summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/configure.in6
-rw-r--r--source3/include/includes.h2
-rw-r--r--source3/include/proto.h131
-rw-r--r--source3/include/rpc_secdes.h15
-rw-r--r--source3/include/smb.h2
-rw-r--r--source3/include/smb_macros.h12
-rw-r--r--source3/lib/fault.c2
-rw-r--r--source3/lib/module.c16
-rw-r--r--source3/lib/secdesc.c6
-rw-r--r--source3/lib/sharesec.c1
-rw-r--r--source3/lib/system.c153
-rw-r--r--source3/lib/util_seaccess.c4
-rw-r--r--source3/librpc/gen_ndr/security.h6
-rw-r--r--source3/modules/gpfs.c16
-rw-r--r--source3/modules/vfs_acl_xattr.c91
-rw-r--r--source3/modules/vfs_default.c12
-rw-r--r--source3/modules/vfs_netatalk.c2
-rw-r--r--source3/param/loadparm.c45
-rw-r--r--source3/smbd/open.c47
-rw-r--r--source3/smbd/server.c2
-rw-r--r--source3/smbd/trans2.c9
-rw-r--r--source3/torture/nsstest.c4
-rw-r--r--source3/utils/net_dns.c2
23 files changed, 174 insertions, 412 deletions
diff --git a/source3/configure.in b/source3/configure.in
index a59fe32aff..c2a5d1a75f 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -1025,20 +1025,20 @@ if test x"$ac_cv_func_execl" = x"no"; then
EXTRA_BIN_PROGS="$EXTRA_BIN_PROGS bin/smbrun\$(EXEEXT)"
fi
-AC_CHECK_FUNCS(waitpid getcwd strdup strndup strnlen strerror chown fchown lchown chmod fchmod chroot link mknod mknod64)
+AC_CHECK_FUNCS(waitpid getcwd strdup strndup strnlen strerror fchown chmod fchmod mknod mknod64)
AC_CHECK_FUNCS(strtol strtoll strtoul strtoull strtouq __strtoull)
AC_CHECK_FUNCS(fstat strchr chflags)
AC_CHECK_FUNCS(getrlimit fsync fdatasync memset strlcpy strlcat setpgid)
AC_CHECK_FUNCS(memmove setsid glob strpbrk pipe crypt16 getauthuid)
AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent)
-AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf realpath)
+AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf)
AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate chsize stat64 fstat64)
AC_CHECK_FUNCS(lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64)
AC_CHECK_FUNCS(fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf)
AC_CHECK_FUNCS(opendir64 readdir64 seekdir64 telldir64 rewinddir64 closedir64)
AC_CHECK_FUNCS(getpwent_r)
AC_CHECK_FUNCS(getdents getdents64)
-AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink)
+AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl)
AC_CHECK_FUNCS(syslog vsyslog timegm)
AC_CHECK_FUNCS(setlocale nl_langinfo)
AC_CHECK_FUNCS(nanosleep)
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 24e33c1720..73600e379b 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -572,6 +572,7 @@ extern void *cmdline_lp_ctx;
struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx);
/* Lists, trees, caching, database... */
+#include "../lib/util/util.h"
#include "../lib/util/xfile.h"
#include "../lib/util/memory.h"
#include "../lib/util/attr.h"
@@ -619,6 +620,7 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx);
#include "msdfs.h"
#include "rap.h"
#include "../lib/crypto/md5.h"
+#include "../lib/crypto/md4.h"
#include "../lib/crypto/arcfour.h"
#include "../lib/crypto/crc32.h"
#include "../lib/crypto/hmacmd5.h"
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6e0bde3a14..9d7d76e539 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -542,7 +542,6 @@ int cancel_named_event(struct event_context *event_ctx,
void dump_event_list(struct event_context *event_ctx);
/* The following definitions come from lib/fault.c */
-
void fault_setup(void (*fn)(void *));
void dump_core_setup(const char *progname);
@@ -555,10 +554,6 @@ const char *file_id_string_tos(const struct file_id *id);
void push_file_id_16(char *buf, const struct file_id *id);
void pull_file_id_16(char *buf, struct file_id *id);
-/* The following definitions come from lib/fsusage.c */
-
-int sys_fsusage(const char *path, uint64_t *dfree, uint64_t *dsize);
-
/* The following definitions come from lib/gencache.c */
bool gencache_init(void);
@@ -573,13 +568,6 @@ void gencache_iterate(void (*fn)(const char* key, const char *value, time_t time
int gencache_lock_entry( const char *key );
void gencache_unlock_entry( const char *key );
-/* The following definitions come from lib/genrand.c */
-
-void set_rand_reseed_callback(void (*fn)(void *, int *), void *userdata);
-void set_need_random_reseed(void);
-void generate_random_buffer(uint8_t *out, int len);
-char *generate_random_str(TALLOC_CTX *mem_ctx, size_t len);
-
/* The following definitions come from lib/iconv.c */
NTSTATUS smb_register_charset(struct charset_functions *funcs) ;
@@ -619,10 +607,6 @@ void init_ldap_debugging(void);
char *escape_ldap_string_alloc(const char *s);
char *escape_rdn_val_string_alloc(const char *s);
-/* The following definitions come from lib/md4.c */
-
-void mdfour(unsigned char *out, const unsigned char *in, int n);
-
/* The following definitions come from lib/module.c */
NTSTATUS smb_load_module(const char *module_name);
@@ -796,13 +780,6 @@ bool share_access_check(const NT_USER_TOKEN *token, const char *sharename,
uint32 desired_access);
bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd);
-/* The following definitions come from lib/signal.c */
-
-void BlockSignals(bool block,int signum);
-void (*CatchSignal(int signum,void (*handler)(int )))(int);
-void CatchChild(void);
-void CatchChildLeaveStatus(void);
-
/* The following definitions come from lib/smbldap.c */
int smb_ldap_start_tls(LDAP *ldap_struct, int version);
@@ -1023,15 +1000,8 @@ long sys_telldir(SMB_STRUCT_DIR *dirp);
void sys_rewinddir(SMB_STRUCT_DIR *dirp);
int sys_closedir(SMB_STRUCT_DIR *dirp);
int sys_mknod(const char *path, mode_t mode, SMB_DEV_T dev);
-char *sys_realpath(const char *path, char *resolved_path);
int sys_waitpid(pid_t pid,int *status,int options);
char *sys_getwd(char *s);
-int sys_symlink(const char *oldpath, const char *newpath);
-int sys_readlink(const char *path, char *buf, size_t bufsiz);
