diff options
Diffstat (limited to 'source3/lib/sharesec.c')
| -rw-r--r-- | source3/lib/sharesec.c | 105 |
1 files changed, 65 insertions, 40 deletions
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 410fc1336b..c7a8e51c05 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -21,7 +21,8 @@ #include "system/filesys.h" #include "../libcli/security/security.h" #include "../librpc/gen_ndr/ndr_security.h" -#include "dbwrap.h" +#include "dbwrap/dbwrap.h" +#include "dbwrap/dbwrap_open.h" #include "util_tdb.h" /******************************************************************* @@ -40,7 +41,7 @@ extern const struct generic_mapping file_generic_mapping; static int delete_fn(struct db_record *rec, void *priv) { - rec->delete_rec(rec); + dbwrap_record_delete(rec); return 0; } @@ -57,25 +58,29 @@ static int upgrade_v2_to_v3(struct db_record *rec, void *priv) char *newkey = NULL; bool *p_upgrade_ok = (bool *)priv; NTSTATUS status; + TDB_DATA key; + TDB_DATA value; + + key = dbwrap_record_get_key(rec); /* Is there space for a one character sharename ? */ - if (rec->key.dsize <= prefix_len+2) { + if (key.dsize <= prefix_len+2) { return 0; } /* Does it start with the share key prefix ? */ - if (memcmp(rec->key.dptr, SHARE_SECURITY_DB_KEY_PREFIX_STR, + if (memcmp(key.dptr, SHARE_SECURITY_DB_KEY_PREFIX_STR, prefix_len) != 0) { return 0; } /* Is it a null terminated string as a key ? */ - if (rec->key.dptr[rec->key.dsize-1] != '\0') { + if (key.dptr[key.dsize-1] != '\0') { return 0; } /* Bytes after the prefix are the sharename string. */ - servicename = (char *)&rec->key.dptr[prefix_len]; + servicename = (char *)&key.dptr[prefix_len]; c_servicename = canonicalize_servicename(talloc_tos(), servicename); if (!c_servicename) { smb_panic("out of memory upgrading share security db from v2 -> v3"); @@ -88,16 +93,17 @@ static int upgrade_v2_to_v3(struct db_record *rec, void *priv) } /* Oops. Need to canonicalize name, delete old then store new. */ - status = rec->delete_rec(rec); + status = dbwrap_record_delete(rec); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("upgrade_v2_to_v3: Failed to delete secdesc for " - "%s: %s\n", rec->key.dptr, nt_errstr(status))); + "%s: %s\n", (const char *)key.dptr, + nt_errstr(status))); TALLOC_FREE(c_servicename); *p_upgrade_ok = false; return -1; } else { DEBUG(10, ("upgrade_v2_to_v3: deleted secdesc for " - "%s\n", rec->key.dptr )); + "%s\n", (const char *)key.dptr)); } if (!(newkey = talloc_asprintf(talloc_tos(), @@ -106,9 +112,10 @@ static int upgrade_v2_to_v3(struct db_record *rec, void *priv) smb_panic("out of memory upgrading share security db from v2 -> v3"); } + value = dbwrap_record_get_value(rec); status = dbwrap_store(share_db, string_term_tdb_data(newkey), - rec->value, + value, TDB_REPLACE); if (!NT_STATUS_IS_OK(status)) { @@ -132,39 +139,48 @@ static int upgrade_v2_to_v3(struct db_record *rec, void *priv) bool share_info_db_init(void) { const char *vstring = "INFO/version"; - int32 vers_id; - int ret; + int32 vers_id = 0; bool upgrade_ok = true; + NTSTATUS status; if (share_db != NULL) { return True; } share_db = db_open(NULL, state_path("share_info.tdb"), 0, - TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + TDB_DEFAULT, O_RDWR|O_CREAT, 0600, + DBWRAP_LOCK_ORDER_1); if (share_db == NULL) { DEBUG(0,("Failed to open share info database %s (%s)\n", state_path("share_info.tdb"), strerror(errno) )); return False; } - vers_id = dbwrap_fetch_int32(share_db, vstring); + status = dbwrap_fetch_int32_bystring(share_db, vstring, &vers_id); + if (!NT_STATUS_IS_OK(status)) { + vers_id = 0; + } + if (vers_id == SHARE_DATABASE_VERSION_V3) { return true; } - if (share_db->transaction_start(share_db) != 0) { + if (dbwrap_transaction_start(share_db) != 0) { DEBUG(0, ("transaction_start failed\n")); TALLOC_FREE(share_db); return false; } - vers_id = dbwrap_fetch_int32(share_db, vstring); + status = dbwrap_fetch_int32_bystring(share_db, vstring, &vers_id); + if (!NT_STATUS_IS_OK(status)) { + vers_id = 0; + } + if (vers_id == SHARE_DATABASE_VERSION_V3) { /* * Race