#include "auth.h"
#include "smbprofile.h"
#include "libsmb/libsmb.h"
+#include "lib/util_ea.h"
extern const struct generic_mapping file_generic_mapping;
int params_sent_thistime, data_sent_thistime, total_sent_thistime;
int alignment_offset = 1;
int data_alignment_offset = 0;
- struct smbd_server_connection *sconn = req->sconn;
- int max_send = sconn->smb1.sessions.max_send;
+ struct smbXsrv_connection *xconn = req->xconn;
+ int max_send = xconn->smb1.sessions.max_send;
/*
* If there genuinely are no parameters or data to send just send
__LINE__,__FILE__);
}
show_msg((char *)req->outbuf);
- if (!srv_send_smb(sconn,
+ if (!srv_send_smb(xconn,
(char *)req->outbuf,
true, req->seqnum+1,
IS_CONN_ENCRYPTED(conn),
total_sent_thistime + alignment_offset
+ data_alignment_offset);
- /*
- * We might have had SMBnttranss in req->inbuf, fix that.
- */
- SCVAL(req->outbuf, smb_com, SMBnttrans);
-
/*
* Set total params and data to be sent.
*/
/* Send the packet */
show_msg((char *)req->outbuf);
- if (!srv_send_smb(sconn,
+ if (!srv_send_smb(xconn,
(char *)req->outbuf,
true, req->seqnum+1,
IS_CONN_ENCRYPTED(conn),
****************************************************************************/
static void nt_open_pipe(char *fname, connection_struct *conn,
- struct smb_request *req, int *ppnum)
+ struct smb_request *req, uint16_t *ppnum)
{
files_struct *fsp;
NTSTATUS status;
struct smb_request *req)
{
char *fname = NULL;
- int pnum = -1;
+ uint16_t pnum = FNUM_FIELD_INVALID;
char *p = NULL;
- uint32 flags = IVAL(req->vwv+3, 1);
+ uint32_t flags = IVAL(req->vwv+3, 1);
TALLOC_CTX *ctx = talloc_tos();
srvstr_pull_req_talloc(ctx, req, &fname, req->buf, STR_TERMINATE);
connection_struct *conn = req->conn;
struct smb_filename *smb_fname = NULL;
char *fname = NULL;
- uint32 flags;
- uint32 access_mask;
- uint32 file_attributes;
- uint32 share_access;
- uint32 create_disposition;
- uint32 create_options;
- uint16 root_dir_fid;
+ uint32_t flags;
+ uint32_t access_mask;
+ uint32_t file_attributes;
+ uint32_t share_access;
+ uint32_t create_disposition;
+ uint32_t create_options;
+ uint16_t root_dir_fid;
uint64_t allocation_size;
/* Breakout the oplock request bits so we can set the
reply bits separately. */
- uint32 fattr=0;
+ uint32_t fattr=0;
off_t file_len = 0;
int info = 0;
files_struct *fsp = NULL;
struct timespec c_timespec;
struct timespec a_timespec;
struct timespec m_timespec;
- struct timespec write_time_ts;
NTSTATUS status;
int oplock_request;
uint8_t oplock_granted = NO_OPLOCK_RETURN;
struct case_semantics_state *case_state = NULL;
+ uint32_t ucf_flags = UCF_PREP_CREATEFILE |
+ (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBntcreateX);
share_access = IVAL(req->vwv+15, 1);
create_disposition = IVAL(req->vwv+17, 1);
create_options = IVAL(req->vwv+19, 1);
- root_dir_fid = (uint16)IVAL(req->vwv+5, 1);
+ root_dir_fid = (uint16_t)IVAL(req->vwv+5, 1);
allocation_size = BVAL(req->vwv+9, 1);
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ ucf_flags,
NULL,
&smb_fname);
create_options, /* create_options */
file_attributes, /* file_attributes */
oplock_request, /* oplock_request */
+ NULL, /* lease */
allocation_size, /* allocation_size */
0, /* private_flags */
NULL, /* sd */
NULL, /* ea_list */
&fsp, /* result */
- &info); /* pinfo */
+ &info, /* pinfo */
+ NULL, NULL); /* create context */