-int sys_link(const char *oldpath, const char *newpath);
-int sys_chown(const char *fname,uid_t uid,gid_t gid);
-int sys_lchown(const char *fname,uid_t uid,gid_t gid);
-int sys_chroot(const char *dname);
void set_effective_capability(enum smbd_capability capability);
void drop_effective_capability(enum smbd_capability capability);
long sys_random(void);
@@ -1050,10 +1020,6 @@ pid_t sys_fork(void);
pid_t sys_getpid(void);
int sys_popen(const char *command);
int sys_pclose(int fd);
-void *sys_dlopen(const char *name, int flags);
-void *sys_dlsym(void *handle, const char *symbol);
-int sys_dlclose (void *handle);
-const char *sys_dlerror(void);
ssize_t sys_getxattr (const char *path, const char *name, void *value, size_t size);
ssize_t sys_lgetxattr (const char *path, const char *name, void *value, size_t size);
ssize_t sys_fgetxattr (int filedes, const char *name, void *value, size_t size);
@@ -1104,45 +1070,14 @@ void register_msg_pool_usage(struct messaging_context *msg_ctx);
/* The following definitions come from lib/time.c */
-time_t get_time_t_max(void);
-void GetTimeOfDay(struct timeval *tval);
-time_t nt_time_to_unix(NTTIME nt);
-void unix_to_nt_time(NTTIME *nt, time_t t);
-bool null_time(time_t t);
-bool null_nttime(NTTIME t);
-bool null_timespec(struct timespec ts);
void push_dos_date(uint8_t *buf, int offset, time_t unixdate, int zone_offset);
void push_dos_date2(uint8_t *buf,int offset,time_t unixdate, int zone_offset);
void push_dos_date3(uint8_t *buf,int offset,time_t unixdate, int zone_offset);
time_t pull_dos_date(const uint8_t *date_ptr, int zone_offset);
time_t pull_dos_date2(const uint8_t *date_ptr, int zone_offset);
time_t pull_dos_date3(const uint8_t *date_ptr, int zone_offset);
-char *timestring(TALLOC_CTX *mem_ctx, time_t t);
-const char *nt_time_string(TALLOC_CTX *mem_ctx, NTTIME nt);
-NTTIME nttime_from_string(const char *s);
-struct timeval timeval_zero(void);
-bool timeval_is_zero(const struct timeval *tv);
-struct timeval timeval_current(void);
-struct timeval timeval_set(uint32_t secs, uint32_t usecs);
-struct timeval timeval_add(const struct timeval *tv,
- uint32_t secs, uint32_t usecs);
-struct timeval timeval_sum(const struct timeval *tv1,
- const struct timeval *tv2);
-struct timeval timeval_current_ofs(uint32_t secs, uint32_t usecs);
-int timeval_compare(const struct timeval *tv1, const struct timeval *tv2);
-bool timeval_expired(const struct timeval *tv);
-double timeval_elapsed2(const struct timeval *tv1, const struct timeval *tv2);
-double timeval_elapsed(const struct timeval *tv);
-struct timeval timeval_min(const struct timeval *tv1,
- const struct timeval *tv2);
-struct timeval timeval_max(const struct timeval *tv1,
- const struct timeval *tv2);
-struct timeval timeval_until(const struct timeval *tv1,
- const struct timeval *tv2);
-NTTIME timeval_to_nttime(const struct timeval *tv);
uint32 convert_time_t_to_uint32(time_t t);
time_t convert_uint32_to_time_t(uint32 u);
-int get_time_zone(time_t t);
bool nt_time_is_zero(const NTTIME *nt);
time_t generalized_to_unix_time(const char *str);
int get_server_zone_offset(void);
@@ -1179,7 +1114,6 @@ void cli_put_dos_date3(struct cli_state *cli, char *buf, int offset, time_t unix
time_t cli_make_unix_date(struct cli_state *cli, const void *date_ptr);
time_t cli_make_unix_date2(struct cli_state *cli, const void *date_ptr);
time_t cli_make_unix_date3(struct cli_state *cli, const void *date_ptr);
-struct timespec nt_time_to_unix_timespec(NTTIME *nt);
bool nt_time_equals(const NTTIME *nt1, const NTTIME *nt2);
void TimeInit(void);
void get_process_uptime(struct timeval *ret_time);
@@ -1227,16 +1161,12 @@ bool get_cmdline_auth_info_smb_encrypt(void);
bool get_cmdline_auth_info_use_machine_account(void);
bool get_cmdline_auth_info_copy(struct user_auth_info *info);
bool set_cmdline_auth_info_machine_account_creds(void);
-const char *tmpdir(void);
bool add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid,
gid_t **gids, size_t *num_gids);
const char *get_numlist(const char *p, uint32 **num, int *count);
bool file_exist_stat(const char *fname,SMB_STRUCT_STAT *sbuf);
-bool file_exist(const char *fname);
bool socket_exist(const char *fname);
-time_t file_modtime(const char *fname);
bool directory_exist_stat(char *dname,SMB_STRUCT_STAT *st);
-bool directory_exist(const char *dname);
SMB_OFF_T get_file_size(char *file_name);
char *attrib_string(uint16 mode);
void show_msg(char *buf);
@@ -1255,22 +1185,18 @@ bool reinit_after_fork(struct messaging_context *msg_ctx,
bool parent_longlived);
bool yesno(const char *p);
void *malloc_(size_t size);
-void *malloc_array(size_t el_size, unsigned int count);
void *memalign_array(size_t el_size, size_t align, unsigned int count);
void *calloc_array(size_t size, size_t nmemb);
void *Realloc(void *p, size_t size, bool free_old_on_error);
-void *realloc_array(void *p, size_t el_size, unsigned int count, bool free_old_on_error);
void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size,
void *element, void *_array, uint32 *num_elements,
ssize_t *array_size);
-void safe_free(void *p);
char *talloc_get_myname(TALLOC_CTX *ctx);
char *get_mydnsdomname(TALLOC_CTX *ctx);
int interpret_protocol(const char *str,int def);
char *automount_lookup(TALLOC_CTX *ctx, const char *user_name);
char *automount_lookup(TALLOC_CTX *ctx, const char *user_name);
bool process_exists(const struct server_id pid);
-bool process_exists_by_pid(pid_t pid);
const char *uidtoname(uid_t uid);
char *gidtoname(gid_t gid);
uid_t nametouid(const char *name);
@@ -1289,20 +1215,12 @@ void ra_lanman_string( const char *native_lanman );
const char *get_remote_arch_str(void);
void set_remote_arch(enum remote_arch_types type);
enum remote_arch_types get_remote_arch(void);
-void print_asc(int level, const unsigned char *buf,int len);
-void dump_data(int level, const unsigned char *buf1,int len);
