libcli/util: let nt_errstr() fallback to hresult_errstr()

Sometimes NTSTATUS fields return things like
HRES_SEC_E_WRONG_PRINCIPAL.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 18 18:30:08 UTC 2024 on atb-devel-224

libcli/util/nterr.c

@@ -346,6 +346,21 @@ const char *nt_errstr(NTSTATUS nt_code)
 		idx++;
 	}
 
+	/*
+	 * NTSTATUS codes have 0xC000 in the upper 16-bit, if the
+	 * upper 16-bit are not 0 and not 0xC000, it's likely
+	 * an HRESULT.
+	 *
+	 * E.g. we should display HRES_SEC_E_WRONG_PRINCIPAL instead of
+	 * 'NT code 0x80090322'
+	 */
+	if ((NT_STATUS_V(nt_code) & 0xFFFF0000) != 0 &&
+	    (NT_STATUS_V(nt_code) & 0xFFFF0000) != 0xC0000000)
+	{
+		HRESULT hres = HRES_ERROR(NT_STATUS_V(nt_code));
+		return hresult_errstr(hres);
+	}
+
 	/*
 	 * This should not really happen, we should have all error codes
 	 * available. We have a problem that this might get wrongly

nsswitch/pam_winbind.c

@@ -2527,6 +2527,7 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
 	/* Convert the UPN to a SID */
 
 	wbc_status = wbcCtxLookupName(ctx->wbc_ctx, domain, name, &sid, &type);
+	TALLOC_FREE(name);
 	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		return NULL;
 	}

source3/include/smb.h

@@ -607,7 +607,10 @@ struct ea_list {
 	struct ea_struct ea;
 };
 
-/* EA names used internally in Samba. KEEP UP TO DATE with prohibited_ea_names in trans2.c !. */
+/*
+ * EA names used internally in Samba. KEEP UP TO DATE with
+ * samba_private_attr_name() in smb2_trans2.c !.
+ */
 #define SAMBA_POSIX_INHERITANCE_EA_NAME "user.SAMBA_PAI"
 /* EA to use for DOS attributes */
 #define SAMBA_XATTR_DOS_ATTRIB "user.DOSATTRIB"

source3/include/trans2.h

@@ -1,4 +1,4 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    SMB transaction2 handling
 
@@ -11,12 +11,12 @@
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -208,7 +208,7 @@ Byte offset   Type     name                description
 #define SMB_QUERY_FS_DEVICE_INFO        0x104
 #define SMB_QUERY_FS_ATTRIBUTE_INFO     0x105
 #if 0
-#define SMB_QUERY_FS_QUOTA_INFO		
+#define SMB_QUERY_FS_QUOTA_INFO
 #endif
 
 #define l2_vol_fdateCreation 0

source3/lib/util_ea.c

@@ -33,11 +33,11 @@ struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t da
 	size_t converted_size;
 
 	if (!eal) {
-		return NULL;
+		goto fail;
 	}
 
 	if (data_size < 6) {
-		return NULL;
+		goto fail;
 	}
 
 	eal->ea.flags = CVAL(pdata,0);
@@ -45,24 +45,23 @@ struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t da
 	val_len = SVAL(pdata,2);
 
 	if (4 + namelen + 1 + val_len > data_size) {
-		return NULL;
+		goto fail;
 	}
 
 	/* Ensure the name is null terminated. */
 	if (pdata[namelen + 4] != '\0') {
-		return NULL;
+		goto fail;
 	}
 	if (!pull_ascii_talloc(ctx, &eal->ea.name, pdata + 4, &converted_size)) {
-		DEBUG(0,("read_ea_list_entry: pull_ascii_talloc failed: %s\n",
-			strerror(errno)));
+		DBG_ERR("pull_ascii_talloc failed: %s\n", strerror(errno));
 	}
 	if (!eal->ea.name) {
-		return NULL;
+		goto fail;
 	}
 
 	eal->ea.value = data_blob_talloc(eal, NULL, (size_t)val_len + 1);
 	if (!eal->ea.value.data) {
-		return NULL;
+		goto fail;
 	}
 
 	memcpy(eal->ea.value.data, pdata + 4 + namelen + 1, val_len);
@@ -76,10 +75,13 @@ struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t da
 		*pbytes_used = 4 + namelen + 1 + val_len;
 	}
 
