76e539 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -542,7 +542,6 @@ int cancel_named_event(struct event_context *event_ctx, void dump_event_list(struct event_context *event_ctx); /* The following definitions come from lib/fault.c */ - void fault_setup(void (*fn)(void *)); void dump_core_setup(const char *progname); @@ -555,10 +554,6 @@ const char *file_id_string_tos(const struct file_id *id); void push_file_id_16(char *buf, const struct file_id *id); void pull_file_id_16(char *buf, struct file_id *id); -/* The following definitions come from lib/fsusage.c */ - -int sys_fsusage(const char *path, uint64_t *dfree, uint64_t *dsize); - /* The following definitions come from lib/gencache.c */ bool gencache_init(void); @@ -573,13 +568,6 @@ void gencache_iterate(void (*fn)(const char* key, const char *value, time_t time int gencache_lock_entry( const char *key ); void gencache_unlock_entry( const char *key ); -/* The following definitions come from lib/genrand.c */ - -void set_rand_reseed_callback(void (*fn)(void *, int *), void *userdata); -void set_need_random_reseed(void); -void generate_random_buffer(uint8_t *out, int len); -char *generate_random_str(TALLOC_CTX *mem_ctx, size_t len); - /* The following definitions come from lib/iconv.c */ NTSTATUS smb_register_charset(struct charset_functions *funcs) ; @@ -619,10 +607,6 @@ void init_ldap_debugging(void); char *escape_ldap_string_alloc(const char *s); char *escape_rdn_val_string_alloc(const char *s); -/* The following definitions come from lib/md4.c */ - -void mdfour(unsigned char *out, const unsigned char *in, int n); - /* The following definitions come from lib/module.c */ NTSTATUS smb_load_module(const char *module_name); @@ -796,13 +780,6 @@ bool share_access_check(const NT_USER_TOKEN *token, const char *sharename, uint32 desired_access); bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd); -/* The following definitions come from lib/signal.c */ - -void BlockSignals(bool block,int signum); -void (*CatchSignal(int signum,void (*handler)(int )))(int); -void CatchChild(void); -void CatchChildLeaveStatus(void); - /* The following definitions come from lib/smbldap.c */ int smb_ldap_start_tls(LDAP *ldap_struct, int version); @@ -1023,15 +1000,8 @@ long sys_telldir(SMB_STRUCT_DIR *dirp); void sys_rewinddir(SMB_STRUCT_DIR *dirp); int sys_closedir(SMB_STRUCT_DIR *dirp); int sys_mknod(const char *path, mode_t mode, SMB_DEV_T dev); -char *sys_realpath(const char *path, char *resolved_path); int sys_waitpid(pid_t pid,int *status,int options); char *sys_getwd(char *s); -int sys_symlink(const char *oldpath, const char *newpath); -int sys_readlink(const char *path, char *buf, size_t bufsiz); -int sys_link(const char *oldpath, const char *newpath); -int sys_chown(const char *fname,uid_t uid,gid_t gid); -int sys_lchown(const char *fname,uid_t uid,gid_t gid); -int sys_chroot(const char *dname); void set_effective_capability(enum smbd_capability capability); void drop_effective_capability(enum smbd_capability capability); long sys_random(void); @@ -1050,10 +1020,6 @@ pid_t sys_fork(void); pid_t sys_getpid(void); int sys_popen(const char *command); int sys_pclose(int fd); -void *sys_dlopen(const char *name, int flags); -void *sys_dlsym(void *handle, const char *symbol); -int sys_dlclose (void *handle); -const char *sys_dlerror(void); ssize_t sys_getxattr (const char *path, const char *name, void *value, size_t size); ssize_t sys_lgetxattr (const char *path, const char *name, void *value, size_t size); ssize_t sys_fgetxattr (int filedes, const char *name, void *value, size_t size); @@ -1104,45 +1070,14 @@ void register_msg_pool_usage(struct messaging_context *msg_ctx); /* The following definitions come from lib/time.c */ -time_t get_time_t_max(void); -void GetTimeOfDay(struct timeval *tval); -time_t nt_time_to_unix(NTTIME nt); -void unix_to_nt_time(NTTIME *nt, time_t t); -bool null_time(time_t t); -bool null_nttime(NTTIME t); -bool null_timespec(struct timespec ts); void push_dos_date(uint8_t *buf, int offset, time_t unixdate, int zone_offset); void push_dos_date2(uint8_t *buf,int offset,time_t unixdate, int zone_offset); void push_dos_date3(uint8_t *buf,int offset,time_t unixdate, int zone_offset); time_t pull_dos_date(const uint8_t *date_ptr, int zone_offset); time_t pull_dos_date2(const uint8_t *date_ptr, int zone_offset); time_t pull_dos_date3(const uint8_t *date_ptr, int zone_offset); -char *timestring(TALLOC_CTX *mem_ctx, time_t t); -const char *nt_time_string(TALLOC_CTX *mem_ctx, NTTIME nt); -NTTIME nttime_from_string(const char *s); -struct timeval timeval_zero(void); -bool timeval_is_zero(const struct timeval *tv); -struct timeval timeval_current(void); -struct timeval timeval_set(uint32_t secs, uint32_t usecs); -struct timeval timeval_add(const struct timeval *tv, - uint32_t secs, uint32_t usecs); -struct timeval timeval_sum(const struct timeval *tv1, - const struct timeval *tv2); -struct timeval timeval_current_ofs(uint32_t secs, uint32_t usecs); -int timeval_compare(const struct timeval *tv1, const struct timeval *tv2); -bool timeval_expired(const struct timeval *tv); -double timeval_elapsed2(const struct timeval *tv1, const struct timeval *tv2); -double timeval_elapsed(const struct timeval *tv); -struct timeval timeval_min(const struct timeval *tv1, - const struct timeval *tv2); -struct timeval