-void dump_data_pw(const char *msg, const uchar * data, size_t len);
-void dump_data_skip_zeros(int level, const uint8_t *buf, int len);
const char *tab_depth(int level, int depth);
int str_checksum(const char *s);
void zero_free(void *p, size_t size);
int set_maxfiles(int requested_max);
int smb_mkstemp(char *name_template);
void *smb_xmalloc_array(size_t size, unsigned int count);
-void *smb_xmemdup(const void *p, size_t size);
-char *smb_xstrdup(const char *s);
-char *smb_xstrndup(const char *s, size_t n);
-void *memdup(const void *p, size_t size);
char *myhostname(void);
char *lock_path(const char *name);
char *pid_path(const char *name);
@@ -1363,17 +1281,8 @@ const char *strip_hostname(const char *s);
/* The following definitions come from lib/util_file.c */
-char *fgets_slash(char *s2,int maxlen,XFILE *f);
-char *file_load(const char *fname, size_t *size, size_t maxsize, TALLOC_CTX *mem_ctx);
-char **file_lines_parse(char *p, size_t size, int *numlines, TALLOC_CTX *mem_ctx);
-bool unmap_file(void* start, size_t size);
-void *map_file(const char *fname, size_t size);
-char **file_lines_load(const char *fname, int *numlines, size_t maxsize, TALLOC_CTX *mem_ctx);
-char **fd_lines_load(int fd, int *numlines, size_t maxsize, TALLOC_CTX *mem_ctx);
char **file_lines_pload(const char *syscmd, int *numlines);
void file_lines_free(char **lines);
-void file_lines_slashcont(char **lines);
-bool file_save(const char *fname, const void *packet, size_t length);
/* The following definitions come from lib/util_nscd.c */
@@ -1485,21 +1394,15 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
bool interpret_string_addr_internal(struct addrinfo **ppres,
const char *str, int flags);
-bool is_ipaddress_v4(const char *str);
-bool is_ipaddress(const char *str);
bool is_broadcast_addr(const struct sockaddr *pss);
-uint32 interpret_addr(const char *str);
-struct in_addr interpret_addr2(const char *str);
bool interpret_string_addr(struct sockaddr_storage *pss,
const char *str,
int flags);
bool is_loopback_ip_v4(struct in_addr ip);
bool is_loopback_addr(const struct sockaddr *pss);
-bool is_zero_ip_v4(struct in_addr ip);
bool is_zero_addr(const struct sockaddr *pss);
void zero_ip_v4(struct in_addr *ip);
void zero_addr(struct sockaddr_storage *pss);
-bool same_net_v4(struct in_addr ip1,struct in_addr ip2,struct in_addr mask);
void in_addr_to_sockaddr_storage(struct sockaddr_storage *ss,
struct in_addr ip);
bool same_net(const struct sockaddr *ip1,
@@ -1580,22 +1483,17 @@ bool next_token_no_ltrim_talloc(TALLOC_CTX *ctx,
const char *sep);
int StrCaseCmp(const char *s, const char *t);
int StrnCaseCmp(const char *s, const char *t, size_t len);
-bool strequal(const char *s1, const char *s2);
bool strnequal(const char *s1,const char *s2,size_t n);
bool strcsequal(const char *s1,const char *s2);
-int strwicmp(const char *psz1, const char *psz2);
void strnorm(char *s, int case_default);
bool strisnormal(const char *s, int case_default);
-void string_replace( char *s, char oldc, char newc );
char *push_skip_string(char *buf);
char *skip_string(const char *base, size_t len, char *buf);
size_t str_charnum(const char *s);
size_t str_ascii_charnum(const char *s);
bool trim_char(char *s,char cfront,char cback);
-bool trim_string(char *s,const char *front,const char *back);
bool strhasupper(const char *s);
bool strhaslower(const char *s);
-size_t count_chars(const char *s,char c);
char *safe_strcpy_fn(const char *fn,
int line,
char *dest,
@@ -1613,9 +1511,6 @@ char *alpha_strcpy_fn(const char *fn,
const char *other_safe_chars,
size_t maxlength);
char *StrnCpy_fn(const char *fn, int line,char *dest,const char *src,size_t n);
-size_t strhex_to_str(char *buf, size_t buf_len, const char *strhex, size_t strhex_len);
-DATA_BLOB strhex_to_data_blob(TALLOC_CTX *mem_ctx, const char *strhex);
-char *hex_encode_talloc(TALLOC_CTX *mem_ctx, const unsigned char *buff_in, size_t len);
bool in_list(const char *s, const char *list, bool casesensitive);
void string_free(char **s);
bool string_set(char **dest,const char *src);
@@ -1663,10 +1558,6 @@ size_t strlen_m_term_null(const char *s);
char *binary_string_rfc2254(char *buf, int len);
char *binary_string(char *buf, int len);
int fstr_sprintf(fstring s, const char *fmt, ...);
-char **str_list_make(TALLOC_CTX *mem_ctx, const char *string, const char *sep);
-char **str_list_copy(TALLOC_CTX *mem_ctx, const char **list);
-bool str_list_equal(const char **list1, const char **list2);
-size_t str_list_length( const char * const*list );
bool str_list_sub_basic( char **list, const char *smb_name,
const char *domain_name );
bool str_list_substitute(char **list, const char *pattern, const char *insert);
@@ -1697,9 +1588,6 @@ char *sstring_sub(const char *src, char front, char back);
bool validate_net_name( const char *name,
const char *invalid_chars,
int max_len);
-size_t ascii_len_n(const char *src, size_t n);
-size_t utf16_len(const void *buf);
-size_t utf16_len_n(const void *src, size_t n);
char *escape_shell_string(const char *src);
/* The following definitions come from lib/util_unistr.c */
@@ -1824,25 +1712,6 @@ void wins_srv_tags_free(char **list);
struct in_addr wins_srv_ip_tag(const char *tag, struct in_addr src_ip);
unsigned wins_srv_count_tag(const char *tag);
-/* The following definitions come from lib/xfile.c */
-
-int x_setvbuf(XFILE *f, char *buf, int mode, size_t size);
-XFILE *x_fopen(const char *fname, int flags, mode_t mode);
-XFILE *x_fdup(const XFILE *f);
-int x_fclose(XFILE *f);
-size_t x_fwrite(const void *p, size_t size, size_t nmemb, XFILE *f);
-int x_fileno(const XFILE *f);
-int x_fflush(XFILE *f);
-void x_setbuffer(XFILE *f, char *buf, size_t size);
-void x_setbuf(XFILE *f, char *buf);
-void x_setlinebuf(XFILE *f);
-int x_feof(XFILE *f);
-int x_ferror(XFILE *f);
-int x_fgetc(XFILE *f);
