From: Christof Schmitt <cs@samba.org>
Date: Wed, 18 Sep 2019 20:20:35 +0000 (-0700)
Subject: sharesec: Return NTSTATUS from set_share_security
X-Git-Tag: ldb-2.1.0~606
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1f304fc16c675f402c61f95601481e7a3e27db04;p=thirdparty%2Fsamba.git

sharesec: Return NTSTATUS from set_share_security

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 67908712399..effa2778c0e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -142,7 +142,8 @@ NTSTATUS share_info_db_init(void);
 struct security_descriptor *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32_t def_access);
 struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *servicename,
 			      size_t *psize);
-bool set_share_security(const char *share_name, struct security_descriptor *psd);
+NTSTATUS set_share_security(const char *share_name,
+			    struct security_descriptor *psd);
 bool delete_share_security(const char *servicename);
 bool share_access_check(const struct security_token *token,
 			const char *sharename,
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index 2c752730f7a..1822cec3df2 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -357,16 +357,17 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser
  Store a security descriptor in the share db.
  ********************************************************************/
 
-bool set_share_security(const char *share_name, struct security_descriptor *psd)
+NTSTATUS set_share_security(const char *share_name,
+			    struct security_descriptor *psd)
 {
 	TALLOC_CTX *frame = talloc_stackframe();
 	char *key;
-	bool ret = False;
 	TDB_DATA blob;
 	NTSTATUS status;
 	char *c_share_name = canonicalize_servicename(frame, share_name);
 
-	if (!c_share_name) {
+	if (c_share_name == NULL) {
+		status = NT_STATUS_INVALID_PARAMETER;
 		goto out;
 	}
 
@@ -385,6 +386,7 @@ bool set_share_security(const char *share_name, struct security_descriptor *psd)
 
 	if (!(key = talloc_asprintf(frame, SHARE_SECURITY_DB_KEY_PREFIX_STR "%s", c_share_name))) {
 		DEBUG(0, ("talloc_asprintf failed\n"));
+		status = NT_STATUS_NO_MEMORY;
 		goto out;
 	}
 
@@ -397,11 +399,11 @@ bool set_share_security(const char *share_name, struct security_descriptor *psd)
 	}
 
 	DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name ));
-	ret = True;
+	status = NT_STATUS_OK;
 
  out:
 	TALLOC_FREE(frame);
-	return ret;
+	return status;
 }
 
 /*******************************************************************
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 31fa229d5ff..ff11146fe98 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3329,6 +3329,7 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
 	char *canon_name = NULL;
 	bool added_service = false;
 	int ret = -1;
+	NTSTATUS status;
 
 	/* Ensure share name doesn't contain invalid characters. */
 	if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
@@ -3365,7 +3366,6 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
 
 	{
 		TDB_DATA data;
-		NTSTATUS status;
 
 		status = dbwrap_fetch_bystring(ServiceHash, canon_name,
 					       canon_name, &data);
@@ -3462,7 +3462,8 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
 	}
 
 	/* Write the ACL of the new/modified share. */
-	if (!set_share_security(canon_name, psd)) {
+	status = set_share_security(canon_name, psd);
+	if (!NT_STATUS_IS_OK(status)) {
 		 DEBUG(0, ("process_usershare_file: Failed to set share "
 			"security for user share %s\n",
 			canon_name ));
diff --git a/source3/rpc_server/fss/srv_fss_agent.c b/source3/rpc_server/fss/srv_fss_agent.c
index 13b4806e6a2..925b68e9fa2 100644
--- a/source3/rpc_server/fss/srv_fss_agent.c
+++ b/source3/rpc_server/fss/srv_fss_agent.c
@@ -1099,10 +1099,10 @@ static uint32_t fss_sc_expose(struct smbconf_ctx *fconf_ctx,
 			DEBUG(2, ("no share SD to clone for %s snapshot\n",
 				  sc_smap->share_name));
 		} else {
-			bool ok;
-			ok = set_share_security(sc_smap->sc_share_name, sd);
+			NTSTATUS status;
+			status = set_share_security(sc_smap->sc_share_name, sd);
 			TALLOC_FREE(sd);
-			if (!ok) {
+			if (!NT_STATUS_IS_OK(status)) {
 				DEBUG(0, ("failed to set %s share SD\n",
 					  sc_smap->sc_share_name));
 				err = HRES_ERROR_V(HRES_E_FAIL);
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 34a227c76e9..c0d74bb7af4 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -1936,13 +1936,16 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p,
 	if (psd) {
 		struct security_descriptor *old_sd;
 		size_t sd_size;
+		NTSTATUS status;
 
 		old_sd = get_share_security(p->mem_ctx, lp_servicename(talloc_tos(), snum), &sd_size);
 
 		if (old_sd && !security_descriptor_equal(old_sd, psd)) {
-			if (!set_share_security(share_name, psd))
+			status = set_share_security(share_name, psd);
+			if (!NT_STATUS_IS_OK(status)) {
 				DEBUG(0,("_srvsvc_NetShareSetInfo: Failed to change security info in share %s.\n",
 					share_name ));
+			}
 		}
 	}
 
@@ -2131,9 +2134,11 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p,
 		return WERR_ACCESS_DENIED;
 
 	if (psd) {
+		NTSTATUS status;
 		/* Note we use share_name here, not share_name_in as
 		   we need a canonicalized name for setting security. */
-		if (!set_share_security(share_name, psd)) {
+		status = set_share_security(share_name, psd);
+		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0,("_srvsvc_NetShareAdd: Failed to add security info to share %s.\n",
 				share_name ));
 		}
diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c
index 510505f0032..96ac50929a3 100644
--- a/source3/utils/sharesec.c
+++ b/source3/utils/sharesec.c
@@ -163,6 +163,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
 	struct security_descriptor *old = NULL;
 	size_t sd_size = 0;
 	uint32_t i, j;
+	NTSTATUS status;
 
 	if (mode != SMB_ACL_SET && mode != SMB_SD_DELETE) {
 	    if (!(old = get_share_security( mem_ctx, sharename, &sd_size )) ) {
@@ -259,7 +260,8 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
 	/* Denied ACE entries must come before allowed ones */
 	sort_acl(old->dacl);
 
-	if ( !set_share_security( sharename, old ) ) {
+	status = set_share_security(sharename, old);
+	if (!NT_STATUS_IS_OK(status)) {
 	    fprintf( stderr, "Failed to store acl for share [%s]\n", sharename );
 	    return 2;
 	}
@@ -269,7 +271,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
 static int set_sharesec_sddl(const char *sharename, const char *sddl)
 {
 	struct security_descriptor *sd;
-	bool ret;
+	NTSTATUS status;
 
 	sd = sddl_decode(talloc_tos(), sddl, get_global_sam_sid());
 	if (sd == NULL) {
@@ -277,9 +279,9 @@ static int set_sharesec_sddl(const char *sharename, const char *sddl)
 		return -1;
 	}
 
-	ret = set_share_security(sharename, sd);
+	status = set_share_security(sharename, sd);
 	TALLOC_FREE(sd);
-	if (!ret) {
+	if (!NT_STATUS_IS_OK(status)) {
 		fprintf(stderr, "Failed to store acl for share [%s]\n",
 			sharename);
 		return -1;