condition */ - if (share_db->transaction_cancel(share_db)) { + if (dbwrap_transaction_cancel(share_db)) { smb_panic("transaction_cancel failed"); } return true; @@ -176,41 +192,47 @@ bool share_info_db_init(void) if ((vers_id == SHARE_DATABASE_VERSION_V1) || (IREV(vers_id) == SHARE_DATABASE_VERSION_V1)) { /* Written on a bigendian machine with old fetch_int code. Save as le. */ - if (dbwrap_store_int32(share_db, vstring, - SHARE_DATABASE_VERSION_V2) != 0) { - DEBUG(0, ("dbwrap_store_int32 failed\n")); + status = dbwrap_store_int32_bystring( + share_db, vstring, SHARE_DATABASE_VERSION_V2); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("dbwrap_store_int32 failed: %s\n", + nt_errstr(status))); goto cancel; } vers_id = SHARE_DATABASE_VERSION_V2; } if (vers_id != SHARE_DATABASE_VERSION_V2) { - ret = share_db->traverse(share_db, delete_fn, NULL); - if (ret < 0) { + status = dbwrap_traverse(share_db, delete_fn, NULL, NULL); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("traverse failed\n")); goto cancel; } - if (dbwrap_store_int32(share_db, vstring, - SHARE_DATABASE_VERSION_V2) != 0) { - DEBUG(0, ("dbwrap_store_int32 failed\n")); + status = dbwrap_store_int32_bystring( + share_db, vstring, SHARE_DATABASE_VERSION_V2); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("dbwrap_store_int32 failed: %s\n", + nt_errstr(status))); goto cancel; } } /* Finally upgrade to version 3, with canonicalized sharenames. */ - ret = share_db->traverse(share_db, upgrade_v2_to_v3, &upgrade_ok); - if (ret < 0 || upgrade_ok == false) { + status = dbwrap_traverse(share_db, upgrade_v2_to_v3, &upgrade_ok, NULL); + if (!NT_STATUS_IS_OK(status) || upgrade_ok == false) { DEBUG(0, ("traverse failed\n")); goto cancel; } - if (dbwrap_store_int32(share_db, vstring, - SHARE_DATABASE_VERSION_V3) != 0) { - DEBUG(0, ("dbwrap_store_int32 failed\n")); + status = dbwrap_store_int32_bystring( + share_db, vstring, SHARE_DATABASE_VERSION_V3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("dbwrap_store_int32 failed: %s\n", + nt_errstr(status))); goto cancel; } - if (share_db->transaction_commit(share_db) != 0) { + if (dbwrap_transaction_commit(share_db) != 0) { DEBUG(0, ("transaction_commit failed\n")); return false; } @@ -218,7 +240,7 @@ bool share_info_db_init(void) return true; cancel: - if (share_db->transaction_cancel(share_db)) { + if (dbwrap_transaction_cancel(share_db)) { smb_panic("transaction_cancel failed"); } @@ -287,13 +309,13 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser TALLOC_FREE(c_servicename); - data = dbwrap_fetch_bystring(share_db, talloc_tos(), key); + status = dbwrap_fetch_bystring(share_db, talloc_tos(), key, &data); TALLOC_FREE(key); - if (data.dptr == NULL) { + if (!NT_STATUS_IS_OK(status)) { return get_share_security_default(ctx, psize, - GENERIC_ALL_ACCESS); + SEC_RIGHTS_DIR_ALL); } status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd); @@ -304,14 +326,14 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser DEBUG(0, ("unmarshall_sec_desc failed: %s\n", nt_errstr(status))); return get_share_security_default(ctx, psize, - GENERIC_ALL_ACCESS); + SEC_RIGHTS_DIR_ALL); } if (psd) { *psize = ndr_size_security_descriptor(psd, 0); } else { return get_share_security_default(ctx, psize, - GENERIC_ALL_ACCESS); + SEC_RIGHTS_DIR_ALL); } return psd; @@ -423,10 +445,13 @@ bool share_access_check(const struct security_token *token, psd = get_share_security(talloc_tos(), sharename, &sd_size); if (!psd) { - return True; + if (pgranted != NULL) { + *pgranted = desired_access; + } + return false; } - status = se_access_check(psd, token, desired_access, &granted); + status = se_file_access_check(psd, token, true, desired_access, &granted); TALLOC_FREE(psd); @@ -469,7 +494,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_d /* Add the number of ',' characters to get the number of aces. */ num_aces += count_chars(pacl,','); - ace_list = TALLOC_ARRAY(ctx, struct security_ace, num_aces); + ace_list = talloc_array(ctx, struct security_ace, num_aces); if (!ace_list) { return False; } |