if (!NT_STATUS_IS_OK(status)) {
- if (open_was_deferred(req->sconn, req->mid)) {
+ if (open_was_deferred(req->xconn, req->mid)) {
/* We have re-scheduled this call, no error. */
goto out;
}
fattr = FILE_ATTRIBUTE_NORMAL;
}
- /* Deal with other possible opens having a modified
- write time. JRA. */
- ZERO_STRUCT(write_time_ts);
- get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
- if (!null_timespec(write_time_ts)) {
- update_stat_ex_mtime(&smb_fname->st, write_time_ts);
- }
-
/* Create time. */
create_timespec = get_create_timespec(conn, fsp, smb_fname);
a_timespec = smb_fname->st.st_ex_atime;
if (NT_STATUS_IS_OK(status) && num_names) {
file_status &= ~NO_EAS;
}
- status = vfs_streaminfo(conn, NULL, smb_fname->base_name, ctx,
+ status = vfs_streaminfo(conn, NULL, smb_fname, ctx,
&num_streams, &streams);
/* There is always one stream, ::$DATA. */
if (NT_STATUS_IS_OK(status) && num_streams > 1) {
SCVAL(p,0,fsp->is_directory ? 1 : 0);
if (flags & EXTENDED_RESPONSE_REQUIRED) {
- uint32 perms = 0;
+ uint32_t perms = 0;
p += 25;
if (fsp->is_directory ||
+ fsp->can_write ||
can_write_to_file(conn, smb_fname)) {
perms = FILE_GENERIC_ALL;
} else {
static void do_nt_transact_create_pipe(connection_struct *conn,
struct smb_request *req,
- uint16 **ppsetup, uint32 setup_count,
- char **ppparams, uint32 parameter_count,
- char **ppdata, uint32 data_count)
+ uint16_t **ppsetup, uint32_t setup_count,
+ char **ppparams, uint32_t parameter_count,
+ char **ppdata, uint32_t data_count)
{
char *fname = NULL;
char *params = *ppparams;
- int pnum = -1;
+ uint16_t pnum = FNUM_FIELD_INVALID;
char *p = NULL;
NTSTATUS status;
size_t param_len;
- uint32 flags;
+ uint32_t flags;
TALLOC_CTX *ctx = talloc_tos();
/*
flags = IVAL(params,0);
- srvstr_get_path(ctx, params, req->flags2, &fname, params+53,
- parameter_count-53, STR_TERMINATE,
+ if (req->posix_pathnames) {
+ srvstr_get_path_posix(ctx,
+ params,
+ req->flags2,
+ &fname,
+ params+53,
+ parameter_count-53,
+ STR_TERMINATE,
+ &status);
+ } else {
+ srvstr_get_path(ctx,
+ params,
+ req->flags2,
+ &fname,
+ params+53,
+ parameter_count-53,
+ STR_TERMINATE,
&status);
+ }
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
return;
}
+/*********************************************************************
+ Windows seems to do canonicalization of inheritance bits. Do the
+ same.
+*********************************************************************/
+
+static void canonicalize_inheritance_bits(struct security_descriptor *psd)
+{
+ bool set_auto_inherited = false;
+
+ /*
+ * We need to filter out the
+ * SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
+ * bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
+ * as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
+ * when an ACE is inherited. Otherwise we zero these bits out.
+ * See:
+ *
+ * http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
+ *
+ * for details.
+ */
+
+ if ((psd->type & (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ))
+ == (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ)) {
+ set_auto_inherited = true;
+ }
+
+ psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ);
+ if (set_auto_inherited) {
+ psd->type |= SEC_DESC_DACL_AUTO_INHERITED;
+ }
+}
+
/****************************************************************************
Internal fn to set security descriptors.
