From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/lib/sharesec.c | 308 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 308 insertions(+) create mode 100644 source3/lib/sharesec.c (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c new file mode 100644 index 0000000000..b98e304582 --- /dev/null +++ b/source3/lib/sharesec.c @@ -0,0 +1,308 @@ +/* + * Unix SMB/Netbios implementation. + * SEC_DESC handling functions + * Copyright (C) Jeremy R. Allison 1995-2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +/******************************************************************* + Create the share security tdb. + ********************************************************************/ + +static TDB_CONTEXT *share_tdb; /* used for share security descriptors */ +#define SHARE_DATABASE_VERSION_V1 1 +#define SHARE_DATABASE_VERSION_V2 2 /* version id in little endian. */ + +/* Map generic permissions to file object specific permissions */ + +static struct generic_mapping file_generic_mapping = { + FILE_GENERIC_READ, + FILE_GENERIC_WRITE, + FILE_GENERIC_EXECUTE, + FILE_GENERIC_ALL +}; + + +BOOL share_info_db_init(void) +{ + const char *vstring = "INFO/version"; + int32 vers_id; + + if (share_tdb) { + return True; + } + + share_tdb = tdb_open_log(lock_path("share_info.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + if (!share_tdb) { + DEBUG(0,("Failed to open share info database %s (%s)\n", + lock_path("share_info.tdb"), strerror(errno) )); + return False; + } + + /* handle a Samba upgrade */ + tdb_lock_bystring(share_tdb, vstring, 0); + + /* Cope with byte-reversed older versions of the db. */ + vers_id = tdb_fetch_int32(share_tdb, vstring); + if ((vers_id == SHARE_DATABASE_VERSION_V1) || (IREV(vers_id) == SHARE_DATABASE_VERSION_V1)) { + /* Written on a bigendian machine with old fetch_int code. Save as le. */ + tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); + vers_id = SHARE_DATABASE_VERSION_V2; + } + + if (vers_id != SHARE_DATABASE_VERSION_V2) { + tdb_traverse(share_tdb, tdb_traverse_delete_fn, NULL); + tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); + } + tdb_unlock_bystring(share_tdb, vstring); + + return True; +} + +/******************************************************************* + Fake up a Everyone, default access as a default. + def_access is a GENERIC_XXX access mode. + ********************************************************************/ + +SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access) +{ + SEC_ACCESS sa; + SEC_ACE ace; + SEC_ACL *psa = NULL; + SEC_DESC *psd = NULL; + uint32 spec_access = def_access; + + se_map_generic(&spec_access, &file_generic_mapping); + + init_sec_access(&sa, def_access | spec_access ); + init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { + psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, psize); + } + + if (!psd) { + DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); + return NULL; + } + + return psd; +} + +/******************************************************************* + Pull a security descriptor from the share tdb. + ********************************************************************/ + +SEC_DESC *get_share_security( TALLOC_CTX *ctx, int snum, size_t *psize) +{ + prs_struct ps; + fstring key; + SEC_DESC *psd = NULL; + + if (!share_info_db_init()) { + return NULL; + } + + *psize = 0; + + /* Fetch security descriptor from tdb */ + + slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum)); + + if (tdb_prs_fetch(share_tdb, key, &ps, ctx)!=0 || + !sec_io_desc("get_share_security", &psd, &ps, 1)) { + + DEBUG(4,("get_share_security: using default secdesc for %s\n", lp_servicename(snum) )); + + return get_share_security_default(ctx, psize, GENERIC_ALL_ACCESS); + } + + if (psd) + *psize = sec_desc_size(psd); + + prs_mem_free(&ps); + return psd; +} + +/******************************************************************* + Store a security descriptor in the share db. + ********************************************************************/ + +BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC *psd) +{ + prs_struct ps; + TALLOC_CTX *mem_ctx = NULL; + fstring key; + BOOL ret = False; + + if (!share_info_db_init()) { + return False; + } + + mem_ctx = talloc_init("set_share_security"); + if (mem_ctx == NULL) + return False; + + prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL); + + if (!sec_io_desc("share_security", &psd, &ps, 1)) + goto out; + + slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name); + + if (tdb_prs_store(share_tdb, key, &ps)==0) { + ret = True; + DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name )); + } else { + DEBUG(1,("set_share_security: Failed to store secdesc for %s\n", share_name )); + } + + /* Free malloc'ed memory */ + +out: + + prs_mem_free(&ps); + if (mem_ctx) + talloc_destroy(mem_ctx); + return ret; +} + +/******************************************************************* + Delete a security descriptor. +********************************************************************/ + +BOOL delete_share_security(int snum) +{ + TDB_DATA kbuf; + fstring key; + + slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum)); + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + if (tdb_delete(share_tdb, kbuf) != 0) { + DEBUG(0,("delete_share_security: Failed to delete entry for share %s\n", + lp_servicename(snum) )); + return False; + } + + return True; +} + +/*************************************************************************** + Parse the contents of an acl string from a usershare file. +***************************************************************************/ + +BOOL parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) +{ + size_t s_size = 0; + const char *pacl = acl_str; + int num_aces = 0; + SEC_ACE *ace_list = NULL; + SEC_ACL *psa = NULL; + SEC_DESC *psd = NULL; + size_t sd_size = 0; + int i; + + *ppsd = NULL; + + /* If the acl string is blank return "Everyone:R" */ + if (!