-size_t x_fread(void *p, size_t size, size_t nmemb, XFILE *f);
-char *x_fgets(char *s, int size, XFILE *stream) ;
-off_t x_tseek(XFILE *f, off_t offset, int whence);
-
/* The following definitions come from libads/ads_status.c */
ADS_STATUS ads_build_error(enum ads_error_type etype,
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 15adebe29d..a1cfad9003 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -146,21 +146,6 @@ struct standard_mapping {
#define STD_RIGHT_ALL_ACCESS 0x001F0000
-/* Combinations of standard masks. */
-#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
-#define STANDARD_RIGHTS_MODIFY_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_WRITE_ACCESS \
- (STD_RIGHT_WRITE_OWNER_ACCESS | \
- STD_RIGHT_WRITE_DAC_ACCESS | \
- STD_RIGHT_DELETE_ACCESS) /* 0x000d0000 */
-#define STANDARD_RIGHTS_REQUIRED_ACCESS \
- (STD_RIGHT_DELETE_ACCESS | \
- STD_RIGHT_READ_CONTROL_ACCESS | \
- STD_RIGHT_WRITE_DAC_ACCESS | \
- STD_RIGHT_WRITE_OWNER_ACCESS) /* 0x000f0000 */
-
/* File Object specific access rights */
#define SA_RIGHT_FILE_READ_DATA 0x00000001
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 8b64877d86..fdbad2a22a 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1228,7 +1228,7 @@ struct bitmap {
#define FILE_GENERIC_WRITE (STD_RIGHT_READ_CONTROL_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\
FILE_WRITE_EA|FILE_APPEND_DATA|SYNCHRONIZE_ACCESS)
-#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|\
+#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|FILE_READ_ATTRIBUTES|\
FILE_EXECUTE|SYNCHRONIZE_ACCESS)
/* Share specific rights. */
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index d2e0aa95ac..668dc186d3 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -45,17 +45,7 @@
#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0)
#endif
-/* assert macros */
-#ifdef DEVELOPER
-#define SMB_ASSERT(b) ( (b) ? (void)0 : \
- (DEBUG(0,("PANIC: assert failed at %s(%d): %s\n", \
- __FILE__, __LINE__, #b)), smb_panic("assert failed: " #b)))
-#else
-/* redefine the assert macro for non-developer builds */
-#define SMB_ASSERT(b) ( (b) ? (void)0 : \
- (DEBUG(0,("PANIC: assert failed at %s(%d): %s\n", \
- __FILE__, __LINE__, #b))))
-#endif
+
#define SMB_WARN(condition, message) \
((condition) ? (void)0 : \
diff --git a/source3/lib/fault.c b/source3/lib/fault.c
index d4c1142937..d038e57e1a 100644
--- a/source3/lib/fault.c
+++ b/source3/lib/fault.c
@@ -129,7 +129,7 @@ void dump_core_setup(const char *progname)
}
mkdir(corepath,0700);
- sys_chown(corepath,getuid(),getgid());
+ chown(corepath,getuid(),getgid());
chmod(corepath,0700);
SAFE_FREE(logbase);
diff --git a/source3/lib/module.c b/source3/lib/module.c
index 76983387ff..de13668009 100644
--- a/source3/lib/module.c
+++ b/source3/lib/module.c
@@ -37,11 +37,11 @@ static NTSTATUS do_smb_load_module(const char *module_name, bool is_probe)
* backwards compatibility, there might be symbols in the
* plugin referencing to old (removed) functions
*/
- handle = sys_dlopen(module_name, RTLD_LAZY);
+ handle = dlopen(module_name, RTLD_LAZY);
/* This call should reset any possible non-fatal errors that
occured since last call to dl* functions */
- error = sys_dlerror();
+ error = dlerror();
if(!handle) {
int level = is_probe ? 3 : 0;
@@ -49,15 +49,15 @@ static NTSTATUS do_smb_load_module(const char *module_name, bool is_probe)
return NT_STATUS_UNSUCCESSFUL;
}
- init = (init_module_function *)sys_dlsym(handle, "init_samba_module");
+ init = (init_module_function *)dlsym(handle, "init_samba_module");
- /* we must check sys_dlerror() to determine if it worked, because
- sys_dlsym() can validly return NULL */
- error = sys_dlerror();
+ /* we must check dlerror() to determine if it worked, because
+ dlsym() can validly return NULL */
+ error = dlerror();
if (error) {
DEBUG(0, ("Error trying to resolve symbol 'init_samba_module' "
"in %s: %s\n", module_name, error));
- sys_dlclose(handle);
+ dlclose(handle);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -67,7 +67,7 @@ static NTSTATUS do_smb_load_module(const char *module_name, bool is_probe)
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Module '%s' initialization failed: %s\n",
module_name, get_friendly_nt_error_msg(status)));
- sys_dlclose(handle);
+ dlclose(handle);
}
return status;
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 1da2b3ec93..2987306066 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -529,7 +529,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
/* First add the regular ACE entry. */
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, SEC_ACE_FLAG_INHERITED_ACE);
+ ace->access_mask, 0);
DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
" inherited as %s:%d/0x%02x/0x%08x\n",
@@ -549,7 +549,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
}
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, new_flags | SEC_ACE_FLAG_INHERITED_ACE);
+ ace->access_mask, new_flags);
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n",
@@ -565,7 +565,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
/* Create child security descriptor to return */
new_dacl = make_sec_acl(ctx,
- ACL_REVISION,
+ NT4_ACL_REVISION,
new_ace_list_ndx,
new_ace_list);
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index b90346ff7e..8ea63a5824 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -279,7 +279,6 @@ bool share_access_check(const NT_USER_TOKEN *token, const char *sharename,
NTSTATUS status;
SEC_DESC *psd = NULL;
size_t sd_size;
- bool ret = True;
psd = get_share_security(talloc_tos(), sharename, &sd_size);
diff --git a/source3/lib/system.c b/source3/lib/system.c
index 6d33a1c360..86c4ef2097 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -538,21 +538,6 @@ int sys_mknod(const char *path, mode_t mode, SMB_DEV_T dev)
}
/*******************************************************************
- Wrapper for realpath.
