sharesec: Return NTSTATUS from set_share_security

author Christof Schmitt <cs@samba.org>

Wed, 18 Sep 2019 20:20:35 +0000 (13:20 -0700)

committer Jeremy Allison <jra@samba.org>

Tue, 26 Nov 2019 21:28:31 +0000 (21:28 +0000)
author Christof Schmitt <cs@samba.org>
Wed, 18 Sep 2019 20:20:35 +0000 (13:20 -0700)
committer Jeremy Allison <jra@samba.org>
Tue, 26 Nov 2019 21:28:31 +0000 (21:28 +0000)
diff --git a/source3/include/proto.h b/source3/include/proto.h

index 6790871239910c674797abfe3ab0b4c9d13c2157..effa2778c0e4dbb5aac35438a9365a595febd66f 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -142,7 +142,8 @@ NTSTATUS share_info_db_init(void);
  struct security_descriptor *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32_t def_access);
  struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *servicename,
                               size_t *psize);
-bool set_share_security(const char *share_name, struct security_descriptor *psd);
+NTSTATUS set_share_security(const char *share_name,
+                           struct security_descriptor *psd);
  bool delete_share_security(const char *servicename);
  bool share_access_check(const struct security_token *token,
                         const char *sharename,
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c

index 2c752730f7afc21662becbde33ac1223dfec8f43..1822cec3df23f42b516ff5b7f5dd3e80050763e8 100644 (file)
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -357,16 +357,17 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser
   Store a security descriptor in the share db.
   ********************************************************************/
  
-bool set_share_security(const char *share_name, struct security_descriptor *psd)
+NTSTATUS set_share_security(const char *share_name,
+                           struct security_descriptor *psd)
  {
         TALLOC_CTX *frame = talloc_stackframe();
         char *key;
-       bool ret = False;
         TDB_DATA blob;
         NTSTATUS status;
         char *c_share_name = canonicalize_servicename(frame, share_name);
  
-       if (!c_share_name) {
+       if (c_share_name == NULL) {
+               status = NT_STATUS_INVALID_PARAMETER;
                 goto out;
         }
  
@@ -385,6 +386,7 @@ bool set_share_security(const char *share_name, struct security_descriptor *psd)
  
         if (!(key = talloc_asprintf(frame, SHARE_SECURITY_DB_KEY_PREFIX_STR "%s", c_share_name))) {
                 DEBUG(0, ("talloc_asprintf failed\n"));
+               status = NT_STATUS_NO_MEMORY;
                 goto out;
         }
  
@@ -397,11 +399,11 @@ bool set_share_security(const char *share_name, struct security_descriptor *psd)
         }
  
         DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name ));
-       ret = True;
+       status = NT_STATUS_OK;
  
   out:
         TALLOC_FREE(frame);
-       return ret;
+       return status;
  }
  
  /*******************************************************************
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c

index 31fa229d5ff93a319a9accc99efc7e9147368294..ff11146fe982cb60ee9f37d06ec034827c5d042a 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3329,6 +3329,7 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
         char *canon_name = NULL;
         bool added_service = false;
         int ret = -1;
+       NTSTATUS status;
  
         /* Ensure share name doesn't contain invalid characters. */
         if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
@@ -3365,7 +3366,6 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
  
         {
                 TDB_DATA data;
-               NTSTATUS status;
  
                 status = dbwrap_fetch_bystring(ServiceHash, canon_name,
                                                canon_name, &data);
@@ -3462,7 +3462,8 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
         }
  
         /* Write the ACL of the new/modified share. */
-       if (!set_share_security(canon_name, psd)) {
+       status = set_share_security(canon_name, psd);
+       if (!NT_STATUS_IS_OK(status)) {
                  DEBUG(0, ("process_usershare_file: Failed to set share "
                         "security for user share %s\n",
                         canon_name ));
diff --git a/source3/rpc_server/fss/srv_fss_agent.c b/source3/rpc_server/fss/srv_fss_agent.c

