From f27774729e8c88615b9d3d25a85cae0a1fc35c4f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Sep 2008 18:52:04 -0700 Subject: s3:lib/ldb: Don't return already freed pointer on error. metze Signed-off-by: Karolin Seeger --- source3/lib/ldb/common/ldb.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/lib') diff --git a/source3/lib/ldb/common/ldb.c b/source3/lib/ldb/common/ldb.c index 743711b967..c8aa6afdfc 100644 --- a/source3/lib/ldb/common/ldb.c +++ b/source3/lib/ldb/common/ldb.c @@ -787,6 +787,7 @@ int ldb_search(struct ldb_context *ldb, done: if (ret != LDB_SUCCESS) { talloc_free(res); + res = NULL; } *_res = res; -- cgit From 917b141e7dd3e57045c76909b577570fc685fc9b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 16 Sep 2008 17:53:06 +0200 Subject: netapi: start supporting NetUserSetInfo level 3. Guenther --- source3/lib/netapi/user.c | 53 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 7 deletions(-) (limited to 'source3/lib') diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c index 7d0c47f331..fcb87b77be 100644 --- a/source3/lib/netapi/user.c +++ b/source3/lib/netapi/user.c @@ -108,18 +108,18 @@ static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX, infoX->usriX_workstations, infoX->usriX_usr_comment, &zero_parameters, - 0, + infoX->usriX_user_id, infoX->usriX_primary_group_id, infoX->usriX_flags, fields_present, zero_logon_hours, - 0, - 0, + infoX->usriX_bad_pw_count, + infoX->usriX_num_logons, infoX->usriX_country_code, + infoX->usriX_code_page, 0, 0, - 0, - 0); + infoX->usriX_password_expired); } /**************************************************************** @@ -132,6 +132,7 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level, struct USER_INFO_0 *u0 = NULL; struct USER_INFO_1 *u1 = NULL; struct USER_INFO_2 *u2 = NULL; + struct USER_INFO_3 *u3 = NULL; struct USER_INFO_1003 *u1003 = NULL; struct USER_INFO_1006 *u1006 = NULL; struct USER_INFO_1007 *u1007 = NULL; @@ -193,6 +194,37 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level, uX->usriX_country_code = u2->usri2_country_code; uX->usriX_code_page = u2->usri2_code_page; break; + case 3: + u3 = (struct USER_INFO_3 *)buffer; + uX->usriX_name = u3->usri3_name; + uX->usriX_password_age = u3->usri3_password_age; + uX->usriX_priv = u3->usri3_priv; + uX->usriX_home_dir = u3->usri3_home_dir; + uX->usriX_comment = u3->usri3_comment; + uX->usriX_flags = u3->usri3_flags; + uX->usriX_script_path = u3->usri3_script_path; + uX->usriX_auth_flags = u3->usri3_auth_flags; + uX->usriX_full_name = u3->usri3_full_name; + uX->usriX_usr_comment = u3->usri3_usr_comment; + uX->usriX_parms = u3->usri3_parms; + uX->usriX_workstations = u3->usri3_workstations; + uX->usriX_last_logon = u3->usri3_last_logon; + uX->usriX_last_logoff = u3->usri3_last_logoff; + uX->usriX_acct_expires = u3->usri3_acct_expires; + uX->usriX_max_storage = u3->usri3_max_storage; + uX->usriX_units_per_week= u3->usri3_units_per_week; + uX->usriX_logon_hours = u3->usri3_logon_hours; + uX->usriX_bad_pw_count = u3->usri3_bad_pw_count; + uX->usriX_num_logons = u3->usri3_num_logons; + uX->usriX_logon_server = u3->usri3_logon_server; + uX->usriX_country_code = u3->usri3_country_code; + uX->usriX_code_page = u3->usri3_code_page; + uX->usriX_user_id = u3->usri3_user_id; + uX->usriX_primary_group_id = u3->usri3_primary_group_id; + uX->usriX_profile = u3->usri3_profile; + uX->usriX_home_dir_drive = u3->usri3_home_dir_drive; + uX->usriX_password_expired = u3->usri3_password_expired; + break; case 