-********************************************************************/
-
-char *sys_realpath(const char *path, char *resolved_path)
-{
-#if defined(HAVE_REALPATH)
- return realpath(path, resolved_path);
-#else
- /* As realpath is not a system call we can't return ENOSYS. */
- errno = EINVAL;
- return NULL;
-#endif
-}
-
-/*******************************************************************
The wait() calls vary between systems
********************************************************************/
@@ -580,104 +565,6 @@ char *sys_getwd(char *s)
return wd;
}
-/*******************************************************************
-system wrapper for symlink
-********************************************************************/
-
-int sys_symlink(const char *oldpath, const char *newpath)
-{
-#ifndef HAVE_SYMLINK
- errno = ENOSYS;
- return -1;
-#else
- return symlink(oldpath, newpath);
-#endif
-}
-
-/*******************************************************************
-system wrapper for readlink
-********************************************************************/
-
-int sys_readlink(const char *path, char *buf, size_t bufsiz)
-{
-#ifndef HAVE_READLINK
- errno = ENOSYS;
- return -1;
-#else
- return readlink(path, buf, bufsiz);
-#endif
-}
-
-/*******************************************************************
-system wrapper for link
-********************************************************************/
-
-int sys_link(const char *oldpath, const char *newpath)
-{
-#ifndef HAVE_LINK
- errno = ENOSYS;
- return -1;
-#else
- return link(oldpath, newpath);
-#endif
-}
-
-/*******************************************************************
-chown isn't used much but OS/2 doesn't have it
-********************************************************************/
-
-int sys_chown(const char *fname,uid_t uid,gid_t gid)
-{
-#ifndef HAVE_CHOWN
- static int done;
- if (!done) {
- DEBUG(1,("WARNING: no chown!\n"));
- done=1;
- }
- errno = ENOSYS;
- return -1;
-#else
- return(chown(fname,uid,gid));
-#endif
-}
-
-/*******************************************************************
- Wrapper for lchown.
-********************************************************************/
-
-int sys_lchown(const char *fname,uid_t uid,gid_t gid)
-{
-#ifndef HAVE_LCHOWN
- static int done;
- if (!done) {
- DEBUG(1,("WARNING: no lchown!\n"));
- done=1;
- }
- errno = ENOSYS;
- return -1;
-#else
- return(lchown(fname,uid,gid));
-#endif
-}
-
-/*******************************************************************
-os/2 also doesn't have chroot
-********************************************************************/
-int sys_chroot(const char *dname)
-{
-#ifndef HAVE_CHROOT
- static int done;
- if (!done) {
- DEBUG(1,("WARNING: no chroot!\n"));
- done=1;
- }
- errno = ENOSYS;
- return -1;
-#else
- return(chroot(dname));
-#endif
-}
-
#if defined(HAVE_POSIX_CAPABILITIES)
/**************************************************************************
@@ -1304,46 +1191,6 @@ int sys_pclose(int fd)
}
/**************************************************************************
- Wrappers for dlopen, dlsym, dlclose.
-****************************************************************************/
-
-void *sys_dlopen(const char *name, int flags)
-{
-#if defined(HAVE_DLOPEN)
- return dlopen(name, flags);
-#else
- return NULL;
-#endif
-}
-
-void *sys_dlsym(void *handle, const char *symbol)
-{
-#if defined(HAVE_DLSYM)
- return dlsym(handle, symbol);
-#else
- return NULL;
-#endif
-}
-
-int sys_dlclose (void *handle)
-{
-#if defined(HAVE_DLCLOSE)
- return dlclose(handle);
-#else
- return 0;
-#endif
-}
-
-const char *sys_dlerror(void)
-{
-#if defined(HAVE_DLERROR)
- return dlerror();
-#else
- return NULL;
-#endif
-}
-
-/**************************************************************************
Wrapper for Admin Logs.