-	DEBUG(10,("read_ea_list_entry: read ea name %s\n", eal->ea.name));
+	DBG_DEBUG("read ea name %s\n", eal->ea.name);
 	dump_data(10, eal->ea.value.data, eal->ea.value.length);
 
 	return eal;
+fail:
+	TALLOC_FREE(eal);
+	return NULL;
 }
 
 /****************************************************************************

source3/lib/util_nttoken.c

@@ -1,4 +1,4 @@
-/* 
+/*
  *  Unix SMB/CIFS implementation.
  *  Authentication utility functions
  *  Copyright (C) Andrew Tridgell 1992-1998
@@ -13,12 +13,12 @@
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 3 of the License, or
  *  (at your option) any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */

source3/modules/vfs_streams_depot.c

@@ -158,19 +158,15 @@ static char *stream_dir(vfs_handle_struct *handle,
 	SMB_STRUCT_STAT base_sbuf_tmp;
 	char *tmp = NULL;
 	uint8_t first, second;
-	char *id_hex;
 	struct file_id id;
 	uint8_t id_buf[16];
-	bool check_valid;
+	char id_hex[sizeof(id_buf) * 2 + 1];
 	char *rootdir = NULL;
 	struct smb_filename *rootdir_fname = NULL;
 	struct smb_filename *tmp_fname = NULL;
 	struct vfs_rename_how rhow = { .flags = 0, };
 	int ret;
 
-	check_valid = lp_parm_bool(SNUM(handle->conn),
-		      "streams_depot", "check_valid", true);
-
 	rootdir = stream_rootdir(handle,
 				 talloc_tos());
 	if (rootdir == NULL) {
@@ -223,18 +219,11 @@ static char *stream_dir(vfs_handle_struct *handle,
 	first = hash & 0xff;
 	second = (hash >> 8) & 0xff;
 
-	id_hex = hex_encode_talloc(talloc_tos(), id_buf, sizeof(id_buf));
-
-	if (id_hex == NULL) {
-		errno = ENOMEM;
-		goto fail;
-	}
+	hex_encode_buf(id_hex, id_buf, sizeof(id_buf));
 
 	result = talloc_asprintf(talloc_tos(), "%s/%2.2X/%2.2X/%s", rootdir,
 				 first, second, id_hex);
 
-	TALLOC_FREE(id_hex);
-
 	if (result == NULL) {
 		errno = ENOMEM;
 		return NULL;
@@ -254,13 +243,18 @@ static char *stream_dir(vfs_handle_struct *handle,
 	if (SMB_VFS_NEXT_STAT(handle, smb_fname_hash) == 0) {
 		struct smb_filename *smb_fname_new = NULL;
 		char *newname;
-		bool delete_lost;
+		bool check_valid, delete_lost;
 
 		if (!S_ISDIR(smb_fname_hash->st.st_ex_mode)) {
 			errno = EINVAL;
 			goto fail;
 		}
 
+		check_valid = lp_parm_bool(SNUM(handle->conn),
+					   "streams_depot",
+					   "check_valid",
+					   true);
+
 		if (!check_valid ||
 		    file_is_valid(handle, smb_fname)) {
 			return result;
@@ -277,9 +271,9 @@ static char *stream_dir(vfs_handle_struct *handle,
 					   "delete_lost", false);
 
 		if (delete_lost) {
-			DEBUG(3, ("Someone has recreated a file under an "
-			      "existing inode. Removing: %s\n",
-			      smb_fname_hash->base_name));
+			DBG_NOTICE("Someone has recreated a file under an "
+				   "existing inode. Removing: %s\n",
+				   smb_fname_hash->base_name);
 			recursive_rmdir(talloc_tos(), handle->conn,
 					smb_fname_hash);
 			SMB_VFS_NEXT_UNLINKAT(handle,
@@ -289,10 +283,10 @@ static char *stream_dir(vfs_handle_struct *handle,
 		} else {
 			newname = talloc_asprintf(talloc_tos(), "lost-%lu",
 						  random());
-			DEBUG(3, ("Someone has recreated a file under an "
-			      "existing inode. Renaming: %s to: %s\n",
-			      smb_fname_hash->base_name,
-			      newname));
+			DBG_NOTICE("Someone has recreated a file under an "
+				   "existing inode. Renaming: %s to: %s\n",
+				   smb_fname_hash->base_name,
+				   newname);
 			if (newname == NULL) {
 				errno = ENOMEM;
 				goto fail;