****************************************************************************/
-NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len,
+NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
uint32_t security_info_sent)
{
- struct security_descriptor *psd = NULL;
NTSTATUS status;
- if (sd_len == 0) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
if (!CAN_WRITE(fsp->conn)) {
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
}
- status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
-
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
+ DEBUG(10, ("ACL set on symlink %s denied.\n",
+ fsp_str_dbg(fsp)));
+ return NT_STATUS_ACCESS_DENIED;
}
if (psd->owner_sid == NULL) {
/* Ensure we have at least one thing set. */
if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
- if (security_info_sent & SECINFO_LABEL) {
- /* Only consider SECINFO_LABEL if no other
- bits are set. Just like W2K3 we don't
- store this. */
- return NT_STATUS_OK;
- }
- return NT_STATUS_INVALID_PARAMETER;
+ /* Just like W2K3 */
+ return NT_STATUS_OK;
}
/* Ensure we have the rights to do this. */
}
}
+ canonicalize_inheritance_bits(psd);
+
if (DEBUGLEVEL >= 10) {
DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
NDR_PRINT_DEBUG(security_descriptor, psd);
}
/****************************************************************************
- Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
+ Internal fn to set security descriptors from a data blob.
****************************************************************************/
-struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
+NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
+ uint32_t security_info_sent)
{
- struct ea_list *ea_list_head = NULL;
- size_t offset = 0;
+ struct security_descriptor *psd = NULL;
+ NTSTATUS status;
- if (data_size < 4) {
- return NULL;
+ if (sd_len == 0) {
+ return NT_STATUS_INVALID_PARAMETER;
}
- while (offset + 4 <= data_size) {
- size_t next_offset = IVAL(pdata,offset);
- struct ea_list *eal = read_ea_list_entry(ctx, pdata + offset + 4, data_size - offset - 4, NULL);
-
- if (!eal) {
- return NULL;
- }
+ status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
- DLIST_ADD_END(ea_list_head, eal, struct ea_list *);
- if (next_offset == 0) {
- break;
- }
- offset += next_offset;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- return ea_list_head;
+ return set_sd(fsp, psd, security_info_sent);
}
/****************************************************************************
static void call_nt_transact_create(connection_struct *conn,
struct smb_request *req,
- uint16 **ppsetup, uint32 setup_count,
- char **ppparams, uint32 parameter_count,
- char **ppdata, uint32 data_count,
- uint32 max_data_count)
+ uint16_t **ppsetup, uint32_t setup_count,
+ char **ppparams, uint32_t parameter_count,
+ char **ppdata, uint32_t data_count,
+ uint32_t max_data_count)
{
struct smb_filename *smb_fname = NULL;
char *fname = NULL;
char *params = *ppparams;
char *data = *ppdata;
/* Breakout the oplock request bits so we can set the reply bits separately. */
- uint32 fattr=0;
+ uint32_t fattr=0;
off_t file_len = 0;
int info = 0;
files_struct *fsp = NULL;
char *p = NULL;
