summaryrefslogtreecommitdiff
path: root/source3/lib/sharesec.c
AgeCommit message (Collapse)AuthorFilesLines
2024-06-24s3:lib: Make sure struct security_ace is fully initializedAndreas Schneider1-1/+3
Found by Covscan. "Error: UNINIT (CWE-457): samba-4.20.0rc2/source3/lib/sharesec.c:275: var_decl: Declaring variable ""ace"" without initializer. samba-4.20.0rc2/source3/lib/sharesec.c:285: uninit_use_in_call: Using uninitialized value ""ace"". Field ""ace.object"" is uninitialized when calling ""make_sec_acl"". 283| init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); 284| 285|-> if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { 286| psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, 287| SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL," Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24s3:lib: Remove trailing spaces in sharesec.cAndreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2020-09-12lib: Make get_share_security_default staticChristof Schmitt1-1/+3
Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2019-11-26sharesec: Return NTSTATUS from delete_share_securityChristof Schmitt1-7/+7
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-11-26sharesec: Return NTSTATUS from set_share_securityChristof Schmitt1-5/+7
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2019-11-26sharesec: Return NTSTATUS from share_info_db_initChristof Schmitt1-14/+24
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-08-17lib: Pass mem_ctx to state_path()Volker Lendecke1-1/+1
Fix a confusing API: Many places TALLOC_FREE the path where it's not clear you have to do it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2015-07-06sharesec: Remove error message for unmarshall_sec_desc failureChristof Schmitt1-2/+0
In a cluster setup, running sharesec -D results in an empty record that triggers this message. The situation is correctly handled in the code (unmarshall_sec_desc fails and sharesec uses the default), so simply remove the message in this case. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-16Convert the few instances of int32 there were to int32_t.Richard Sharpe1-1/+1
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat May 16 03:09:12 CEST 2015 on sn-devel-104
2015-04-29Change all uses of uint32/16/8 in proto.h to uint32_t/16_t/8_t.Richard Sharpe1-6/+6
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-11-03sharesec: don't leak state_path onto talloc tosDavid Disseldorp1-2/+10
Also check for allocation failures. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07dbwrap: add a dbwrap_flags argument to db_open()Michael Adam1-1/+1
This is in preparation to support handing flags to backends, in particular activating read only record support for ctdb databases. For a start, this does nothing but adding the parameter, and all databases use DBWRAP_FLAG_NONE. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-08-31Change the S3 fileserver over to se_file_access_check().Jeremy Allison1-1/+1
Don't set the priv_open_requested yet until the open-for-backup request is correctly passed in.
2012-06-15dbwrap: dbwrap_store_int32->dbwrap_store_int32_bystringVolker Lendecke1-6/+6
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_fetch_int32->dbwrap_fetch_int32_bystringVolker Lendecke1-2/+2
Signed-off-by: Michael Adam <obnox@samba.org>
2012-01-18s3: Add a "lock_order" argument to db_openVolker Lendecke1-1/+2
This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
2011-10-11s3:dbwrap: change dbwrap_store_int32() to NTSTATUS return typeMichael Adam1-9/+15
for consistency and better error propagation
2011-10-11s3:dbwrap: convert dbwrap_fetch_int32() to NTSTATUS return codeMichael Adam1-3/+11
Return the int32 value retrieved from the db by reference. Before this, return value "-1" was used as a error indication, but it could also be a valid value from the database.
2011-10-11s3:sharesec: convert sharesec.c to use dbwrap wrapper functionsMichael Adam1-18/+24
Avoid direct use of the db_record and db_context structs
2011-10-11s3:dbwrap: convert dbwrap_fetch(), dbwrap_fetch_bystring() and ↵Michael Adam1-2/+2
dbwrap_fetch_bystring_upper() to NTSTATUS
2011-07-29s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/Michael Adam1-1/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
2011-07-29s3:dbwrap: move db_open() to a file dbwrap_open.c of its own.Michael Adam1-0/+1
Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and make the fallbacke implementation functoins non-static and create a dbwrap_private.h header file that contains their prototypes.