*acl_str) { + SEC_DESC *default_psd = get_share_security_default(ctx, &s_size, GENERIC_READ_ACCESS); + if (!default_psd) { + return False; + } + *ppsd = default_psd; + return True; + } + + num_aces = 1; + + /* Add the number of ',' characters to get the number of aces. */ + num_aces += count_chars(pacl,','); + + ace_list = TALLOC_ARRAY(ctx, SEC_ACE, num_aces); + if (!ace_list) { + return False; + } + + for (i = 0; i < num_aces; i++) { + SEC_ACCESS sa; + uint32 g_access; + uint32 s_access; + DOM_SID sid; + fstring sidstr; + uint8 type = SEC_ACE_TYPE_ACCESS_ALLOWED; + + if (!next_token(&pacl, sidstr, ":", sizeof(sidstr))) { + DEBUG(0,("parse_usershare_acl: malformed usershare acl looking " + "for ':' in string '%s'\n", pacl)); + return False; + } + + if (!string_to_sid(&sid, sidstr)) { + DEBUG(0,("parse_usershare_acl: failed to convert %s to sid.\n", + sidstr )); + return False; + } + + switch (*pacl) { + case 'F': /* Full Control, ie. R+W */ + case 'f': /* Full Control, ie. R+W */ + s_access = g_access = GENERIC_ALL_ACCESS; + break; + case 'R': /* Read only. */ + case 'r': /* Read only. */ + s_access = g_access = GENERIC_READ_ACCESS; + break; + case 'D': /* Deny all to this SID. */ + case 'd': /* Deny all to this SID. */ + type = SEC_ACE_TYPE_ACCESS_DENIED; + s_access = g_access = GENERIC_ALL_ACCESS; + break; + default: + DEBUG(0,("parse_usershare_acl: unknown acl type at %s.\n", + pacl )); + return False; + } + + pacl++; + if (*pacl && *pacl != ',') { + DEBUG(0,("parse_usershare_acl: bad acl string at %s.\n", + pacl )); + return False; + } + pacl++; /* Go past any ',' */ + + se_map_generic(&s_access, &file_generic_mapping); + init_sec_access(&sa, g_access | s_access ); + init_sec_ace(&ace_list[i], &sid, type, sa, 0); + } + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, num_aces, ace_list)) != NULL) { + psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, &sd_size); + } + + if (!psd) { + DEBUG(0,("parse_usershare_acl: Failed to make SEC_DESC.\n")); + return False; + } + + *ppsd = psd; + return True; +} -- cgit From e17302200c138eec7df504a7f4b2bde46073a810 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 17 Apr 2006 11:49:06 +0000 Subject: r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring does not have the timeout argument in Samba4. Add a new routine tdb_lock_bystring_with_timeout. Volker (This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index b98e304582..8105d5c37a 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -55,7 +55,7 @@ BOOL share_info_db_init(void) } /* handle a Samba upgrade */ - tdb_lock_bystring(share_tdb, vstring, 0); + tdb_lock_bystring(share_tdb, vstring); /* Cope with byte-reversed older versions of the db. */ vers_id = tdb_fetch_int32(share_tdb, vstring); -- cgit From 1f2419d9f8be0efcf2e43ecf97ea59d501e62fe8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 14 Jul 2006 17:46:06 +0000 Subject: r17032: I thought I had already merged this from trunk: > r16959 | vlendec | 2006-07-11 23:10:44 +0200 (Di, 11 Jul 2006) | 1 line > > get_share_security does not need snum, activate RPC-SAMBA3-SRVSVC Volker (This used to be commit c89471e15766fcdbfa4f40701e12c19f95c2d8ef) --- source3/lib/sharesec.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 8105d5c37a..9c40eb0ac7 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -108,7 +108,8 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def Pull a security descriptor from the share tdb. ********************************************************************/ -SEC_DESC *get_share_security( TALLOC_CTX *ctx, int snum, size_t *psize) +SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, + size_t *psize) { prs_struct ps; fstring key; @@ -122,12 +123,13 @@ SEC_DESC *get_share_security( TALLOC_CTX *ctx, int snum, size_t *psize) /* Fetch security descriptor from tdb */ - slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum)); + slprintf(key, sizeof(key)-1, "SECDESC/%s", servicename); if (tdb_prs_fetch(share_tdb, key, &ps, ctx)!=0 || !sec_io_desc("get_share_security", &psd, &ps, 1)) { - DEBUG(4,("get_share_security: using default secdesc for %s\n", lp_servicename(snum) )); + DEBUG(4, ("get_share_security: using default secdesc for %s\n", + servicename)); return get_share_security_default(ctx, psize, GENERIC_ALL_ACCESS); } -- cgit From 4c713703d046f756989e7eb901e884829825593c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 17 Jul 2006 19:53:15 +0000 Subject: r17097: Move share_access_check from rpc_server/srv_srvsvc_nt.c to lib/sharesec.c (This used to be commit 220dd4333032aea238066e3fbec9fca51ed16ddf) --- source3/lib/sharesec.