sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-17 02:05:21 +03:00
Code
samba-mirror/source4/libcli/raw/rawacl.c

159 lines
4.5 KiB
C
Raw Normal View History

- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
/*
Unix SMB/CIFS implementation.
ACL get/set operations
r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file (This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
2004-11-18 01:02:27 +00:00
Copyright (C) Andrew Tridgell 2003-2004
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
r3810: create a LIB_SECURITY subsystem - move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
2004-11-17 14:35:29 +00:00
#include "librpc/gen_ndr/ndr_security.h"
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
/****************************************************************************
fetch file ACL (async send)
****************************************************************************/
r1654: rename cli_ -> smbcli_ rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2004-08-04 13:23:35 +00:00
struct smbcli_request *smb_raw_query_secdesc_send(struct smbcli_tree *tree,
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
union smb_fileinfo *io)
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
{
struct smb_nttrans nt;
r890: convert samba4 to use [u]int8_t instead of [u]int8 metze (This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
2004-05-25 17:50:17 +00:00
uint8_t params[8];
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
nt.in.max_setup = 0;
nt.in.max_param = 4;
r4316: - now that the trans2 code properly supports multi-part requests, we can set a maximum sized max_data in libcli trans2 code - fixed string termination in the EA_LIST trans2 findfirst level (This used to be commit a2a5f147f4faac8a48ff8f1b3e5f1334c92575bb)
2004-12-21 11:47:08 +00:00
nt.in.max_data = 0xFFFF;
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
nt.in.setup_count = 0;
nt.in.function = NT_TRANSACT_QUERY_SECURITY_DESC;
nt.in.setup = NULL;
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
SSVAL(params, 0, io->query_secdesc.in.fnum);
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
SSVAL(params, 2, 0); /* padding */
r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machines Thanks to lars and agruen for finding this (This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
2005-04-14 13:19:40 +00:00
SIVAL(params, 4, io->query_secdesc.secinfo_flags);
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
nt.in.params.data = params;
nt.in.params.length = 8;
nt.in.data = data_blob(NULL, 0);
return smb_raw_nttrans_send(tree, &nt);
}
/****************************************************************************
fetch file ACL (async recv)
****************************************************************************/
r1654: rename cli_ -> smbcli_ rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2004-08-04 13:23:35 +00:00
NTSTATUS smb_raw_query_secdesc_recv(struct smbcli_request *req,
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
TALLOC_CTX *mem_ctx,
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
union smb_fileinfo *io)
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
{
NTSTATUS status;
struct smb_nttrans nt;
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
struct ndr_pull *ndr;
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
status = smb_raw_nttrans_recv(req, mem_ctx, &nt);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
/* check that the basics are valid */
if (nt.out.params.length != 4 ||
IVAL(nt.out.params.data, 0) > nt.out.data.length) {
return NT_STATUS_INVALID_PARAMETER;
}
nt.out.data.length = IVAL(nt.out.params.data, 0);
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
ndr = ndr_pull_init_blob(&nt.out.data, mem_ctx);
if (!ndr) {
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
return NT_STATUS_INVALID_PARAMETER;
}
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 07:08:20 +00:00
io->query_secdesc.out.sd = talloc(mem_ctx, struct security_descriptor);
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
if (!io->query_secdesc.out.sd) {
- corrected some lsa idl - updated lsa parse code from pidl (This used to be commit 3983b2aee77b0e093847bfc02e02b83ab281f5dd)
2003-11-08 11:21:57 +00:00
return NT_STATUS_NO_MEMORY;
}
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
status = ndr_pull_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS,
io->query_secdesc.out.sd);
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
r1883: I don't know why this was broken... tridge: can you please check if this is correct, I have only compiled it, but haven'T run it. metze (This used to be commit d3123c2e7357d8db4dce9e0253ac405318d05c48)
2004-08-18 13:43:53 +00:00
return status;
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
}
/****************************************************************************
fetch file ACL (sync interface)
****************************************************************************/
r1654: rename cli_ -> smbcli_ rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2004-08-04 13:23:35 +00:00
NTSTATUS smb_raw_query_secdesc(struct smbcli_tree *tree,
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
TALLOC_CTX *mem_ctx,
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
union smb_fileinfo *io)
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
{
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
struct smbcli_request *req = smb_raw_query_secdesc_send(tree, io);
return smb_raw_query_secdesc_recv(req, mem_ctx, io);
- a few portability fixes from Jim Myers - added SMBD_LISTEN_BACKLOG in local.h - added the beginnings of a ndr/rpc parsing framework for Samba4. It currently correctly parses security descriptors for the nttrans QUERY_SECDESC call, but I hope it will become a reasonable framework that an idl based generator can work to (This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
2003-10-30 08:32:26 +00:00
}
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
/****************************************************************************
set file ACL (async send)
****************************************************************************/
r1654: rename cli_ -> smbcli_ rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2004-08-04 13:23:35 +00:00
struct smbcli_request *smb_raw_set_secdesc_send(struct smbcli_tree *tree,
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
union smb_setfileinfo *io)
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
{
struct smb_nttrans nt;
r890: convert samba4 to use [u]int8_t instead of [u]int8 metze (This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
2004-05-25 17:50:17 +00:00
uint8_t params[8];
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
struct ndr_push *ndr;
r1654: rename cli_ -> smbcli_ rename CLI_ -> SMBCLI_ metze (This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
2004-08-04 13:23:35 +00:00
struct smbcli_request *req;
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
NTSTATUS status;
nt.in.max_setup = 0;
nt.in.max_param = 0;
nt.in.max_data = 0;
nt.in.setup_count = 0;
nt.in.function = NT_TRANSACT_SET_SECURITY_DESC;
nt.in.setup = NULL;
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
SSVAL(params, 0, io->set_secdesc.file.fnum);
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
SSVAL(params, 2, 0); /* padding */
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
SIVAL(params, 4, io->set_secdesc.in.secinfo_flags);
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
nt.in.params.data = params;
nt.in.params.length = 8;
ndr = ndr_push_init();
if (!ndr) return NULL;
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
status = ndr_push_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, io->set_secdesc.in.sd);
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
if (!NT_STATUS_IS_OK(status)) {
ndr_push_free(ndr);
return NULL;
}
r1883: I don't know why this was broken... tridge: can you please check if this is correct, I have only compiled it, but haven'T run it. metze (This used to be commit d3123c2e7357d8db4dce9e0253ac405318d05c48)
2004-08-18 13:43:53 +00:00
a major revamp of the low level dcerpc code in samba4, We can now do a successful LSA OpenPolicy using smbtorture (This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
2003-11-03 06:22:45 +00:00
nt.in.data = ndr_push_blob(ndr);
req = smb_raw_nttrans_send(tree, &nt);
ndr_push_free(ndr);
return req;
}
r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file (This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
2004-11-18 01:02:27 +00:00
/****************************************************************************
set file ACL (sync interface)
****************************************************************************/
NTSTATUS smb_raw_set_secdesc(struct smbcli_tree *tree,
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
union smb_setfileinfo *io)
r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file (This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
2004-11-18 01:02:27 +00:00
{
r3830: unified the query/set security descriptor code with the rest of the queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2004-11-18 01:41:43 +00:00
struct smbcli_request *req = smb_raw_set_secdesc_send(tree, io);
r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file (This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
2004-11-18 01:02:27 +00:00
return smbcli_request_simple_recv(req);
}
Copy Permalink