sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

Set SD's for share. Added level 1501. Map GENERIC file bits to specific bits.

Browse Source 
Jeremy.
This commit is contained in:
Jeremy Allison
-
parent 2f34e144c5
commit 04976c32f3
4 changed files with 95 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
source/include/proto.h
View File

@ -3765,6 +3765,7 @@ BOOL api_srvsvc_rpc(pipes_struct *p);
/*The following definitions come from rpc_server/srv_srvsvc_nt.c */ /*The following definitions come from rpc_server/srv_srvsvc_nt.c */
BOOL share_info_db_init(void); BOOL share_info_db_init(void);
void map_generic_share_sd_bits(SEC_DESC *psd);
BOOL share_access_check(int snum, uint16 vuid, uint32 desired_access); BOOL share_access_check(int snum, uint16 vuid, uint32 desired_access);
uint32 _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u); uint32 _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u);
uint32 _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u); uint32 _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u);

12
source/include/rpc_srvsvc.h
View File

@ -339,7 +339,6 @@ typedef struct str_share_info502
} SH_INFO_502_STR; } SH_INFO_502_STR;
/* SRV_SHARE_INFO_502 */ /* SRV_SHARE_INFO_502 */
/* SRV_SHARE_INFO_2 */
typedef struct share_info_502_info typedef struct share_info_502_info
{ {
SH_INFO_502 info_502; SH_INFO_502 info_502;
@ -353,6 +352,12 @@ typedef struct share_info_1005_info
uint32 dfs_root_flag; uint32 dfs_root_flag;
} SRV_SHARE_INFO_1005; } SRV_SHARE_INFO_1005;
/* SRV_SHARE_INFO_1501 */
typedef struct share_info_1501_info
{
SEC_DESC_BUF *sdb;
} SRV_SHARE_INFO_1501;
/* SRV_SHARE_INFO_CTR */ /* SRV_SHARE_INFO_CTR */
typedef struct srv_share_info_ctr_info typedef struct srv_share_info_ctr_info
{ {
@ -413,6 +418,8 @@ typedef struct q_net_share_get_info_info
} SRV_Q_NET_SHARE_GET_INFO; } SRV_Q_NET_SHARE_GET_INFO;
/* JRA. NB. We also need level 1004 and 1006 here. */
/* SRV_SHARE_INFO */ /* SRV_SHARE_INFO */
typedef struct srv_share_info { typedef struct srv_share_info {
uint32 switch_value; uint32 switch_value;
@ -423,6 +430,7 @@ typedef struct srv_share_info {
SRV_SHARE_INFO_2 info2; SRV_SHARE_INFO_2 info2;
SRV_SHARE_INFO_502 info502; SRV_SHARE_INFO_502 info502;
SRV_SHARE_INFO_1005 info1005; SRV_SHARE_INFO_1005 info1005;
SRV_SHARE_INFO_1501 info1501;
} share; } share;
} SRV_SHARE_INFO; } SRV_SHARE_INFO;
@ -434,8 +442,6 @@ typedef struct r_net_share_get_info_info
} SRV_R_NET_SHARE_GET_INFO; } SRV_R_NET_SHARE_GET_INFO;
/* JRA. NB. We also need level 1004, 1006 and 1501 here. */
/* SRV_Q_NET_SHARE_SET_INFO */ /* SRV_Q_NET_SHARE_SET_INFO */
typedef struct q_net_share_set_info_info typedef struct q_net_share_set_info_info
{ {

49
source/rpc_parse/parse_srv.c
View File

@ -340,22 +340,45 @@ static BOOL srv_io_share_info502_str(char *desc, SH_INFO_502_STR *sh502, prs_str
/******************************************************************* /*******************************************************************
Reads or writes a structure. Reads or writes a structure.
********************************************************************/ ********************************************************************/
static BOOL srv_io_share_info1005(char* desc, SRV_SHARE_INFO_1005* sh1005, static BOOL srv_io_share_info1005(char* desc, SRV_SHARE_INFO_1005* sh1005,
prs_struct* ps, int depth) prs_struct* ps, int depth)
{ {
if(sh1005 == NULL) if(sh1005 == NULL)
return False; return False;
prs_debug(ps, depth, desc, "srv_io_share_info1005"); prs_debug(ps, depth, desc, "srv_io_share_info1005");
depth++; depth++;
if(!prs_align(ps)) if(!prs_align(ps))
return False; return False;
if(!prs_uint32("dfs_root_flag", ps, depth, &sh1005->dfs_root_flag)) if(!prs_uint32("dfs_root_flag", ps, depth, &sh1005->dfs_root_flag))
return False; return False;
return True; return True;
}
/*******************************************************************
Reads or writes a structure.
********************************************************************/
static BOOL srv_io_share_info1501(char* desc, SRV_SHARE_INFO_1501* sh1501,
prs_struct* ps, int depth)
{
if(sh1501 == NULL)
return False;
prs_debug(ps, depth, desc, "srv_io_share_info1501");
depth++;
if(!prs_align(ps))
return False;
if (!sec_io_desc_buf(desc, &sh1501->sdb, ps, depth))
return False;
return True;
} }
/******************************************************************* /*******************************************************************
@ -656,8 +679,12 @@ static BOOL srv_io_srv_share_info(char *desc, prs_struct *ps, int depth, SRV_SHA
return False; return False;
break; break;
case 1005: case 1005:
if(!srv_io_share_info1005("", &r_n->share.info1005, ps, depth)) if(!srv_io_share_info1005("", &r_n->share.info1005, ps, depth))
return False; return False;
break;
case 1501:
if (!srv_io_share_info1501("", &r_n->share.info1501, ps, depth))
return False;
default: default:
DEBUG(5,("%s no share info at switch_value %d\n", DEBUG(5,("%s no share info at switch_value %d\n",
tab_depth(depth), r_n->switch_value)); tab_depth(depth), r_n->switch_value));

