svn commit: samba r11057 - in trunk/source/rpc_server: .
jerry at samba.org
jerry at samba.org
Fri Oct 14 15:50:39 GMT 2005
Author: jerry
Date: 2005-10-14 15:50:38 +0000 (Fri, 14 Oct 2005)
New Revision: 11057
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11057
Log:
* attempt to open the eventlog tdb before doing the access
check so that valid eventlog tdbs can be created as necessary
* create the $(lockdir)/eventlog directory if it does not
already exist
* ensure that eventlog tdbs are created with permissions
0600 for root (rather than with group rw perms).
Modified:
trunk/source/rpc_server/srv_eventlog_lib.c
trunk/source/rpc_server/srv_eventlog_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_eventlog_lib.c
===================================================================
--- trunk/source/rpc_server/srv_eventlog_lib.c 2005-10-14 15:08:05 UTC (rev 11056)
+++ trunk/source/rpc_server/srv_eventlog_lib.c 2005-10-14 15:50:38 UTC (rev 11057)
@@ -46,7 +46,7 @@
tdbfilename));
tdb = tdb_open_log( tdbfilename, 0, TDB_DEFAULT,
- O_RDWR|O_CREAT|O_TRUNC, 0660 );
+ O_RDWR|O_CREAT|O_TRUNC, 0600 );
if ( !tdb ) {
DEBUG( 0, ( "Can't open tdb for [%s]\n", tdbfilename ) );
@@ -74,10 +74,11 @@
{
fstring path;
char *tdb_fullpath;
-
- pstr_sprintf( path, "eventlog/%s.tdb", name );
+ char *eventlogdir = lock_path( "eventlog" );
+
+ pstr_sprintf( path, "%s/%s.tdb", eventlogdir, name );
strlower_m( path );
- tdb_fullpath = SMB_STRDUP( lock_path(path) );
+ tdb_fullpath = SMB_STRDUP( path );
return tdb_fullpath;
}
@@ -324,7 +325,8 @@
char *tdbfilename;
pstring tdbpath;
struct elog_open_tdb *tdb_node;
-
+ char *eventlogdir;
+
/* first see if we have an open context */
for ( ptr=open_elog_list; ptr; ptr=ptr->next ) {
@@ -334,6 +336,12 @@
}
}
+ /* make sure that the eventlog dir exists */
+
+ eventlogdir = lock_path( "eventlog" );
+ if ( !directory_exist( eventlogdir, NULL ) )
+ mkdir( eventlogdir, 0755 );
+
/* get the path on disk */
tdbfilename = elog_tdbname( logname );
Modified: trunk/source/rpc_server/srv_eventlog_nt.c
===================================================================
--- trunk/source/rpc_server/srv_eventlog_nt.c 2005-10-14 15:08:05 UTC (rev 11056)
+++ trunk/source/rpc_server/srv_eventlog_nt.c 2005-10-14 15:50:38 UTC (rev 11057)
@@ -140,20 +140,15 @@
elog->logname = talloc_strdup( elog, logname );
- /* do the access check */
- if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
- TALLOC_FREE( elog );
- return WERR_ACCESS_DENIED;
- }
+ /* Open the tdb first (so that we can create any new tdbs if necessary).
+ We have to do this as root and then use an internal access check
+ on the file permissions since you can only have a tdb open once
+ in a single process */
- /* having done the nexessary access checks, surround the
- tdb open with a {un}become_root() pair since we can
- only have one tdb context per eventlog per process */
-
become_root();
elog->tdb = elog_open_tdb( elog->logname );
unbecome_root();
-
+
if ( !elog->tdb ) {
/* according to MSDN, if the logfile cannot be found, we should
default to the "Application" log */
@@ -177,10 +172,18 @@
if ( !elog->tdb ) {
TALLOC_FREE( elog );
- return WERR_OBJECT_PATH_INVALID; /* ??? */
+ return WERR_ACCESS_DENIED; /* ??? */
}
}
+ /* now do the access check. Close the tdb if we fail here */
+
+ if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
+ elog_close_tdb( elog->tdb );
+ TALLOC_FREE( elog );
+ return WERR_ACCESS_DENIED;
+ }
+
/* create the policy handle */
if ( !create_policy_hnd
More information about the samba-cvs
mailing list