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 9c40eb0ac7..0c8035e3dc 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -206,6 +206,37 @@ BOOL delete_share_security(int snum) return True; } +/******************************************************************* + Can this user access with share with the required permissions ? +********************************************************************/ + +BOOL share_access_check(const NT_USER_TOKEN *token, const char *sharename, + uint32 desired_access) +{ + uint32 granted; + NTSTATUS status; + TALLOC_CTX *mem_ctx = NULL; + SEC_DESC *psd = NULL; + size_t sd_size; + BOOL ret = True; + + if (!(mem_ctx = talloc_init("share_access_check"))) { + return False; + } + + psd = get_share_security(mem_ctx, sharename, &sd_size); + + if (!psd) { + TALLOC_FREE(mem_ctx); + return True; + } + + ret = se_access_check(psd, token, desired_access, &granted, &status); + + talloc_destroy(mem_ctx); + return ret; +} + /*************************************************************************** Parse the contents of an acl string from a usershare file. ***************************************************************************/ -- cgit From 2a10d7686553a2c2377165b7f80269d2dcae8847 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 21 Oct 2006 17:00:47 +0000 Subject: r19448: Convert delete_share_security to struct share_params plus some cleanups (This used to be commit c73d0815a3a1f58b951caa62fac601a8f4630894) --- source3/lib/sharesec.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 0c8035e3dc..81b383d167 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -188,18 +188,19 @@ out: Delete a security descriptor. ********************************************************************/ -BOOL delete_share_security(int snum) +BOOL delete_share_security(const struct share_params *params) { TDB_DATA kbuf; fstring key; - slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum)); + slprintf(key, sizeof(key)-1, "SECDESC/%s", + lp_servicename(params->service)); kbuf.dptr = key; kbuf.dsize = strlen(key)+1; - if (tdb_delete(share_tdb, kbuf) != 0) { + if (tdb_trans_delete(share_tdb, kbuf) != 0) { DEBUG(0,("delete_share_security: Failed to delete entry for share %s\n", - lp_servicename(snum) )); + lp_servicename(params->service) )); return False; } -- cgit From bef92ebb257adda6634c559e0240ad4991840212 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 11 Nov 2006 18:07:51 +0000 Subject: r19669: set_share_security does not need a mem_ctx passed (This used to be commit 53eaa603eb84047263c27d57b8c0f5ce8e157189) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 81b383d167..e3216aa459 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -145,7 +145,7 @@ SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, Store a security descriptor in the share db. ********************************************************************/ -BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC *psd) +BOOL set_share_security(const char *share_name, SEC_DESC *psd) { prs_struct ps; TALLOC_CTX *mem_ctx = NULL; -- cgit From 5893c0215d1c72ea9063b5e609d1c880dea0f1e8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 29 Nov 2006 15:46:57 +0000 Subject: r19950: talloc_destroy is replaced these days (This used to be commit b6bf2e42672cc84e5c3af6f8b15a9d39c408db13) --- source3/lib/sharesec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index e3216aa459..7a6a425559 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -179,8 +179,7 @@ BOOL set_share_security(const char *share_name, SEC_DESC *psd) out: prs_mem_free(&ps); - if (mem_ctx) - talloc_destroy(mem_ctx); + TALLOC_FREE(mem_ctx); return ret; } -- cgit From a806037b8713cdf0ae32f7091f53819393132a0b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 27 Mar 2007 11:15:59 +0000 Subject: r21987: split tdb_prs_*() functions in version which take a keystr and a TDB_DATA key metze (This used to be commit 724c6fa337bb535e1b97d0452c2489f58339a3bf) --- source3/lib/sharesec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 7a6a425559..c4704dfc12 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -125,7 +125,7 @@ SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, slprintf(key, sizeof(key)-1, "SECDESC/%s", servicename); - if (tdb_prs_fetch(share_tdb, key, &ps, ctx)!=0 || + if (tdb_prs_fetch_bystring(share_tdb, key, &ps, ctx)!=0 || !sec_io_desc("get_share_security", &psd, &ps, 1)) { DEBUG(4, ("get_share_security: using default secdesc for %s\n", @@ -167,7 +167,7 @@ BOOL set_share_security(const char *share_name, SEC_DESC *psd) slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name); - if (tdb_prs_store(share_tdb, key, &ps)==0) { + if (tdb_prs_store_bystring(share_tdb, key, &ps)==0) { ret = True; DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name )); } else { -- cgit From e8265c651590155262d167210ba8e3a287ae7a0e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 29 Mar 2007 07:30:22 +0000 Subject: r22006: use string_term_tdb_data()... metze (This used to be commit 136914502ff129b90f10794ed6474dca558c75a0) --- source3/lib/sharesec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index c4704dfc12..2b9cc8c691 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -194,8 +194,7 @@ BOOL delete_share_security(const struct share_params *params) slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(params->service)); - kbuf.dptr = key; - kbuf.dsize = strlen(key)+1; + kbuf = string_term_tdb_data(key); if (tdb_trans_delete(share_tdb, kbuf) != 0) { DEBUG(0,("delete_share_security: Failed to delete entry for share %s\n", -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 2b9cc8c691..ec48a96238 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -5,7 +5,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/lib/sharesec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index ec48a96238..0363055a58 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -14,8 +14,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #include "includes.h" -- cgit From 0ebab65706e7e2ef82d8af81225db05a5f78b5c4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 5 Oct 2007 21:41:17 +0000 Subject: r25534: Apply some const Why? It moves these structs from the data into the text segment, so they will never been copy-on-write copied. Not much, but as in German you say "Kleinvieh macht auch Mist...." (This used to be commit 0141e64ad4972232de867137064d0dae62da22ee) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 0363055a58..d30ccbe7eb 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -29,7 +29,7 @@ static TDB_CONTEXT *share_tdb; /* used for share security descriptors */ /* Map generic permissions to file object specific permissions */ -static struct generic_mapping file_generic_mapping = { +static const struct generic_mapping file_generic_mapping = { FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE, -- cgit From f708132de775403f582bd3cf216f7ed76e26932e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 7 Oct 2007 12:56:43 +0000 Subject: r25561: Make use of [un]marshall_sec_desc Minor cleanup only (This used to be commit 4dc4364b68b6b68ae0951a84475e2f9ea8cb1f8c) --- source3/lib/sharesec.c | 91 ++++++++++++++++++++++++++++---------------------- 1 file changed, 51 insertions(+), 40 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index d30ccbe7eb..258b121217 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -110,33 +110,40 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, size_t *psize) { - prs_struct ps; - fstring key; + char *key; SEC_DESC *psd = NULL; + TDB_DATA data; + NTSTATUS status; if (!share_info_db_init()) { return NULL; } - *psize = 0; + if (!(key = talloc_asprintf(ctx, "SECDESC/%s", servicename))) { + DEBUG(0, ("talloc_asprintf failed\n")); + return NULL; + } - /* Fetch security descriptor from tdb */ - - slprintf(key, sizeof(key)-1, "SECDESC/%s", servicename); - - if (tdb_prs_fetch_bystring(share_tdb, key, &ps, ctx)!=0 || - !sec_io_desc("get_share_security", &psd, &ps, 1)) { - - DEBUG(4, ("get_share_security: using default secdesc for %s\n", - servicename)); - - return get_share_security_default(ctx, psize, GENERIC_ALL_ACCESS); + data = tdb_fetch_bystring(share_tdb, key); + + TALLOC_FREE(key); + + if (data.dptr == NULL) { + return get_share_security_default(ctx, psize, + GENERIC_ALL_ACCESS); + } + + status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("unmarshall_sec_desc failed: %s\n", + nt_errstr(status))); + return NULL; } if (psd) *psize = sec_desc_size(psd); - prs_mem_free(&ps); return psd; } @@ -146,39 +153,43 @@ SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, BOOL set_share_security(const char *share_name, SEC_DESC *psd) { - prs_struct ps; - TALLOC_CTX *mem_ctx = NULL; - fstring key; + TALLOC_CTX *frame; + char *key; BOOL ret = False; + TDB_DATA blob; + NTSTATUS status; if (!share_info_db_init()) { return False; } - mem_ctx = talloc_init("set_share_security"); - if (mem_ctx == NULL) - return False; + frame = talloc_stackframe(); - prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL); - - if (!sec_io_desc("share_security", &psd, &ps, 1)) + status = marshall_sec_desc(frame, psd, &blob.dptr, &blob.dsize); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("marshall_sec_desc failed: %s\n", + nt_errstr(status))); goto out; - - slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name); - - if (tdb_prs_store_bystring(share_tdb, key, &ps)==0) { - ret = True; - DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name )); - } else { - DEBUG(1,("set_share_security: Failed to store secdesc for %s\n", share_name )); - } - - /* Free malloc'ed memory */ - -out: - - prs_mem_free(&ps); - TALLOC_FREE(mem_ctx); + } + + if (!(key = talloc_asprintf(frame, "SECDESC/%s", share_name))) { + DEBUG(0, ("talloc_asprintf failed\n")); + goto out; + } + + if (tdb_trans_store_bystring(share_tdb, key, blob, + TDB_REPLACE) == -1) { + DEBUG(1,("set_share_security: Failed to store secdesc for " + "%s\n", share_name )); + goto out; + } + + DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name )); + ret = True; + + out: + TALLOC_FREE(frame); return ret; } -- cgit From b5535567c11552ed675ecc489d440558f91f1d1d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 7 Oct 2007 17:58:48 +0000 Subject: r25564: Pass sharename to delete_share_security() (This used to be commit d100bfffe2a503b8820889faedc6ed57100ca7af) --- source3/lib/sharesec.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 258b121217..58e28e797d 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -197,18 +197,20 @@ BOOL set_share_security(const char *share_name, SEC_DESC *psd) Delete a security descriptor. ********************************************************************/ -BOOL delete_share_security(const struct share_params *params) +BOOL delete_share_security(const char *servicename) { TDB_DATA kbuf; - fstring key; + char *key; - slprintf(key, sizeof(key)-1, "SECDESC/%s", - lp_servicename(params->service)); + if (!