struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *servicename, size_t *psize) { char *key; struct security_descriptor *psd = NULL; TDB_DATA data; char *c_servicename = canonicalize_servicename(talloc_tos(), servicename); NTSTATUS status; if (!c_servicename) { return NULL; } if (!share_info_db_init()) { TALLOC_FREE(c_servicename); return NULL; } if (!(key = talloc_asprintf(ctx, SHARE_SECURITY_DB_KEY_PREFIX_STR "%s", c_servicename))) { TALLOC_FREE(c_servicename); DEBUG(0, ("talloc_asprintf failed\n")); return NULL; } TALLOC_FREE(c_servicename); status = dbwrap_fetch_bystring(share_db, talloc_tos(), key, &data); TALLOC_FREE(key); if (!NT_STATUS_IS_OK(status)) { return get_share_security_default(ctx, psize, SEC_RIGHTS_DIR_ALL); } status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd); TALLOC_FREE(data.dptr); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("unmarshall_sec_desc failed: %s\n", nt_errstr(status))); return get_share_security_default(ctx, psize, SEC_RIGHTS_DIR_ALL); } if (psd) { *psize = ndr_size_security_descriptor(psd, 0); } else { return get_share_security_default(ctx, psize, SEC_RIGHTS_DIR_ALL); } return psd; }
SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, size_t *psize) { prs_struct ps; fstring key; SEC_DESC *psd = NULL; if (!share_info_db_init()) { return NULL; } *psize = 0; /* Fetch security descriptor from tdb */ slprintf(key, sizeof(key)-1, "SECDESC/%s", servicename); if (tdb_prs_fetch(share_tdb, key, &ps, ctx)!=0 || !sec_io_desc("get_share_security", &psd, &ps, 1)) { DEBUG(4, ("get_share_security: using default secdesc for %s\n", servicename)); return get_share_security_default(ctx, psize, GENERIC_ALL_ACCESS); } if (psd) *psize = sec_desc_size(psd); prs_mem_free(&ps); return psd; }
SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, size_t *psize) { char *key; SEC_DESC *psd = NULL; TDB_DATA data; NTSTATUS status; if (!share_info_db_init()) { return NULL; } if (!(key = talloc_asprintf(ctx, "SECDESC/%s", servicename))) { DEBUG(0, ("talloc_asprintf failed\n")); return NULL; } data = dbwrap_fetch_bystring(share_db, talloc_tos(), key); TALLOC_FREE(key); if (data.dptr == NULL) { return get_share_security_default(ctx, psize, GENERIC_ALL_ACCESS); } status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd); TALLOC_FREE(data.dptr); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("unmarshall_sec_desc failed: %s\n", nt_errstr(status))); return NULL; } if (psd) *psize = ndr_size_security_descriptor(psd, NULL, 0); return psd; }
BOOL parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) { size_t s_size = 0; const char *pacl = acl_str; int num_aces = 0; SEC_ACE *ace_list = NULL; SEC_ACL *psa = NULL; SEC_DESC *psd = NULL; size_t sd_size = 0; int i; *ppsd = NULL; /* If the acl string is blank return "Everyone:R" */ if (!*acl_str) { SEC_DESC *default_psd = get_share_security_default(ctx, &s_size, GENERIC_READ_ACCESS); if (!default_psd) { return False; } *ppsd = default_psd; return True; } num_aces = 1; /* Add the number of ',' characters to get the number of aces. */ num_aces += count_chars(pacl,','); ace_list = TALLOC_ARRAY(ctx, SEC_ACE, num_aces); if (!ace_list) { return False; } for (i = 0; i < num_aces; i++) { SEC_ACCESS sa; uint32 g_access; uint32 s_access; DOM_SID sid; fstring sidstr; uint8 type = SEC_ACE_TYPE_ACCESS_ALLOWED; if (!next_token(&pacl, sidstr, ":", sizeof(sidstr))) { DEBUG(0,("parse_usershare_acl: malformed usershare acl looking " "for ':' in string '%s'\n", pacl)); return False; } if (!string_to_sid(&sid, sidstr)) { DEBUG(0,("parse_usershare_acl: failed to convert %s to sid.\n", sidstr )); return False; } switch (*pacl) { case 'F': /* Full Control, ie. R+W */ case 'f': /* Full Control, ie. R+W */ s_access = g_access = GENERIC_ALL_ACCESS; break; case 'R': /* Read only. */ case 'r': /* Read only. */ s_access = g_access = GENERIC_READ_ACCESS; break; case 'D': /* Deny all to this SID. */ case 'd': /* Deny all to this SID. */ type = SEC_ACE_TYPE_ACCESS_DENIED; s_access = g_access = GENERIC_ALL_ACCESS; break; default: DEBUG(0,("parse_usershare_acl: unknown acl type at %s.\n", pacl )); return False; } pacl++; if (*pacl && *pacl != ',') { DEBUG(0,("parse_usershare_acl: bad acl string at %s.\n", pacl )); return False; } pacl++; /* Go past any ',' */ se_map_generic(&s_access, &file_generic_mapping); init_sec_access(&sa, g_access | s_access ); init_sec_ace(&ace_list[i], &sid, type, sa, 0); } if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, num_aces, ace_list)) != NULL) { psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, &sd_size); } if (!psd) { DEBUG(0,("parse_usershare_acl: Failed to make SEC_DESC.\n")); return False; } *ppsd = psd; return True; }