timeval_max(const struct timeval *tv1, - const struct timeval *tv2); -struct timeval timeval_until(const struct timeval *tv1, - const struct timeval *tv2); -NTTIME timeval_to_nttime(const struct timeval *tv); uint32 convert_time_t_to_uint32(time_t t); time_t convert_uint32_to_time_t(uint32 u); -int get_time_zone(time_t t); bool nt_time_is_zero(const NTTIME *nt); time_t generalized_to_unix_time(const char *str); int get_server_zone_offset(void); @@ -1179,7 +1114,6 @@ void cli_put_dos_date3(struct cli_state *cli, char *buf, int offset, time_t unix time_t cli_make_unix_date(struct cli_state *cli, const void *date_ptr); time_t cli_make_unix_date2(struct cli_state *cli, const void *date_ptr); time_t cli_make_unix_date3(struct cli_state *cli, const void *date_ptr); -struct timespec nt_time_to_unix_timespec(NTTIME *nt); bool nt_time_equals(const NTTIME *nt1, const NTTIME *nt2); void TimeInit(void); void get_process_uptime(struct timeval *ret_time); @@ -1227,16 +1161,12 @@ bool get_cmdline_auth_info_smb_encrypt(void); bool get_cmdline_auth_info_use_machine_account(void); bool get_cmdline_auth_info_copy(struct user_auth_info *info); bool set_cmdline_auth_info_machine_account_creds(void); -const char *tmpdir(void); bool add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, gid_t **gids, size_t *num_gids); const char *get_numlist(const char *p, uint32 **num, int *count); bool file_exist_stat(const char *fname,SMB_STRUCT_STAT *sbuf); -bool file_exist(const char *fname); bool socket_exist(const char *fname); -time_t file_modtime(const char *fname); bool directory_exist_stat(char *dname,SMB_STRUCT_STAT *st); -bool directory_exist(const char *dname); SMB_OFF_T get_file_size(char *file_name); char *attrib_string(uint16 mode); void show_msg(char *buf); @@ -1255,22 +1185,18 @@ bool reinit_after_fork(struct messaging_context *msg_ctx, bool parent_longlived); bool yesno(const char *p); void *malloc_(size_t size); -void *malloc_array(size_t el_size, unsigned int count); void *memalign_array(size_t el_size, size_t align, unsigned int count); void *calloc_array(size_t size, size_t nmemb); void *Realloc(void *p, size_t size, bool free_old_on_error); -void *realloc_array(void *p, size_t el_size, unsigned int count, bool free_old_on_error); void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size, void *element, void *_array, uint32 *num_elements, ssize_t *array_size); -void safe_free(void *p); char *talloc_get_myname(TALLOC_CTX *ctx); char *get_mydnsdomname(TALLOC_CTX *ctx); int interpret_protocol(const char *str,int def); char *automount_lookup(TALLOC_CTX *ctx, const char *user_name); char *automount_lookup(TALLOC_CTX *ctx, const char *user_name); bool process_exists(const struct server_id pid); -bool process_exists_by_pid(pid_t pid); const char *uidtoname(uid_t uid); char *gidtoname(gid_t gid); uid_t nametouid(const char *name); @@ -1289,20 +1215,12 @@ void ra_lanman_string( const char *native_lanman ); const char *get_remote_arch_str(void); void set_remote_arch(enum remote_arch_types type); enum remote_arch_types get_remote_arch(void); -void print_asc(int level, const unsigned char *buf,int len); -void dump_data(int level, const unsigned char *buf1,int len); -void dump_data_pw(const char *msg, const uchar * data, size_t len); -void dump_data_skip_zeros(int level, const uint8_t *buf, int len); const char *tab_depth(int level, int depth); int str_checksum(const char *s); void zero_free(void *p, size_t size); int set_maxfiles(int requested_max); int smb_mkstemp(char *name_template); void *smb_xmalloc_array(size_t size, unsigned int count); -void *smb_xmemdup(const void *p, size_t size); -char *smb_xstrdup(const char *s); -char *smb_xstrndup(const char *s, size_t n); -void *memdup(const void *p, size_t size); char *myhostname(void); char *lock_path(const char *name); char *pid_path(const char *name); @@ -1363,17 +1281,8 @@ const char *strip_hostname(const char *s); /* The following definitions come from lib/util_file.c */ -char *fgets_slash(char *s2,int maxlen,XFILE *f); -char *file_load(const char *fname, size_t *size, size_t maxsize, TALLOC_CTX *mem_ctx); -char **file_lines_parse(char *p, size_t size, int *numlines, TALLOC_CTX *mem_ctx); -bool unmap_file(void* start, size_t size); -void *map_file(const char *fname, size_t size); -char **file_lines_load(const char *fname, int *numlines, size_t maxsize, TALLOC_CTX *mem_ctx); -char **fd_lines_load(int fd, int *numlines, size_t maxsize, TALLOC_CTX *mem_ctx); char **file_lines_pload(const char *syscmd, int *numlines); void file_lines_free(char **lines); -void file_lines_slashcont(char **lines); -bool file_save(const char *fname, const void *packet, size_t length); /* The following definitions come from lib/util_nscd.c */ @@ -1485,21 +1394,15 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, bool interpret_string_addr_internal(struct addrinfo **ppres, const char *str, int flags); -bool is_ipaddress_v4(const char *str); -bool is_ipaddress(const char *str); bool is_broadcast_addr(const struct sockaddr *pss); -uint32 interpret_addr(const char *str); -struct in_addr interpret_addr2(const char *str); bool interpret_string_addr(struct sockaddr_storage *pss, const char *str, int flags); bool is_loopback_ip_v4(struct in_addr ip); bool is_loopback_addr(const struct sockaddr *pss); -bool is_zero_ip_v4(struct in_addr ip); bool