2011-07-26s3:lib change default share security access maskChristian Ambach1-3/+3
when there is no share SD set, the default share SD that is used e.g. for the output of sharesec -v defaults to a value that is not equivalent to the desired FULL access. This is a more or less a cosmetical follow-up for the patches in Bug #8201 that makes them more consumeable by printing FULL (that is what the user expects) instead of a bitmask in hexadecimal form. previous output: REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/0x101f01ff with patch: REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/FULL Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Tue Jul 26 15:57:55 CEST 2011 on sn-devel-104
2011-07-06s3:sharesec: return an error if get_share_security() returns NULLStefan Metzmacher1-1/+1
This indicates an error, as it uses get_share_security_default() if no security descriptor is configured. Jeremy, please check. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jul 6 15:40:23 CEST 2011 on sn-devel-104
2011-07-06s3:sharesec: also initialize pgranted if get_share_security() returns NULLStefan Metzmacher1-0/+3
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jul 6 12:54:30 CEST 2011 on sn-devel-104
2011-07-05s3: Return "granted" from share_access_checkVolker Lendecke1-2/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-06-09s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-05-06s3: only include tdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner1-0/+1
Guenther
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-0/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett1-1/+1
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-08-26s3-build: use dbwrap.h only where needed.Günther Deschner1-0/+1
Guenther
2010-05-31s3-build: only use ndr_security.h where needed.Günther Deschner1-0/+1
Guenther
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-1/+1
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner1-9/+9
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_acl SEC_ACL".Günther Deschner1-2/+2
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_ace SEC_ACE".Günther Deschner1-3/+3
Guenther
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-1/+1
2010-03-22share_info.tdb could use non-canonicalized sharenames.Jeremy Allison1-14/+143
Fix this by moving canonicalization into lib/sharesec.c. Update the db version to 3. Ensures we always find share names with security descriptors attached. Jeremy.
2009-08-26s3/smbd: open the share_info.tdb on startup instead of tconxSteven Danneman1-1/+1
This is a small performance optimization. Instead of opening the tdb on every smb connection in the forked child process, we now open it in the parent and share the fd. This also reduces the total fd usage in the system.
2009-01-01Add iconv_convenience argument to size functions.Jelmer Vernooij1-1/+1
2008-12-28Make sure share_info.tdb is open before attempting to delete an entrySteven Danneman1-2/+6
2008-10-31Another unused variable.Jeremy Allison1-1/+0
2008-10-31Unify se_access_check with the S4 code. Will makeJeremy Allison1-2/+2
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy.
2008-10-09Remove SEC_ACCESS. It's a uint32_t.Jeremy Allison1-4/+4
Jeremy.
2008-09-08Thanks metze for pointing out the missing extern :-)Volker Lendecke1-1/+1
(This used to be commit b62540cd48212a80c8cb4a264f740591a0229944)
2008-09-08Remove some duplicate codeVolker Lendecke1-6/+1
(This used to be commit 564bfe94ac87c918482ade65980270326dc8ed6d)
2008-08-13fixed lots of places that paniced on a failed transaction_commit,Andrew Tridgell1-1/+1
thinking it was a failure of a transaction cancel (This used to be commit 22dbe158ed62ae47bbcb41bba3db345294f75437)
2008-08-13first cut at adding full transactions for ctdb to samba3Andrew Tridgell1-1/+1
(This used to be commit f91a3e0f7b7737c1d0667cd961ea950e2b93e592)
2008-04-15lib/sharesec.c: fix the upgrade code, db_traverse returns the number of records!Stefan Metzmacher1-2/+4
metze (This used to be commit ccdebe97f85b76378e42d8cf08324228bd19cf32)
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 21:01:30 +0000