SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc)
{
SEC_DESC_BUF *dst;
if((dst = TALLOC_ZERO_P(ctx, SEC_DESC_BUF)) == NULL)
return NULL;
/* max buffer size (allocated size) */
dst->sd_size = (uint32)len;
if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) {
return NULL;
}
return dst;
}
static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, const struct security_descriptor *psd)
{
NTSTATUS status;
DATA_BLOB blob;
if (DEBUGLEVEL >= 10) {
DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n",
fsp->fsp_name));
NDR_PRINT_DEBUG(security_descriptor,
CONST_DISCARD(struct security_descriptor *,psd));
}
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* Ensure owner and group are set. */
if (!psd->owner_sid || !psd->group_sid) {
int ret;
SMB_STRUCT_STAT sbuf;
DOM_SID owner_sid, group_sid;
struct security_descriptor *nc_psd = dup_sec_desc(talloc_tos(), psd);
if (!nc_psd) {
return NT_STATUS_OK;
}
if (fsp->is_directory || fsp->fh->fd == -1) {
if (fsp->posix_open) {
ret = SMB_VFS_LSTAT(fsp->conn,fsp->fsp_name, &sbuf);
} else {
ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf);
}
} else {
ret = SMB_VFS_FSTAT(fsp, &sbuf);
}
if (ret == -1) {
/* Lower level acl set succeeded,
* so still return OK. */
return NT_STATUS_OK;
}
create_file_sids(&sbuf, &owner_sid, &group_sid);
/* This is safe as nc_psd is discarded at fn exit. */
nc_psd->owner_sid = &owner_sid;
nc_psd->group_sid = &group_sid;
security_info_sent |= (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION);
psd = nc_psd;
}
#if 0
if ((security_info_sent & DACL_SECURITY_INFORMATION) &&
psd->dacl != NULL &&
(psd->type & (SE_DESC_DACL_AUTO_INHERITED|
SE_DESC_DACL_AUTO_INHERIT_REQ))==
(SE_DESC_DACL_AUTO_INHERITED|
SE_DESC_DACL_AUTO_INHERIT_REQ) ) {
struct security_descriptor *new_psd = NULL;
status = append_parent_acl(fsp, psd, &new_psd);
if (!NT_STATUS_IS_OK(status)) {
/* Lower level acl set succeeded,
* so still return OK. */
return NT_STATUS_OK;
}
psd = new_psd;
}
#endif
if (DEBUGLEVEL >= 10) {
DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n",
fsp->fsp_name));
NDR_PRINT_DEBUG(security_descriptor,
CONST_DISCARD(struct security_descriptor *,psd));
}
create_acl_blob(psd, &blob);
store_acl_blob_fsp(handle, fsp, &blob);
return NT_STATUS_OK;
}
static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
REGF_NK_REC *parent, REGF_FILE *outfile,
const char *parentpath )
{
REGF_NK_REC *key, *subkey;
struct security_descriptor *new_sd;
struct regval_ctr *values;
struct regsubkey_ctr *subkeys;
int i;
char *path;
WERROR werr;
/* swap out the SIDs in the security descriptor */
if ( !(new_sd = dup_sec_desc( outfile->mem_ctx, nk->sec_desc->sec_desc )) ) {
fprintf( stderr, "Failed to copy security descriptor!\n" );
return False;
}
verbose_output("ACL for %s%s%s\n", parentpath, parent ? "\\" : "", nk->keyname);
swap_sid_in_acl( new_sd, &old_sid, &new_sid );
werr = regsubkey_ctr_init(NULL, &subkeys);
if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
return False;
}
werr = regval_ctr_init(subkeys, &values);
if (!W_ERROR_IS_OK(werr)) {
TALLOC_FREE( subkeys );
DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
return False;
}
/* copy values into the struct regval_ctr */
for ( i=0; i<nk->num_values; i++ ) {
regval_ctr_addvalue( values, nk->values[i].valuename, nk->values[i].type,
nk->values[i].data, (nk->values[i].data_size & ~VK_DATA_IN_OFFSET) );
}
/* copy subkeys into the struct regsubkey_ctr */
while ( (subkey = regfio_fetch_subkey( infile, nk )) ) {
regsubkey_ctr_addkey( subkeys, subkey->keyname );
}
key = regfio_write_key( outfile, nk->keyname, values, subkeys, new_sd, parent );
/* write each one of the subkeys out */
path = talloc_asprintf(subkeys, "%s%s%s",
parentpath, parent ? "\\" : "",nk->keyname);
if (!path) {
TALLOC_FREE( subkeys );
return false;
}
nk->subkey_index = 0;
while ((subkey = regfio_fetch_subkey(infile, nk))) {
if (!copy_registry_tree( infile, subkey, key, outfile, path)) {
TALLOC_FREE(subkeys);
return false;
}
}
verbose_output("[%s]\n", path);
/* values is a talloc()'d child of subkeys here so just throw it all away */
TALLOC_FREE(subkeys);
return True;
}
