The branch, v4-12-test has been updated
via 21cf1419c54 s3: pass DCE RPC handle type to create_policy_hnd
via d2e0eafa92b dbwrap_watch: Set rec->value_valid while returning
nested share_mode_do_locked()
via d3eb8ef981e libsmb: Don't try to find posix stat info in
SMBC_getatr()
from af4d2a38fcb VERSION: Bump version up to 4.12.3.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test
- Log -----------------------------------------------------------------
commit 21cf1419c543047085e1acf1a125ad6c0e561423
Author: Alexander Bokovoy <a...@samba.org>
Date: Tue Apr 28 21:59:46 2020 +0300
s3: pass DCE RPC handle type to create_policy_hnd
Various RPC services expect policy handles of a specific type.
s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.
Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.
The original logic to always set on-wire handle type to 0 can be tracked
down to commit fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't
really know about differences in on-wire handle types.
All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.
Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14359
Signed-off-by: Alexander Bokovoy <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184
(cherry picked from commit c7a4578d06427a82ead287f0c5248c1a54cc9336)
Autobuild-User(v4-12-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-12-test): Mon May 4 13:06:07 UTC 2020 on sn-devel-184
commit d2e0eafa92b7d4e12551bf46a8ee77438403cec6
Author: Anoop C S <anoo...@redhat.com>
Date: Mon Apr 20 14:41:18 2020 +0530
dbwrap_watch: Set rec->value_valid while returning nested
share_mode_do_locked()
As reported on samba-technical by Rouven WEILER <rouven_wei...@gmx.net>:
https://lists.samba.org/archive/samba-technical/2020-April/135116.html
Following backtrace was observed with vfs_fruit for time machine backup:
[2020/04/10 08:00:38.107917, 0]
../../lib/dbwrap/dbwrap.c:82(dbwrap_record_get_value)
PANIC: assert failed at ../../lib/dbwrap/dbwrap.c(82): rec->value_valid
[2020/04/10 08:00:38.108499, 0] ../../source3/lib/util.c:830(smb_panic_s3)
PANIC (pid 3427): assert failed: rec->value_valid
[2020/04/10 08:00:38.109541, 0] ../../lib/util/fault.c:265(log_stack_trace)
BACKTRACE: 37 stack frames:
#0 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'log_stack_trace+0x26
[0xfffffd7fee51de66]
#1 /usr/lib/samba/amd64/libsmbconf.so.0'smb_panic_s3+0x26
[0xfffffd7fedf5a596]
#2 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'smb_panic+0x1f
[0xfffffd7fee51df3f]
#3
/usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_record_get_value+0x2a
[0xfffffd7feccb627a]
#4
/usr/lib/samba/private/amd64/libsmbd-base-samba4.so'get_share_mode_lock+0x109
[0xfffffd7fee7195c9]
#5
/usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_contend_level2_oplocks_begin+0xa1
[0xfffffd7fee7f7761]
#6 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'brl_lock+0x635
[0xfffffd7fee710f45]
#7 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock_fn+0xa4
[0xfffffd7fee70d534]
#8
/usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked_fn+0x86
[0xfffffd7fee7174b6]
#9 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked_fn+0xfa
[0xfffffd7fedf622ca]
#10
/usr/lib/samba/private/amd64/libdbwrap-samba4.so'db_tdb_do_locked+0x12f
[0xfffffd7feccb95cf]
#11
/usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48
[0xfffffd7feccb69a8]
#12 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked+0x6f
[0xfffffd7fedf60d7f]
#13
/usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48
[0xfffffd7feccb69a8]
#14
/usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked+0xd2
[0xfffffd7fee719b82]
#15 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock+0xf0
[0xfffffd7fee70dfe0]
#16 /usr/lib/samba/amd64/vfs/fruit.so'fruit_create_file+0x7ba
[0xfffffd7fe88855aa]
#17
/usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_process_create+0xa07
[0xfffffd7fee7d3237]
#18
/usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_dispatch+0xc8f
[0xfffffd7fee7c985f]
#19
/usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_connection_handler+0x621
[0xfffffd7fee7ca7e1]
#20
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80
[0xfffffd7fecd3a580]
#21
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c
[0xfffffd7fecd4180c]
#22
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40
[0xfffffd7fecd3f8f0]
#23
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95
[0xfffffd7fecd39bd5]
#24
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23
[0xfffffd7fecd39e43]
#25