****************************************************************************/
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 17d4b78202..d7fdc9a8b9 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -110,7 +110,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
{
uint32_t denied = 0, granted = 0;
unsigned i;
-
+
if (is_sid_in_token(token, sd->owner_sid)) {
granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
} else if (user_has_privileges(token, &se_restore)) {
@@ -120,7 +120,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
if (sd->dacl == NULL) {
return granted & ~denied;
}
-
+
for (i = 0;i<sd->dacl->num_aces; i++) {
struct security_ace *ace = &sd->dacl->aces[i];
diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h
index 5b77d76b50..bb06dc2584 100644
--- a/source3/librpc/gen_ndr/security.h
+++ b/source3/librpc/gen_ndr/security.h
@@ -68,6 +68,12 @@
#define SEC_RIGHTS_DIR_WRITE ( SEC_RIGHTS_FILE_WRITE )
#define SEC_RIGHTS_DIR_EXECUTE ( SEC_RIGHTS_FILE_EXECUTE )
#define SEC_RIGHTS_DIR_ALL ( SEC_RIGHTS_FILE_ALL )
+#define STANDARD_RIGHTS_ALL_ACCESS ( SEC_STD_ALL )
+#define STANDARD_RIGHTS_MODIFY_ACCESS ( SEC_STD_READ_CONTROL )
+#define STANDARD_RIGHTS_EXECUTE_ACCESS ( SEC_STD_READ_CONTROL )
+#define STANDARD_RIGHTS_READ_ACCESS ( SEC_STD_READ_CONTROL )
+#define STANDARD_RIGHTS_WRITE_ACCESS ( (SEC_STD_WRITE_OWNER|SEC_STD_WRITE_DAC|SEC_STD_DELETE) )
+#define STANDARD_RIGHTS_REQUIRED_ACCESS ( (SEC_STD_DELETE|SEC_STD_READ_CONTROL|SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER) )
#define SID_NULL ( "S-1-0-0" )
#define NAME_WORLD ( "WORLD" )
#define SID_WORLD_DOMAIN ( "S-1-1" )
diff --git a/source3/modules/gpfs.c b/source3/modules/gpfs.c
index 590dbac26f..a0d33fa33a 100644
--- a/source3/modules/gpfs.c
+++ b/source3/modules/gpfs.c
@@ -141,40 +141,40 @@ void init_gpfs(void)
return;
}
- libgpfs_handle = sys_dlopen("libgpfs_gpl.so", RTLD_LAZY);
+ libgpfs_handle = dlopen("libgpfs_gpl.so", RTLD_LAZY);
if (libgpfs_handle == NULL) {
- DEBUG(10, ("sys_dlopen for libgpfs_gpl failed: %s\n",
+ DEBUG(10, ("dlopen for libgpfs_gpl failed: %s\n",
strerror(errno)));
return;
}
DEBUG(10, ("libgpfs_gpl.so loaded\n"));
- gpfs_set_share_fn = sys_dlsym(libgpfs_handle, "gpfs_set_share");
+ gpfs_set_share_fn = dlsym(libgpfs_handle, "gpfs_set_share");
if (gpfs_set_share_fn == NULL) {
DEBUG(3, ("libgpfs_gpl.so does not contain the symbol "
"'gpfs_set_share'\n"));
goto failed;
}
- gpfs_set_lease_fn = sys_dlsym(libgpfs_handle, "gpfs_set_lease");
+ gpfs_set_lease_fn = dlsym(libgpfs_handle, "gpfs_set_lease");
if (gpfs_set_lease_fn == NULL) {
DEBUG(3, ("libgpfs_gpl.so does not contain the symbol "
"'gpfs_set_lease'\n"));
- sys_dlclose(libgpfs_handle);
+ dlclose(libgpfs_handle);
goto failed;
}
- gpfs_getacl_fn = sys_dlsym(libgpfs_handle, "gpfs_getacl");
+ gpfs_getacl_fn = dlsym(libgpfs_handle, "gpfs_getacl");
if (gpfs_getacl_fn == NULL) {
DEBUG(3, ("libgpfs_gpl.so does not contain the symbol "
"'gpfs_getacl'\n"));
goto failed;
}
- gpfs_putacl_fn = sys_dlsym(libgpfs_handle, "gpfs_putacl");
+ gpfs_putacl_fn = dlsym(libgpfs_handle, "gpfs_putacl");
if (gpfs_putacl_fn == NULL) {
DEBUG(3, ("libgpfs_gpl.so does not contain the symbol "
"'gpfs_putacl'\n"));
@@ -187,7 +187,7 @@ void init_gpfs(void)
return;
failed:
- sys_dlclose(libgpfs_handle);
+ dlclose(libgpfs_handle);
/* leave libgpfs_handle != NULL around, no point
in trying twice */
gpfs_set_share_fn = NULL;
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index ca34e97155..e465e8f380 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -144,7 +144,7 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
return NT_STATUS_OK;
}
-static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob)
+static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob)
{
struct xattr_NTACL xacl;
struct security_descriptor_timestamp sd_ts;
@@ -163,7 +163,7 @@ static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob)
xacl.version = 2;
xacl.info.sd_ts = &sd_ts;
- xacl.info.sd_ts->sd = CONST_DISCARD(SEC_DESC *, psd);
+ xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd);
unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr);
DEBUG(10, ("create_acl_blob: timestamp stored as %s\n",
@@ -250,7 +250,7 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
files_struct *fsp,
const char *name,
uint32 security_info,
- SEC_DESC **ppdesc)
+ struct security_descriptor **ppdesc)
{
TALLOC_CTX *ctx = talloc_tos();
DATA_BLOB blob;
@@ -292,8 +292,50 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
}
/*********************************************************************
- * Currently this only works for existing files. Need to work on
- * inheritance for new files.
+ Create a default security descriptor for a file in case no inheritance
+ exists. All permissions to the owner and SYSTEM.