(key = talloc_asprintf(talloc_tos(), "SECDESC/%s", + servicename))) { + return False; + } kbuf = string_term_tdb_data(key); if (tdb_trans_delete(share_tdb, kbuf) != 0) { - DEBUG(0,("delete_share_security: Failed to delete entry for share %s\n", - lp_servicename(params->service) )); + DEBUG(0, ("delete_share_security: Failed to delete entry for " + "share %s\n", servicename)); return False; } -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/lib/sharesec.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 58e28e797d..244a6d7285 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -37,7 +37,7 @@ static const struct generic_mapping file_generic_mapping = { }; -BOOL share_info_db_init(void) +bool share_info_db_init(void) { const char *vstring = "INFO/version"; int32 vers_id; @@ -151,11 +151,11 @@ SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, Store a security descriptor in the share db. ********************************************************************/ -BOOL set_share_security(const char *share_name, SEC_DESC *psd) +bool set_share_security(const char *share_name, SEC_DESC *psd) { TALLOC_CTX *frame; char *key; - BOOL ret = False; + bool ret = False; TDB_DATA blob; NTSTATUS status; @@ -197,7 +197,7 @@ BOOL set_share_security(const char *share_name, SEC_DESC *psd) Delete a security descriptor. ********************************************************************/ -BOOL delete_share_security(const char *servicename) +bool delete_share_security(const char *servicename) { TDB_DATA kbuf; char *key; @@ -221,7 +221,7 @@ BOOL delete_share_security(const char *servicename) Can this user access with share with the required permissions ? ********************************************************************/ -BOOL share_access_check(const NT_USER_TOKEN *token, const char *sharename, +bool share_access_check(const NT_USER_TOKEN *token, const char *sharename, uint32 desired_access) { uint32 granted; @@ -229,7 +229,7 @@ BOOL share_access_check(const NT_USER_TOKEN *token, const char *sharename, TALLOC_CTX *mem_ctx = NULL; SEC_DESC *psd = NULL; size_t sd_size; - BOOL ret = True; + bool ret = True; if (!(mem_ctx = talloc_init("share_access_check"))) { return False; @@ -252,7 +252,7 @@ BOOL share_access_check(const NT_USER_TOKEN *token, const char *sharename, Parse the contents of an acl string from a usershare file. ***************************************************************************/ -BOOL parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) +bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) { size_t s_size = 0; const char *pacl = acl_str; -- cgit From 88ee61625a5de5e443d14c54eab91a90d87cda85 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Thu, 1 Nov 2007 15:53:44 -0400 Subject: Patch 2 of 3 from Debian Samba packagers: The point is doing the following associations: - non discardable state data (all TDB files that may need to be backed up) go to statedir - shared data (codepage stuff) go to codepagedir The patch *does not change* the default location for these directories. So, there is no behaviour change when applying it. The main change is for samba developers who have to think when dealing with files that previously pertained to libdir whether they: - go in statedir - go in codepagedir - stay in libdir (This used to be commit d6cdbfd875bb2653e831d314726c3240beb0a96b) --- source3/lib/sharesec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 244a6d7285..e2320b2953 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -46,10 +46,10 @@ bool share_info_db_init(void) return True; } - share_tdb = tdb_open_log(lock_path("share_info.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + share_tdb = tdb_open_log(state_path("share_info.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!share_tdb) { DEBUG(0,("Failed to open share info database %s (%s)\n", - lock_path("share_info.tdb"), strerror(errno) )); + state_path("share_info.tdb"), strerror(errno) )); return False; } -- cgit From 66af0700396a5a5245aa25c95d70a620025b29c9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 24 Nov 2007 22:50:36 +0100 Subject: Make share_info_db_init static (This used to be commit 111502d3a2901abcff25792bed3c4038a7592410) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index e2320b2953..4b1ec556c5 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -37,7 +37,7 @@ static const struct generic_mapping file_generic_mapping = { }; -bool share_info_db_init(void) +static bool share_info_db_init(void) { const char *vstring = "INFO/version"; int32 vers_id; -- cgit From 42cfffae80480eae4381902fff3f7c61f858a933 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 7 Dec 2007 17:32:32 -0800 Subject: Remove next_token - all uses must now be next_token_talloc. No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de) --- source3/lib/sharesec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 4b1ec556c5..b3b000579f 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -290,10 +290,10 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) uint32 g_access; uint32 s_access; DOM_SID sid; - fstring sidstr; + char *sidstr; uint8 type = SEC_ACE_TYPE_ACCESS_ALLOWED; - if (!next_token(&pacl, sidstr, ":", sizeof(sidstr))) { + if (!next_token_talloc(ctx, &pacl, &sidstr, ":")) { DEBUG(0,("parse_usershare_acl: malformed usershare acl looking " "for ':' in string '%s'\n", pacl)); return False; -- cgit From 99b86e4a266b99634f6a65015f6df115c421d3e5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 20 Dec 2007 22:27:01 +0100 Subject: Some C++ fixes (This used to be commit 5c392c4c6e277a24d0d477902dc7856b2b46ee53) --- source3/lib/sharesec.