int psec_getsec(char *printer)
{
SEC_DESC_BUF *secdesc_ctr = NULL;
TALLOC_CTX *mem_ctx = NULL;
fstring keystr, sidstr, tdb_path;
prs_struct ps;
int result = 0, i;
ZERO_STRUCT(ps);
/* Open tdb for reading */
slprintf(tdb_path, sizeof(tdb_path) - 1, "%s/ntdrivers.tdb",
lp_lockdir());
tdb = tdb_open(tdb_path, 0, 0, O_RDONLY, 0600);
if (!tdb) {
printf("psec: failed to open nt drivers database: %s\n",
sys_errlist[errno]);
return 1;
}
/* Get security blob from tdb */
slprintf(keystr, sizeof(keystr) - 1, "SECDESC/%s", printer);
mem_ctx = talloc_init();
if (!mem_ctx) {
printf("memory allocation error\n");
result = 1;
goto done;
}
if (tdb_prs_fetch(tdb, keystr, &ps, mem_ctx) != 0) {
printf("error fetching descriptor for printer %s\n",
printer);
/* cannot do a prs_mem_free() when tdb_prs_fetch fails */
/* as the prs structure has not been initialized */
tdb_close(tdb);
talloc_destroy(mem_ctx);
return 1;
}
/* Unpack into security descriptor buffer */
if (!sec_io_desc_buf("nt_printing_getsec", &secdesc_ctr, &ps, 1)) {
printf("error unpacking sec_desc_buf\n");
result = 1;
goto done;
}
/* Print owner and group sid */
if (secdesc_ctr->sec->owner_sid) {
sid_to_string(sidstr, secdesc_ctr->sec->owner_sid);
} else {
fstrcpy(sidstr, "");
}
printf("%s\n", sidstr);
if (secdesc_ctr->sec->grp_sid) {
sid_to_string(sidstr, secdesc_ctr->sec->grp_sid);
} else {
fstrcpy(sidstr, "");
}
printf("%s\n", sidstr);
/* Print aces */
if (!secdesc_ctr->sec->dacl) {
result = 0;
goto done;
}
for (i = 0; i < secdesc_ctr->sec->dacl->num_aces; i++) {
SEC_ACE *ace = &secdesc_ctr->sec->dacl->ace[i];
sid_to_string(sidstr, &ace->sid);
printf("%d %d 0x%08x %s\n", ace->type, ace->flags,
ace->info.mask, sidstr);
}
done:
if (tdb) tdb_close(tdb);
if (mem_ctx) talloc_destroy(mem_ctx);
if (secdesc_ctr) free_sec_desc_buf(&secdesc_ctr);
prs_mem_free(&ps);
return result;
}
int psec_setsec(char *printer)
{
DOM_SID user_sid, group_sid;
SEC_ACE *ace_list = NULL;
SEC_ACL *dacl = NULL;
SEC_DESC *sd;
SEC_DESC_BUF *sdb = NULL;
int result = 0, num_aces = 0;
fstring line, keystr, tdb_path;
size_t size;
prs_struct ps;
TALLOC_CTX *mem_ctx = NULL;
BOOL has_user_sid = False, has_group_sid = False;
ZERO_STRUCT(ps);
/* Open tdb for reading */
slprintf(tdb_path, sizeof(tdb_path) - 1, "%s/ntdrivers.tdb",
lp_lockdir());
tdb = tdb_open(tdb_path, 0, 0, O_RDWR, 0600);
if (!tdb) {
printf("psec: failed to open nt drivers database: %s\n",
sys_errlist[errno]);
result = 1;
goto done;
}
/* Read owner and group sid */
fgets(line, sizeof(fstring), stdin);
if (line[0] != '\n') {
string_to_sid(&user_sid, line);
has_user_sid = True;
}
fgets(line, sizeof(fstring), stdin);
if (line[0] != '\n') {
string_to_sid(&group_sid, line);
has_group_sid = True;
}
/* Read ACEs from standard input for discretionary ACL */
while(fgets(line, sizeof(fstring), stdin)) {
int ace_type, ace_flags;
uint32 ace_mask;
fstring sidstr;
DOM_SID sid;
SEC_ACCESS sa;
if (sscanf(line, "%d %d 0x%x %s", &ace_type, &ace_flags,
&ace_mask, sidstr) != 4) {
continue;
}
string_to_sid(&sid, sidstr);
ace_list = Realloc(ace_list, sizeof(SEC_ACE) *
(num_aces + 1));
init_sec_access(&sa, ace_mask);
init_sec_ace(&ace_list[num_aces], &sid, ace_type, sa,
ace_flags);
num_aces++;
}
dacl = make_sec_acl(ACL_REVISION, num_aces, ace_list);
free(ace_list);
/* Create security descriptor */
sd = make_sec_desc(SEC_DESC_REVISION,
has_user_sid ? &user_sid : NULL,
has_group_sid ? &group_sid : NULL,
NULL, /* System ACL */
dacl, /* Discretionary ACL */
&size);
free_sec_acl(&dacl);
sdb = make_sec_desc_buf(size, sd);
free_sec_desc(&sd);
/* Write security descriptor to tdb */
mem_ctx = talloc_init();
if (!mem_ctx) {
printf("memory allocation error\n");
result = 1;
goto done;
}
prs_init(&ps, (uint32)sec_desc_size(sdb->sec) +
sizeof(SEC_DESC_BUF), 4, mem_ctx, MARSHALL);
if (!sec_io_desc_buf("nt_printing_setsec", &sdb, &ps, 1)) {
printf("sec_io_desc_buf failed\n");
goto done;
}
slprintf(keystr, sizeof(keystr) - 1, "SECDESC/%s", printer);
if (!tdb_prs_store(tdb, keystr, &ps)==0) {
printf("Failed to store secdesc for %s\n", printer);
goto done;
}
done:
if (tdb) tdb_close(tdb);
if (sdb) free_sec_desc_buf(&sdb);
if (mem_ctx) talloc_destroy(mem_ctx);
prs_mem_free(&ps);
return result;
}
