The branch, master has been updated via 6071220fcb1 libcli: Make debug_unix_user_token() use just one DEBUG statement via 09c787c34a9 libcli: Make security_token_debug() use just one DEBUG statement via 1ad84c70fe2 libcli: Convert security_token_debug_privileges() to talloc_asprintf via a77c6b59395 smbd: is_in_path() deals with a NULL namelist via a8dd943c11d smbd: Remove a pointless NULL check via 5130ade6882 smbd: Use SMB_VFS_FSTATAT() instead of SMB_LSTAT() via d4a05fc1450 smbd: Fix a typo via 99789537868 vfs: Fix a typo via 94dcbed38db smbd: Modernize two DBG statements via e8570f73acd smbd: Reduce indentation, remove a nested if-statement via d7f5267c2bd libsmb: Remove unused smb2_create_blob_remove() via 0b38cd8ea77 smbd: Avoid casts in a DBG statement via 446ae3f8e7c rpc_server3: Avoid a pointless DEBUGADD via be1cf356ad9 rpc_server3: Remove a duplicate comment via 768990ec4d3 rpc_netlogon4: Simplify dcesrv_netr_ServerAuthenticate3_helper() via e2e5ae1eb24 dsdb: Slightly simplify dsdb_trust_get_incoming_passwords() via 7bc1fa707dc lsa_srv4: Fix a typo via 770f279ab75 pdb: Slightly simplify pdb_samba_dsdb_set_trusteddom_pw() via 8cd296e42d6 Remove IS_DOS_*() macros via b48d7a8e344 libsmb: Expand IS_DOS_DIR() macro via c23d336ca45 examples: Expand IS_DOS_DIR() macros via 29895176d29 smbd: Expand IS_DOS_READONLY() macros via 28295775945 smbd: Expand IS_DOS_ARCHIVE() macros via 226a7c7bc39 libsmb: Expand IS_DOS_* macros via 817f68e4a13 smbd: Expand IS_DOS_* macros from 1fbf08e8120 CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 6071220fcb109f93833c45bcc8d8cd24235d6f30 Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 30 13:02:02 2023 +0200 libcli: Make debug_unix_user_token() use just one DEBUG statement This avoids messing up the debug logs when multiple processes are writing into the same file. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Oct 11 00:24:58 UTC 2023 on atb-devel-224 commit 09c787c34a9bf3423f5653474eb0ba093e448352 Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 30 12:46:18 2023 +0200 libcli: Make security_token_debug() use just one DEBUG statement This avoids messing up the debug logs when multiple processes are writing into the same file. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 1ad84c70fe2f45dd8354d60b29ceabccd11c34c8 Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 30 12:39:00 2023 +0200 libcli: Convert security_token_debug_privileges() to talloc_asprintf Reduces the number of DEBUGADD calls which leads to messed debug logs between processes. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit a77c6b5939585f73746c8eb6db7b7c103a65f5be Author: Volker Lendecke <v...@samba.org> Date: Fri Sep 1 13:21:09 2023 +0200 smbd: is_in_path() deals with a NULL namelist Don't need to check in the callers Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit a8dd943c11deb7aed8b59e49f2a540d6eeb6b1a6 Author: Volker Lendecke <v...@samba.org> Date: Fri Sep 1 13:18:14 2023 +0200 smbd: Remove a pointless NULL check boolean short-circuiting already gives us this condition. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 5130ade6882bb528de44b1b559bfbd85aea4a27c Author: Volker Lendecke <v...@samba.org> Date: Thu Aug 31 16:35:47 2023 +0200 smbd: Use SMB_VFS_FSTATAT() instead of SMB_LSTAT() Use the dirfsp when we have it available Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit d4a05fc145062dcf3efdda99645a40473596a2fb Author: Volker Lendecke <v...