- uint32 flags;
- uint32 access_mask;
- uint32 file_attributes;
- uint32 share_access;
- uint32 create_disposition;
- uint32 create_options;
- uint32 sd_len;
+ uint32_t flags;
+ uint32_t access_mask;
+ uint32_t file_attributes;
+ uint32_t share_access;
+ uint32_t create_disposition;
+ uint32_t create_options;
+ uint32_t sd_len;
struct security_descriptor *sd = NULL;
- uint32 ea_len;
- uint16 root_dir_fid;
+ uint32_t ea_len;
+ uint16_t root_dir_fid;
struct timespec create_timespec;
struct timespec c_timespec;
struct timespec a_timespec;
struct timespec m_timespec;
- struct timespec write_time_ts;
struct ea_list *ea_list = NULL;
NTSTATUS status;
size_t param_len;
int oplock_request;
uint8_t oplock_granted;
struct case_semantics_state *case_state = NULL;
+ uint32_t ucf_flags = UCF_PREP_CREATEFILE |
+ (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
TALLOC_CTX *ctx = talloc_tos();
DEBUG(5,("call_nt_transact_create\n"));
create_options = IVAL(params,32);
sd_len = IVAL(params,36);
ea_len = IVAL(params,40);
- root_dir_fid = (uint16)IVAL(params,4);
+ root_dir_fid = (uint16_t)IVAL(params,4);
allocation_size = BVAL(params,12);
/*
*/
create_options &= ~NTCREATEX_OPTIONS_MUST_IGNORE_MASK;
+ if (req->posix_pathnames) {
+ srvstr_get_path_posix(ctx,
+ params,
+ req->flags2,
+ &fname,
+ params+53,
+ parameter_count-53,
+ STR_TERMINATE,
+ &status);
+ } else {
+ srvstr_get_path(ctx,
+ params,
+ req->flags2,
+ &fname,
+ params+53,
+ parameter_count-53,
+ STR_TERMINATE,
+ &status);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ goto out;
+ }
+
+ if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
+ case_state = set_posix_case_semantics(ctx, conn);
+ if (!case_state) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
+ status = filename_convert(ctx,
+ conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ ucf_flags,
+ NULL,
+ &smb_fname);
+
+ TALLOC_FREE(case_state);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
+ reply_botherror(req,
+ NT_STATUS_PATH_NOT_COVERED,
+ ERRSRV, ERRbadpath);
+ goto out;
+ }
+ reply_nterror(req, status);
+ goto out;
+ }
+
/* Ensure the data_len is correct for the sd and ea values given. */
if ((ea_len + sd_len > data_count)
|| (ea_len > data_count) || (sd_len > data_count)
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
goto out;
}
- }
- srvstr_get_path(ctx, params, req->flags2, &fname,
- params+53, parameter_count-53,
- STR_TERMINATE, &status);
- if (!NT_STATUS_IS_OK(status)) {
- reply_nterror(req, status);
- goto out;
- }
-
- if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
- case_state = set_posix_case_semantics(ctx, conn);
- if (!case_state) {
- reply_nterror(req, NT_STATUS_NO_MEMORY);
- goto out;
- }
- }
-
- status = filename_convert(ctx,
- conn,
- req->flags2 & FLAGS2_DFS_PATHNAMES,
- fname,
- 0,
- NULL,
- &smb_fname);
-
- TALLOC_FREE(case_state);
+ if (ea_list_has_invalid_name(ea_list)) {
+ /* Realloc the size of parameters and data we will return */
+ if (flags & EXTENDED_RESPONSE_REQUIRED) {
+ /* Extended response is 32 more byyes. */
+ param_len = 101;
+ } else {
+ param_len = 69;
+ }
+ params = nttrans_realloc(ppparams, param_len);
+ if(params == NULL) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ goto out;