1003: u1003 = (struct USER_INFO_1003 *)buffer; uX->usriX_password = u1003->usri1003_password; @@ -237,7 +269,6 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level, u1053 = (struct USER_INFO_1053 *)buffer; uX->usriX_home_dir_drive = u1053->usri1053_home_dir_drive; break; - case 3: case 4: default: return NT_STATUS_INVALID_INFO_CLASS; @@ -1753,9 +1784,17 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx, user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES | SAMR_USER_ACCESS_GET_GROUPS; break; + case 3: + user_mask = STD_RIGHT_READ_CONTROL_ACCESS | + STD_RIGHT_WRITE_DAC_ACCESS | + SAMR_USER_ACCESS_GET_GROUPS | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_SET_ATTRIBUTES | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_LOC_COM; + break; case 1: case 2: - case 3: case 4: case 21: case 22: -- cgit From a9a59f5f3d7f82a8065424310d3b32d796a43e75 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 29 Sep 2008 03:14:20 +0200 Subject: Fix async_connect --- source3/lib/async_sock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/lib') diff --git a/source3/lib/async_sock.c b/source3/lib/async_sock.c index 1a4c27ba20..ffba6de832 100644 --- a/source3/lib/async_sock.c +++ b/source3/lib/async_sock.c @@ -658,12 +658,13 @@ struct async_req *async_connect(TALLOC_CTX *mem_ctx, struct event_context *ev, state->fde = event_add_fd(ev, state, fd, EVENT_FD_READ | EVENT_FD_WRITE, - async_connect_callback, state); + async_connect_callback, result); if (state->fde == NULL) { sys_fcntl_long(fd, F_SETFL, p->old_sockflags); TALLOC_FREE(result); return NULL; } + result->private_data = state; state->param.param_connect.fd = fd; state->param.param_connect.address = address; -- cgit From 4fa4a524de0647644abc842f34a926b458388b09 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 29 Sep 2008 13:52:23 +0200 Subject: [s3]fix build --with-cluster-support after ndr_[pull|push]_struct blob changes. Michael --- source3/lib/ctdbd_conn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib') diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c index 1ae23bcf82..5075476e94 100644 --- a/source3/lib/ctdbd_conn.c +++ b/source3/lib/ctdbd_conn.c @@ -260,7 +260,7 @@ static struct messaging_rec *ctdb_pull_messaging_rec(TALLOC_CTX *mem_ctx, blob = data_blob_const(msg->data, msg->datalen); ndr_err = ndr_pull_struct_blob( - &blob, result, result, + &blob, result, NULL, result, (ndr_pull_flags_fn_t)ndr_pull_messaging_rec); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -636,7 +636,7 @@ NTSTATUS ctdbd_messaging_send(struct ctdbd_connection *conn, } ndr_err = ndr_push_struct_blob( - &blob, mem_ctx, msg, + &blob, mem_ctx, NULL, msg, (ndr_push_flags_fn_t)ndr_push_messaging_rec); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- cgit From acf5f2e5b049f20049cb6c549a00ba4b95322aa0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Sep 2008 14:27:50 +1000 Subject: fixed a segfault on the ctdb destructor code --- source3/lib/dbwrap_ctdb.