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index b3b000579f..0027a8813a 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -92,7 +92,9 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { - psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, psize); + psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, + psa, psize); } if (!psd) { @@ -291,7 +293,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) uint32 s_access; DOM_SID sid; char *sidstr; - uint8 type = SEC_ACE_TYPE_ACCESS_ALLOWED; + enum security_ace_type type = SEC_ACE_TYPE_ACCESS_ALLOWED; if (!next_token_talloc(ctx, &pacl, &sidstr, ":")) { DEBUG(0,("parse_usershare_acl: malformed usershare acl looking " @@ -339,7 +341,9 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) } if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, num_aces, ace_list)) != NULL) { - psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, &sd_size); + psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, + psa, &sd_size); } if (!psd) { -- cgit From 7cbdb48475b0340154fad60cb4b7cc53dc2bbcfd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 29 Dec 2007 23:00:49 +0100 Subject: Remove tiny code duplication ndr_size_security_descriptor does the same as sec_desc_size (This used to be commit bc3bd7a8e7c6e9e27acb195c86abb92c0f53112f) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 0027a8813a..ba025dacc1 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -144,7 +144,7 @@ SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, } if (psd) - *psize = sec_desc_size(psd); + *psize = ndr_size_security_descriptor(psd, 0); return psd; } -- cgit From 9f67ee6334f36f30ddfc2e86459cb764bccf1edf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 6 Jan 2008 14:17:15 +0100 Subject: use talloc_tos() in share_access_check() (This used to be commit ac2bb838d537ca563ad2fe770b3e1c2fe8b1d9e7) --- source3/lib/sharesec.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index ba025dacc1..f6ff701d5b 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -228,25 +228,20 @@ bool share_access_check(const NT_USER_TOKEN *token, const char *sharename, { uint32 granted; NTSTATUS status; - TALLOC_CTX *mem_ctx = NULL; SEC_DESC *psd = NULL; size_t sd_size; bool ret = True; - if (!(mem_ctx = talloc_init("share_access_check"))) { - return False; - } - - psd = get_share_security(mem_ctx, sharename, &sd_size); + psd = get_share_security(talloc_tos(), sharename, &sd_size); if (!psd) { - TALLOC_FREE(mem_ctx); return True; } ret = se_access_check(psd, token, desired_access, &granted, &status); - talloc_destroy(mem_ctx); + TALLOC_FREE(psd); + return ret; } -- cgit From aaa59713155b63b2597f955622be9019bb3cbe89 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Mar 2008 14:18:08 +0100 Subject: util_tdb: add a wrapper tdb_wipe() for traverse with tdb_traverse_delete_fn(). Replace all callers of traverse with this tdb_traverse_delete_fn() and don't export tdb_traverse_delete_fn() anymore. Michael (This used to be commit d4be4e30cd8c3bdc303da30e42280f892a45a8c9) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index f6ff701d5b..60f6e5077b 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -65,7 +65,7 @@ static bool share_info_db_init(void) } if (vers_id != SHARE_DATABASE_VERSION_V2) { - tdb_traverse(share_tdb, tdb_traverse_delete_fn, NULL); + tdb_wipe(share_tdb); tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); } tdb_unlock_bystring(share_tdb, vstring); -- cgit From da27c770467d7e0494fbea70d5e424e76851819f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Mar 2008 10:50:08 +0100 Subject: use tdb_wipe_all() instead of tdb_wipe() - it is faster... Michael (This used to be commit 3d2fdcd50fdbfb66a14360516836445d47eceeb0) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 60f6e5077b..5a8984f4f0 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -65,7 +65,7 @@ static bool share_info_db_init(void) } if (vers_id != SHARE_DATABASE_VERSION_V2) { - tdb_wipe(share_tdb); + tdb_wipe_all(share_tdb); tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); } tdb_unlock_bystring(share_tdb, vstring); -- cgit From 83947f0f6ea0b32c706104213f7c72f0ba35edca Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 27 Mar 2008 22:54:10 +0100 Subject: Fix a memory leak (This used to be commit ce1bd43cdae63ff05aefaded419388e7b9e3ba9a) --- source3/lib/sharesec.