+ }
- if (!NT_STATUS_IS_OK(status)) {
- if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) {
- reply_botherror(req,
- NT_STATUS_PATH_NOT_COVERED,
- ERRSRV, ERRbadpath);
+ memset(params, '\0', param_len);
+ send_nt_replies(conn, req, STATUS_INVALID_EA_NAME,
+ params, param_len, NULL, 0);
goto out;
}
- reply_nterror(req, status);
- goto out;
}
oplock_request = (flags & REQUEST_OPLOCK) ? EXCLUSIVE_OPLOCK : 0;
create_options, /* create_options */
file_attributes, /* file_attributes */
oplock_request, /* oplock_request */
+ NULL, /* lease */
allocation_size, /* allocation_size */
0, /* private_flags */
sd, /* sd */
ea_list, /* ea_list */
&fsp, /* result */
- &info); /* pinfo */
+ &info, /* pinfo */
+ NULL, NULL); /* create context */
if(!NT_STATUS_IS_OK(status)) {
- if (open_was_deferred(req->sconn, req->mid)) {
+ if (open_was_deferred(req->xconn, req->mid)) {
/* We have re-scheduled this call, no error. */
return;
}
fattr = FILE_ATTRIBUTE_NORMAL;
}
- /* Deal with other possible opens having a modified
- write time. JRA. */
- ZERO_STRUCT(write_time_ts);
- get_file_infos(fsp->file_id, 0, NULL, &write_time_ts);
- if (!null_timespec(write_time_ts)) {
- update_stat_ex_mtime(&smb_fname->st, write_time_ts);
- }
-
/* Create time. */
create_timespec = get_create_timespec(conn, fsp, smb_fname);
a_timespec = smb_fname->st.st_ex_atime;
if (NT_STATUS_IS_OK(status) && num_names) {
file_status &= ~NO_EAS;
}
- status = vfs_streaminfo(conn, NULL, smb_fname->base_name, ctx,
+ status = vfs_streaminfo(conn, NULL, smb_fname, ctx,
&num_streams, &streams);
/* There is always one stream, ::$DATA. */
if (NT_STATUS_IS_OK(status) && num_streams > 1) {
SCVAL(p,0,fsp->is_directory ? 1 : 0);
if (flags & EXTENDED_RESPONSE_REQUIRED) {
- uint32 perms = 0;
+ uint32_t perms = 0;
p += 25;
if (fsp->is_directory ||
+ fsp->can_write ||
can_write_to_file(conn, smb_fname)) {
perms = FILE_GENERIC_ALL;
} else {
void reply_ntcancel(struct smb_request *req)
{
+ struct smbXsrv_connection *xconn = req->xconn;
+ struct smbd_server_connection *sconn = req->sconn;
+
/*
* Go through and cancel any pending change notifies.
*/
START_PROFILE(SMBntcancel);
- srv_cancel_sign_response(req->sconn);
- remove_pending_change_notify_requests_by_mid(req->sconn, req->mid);
- remove_pending_lock_requests_by_mid_smb1(req->sconn, req->mid);
+ srv_cancel_sign_response(xconn);
+ remove_pending_change_notify_requests_by_mid(sconn, req->mid);
+ remove_pending_lock_requests_by_mid_smb1(sconn, req->mid);
DEBUG(3,("reply_ntcancel: cancel called on mid = %llu.\n",
(unsigned long long)req->mid));
struct smb_request *req,
struct smb_filename *smb_fname_src,
struct smb_filename *smb_fname_dst,
- uint32 attrs)
+ uint32_t attrs)
{
files_struct *fsp1,*fsp2;
- uint32 fattr;
+ uint32_t fattr;
int info;
off_t ret=-1;
NTSTATUS status = NT_STATUS_OK;
0, /* create_options */
FILE_ATTRIBUTE_NORMAL, /* file_attributes */
NO_OPLOCK, /* oplock_request */
+ NULL, /* lease */
0, /* allocation_size */
0, /* private_flags */
NULL, /* sd */
NULL, /* ea_list */
&fsp1, /* result */
- &info); /* pinfo */
+ &info, /* pinfo */
+ NULL, NULL); /* create context */
if (!NT_STATUS_IS_OK(status)) {