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'source3/lib') diff --git a/source3/lib/dbwrap_ctdb.c b/source3/lib/dbwrap_ctdb.c index 63a5ce4de6..cd37d9e917 100644 --- a/source3/lib/dbwrap_ctdb.c +++ b/source3/lib/dbwrap_ctdb.c @@ -405,8 +405,9 @@ static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct return result; } -static int db_ctdb_record_destructor(struct db_record *rec) +static int db_ctdb_record_destructor(struct db_record **recp) { + struct db_record *rec = talloc_get_type_abort(*recp, struct db_record); struct db_ctdb_transaction_handle *h = talloc_get_type_abort( rec->private_data, struct db_ctdb_transaction_handle); int ret = h->ctx->db->transaction_commit(h->ctx->db); @@ -424,7 +425,7 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx TDB_DATA key) { int res; - struct db_record *rec; + struct db_record *rec, **recp; res = db_ctdb_transaction_start(ctx->db); if (res == -1) { @@ -438,7 +439,13 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx } /* destroy this transaction when we release the lock */ - talloc_set_destructor((struct db_record *)talloc_new(rec), db_ctdb_record_destructor); + recp = talloc(rec, struct db_record *); + if (recp == NULL) { + ctx->db->transaction_cancel(ctx->db); + return NULL; + } + *recp = rec; + talloc_set_destructor(recp, db_ctdb_record_destructor); return rec; } -- cgit From 7caa8c85acfb6d6f8e16e95788fa5e84c031e111 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Sep 2008 14:51:35 +1000 Subject: fixed an (unlikely) memory leak --- source3/lib/dbwrap_ctdb.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/lib') diff --git a/source3/lib/dbwrap_ctdb.c b/source3/lib/dbwrap_ctdb.c index cd37d9e917..2818634b14 100644 --- a/source3/lib/dbwrap_ctdb.c +++ b/source3/lib/dbwrap_ctdb.c @@ -442,6 +442,7 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx recp = talloc(rec, struct db_record *); if (recp == NULL) { ctx->db->transaction_cancel(ctx->db); + talloc_free(rec); return NULL; } *recp = rec; -- cgit From f0c17496366547f14638763a6b8859c365f18792 Mon Sep 17 00:00:00 2001 From: Derrell Lipman Date: Thu, 2 Oct 2008 09:03:32 -0400 Subject: Fix bug 5805: don't close stdout - When calling setup_logging multiple times, the code was closing the debug file descriptor before opening or assigning the new one. We don't, however, want to close the debug file descriptor if it is stdout. Derrell --- source3/lib/debug.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/lib') diff --git a/source3/lib/debug.c b/source3/lib/debug.c index d835ea7c17..d91b55dd23 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -578,7 +578,9 @@ void setup_logging(const char *pname, bool interactive) stdout_logging = False; if (dbf) { x_fflush(dbf); - (void) x_fclose(dbf); + if (dbf != x_stdout) { + (void) x_fclose(dbf); + } } dbf = NULL; -- cgit From f6c883b4b00f4cd751cd312a27bddffb3be9c059 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 3 Oct 2008 14:18:35 -0700 Subject: Simply our main loop processing. A lot :-). Correctly use events for all the previous "special" cases. A step on the way to adding signals to the events and being able to merge the S3 event system with the S4 one. Jeremy. --- source3/lib/dummysmbd.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'source3/lib') diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c index dbe886e3d1..5c624bdebf 100644 --- a/source3/lib/dummysmbd.c +++ b/source3/lib/dummysmbd.c @@ -51,3 +51,18 @@ NTSTATUS can_delete_directory(struct connection_struct *conn, { return NT_STATUS_OK; } + +bool change_to_root_user(void) +{ + return false; +} + +struct event_context *smbd_event_context(void) +{ + return NULL; +} + +struct messaging_context *smbd_messaging_context(void) +{ + return NULL; +} -- cgit From a9390d3047b7b7aba6f73c20e3dff292f7600a9f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 3 Oct 2008 14:58:41 -0700 Subject: Correctly fix smbclient to terminate on eof from server. Jeremy. --- source3/lib/readline.