[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Jan 16 01:44:02 UTC 2018
The branch, master has been updated
via a63aafb srcctl3: Improve debug messages
via 6aa0cc2 rpc_server: Improve a debug message
from 05ebafd s3:rpc_client: Clenup copy_netr_SamInfo3() code
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a63aafb05d4d975aa9898b8a2dcbbf5d4f41938d
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 15 11:42:29 2018 +0100
srcctl3: Improve debug messages
A customer's syslog was filled with
_svcctl_OpenServiceW: Failed to get a valid security descriptor
messages. This improves the messages to give info about which service failed
with which error code. Also, it makes OpenServiceW fail with the same error
message Windows fails with for unknown services.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 16 02:43:03 CET 2018 on sn-devel-144
commit 6aa0cc2570f9c86e76086bebf16234988107384e
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 15 10:47:51 2018 +0100
rpc_server: Improve a debug message
A client sending us a bind with an unknown interface should not spam
syslog by default. Also, show what interface the client tried to connect
to.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_pipe.c | 5 +++-
source3/rpc_server/svcctl/srv_svcctl_nt.c | 42 ++++++++++++++++++++-----------
source3/services/svc_winreg_glue.c | 25 ++++++++++--------
source3/services/svc_winreg_glue.h | 9 ++++---
4 files changed, 52 insertions(+), 29 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 4534200..7a1c615 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -738,7 +738,10 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
table = ndr_table_by_uuid(&id.uuid);
if (table == NULL) {
- DEBUG(0,("unknown interface\n"));
+ char *iface = ndr_syntax_id_to_string(talloc_tos(), &id);
+ DBG_NOTICE("unknown interface %s\n",
+ iface ? iface : "<null>");
+ TALLOC_FREE(iface);
return false;
}
diff --git a/source3/rpc_server/svcctl/srv_svcctl_nt.c b/source3/rpc_server/svcctl/srv_svcctl_nt.c
index d4bf2e7..8eaedfb 100644
--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c
+++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c
@@ -301,6 +301,7 @@ WERROR _svcctl_OpenServiceW(struct pipes_struct *p,
uint32_t access_granted = 0;
NTSTATUS status;
const char *service = NULL;
+ WERROR err;
service = r->in.ServiceName;
if (!service) {
@@ -317,14 +318,19 @@ WERROR _svcctl_OpenServiceW(struct pipes_struct *p,
* Perform access checks. Use the system session_info in order to ensure
* that we retrieve the security descriptor
*/
- sec_desc = svcctl_get_secdesc(p->mem_ctx,
- p->msg_ctx,
- get_session_info_system(),
- service);
- if (sec_desc == NULL) {
- DEBUG(0, ("_svcctl_OpenServiceW: Failed to get a valid security "
- "descriptor"));
- return WERR_NOT_ENOUGH_MEMORY;
+ err = svcctl_get_secdesc(p->msg_ctx,
+ get_session_info_system(),
+ service,
+ p->mem_ctx,
+ &sec_desc);
+ if (W_ERROR_EQUAL(err, WERR_FILE_NOT_FOUND)) {
+ DBG_NOTICE("service %s does not exist\n", service);
+ return WERR_SERVICE_DOES_NOT_EXIST;
+ }
+ if (!W_ERROR_IS_OK(err)) {
+ DBG_NOTICE("Failed to get a valid secdesc for %s: %s\n",
+ service, win_errstr(err));
+ return err;
}
se_map_generic( &r->in.access_mask, &svc_generic_map );
@@ -899,6 +905,7 @@ WERROR _svcctl_QueryServiceObjectSecurity(struct pipes_struct *p,
NTSTATUS status;
uint8_t *buffer = NULL;
size_t len = 0;
+ WERROR err;
/* only support the SCM and individual services */
@@ -917,12 +924,19 @@ WERROR _svcctl_QueryServiceObjectSecurity(struct pipes_struct *p,
return WERR_INVALID_PARAMETER;
/* Lookup the security descriptor and marshall it up for a reply */
- sec_desc = svcctl_get_secdesc(p->mem_ctx,
- p->msg_ctx,