goto out;
0, /* create_options */
fattr, /* file_attributes */
NO_OPLOCK, /* oplock_request */
+ NULL, /* lease */
0, /* allocation_size */
0, /* private_flags */
NULL, /* sd */
NULL, /* ea_list */
&fsp2, /* result */
- &info); /* pinfo */
+ &info, /* pinfo */
+ NULL, NULL); /* create context */
if (!NT_STATUS_IS_OK(status)) {
close_file(NULL, fsp1, ERROR_CLOSE);
NTSTATUS status;
bool src_has_wcard = False;
bool dest_has_wcard = False;
- uint32 attrs;
- uint32_t ucf_flags_src = 0;
- uint32_t ucf_flags_dst = 0;
- uint16 rename_type;
+ uint32_t attrs;
+ uint32_t ucf_flags_src = (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
+ uint32_t ucf_flags_dst = (req->posix_pathnames ? UCF_POSIX_PATHNAMES : 0);
+ uint16_t rename_type;
TALLOC_CTX *ctx = talloc_tos();
bool stream_rename = false;
goto out;
}
- if (ms_has_wild(oldname)) {
+ if (!req->posix_pathnames && ms_has_wild(oldname)) {
reply_nterror(req, NT_STATUS_OBJECT_PATH_SYNTAX_BAD);
goto out;
}
goto out;
}
- if (!lp_posix_pathnames()) {
+ if (!req->posix_pathnames) {
/* The newname must begin with a ':' if the
oldname contains a ':'. */
if (strchr_m(oldname, ':')) {
}
if (!NT_STATUS_IS_OK(status)) {
- if (open_was_deferred(req->sconn, req->mid)) {
+ if (open_was_deferred(req->xconn, req->mid)) {
/* We have re-scheduled this call. */
goto out;
}
static void call_nt_transact_notify_change(connection_struct *conn,
struct smb_request *req,
- uint16 **ppsetup,
- uint32 setup_count,
+ uint16_t **ppsetup,
+ uint32_t setup_count,
char **ppparams,
- uint32 parameter_count,
- char **ppdata, uint32 data_count,
- uint32 max_data_count,
- uint32 max_param_count)
+ uint32_t parameter_count,
+ char **ppdata, uint32_t data_count,
+ uint32_t max_data_count,
+ uint32_t max_param_count)
{
- uint16 *setup = *ppsetup;
+ uint16_t *setup = *ppsetup;
files_struct *fsp;
- uint32 filter;
+ uint32_t filter;
NTSTATUS status;
bool recursive;
static void call_nt_transact_rename(connection_struct *conn,
struct smb_request *req,
- uint16 **ppsetup, uint32 setup_count,
- char **ppparams, uint32 parameter_count,
- char **ppdata, uint32 data_count,
- uint32 max_data_count)
+ uint16_t **ppsetup, uint32_t setup_count,
+ char **ppparams, uint32_t parameter_count,
+ char **ppdata, uint32_t data_count,
+ uint32_t max_data_count)
{
char *params = *ppparams;
char *new_name = NULL;
if (!check_fsp(conn, req, fsp)) {
return;
}
- srvstr_get_path_wcard(ctx, params, req->flags2, &new_name, params+4,
- parameter_count - 4,
- STR_TERMINATE, &status, &dest_has_wcard);
+ if (req->posix_pathnames) {
+ srvstr_get_path_wcard_posix(ctx,
+ params,
+ req->flags2,
+ &new_name,
+ params+4,
+ parameter_count - 4,
+ STR_TERMINATE,
+ &status,
+ &dest_has_wcard);
+ } else {
+ srvstr_get_path_wcard(ctx,
+ params,
+ req->flags2,
+ &new_name,
+ params+4,
+ parameter_count - 4,
+ STR_TERMINATE,
+ &status,
+ &dest_has_wcard);
+ }
+
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
/****************************************************************************
Reply to query a security descriptor.
- Callable from SMB2 and SMB2.
+ Callable from SMB1 and SMB2.
If it returns NT_STATUS_BUFFER_TOO_SMALL, pdata_size is initialized with
the required size.