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'source3/lib') diff --git a/source3/lib/readline.c b/source3/lib/readline.c index 254f55c86a..fd57799b57 100644 --- a/source3/lib/readline.c +++ b/source3/lib/readline.c @@ -45,6 +45,16 @@ # define RL_COMPLETION_CAST #endif /* HAVE_NEW_LIBREADLINE */ +static bool smb_rl_done; + +void smb_readline_done(void) +{ + smb_rl_done = true; +#if HAVE_LIBREADLINE + rl_done = 1; +#endif +} + /**************************************************************************** Display the prompt and wait for input. Call callback() regularly ****************************************************************************/ @@ -69,7 +79,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void) return NULL; } - while (1) { + while (!smb_rl_done) { timeout.tv_sec = 5; timeout.tv_usec = 0; @@ -87,6 +97,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void) callback(); } } + return NULL; } /**************************************************************************** -- cgit From 01ecd766c86ad49c7d8b9095bef76b5dcc71d757 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 13:12:31 +0200 Subject: OS/X does not have rl_done in readline.h --- source3/lib/readline.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/lib') diff --git a/source3/lib/readline.c b/source3/lib/readline.c index fd57799b57..cafb5a9f62 100644 --- a/source3/lib/readline.c +++ b/source3/lib/readline.c @@ -47,6 +47,14 @@ static bool smb_rl_done; +#if HAVE_LIBREADLINE +/* + * MacOS/X does not have rl_done in readline.h, but + * readline.so has it + */ +extern int rl_done; +#endif + void smb_readline_done(void) { smb_rl_done = true; -- cgit From 8670235f2a2b9ef4b6863c185bd2ab57acd7e57a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 13:58:09 +0200 Subject: Fix some missing error handlings --- source3/lib/netapi/file.c | 3 ++- source3/lib/netapi/getdc.c | 4 ++++ source3/lib/netapi/share.c | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-) (limited to 'source3/lib') diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c index 036af32f38..0d66be0eb1 100644 --- a/source3/lib/netapi/file.c +++ b/source3/lib/netapi/file.c @@ -47,7 +47,8 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx, r->in.server_name, r->in.fileid, &werr); - if (!W_ERROR_IS_OK(werr)) { + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); goto done; } diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c index 07a6544af1..76c0d0be2a 100644 --- a/source3/lib/netapi/getdc.c +++ b/source3/lib/netapi/getdc.c @@ -58,6 +58,10 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx, r->in.domain_name, (const char **)r->out.buffer, &werr); + + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + } done: return werr; diff --git a/source3/lib/netapi/share.c b/source3/lib/netapi/share.c index 1d0e1810f1..e6aed36064 100644 --- a/source3/lib/netapi/share.c +++ b/source3/lib/netapi/share.c @@ -271,7 +271,8 @@ WERROR NetShareDel_r(struct libnetapi_ctx *ctx, r->in.net_name, r->in.reserved, &werr); - if (!W_ERROR_IS_OK(werr)) { + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); goto done; } -- cgit From 2024d87cf5ffa0633225ed189fa48f0f56151e7e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Oct 2008 14:43:42 -0700 Subject: Make map_errno_from_nt_status() a generic call, not just a cli specific one. Remove some unused calls from vfs_acl_xattr. Test for SD's on existing files. Jeremy. --- source3/lib/errmap_unix.