SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc) { SEC_DESC_BUF *dst; if((dst = TALLOC_ZERO_P(ctx, SEC_DESC_BUF)) == NULL) return NULL; /* max buffer size (allocated size) */ dst->sd_size = (uint32)len; if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) { return NULL; } return dst; }
static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd) { NTSTATUS status; DATA_BLOB blob; if (DEBUGLEVEL >= 10) { DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, CONST_DISCARD(struct security_descriptor *,psd)); } status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { return status; } /* Ensure owner and group are set. */ if (!psd->owner_sid || !psd->group_sid) { int ret; SMB_STRUCT_STAT sbuf; DOM_SID owner_sid, group_sid; struct security_descriptor *nc_psd = dup_sec_desc(talloc_tos(), psd); if (!nc_psd) { return NT_STATUS_OK; } if (fsp->is_directory || fsp->fh->fd == -1) { if (fsp->posix_open) { ret = SMB_VFS_LSTAT(fsp->conn,fsp->fsp_name, &sbuf); } else { ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf); } } else { ret = SMB_VFS_FSTAT(fsp, &sbuf); } if (ret == -1) { /* Lower level acl set succeeded, * so still return OK. */ return NT_STATUS_OK; } create_file_sids(&sbuf, &owner_sid, &group_sid); /* This is safe as nc_psd is discarded at fn exit. */ nc_psd->owner_sid = &owner_sid; nc_psd->group_sid = &group_sid; security_info_sent |= (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION); psd = nc_psd; } #if 0 if ((security_info_sent & DACL_SECURITY_INFORMATION) && psd->dacl != NULL && (psd->type & (SE_DESC_DACL_AUTO_INHERITED| SE_DESC_DACL_AUTO_INHERIT_REQ))== (SE_DESC_DACL_AUTO_INHERITED| SE_DESC_DACL_AUTO_INHERIT_REQ) ) { struct security_descriptor *new_psd = NULL; status = append_parent_acl(fsp, psd, &new_psd); if (!NT_STATUS_IS_OK(status)) { /* Lower level acl set succeeded, * so still return OK. */ return NT_STATUS_OK; } psd = new_psd; } #endif if (DEBUGLEVEL >= 10) { DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, CONST_DISCARD(struct security_descriptor *,psd)); } create_acl_blob(psd, &blob); store_acl_blob_fsp(handle, fsp, &blob); return NT_STATUS_OK; }
static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk, REGF_NK_REC *parent, REGF_FILE *outfile, const char *parentpath ) { REGF_NK_REC *key, *subkey; struct security_descriptor *new_sd; struct regval_ctr *values; struct regsubkey_ctr *subkeys; int i; char *path; WERROR werr; /* swap out the SIDs in the security descriptor */ if ( !(new_sd = dup_sec_desc( outfile->mem_ctx, nk->sec_desc->sec_desc )) ) { fprintf( stderr, "Failed to copy security descriptor!\n" ); return False; } verbose_output("ACL for %s%s%s\n", parentpath, parent ? "\\" : "", nk->keyname); swap_sid_in_acl( new_sd, &old_sid, &new_sid ); werr = regsubkey_ctr_init(NULL, &subkeys); if (!W_ERROR_IS_OK(werr)) { DEBUG(0,("copy_registry_tree: talloc() failure!\n")); return False; } werr = regval_ctr_init(subkeys, &values); if (!W_ERROR_IS_OK(werr)) { TALLOC_FREE( subkeys ); DEBUG(0,("copy_registry_tree: talloc() failure!\n")); return False; } /* copy values into the struct regval_ctr */ for ( i=0; i<nk->num_values; i++ ) { regval_ctr_addvalue( values, nk->values[i].valuename, nk->values[i].type, nk->values[i].data, (nk->values[i].data_size & ~VK_DATA_IN_OFFSET) ); } /* copy subkeys into the struct regsubkey_ctr */ while ( (subkey = regfio_fetch_subkey( infile, nk )) ) { regsubkey_ctr_addkey( subkeys, subkey->keyname ); } key = regfio_write_key( outfile, nk->keyname, values, subkeys, new_sd, parent ); /* write each one of the subkeys out */ path = talloc_asprintf(subkeys, "%s%s%s", parentpath, parent ? "\\" : "",nk->keyname); if (!path) { TALLOC_FREE( subkeys ); return false; } nk->subkey_index = 0; while ((subkey = regfio_fetch_subkey(infile, nk))) { if (!copy_registry_tree( infile, subkey, key, outfile, path)) { TALLOC_FREE(subkeys); return false; } } verbose_output("[%s]\n", path); /* values is a talloc()'d child of subkeys here so just throw it all away */ TALLOC_FREE(subkeys); return True; }