****************************************************************************/
{
NTSTATUS status;
struct security_descriptor *psd = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
/*
* Get the permissions to return.
if ((security_info_wanted & SECINFO_SACL) &&
!(fsp->access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
DEBUG(10, ("Access to SACL denied.\n"));
+ TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
}
if ((security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) &&
!(fsp->access_mask & SEC_STD_READ_CONTROL)) {
DEBUG(10, ("Access to DACL, OWNER, or GROUP denied.\n"));
+ TALLOC_FREE(frame);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
+ DEBUG(10, ("ACL get on symlink %s denied.\n",
+ fsp_str_dbg(fsp)));
+ TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
}
}
if (!lp_nt_acl_support(SNUM(conn))) {
- status = get_null_nt_acl(mem_ctx, &psd);
+ status = get_null_nt_acl(frame, &psd);
} else if (security_info_wanted & SECINFO_LABEL) {
/* Like W2K3 return a null object. */
- status = get_null_nt_acl(mem_ctx, &psd);
+ status = get_null_nt_acl(frame, &psd);
} else {
status = SMB_VFS_FGET_NT_ACL(
- fsp, security_info_wanted, &psd);
+ fsp, security_info_wanted, frame, &psd);
}
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
return status;
}
}
if (max_data_count < *psd_size) {
- TALLOC_FREE(psd);
+ TALLOC_FREE(frame);
return NT_STATUS_BUFFER_TOO_SMALL;
}
ppmarshalled_sd, psd_size);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(psd);
+ TALLOC_FREE(frame);
return status;
}
- TALLOC_FREE(psd);
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
static void call_nt_transact_query_security_desc(connection_struct *conn,
struct smb_request *req,
- uint16 **ppsetup,
- uint32 setup_count,
+ uint16_t **ppsetup,
+ uint32_t setup_count,
char **ppparams,
- uint32 parameter_count,
+ uint32_t parameter_count,
char **ppdata,
- uint32 data_count,
- uint32 max_data_count)
+ uint32_t data_count,
+ uint32_t max_data_count)
{
char *params = *ppparams;
char *data = *ppdata;
size_t sd_size = 0;
- uint32 security_info_wanted;
+ uint32_t security_info_wanted;
files_struct *fsp = NULL;
NTSTATUS status;
uint8_t *marshalled_sd = NULL;
status = smbd_do_query_security_desc(conn,
talloc_tos(),
fsp,
- security_info_wanted,
+ security_info_wanted &
+ SMB_SUPPORTED_SECINFO_FLAGS,
max_data_count,
&marshalled_sd,
&sd_size);
static void call_nt_transact_set_security_desc(connection_struct *conn,
struct smb_request *req,
- uint16 **ppsetup,
- uint32 setup_count,
+ uint16_t **ppsetup,
+ uint32_t setup_count,
char **ppparams,
- uint32 parameter_count,
+ uint32_t parameter_count,
char **ppdata,
- uint32 data_count,
- uint32 max_data_count)
+ uint32_t data_count,
+ uint32_t max_data_count)
{
char *params= *ppparams;
char *data = *ppdata;
files_struct *fsp = NULL;
- uint32 security_info_sent = 0;
+ uint32_t security_info_sent = 0;
NTSTATUS status;
if(parameter_count < 8) {
return;
}
- status = set_sd(fsp, (uint8 *)data, data_count, security_info_sent);
-
+ status = set_sd_blob(fsp, (uint8_t *)data, data_count,
+ security_info_sent & SMB_SUPPORTED_SECINFO_FLAGS);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
return;
static void call_nt_transact_ioctl(connection_struct *conn,
struct smb_request *req,
- uint16 **ppsetup, uint32 setup_count,
- char **ppparams, uint32 parameter_count,
- char **ppdata, uint32 data_count,
- uint32 max_data_count)
+ uint16_t **ppsetup, uint32_t setup_count,
+ char **ppparams, uint32_t parameter_count,