@samba.org> Date: Thu Aug 31 12:50:09 2023 +0200 smbd: Fix a typo Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 997895378688ad24337ae5084b05e81dfa435cac Author: Volker Lendecke <v...@samba.org> Date: Thu Aug 31 12:01:13 2023 +0200 vfs: Fix a typo Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 94dcbed38dbc094a6b9a961b9dbeedd38aa3d5a6 Author: Volker Lendecke <v...@samba.org> Date: Thu Aug 31 11:37:00 2023 +0200 smbd: Modernize two DBG statements Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit e8570f73acddeb348676db0eea6c1bfd4081c647 Author: Volker Lendecke <v...@samba.org> Date: Thu Aug 31 11:33:02 2023 +0200 smbd: Reduce indentation, remove a nested if-statement Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit d7f5267c2bdd33f6365799a60619dfe5273e3a09 Author: Volker Lendecke <v...@samba.org> Date: Thu Aug 31 11:23:58 2023 +0200 libsmb: Remove unused smb2_create_blob_remove() Trivial to re-add if needed. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 0b38cd8ea77f210923851b74de0f6693589be3c2 Author: Volker Lendecke <v...@samba.org> Date: Thu Aug 31 11:17:02 2023 +0200 smbd: Avoid casts in a DBG statement Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 446ae3f8e7c52db3bb7f82e64dda83ac8d5652ee Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 30 13:32:38 2023 +0200 rpc_server3: Avoid a pointless DEBUGADD Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit be1cf356ad9defe86db13753e401f40a8f257347 Author: Volker Lendecke <v...@samba.org> Date: Wed Aug 30 13:28:57 2023 +0200 rpc_server3: Remove a duplicate comment Review with "git sh -U20" Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 768990ec4d3120c3b5cedf35578b75522f694d4a Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 08:26:11 2023 +0200 rpc_netlogon4: Simplify dcesrv_netr_ServerAuthenticate3_helper() Use a switch/case statement instead of a if/else chain. Easier to read to me. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit e2e5ae1eb24f25eadfae9ce87a88643ee9966eb0 Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 08:00:06 2023 +0200 dsdb: Slightly simplify dsdb_trust_get_incoming_passwords() Use talloc_memdup() instead of a manual copy. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 7bc1fa707dcc1cee22b703d6fe53f05150f2ca85 Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 07:52:12 2023 +0200 lsa_srv4: Fix a typo Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 770f279ab751fb984e6cc8a3f80ae076c8fcad90 Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 07:51:27 2023 +0200 pdb: Slightly simplify pdb_samba_dsdb_set_trusteddom_pw() This is easier to read to me. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 8cd296e42d61388d278ab1ecf537159ce1d5c444 Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 15:52:22 2023 +0200 Remove IS_DOS_*() macros Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit b48d7a8e344476279b7d53bff095256376f07887 Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 15:50:29 2023 +0200 libsmb: Expand IS_DOS_DIR() macro Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit c23d336ca454dc7c3ed48973727dac0decd160e6 Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 15:43:55 2023 +0200 examples: Expand IS_DOS_DIR() macros Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 29895176d2917a7794dd94ffc3d428511c035978 Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 15:41:47 2023 +0200 smbd: Expand IS_DOS_READONLY() macros Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 282957759452887daef402d9ec32f247c936f3cd Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 14:03:31 2023 +0200 smbd: Expand IS_DOS_ARCHIVE() macros Together with the "dosmode | FILE_ATTRIBUTE_ARCHIVE" a line below this is more obvious to me. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 226a7c7bc3970945bacd7aea85c2de49b9e302ae Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 13:48:09 2023 +0200 libsmb: Expand IS_DOS_* macros To me these macros hide more than they clarify. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 817f68e4a13d38acc6e9849643a95e35a7ef08e1 Author: Volker Lendecke <v...@samba.org> Date: Fri Oct 6 13:42:19 2023 +0200 smbd: Expand IS_DOS_* macros To me these macros hide more than they clarify. In a lot of places we already directly check for these flags without those macros. Unify that. Also, check for the dosmode bits first, lp_map_* is a bit more effort to evaluate. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: examples/fuse/clifuse.c | 2 +- libcli/security/privileges.c | 37 +++++++++----- libcli/security/privileges.h | 3 +- libcli/security/security_token.c | 27 +++++++--- libcli/smb/smb2_create_blob.c | 15 ------ libcli/smb/smb2_create_blob.h | 2 - source3/auth/token_util.c | 31 ++++++++---- source3/include/smb_macros.h | 7 --- source3/lib/util.c | 2 +- source3/libsmb/libsmb_stat.c | 12 ++--- source3/libsmb/libsmb_xattr.c | 10 ++-- source3/modules/vfs_acl_common.c | 2 +- source3/modules/vfs_virusfilter.c | 4 +- source3/passdb/pdb_samba_dsdb.c | 7 +-- source3/rpc_server/srv_access_check.c | 11 +++-- source3/smbd/dosmode.c | 19 ++++--- source3/smbd/fileio.c | 2 +- source3/smbd/open.c | 71 ++++++++++++++------------- source4/dsdb/common/util_trusts.c | 7 ++- source4/rpc_server/lsa/dcesrv_lsa.c | 2 +- source4/rpc_server/netlogon/dcerpc_netlogon.c | 42 +++++++++++----- 21 files changed, 177 insertions(+), 138 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/fuse/clifuse.c b/examples/fuse/clifuse.c index ba4aca751fe..59af1602980 100644 --- a/examples/fuse/clifuse.c +++ b/examples/fuse/clifuse.c @@ -370,7 +370,7 @@ static NTSTATUS cli_get_unixattr_recv(struct tevent_req *req, return status; } - if (IS_DOS_DIR(state->mode)) { + if (state->mode & FILE_ATTRIBUTE_DIRECTORY) { st->st_mode = (S_IFDIR | 0555); st->st_nlink = 2; } else { diff --git a/libcli/security/privileges.c b/libcli/security/privileges.c index acaf0b0fbc0..33debdc1fed 100644 --- a/libcli/security/privileges.c +++ b/libcli/security/privileges.c @@ -454,34 +454,45 @@ void security_token_set_right_bit(struct security_token *token, uint32_t right_b token->rights_mask |= right_bit; } -void security_token_debug_privileges(int dbg_class, int dbg_lev, const struct security_token *token) +char *security_token_debug_privileges(TALLOC_CTX *mem_ctx, + const struct security_token *token) { - DEBUGADDC(dbg_class, dbg_lev, (" Privileges (0x%16llX):\n", - (unsigned long long) token->privilege_mask)); + char *s = NULL; + + s = talloc_asprintf(mem_ctx, + " Privileges (0x%16" PRIX64 "):\n", + token->privilege_mask); if (token->privilege_mask) { size_t idx = 0; - int i = 0; + size_t i = 0; for (idx = 0; idx<ARRAY_SIZE(privs); idx++) { if (token->privilege_mask & privs[idx].privilege_mask) { - DEBUGADDC(dbg_class, dbg_lev, - (" Privilege[%3lu]: %s\n", (unsigned long)i++, - privs[idx].name)); + talloc_asprintf_addbuf( + &s, + " Privilege[%3zu]: %s\n", + i++, + privs[idx].name); } } } - DEBUGADDC(dbg_class, dbg_lev, (" Rights (0x%16lX):\n", - (unsigned long) token->rights_mask)); + + talloc_asprintf_addbuf(&s, + " Rights (0x%16" PRIX32 "):\n", + token->rights_mask); if (token->rights_mask) { size_t idx = 0; - int i = 0; + size_t i = 0; for (idx = 0; idx<ARRAY_SIZE(rights); idx++) { if (token->rights_mask & rights[idx].right_mask) { - DEBUGADDC(dbg_class, dbg_lev, - (" Right[%3lu]: %s\n", (unsigned long)i++, - rights[idx].name)); + talloc_asprintf_addbuf(&s, + " Right[%3zu]: %s\n", + i++, + rights[idx].name); } } } + + return s; } diff --git a/libcli/security/privileges.h b/libcli/security/privileges.h index 2224543d25a..e9dab113712 100644 --- a/libcli/security/privileges.h +++ b/libcli/security/privileges.h @@ -110,6 +110,7 @@ void security_token_set_privilege(struct security_token *token, enum sec_privile */ void security_token_set_right_bit(struct security_token *token, uint32_t right_bit); -void security_token_debug_privileges(int dbg_class, int dbg_lev, const struct security_token *token); +char *security_token_debug_privileges(TALLOC_CTX *mem_ctx, + const struct security_token *token); #endif /* PRIVILEGES_H */ diff --git a/libcli/security/security_token.c b/libcli/security/security_token.c index 060c3ee82a0..79de6e3b31b 100644 --- a/libcli/security/security_token.c +++ b/libcli/security/security_token.c @@ -30,6 +30,7 @@ #include "libcli/security/dom_sid.h" #include "libcli/security/privileges.h" #include "librpc/gen_ndr/ndr_security.h" +#include "lib/util/talloc_stack.h" /* return a blank security token @@ -104,24 +105,36 @@ struct security_token *security_token_duplicate(TALLOC_CTX *mem_ctx, const struc ****************************************************************************/ void security_token_debug(int dbg_class, int dbg_lev, const struct security_token *token) { + TALLOC_CTX *frame = talloc_stackframe(); + char *sids = NULL; + char *privs = NULL; uint32_t i; if (!token) { DEBUGC(dbg_class, dbg_lev, ("Security token: (NULL)\n")); + TALLOC_FREE(frame); return; } - DEBUGC(dbg_class, dbg_lev, ("Security token SIDs (%"PRIu32"):\n", - token->num_sids)); + sids = talloc_asprintf(frame, + "Security token SIDs (%" PRIu32 "):\n", + token->num_sids); for (i = 0; i < token->num_sids; i++) { struct dom_sid_buf sidbuf; - DEBUGADDC(dbg_class, - dbg_lev, - (" SID[%3"PRIu32"]: %s\n", i, - dom_sid_str_buf(&token->sids[i], &sidbuf))); + talloc_asprintf_addbuf( + &sids, + " SID[%3" PRIu32 "]: %s\n", + i, + dom_sid_str_buf(&token->sids[i], &sidbuf)); } - security_token_debug_privileges(dbg_class, dbg_lev, token); + privs = security_token_debug_privileges(frame, token); + + DEBUGC(dbg_class, + dbg_lev, + ("%s%s", sids ? sids : "(NULL)", privs ? privs : "(NULL)")); + + TALLOC_FREE(frame); } /* These really should be cheaper... */ diff --git a/libcli/smb/smb2_create_blob.c b/libcli/smb/smb2_create_blob.c index ecd61e0c9b2..57c7a9d1150 100644 --- a/libcli/smb/smb2_create_blob.c +++ b/libcli/smb/smb2_create_blob.c @@ -225,18 +225,3 @@ struct smb2_create_blob *smb2_create_blob_find(const struct smb2_create_blobs *b return NULL; } - -void smb2_create_blob_remove(struct smb2_create_blobs *b, const char *tag) -{ - struct smb2_create_blob *blob = smb2_create_blob_find(b, tag); - - if (blob == NULL) { - return; - } - - TALLOC_FREE(blob->tag); - data_blob_free(&blob->data); - - *blob = b->blobs[b->num_blobs-1]; - b->num_blobs -= 1; -} diff --git a/libcli/smb/smb2_create_blob.h b/libcli/smb/smb2_create_blob.h index d6dac5e05be..642695a752c 100644 --- a/libcli/smb/smb2_create_blob.h +++ b/libcli/smb/smb2_create_blob.h @@ -72,6 +72,4 @@ NTSTATUS smb2_create_blob_add(TALLOC_CTX *mem_ctx, struct smb2_create_blobs *b, struct smb2_create_blob *smb2_create_blob_find(const struct smb2_create_blobs *b, const char *tag); -void smb2_create_blob_remove(struct smb2_create_blobs *b, const char *tag); - #endif /* _LIBCLI_SMB_SMB2_CREATE_BLOB_H_ */ diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index aac5749a815..e93ec30421f 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -888,16 +888,29 @@ NTSTATUS finalize_local_nt_token(struct security_token *result, void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid, int n_groups, gid_t *groups) { + TALLOC_CTX *frame = talloc_stackframe(); + char *s = NULL; int i; - DEBUGC(dbg_class, dbg_lev, - ("UNIX token of user %ld\n", (long int)uid)); - - DEBUGADDC(dbg_class, dbg_lev, - ("Primary group is %ld and contains %i supplementary " - "groups\n", (long int)gid, n_groups)); - for (i = 0; i < n_groups; i++) - DEBUGADDC(dbg_class, dbg_lev, ("Group[%3i]: %ld\n", i, - (long int)groups[i])); + + s = talloc_asprintf(frame, + "UNIX token of user %ld\n", + (long int)uid); + + talloc_asprintf_addbuf( + &s, + "Primary group is %ld and contains %i supplementary " + "groups\n", + (long int)gid, + n_groups); + for (i = 0; i < n_groups; i++) { + talloc_asprintf_addbuf(&s, + "Group[%3i]: %ld\n", + i, + (long int)groups[i]); + } + + DEBUGC(dbg_class, dbg_lev, ("%s", s ? s : "(NULL)")); + TALLOC_FREE(frame); } /* diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 42ff9ffb0d4..f9aaf786ed3 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -27,13 +27,6 @@ #define BOOLSTR(b) ((b) ? "Yes" : "No") #define BITSETW(ptr,bit) ((SVAL(ptr,0) & (1<<(bit)))!=0) -/* for readability... */ -#define IS_DOS_READONLY(test_mode) (((test_mode) & FILE_ATTRIBUTE_READONLY) != 0) -#define IS_DOS_DIR(test_mode) (((test_mode) & FILE_ATTRIBUTE_DIRECTORY) != 0) -#define IS_DOS_ARCHIVE(test_mode) (((test_mode) & FILE_ATTRIBUTE_ARCHIVE) != 0) -#define IS_DOS_SYSTEM(test_mode) (((test_mode) & FILE_ATTRIBUTE_SYSTEM) != 0) -#define IS_DOS_HIDDEN(test_mode) (((test_mode) & FILE_ATTRIBUTE_HIDDEN) != 0) - /* these are useful macros for checking validity of handles */ #define IS_IPC(conn) ((conn) && (conn)->ipc) #define IS_PRINT(conn) ((conn) && (conn)->printer) diff --git a/source3/lib/util.c b/source3/lib/util.c index 93c01b862b3..b6305da91ed 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -733,7 +733,7 @@ bool is_in_path(const char *name, name_compare_entry *namelist, bool case_sensit const char *last_component; /* if we have no list it's obviously not in the path */ - if((namelist == NULL ) || ((namelist != NULL) && (namelist[0].name == NULL))) { + if ((namelist == NULL) || (namelist[0].name == NULL)) { return False; } diff --git a/source3/libsmb/libsmb_stat.c b/source3/libsmb/libsmb_stat.c index f25ee8f89a3..ae18f594647 100644 --- a/source3/libsmb/libsmb_stat.c +++ b/source3/libsmb/libsmb_stat.c @@ -58,22 +58,22 @@ void setup_stat(struct stat *st, { st->st_mode = 0; - if (IS_DOS_DIR(attr)) { + if (attr & FILE_ATTRIBUTE_DIRECTORY) { st->st_mode = (S_IFDIR | 0555); } else { st->st_mode = (S_IFREG | 0444); } - if (IS_DOS_ARCHIVE(attr)) { + if (attr & FILE_ATTRIBUTE_ARCHIVE) { st->st_mode |= S_IXUSR; } - if (IS_DOS_SYSTEM(attr)) { + if (attr & FILE_ATTRIBUTE_SYSTEM) { st->st_mode |= S_IXGRP; } - if (IS_DOS_HIDDEN(attr)) { + if (attr & FILE_ATTRIBUTE_HIDDEN) { st->st_mode |= S_IXOTH; } - if (!IS_DOS_READONLY(attr)) { + if (!