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) (limited to 'source3/lib') diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c index 2cd2386c5c..9adb237096 100644 --- a/source3/lib/errmap_unix.c +++ b/source3/lib/errmap_unix.c @@ -128,3 +128,139 @@ NTSTATUS map_nt_error_from_unix(int unix_error) /* Default return */ return NT_STATUS_ACCESS_DENIED; } + +/* Return a UNIX errno from a NT status code */ +static const struct { + NTSTATUS status; + int error; +} nt_errno_map[] = { + {NT_STATUS_ACCESS_VIOLATION, EACCES}, + {NT_STATUS_INVALID_HANDLE, EBADF}, + {NT_STATUS_ACCESS_DENIED, EACCES}, + {NT_STATUS_OBJECT_NAME_NOT_FOUND, ENOENT}, + {NT_STATUS_OBJECT_PATH_NOT_FOUND, ENOENT}, + {NT_STATUS_SHARING_VIOLATION, EBUSY}, + {NT_STATUS_OBJECT_PATH_INVALID, ENOTDIR}, + {NT_STATUS_OBJECT_NAME_COLLISION, EEXIST}, + {NT_STATUS_PATH_NOT_COVERED, ENOENT}, + {NT_STATUS_UNSUCCESSFUL, EINVAL}, + {NT_STATUS_NOT_IMPLEMENTED, ENOSYS}, + {NT_STATUS_IN_PAGE_ERROR, EFAULT}, + {NT_STATUS_BAD_NETWORK_NAME, ENOENT}, +#ifdef EDQUOT + {NT_STATUS_PAGEFILE_QUOTA, EDQUOT}, + {NT_STATUS_QUOTA_EXCEEDED, EDQUOT}, + {NT_STATUS_REGISTRY_QUOTA_LIMIT, EDQUOT}, + {NT_STATUS_LICENSE_QUOTA_EXCEEDED, EDQUOT}, +#endif +#ifdef ETIME + {NT_STATUS_TIMER_NOT_CANCELED, ETIME}, +#endif + {NT_STATUS_INVALID_PARAMETER, EINVAL}, + {NT_STATUS_NO_SUCH_DEVICE, ENODEV}, + {NT_STATUS_NO_SUCH_FILE, ENOENT}, +#ifdef ENODATA + {NT_STATUS_END_OF_FILE, ENODATA}, +#endif +#ifdef ENOMEDIUM + {NT_STATUS_NO_MEDIA_IN_DEVICE, ENOMEDIUM}, + {NT_STATUS_NO_MEDIA, ENOMEDIUM}, +#endif + {NT_STATUS_NONEXISTENT_SECTOR, ESPIPE}, + {NT_STATUS_NO_MEMORY, ENOMEM}, + {NT_STATUS_CONFLICTING_ADDRESSES, EADDRINUSE}, + {NT_STATUS_NOT_MAPPED_VIEW, EINVAL}, + {NT_STATUS_UNABLE_TO_FREE_VM, EADDRINUSE}, + {NT_STATUS_ACCESS_DENIED, EACCES}, + {NT_STATUS_BUFFER_TOO_SMALL, ENOBUFS}, + {NT_STATUS_WRONG_PASSWORD, EACCES}, + {NT_STATUS_LOGON_FAILURE, EACCES}, + {NT_STATUS_INVALID_WORKSTATION, EACCES}, + {NT_STATUS_INVALID_LOGON_HOURS, EACCES}, + {NT_STATUS_PASSWORD_EXPIRED, EACCES}, + {NT_STATUS_ACCOUNT_DISABLED, EACCES}, + {NT_STATUS_DISK_FULL, ENOSPC}, + {NT_STATUS_INVALID_PIPE_STATE, EPIPE}, + {NT_STATUS_PIPE_BUSY, EPIPE}, + {NT_STATUS_PIPE_DISCONNECTED, EPIPE}, + {NT_STATUS_PIPE_NOT_AVAILABLE, ENOSYS}, + {NT_STATUS_FILE_IS_A_DIRECTORY, EISDIR}, + {NT_STATUS_NOT_SUPPORTED, ENOSYS}, + {NT_STATUS_NOT_A_DIRECTORY, ENOTDIR}, + {NT_STATUS_DIRECTORY_NOT_EMPTY, ENOTEMPTY}, + {NT_STATUS_NETWORK_UNREACHABLE, ENETUNREACH}, + {NT_STATUS_HOST_UNREACHABLE, EHOSTUNREACH}, + {NT_STATUS_CONNECTION_ABORTED, ECONNABORTED}, + {NT_STATUS_CONNECTION_REFUSED, ECONNREFUSED}, + {NT_STATUS_TOO_MANY_LINKS, EMLINK}, + {NT_STATUS_NETWORK_BUSY, EBUSY}, + {NT_STATUS_DEVICE_DOES_NOT_EXIST, ENODEV}, +#ifdef ELIBACC + {NT_STATUS_DLL_NOT_FOUND, ELIBACC}, +#endif + {NT_STATUS_PIPE_BROKEN, EPIPE}, + {NT_STATUS_REMOTE_NOT_LISTENING, ECONNREFUSED}, + {NT_STATUS_NETWORK_ACCESS_DENIED, EACCES}, + {NT_STATUS_TOO_MANY_OPENED_FILES, EMFILE}, +#ifdef EPROTO + {NT_STATUS_DEVICE_PROTOCOL_ERROR, EPROTO}, +#endif + {NT_STATUS_FLOAT_OVERFLOW, ERANGE}, + {NT_STATUS_FLOAT_UNDERFLOW, ERANGE}, + {NT_STATUS_INTEGER_OVERFLOW, ERANGE}, + {NT_STATUS_MEDIA_WRITE_PROTECTED, EROFS}, + {NT_STATUS_PIPE_CONNECTED, EISCONN}, + {NT_STATUS_MEMORY_NOT_ALLOCATED, EFAULT}, + {NT_STATUS_FLOAT_INEXACT_RESULT, ERANGE}, + {NT_STATUS_ILL_FORMED_PASSWORD, EACCES}, + {NT_STATUS_PASSWORD_RESTRICTION, EACCES}, + {NT_STATUS_ACCOUNT_RESTRICTION, EACCES}, + {NT_STATUS_PORT_CONNECTION_REFUSED, ECONNREFUSED}, + {NT_STATUS_NAME_TOO_LONG, ENAMETOOLONG}, + {NT_STATUS_REMOTE_DISCONNECT, ESHUTDOWN}, + {NT_STATUS_CONNECTION_DISCONNECTED, ECONNABORTED}, + {NT_STATUS_CONNECTION_RESET, ENETRESET}, +#ifdef