static bool spoolss_access_setup_sd(struct torture_context *tctx, struct dcerpc_pipe *p, const char *printername, const struct dom_sid *user_sid, struct security_descriptor **sd_orig) { struct dcerpc_binding_handle *b = p->binding_handle; struct policy_handle handle; union spoolss_PrinterInfo info; struct spoolss_SetPrinterInfoCtr info_ctr; struct spoolss_SetPrinterInfo3 info3; struct spoolss_DevmodeContainer devmode_ctr; struct sec_desc_buf secdesc_ctr; struct security_ace *ace; struct security_descriptor *sd; torture_assert(tctx, test_openprinter_handle(tctx, p, "", printername, "", SEC_FLAG_MAXIMUM_ALLOWED, WERR_OK, &handle), "failed to open printer"); torture_assert(tctx, test_GetPrinter_level(tctx, b, &handle, 3, &info), "failed to get sd"); sd = security_descriptor_copy(tctx, info.info3.secdesc); *sd_orig = security_descriptor_copy(tctx, info.info3.secdesc); ace = talloc_zero(tctx, struct security_ace); ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace->flags = 0; ace->access_mask = PRINTER_ALL_ACCESS; ace->trustee = *user_sid; torture_assert_ntstatus_ok(tctx, security_descriptor_dacl_add(sd, ace), "failed to add new ace"); ace = talloc_zero(tctx, struct security_ace); ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace->flags = SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_CONTAINER_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY; ace->access_mask = SEC_GENERIC_ALL; ace->trustee = *user_sid; torture_assert_ntstatus_ok(tctx, security_descriptor_dacl_add(sd, ace), "failed to add new ace"); ZERO_STRUCT(info3); ZERO_STRUCT(info_ctr); ZERO_STRUCT(devmode_ctr); ZERO_STRUCT(secdesc_ctr); info_ctr.level = 3; info_ctr.info.info3 = &info3; secdesc_ctr.sd = sd; torture_assert(tctx, test_SetPrinter(tctx, b, &handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0), "failed to set sd"); return true; }
static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk, REGF_NK_REC *parent, REGF_FILE *outfile, const char *parentpath ) { REGF_NK_REC *key, *subkey; struct security_descriptor *new_sd; struct regval_ctr *values; struct regsubkey_ctr *subkeys; int i; char *path; WERROR werr; /* swap out the SIDs in the security descriptor */ if (nk->sec_desc->sec_desc == NULL) { fprintf(stderr, "Invalid (NULL) security descriptor!\n"); return false; } new_sd = security_descriptor_copy(outfile->mem_ctx, nk->sec_desc->sec_desc); if (new_sd == NULL) { fprintf(stderr, "Failed to copy security descriptor!\n"); return False; } verbose_output("ACL for %s%s%s\n", parentpath, parent ? "\\" : "", nk->keyname); swap_sid_in_acl( new_sd, &old_sid, &new_sid ); werr = regsubkey_ctr_init(NULL, &subkeys); if (!W_ERROR_IS_OK(werr)) { DEBUG(0,("copy_registry_tree: talloc() failure!\n")); return False; } werr = regval_ctr_init(subkeys, &values); if (!W_ERROR_IS_OK(werr)) { TALLOC_FREE( subkeys ); DEBUG(0,("copy_registry_tree: talloc() failure!\n")); return False; } /* copy values into the struct regval_ctr */ for ( i=0; i<nk->num_values; i++ ) { regval_ctr_addvalue( values, nk->values[i].valuename, nk->values[i].type, nk->values[i].data, (nk->values[i].data_size & ~VK_DATA_IN_OFFSET) ); } /* copy subkeys into the struct regsubkey_ctr */ while ( (subkey = regfio_fetch_subkey( infile, nk )) ) { regsubkey_ctr_addkey( subkeys, subkey->keyname ); } key = regfio_write_key( outfile, nk->keyname, values, subkeys, new_sd, parent ); /* write each one of the subkeys out */ path = talloc_asprintf(subkeys, "%s%s%s", parentpath, parent ? "\\" : "",nk->keyname); if (!path) { TALLOC_FREE( subkeys ); return false; } nk->subkey_index = 0; while ((subkey = regfio_fetch_subkey(infile, nk))) { if (!copy_registry_tree( infile, subkey, key, outfile, path)) { TALLOC_FREE(subkeys); return false; } } /* values is a talloc()'d child of subkeys here so just throw it all away */ TALLOC_FREE( subkeys ); verbose_output("[%s]\n", path); return True; }