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 5a8984f4f0..2338cca591 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -137,6 +137,8 @@ SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd); + SAFE_FREE(data.dptr); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("unmarshall_sec_desc failed: %s\n", nt_errstr(status))); -- cgit From f8c569e06690453f842607a6888cb570e090001c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 27 Mar 2008 23:10:57 +0100 Subject: Convert share_info.tdb to dbwrap (This used to be commit bc9b4c43b8824cd53f9ab613bcbb94cd5193f43e) --- source3/lib/sharesec.c | 81 +++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 64 insertions(+), 17 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 2338cca591..a2aed7921c 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -23,7 +23,7 @@ Create the share security tdb. ********************************************************************/ -static TDB_CONTEXT *share_tdb; /* used for share security descriptors */ +static struct db_context *share_db; /* used for share security descriptors */ #define SHARE_DATABASE_VERSION_V1 1 #define SHARE_DATABASE_VERSION_V2 2 /* version id in little endian. */ @@ -36,41 +36,88 @@ static const struct generic_mapping file_generic_mapping = { FILE_GENERIC_ALL }; +static int delete_fn(struct db_record *rec, void *priv) +{ + rec->delete_rec(rec); + return 0; +} static bool share_info_db_init(void) { const char *vstring = "INFO/version"; int32 vers_id; - if (share_tdb) { + if (share_db != NULL) { return True; } - share_tdb = tdb_open_log(state_path("share_info.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); - if (!share_tdb) { + share_db = db_open(NULL, state_path("share_info.tdb"), 0, TDB_DEFAULT, + O_RDWR|O_CREAT, 0600); + if (share_db == NULL) { DEBUG(0,("Failed to open share info database %s (%s)\n", state_path("share_info.tdb"), strerror(errno) )); return False; } - /* handle a Samba upgrade */ - tdb_lock_bystring(share_tdb, vstring); + vers_id = dbwrap_fetch_int32(share_db, vstring); + if (vers_id == SHARE_DATABASE_VERSION_V2) { + return true; + } + + if (share_db->transaction_start(share_db) != 0) { + DEBUG(0, ("transaction_start failed\n")); + TALLOC_FREE(share_db); + return false; + } + + vers_id = dbwrap_fetch_int32(share_db, vstring); + if (vers_id == SHARE_DATABASE_VERSION_V2) { + /* + * Race condition + */ + if (share_db->transaction_cancel(share_db)) { + smb_panic("transaction_cancel failed"); + } + return true; + } /* Cope with byte-reversed older versions of the db. */ - vers_id = tdb_fetch_int32(share_tdb, vstring); if ((vers_id == SHARE_DATABASE_VERSION_V1) || (IREV(vers_id) == SHARE_DATABASE_VERSION_V1)) { /* Written on a bigendian machine with old fetch_int code. Save as le. */ - tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); + + if (dbwrap_store_int32(share_db, vstring, + SHARE_DATABASE_VERSION_V2) != 0) { + DEBUG(0, ("dbwrap_store_int32 failed\n")); + goto cancel; + } vers_id = SHARE_DATABASE_VERSION_V2; } if (vers_id != SHARE_DATABASE_VERSION_V2) { - tdb_wipe_all(share_tdb); - tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); + if (share_db->traverse(share_db, delete_fn, NULL) != 0) { + DEBUG(0, ("wipe_all failed\n")); + goto cancel; + } + if (dbwrap_store_int32(share_db, vstring, + SHARE_DATABASE_VERSION_V2) != 0) { + DEBUG(0, ("dbwrap_store_int32 failed\n")); + goto cancel; + } } - tdb_unlock_bystring(share_tdb, vstring); - return True; + if (share_db->transaction_commit(share_db) != 0) { + DEBUG(0, ("transaction_commit failed\n")); + goto cancel; + } + + return true; + + cancel: + if (share_db->transaction_cancel(share_db)) { + smb_panic("transaction_cancel failed"); + } + + return false; } /******************************************************************* @@ -126,7 +173,7 @@ SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, return NULL; } - data = tdb_fetch_bystring(share_tdb, key); + data = dbwrap_fetch_bystring(share_db, talloc_tos(), key); TALLOC_FREE(key); @@ -137,7 +184,7 @@ SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd); - SAFE_FREE(data.dptr); + TALLOC_FREE(data.dptr); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("unmarshall_sec_desc failed: %s\n", @@ -182,8 +229,8 @@ bool set_share_security(const char *share_name, SEC_DESC *psd) goto out; } - if (tdb_trans_store_bystring(share_tdb, key, blob, - TDB_REPLACE) == -1) { + if (dbwrap_trans_store(share_db, string_term_tdb_data(key), blob, + TDB_REPLACE) == -1) { DEBUG(1,("set_share_security: Failed to store secdesc for " "%s\n", share_name )); goto out; @@ -212,7 +259,7 @@ bool delete_share_security(const char *servicename) } kbuf = string_term_tdb_data(key); - if (tdb_trans_delete(share_tdb, kbuf) != 0) { + if (dbwrap_trans_delete(share_db, kbuf) != 0) { DEBUG(0, ("delete_share_security: Failed to delete entry for " "share %s\n", servicename)); return False; -- cgit From 2fe572d0438fd21f620427b793b65c54d08c7c74 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 28 Mar 2008 08:27:11 +0100 Subject: sharesec: use db_open_trans() metze (This used to be commit 1c59142ccc46616c10b98c51601361f203d542d6) --- source3/lib/sharesec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index a2aed7921c..3d9e608387 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -51,8 +51,8 @@ static bool share_info_db_init(void) return True; } - share_db = db_open(NULL, state_path("share_info.tdb"), 0, TDB_DEFAULT, - O_RDWR|O_CREAT, 0600); + share_db = db_open_trans(NULL, state_path("share_info.tdb"), 0, + TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (share_db == NULL) { DEBUG(0,("Failed to open share info database %s (%s)\n", state_path("share_info.tdb"), strerror(errno) )); -- cgit From fcdfff1cc8c1214cbce1fdd863b1ede970234121 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 28 Mar 2008 11:53:00 +0100 Subject: Convert dbwrap_trans_store to NTSTATUS Signed-off-by: Stefan Metzmacher (This used to be commit 5f4de856af1abe63b13059bbe1615cb5877770d0) --- source3/lib/sharesec.