SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename, size_t *psize) { prs_struct ps; fstring key; SEC_DESC *psd = NULL; if (!share_info_db_init()) { return NULL; } *psize = 0; /* Fetch security descriptor from tdb */ slprintf(key, sizeof(key)-1, "SECDESC/%s", servicename); if (tdb_prs_fetch(share_tdb, key, &ps, ctx)!=0 || !sec_io_desc("get_share_security", &psd, &ps, 1)) { DEBUG(4, ("get_share_security: using default secdesc for %s\n", servicename)); return get_share_security_default(ctx, psize, GENERIC_ALL_ACCESS); } if (psd) *psize = sec_desc_size(psd); prs_mem_free(&ps); return psd; }
BOOL smb_io_relsecdesc(const char *desc, RPC_BUFFER *buffer, int depth, SEC_DESC **secdesc) { prs_struct *ps= &buffer->prs; prs_debug(ps, depth, desc, "smb_io_relsecdesc"); depth++; if (MARSHALLING(ps)) { uint32 struct_offset = prs_offset(ps); uint32 relative_offset; if (! *secdesc) { relative_offset = 0; if (!prs_uint32("offset", ps, depth, &relative_offset)) return False; return True; } if (*secdesc != NULL) { buffer->string_at_end -= sec_desc_size(*secdesc); if(!prs_set_offset(ps, buffer->string_at_end)) return False; /* write the secdesc */ if (!sec_io_desc(desc, secdesc, ps, depth)) return False; if(!prs_set_offset(ps, struct_offset)) return False; } relative_offset=buffer->string_at_end - buffer->struct_start; /* write its offset */ if (!prs_uint32("offset", ps, depth, &relative_offset)) return False; } else { uint32 old_offset; /* read the offset */ if (!prs_uint32("offset", ps, depth, &buffer->string_at_end)) return False; old_offset = prs_offset(ps); if(!prs_set_offset(ps, buffer->string_at_end + buffer->struct_start)) return False; /* read the sd */ if (!sec_io_desc(desc, secdesc, ps, depth)) return False; if(!prs_set_offset(ps, old_offset)) return False; } return True; }
BOOL set_share_security(const char *share_name, SEC_DESC *psd) { prs_struct ps; TALLOC_CTX *mem_ctx = NULL; fstring key; BOOL ret = False; if (!share_info_db_init()) { return False; } mem_ctx = talloc_init("set_share_security"); if (mem_ctx == NULL) return False; prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL); if (!sec_io_desc("share_security", &psd, &ps, 1)) goto out; slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name); if (tdb_prs_store(share_tdb, key, &ps)==0) { ret = True; DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name )); } else { DEBUG(1,("set_share_security: Failed to store secdesc for %s\n", share_name )); } /* Free malloc'ed memory */ out: prs_mem_free(&ps); if (mem_ctx) talloc_destroy(mem_ctx); return ret; }
int psec_setsec(char *printer) { DOM_SID user_sid, group_sid; SEC_ACE *ace_list = NULL; SEC_ACL *dacl = NULL; SEC_DESC *sd; SEC_DESC_BUF *sdb = NULL; int result = 0, num_aces = 0; fstring line, keystr, tdb_path; size_t size; prs_struct ps; TALLOC_CTX *mem_ctx = NULL; BOOL has_user_sid = False, has_group_sid = False; ZERO_STRUCT(ps); /* Open tdb for reading */ slprintf(tdb_path, sizeof(tdb_path) - 1, "%s/ntdrivers.tdb", lp_lockdir()); tdb = tdb_open(tdb_path, 0, 0, O_RDWR, 0600); if (!tdb) { printf("psec: failed to open nt drivers database: %s\n", sys_errlist[errno]); result = 1; goto done; } /* Read owner and group sid */ fgets(line, sizeof(fstring), stdin); if (line[0] != '\n') { string_to_sid(&user_sid, line); has_user_sid = True; } fgets(line, sizeof(fstring), stdin); if (line[0] != '\n') { string_to_sid(&group_sid, line); has_group_sid = True; } /* Read ACEs from standard input for discretionary ACL */ while(fgets(line, sizeof(fstring), stdin)) { int ace_type, ace_flags; uint32 ace_mask; fstring sidstr; DOM_SID sid; SEC_ACCESS sa; if (sscanf(line, "%d %d 0x%x %s", &ace_type, &ace_flags, &ace_mask, sidstr) != 4) { continue; } string_to_sid(&sid, sidstr); ace_list = Realloc(ace_list, sizeof(SEC_ACE) * (num_aces + 1)); init_sec_access(&sa, ace_mask); init_sec_ace(&ace_list[num_aces], &sid, ace_type, sa, ace_flags); num_aces++; } dacl = make_sec_acl(ACL_REVISION, num_aces, ace_list); free(ace_list); /* Create security descriptor */ sd = make_sec_desc(SEC_DESC_REVISION, has_user_sid ? &user_sid : NULL, has_group_sid ? &group_sid : NULL, NULL, /* System ACL */ dacl, /* Discretionary ACL */ &size); free_sec_acl(&dacl); sdb = make_sec_desc_buf(size, sd); free_sec_desc(&sd); /* Write security descriptor to tdb */ mem_ctx = talloc_init(); if (!mem_ctx) { printf("memory allocation error\n"); result = 1; goto done; } prs_init(&ps, (uint32)sec_desc_size(sdb->sec) + sizeof(SEC_DESC_BUF), 4, mem_ctx, MARSHALL); if (!sec_io_desc_buf("nt_printing_setsec", &sdb, &ps, 1)) { printf("sec_io_desc_buf failed\n"); goto done; } slprintf(keystr, sizeof(keystr) - 1, "SECDESC/%s", printer); if (!tdb_prs_store(tdb, keystr, &ps)==0) { printf("Failed to store secdesc for %s\n", printer); goto done; } done: if (tdb) tdb_close(tdb); if (sdb) free_sec_desc_buf(&sdb); if (mem_ctx) talloc_destroy(mem_ctx); prs_mem_free(&ps); return result; }