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40
[0xfffffd7fecd3f870]
#26
/usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_process+0x777
[0xfffffd7fee7b8677]
#27 /usr/lib/samba/sbin/amd64/smbd'smbd_accept_connection+0x189
[0x40d5b9]
#28
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80
[0xfffffd7fecd3a580]
#29
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c
[0xfffffd7fecd4180c]
#30
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40
[0xfffffd7fecd3f8f0]
#31
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95
[0xfffffd7fecd39bd5]
#32
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23
[0xfffffd7fecd39e43]
#33
/usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40
[0xfffffd7fecd3f870]
#34 /usr/lib/samba/sbin/amd64/smbd'main+0x1a0f [0x40f9ff]
#35 /usr/lib/samba/sbin/amd64/smbd'_start_crt+0x83 [0x408e73]
#36 /usr/lib/samba/sbin/amd64/smbd'_start+0x18 [0x408dd8]
In this particular nested share_mode_do_locked() invocation, callback
comes through dbwrap_watched_do_locked_fn() where it fails to update
rec->value_valid which further gets assigned to static_share_mode_record
within share_mode_do_locked_fn().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14352
Signed-off-by: Anoop C S <anoo...@redhat.com>
Reviewed-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Tue Apr 21 17:37:43 UTC 2020 on sn-devel-184
(cherry picked from commit 5651fafe9856e69c93dba3efa6253780cf3c10a1)
commit d3eb8ef981ee7090bf4bc603fd0b3ad358e89a6d
Author: Volker Lendecke <v...@samba.org>
Date: Thu Mar 19 11:01:41 2020 +0100
libsmb: Don't try to find posix stat info in SMBC_getatr()
This wrongly used "frame" instead of "fname", which can never have
worked. A first attempt to fix in 51551e0d53fa6 caused a few followup
patches in an attempt to clean up the test failures 51551e0d53fa6
introduced. They were reverted after a few discussions. So rather than
changing behaviour, just remove the code that introduced the valgrind
error again.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Fri Mar 20 05:06:07 UTC 2020 on sn-devel-184
(cherry picked from commit 39c910fd9cba3caf7414274b678b9eee33d7e20b)
-----------------------------------------------------------------------
Summary of changes:
source3/include/libsmb_internal.h | 1 -
source3/lib/dbwrap/dbwrap_watch.c | 1 +
source3/libsmb/libsmb_file.c | 20 -------
source3/libsmb/libsmb_server.c | 9 ---
source3/rpc_server/epmapper/srv_epmapper.c | 7 ++-
source3/rpc_server/eventlog/srv_eventlog_nt.c | 2 +-
source3/rpc_server/lsa/srv_lsa_nt.c | 2 +-
source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 2 +-
source3/rpc_server/rpc_handles.c | 30 ++++++----
source3/rpc_server/rpc_pipes.h | 19 ++++--
source3/rpc_server/samr/srv_samr_nt.c | 84 ++++++++++++++++++++-------
source3/rpc_server/spoolss/srv_spoolss_nt.c | 2 +-
source3/rpc_server/svcctl/srv_svcctl_nt.c | 2 +-
source3/rpc_server/winreg/srv_winreg_nt.c | 6 +-
14 files changed, 109 insertions(+), 78 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/libsmb_internal.h
b/source3/include/libsmb_internal.h
index 21a11c1a024..feedddd0877 100644
--- a/source3/include/libsmb_internal.h
+++ b/source3/include/libsmb_internal.h
@@ -76,7 +76,6 @@ typedef struct DOS_ATTR_DESC {
struct _SMBCSRV {
struct cli_state *cli;
dev_t dev;
- bool try_posixinfo;
bool no_pathinfo;
bool no_pathinfo2;
bool no_pathinfo3;
diff --git a/source3/lib/dbwrap/dbwrap_watch.c
b/source3/lib/dbwrap/dbwrap_watch.c
index 96e88a1e4a3..14d3525047e 100644
--- a/source3/lib/dbwrap/dbwrap_watch.c
+++ b/source3/lib/dbwrap/dbwrap_watch.c
@@ -333,6 +333,7 @@ static void dbwrap_watched_do_locked_fn(
struct db_record rec = {
.db = state->db,
.key = dbwrap_record_get_key(subrec),
+ .value_valid = true,
.storev = dbwrap_watched_do_locked_storev,
.delete_rec = dbwrap_watched_do_locked_delete,
.private_data = state
diff --git a/source3/libsmb/libsmb_file.c b/source3/libsmb/libsmb_file.c
index 1577010e490..f0a16c61a83 100644
--- a/source3/libsmb/libsmb_file.c
+++ b/source3/libsmb/libsmb_file.c
@@ -504,26 +504,6 @@ SMBC_getatr(SMBCCTX * context,
return False;
}
- if (srv->try_posixinfo) {
- SMB_STRUCT_STAT sbuf;
-
- status = cli_posix_stat(targetcli, frame, &sbuf);
- if (NT_STATUS_IS_OK(status)) {
- setup_stat_from_stat_ex(&sbuf, path, sb);
-
- TALLOC_FREE(frame);
- return true;
- }
- if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED) ||
- NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL)) {
- /*
- * Turn this off if the server doesn't
- * support it.