48
source/rpc_server/srv_srvsvc_nt.c
View File

@ -253,8 +253,12 @@ static BOOL delete_share_security(int snum)
static BOOL read_only_share_sd(SEC_DESC *psd) static BOOL read_only_share_sd(SEC_DESC *psd)
{ {
int i; int i;
SEC_ACL *ps_dacl = psd->dacl; SEC_ACL *ps_dacl = NULL;
if (!psd)
return True;
ps_dacl = psd->dacl;
if (!ps_dacl) if (!ps_dacl)
return True; return True;
@ -269,6 +273,32 @@ static BOOL read_only_share_sd(SEC_DESC *psd)
return True; return True;
} }
/*******************************************************************
Map any generic bits to file specific bits.
********************************************************************/
void map_generic_share_sd_bits(SEC_DESC *psd)
{
extern struct generic_mapping file_generic_mapping;
int i;
SEC_ACL *ps_dacl = NULL;
if (!psd)
return;
ps_dacl = psd->dacl;
if (!ps_dacl)
return;
for (i = 0; i < ps_dacl->num_aces; i++) {
SEC_ACE *psa = &ps_dacl->ace[i];
uint32 orig_mask = psa->info.mask;
se_map_generic(&psa->info.mask, &file_generic_mapping);
psa->info.mask |= orig_mask;
}
}
/******************************************************************* /*******************************************************************
Can this user access with share with the required permissions ? Can this user access with share with the required permissions ?
********************************************************************/ ********************************************************************/
@ -1200,6 +1230,9 @@ uint32 _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
r_u->switch_value = 0; r_u->switch_value = 0;
if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$"))
return NT_STATUS_BAD_NETWORK_NAME;
snum = find_service(share_name); snum = find_service(share_name);
/* Does this share exist ? */ /* Does this share exist ? */
@ -1220,16 +1253,26 @@ uint32 _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(share_name)); unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(share_name));
type = q_u->info.share.info2.info_2.type; type = q_u->info.share.info2.info_2.type;
read_only = False; /* No SD means "Everyone full access. */ read_only = False; /* No SD means "Everyone full access. */
psd = NULL;
break; break;
case 502: case 502:
unistr2_to_ascii(comment, &q_u->info.share.info502.info_502_str.uni_remark, sizeof(share_name)); unistr2_to_ascii(comment, &q_u->info.share.info502.info_502_str.uni_remark, sizeof(share_name));
unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(share_name)); unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(share_name));
type = q_u->info.share.info502.info_502.type; type = q_u->info.share.info502.info_502.type;
psd = q_u->info.share.info502.info_502_str.sd; psd = q_u->info.share.info502.info_502_str.sd;
map_generic_share_sd_bits(psd);
read_only = read_only_share_sd(psd); read_only = read_only_share_sd(psd);
break; break;
case 1005: case 1005:
return ERROR_ACCESS_DENIED; return ERROR_ACCESS_DENIED;
case 1501:
fstrcpy(pathname, lp_pathname(snum));
fstrcpy(comment, lp_comment(snum));
psd = q_u->info.share.info1501.sdb->sec;
map_generic_share_sd_bits(psd);
read_only = read_only_share_sd(psd);
type = STYPE_DISKTREE;
break;
default: default:
DEBUG(5,("_srv_net_share_set_info: unsupported switch value %d\n", q_u->info_level)); DEBUG(5,("_srv_net_share_set_info: unsupported switch value %d\n", q_u->info_level));
return NT_STATUS_INVALID_INFO_CLASS; return NT_STATUS_INVALID_INFO_CLASS;
@ -1267,6 +1310,8 @@ uint32 _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
/* Send SIGHUP to process group. */ /* Send SIGHUP to process group. */
kill(0, SIGHUP); kill(0, SIGHUP);
} else {
DEBUG(10,("_srv_net_share_set_info: No change to share name (%s)\n", share_name ));
} }
/* Replace SD if changed. */ /* Replace SD if changed. */
@ -1335,6 +1380,7 @@ uint32 _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S
unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(share_name)); unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(share_name));
type = q_u->info.share.info502.info_502.type; type = q_u->info.share.info502.info_502.type;
psd = q_u->info.share.info502.info_502_str.sd; psd = q_u->info.share.info502.info_502_str.sd;
map_generic_share_sd_bits(psd);
read_only = read_only_share_sd(psd); read_only = read_only_share_sd(psd);
break; break;
case 1005: case 1005: