2000-12-03 02:18:14 +00:00
/*
2002-01-30 06:08:46 +00:00
Unix SMB / CIFS implementation .
2000-12-03 02:18:14 +00:00
client security descriptor functions
Copyright ( C ) Andrew Tridgell 2000
2011-01-15 16:07:31 +01:00
2000-12-03 02:18:14 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2000-12-03 02:18:14 +00:00
( at your option ) any later version .
2011-01-15 16:07:31 +01:00
2000-12-03 02:18:14 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2011-01-15 16:07:31 +01:00
2000-12-03 02:18:14 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2000-12-03 02:18:14 +00:00
*/
# include "includes.h"
2011-05-06 11:47:43 +02:00
# include "libsmb/libsmb.h"
2011-05-30 13:23:56 +10:00
# include "../libcli/security/secdesc.h"
2013-08-08 11:00:08 -07:00
# include "../libcli/smb/smbXcli_base.h"
2000-12-03 02:18:14 +00:00
2012-11-30 13:52:53 +01:00
NTSTATUS cli_query_security_descriptor ( struct cli_state * cli ,
uint16_t fnum ,
uint32_t sec_info ,
TALLOC_CTX * mem_ctx ,
struct security_descriptor * * sd )
2011-07-22 15:11:31 +02:00
{
uint8_t param [ 8 ] ;
uint8_t * rdata = NULL ;
uint32_t rdata_count = 0 ;
NTSTATUS status ;
struct security_descriptor * lsd ;
2013-08-08 11:00:08 -07:00
if ( smbXcli_conn_protocol ( cli - > conn ) > = PROTOCOL_SMB2_02 ) {
return cli_smb2_query_security_descriptor ( cli ,
fnum ,
sec_info ,
mem_ctx ,
sd ) ;
}
2011-07-22 15:11:31 +02:00
SIVAL ( param , 0 , fnum ) ;
2012-11-30 13:52:53 +01:00
SIVAL ( param , 4 , sec_info ) ;
2011-07-22 15:11:31 +02:00
status = cli_trans ( talloc_tos ( ) , cli , SMBnttrans ,
NULL , - 1 , /* name, fid */
NT_TRANSACT_QUERY_SECURITY_DESC , 0 , /* function, flags */
NULL , 0 , 0 , /* setup, length, max */
param , 8 , 4 , /* param, length, max */
NULL , 0 , 0x10000 , /* data, length, max */
NULL , /* recv_flags2 */
NULL , 0 , NULL , /* rsetup, length */
NULL , 0 , NULL ,
& rdata , 0 , & rdata_count ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " NT_TRANSACT_QUERY_SECURITY_DESC failed: %s \n " ,
nt_errstr ( status ) ) ) ;
goto cleanup ;
}
2015-05-09 16:59:45 -07:00
status = unmarshall_sec_desc ( mem_ctx , ( uint8_t * ) rdata , rdata_count ,
2011-07-22 15:11:31 +02:00
& lsd ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 10 , ( " unmarshall_sec_desc failed: %s \n " ,
nt_errstr ( status ) ) ) ;
goto cleanup ;
}
if ( sd ! = NULL ) {
* sd = lsd ;
} else {
TALLOC_FREE ( lsd ) ;
}
cleanup :
TALLOC_FREE ( rdata ) ;
return status ;
}
2012-11-30 13:52:53 +01:00
NTSTATUS cli_query_secdesc ( struct cli_state * cli , uint16_t fnum ,
TALLOC_CTX * mem_ctx , struct security_descriptor * * sd )
{
uint32_t sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL ;
return cli_query_security_descriptor ( cli , fnum , sec_info , mem_ctx , sd ) ;
}
2000-12-03 07:36:15 +00:00
/****************************************************************************
set the security descriptor for a open file
2001-07-05 08:24:03 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2012-11-30 13:52:53 +01:00
NTSTATUS cli_set_security_descriptor ( struct cli_state * cli ,
uint16_t fnum ,
uint32_t sec_info ,
const struct security_descriptor * sd )
2000-12-03 07:36:15 +00:00
{
2011-01-15 16:20:37 +01:00
uint8_t param [ 8 ] ;
2015-05-09 16:59:45 -07:00
uint8_t * data ;
2007-12-29 22:47:03 +01:00
size_t len ;
NTSTATUS status ;
2013-08-08 11:00:49 -07:00
if ( smbXcli_conn_protocol ( cli - > conn ) > = PROTOCOL_SMB2_02 ) {
return cli_smb2_set_security_descriptor ( cli ,
fnum ,
sec_info ,
sd ) ;
}
2007-12-29 22:47:03 +01:00
status = marshall_sec_desc ( talloc_tos ( ) , sd , & data , & len ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 10 , ( " marshall_sec_desc failed: %s \n " ,
nt_errstr ( status ) ) ) ;
2011-01-15 16:20:37 +01:00
return status ;
2000-12-03 07:36:15 +00:00
}
2001-07-05 08:24:03 +00:00
SIVAL ( param , 0 , fnum ) ;
2012-11-30 13:52:53 +01:00
SIVAL ( param , 4 , sec_info ) ;
2000-12-03 07:36:15 +00:00
2011-01-15 16:20:37 +01:00
status = cli_trans ( talloc_tos ( ) , cli , SMBnttrans ,
NULL , - 1 , /* name, fid */
NT_TRANSACT_SET_SECURITY_DESC , 0 ,
NULL , 0 , 0 , /* setup */
param , 8 , 0 , /* param */
data , len , 0 , /* data */
NULL , /* recv_flags2 */
NULL , 0 , NULL , /* rsetup */
NULL , 0 , NULL , /* rparam */
NULL , 0 , NULL ) ; /* rdata */
TALLOC_FREE ( data ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " Failed to send NT_TRANSACT_SET_SECURITY_DESC: %s \n " ,
nt_errstr ( status ) ) ) ;
2000-12-03 07:36:15 +00:00
}
2011-01-15 16:20:37 +01:00
return status ;
2000-12-03 07:36:15 +00:00
}
2012-11-30 13:52:53 +01:00
NTSTATUS cli_set_secdesc ( struct cli_state * cli , uint16_t fnum ,
const struct security_descriptor * sd )
{
uint32_t sec_info = 0 ;
if ( sd - > dacl | | ( sd - > type & SEC_DESC_DACL_PRESENT ) ) {
sec_info | = SECINFO_DACL ;
}
if ( sd - > sacl | | ( sd - > type & SEC_DESC_SACL_PRESENT ) ) {
sec_info | = SECINFO_SACL ;
}
if ( sd - > owner_sid ) {
sec_info | = SECINFO_OWNER ;
}
if ( sd - > group_sid ) {
sec_info | = SECINFO_GROUP ;
}
return cli_set_security_descriptor ( cli , fnum , sec_info , sd ) ;
}