- */
- srv->try_posixinfo = false;
- }
- }
-
if (!srv->no_pathinfo2) {
status = cli_qpathinfo2(targetcli,
targetpath,
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index d4f71d8c8b7..0067df48cac 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -657,15 +657,6 @@ SMBC_server_internal(TALLOC_CTX *ctx,
ZERO_STRUCTP(srv);
DLIST_ADD(srv->cli, c);
srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
- srv->try_posixinfo = false;
- /*
- * Until SMB2 POSIX is done, only
- * try POSIX stat on SMB1 with POSIX capabilities.
- */
- if ((smbXcli_conn_protocol(c->conn) < PROTOCOL_SMB2_02) &&
- (smb1cli_conn_capabilities(c->conn) & CAP_UNIX)) {
- srv->try_posixinfo = true;
- }
srv->no_pathinfo = False;
srv->no_pathinfo2 = False;
srv->no_pathinfo3 = False;
diff --git a/source3/rpc_server/epmapper/srv_epmapper.c
b/source3/rpc_server/epmapper/srv_epmapper.c
index 1785cbbcfff..eaa8f065401 100644
--- a/source3/rpc_server/epmapper/srv_epmapper.c
+++ b/source3/rpc_server/epmapper/srv_epmapper.c
@@ -27,6 +27,9 @@
#include "srv_epmapper.h"
#include "auth.h"
+/* handle types for this module */
+enum handle_types {HTYPE_LOOKUP};
+
typedef uint32_t error_status_t;
/* An endpoint combined with an interface description */
@@ -680,7 +683,7 @@ error_status_t _epm_Lookup(struct pipes_struct *p,
goto done;
}
- ok = create_policy_hnd(p, r->out.entry_handle, eps);
+ ok = create_policy_hnd(p, r->out.entry_handle, HTYPE_LOOKUP,
eps);
if (!ok) {
rc = EPMAPPER_STATUS_NO_MEMORY;
goto done;
@@ -1072,7 +1075,7 @@ error_status_t _epm_Map(struct pipes_struct *p,
}
/* end of "some algorithm" */
- ok = create_policy_hnd(p, r->out.entry_handle, eps);
+ ok = create_policy_hnd(p, r->out.entry_handle, HTYPE_LOOKUP,
eps);
if (!ok) {
rc = EPMAPPER_STATUS_NO_MEMORY;
goto done;
diff --git a/source3/rpc_server/eventlog/srv_eventlog_nt.c
b/source3/rpc_server/eventlog/srv_eventlog_nt.c
index 9d8322adf34..3c6474269f0 100644
--- a/source3/rpc_server/eventlog/srv_eventlog_nt.c
+++ b/source3/rpc_server/eventlog/srv_eventlog_nt.c
@@ -270,7 +270,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const
char *logname, struct
/* create the policy handle */
- if ( !create_policy_hnd( p, hnd, elog ) ) {
+ if ( !create_policy_hnd( p, hnd, 0, elog ) ) {
TALLOC_FREE(elog);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c
b/source3/rpc_server/lsa/srv_lsa_nt.c
index 4adb3b2bf6c..614cc06261a 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -371,7 +371,7 @@ static NTSTATUS create_lsa_policy_handle(TALLOC_CTX
*mem_ctx,
}
}
- if (!create_policy_hnd(p, handle, info)) {
+ if (!create_policy_hnd(p, handle, type, info)) {
talloc_free(info);
ZERO_STRUCTP(handle);
return NT_STATUS_NO_MEMORY;
diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
index 04287008a5c..cfccd38a4c6 100644
--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
@@ -140,7 +140,7 @@ static NTSTATUS create_mdssvc_policy_handle(TALLOC_CTX
*mem_ctx,
return NT_STATUS_UNSUCCESSFUL;
}
- if (!create_policy_hnd(p, handle, mds_ctx)) {
+ if (!create_policy_hnd(p, handle, 0, mds_ctx)) {
talloc_free(mds_ctx);
ZERO_STRUCTP(handle);
return NT_STATUS_NO_MEMORY;
diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
index 453dab6905f..08ba7da36cb 100644
--- a/source3/rpc_server/rpc_handles.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -250,8 +250,11 @@ bool init_pipe_handles(struct pipes_struct *p, const