source3/smbd/smb2_trans2.c

@@ -2474,25 +2474,30 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
 
 			rc = SMB_VFS_STATVFS(conn, &smb_fname, &svfs);
 
-			if (!rc) {
-				data_len = 56;
-				SIVAL(pdata,0,svfs.OptimalTransferSize);
-				SIVAL(pdata,4,svfs.BlockSize);
-				SBIG_UINT(pdata,8,svfs.TotalBlocks);
-				SBIG_UINT(pdata,16,svfs.BlocksAvail);
-				SBIG_UINT(pdata,24,svfs.UserBlocksAvail);
-				SBIG_UINT(pdata,32,svfs.TotalFileNodes);
-				SBIG_UINT(pdata,40,svfs.FreeFileNodes);
-				SBIG_UINT(pdata,48,svfs.FsIdentifier);
-				DEBUG(5,("smbd_do_qfsinfo : SMB_QUERY_POSIX_FS_INFO successful\n"));
 #ifdef EOPNOTSUPP
-			} else if (rc == EOPNOTSUPP) {
+			if (rc == EOPNOTSUPP) {
 				return NT_STATUS_INVALID_LEVEL;
-#endif /* EOPNOTSUPP */
-			} else {
-				DEBUG(0,("vfs_statvfs() failed for service [%s]\n",lp_servicename(talloc_tos(), lp_sub, SNUM(conn))));
+			}
+#endif
+			if (rc != 0) {
+				DBG_ERR("vfs_statvfs() failed for service "
+					"[%s]\n",
+					lp_servicename(talloc_tos(),
+						       lp_sub,
+						       SNUM(conn)));
 				return NT_STATUS_DOS(ERRSRV, ERRerror);
 			}
+
+			data_len = 56;
+			PUSH_LE_U32(pdata, 0, svfs.OptimalTransferSize);
+			PUSH_LE_U32(pdata, 4, svfs.BlockSize);
+			PUSH_LE_U64(pdata, 8, svfs.TotalBlocks);
+			PUSH_LE_U64(pdata, 16, svfs.BlocksAvail);
+			PUSH_LE_U64(pdata, 24, svfs.UserBlocksAvail);
+			PUSH_LE_U64(pdata, 32, svfs.TotalFileNodes);
+			PUSH_LE_U64(pdata, 40, svfs.FreeFileNodes);
+			PUSH_LE_U64(pdata, 48, svfs.FsIdentifier);
+			DBG_INFO("SMB_QUERY_POSIX_FS_INFO successful\n");
 			break;
 		}
 

source4/scripting/bin/gen_hresult.py

@@ -101,7 +101,7 @@ def generateSourceFile(out_file, errors):
     out_file.write("	switch (HRES_ERROR_V(err_code)) {\n")
     for err in errors:
         out_file.write(f'            case 0x{err.err_code:X}:\n')
-        out_file.write(f'                result = \"{err.err_define}\";\n')
+        out_file.write(f'                result = \"{err.err_string}\";\n')
         out_file.write(f'                break;\n')
     out_file.write("	}\n")
     out_file.write("\n")
@@ -120,7 +120,7 @@ def generateSourceFile(out_file, errors):
     out_file.write("	switch (HRES_ERROR_V(err_code)) {\n")
     for err in errors:
         out_file.write(f'            case 0x{err.err_code:X}:\n')
-        out_file.write(f'                return \"{err.err_string}\";\n')
+        out_file.write(f'                return \"{err.err_define}\";\n')
         out_file.write(f'                break;\n')
     out_file.write("	}\n")
     out_file.write("	snprintf(msg, sizeof(msg), \"HRES code 0x%08x\", HRES_ERROR_V(err_code));\n")