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 3d9e608387..33141a9671 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -229,10 +229,11 @@ bool set_share_security(const char *share_name, SEC_DESC *psd) goto out; } - if (dbwrap_trans_store(share_db, string_term_tdb_data(key), blob, - TDB_REPLACE) == -1) { - DEBUG(1,("set_share_security: Failed to store secdesc for " - "%s\n", share_name )); + status = dbwrap_trans_store(share_db, string_term_tdb_data(key), blob, + TDB_REPLACE); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("set_share_security: Failed to store secdesc for " + "%s: %s\n", share_name, nt_errstr(status))); goto out; } -- cgit From 16198dc51e8f03d22de73883c0bb6823c464b8c6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 28 Mar 2008 11:57:54 +0100 Subject: Convert dbwrap_trans_delete to NTSTATUS Signed-off-by: Stefan Metzmacher (This used to be commit dead193f46c2b19955ab3e5ac5ba343694f4858a) --- source3/lib/sharesec.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 33141a9671..471363b4be 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -253,6 +253,7 @@ bool delete_share_security(const char *servicename) { TDB_DATA kbuf; char *key; + NTSTATUS status; if (!(key = talloc_asprintf(talloc_tos(), "SECDESC/%s", servicename))) { @@ -260,9 +261,10 @@ bool delete_share_security(const char *servicename) } kbuf = string_term_tdb_data(key); - if (dbwrap_trans_delete(share_db, kbuf) != 0) { + status = dbwrap_trans_delete(share_db, kbuf); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("delete_share_security: Failed to delete entry for " - "share %s\n", servicename)); + "share %s: %s\n", servicename, nt_errstr(status))); return False; } -- cgit From 5a2e212c0f3674a55b28cbdbed9f7b1d20fdfcd8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 15 Apr 2008 00:18:34 +0200 Subject: lib/sharesec.c: fix the upgrade code, db_traverse returns the number of records! metze (This used to be commit ccdebe97f85b76378e42d8cf08324228bd19cf32) --- source3/lib/sharesec.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 471363b4be..d89434782d 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -94,8 +94,10 @@ static bool share_info_db_init(void) } if (vers_id != SHARE_DATABASE_VERSION_V2) { - if (share_db->traverse(share_db, delete_fn, NULL) != 0) { - DEBUG(0, ("wipe_all failed\n")); + int ret; + ret = share_db->traverse(share_db, delete_fn, NULL); + if (ret < 0) { + DEBUG(0, ("traverse failed\n")); goto cancel; } if (dbwrap_store_int32(share_db, vstring, -- cgit From 0f41961e4ffaa602a5b19a1e0899bffa491c886f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 7 Aug 2008 16:20:05 +1000 Subject: first cut at adding full transactions for ctdb to samba3 (This used to be commit f91a3e0f7b7737c1d0667cd961ea950e2b93e592) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index d89434782d..e64611f154 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -51,7 +51,7 @@ static bool share_info_db_init(void) return True; } - share_db = db_open_trans(NULL, state_path("share_info.tdb"), 0, + share_db = db_open(NULL, state_path("share_info.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (share_db == NULL) { DEBUG(0,("Failed to open share info database %s (%s)\n", -- cgit From fe3dd9b3e6daf626ea094d1ce5fc96f89c61b7ad Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 8 Aug 2008 11:42:06 +1000 Subject: fixed lots of places that paniced on a failed transaction_commit, thinking it was a failure of a transaction cancel (This used to be commit 22dbe158ed62ae47bbcb41bba3db345294f75437) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index e64611f154..4380000080 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -109,7 +109,7 @@ static bool share_info_db_init(void) if (share_db->transaction_commit(share_db) != 0) { DEBUG(0, ("transaction_commit failed\n")); - goto cancel; + return false; } return true; -- cgit From ae02be5287513659fc8a44fea3942e8ea6fea88a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 8 Sep 2008 15:57:15 +0200 Subject: Remove some duplicate code (This used to be commit 564bfe94ac87c918482ade65980270326dc8ed6d) --- source3/lib/sharesec.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 4380000080..5eaa25ac59 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -29,12 +29,7 @@ static struct db_context *share_db; /* used for share security descriptors */ /* Map generic permissions to file object specific permissions */ -static const struct generic_mapping file_generic_mapping = { - FILE_GENERIC_READ, - FILE_GENERIC_WRITE, - FILE_GENERIC_EXECUTE, - FILE_GENERIC_ALL -}; +const struct generic_mapping file_generic_mapping; static int delete_fn(struct db_record *rec, void *priv) { -- cgit From 95b366d8e19909c354ce241f663cba6f674744f9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 8 Sep 2008 16:23:36 +0200 Subject: Thanks metze for pointing out the missing extern :-) (This used to be commit b62540cd48212a80c8cb4a264f740591a0229944) --- source3/lib/sharesec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sharesec.c') diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 5eaa25ac59..33f66ca47f 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -29,7 +29,7 @@ static struct db_context *share_db; /* used for share security descriptors */ /* Map generic permissions to file object specific permissions */ -const struct generic_mapping file_generic_mapping; +extern const struct generic_mapping file_generic_mapping; static int delete_fn(struct db_record *rec, void *priv) { -- cgit