struct ndr_syntax_id *synta
data_ptr is TALLOC_FREE()'ed
****************************************************************************/
-static struct dcesrv_handle_old *create_rpc_handle_internal(struct
pipes_struct *p,
- struct policy_handle *hnd, void *data_ptr)
+static struct dcesrv_handle_old *create_rpc_handle_internal(
+ struct pipes_struct *p,
+ struct policy_handle *hnd,
+ uint8_t handle_type,
+ void *data_ptr)
{
struct dcesrv_handle_old *rpc_hnd = NULL;
static uint32_t pol_hnd_low = 0;
@@ -279,8 +282,7 @@ static struct dcesrv_handle_old
*create_rpc_handle_internal(struct pipes_struct
pol_hnd_high++;
}
- /* first bit must be null */
- SIVAL(&rpc_hnd->wire_handle.handle_type, 0 , 0);
+ rpc_hnd->wire_handle.handle_type = handle_type;
/* second bit is incrementing */
SIVAL(&rpc_hnd->wire_handle.uuid.time_low, 0 , pol_hnd_low);
@@ -307,12 +309,14 @@ static struct dcesrv_handle_old
*create_rpc_handle_internal(struct pipes_struct
return rpc_hnd;
}
-bool create_policy_hnd(struct pipes_struct *p, struct policy_handle *hnd,
- void *data_ptr)
+bool create_policy_hnd(struct pipes_struct *p,
+ struct policy_handle *hnd,
+ uint8_t handle_type,
+ void *data_ptr)
{
struct dcesrv_handle_old *rpc_hnd = NULL;
- rpc_hnd = create_rpc_handle_internal(p, hnd, data_ptr);
+ rpc_hnd = create_rpc_handle_internal(p, hnd, handle_type, data_ptr);
if (rpc_hnd == NULL) {
return false;
}
@@ -450,9 +454,13 @@ bool pipe_access_check(struct pipes_struct *p)
return True;
}
-void *_policy_handle_create(struct pipes_struct *p, struct policy_handle *hnd,
- uint32_t access_granted, size_t data_size,
- const char *type, NTSTATUS *pstatus)
+void *_policy_handle_create(struct pipes_struct *p,
+ struct policy_handle *hnd,
+ uint8_t handle_type,
+ uint32_t access_granted,
+ size_t data_size,
+ const char *type,
+ NTSTATUS *pstatus)
{
struct dcesrv_handle_old *rpc_hnd = NULL;
void *data;
@@ -474,7 +482,7 @@ void *_policy_handle_create(struct pipes_struct *p, struct
policy_handle *hnd,
}
talloc_set_name_const(data, type);
- rpc_hnd = create_rpc_handle_internal(p, hnd, data);
+ rpc_hnd = create_rpc_handle_internal(p, hnd, handle_type, data);
if (rpc_hnd == NULL) {
TALLOC_FREE(data);
*pstatus = NT_STATUS_NO_MEMORY;
diff --git a/source3/rpc_server/rpc_pipes.h b/source3/rpc_server/rpc_pipes.h
index 8a8f8e58169..5cdf2fdf6a2 100644
--- a/source3/rpc_server/rpc_pipes.h
+++ b/source3/rpc_server/rpc_pipes.h
@@ -199,18 +199,25 @@ int close_internal_rpc_pipe_hnd(struct pipes_struct *p);
size_t num_pipe_handles(struct pipes_struct *p);
bool init_pipe_handles(struct pipes_struct *p, const struct ndr_syntax_id
*syntax);
-bool create_policy_hnd(struct pipes_struct *p, struct policy_handle *hnd, void
*data_ptr);
+bool create_policy_hnd(struct pipes_struct *p,
+ struct policy_handle *hnd,
+ uint8_t handle_type,
+ void *data_ptr);
bool find_policy_by_hnd(struct pipes_struct *p, const struct policy_handle
*hnd,
void **data_p);
bool close_policy_hnd(struct pipes_struct *p, struct policy_handle *hnd);
void close_policy_by_pipe(struct pipes_struct *p);
bool pipe_access_check(struct pipes_struct *p);
-void *_policy_handle_create(struct pipes_struct *p, struct policy_handle *hnd,
- uint32_t access_granted, size_t data_size,
- const char *type, NTSTATUS *pstatus);
-#define policy_handle_create(_p, _hnd, _access, _type, _pstatus) \
