NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
uint16_t fnum,
uint32_t sec_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **sd)
{
uint8_t param[8];
uint8_t *rdata=NULL;
uint32_t rdata_count=0;
NTSTATUS status;
struct security_descriptor *lsd;
if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
return cli_smb2_query_security_descriptor(cli,
fnum,
sec_info,
mem_ctx,
sd);
}
SIVAL(param, 0, fnum);
SIVAL(param, 4, sec_info);
status = cli_trans(talloc_tos(), cli, SMBnttrans,
NULL, -1, /* name, fid */
NT_TRANSACT_QUERY_SECURITY_DESC, 0, /* function, flags */
NULL, 0, 0, /* setup, length, max */
param, 8, 4, /* param, length, max */
NULL, 0, 0x10000, /* data, length, max */
NULL, /* recv_flags2 */
NULL, 0, NULL, /* rsetup, length */
NULL, 0, NULL,
&rdata, 0, &rdata_count);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("NT_TRANSACT_QUERY_SECURITY_DESC failed: %s\n",
nt_errstr(status)));
goto cleanup;
}
status = unmarshall_sec_desc(mem_ctx, (uint8 *)rdata, rdata_count,
&lsd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("unmarshall_sec_desc failed: %s\n",
nt_errstr(status)));
goto cleanup;
}
if (sd != NULL) {
*sd = lsd;
} else {
TALLOC_FREE(lsd);
}
cleanup:
TALLOC_FREE(rdata);
return status;
}
struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *servicename,
size_t *psize)
{
char *key;
struct security_descriptor *psd = NULL;
TDB_DATA data;
char *c_servicename = canonicalize_servicename(talloc_tos(), servicename);
NTSTATUS status;
if (!c_servicename) {
return NULL;
}
if (!share_info_db_init()) {
TALLOC_FREE(c_servicename);
return NULL;
}
if (!(key = talloc_asprintf(ctx, SHARE_SECURITY_DB_KEY_PREFIX_STR "%s", c_servicename))) {
TALLOC_FREE(c_servicename);
DEBUG(0, ("talloc_asprintf failed\n"));
return NULL;
}
TALLOC_FREE(c_servicename);
status = dbwrap_fetch_bystring(share_db, talloc_tos(), key, &data);
TALLOC_FREE(key);
if (!NT_STATUS_IS_OK(status)) {
return get_share_security_default(ctx, psize,
SEC_RIGHTS_DIR_ALL);
}
status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd);
TALLOC_FREE(data.dptr);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("unmarshall_sec_desc failed: %s\n",
nt_errstr(status)));
return get_share_security_default(ctx, psize,
SEC_RIGHTS_DIR_ALL);
}
if (psd) {
*psize = ndr_size_security_descriptor(psd, 0);
} else {
return get_share_security_default(ctx, psize,
SEC_RIGHTS_DIR_ALL);
}
return psd;
}
/****************************************************************************
query the security descriptor for a open file
****************************************************************************/
struct security_descriptor *cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
TALLOC_CTX *mem_ctx)
{
uint8_t param[8];
uint8_t *rdata=NULL;
uint32_t rdata_count=0;
struct security_descriptor *psd = NULL;
NTSTATUS status;
SIVAL(param, 0, fnum);
SIVAL(param, 4, 0x7);
status = cli_trans(talloc_tos(), cli, SMBnttrans,
NULL, -1, /* name, fid */
NT_TRANSACT_QUERY_SECURITY_DESC, 0, /* function, flags */
NULL, 0, 0, /* setup, length, max */
param, 8, 4, /* param, length, max */
NULL, 0, 0x10000, /* data, length, max */
NULL, /* recv_flags2 */
NULL, 0, NULL, /* rsetup, length */
NULL, 0, NULL,
&rdata, 0, &rdata_count);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("NT_TRANSACT_QUERY_SECURITY_DESC failed: %s\n",
nt_errstr(status)));
goto cleanup;
}
status = unmarshall_sec_desc(mem_ctx, (uint8 *)rdata, rdata_count,
&psd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("unmarshall_sec_desc failed: %s\n",
nt_errstr(status)));
goto cleanup;
}
cleanup:
TALLOC_FREE(rdata);
return psd;
}
SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename,
size_t *psize)
{
char *key;
SEC_DESC *psd = NULL;
TDB_DATA data;
NTSTATUS status;
if (!share_info_db_init()) {
return NULL;
}
if (!(key = talloc_asprintf(ctx, "SECDESC/%s", servicename))) {
DEBUG(0, ("talloc_asprintf failed\n"));
return NULL;
}
data = dbwrap_fetch_bystring(share_db, talloc_tos(), key);
TALLOC_FREE(key);
if (data.dptr == NULL) {
return get_share_security_default(ctx, psize,
GENERIC_ALL_ACCESS);
}
status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd);
TALLOC_FREE(data.dptr);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("unmarshall_sec_desc failed: %s\n",
nt_errstr(status)));
return NULL;
}
if (psd)
*psize = ndr_size_security_descriptor(psd, NULL, 0);
return psd;
}