+*********************************************************************/
+
+static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx,
+ SMB_STRUCT_STAT *psbuf)
+{
+ struct dom_sid owner_sid, group_sid;
+ size_t sd_size;
+ struct security_ace *pace = NULL;
+ struct security_acl *pacl = NULL;
+
+ uid_to_sid(&owner_sid, psbuf->st_uid);
+ gid_to_sid(&group_sid, psbuf->st_gid);
+
+ pace = TALLOC_ARRAY(mem_ctx, struct security_ace, 2);
+ if (!pace) {
+ return NULL;
+ }
+
+ init_sec_ace(&pace[0], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_RIGHTS_FILE_ALL, 0);
+ init_sec_ace(&pace[1], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_RIGHTS_FILE_ALL, 0);
+
+ pacl = make_sec_acl(mem_ctx,
+ NT4_ACL_REVISION,
+ 2,
+ pace);
+ if (!pacl) {
+ return NULL;
+ }
+ return make_sec_desc(mem_ctx,
+ SECURITY_DESCRIPTOR_REVISION_1,
+ SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|
+ SEC_DESC_DACL_DEFAULTED,
+ &owner_sid,
+ &group_sid,
+ NULL,
+ pacl,
+ &sd_size);
+}
+
+/*********************************************************************
*********************************************************************/
static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
@@ -303,8 +345,8 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
{
TALLOC_CTX *ctx = talloc_tos();
NTSTATUS status;
- SEC_DESC *parent_desc = NULL;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *parent_desc = NULL;
+ struct security_descriptor *psd = NULL;
DATA_BLOB blob;
size_t size;
char *parent_name;
@@ -343,6 +385,25 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+ if (psd->dacl == NULL) {
+ SMB_STRUCT_STAT sbuf;
+ int ret;
+
+ TALLOC_FREE(psd);
+ if (fsp && !fsp->is_directory && fsp->fh->fd != -1) {
+ ret = SMB_VFS_FSTAT(fsp, &sbuf);
+ } else {
+ ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf);
+ }
+ if (ret == -1) {
+ return map_nt_error_from_unix(errno);
+ }
+ psd = default_file_sd(ctx, &sbuf);
+ if (!psd) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
status = create_acl_blob(psd, &blob);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -365,7 +426,7 @@ static int open_acl_xattr(vfs_handle_struct *handle,
mode_t mode)
{
uint32_t access_granted = 0;
- SEC_DESC *pdesc = NULL;
+ struct security_descriptor *pdesc = NULL;
bool file_existed = true;
NTSTATUS status = get_nt_acl_xattr_internal(handle,
NULL,
@@ -417,7 +478,7 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t m
}
static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info, SEC_DESC **ppdesc)
+ uint32 security_info, struct security_descriptor **ppdesc)
{
NTSTATUS status = get_nt_acl_xattr_internal(handle, fsp,
NULL, security_info, ppdesc);
@@ -434,7 +495,7 @@ static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
}
static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle,
- const char *name, uint32 security_info, SEC_DESC **ppdesc)
+ const char *name, uint32 security_info, struct security_descriptor **ppdesc)
{
NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL,
name, security_info, ppdesc);
@@ -451,7 +512,7 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle,
}
static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info_sent, const SEC_DESC *psd)
+ uint32 security_info_sent, const struct security_descriptor *psd)
{
NTSTATUS status;
DATA_BLOB blob;
@@ -460,7 +521,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n",
fsp->fsp_name));
NDR_PRINT_DEBUG(security_descriptor,
- CONST_DISCARD(SEC_DESC *,psd));
+ CONST_DISCARD(struct security_descriptor *,psd));
}
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
@@ -473,7 +534,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
int ret;
SMB_STRUCT_STAT sbuf;
DOM_SID owner_sid, group_sid;
- SEC_DESC *nc_psd = dup_sec_desc(talloc_tos(), psd);
+ struct security_descriptor *nc_psd = dup_sec_desc(talloc_tos(), psd);
if (!nc_psd) {
return NT_STATUS_OK;
@@ -502,7 +563,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
SE_DESC_DACL_AUTO_INHERIT_REQ))==
(SE_DESC_DACL_AUTO_INHERITED|
SE_DESC_DACL_AUTO_INHERIT_REQ) ) {
- SEC_DESC *new_psd = NULL;
+ struct security_descriptor *new_psd = NULL;
status = append_parent_acl(fsp, psd, &new_psd);
if (!NT_STATUS_IS_OK(status)) {
/* Lower level acl set succeeded,
@@ -516,7 +577,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n",
fsp->fsp_name));
NDR_PRINT_DEBUG(security_descriptor,
- CONST_DISCARD(SEC_DESC *,psd));
+ CONST_DISCARD(struct security_descriptor *,psd));
}
create_acl_blob(psd, &blob);
store_acl_blob_fsp(fsp, &blob);
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 275c2f53c4..d972828ba9 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -596,7 +596,7 @@ static int vfswrap_chown(vfs_handle_struct *handle, const char *path, uid_t uid,
int result;
START_PROFILE(syscall_chown);
- result = sys_chown(path, uid, gid);
+ result = chown(path, uid, gid);
END_PROFILE(syscall_chown);
return result;
}
@@ -621,7 +621,7 @@ static int vfswrap_lchown(vfs_handle_struct *handle, const char *path, uid_t uid
int result;
START_PROFILE(syscall_lchown);
- result = sys_lchown(path, uid, gid);
+ result = lchown(path, uid, gid);
END_PROFILE(syscall_lchown);
return result;
}
@@ -869,7 +869,7 @@ static int vfswrap_symlink(vfs_handle_struct *handle, const char *oldpath, cons
int result;
START_PROFILE(syscall_symlink);
- result = sys_symlink(oldpath, newpath);
+ result = symlink(oldpath, newpath);
END_PROFILE(syscall_symlink);
return result;
}
@@ -879,7 +879,7 @@ static int vfswrap_readlink(vfs_handle_struct *handle, const char *path, char *
int result;
START_PROFILE(syscall_readlink);
- result = sys_readlink(path, buf, bufsiz);
+ result = readlink(path, buf, bufsiz);
END_PROFILE(syscall_readlink);
return result;
}
@@ -889,7 +889,7 @@ static int vfswrap_link(vfs_handle_struct *handle, const char *oldpath, const c
int result;
START_PROFILE(syscall_link);
- result = sys_link(oldpath, newpath);
+ result = link(oldpath, newpath);
END_PROFILE(syscall_link);
return result;
}
@@ -909,7 +909,7 @@ static char *vfswrap_realpath(vfs_handle_struct *handle, const char *path, char
char *result;
START_PROFILE(syscall_realpath);
- result = sys_realpath(path, resolved_path);
+ result = realpath(path, resolved_path);
END_PROFILE(syscall_realpath);
return result;
}
diff --git a/source3/modules/vfs_netatalk.c b/source3/modules/vfs_netatalk.c
index 2cc4a6c4ba..ca7085ca18 100644
--- a/source3/modules/vfs_netatalk.c
+++ b/source3/modules/vfs_netatalk.c
@@ -399,7 +399,7 @@ static int atalk_lchown(struct vfs_handle_struct *handle, const char *path, uid_
goto exit_lchown;
}
- sys_lchown(adbl_path, uid, gid);
+ lchown(adbl_path, uid, gid);
exit_lchown:
talloc_destroy(ctx);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d91d34d29b..800a47c343 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -5418,7 +5418,6 @@ FN_GLOBAL_INTEGER(lp_client_ldap_sasl_wrapping, &Globals.client_ldap_sasl_wrappi
static int map_parameter(const char *pszParmName);
static int map_parameter_canonical(const char *pszParmName, bool *inverse);
-static bool set_boolean(bool *pb, const char *pszParmValue);
static const char *get_boolean(bool bool_value);
static int getservicebyname(const char *pszServiceName,
struct service *pserviceDest);
@@ -5532,7 +5531,7 @@ static bool lp_bool(const char *s)
return False;
}
- if (!set_boolean(&ret,s)) {
+ if (!set_boolean(s, &ret)) {
DEBUG(0,("lp_bool(%s): value is not boolean!\n",s));
return False;
}
@@ -6315,48 +6314,12 @@ void show_parameter_list(void)
}
/***************************************************************************
- Set a boolean variable from the text value stored in the passed string.
