BOOL set_share_security(const char *share_name, SEC_DESC *psd) { prs_struct ps; TALLOC_CTX *mem_ctx = NULL; fstring key; BOOL ret = False; if (!share_info_db_init()) { return False; } mem_ctx = talloc_init("set_share_security"); if (mem_ctx == NULL) return False; prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL); if (!sec_io_desc("share_security", &psd, &ps, 1)) goto out; slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name); if (tdb_prs_store(share_tdb, key, &ps)==0) { ret = True; DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name )); } else { DEBUG(1,("set_share_security: Failed to store secdesc for %s\n", share_name )); } /* Free malloc'ed memory */ out: prs_mem_free(&ps); if (mem_ctx) talloc_destroy(mem_ctx); return ret; }
int psec_setsec(char *printer) { DOM_SID user_sid, group_sid; SEC_ACE *ace_list = NULL; SEC_ACL *dacl = NULL; SEC_DESC *sd; SEC_DESC_BUF *sdb = NULL; int result = 0, num_aces = 0; fstring line, keystr, tdb_path; size_t size; prs_struct ps; TALLOC_CTX *mem_ctx = NULL; BOOL has_user_sid = False, has_group_sid = False; ZERO_STRUCT(ps); /* Open tdb for reading */ slprintf(tdb_path, sizeof(tdb_path) - 1, "%s/ntdrivers.tdb", lp_lockdir()); tdb = tdb_open(tdb_path, 0, 0, O_RDWR, 0600); if (!tdb) { printf("psec: failed to open nt drivers database: %s\n", sys_errlist[errno]); result = 1; goto done; } /* Read owner and group sid */ fgets(line, sizeof(fstring), stdin); if (line[0] != '\n') { string_to_sid(&user_sid, line); has_user_sid = True; } fgets(line, sizeof(fstring), stdin); if (line[0] != '\n') { string_to_sid(&group_sid, line); has_group_sid = True; } /* Read ACEs from standard input for discretionary ACL */ while(fgets(line, sizeof(fstring), stdin)) { int ace_type, ace_flags; uint32 ace_mask; fstring sidstr; DOM_SID sid; SEC_ACCESS sa; if (sscanf(line, "%d %d 0x%x %s", &ace_type, &ace_flags, &ace_mask, sidstr) != 4) { continue; } string_to_sid(&sid, sidstr); ace_list = Realloc(ace_list, sizeof(SEC_ACE) * (num_aces + 1)); init_sec_access(&sa, ace_mask); init_sec_ace(&ace_list[num_aces], &sid, ace_type, sa, ace_flags); num_aces++; } dacl = make_sec_acl(ACL_REVISION, num_aces, ace_list); free(ace_list); /* Create security descriptor */ sd = make_sec_desc(SEC_DESC_REVISION, has_user_sid ? &user_sid : NULL, has_group_sid ? &group_sid : NULL, NULL, /* System ACL */ dacl, /* Discretionary ACL */ &size); free_sec_acl(&dacl); sdb = make_sec_desc_buf(size, sd); free_sec_desc(&sd); /* Write security descriptor to tdb */ mem_ctx = talloc_init(); if (!mem_ctx) { printf("memory allocation error\n"); result = 1; goto done; } prs_init(&ps, (uint32)sec_desc_size(sdb->sec) + sizeof(SEC_DESC_BUF), 4, mem_ctx, MARSHALL); if (!sec_io_desc_buf("nt_printing_setsec", &sdb, &ps, 1)) { printf("sec_io_desc_buf failed\n"); goto done; } slprintf(keystr, sizeof(keystr) - 1, "SECDESC/%s", printer); if (!tdb_prs_store(tdb, keystr, &ps)==0) { printf("Failed to store secdesc for %s\n", printer); goto done; } done: if (tdb) tdb_close(tdb); if (sdb) free_sec_desc_buf(&sdb); if (mem_ctx) talloc_destroy(mem_ctx); prs_mem_free(&ps); return result; }