+ char **ppdata, uint32_t data_count,
+ uint32_t max_data_count)
{
NTSTATUS status;
- uint32 function;
- uint16 fidnum;
+ uint32_t function;
+ uint16_t fidnum;
files_struct *fsp;
- uint8 isFSctl;
- uint8 compfilter;
+ uint8_t isFSctl;
+ uint8_t compfilter;
char *out_data = NULL;
- uint32 out_data_len = 0;
+ uint32_t out_data_len = 0;
char *pdata = *ppdata;
TALLOC_CTX *ctx = talloc_tos();
static void call_nt_transact_get_user_quota(connection_struct *conn,
struct smb_request *req,
- uint16 **ppsetup,
- uint32 setup_count,
+ uint16_t **ppsetup,
+ uint32_t setup_count,
char **ppparams,
- uint32 parameter_count,
+ uint32_t parameter_count,
char **ppdata,
- uint32 data_count,
- uint32 max_data_count)
+ uint32_t data_count,
+ uint32_t max_data_count)
{
NTSTATUS nt_status = NT_STATUS_OK;
char *params = *ppparams;
int qt_len=0;
int entry_len = 0;
files_struct *fsp = NULL;
- uint16 level = 0;
+ uint16_t level = 0;
size_t sid_len;
struct dom_sid sid;
bool start_enum = True;
ZERO_STRUCT(qt);
/* access check */
- if (get_current_uid(conn) != 0) {
+ if (get_current_uid(conn) != sec_initial_uid()) {
DEBUG(1,("get_user_quota: access_denied service [%s] user "
- "[%s]\n", lp_servicename(SNUM(conn)),
+ "[%s]\n", lp_servicename(talloc_tos(), SNUM(conn)),
conn->session_info->unix_info->unix_name));
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
SBIG_UINT(entry,32,tmp_list->quotas->hardlim);
/* and now the SID */
- sid_linearize(entry+40, sid_len, &tmp_list->quotas->sid);
+ sid_linearize((uint8_t *)(entry+40), sid_len,
+ &tmp_list->quotas->sid);
}
qt_handle->tmp_list = tmp_list;
break;
}
- if (!sid_parse(pdata+8,sid_len,&sid)) {
+ if (!sid_parse((const uint8_t *)(pdata+8), sid_len,
+ &sid)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
SBIG_UINT(entry,32,qt.hardlim);
/* and now the SID */
- sid_linearize(entry+40, sid_len, &sid);
+ sid_linearize((uint8_t *)(entry+40), sid_len, &sid);
break;
static void call_nt_transact_set_user_quota(connection_struct *conn,
struct smb_request *req,
- uint16 **ppsetup,
- uint32 setup_count,
+ uint16_t **ppsetup,
+ uint32_t setup_count,
char **ppparams,
- uint32 parameter_count,
+ uint32_t parameter_count,
char **ppdata,
- uint32 data_count,
- uint32 max_data_count)
+ uint32_t data_count,
+ uint32_t max_data_count)
{
char *params = *ppparams;
char *pdata = *ppdata;
/* access check */
if (get_current_uid(conn) != 0) {
DEBUG(1,("set_user_quota: access_denied service [%s] user "
- "[%s]\n", lp_servicename(SNUM(conn)),
+ "[%s]\n", lp_servicename(talloc_tos(), SNUM(conn)),
conn->session_info->unix_info->unix_name));
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
/* the hard quotas 8 bytes (uint64_t)*/
qt.hardlim = BVAL(pdata,32);
- if (!sid_parse(pdata+40,sid_len,&sid)) {
+ if (!sid_parse((const uint8_t *)(pdata+40), sid_len, &sid)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
uint32_t psoff;
uint32_t dscnt;
uint32_t dsoff;
- uint16 function_code;
+ uint16_t function_code;
NTSTATUS result;
struct trans_state *state;
goto bad_param;
}
- state->setup = (uint16 *)TALLOC(state, state->setup_count);
+ state->setup = (uint16_t *)TALLOC(state, state->setup_count);
if (state->setup == NULL) {
DEBUG(0,("reply_nttrans : Out of memory\n"));
SAFE_FREE(state->data);
}
memcpy(state->setup, req->vwv+19, state->setup_count);
- dump_data(10, (uint8 *)state->setup, state->setup_count);
+ dump_data(10, (uint8_t *)state->setup, state->setup_count);
}
if ((state->received_data == state->total_data) &&