- Returns True in success, False if the passed string does not correctly
- represent a boolean.
-***************************************************************************/
-
-static bool set_boolean(bool *pb, const char *pszParmValue)
-{
- bool bRetval;
- bool value;
-
- bRetval = True;
- value = False;
- if (strwicmp(pszParmValue, "yes") == 0 ||
- strwicmp(pszParmValue, "true") == 0 ||
- strwicmp(pszParmValue, "1") == 0)
- value = True;
- else if (strwicmp(pszParmValue, "no") == 0 ||
- strwicmp(pszParmValue, "False") == 0 ||
- strwicmp(pszParmValue, "0") == 0)
- value = False;
- else {
- DEBUG(2,
- ("ERROR: Badly formed boolean in configuration file: \"%s\".\n",
- pszParmValue));
- bRetval = False;
- }
-
- if ((pb != NULL) && (bRetval != False)) {
- *pb = value;
- }
-
- return (bRetval);
-}
-
-
-/***************************************************************************
Check if a given string correctly represents a boolean value.
***************************************************************************/
bool lp_string_is_valid_boolean(const char *parm_value)
{
- return set_boolean(NULL, parm_value);
+ return set_boolean(parm_value, NULL);
}
/***************************************************************************
@@ -6381,7 +6344,7 @@ bool lp_invert_boolean(const char *str, const char **inverse_str)
{
bool val;
- if (!set_boolean(&val, str)) {
+ if (!set_boolean(str, &val)) {
return False;
}
@@ -6399,7 +6362,7 @@ bool lp_canonicalize_boolean(const char *str, const char**canon_str)
{
bool val;
- if (!set_boolean(&val, str)) {
+ if (!set_boolean(str, &val)) {
return False;
}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 1564525005..5836c43afc 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1370,16 +1370,53 @@ NTSTATUS open_file_ntcreate(connection_struct *conn,
}
}
- /* This is a nasty hack - must fix... JRA. */
- if (access_mask == MAXIMUM_ALLOWED_ACCESS) {
- open_access_mask = access_mask = FILE_GENERIC_ALL;
- }
-
/*
* Convert GENERIC bits to specific bits.
*/
se_map_generic(&access_mask, &file_generic_mapping);
+
+ /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
+ if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
+ if (file_existed) {
+ struct security_descriptor *sd;
+ uint32_t access_granted = 0;
+
+ status = SMB_VFS_GET_NT_ACL(conn, fname,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),&sd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("open_file_ntcreate: Could not get acl "
+ "on file %s: %s\n",
+ fname,
+ nt_errstr(status)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ status = se_access_check(sd, conn->server_info->ptok,
+ access_mask, &access_granted);
+
+ TALLOC_FREE(sd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("open_file_ntcreate: Access denied on "
+ "file %s: when calculating maximum access\n",
+ fname));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ access_mask = access_granted;
+ /*
+ * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
+ */
+ access_mask |= FILE_READ_ATTRIBUTES;
+ } else {
+ access_mask = FILE_GENERIC_ALL;
+ }
+ }
+
open_access_mask = access_mask;
if ((flags2 & O_TRUNC) || (oplock_request & FORCE_OPLOCK_BREAK_TO_NONE)) {
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 4e81263ee4..7583da65a5 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1415,7 +1415,7 @@ extern void build_options(bool screen);
}
if (*lp_rootdir()) {
- if (sys_chroot(lp_rootdir()) == 0)
+ if (chroot(lp_rootdir()) == 0)
DEBUG(2,("Changed root to %s\n", lp_rootdir()));
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 1da45a8b58..a450a56e72 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3846,7 +3846,6 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
files_struct *fsp = NULL;
struct file_id fileid;
struct ea_list *ea_list = NULL;
- uint32 access_mask = 0x12019F; /* Default - GENERIC_EXECUTE mapping from Windows */
char *lock_data = NULL;
bool ms_dfs_link = false;
TALLOC_CTX *ctx = talloc_tos();
@@ -3939,7 +3938,6 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
pos = fsp->fh->position_information;
fileid = vfs_file_id_from_sbuf(conn, &sbuf);
get_file_infos(fileid, &delete_pending, &write_time_ts);
- access_mask = fsp->access_mask;
}
} else {
@@ -4403,7 +4401,12 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
case SMB_FILE_ACCESS_INFORMATION:
DEBUG(10,("call_trans2qfilepathinfo: SMB_FILE_ACCESS_INFORMATION\n"));
- SIVAL(pdata,0,access_mask);
+ if (fsp) {
+ SIVAL(pdata,0,fsp->access_mask);
+ } else {
+ /* GENERIC_EXECUTE mapping from Windows */
+ SIVAL(pdata,0,0x12019F);
+ }
data_size = 4;
break;
diff --git a/source3/torture/nsstest.c b/source3/torture/nsstest.c
index 6bd0efe1af..352b3fa33c 100644
--- a/source3/torture/nsstest.c
+++ b/source3/torture/nsstest.c
@@ -37,13 +37,13 @@ static void *find_fn(const char *name)
}
if (!h) {
- h = sys_dlopen(so_path, RTLD_LAZY);
+ h = dlopen(so_path, RTLD_LAZY);
}
if (!h) {
printf("Can't open shared library %s\n", so_path);
exit(1);
}
- res = sys_dlsym(h, s);
+ res = dlsym(h, s);
if (!res) {
printf("Can't find function %s\n", s);
total_errors++;
diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c
index 4e617a1968..f4ad6f7b47 100644
--- a/source3/utils/net_dns.c
+++ b/source3/utils/net_dns.c
@@ -169,7 +169,7 @@ int get_my_ip_address( struct sockaddr_storage **pp_ss )
continue;
/* Don't register loopback addresses */
- if (is_loopback_addr(nic_sa_storage)) {
+ if (is_loopback_addr((struct sockaddr *)nic_sa_storage)) {
continue;
}