static bool spoolss_access_setup_sd(struct torture_context *tctx,
struct dcerpc_pipe *p,
const char *printername,
const struct dom_sid *user_sid,
struct security_descriptor **sd_orig)
{
struct dcerpc_binding_handle *b = p->binding_handle;
struct policy_handle handle;
union spoolss_PrinterInfo info;
struct spoolss_SetPrinterInfoCtr info_ctr;
struct spoolss_SetPrinterInfo3 info3;
struct spoolss_DevmodeContainer devmode_ctr;
struct sec_desc_buf secdesc_ctr;
struct security_ace *ace;
struct security_descriptor *sd;
torture_assert(tctx,
test_openprinter_handle(tctx, p, "", printername, "", SEC_FLAG_MAXIMUM_ALLOWED, WERR_OK, &handle),
"failed to open printer");
torture_assert(tctx,
test_GetPrinter_level(tctx, b, &handle, 3, &info),
"failed to get sd");
sd = security_descriptor_copy(tctx, info.info3.secdesc);
*sd_orig = security_descriptor_copy(tctx, info.info3.secdesc);
ace = talloc_zero(tctx, struct security_ace);
ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace->flags = 0;
ace->access_mask = PRINTER_ALL_ACCESS;
ace->trustee = *user_sid;
torture_assert_ntstatus_ok(tctx,
security_descriptor_dacl_add(sd, ace),
"failed to add new ace");
ace = talloc_zero(tctx, struct security_ace);
ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
ace->flags = SEC_ACE_FLAG_OBJECT_INHERIT |
SEC_ACE_FLAG_CONTAINER_INHERIT |
SEC_ACE_FLAG_INHERIT_ONLY;
ace->access_mask = SEC_GENERIC_ALL;
ace->trustee = *user_sid;
torture_assert_ntstatus_ok(tctx,
security_descriptor_dacl_add(sd, ace),
"failed to add new ace");
ZERO_STRUCT(info3);
ZERO_STRUCT(info_ctr);
ZERO_STRUCT(devmode_ctr);
ZERO_STRUCT(secdesc_ctr);
info_ctr.level = 3;
info_ctr.info.info3 = &info3;
secdesc_ctr.sd = sd;
torture_assert(tctx,
test_SetPrinter(tctx, b, &handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),
"failed to set sd");
return true;
}
static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
REGF_NK_REC *parent, REGF_FILE *outfile,
const char *parentpath )
{
REGF_NK_REC *key, *subkey;
struct security_descriptor *new_sd;
struct regval_ctr *values;
struct regsubkey_ctr *subkeys;
int i;
char *path;
WERROR werr;
/* swap out the SIDs in the security descriptor */
if (nk->sec_desc->sec_desc == NULL) {
fprintf(stderr, "Invalid (NULL) security descriptor!\n");
return false;
}
new_sd = security_descriptor_copy(outfile->mem_ctx,
nk->sec_desc->sec_desc);
if (new_sd == NULL) {
fprintf(stderr, "Failed to copy security descriptor!\n");
return False;
}
verbose_output("ACL for %s%s%s\n", parentpath, parent ? "\\" : "", nk->keyname);
swap_sid_in_acl( new_sd, &old_sid, &new_sid );
werr = regsubkey_ctr_init(NULL, &subkeys);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
return False;
}
werr = regval_ctr_init(subkeys, &values);
if (!W_ERROR_IS_OK(werr)) {
TALLOC_FREE( subkeys );
DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
return False;
}
/* copy values into the struct regval_ctr */
for ( i=0; i<nk->num_values; i++ ) {
regval_ctr_addvalue( values, nk->values[i].valuename, nk->values[i].type,
nk->values[i].data, (nk->values[i].data_size & ~VK_DATA_IN_OFFSET) );
}
/* copy subkeys into the struct regsubkey_ctr */
while ( (subkey = regfio_fetch_subkey( infile, nk )) ) {
regsubkey_ctr_addkey( subkeys, subkey->keyname );
}
key = regfio_write_key( outfile, nk->keyname, values, subkeys, new_sd, parent );
/* write each one of the subkeys out */
path = talloc_asprintf(subkeys, "%s%s%s",
parentpath, parent ? "\\" : "",nk->keyname);
if (!path) {
TALLOC_FREE( subkeys );
return false;
}
nk->subkey_index = 0;
while ((subkey = regfio_fetch_subkey(infile, nk))) {
if (!copy_registry_tree( infile, subkey, key, outfile, path)) {
TALLOC_FREE(subkeys);
return false;
}
}
/* values is a talloc()'d child of subkeys here so just throw it all away */
TALLOC_FREE( subkeys );
verbose_output("[%s]\n", path);
return True;
}