is_zero_addr(const struct sockaddr *pss); void zero_ip_v4(struct in_addr *ip); void zero_addr(struct sockaddr_storage *pss); -bool same_net_v4(struct in_addr ip1,struct in_addr ip2,struct in_addr mask); void in_addr_to_sockaddr_storage(struct sockaddr_storage *ss, struct in_addr ip); bool same_net(const struct sockaddr *ip1, @@ -1580,22 +1483,17 @@ bool next_token_no_ltrim_talloc(TALLOC_CTX *ctx, const char *sep); int StrCaseCmp(const char *s, const char *t); int StrnCaseCmp(const char *s, const char *t, size_t len); -bool strequal(const char *s1, const char *s2); bool strnequal(const char *s1,const char *s2,size_t n); bool strcsequal(const char *s1,const char *s2); -int strwicmp(const char *psz1, const char *psz2); void strnorm(char *s, int case_default); bool strisnormal(const char *s, int case_default); -void string_replace( char *s, char oldc, char newc ); char *push_skip_string(char *buf); char *skip_string(const char *base, size_t len, char *buf); size_t str_charnum(const char *s); size_t str_ascii_charnum(const char *s); bool trim_char(char *s,char cfront,char cback); -bool trim_string(char *s,const char *front,const char *back); bool strhasupper(const char *s); bool strhaslower(const char *s); -size_t count_chars(const char *s,char c); char *safe_strcpy_fn(const char *fn, int line, char *dest, @@ -1613,9 +1511,6 @@ char *alpha_strcpy_fn(const char *fn, const char *other_safe_chars, size_t maxlength); char *StrnCpy_fn(const char *fn, int line,char *dest,const char *src,size_t n); -size_t strhex_to_str(char *buf, size_t buf_len, const char *strhex, size_t strhex_len); -DATA_BLOB strhex_to_data_blob(TALLOC_CTX *mem_ctx, const char *strhex); -char *hex_encode_talloc(TALLOC_CTX *mem_ctx, const unsigned char *buff_in, size_t len); bool in_list(const char *s, const char *list, bool casesensitive); void string_free(char **s); bool string_set(char **dest,const char *src); @@ -1663,10 +1558,6 @@ size_t strlen_m_term_null(const char *s); char *binary_string_rfc2254(char *buf, int len); char *binary_string(char *buf, int len); int fstr_sprintf(fstring s, const char *fmt, ...); -char **str_list_make(TALLOC_CTX *mem_ctx, const char *string, const char *sep); -char **str_list_copy(TALLOC_CTX *mem_ctx, const char **list); -bool str_list_equal(const char **list1, const char **list2); -size_t str_list_length( const char * const*list ); bool str_list_sub_basic( char **list, const char *smb_name, const char *domain_name ); bool str_list_substitute(char **list, const char *pattern, const char *insert); @@ -1697,9 +1588,6 @@ char *sstring_sub(const char *src, char front, char back); bool validate_net_name( const char *name, const char *invalid_chars, int max_len); -size_t ascii_len_n(const char *src, size_t n); -size_t utf16_len(const void *buf); -size_t utf16_len_n(const void *src, size_t n); char *escape_shell_string(const char *src); /* The following definitions come from lib/util_unistr.c */ @@ -1824,25 +1712,6 @@ void wins_srv_tags_free(char **list); struct in_addr wins_srv_ip_tag(const char *tag, struct in_addr src_ip); unsigned wins_srv_count_tag(const char *tag); -/* The following definitions come from lib/xfile.c */ - -int x_setvbuf(XFILE *f, char *buf, int mode, size_t size); -XFILE *x_fopen(const char *fname, int flags, mode_t mode); -XFILE *x_fdup(const XFILE *f); -int x_fclose(XFILE *f); -size_t x_fwrite(const void *p, size_t size, size_t nmemb, XFILE *f); -int x_fileno(const XFILE *f); -int x_fflush(XFILE *f); -void x_setbuffer(XFILE *f, char *buf, size_t size); -void x_setbuf(XFILE *f, char *buf); -void x_setlinebuf(XFILE *f); -int x_feof(XFILE *f); -int x_ferror(XFILE *f); -int x_fgetc(XFILE *f); -size_t x_fread(void *p, size_t size, size_t nmemb, XFILE *f); -char *x_fgets(char *s, int size, XFILE *stream) ; -off_t x_tseek(XFILE *f, off_t offset, int whence); - /* The following definitions come from libads/ads_status.c */ ADS_STATUS ads_build_error(enum ads_error_type etype, diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 15adebe29d..a1cfad9003 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -146,21 +146,6 @@ struct standard_mapping { #define STD_RIGHT_ALL_ACCESS 0x001F0000 -/* Combinations of standard masks. */ -#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */ -#define STANDARD_RIGHTS_MODIFY_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */ -#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */ -#define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */ -#define STANDARD_RIGHTS_WRITE_ACCESS \ - (STD_RIGHT_WRITE_OWNER_ACCESS | \ - STD_RIGHT_WRITE_DAC_ACCESS | \ - STD_RIGHT_DELETE_ACCESS) /* 0x000d0000 */ -#define STANDARD_RIGHTS_REQUIRED_ACCESS \ - (STD_RIGHT_DELETE_ACCESS | \ - STD_RIGHT_READ_CONTROL_ACCESS | \ - STD_RIGHT_WRITE_DAC_ACCESS | \ - STD_RIGHT_WRITE_OWNER_ACCESS) /* 0x000f0000 */ - /* File Object specific access rights */ #define SA_RIGHT_FILE_READ_DATA 0x00000001 diff --git a/source3/include/smb.h b/source3/include/smb.h index 8b64877d86..fdbad2a22a 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1228,7 +1228,7 @@ struct bitmap { #define FILE_GENERIC_WRITE (STD_RIGHT_READ_CONTROL_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\ FILE_WRITE_EA|FILE_APPEND_DATA|SYNCHRONIZE_ACCESS) -#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|\ +#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|FILE_READ_ATTRIBUTES|\ FILE_EXECUTE|SYNCHRONIZE_ACCESS) /* Share specific rights. */ diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index d2e0aa95ac..668dc186d3 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -45,17 +45,7 @@ #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0) #endif -/* assert macros */ -#ifdef DEVELOPER -#define SMB_ASSERT(b) ( (b) ? (void)0 : \ - (DEBUG(0,("PANIC: assert failed at %s(%d): %s\n", \ - __FILE__, __LINE__, #b)), smb_panic("assert failed: " #b))) -#else -/* redefine the assert macro for non-developer builds */ -#define SMB_ASSERT(b) ( (b) ? (void)0 : \ - (DEBUG(0,("PANIC: assert failed at %s(%d): %s\n", \ - __FILE__, __LINE__, #b)))) -#endif + #define SMB_WARN(condition, message) \ ((condition) ? (void)0 : \ diff --git a/source3/lib/fault.c b/source3/lib/fault.c index d4c1142937..d038e57e1a 100644 --- a/source3/lib/fault.c +++ b/source3/lib/fault.c @@ -129,7 +129,7 @@ void dump_core_setup(const char *progname) } mkdir(corepath,0700); - sys_chown(corepath,getuid(),getgid()); + chown(corepath,getuid(),getgid()); chmod(corepath,0700); SAFE_FREE(logbase); diff --git a/source3/lib/module.c b/source3/lib/module.c index 76983387ff..de13668009 100644 --- a/source3/lib/module.c +++ b/source3/lib/module.c @@ -37,11 +37,11 @@ static NTSTATUS do_smb_load_module(const char *module_name, bool is_probe) * backwards compatibility, there might be symbols in the * plugin referencing to old (removed) functions */ - handle = sys_dlopen(module_name, RTLD_LAZY); + handle = dlopen(module_name, RTLD_LAZY); /* This call should reset any possible non-fatal errors that occured since last call to dl* functions */ - error = sys_dlerror(); + error = dlerror(); if(!handle) { int level = is_probe ? 3 : 0; @@ -49,15 +49,15 @@ static NTSTATUS do_smb_load_module(const char *module_name, bool is_probe) return NT_STATUS_UNSUCCESSFUL; } - init = (init_module_function *)sys_dlsym(handle, "init_samba_module"); + init = (init_module_function *)dlsym(handle, "init_samba_module"); - /* we must check sys_dlerror() to determine if it worked, because - sys_dlsym() can validly return NULL */ - error = sys_dlerror(); + /* we must check dlerror() to determine if it worked, because + dlsym() can validly return NULL */ + error = dlerror(); if (error) { DEBUG(0, ("Error trying to resolve symbol 'init_samba_module' " "in %s: %s\n", module_name, error)); - sys_dlclose(handle); + dlclose(handle); return NT_STATUS_UNSUCCESSFUL; } @@ -67,7 +67,7 @@ static NTSTATUS do_smb_load_module(const char *module_name, bool is_probe) if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Module '%s' initialization failed: %s\n", module_name, get_friendly_nt_error_msg(status))); - sys_dlclose(handle); + dlclose(handle); } return status; diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 1da2b3ec93..2987306066 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -529,7 +529,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, /* First add the regular ACE entry. */ init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, SEC_ACE_FLAG_INHERITED_ACE); + ace->access_mask, 0); DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x" " inherited as %s:%d/0x%02x/0x%08x\n", @@ -549,7 +549,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, new_flags | SEC_ACE_FLAG_INHERITED_ACE); + ace->access_mask, new_flags); DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", @@ -565,7 +565,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, /* Create child security descriptor to return */ new_dacl = make_sec_acl(ctx, - ACL_REVISION, + NT4_ACL_REVISION, new_ace_list_ndx, new_ace_list); diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index b90346ff7e..8ea63a5824 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -279,7 +279,6 @@ bool share_access_check(const NT_USER_TOKEN *token, const char *sharename, NTSTATUS status; SEC_DESC *psd = NULL; size_t sd_size; - bool ret = True; psd = get_share_security(talloc_tos(), sharename, &sd_size); diff --git a/source3/lib/system.c b/source3/lib/system.c index 6d33a1c360..86c4ef2097 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -538,21 +538,6 @@ int sys_mknod(const char *path, mode_t mode, SMB_DEV_T dev) } /******************************************************************* - Wrapper for realpath. -********************************************************************/ - -char *sys_realpath(const char *path, char *resolved_path) -{ -#if defined(HAVE_REALPATH) - return realpath(path, resolved_path); -#else - /* As realpath is not a system call we can't return ENOSYS. */ - errno = EINVAL; - return NULL; -#endif -} - -/******************************************************************* The wait() calls vary between systems ********************************************************************/ @@ -580,104 +565,6 @@ char *sys_getwd(char *s) return wd; } -/******************************************************************* -system wrapper for symlink -********************************************************************/ - -int sys_symlink(const char *oldpath, const char *newpath) -{ -#ifndef HAVE_SYMLINK - errno = ENOSYS; - return -1; -#else - return symlink(oldpath, newpath); -#endif -} - -/******************************************************************* -system wrapper for readlink -********************************************************************/ - -int sys_readlink(const char *path, char *buf, size_t bufsiz) -{ -#ifndef HAVE_READLINK - errno = ENOSYS; - return -1; -#else - return readlink(path, buf, bufsiz); -#endif -} - -/******************************************************************* -system wrapper for link -********************************************************************/ - -int sys_link(const char *oldpath, const char *newpath) -{ -#ifndef HAVE_LINK - errno = ENOSYS; - return -1; -#else - return link(oldpath, newpath); -#endif -} - -/******************************************************************* -chown isn't used much but OS/2 doesn't have it -********************************************************************/ - -int sys_chown(const char *fname,uid_t uid,gid_t gid) -{ -#ifndef HAVE_CHOWN - static int done; - if (!done) { - DEBUG(1,("WARNING: no chown!\n")); - done=1; - } - errno = ENOSYS; - return -1; -#else - return(chown(fname,uid,gid)); -#endif -} - -/******************************************************************* - Wrapper for lchown. -********************************************************************/ - -int sys_lchown(const char *fname,uid_t uid,gid_t gid) -{ -#ifndef HAVE_LCHOWN - static int done; - if (!done) { - DEBUG(1,("WARNING: no lchown!\n")); - done=1; - } - errno = ENOSYS; - return -1; -#else - return(lchown(fname,uid,gid)); -#endif -} - -/******************************************************************* -os/2 also doesn't have chroot -********************************************************************/ -int sys_chroot(const char *dname) -{ -#ifndef HAVE_CHROOT - static int done; - if (!done) { - DEBUG(1,("WARNING: no chroot!\n")); - done=1; - } - errno = ENOSYS; - return -1; -#else - return(chroot(dname)); -#endif -} - #if defined(HAVE_POSIX_CAPABILITIES) /************************************************************************** @@ -1304,46 +1191,6 @@ int sys_pclose(int fd) } /************************************************************************** - Wrappers for dlopen, dlsym, dlclose. -****************************************************************************/ - -void *sys_dlopen(const char *name, int flags) -{ -#if defined(HAVE_DLOPEN) - return dlopen(name, flags); -#else - return NULL; -#endif -} - -void *sys_dlsym(void *handle, const char *symbol) -{ -#if defined(HAVE_DLSYM) - return dlsym(handle, symbol); -#else - return NULL; -#endif -} - -int sys_dlclose (void *handle) -{ -#if defined(HAVE_DLCLOSE) - return dlclose(handle); -#else - return 0; -#endif -} - -const char *sys_dlerror(void) -{ -#if defined(HAVE_DLERROR) - return dlerror(); -#else - return NULL; -#endif -} - -/************************************************************************** Wrapper for Admin Logs. ****************************************************************************/ diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 17d4b78202..d7fdc9a8b9 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -110,7 +110,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, { uint32_t denied = 0, granted = 0; unsigned i; - + if (is_sid_in_token(token, sd->owner_sid)) { granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; } else if (user_has_privileges(token, &se_restore)) { @@ -120,7 +120,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, if (sd->dacl == NULL) { return granted & ~denied; } - + for (i = 0;i<sd->dacl->num_aces; i++) { struct security_ace *ace = &sd->dacl->aces[i]; diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h index 5b77d76b50..bb06dc2584 100644 --- a/source3/librpc/gen_ndr/security.h +++ b/source3/librpc/gen_ndr/security.h @@ -68,6 +68,12 @@ #define SEC_RIGHTS_DIR_WRITE ( SEC_RIGHTS_FILE_WRITE ) #define SEC_RIGHTS_DIR_EXECUTE ( SEC_RIGHTS_FILE_EXECUTE ) #define SEC_RIGHTS_DIR_ALL ( SEC_RIGHTS_FILE_ALL ) +#define STANDARD_RIGHTS_ALL_ACCESS ( SEC_STD_ALL ) +#define STANDARD_RIGHTS_MODIFY_ACCESS ( SEC_STD_READ_CONTROL ) +#define STANDARD_RIGHTS_EXECUTE_ACCESS ( SEC_STD_READ_CONTROL ) +#define STANDARD_RIGHTS_READ_ACCESS ( SEC_STD_READ_CONTROL ) +#define STANDARD_RIGHTS_WRITE_ACCESS ( (SEC_STD_WRITE_OWNER|SEC_STD_WRITE_DAC|SEC_STD_DELETE) ) +#define STANDARD_RIGHTS_REQUIRED_ACCESS ( (SEC_STD_DELETE|SEC_STD_READ_CONTROL|SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER) ) #define SID_NULL ( "S-1-0-0" ) #define NAME_WORLD ( "WORLD" ) #define SID_WORLD_DOMAIN ( "S-1-1" ) diff --git a/source3/modules/gpfs.c b/source3/modules/gpfs.c index 590dbac26f..a0d33fa33a 100644 --- a/source3/modules/gpfs.c +++ b/source3/modules/gpfs.c @@ -141,40 +141,40 @@ void init_gpfs(void) return; } - libgpfs_handle = sys_dlopen("libgpfs_gpl.so", RTLD_LAZY); + libgpfs_handle = dlopen("libgpfs_gpl.so", RTLD_LAZY); if (libgpfs_handle == NULL) { - DEBUG(10, ("sys_dlopen for libgpfs_gpl failed: %s\n", + DEBUG(10, ("dlopen for libgpfs_gpl failed: %s\n", strerror(errno))); return; } DEBUG(10, ("libgpfs_gpl.so loaded\n")); - gpfs_set_share_fn = sys_dlsym(libgpfs_handle, "gpfs_set_share"); + gpfs_set_share_fn = dlsym(libgpfs_handle, "gpfs_set_share"); if (gpfs_set_share_fn == NULL) { DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " "'gpfs_set_share'\n")); goto failed; } - gpfs_set_lease_fn = sys_dlsym(libgpfs_handle, "gpfs_set_lease"); + gpfs_set_lease_fn = dlsym(libgpfs_handle, "gpfs_set_lease"); if (gpfs_set_lease_fn == NULL) { DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " "'gpfs_set_lease'\n")); - sys_dlclose(libgpfs_handle); + dlclose(libgpfs_handle); goto failed; } - gpfs_getacl_fn = sys_dlsym(libgpfs_handle, "gpfs_getacl"); + gpfs_getacl_fn = dlsym(libgpfs_handle, "gpfs_getacl"); if (gpfs_getacl_fn == NULL) { DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " "'gpfs_getacl'\n")); goto failed; } - gpfs_putacl_fn = sys_dlsym(libgpfs_handle, "gpfs_putacl"); + gpfs_putacl_fn = dlsym(libgpfs_handle, "gpfs_putacl"); if (gpfs_putacl_fn == NULL) { DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " "'gpfs_putacl'\n")); @@ -187,7 +187,7 @@ void init_gpfs(void) return; failed: - sys_dlclose(libgpfs_handle); + dlclose(libgpfs_handle); /* leave libgpfs_handle != NULL around, no point in trying twice */ gpfs_set_share_fn = NULL; diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index ca34e97155..e465e8f380 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -144,7 +144,7 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, return NT_STATUS_OK; } -static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob) +static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob) { struct xattr_NTACL xacl; struct security_descriptor_timestamp sd_ts; @@ -163,7 +163,7 @@ static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob) xacl.version = 2; xacl.info.sd_ts = &sd_ts; - xacl.info.sd_ts->sd = CONST_DISCARD(SEC_DESC *, psd); + xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd); unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); DEBUG(10, ("create_acl_blob: timestamp stored as %s\n", @@ -250,7 +250,7 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, - SEC_DESC **ppdesc) + struct security_descriptor **ppdesc) { TALLOC_CTX *ctx = talloc_tos(); DATA_BLOB blob; @@ -292,8 +292,50 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, } /********************************************************************* - * Currently this only works for existing files. Need to work on - * inheritance for new files. + Create a default security descriptor for a file in case no inheritance + exists. All permissions to the owner and SYSTEM. +*********************************************************************/ + +static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, + SMB_STRUCT_STAT *psbuf) +{ + struct dom_sid owner_sid, group_sid; + size_t sd_size; + struct security_ace *pace = NULL; + struct security_acl *pacl = NULL; + + uid_to_sid(&owner_sid, psbuf->st_uid); + gid_to_sid(&group_sid, psbuf->st_gid); + + pace = TALLOC_ARRAY(mem_ctx, struct security_ace, 2); + if (!pace) { + return NULL; + } + + init_sec_ace(&pace[0], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, + SEC_RIGHTS_FILE_ALL, 0); + init_sec_ace(&pace[1], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, + SEC_RIGHTS_FILE_ALL, 0); + + pacl = make_sec_acl(mem_ctx, + NT4_ACL_REVISION, + 2, + pace); + if (!pacl) { + return NULL; + } + return make_sec_desc(mem_ctx, + SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT| + SEC_DESC_DACL_DEFAULTED, + &owner_sid, + &group_sid, + NULL, + pacl, + &sd_size); +} + +/********************************************************************* *********************************************************************/ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, @@ -303,8 +345,8 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, { TALLOC_CTX *ctx = talloc_tos(); NTSTATUS status; - SEC_DESC *parent_desc = NULL; - SEC_DESC *psd = NULL; + struct security_descriptor *parent_desc = NULL; + struct security_descriptor *psd = NULL; DATA_BLOB blob; size_t size; char *parent_name; @@ -343,6 +385,25 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, if (!NT_STATUS_IS_OK(status)) { return status; } + if (psd->dacl == NULL) { + SMB_STRUCT_STAT sbuf; + int ret; + + TALLOC_FREE(psd); + if (fsp && !fsp->is_directory && fsp->fh->fd != -1) { + ret = SMB_VFS_FSTAT(fsp, &sbuf); + } else { + ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf); + } + if (ret == -1) { + return map_nt_error_from_unix(errno); + } + psd = default_file_sd(ctx, &sbuf); + if (!psd) { + return NT_STATUS_NO_MEMORY; + } + } + status = create_acl_blob(psd, &blob); if (!NT_STATUS_IS_OK(status)) { return status; @@ -365,7 +426,7 @@ static int open_acl_xattr(vfs_handle_struct *handle, mode_t mode) { uint32_t access_granted = 0; - SEC_DESC *pdesc = NULL; + struct security_descriptor *pdesc = NULL; bool file_existed = true; NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL, @@ -417,7 +478,7 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t m } static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info, SEC_DESC **ppdesc) + uint32 security_info, struct security_descriptor **ppdesc) { NTSTATUS status = get_nt_acl_xattr_internal(handle, fsp, NULL, security_info, ppdesc); @@ -434,7 +495,7 @@ static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, } static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, - const char *name, uint32 security_info, SEC_DESC **ppdesc) + const char *name, uint32 security_info, struct security_descriptor **ppdesc) { NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL, name, security_info, ppdesc); @@ -451,7 +512,7 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, } static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info_sent, const