- (_type *)_policy_handle_create((_p), (_hnd), (_access), sizeof(_type),
#_type, \
+void *_policy_handle_create(struct pipes_struct *p,
+ struct policy_handle *hnd,
+ uint8_t handle_type,
+ uint32_t access_granted,
+ size_t data_size,
+ const char *type,
+ NTSTATUS *pstatus);
+#define policy_handle_create(_p, _hnd, _hnd_type, _access, _type, _pstatus) \
+ (_type *)_policy_handle_create((_p), (_hnd), (_hnd_type), (_access),
sizeof(_type), #_type, \
(_pstatus))
void *_policy_handle_find(struct pipes_struct *p,
diff --git a/source3/rpc_server/samr/srv_samr_nt.c
b/source3/rpc_server/samr/srv_samr_nt.c
index ee3a5660358..1ebced46bb3 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -65,6 +65,14 @@
#define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */
#define MAX_SAM_ENTRIES_W95 50
+enum samr_handle {
+ SAMR_HANDLE_CONNECT,
+ SAMR_HANDLE_DOMAIN,
+ SAMR_HANDLE_USER,
+ SAMR_HANDLE_GROUP,
+ SAMR_HANDLE_ALIAS
+};
+
struct samr_connect_info {
uint8_t dummy;
};
@@ -498,8 +506,12 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
return NT_STATUS_NO_SUCH_DOMAIN;
}
- dinfo = policy_handle_create(p, r->out.domain_handle, acc_granted,
- struct samr_domain_info, &status);
+ dinfo = policy_handle_create(p,
+ r->out.domain_handle,
+ SAMR_HANDLE_DOMAIN,
+ acc_granted,
+ struct samr_domain_info,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -2221,8 +2233,12 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
/* If we did the rid admins hack above, allow access. */
acc_granted |= extra_access;
- uinfo = policy_handle_create(p, r->out.user_handle, acc_granted,
- struct samr_user_info, &nt_status);
+ uinfo = policy_handle_create(p,
+ r->out.user_handle,
+ SAMR_HANDLE_USER,
+ acc_granted,
+ struct samr_user_info,
+ &nt_status);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
@@ -3790,8 +3806,12 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
return nt_status;
}
- uinfo = policy_handle_create(p, r->out.user_handle, acc_granted,
- struct samr_user_info, &nt_status);
+ uinfo = policy_handle_create(p,
+ r->out.user_handle,
+ SAMR_HANDLE_USER,
+ acc_granted,
+ struct samr_user_info,
+ &nt_status);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
@@ -3859,9 +3879,12 @@ NTSTATUS _samr_Connect(struct pipes_struct *p,
/* set up the SAMR connect_anon response */
- (void)policy_handle_create(p, &hnd, acc_granted,
- struct samr_connect_info,
- &status);
+ (void)policy_handle_create(p,
+ &hnd,
+ SAMR_HANDLE_CONNECT,
+ acc_granted,
+ struct samr_connect_info,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -3923,8 +3946,12 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p,
if ( !NT_STATUS_IS_OK(nt_status) )
return nt_status;
- (void)policy_handle_create(p, &hnd, acc_granted,
- struct samr_connect_info, &nt_status);
+ (void)policy_handle_create(p,
+ &hnd,
+ SAMR_HANDLE_CONNECT,
+ acc_granted,
+ struct samr_connect_info,
+ &nt_status);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
@@ -4160,8 +4187,12 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p,
}
- ainfo = policy_handle_create(p, r->out.alias_handle, acc_granted,
- struct samr_alias_info, &status);
+ ainfo = policy_handle_create(p,
+ r->out.alias_handle,
+ SAMR_HANDLE_ALIAS,
+ acc_granted,
+ struct samr_alias_info,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -5906,9 +5937,12 @@ NTSTATUS _samr_CreateDomainGroup(struct pipes_struct *p,
