diff options
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/dir.c | 11 | ||||
-rw-r--r-- | source3/smbd/file_access.c | 15 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 18 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 20 |
4 files changed, 33 insertions, 31 deletions
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index f6a8b27ab4..05679ee0ee 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -911,7 +911,6 @@ bool get_dir_entry(TALLOC_CTX *ctx, static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst) { SEC_DESC *psd = NULL; - size_t sd_size; files_struct *fsp; NTSTATUS status; uint32 access_granted; @@ -951,12 +950,12 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S } /* Get NT ACL -allocated in main loop talloc context. No free needed here. */ - sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, + status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); close_file(fsp, NORMAL_CLOSE); /* No access if SD get failed. */ - if (!sd_size) { + if (!NT_STATUS_IS_OK(status)) { return False; } @@ -974,7 +973,6 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst) { SEC_DESC *psd = NULL; - size_t sd_size; files_struct *fsp; int info; NTSTATUS status; @@ -1014,13 +1012,14 @@ static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_ } /* Get NT ACL -allocated in main loop talloc context. No free needed here. */ - sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, + status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); close_file(fsp, NORMAL_CLOSE); /* No access if SD get failed. */ - if (!sd_size) + if (!NT_STATUS_IS_OK(status)) { return False; + } return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA, &access_granted, &status); diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 121e7f79a9..46472665e5 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -41,7 +41,6 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx, NTSTATUS status; struct files_struct *fsp = NULL; struct security_descriptor *secdesc = NULL; - size_t secdesc_size; if (!VALID_STAT(*psbuf)) { if (SMB_VFS_STAT(conn, fname, psbuf) != 0) { @@ -70,14 +69,14 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx, return status; } - secdesc_size = SMB_VFS_GET_NT_ACL(fsp, fname, - (OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION), - &secdesc); - if (secdesc_size == 0) { + status = SMB_VFS_GET_NT_ACL(fsp, fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &secdesc); + if (!NT_STATUS_IS_OK(status)) { DEBUG(5, ("Unable to get NT ACL for file %s\n", fname)); - return NT_STATUS_ACCESS_DENIED; + return status; } *psd = talloc_move(mem_ctx, &secdesc); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index f07d64eded..d03abaeadb 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2302,17 +2302,17 @@ static void call_nt_transact_rename(connection_struct *conn, Fake up a completely empty SD. *******************************************************************************/ -static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd) +static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd) { size_t sd_size; *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size); if(!*ppsd) { DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n")); - sd_size = 0; + return NT_STATUS_NO_MEMORY; } - return sd_size; + return NT_STATUS_OK; } /**************************************************************************** @@ -2337,6 +2337,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, uint32 security_info_wanted; TALLOC_CTX *mem_ctx; files_struct *fsp = NULL; + NTSTATUS status; if(parameter_count < 8) { reply_doserror(req, ERRDOS, ERRbadfunc); @@ -2371,17 +2372,20 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, */ if (!lp_nt_acl_support(SNUM(conn))) { - sd_size = get_null_nt_acl(mem_ctx, &psd); + status = get_null_nt_acl(mem_ctx, &psd); } else { - sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, security_info_wanted, &psd); + status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, + security_info_wanted, &psd); } - if (sd_size == 0) { + if (!NT_STATUS_IS_OK(status)) { talloc_destroy(mem_ctx); - reply_unixerror(req, ERRDOS, ERRnoaccess); + reply_nterror(req, status); return; } + sd_size = sec_desc_size(psd); + DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); SIVAL(params,0,(uint32)sd_size); diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 6e7dae4892..27953a2051 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2728,7 +2728,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces) the UNIX style get ACL. ****************************************************************************/ -size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) +NTSTATUS get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) { connection_struct *conn = fsp->conn; SMB_STRUCT_STAT sbuf; @@ -2756,7 +2756,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) /* Get the stat struct for the owner info. */ if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) { - return 0; + return map_nt_error_from_unix(errno); } /* * Get the ACL from the path. @@ -2777,7 +2777,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) /* Get the stat struct for the owner info. */ if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) { - return 0; + return map_nt_error_from_unix(errno); } /* * Get the ACL from the fd. @@ -3027,7 +3027,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) free_inherited_info(pal); SAFE_FREE(nt_ace_list); - return sd_size; + return NT_STATUS_OK; } /**************************************************************************** @@ -3174,7 +3174,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp, SMB_STRUCT_STAT sbuf; NTSTATUS status; int info; - size_t sd_size; unsigned int i, j; mode_t unx_mode; @@ -3213,13 +3212,13 @@ static NTSTATUS append_parent_acl(files_struct *fsp, return status; } - sd_size = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name, - DACL_SECURITY_INFORMATION, &parent_sd ); + status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name, + DACL_SECURITY_INFORMATION, &parent_sd ); close_file(parent_fsp, NORMAL_CLOSE); - if (!sd_size) { - return NT_STATUS_ACCESS_DENIED; + if (!NT_STATUS_IS_OK(status)) { + return status; } /* @@ -4174,7 +4173,8 @@ SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) finfo.fh->fd = -1; finfo.fsp_name = CONST_DISCARD(char *,fname); - if (get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ) == 0) { + if (!NT_STATUS_IS_OK(get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, + &psd ))) { DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n")); conn_free_internal( &conn ); return NULL; |