ENOTUNIQ + {NT_STATUS_IP_ADDRESS_CONFLICT1, ENOTUNIQ}, + {NT_STATUS_IP_ADDRESS_CONFLICT2, ENOTUNIQ}, +#endif + {NT_STATUS_PORT_MESSAGE_TOO_LONG, EMSGSIZE}, + {NT_STATUS_PROTOCOL_UNREACHABLE, ENOPROTOOPT}, + {NT_STATUS_ADDRESS_ALREADY_EXISTS, EADDRINUSE}, + {NT_STATUS_PORT_UNREACHABLE, EHOSTUNREACH}, + {NT_STATUS_IO_TIMEOUT, ETIMEDOUT}, + {NT_STATUS_RETRY, EAGAIN}, +#ifdef ENOTUNIQ + {NT_STATUS_DUPLICATE_NAME, ENOTUNIQ}, +#endif +#ifdef ECOMM + {NT_STATUS_NET_WRITE_FAULT, ECOMM}, +#endif +#ifdef EXDEV + {NT_STATUS_NOT_SAME_DEVICE, EXDEV}, +#endif + {NT_STATUS(0), 0} +}; + +int map_errno_from_nt_status(NTSTATUS status) +{ + int i; + DEBUG(10,("map_errno_from_nt_status: 32 bit codes: code=%08x\n", + NT_STATUS_V(status))); + + /* Status codes without this bit set are not errors */ + + if (!(NT_STATUS_V(status) & 0xc0000000)) { + return 0; + } + + for (i=0;nt_errno_map[i].error;i++) { + if (NT_STATUS_V(nt_errno_map[i].status) == + NT_STATUS_V(status)) { + return nt_errno_map[i].error; + } + } + + /* for all other cases - a default code */ + return EINVAL; +} -- cgit From 543c6a02ae1dcb903de800c88af1f9e221827d61 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Oct 2008 18:06:58 -0700 Subject: For the vfs_acl_xattr.c module, make sure we map GENERIC file and directory bits to specific bits every time a security descriptor is set. The S4 torture suite proves that generic bits are not returned when querying an ACL set using them (ie. only the specific bits are stored on disk). Jeremy. --- source3/lib/util_seaccess.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'source3/lib') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 87e70bb95b..cab4261adf 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -176,6 +176,24 @@ void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping) } } +/* Map generic access rights to object specific rights for all the ACE's + * in a security_acl. + */ + +void security_acl_map_generic(struct security_acl *sa, + const struct generic_mapping *mapping) +{ + unsigned int i; + + if (!sa) { + return; + } + + for (i = 0; i < sa->num_aces; i++) { + se_map_generic(&sa->aces[i].access_mask, mapping); + } +} + /* Map standard access rights to object specific rights. This technique is used to give meaning to assigning read, write, execute and all access to objects. Each type of object has its own mapping of standard to object -- cgit From e5692d4cbe70dc4f2aba88db4fa3b68c572c6142 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 9 Oct 2008 09:49:03 -0700 Subject: Remove SEC_ACCESS. It's a uint32_t. Jeremy. --- source3/lib/display_sec.c | 2 +- source3/lib/secace.c | 2 +- source3/lib/secdesc.c | 13 +------------ source3/lib/sharesec.c | 8 ++++---- source3/lib/util_seaccess.c | 14 +++++++------- 5 files changed, 14 insertions(+), 25 deletions(-) (limited to 'source3/lib') diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c index 67392e4568..5427a8173e 100644 --- a/source3/lib/display_sec.c +++ b/source3/lib/display_sec.c @@ -118,7 +118,7 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type) /**************************************************************************** display sec_access structure ****************************************************************************/ -void display_sec_access(SEC_ACCESS *info) +void display_sec_access(uint32_t *info) { char *mask_str = get_sec_mask_str(NULL, *info); printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : ""); diff --git a/source3/lib/secace.c b/source3/lib/secace.c index 8760a6109a..9f5a0c02ba 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -55,7 +55,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ********************************************************************/ void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type, - uint32 mask, uint8 flag) + uint32_t mask, uint8 flag) { t->type = type; t->flags = flag; diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 4965200bc1..52ff067d6a 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -512,7 +512,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, if (!inherit) continue; - init_sec_access(&new_ace->access_mask, ace->access_mask); + new_ace->access_mask = ace->access_mask; init_sec_ace(new_ace, &ace->trustee, ace->type, new_ace->access_mask, new_flags); @@ -546,14 +546,3 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, return sdb; } - -/******************************************************************* - Sets up a SEC_ACCESS structure. -********************************************************************/ - -void init_sec_access(uint32 *t, uint32 mask) -{ - *t = mask; -} - - diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 33f66ca47f..298655e181 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -124,7 +124,7 @@ static bool share_info_db_init(void) SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access) { - SEC_ACCESS sa; + uint32_t sa; SEC_ACE ace; SEC_ACL *psa = NULL; SEC_DESC *psd = NULL; @@ -132,7 +132,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def se_map_generic(&spec_access, &file_generic_mapping); - init_sec_access(&sa, def_access | spec_access ); + sa = (def_access | spec_access ); init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { @@ -332,7 +332,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) } for (i = 0; i < num_aces; i++) { - SEC_ACCESS sa; + uint32_t sa; uint32 g_access; uint32 s_access; DOM_SID sid; @@ -380,7 +380,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) pacl++; /* Go past any ',' */ se_map_generic(&s_access, &file_generic_mapping); - init_sec_access(&sa, g_access | s_access ); + sa = (g_access | s_access); init_sec_ace(&ace_list[i], &sid, type, sa, 0); } diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index cab4261adf..7e461556b3 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -30,7 +30,7 @@ extern NT_USER_TOKEN anonymous_token; static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, NTSTATUS *status) { - uint32 mask = ace->access_mask; + uint32_t mask = ace->access_mask; /* * Inherit only is ignored. @@ -346,7 +346,6 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) DOM_SID act_sid; SEC_ACE ace[3]; - SEC_ACCESS mask; SEC_ACL *psa = NULL; @@ -357,13 +356,14 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); /*basic access for every one*/ - init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ); - init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, + GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0); /*full access for builtin aliases Administrators and Account Operators*/ - init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS); - init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[1], &adm_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); + init_sec_ace(&ace[2], &act_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; -- cgit