- get_session_info_system(),
- info->name);
- if (sec_desc == NULL) {
- return WERR_NOT_ENOUGH_MEMORY;
+ err = svcctl_get_secdesc(p->msg_ctx,
+ get_session_info_system(),
+ info->name,
+ p->mem_ctx,
+ &sec_desc);
+ if (W_ERROR_EQUAL(err, WERR_FILE_NOT_FOUND)) {
+ DBG_NOTICE("service %s does not exist\n", info->name);
+ return WERR_SERVICE_DOES_NOT_EXIST;
+ }
+ if (!W_ERROR_IS_OK(err)) {
+ DBG_NOTICE("Failed to get a valid secdesc for %s: %s\n",
+ info->name, win_errstr(err));
+ return err;
}
*r->out.needed = ndr_size_security_descriptor(sec_desc, 0);
diff --git a/source3/services/svc_winreg_glue.c b/source3/services/svc_winreg_glue.c
index 7d7871d..50b9897 100644
--- a/source3/services/svc_winreg_glue.c
+++ b/source3/services/svc_winreg_glue.c
@@ -75,10 +75,11 @@ struct security_descriptor* svcctl_gen_service_sd(TALLOC_CTX *mem_ctx)
return sd;
}
-struct security_descriptor *svcctl_get_secdesc(TALLOC_CTX *mem_ctx,
- struct messaging_context *msg_ctx,
- const struct auth_session_info *session_info,
- const char *name)
+WERROR svcctl_get_secdesc(struct messaging_context *msg_ctx,
+ const struct auth_session_info *session_info,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **psd)
{
struct dcerpc_binding_handle *h = NULL;
uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
@@ -92,7 +93,7 @@ struct security_descriptor *svcctl_get_secdesc(TALLOC_CTX *mem_ctx,
"%s\\%s\\Security",
TOP_LEVEL_SERVICES_KEY, name);
if (key == NULL) {
- return NULL;
+ return WERR_NOT_ENOUGH_MEMORY;
}
status = dcerpc_winreg_int_hklm_openkey(mem_ctx,
@@ -108,12 +109,12 @@ struct security_descriptor *svcctl_get_secdesc(TALLOC_CTX *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2, ("svcctl_set_secdesc: Could not open %s - %s\n",
key, nt_errstr(status)));
- return NULL;
+ return WERR_INTERNAL_ERROR;
}
if (!W_ERROR_IS_OK(result)) {
DEBUG(2, ("svcctl_set_secdesc: Could not open %s - %s\n",
key, win_errstr(result)));
- return NULL;
+ return result;
}
status = dcerpc_winreg_query_sd(mem_ctx,
@@ -125,14 +126,14 @@ struct security_descriptor *svcctl_get_secdesc(TALLOC_CTX *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2, ("svcctl_get_secdesc: error getting value 'Security': "
"%s\n", nt_errstr(status)));
- return NULL;
+ return WERR_INTERNAL_ERROR;
}
if (W_ERROR_EQUAL(result, WERR_FILE_NOT_FOUND)) {
goto fallback_to_default_sd;
} else if (!W_ERROR_IS_OK(result)) {
DEBUG(2, ("svcctl_get_secdesc: error getting value 'Security': "
"%s\n", win_errstr(result)));
- return NULL;
+ return result;
}
goto done;
@@ -141,9 +142,13 @@ fallback_to_default_sd:
DEBUG(6, ("svcctl_get_secdesc: constructing default secdesc for "
"service [%s]\n", name));
sd = svcctl_gen_service_sd(mem_ctx);
+ if (sd == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
done:
- return sd;
+ *psd = sd;
+ return WERR_OK;
}
bool svcctl_set_secdesc(struct messaging_context *msg_ctx,
diff --git a/source3/services/svc_winreg_glue.h b/source3/services/svc_winreg_glue.h
index c9366b3..e013f8d 100644
--- a/source3/services/svc_winreg_glue.h
+++ b/source3/services/svc_winreg_glue.h
@@ -28,10 +28,11 @@ struct auth_session_info;
struct security_descriptor* svcctl_gen_service_sd(TALLOC_CTX *mem_ctx);
-struct security_descriptor *svcctl_get_secdesc(TALLOC_CTX *mem_ctx,
- struct messaging_context *msg_ctx,
- const struct auth_session_info *session_info,
- const char *name);
+WERROR svcctl_get_secdesc(struct messaging_context *msg_ctx,
+ const struct auth_session_info *session_info,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **result);
bool svcctl_set_secdesc(struct messaging_context *msg_ctx,
const struct auth_session_info *session_info,
--
Samba Shared Repository
More information about the samba-cvs
mailing list