index 13b4806e6a2a699e844270f9826eefe60791b7f0..925b68e9fa2cb3d23ac5ef410b4bb90dc12841b7 100644 (file)
--- a/source3/rpc_server/fss/srv_fss_agent.c
+++ b/source3/rpc_server/fss/srv_fss_agent.c
@@ -1099,10 +1099,10 @@ static uint32_t fss_sc_expose(struct smbconf_ctx *fconf_ctx,
                         DEBUG(2, ("no share SD to clone for %s snapshot\n",
                                   sc_smap->share_name));
                 } else {
-                       bool ok;
-                       ok = set_share_security(sc_smap->sc_share_name, sd);
+                       NTSTATUS status;
+                       status = set_share_security(sc_smap->sc_share_name, sd);
                         TALLOC_FREE(sd);
-                       if (!ok) {
+                       if (!NT_STATUS_IS_OK(status)) {
                                 DEBUG(0, ("failed to set %s share SD\n",
                                           sc_smap->sc_share_name));
                                 err = HRES_ERROR_V(HRES_E_FAIL);
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c

index 34a227c76e9eff2c49ddaaaf8b437c408859175b..c0d74bb7af4b1085939e89ca5e0ea989384e5087 100644 (file)
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -1936,13 +1936,16 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p,
         if (psd) {
                 struct security_descriptor *old_sd;
                 size_t sd_size;
+               NTSTATUS status;
  
                 old_sd = get_share_security(p->mem_ctx, lp_servicename(talloc_tos(), snum), &sd_size);
  
                 if (old_sd && !security_descriptor_equal(old_sd, psd)) {
-                       if (!set_share_security(share_name, psd))
+                       status = set_share_security(share_name, psd);
+                       if (!NT_STATUS_IS_OK(status)) {
                                 DEBUG(0,("_srvsvc_NetShareSetInfo: Failed to change security info in share %s.\n",
                                         share_name ));
+                       }
                 }
         }
  
@@ -2131,9 +2134,11 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p,
                 return WERR_ACCESS_DENIED;
  
         if (psd) {
+               NTSTATUS status;
                 /* Note we use share_name here, not share_name_in as
                    we need a canonicalized name for setting security. */
-               if (!set_share_security(share_name, psd)) {
+               status = set_share_security(share_name, psd);
+               if (!NT_STATUS_IS_OK(status)) {
                         DEBUG(0,("_srvsvc_NetShareAdd: Failed to add security info to share %s.\n",
                                 share_name ));
                 }
diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c

index 510505f00327d589c6bd620e0070057c6b7c92ee..96ac50929a390c77f0b58d9812a4ad3621013c1e 100644 (file)
--- a/source3/utils/sharesec.c
+++ b/source3/utils/sharesec.c
@@ -163,6 +163,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
         struct security_descriptor *old = NULL;
         size_t sd_size = 0;
         uint32_t i, j;
+       NTSTATUS status;
  
         if (mode != SMB_ACL_SET && mode != SMB_SD_DELETE) {
             if (!(old = get_share_security( mem_ctx, sharename, &sd_size )) ) {
@@ -259,7 +260,8 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
         /* Denied ACE entries must come before allowed ones */
         sort_acl(old->dacl);
  
-       if ( !set_share_security( sharename, old ) ) {
+       status = set_share_security(sharename, old);
+       if (!NT_STATUS_IS_OK(status)) {
             fprintf( stderr, "Failed to store acl for share [%s]\n", sharename );
             return 2;
         }
@@ -269,7 +271,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
  static int set_sharesec_sddl(const char *sharename, const char *sddl)
  {
         struct security_descriptor *sd;
-       bool ret;
+       NTSTATUS status;
  
         sd = sddl_decode(talloc_tos(), sddl, get_global_sam_sid());
         if (sd == NULL) {
@@ -277,9 +279,9 @@ static int set_sharesec_sddl(const char *sharename, const char *sddl)
                 return -1;
         }
  
-       ret = set_share_security(sharename, sd);
+       status = set_share_security(sharename, sd);
         TALLOC_FREE(sd);
-       if (!ret) {
+       if (!NT_STATUS_IS_OK(status)) {
                 fprintf(stderr, "Failed to store acl for share [%s]\n",
                         sharename);
                 return -1;
author	Christof Schmitt <cs@samba.org>
	Wed, 18 Sep 2019 20:20:35 +0000 (13:20 -0700)
committer	Jeremy Allison <jra@samba.org>
	Tue, 26 Nov 2019 21:28:31 +0000 (21:28 +0000)
source3/include/proto.h		patch \| blob \| blame \| history
source3/lib/sharesec.c		patch \| blob \| blame \| history
source3/param/loadparm.c		patch \| blob \| blame \| history
source3/rpc_server/fss/srv_fss_agent.c		patch \| blob \| blame \| history
source3/rpc_server/srvsvc/srv_srvsvc_nt.c		patch \| blob \| blame \| history
source3/utils/sharesec.c		patch \| blob \| blame \| history