(attr & FILE_ATTRIBUTE_READONLY)) { st->st_mode |= S_IWUSR; } @@ -90,7 +90,7 @@ void setup_stat(struct stat *st, st->st_uid = getuid(); st->st_gid = getgid(); - if (IS_DOS_DIR(attr)) { + if (attr & FILE_ATTRIBUTE_DIRECTORY) { st->st_nlink = 2; } else { st->st_nlink = 1; diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c index 1aab4dd47dc..77a215c1f54 100644 --- a/source3/libsmb/libsmb_xattr.c +++ b/source3/libsmb/libsmb_xattr.c @@ -629,11 +629,11 @@ dos_attr_parse(SMBCCTX *context, if (strncasecmp_m(tok, "MODE:", 5) == 0) { long request = strtol(tok+5, NULL, 16); if (request == 0) { - dad->mode = (request | - (IS_DOS_DIR(dad->mode) - ? FILE_ATTRIBUTE_DIRECTORY - : FILE_ATTRIBUTE_NORMAL)); - } else { + dad->mode = + (dad->mode & FILE_ATTRIBUTE_DIRECTORY) + ? FILE_ATTRIBUTE_DIRECTORY + : FILE_ATTRIBUTE_NORMAL; + } else { dad->mode = request; } continue; diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 341806b09a4..daad612e565 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -449,7 +449,7 @@ static NTSTATUS validate_nt_acl_blob(TALLOC_CTX *mem_ctx, switch (xattr_version) { case 1: case 2: - /* These xattr types are unilatteral, they do not + /* These xattr types are unilateral, they do not * require confirmation of the hash. In particular, * the NTVFS file server uses version 1, but * 'samba-tool ntacl' can set these as well */ diff --git a/source3/modules/vfs_virusfilter.c b/source3/modules/vfs_virusfilter.c index b24cc0ea9a9..ea1886d85c8 100644 --- a/source3/modules/vfs_virusfilter.c +++ b/source3/modules/vfs_virusfilter.c @@ -1495,9 +1495,7 @@ static int virusfilter_vfs_close( return close_result; } - if (config->exclude_files && is_in_path(fname, - config->exclude_files, false)) - { + if (is_in_path(fname, config->exclude_files, false)) { DBG_INFO("Not scanned: exclude files: %s/%s\n", cwd_fname, fname); return close_result; diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c index 7e96c863314..ef90ab7342b 100644 --- a/source3/passdb/pdb_samba_dsdb.c +++ b/source3/passdb/pdb_samba_dsdb.c @@ -2723,12 +2723,7 @@ static bool pdb_samba_dsdb_set_trusteddom_pw(struct pdb_methods *m, } for (i = 0; i < old_blob.current.count; i++) { - struct AuthenticationInformation *o = - &old_blob.current.array[i]; - struct AuthenticationInformation *p = - &new_blob.previous.array[i]; - - *p = *o; + new_blob.previous.array[i] = old_blob.current.array[i]; new_blob.previous.count++; } for (; i < new_blob.count; i++) { diff --git a/source3/rpc_server/srv_access_check.c b/source3/rpc_server/srv_access_check.c index a4a58b2c7ae..23d9252a0b7 100644 --- a/source3/rpc_server/srv_access_check.c +++ b/source3/rpc_server/srv_access_check.c @@ -71,8 +71,6 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t is_root = true; } - /* Check if we are root */ - /* check privileges; certain SAM access bits should be overridden by privileges (mostly having to do with creating/modifying/deleting users and groups) */ @@ -95,9 +93,12 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t } if (is_system || is_root) { - DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", debug, des_access)); - DEBUGADD(4,("but overritten by %s\n", - is_root ? "euid == initial uid" : "system token")); + DEBUG(4, + ("%s: ACCESS should be DENIED (requested: %#010x)\n" + "but overritten by %s\n", + debug, + des_access, + is_root ? "euid == initial uid" : "system token")); priv_granted = true; *acc_granted = des_access; diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index dec1a22edd0..54108910004 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -112,7 +112,8 @@ mode_t unix_mode(connection_struct *conn, int