SEC_DESC *psd) + uint32 security_info_sent, const struct security_descriptor *psd) { NTSTATUS status; DATA_BLOB blob; @@ -460,7 +521,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, - CONST_DISCARD(SEC_DESC *,psd)); + CONST_DISCARD(struct security_descriptor *,psd)); } status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); @@ -473,7 +534,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, int ret; SMB_STRUCT_STAT sbuf; DOM_SID owner_sid, group_sid; - SEC_DESC *nc_psd = dup_sec_desc(talloc_tos(), psd); + struct security_descriptor *nc_psd = dup_sec_desc(talloc_tos(), psd); if (!nc_psd) { return NT_STATUS_OK; @@ -502,7 +563,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, SE_DESC_DACL_AUTO_INHERIT_REQ))== (SE_DESC_DACL_AUTO_INHERITED| SE_DESC_DACL_AUTO_INHERIT_REQ) ) { - SEC_DESC *new_psd = NULL; + struct security_descriptor *new_psd = NULL; status = append_parent_acl(fsp, psd, &new_psd); if (!NT_STATUS_IS_OK(status)) { /* Lower level acl set succeeded, @@ -516,7 +577,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, - CONST_DISCARD(SEC_DESC *,psd)); + CONST_DISCARD(struct security_descriptor *,psd)); } create_acl_blob(psd, &blob); store_acl_blob_fsp(fsp, &blob); diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 275c2f53c4..d972828ba9 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -596,7 +596,7 @@ static int vfswrap_chown(vfs_handle_struct *handle, const char *path, uid_t uid, int result; START_PROFILE(syscall_chown); - result = sys_chown(path, uid, gid); + result = chown(path, uid, gid); END_PROFILE(syscall_chown); return result; } @@ -621,7 +621,7 @@ static int vfswrap_lchown(vfs_handle_struct *handle, const char *path, uid_t uid int result; START_PROFILE(syscall_lchown); - result = sys_lchown(path, uid, gid); + result = lchown(path, uid, gid); END_PROFILE(syscall_lchown); return result; } @@ -869,7 +869,7 @@ static int vfswrap_symlink(vfs_handle_struct *handle, const char *oldpath, cons int result; START_PROFILE(syscall_symlink); - result = sys_symlink(oldpath, newpath); + result = symlink(oldpath, newpath); END_PROFILE(syscall_symlink); return result; } @@ -879,7 +879,7 @@ static int vfswrap_readlink(vfs_handle_struct *handle, const char *path, char * int result; START_PROFILE(syscall_readlink); - result = sys_readlink(path, buf, bufsiz); + result = readlink(path, buf, bufsiz); END_PROFILE(syscall_readlink); return result; } @@ -889,7 +889,7 @@ static int vfswrap_link(vfs_handle_struct *handle, const char *oldpath, const c int result; START_PROFILE(syscall_link); - result = sys_link(oldpath, newpath); + result = link(oldpath, newpath); END_PROFILE(syscall_link); return result; } @@ -909,7 +909,7 @@ static char *vfswrap_realpath(vfs_handle_struct *handle, const char *path, char char *result; START_PROFILE(syscall_realpath); - result = sys_realpath(path, resolved_path); + result = realpath(path, resolved_path); END_PROFILE(syscall_realpath); return result; } diff --git a/source3/modules/vfs_netatalk.c b/source3/modules/vfs_netatalk.c index 2cc4a6c4ba..ca7085ca18 100644 --- a/source3/modules/vfs_netatalk.c +++ b/source3/modules/vfs_netatalk.c @@ -399,7 +399,7 @@ static int atalk_lchown(struct vfs_handle_struct *handle, const char *path, uid_ goto exit_lchown; } - sys_lchown(adbl_path, uid, gid); + lchown(adbl_path, uid, gid); exit_lchown: talloc_destroy(ctx); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index d91d34d29b..800a47c343 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -5418,7 +5418,6 @@ FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, &Globals.client_ldap_sasl_wrappi static int map_parameter(const char *pszParmName); static int map_parameter_canonical(const char *pszParmName, bool *inverse); -static bool set_boolean(bool *pb, const char *pszParmValue); static const char *get_boolean(bool bool_value); static int getservicebyname(const char *pszServiceName, struct service *pserviceDest); @@ -5532,7 +5531,7 @@ static bool lp_bool(const char *s) return False; } - if (!set_boolean(&ret,s)) { + if (!set_boolean(s, &ret)) { DEBUG(0,("lp_bool(%s): value is not boolean!\n",s)); return False; } @@ -6315,48 +6314,12 @@ void show_parameter_list(void) } /*************************************************************************** - Set a boolean variable from the text value stored in the passed string. - Returns True in success, False if the passed string does not correctly - represent a boolean. -***************************************************************************/ - -static bool set_boolean(bool *pb, const char *pszParmValue) -{ - bool bRetval; - bool value; - - bRetval = True; - value = False; - if (strwicmp(pszParmValue, "yes") == 0 || - strwicmp(pszParmValue, "true") == 0 || - strwicmp(pszParmValue, "1") == 0) - value = True; - else if (strwicmp(pszParmValue, "no") == 0 || - strwicmp(pszParmValue, "False") == 0 || - strwicmp(pszParmValue, "0") == 0) - value = False; - else { - DEBUG(2, - ("ERROR: Badly formed boolean in configuration file: \"%s\".\n", - pszParmValue)); - bRetval = False; - } - - if ((pb != NULL) && (bRetval != False)) { - *pb = value; - } - - return (bRetval); -} - - -/*************************************************************************** Check if a given string correctly represents a boolean value. ***************************************************************************/ bool lp_string_is_valid_boolean(const char *parm_value) { - return set_boolean(NULL, parm_value); + return set_boolean(parm_value, NULL); } /*************************************************************************** @@ -6381,7 +6344,7 @@ bool lp_invert_boolean(const char *str, const char **inverse_str) { bool val; - if (!set_boolean(&val, str)) { + if (!set_boolean(str, &val)) { return False; } @@ -6399,7 +6362,7 @@ bool lp_canonicalize_boolean(const char *str, const char**canon_str) { bool val; - if (!set_boolean(&val, str)) { + if (!set_boolean(str, &val)) { return False; } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 1564525005..5836c43afc 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1370,16 +1370,53 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } } - /* This is a nasty hack - must fix... JRA. */ - if (access_mask == MAXIMUM_ALLOWED_ACCESS) { - open_access_mask = access_mask = FILE_GENERIC_ALL; - } - /* * Convert GENERIC bits to specific bits. */ se_map_generic(&access_mask, &file_generic_mapping); + + /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */ + if (access_mask & MAXIMUM_ALLOWED_ACCESS) { + if (file_existed) { + struct security_descriptor *sd; + uint32_t access_granted = 0; + + status = SMB_VFS_GET_NT_ACL(conn, fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION),&sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("open_file_ntcreate: Could not get acl " + "on file %s: %s\n", + fname, + nt_errstr(status))); + return NT_STATUS_ACCESS_DENIED; + } + + status = se_access_check(sd, conn->server_info->ptok, + access_mask, &access_granted); + + TALLOC_FREE(sd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("open_file_ntcreate: Access denied on " + "file %s: when calculating maximum access\n", + fname)); + return NT_STATUS_ACCESS_DENIED; + } + + access_mask = access_granted; + /* + * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, + */ + access_mask |= FILE_READ_ATTRIBUTES; + } else { + access_mask = FILE_GENERIC_ALL; + } + } + open_access_mask = access_mask; if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) { diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 4e81263ee4..7583da65a5 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1415,7 +1415,7 @@ extern void build_options(bool screen); } if (*lp_rootdir()) { - if (sys_chroot(lp_rootdir()) == 0) + if (chroot(lp_rootdir()) == 0) DEBUG(2,("Changed root to %s\n", lp_rootdir())); } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 1da45a8b58..a450a56e72 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3846,7 +3846,6 @@ static void call_trans2qfilepathinfo(connection_struct *conn, files_struct *fsp = NULL; struct file_id fileid; struct ea_list *ea_list = NULL; - uint32 access_mask = 0x12019F; /* Default - GENERIC_EXECUTE mapping from Windows */ char *lock_data = NULL; bool ms_dfs_link = false; TALLOC_CTX *ctx = talloc_tos(); @@ -3939,7 +3938,6 @@ static void call_trans2qfilepathinfo(connection_struct *conn, pos = fsp->fh->position_information; fileid = vfs_file_id_from_sbuf(conn, &sbuf); get_file_infos(fileid, &delete_pending, &write_time_ts); - access_mask = fsp->access_mask; } } else { @@ -4403,7 +4401,12 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd case SMB_FILE_ACCESS_INFORMATION: DEBUG(10,("call_trans2qfilepathinfo: SMB_FILE_ACCESS_INFORMATION\n")); - SIVAL(pdata,0,access_mask); + if (fsp) { + SIVAL(pdata,0,fsp->access_mask); + } else { + /* GENERIC_EXECUTE mapping from Windows */ + SIVAL(pdata,0,0x12019F); + } data_size = 4; break; diff --git a/source3/torture/nsstest.c b/source3/torture/nsstest.c index 6bd0efe1af..352b3fa33c 100644 --- a/source3/torture/nsstest.c +++ b/source3/torture/nsstest.c @@ -37,13 +37,13 @@ static void *find_fn(const char *name) } if (!h) { - h = sys_dlopen(so_path, RTLD_LAZY); + h = dlopen(so_path, RTLD_LAZY); } if (!h) { printf("Can't open shared library %s\n", so_path); exit(1); } - res = sys_dlsym(h, s); + res = dlsym(h, s); if (!res) { printf("Can't find function %s\n", s); total_errors++; diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 4e617a1968..f4ad6f7b47 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -169,7 +169,7 @@ int get_my_ip_address( struct sockaddr_storage **pp_ss ) continue; /* Don't register loopback addresses */ - if (is_loopback_addr(nic_sa_storage)) { + if (is_loopback_addr((struct sockaddr *)nic_sa_storage)) { continue; } diff --git a/source4/include/includes.h b/source4/include/includes.h index 08d6cdb5f6..f925e836c5 100644 --- a/source4/include/includes.h +++ b/source4/include/includes.h @@ -40,8 +40,10 @@ #ifndef _PRINTF_ATTRIBUTE #define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2) #endif -#include "../lib/util/util.h" +#include "../lib/util/xfile.h" +#include "../lib/util/attr.h" #include "../lib/util/debug.h" +#include "../lib/util/util.h" #include "libcli/util/error.h" diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 9a707605e6..db4657e835 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -1567,7 +1567,7 @@ bool torture_rpc_samlogon(struct torture_context *torture) old_user_password = user_password; - test_ChangePasswordUser3(torture_join_samr_pipe(user_ctx), mem_ctx, + test_ChangePasswordUser3(torture_join_samr_pipe(user_ctx), torture, TEST_USER_NAME, 16 /* > 14 */, &user_password, NULL, 0, false); |