NTSTATUS se_create_child_secdesc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF **ppsdb, const SEC_DESC *parent_ctr, bool container) { NTSTATUS status; size_t size = 0; SEC_DESC *sd = NULL; *ppsdb = NULL; status = se_create_child_secdesc(ctx, &sd, &size, parent_ctr, parent_ctr->owner_sid, parent_ctr->group_sid, container); if (!NT_STATUS_IS_OK(status)) { return status; } *ppsdb = make_sec_desc_buf(ctx, size, sd); if (!*ppsdb) { return NT_STATUS_NO_MEMORY; } return NT_STATUS_OK; }
static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, files_struct *fsp, struct security_descriptor *parent_desc, bool is_directory) { TALLOC_CTX *ctx = talloc_tos(); NTSTATUS status = NT_STATUS_OK; struct security_descriptor *psd = NULL; size_t size; if (!sd_has_inheritable_components(parent_desc, is_directory)) { return NT_STATUS_OK; } /* Create an inherited descriptor from the parent. */ if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: parent acl for %s is:\n", fsp_str_dbg(fsp) )); NDR_PRINT_DEBUG(security_descriptor, parent_desc); } status = se_create_child_secdesc(ctx, &psd, &size, parent_desc, &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX], is_directory); if (!NT_STATUS_IS_OK(status)) { return status; } if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: child acl for %s is:\n", fsp_str_dbg(fsp) )); NDR_PRINT_DEBUG(security_descriptor, parent_desc); } return SMB_VFS_FSET_NT_ACL(fsp, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION), psd); }
static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, const char *fname, files_struct *fsp, bool container) { TALLOC_CTX *ctx = talloc_tos(); NTSTATUS status; struct security_descriptor *parent_desc = NULL; struct security_descriptor *psd = NULL; DATA_BLOB blob; size_t size; char *parent_name; if (!parent_dirname(ctx, fname, &parent_name, NULL)) { return NT_STATUS_NO_MEMORY; } DEBUG(10,("inherit_new_acl: check directory %s\n", parent_name)); status = get_nt_acl_xattr_internal(handle, NULL, parent_name, (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION), &parent_desc); if (NT_STATUS_IS_OK(status)) { /* Create an inherited descriptor from the parent. */ if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: parent acl is:\n")); NDR_PRINT_DEBUG(security_descriptor, parent_desc); } status = se_create_child_secdesc(ctx, &psd, &size, parent_desc, &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX], container); if (!NT_STATUS_IS_OK(status)) { return status; } if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: child acl is:\n")); NDR_PRINT_DEBUG(security_descriptor, psd); } } else { DEBUG(10,("inherit_new_acl: directory %s failed " "to get acl %s\n", parent_name, nt_errstr(status) )); } if (!psd || psd->dacl == NULL) { SMB_STRUCT_STAT sbuf; int ret; TALLOC_FREE(psd); if (fsp && !fsp->is_directory && fsp->fh->fd != -1) { ret = SMB_VFS_FSTAT(fsp, &sbuf); } else { if (fsp && fsp->posix_open) { ret = SMB_VFS_LSTAT(handle->conn,fname, &sbuf); } else { ret = SMB_VFS_STAT(handle->conn,fname, &sbuf); } } if (ret == -1) { return map_nt_error_from_unix(errno); } psd = default_file_sd(ctx, &sbuf); if (!psd) { return NT_STATUS_NO_MEMORY; } if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: default acl is:\n")); NDR_PRINT_DEBUG(security_descriptor, psd); } } status = create_acl_blob(psd, &blob); if (!NT_STATUS_IS_OK(status)) { return status; } if (fsp) { return store_acl_blob_fsp(handle, fsp, &blob); } else { return store_acl_blob_pathname(handle, fname, &blob); } }