summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/dir.c11
-rw-r--r--source3/smbd/file_access.c15
-rw-r--r--source3/smbd/nttrans.c18
-rw-r--r--source3/smbd/posix_acls.c20
4 files changed, 33 insertions, 31 deletions
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index f6a8b27ab4..05679ee0ee 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -911,7 +911,6 @@ bool get_dir_entry(TALLOC_CTX *ctx,
static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{
SEC_DESC *psd = NULL;
- size_t sd_size;
files_struct *fsp;
NTSTATUS status;
uint32 access_granted;
@@ -951,12 +950,12 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
}
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
- sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+ status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */
- if (!sd_size) {
+ if (!NT_STATUS_IS_OK(status)) {
return False;
}
@@ -974,7 +973,6 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{
SEC_DESC *psd = NULL;
- size_t sd_size;
files_struct *fsp;
int info;
NTSTATUS status;
@@ -1014,13 +1012,14 @@ static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_
}
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
- sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+ status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */
- if (!sd_size)
+ if (!NT_STATUS_IS_OK(status)) {
return False;
+ }
return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA,
&access_granted, &status);
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 121e7f79a9..46472665e5 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -41,7 +41,6 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
NTSTATUS status;
struct files_struct *fsp = NULL;
struct security_descriptor *secdesc = NULL;
- size_t secdesc_size;
if (!VALID_STAT(*psbuf)) {
if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
@@ -70,14 +69,14 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
return status;
}
- secdesc_size = SMB_VFS_GET_NT_ACL(fsp, fname,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
- &secdesc);
- if (secdesc_size == 0) {
+ status = SMB_VFS_GET_NT_ACL(fsp, fname,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),
+ &secdesc);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Unable to get NT ACL for file %s\n", fname));
- return NT_STATUS_ACCESS_DENIED;
+ return status;
}
*psd = talloc_move(mem_ctx, &secdesc);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index f07d64eded..d03abaeadb 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2302,17 +2302,17 @@ static void call_nt_transact_rename(connection_struct *conn,
Fake up a completely empty SD.
*******************************************************************************/
-static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
+static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
{
size_t sd_size;
*ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
if(!*ppsd) {
DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
- sd_size = 0;
+ return NT_STATUS_NO_MEMORY;
}
- return sd_size;
+ return NT_STATUS_OK;
}
/****************************************************************************
@@ -2337,6 +2337,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
uint32 security_info_wanted;
TALLOC_CTX *mem_ctx;
files_struct *fsp = NULL;
+ NTSTATUS status;
if(parameter_count < 8) {
reply_doserror(req, ERRDOS, ERRbadfunc);
@@ -2371,17 +2372,20 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
*/
if (!lp_nt_acl_support(SNUM(conn))) {
- sd_size = get_null_nt_acl(mem_ctx, &psd);
+ status = get_null_nt_acl(mem_ctx, &psd);
} else {
- sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, security_info_wanted, &psd);
+ status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+ security_info_wanted, &psd);
}
- if (sd_size == 0) {
+ if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
- reply_unixerror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, status);
return;
}
+ sd_size = sec_desc_size(psd);
+
DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
SIVAL(params,0,(uint32)sd_size);
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 6e7dae4892..27953a2051 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2728,7 +2728,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
the UNIX style get ACL.
****************************************************************************/
-size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
+NTSTATUS get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
{
connection_struct *conn = fsp->conn;
SMB_STRUCT_STAT sbuf;
@@ -2756,7 +2756,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
/* Get the stat struct for the owner info. */
if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
- return 0;
+ return map_nt_error_from_unix(errno);
}
/*
* Get the ACL from the path.
@@ -2777,7 +2777,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
/* Get the stat struct for the owner info. */
if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
- return 0;
+ return map_nt_error_from_unix(errno);
}
/*
* Get the ACL from the fd.
@@ -3027,7 +3027,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
free_inherited_info(pal);
SAFE_FREE(nt_ace_list);
- return sd_size;
+ return NT_STATUS_OK;
}
/****************************************************************************
@@ -3174,7 +3174,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
SMB_STRUCT_STAT sbuf;
NTSTATUS status;
int info;
- size_t sd_size;
unsigned int i, j;
mode_t unx_mode;
@@ -3213,13 +3212,13 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
return status;
}
- sd_size = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
- DACL_SECURITY_INFORMATION, &parent_sd );
+ status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
+ DACL_SECURITY_INFORMATION, &parent_sd );
close_file(parent_fsp, NORMAL_CLOSE);
- if (!sd_size) {
- return NT_STATUS_ACCESS_DENIED;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
/*
@@ -4174,7 +4173,8 @@ SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
finfo.fh->fd = -1;
finfo.fsp_name = CONST_DISCARD(char *,fname);
- if (get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ) == 0) {
+ if (!NT_STATUS_IS_OK(get_nt_acl( &finfo, DACL_SECURITY_INFORMATION,
+ &psd ))) {
DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
conn_free_internal( &conn );
return NULL;