dosmode, mode_t dir_mode = 0; /* Mode of the inherit_from directory if * inheriting. */ - if (!lp_store_dos_attributes(SNUM(conn)) && IS_DOS_READONLY(dosmode)) { + if ((dosmode & FILE_ATTRIBUTE_READONLY) && + !lp_store_dos_attributes(SNUM(conn))) { result &= ~(S_IWUSR | S_IWGRP | S_IWOTH); } @@ -140,7 +141,7 @@ mode_t unix_mode(connection_struct *conn, int dosmode, result = 0; } - if (IS_DOS_DIR(dosmode)) { + if (dosmode & FILE_ATTRIBUTE_DIRECTORY) { /* We never make directories read only for the owner as under DOS a user can always create a file in a read-only directory. */ result |= (S_IFDIR | S_IWUSR); @@ -158,14 +159,20 @@ mode_t unix_mode(connection_struct *conn, int dosmode, result |= lp_force_directory_mode(SNUM(conn)); } } else { - if (lp_map_archive(SNUM(conn)) && IS_DOS_ARCHIVE(dosmode)) + if ((dosmode & FILE_ATTRIBUTE_ARCHIVE) && + lp_map_archive(SNUM(conn))) { result |= S_IXUSR; + } - if (lp_map_system(SNUM(conn)) && IS_DOS_SYSTEM(dosmode)) + if ((dosmode & FILE_ATTRIBUTE_SYSTEM) && + lp_map_system(SNUM(conn))) { result |= S_IXGRP; + } - if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode)) + if ((dosmode & FILE_ATTRIBUTE_HIDDEN) && + lp_map_hidden(SNUM(conn))) { result |= S_IXOTH; + } if (dir_mode) { /* Inherit 666 component of parent directory mode */ @@ -979,7 +986,7 @@ int file_set_dosmode(connection_struct *conn, /* if we previously had any w bits set then leave them alone whilst adding in the new w bits, if the new mode is not rdonly */ - if (!IS_DOS_READONLY(dosmode)) { + if (!(dosmode & FILE_ATTRIBUTE_READONLY)) { unixmode |= (smb_fname->st.st_ex_mode & (S_IWUSR|S_IWGRP|S_IWOTH)); } diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c index e5de8272734..3b3d3a5fcd9 100644 --- a/source3/smbd/fileio.c +++ b/source3/smbd/fileio.c @@ -246,7 +246,7 @@ void mark_file_modified(files_struct *fsp) } dosmode = fdos_mode(fsp); - if (IS_DOS_ARCHIVE(dosmode)) { + if (dosmode & FILE_ATTRIBUTE_ARCHIVE) { return; } file_set_dosmode(fsp->conn, fsp->fsp_name, diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 0b27f8493c8..14434ba6832 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -464,7 +464,7 @@ static NTSTATUS check_base_file_access(struct files_struct *fsp, return NT_STATUS_ACCESS_DENIED; } dosattrs = fdos_mode(fsp); - if (IS_DOS_READONLY(dosattrs)) { + if (dosattrs & FILE_ATTRIBUTE_READONLY) { return NT_STATUS_ACCESS_DENIED; } } @@ -1603,7 +1603,7 @@ static NTSTATUS open_file( * There is only one legit case where end up here: * openat_pathref_fsp() failed to open a symlink, so the * fsp was created by fsp_new() which doesn't set - * is_pathref. Other then that, we should always have a + * is_pathref. Other than that, we should always have a * pathref fsp at this point. The subsequent checks * assert this. */ @@ -1670,9 +1670,9 @@ static NTSTATUS open_file( fsp->fsp_flags.modified = false; fsp->sent_oplock_break = NO_BREAK_SENT; fsp->fsp_flags.is_directory = false; - if (conn->aio_write_behind_list && - is_in_path(smb_fname->base_name, conn->aio_write_behind_list, - posix_open ? true: conn->case_sensitive)) { + if (is_in_path(smb_fname->base_name, + conn->aio_write_behind_list, + posix_open ? true : conn->case_sensitive)) { fsp->fsp_flags.aio_write_behind = true; } @@ -3512,7 +3512,7 @@ static NTSTATUS smbd_calculate_maximum_allowed_access_fsp( } dosattrs = fdos_mode(fsp); - if (IS_DOS_READONLY(dosattrs) || !CAN_WRITE(fsp->conn)) { + if ((dosattrs & FILE_ATTRIBUTE_READONLY) || !CAN_WRITE(fsp->conn)) { -- Samba Shared Repository