if ( !NT_STATUS_IS_OK(status) )
return status;
- ginfo = policy_handle_create(p, r->out.group_handle,
- GENERIC_RIGHTS_GROUP_ALL_ACCESS,
- struct samr_group_info, &status);
+ ginfo = policy_handle_create(p,
+ r->out.group_handle,
+ SAMR_HANDLE_GROUP,
+ GENERIC_RIGHTS_GROUP_ALL_ACCESS,
+ struct samr_group_info,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -5980,9 +6014,12 @@ NTSTATUS _samr_CreateDomAlias(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- ainfo = policy_handle_create(p, r->out.alias_handle,
- GENERIC_RIGHTS_ALIAS_ALL_ACCESS,
- struct samr_alias_info, &result);
+ ainfo = policy_handle_create(p,
+ r->out.alias_handle,
+ SAMR_HANDLE_ALIAS,
+ GENERIC_RIGHTS_ALIAS_ALL_ACCESS,
+ struct samr_alias_info,
+ &result);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
@@ -6386,9 +6423,12 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
TALLOC_FREE(map);
- ginfo = policy_handle_create(p, r->out.group_handle,
- acc_granted,
- struct samr_group_info, &status);
+ ginfo = policy_handle_create(p,
+ r->out.group_handle,
+ SAMR_HANDLE_GROUP,
+ acc_granted,
+ struct samr_group_info,
+ &status);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c
b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index d92963ec32a..c80fc2aac2d 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -715,7 +715,7 @@ static WERROR open_printer_hnd(struct pipes_struct *p,
talloc_set_destructor(new_printer, printer_entry_destructor);
/* This also steals the printer_handle on the policy_handle */
- if (!create_policy_hnd(p, hnd, new_printer)) {
+ if (!create_policy_hnd(p, hnd, 0, new_printer)) {
TALLOC_FREE(new_printer);
return WERR_INVALID_HANDLE;
}
diff --git a/source3/rpc_server/svcctl/srv_svcctl_nt.c
b/source3/rpc_server/svcctl/srv_svcctl_nt.c
index ae787066873..9ba6fbb1fce 100644
--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c
+++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c
@@ -257,7 +257,7 @@ static WERROR create_open_service_handle(struct
pipes_struct *p,
/* store the SERVICE_INFO and create an open handle */
- if ( !create_policy_hnd( p, handle, info ) ) {
+ if ( !create_policy_hnd( p, handle, 0, info ) ) {
result = WERR_ACCESS_DENIED;
goto done;
}
diff --git a/source3/rpc_server/winreg/srv_winreg_nt.c
b/source3/rpc_server/winreg/srv_winreg_nt.c
index 6c3270d886a..d67608fdd76 100644
--- a/source3/rpc_server/winreg/srv_winreg_nt.c
+++ b/source3/rpc_server/winreg/srv_winreg_nt.c
@@ -34,6 +34,8 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
+enum handle_types { HTYPE_REGVAL, HTYPE_REGKEY };
+
/******************************************************************
Find a registry key handle and return a struct registry_key *
*****************************************************************/
@@ -81,7 +83,7 @@ static WERROR open_registry_key(struct pipes_struct *p,
return result;
}
- if ( !create_policy_hnd( p, hnd, key ) ) {
+ if ( !create_policy_hnd( p, hnd, HTYPE_REGKEY, key ) ) {
return WERR_FILE_NOT_FOUND;
}
@@ -710,7 +712,7 @@ WERROR _winreg_CreateKey(struct pipes_struct *p,
return result;
}
- if (!create_policy_hnd(p, r->out.new_handle, new_key)) {
+ if (!create_policy_hnd(p, r->out.new_handle, HTYPE_REGKEY, new_key)) {
TALLOC_FREE(new_key);
return WERR_FILE_NOT_FOUND;
}
--
Samba Shared Repository
