int psec_getsec(char *printer) { SEC_DESC_BUF *secdesc_ctr = NULL; TALLOC_CTX *mem_ctx = NULL; fstring keystr, sidstr, tdb_path; prs_struct ps; int result = 0, i; ZERO_STRUCT(ps); /* Open tdb for reading */ slprintf(tdb_path, sizeof(tdb_path) - 1, "%s/ntdrivers.tdb", lp_lockdir()); tdb = tdb_open(tdb_path, 0, 0, O_RDONLY, 0600); if (!tdb) { printf("psec: failed to open nt drivers database: %s\n", sys_errlist[errno]); return 1; } /* Get security blob from tdb */ slprintf(keystr, sizeof(keystr) - 1, "SECDESC/%s", printer); mem_ctx = talloc_init(); if (!mem_ctx) { printf("memory allocation error\n"); result = 1; goto done; } if (tdb_prs_fetch(tdb, keystr, &ps, mem_ctx) != 0) { printf("error fetching descriptor for printer %s\n", printer); /* cannot do a prs_mem_free() when tdb_prs_fetch fails */ /* as the prs structure has not been initialized */ tdb_close(tdb); talloc_destroy(mem_ctx); return 1; } /* Unpack into security descriptor buffer */ if (!sec_io_desc_buf("nt_printing_getsec", &secdesc_ctr, &ps, 1)) { printf("error unpacking sec_desc_buf\n"); result = 1; goto done; } /* Print owner and group sid */ if (secdesc_ctr->sec->owner_sid) { sid_to_string(sidstr, secdesc_ctr->sec->owner_sid); } else { fstrcpy(sidstr, ""); } printf("%s\n", sidstr); if (secdesc_ctr->sec->grp_sid) { sid_to_string(sidstr, secdesc_ctr->sec->grp_sid); } else { fstrcpy(sidstr, ""); } printf("%s\n", sidstr); /* Print aces */ if (!secdesc_ctr->sec->dacl) { result = 0; goto done; } for (i = 0; i < secdesc_ctr->sec->dacl->num_aces; i++) { SEC_ACE *ace = &secdesc_ctr->sec->dacl->ace[i]; sid_to_string(sidstr, &ace->sid); printf("%d %d 0x%08x %s\n", ace->type, ace->flags, ace->info.mask, sidstr); } done: if (tdb) tdb_close(tdb); if (mem_ctx) talloc_destroy(mem_ctx); if (secdesc_ctr) free_sec_desc_buf(&secdesc_ctr); prs_mem_free(&ps); return result; }
int psec_setsec(char *printer) { DOM_SID user_sid, group_sid; SEC_ACE *ace_list = NULL; SEC_ACL *dacl = NULL; SEC_DESC *sd; SEC_DESC_BUF *sdb = NULL; int result = 0, num_aces = 0; fstring line, keystr, tdb_path; size_t size; prs_struct ps; TALLOC_CTX *mem_ctx = NULL; BOOL has_user_sid = False, has_group_sid = False; ZERO_STRUCT(ps); /* Open tdb for reading */ slprintf(tdb_path, sizeof(tdb_path) - 1, "%s/ntdrivers.tdb", lp_lockdir()); tdb = tdb_open(tdb_path, 0, 0, O_RDWR, 0600); if (!tdb) { printf("psec: failed to open nt drivers database: %s\n", sys_errlist[errno]); result = 1; goto done; } /* Read owner and group sid */ fgets(line, sizeof(fstring), stdin); if (line[0] != '\n') { string_to_sid(&user_sid, line); has_user_sid = True; } fgets(line, sizeof(fstring), stdin); if (line[0] != '\n') { string_to_sid(&group_sid, line); has_group_sid = True; } /* Read ACEs from standard input for discretionary ACL */ while(fgets(line, sizeof(fstring), stdin)) { int ace_type, ace_flags; uint32 ace_mask; fstring sidstr; DOM_SID sid; SEC_ACCESS sa; if (sscanf(line, "%d %d 0x%x %s", &ace_type, &ace_flags, &ace_mask, sidstr) != 4) { continue; } string_to_sid(&sid, sidstr); ace_list = Realloc(ace_list, sizeof(SEC_ACE) * (num_aces + 1)); init_sec_access(&sa, ace_mask); init_sec_ace(&ace_list[num_aces], &sid, ace_type, sa, ace_flags); num_aces++; } dacl = make_sec_acl(ACL_REVISION, num_aces, ace_list); free(ace_list); /* Create security descriptor */ sd = make_sec_desc(SEC_DESC_REVISION, has_user_sid ? &user_sid : NULL, has_group_sid ? &group_sid : NULL, NULL, /* System ACL */ dacl, /* Discretionary ACL */ &size); free_sec_acl(&dacl); sdb = make_sec_desc_buf(size, sd); free_sec_desc(&sd); /* Write security descriptor to tdb */ mem_ctx = talloc_init(); if (!mem_ctx) { printf("memory allocation error\n"); result = 1; goto done; } prs_init(&ps, (uint32)sec_desc_size(sdb->sec) + sizeof(SEC_DESC_BUF), 4, mem_ctx, MARSHALL); if (!sec_io_desc_buf("nt_printing_setsec", &sdb, &ps, 1)) { printf("sec_io_desc_buf failed\n"); goto done; } slprintf(keystr, sizeof(keystr) - 1, "SECDESC/%s", printer); if (!tdb_prs_store(tdb, keystr, &ps)==0) { printf("Failed to store secdesc for %s\n", printer); goto done; } done: if (tdb) tdb_close(tdb); if (sdb) free_sec_desc_buf(&sdb); if (mem_ctx) talloc_destroy(mem_ctx); prs_mem_free(&ps); return result; }