s3-rpc_client: add winreg_set_printserver_secdesc.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

source3/rpc_client/cli_winreg_spoolss.c

@@ -1794,16 +1794,16 @@ WERROR winreg_get_printserver_secdesc(TALLOC_CTX *mem_ctx,
 				  psecdesc);
 }
 
-WERROR winreg_set_printer_secdesc(TALLOC_CTX *mem_ctx,
-				  struct dcerpc_binding_handle *winreg_handle,
-				  const char *sharename,
-				  const struct spoolss_security_descriptor *secdesc)
+static WERROR winreg_set_secdesc(TALLOC_CTX *mem_ctx,
+				 struct dcerpc_binding_handle *winreg_handle,
+				 const char *path,
+				 const char *attribute,
+				 const struct spoolss_security_descriptor *secdesc)
 {
 	const struct spoolss_security_descriptor *new_secdesc = secdesc;
 	struct spoolss_security_descriptor *old_secdesc;
 	uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
 	struct policy_handle hive_hnd, key_hnd;
-	const char *path;
 	TALLOC_CTX *tmp_ctx;
 	NTSTATUS status;
 	WERROR result;
@@ -1814,12 +1814,6 @@ WERROR winreg_set_printer_secdesc(TALLOC_CTX *mem_ctx,
 		return WERR_NOMEM;
 	}
 
-	path = winreg_printer_data_keyname(tmp_ctx, sharename);
-	if (path == NULL) {
-		talloc_free(tmp_ctx);
-		return WERR_NOMEM;
-	}
-
 	/*
 	 * The old owner and group sids of the security descriptor are not
 	 * present when new ACEs are added or removed by changing printer
@@ -1831,10 +1825,11 @@ WERROR winreg_set_printer_secdesc(TALLOC_CTX *mem_ctx,
 		struct security_acl *dacl, *sacl;
 		size_t size;
 
-		result = winreg_get_printer_secdesc(tmp_ctx,
-						    winreg_handle,
-						    sharename,
-						    &old_secdesc);
+		result = winreg_get_secdesc(tmp_ctx,
+					    winreg_handle,
+					    path,
+					    attribute,
+					    &old_secdesc);
 		if (!W_ERROR_IS_OK(result)) {
 			talloc_free(tmp_ctx);
 			return result;
@@ -1890,7 +1885,7 @@ WERROR winreg_set_printer_secdesc(TALLOC_CTX *mem_ctx,
 	status = dcerpc_winreg_set_sd(tmp_ctx,
 				      winreg_handle,
 				      &key_hnd,
-				      "Security",
+				      attribute,
 				      new_secdesc,
 				      &result);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -1909,6 +1904,37 @@ done:
 	return result;
 }
 
+WERROR winreg_set_printer_secdesc(TALLOC_CTX *mem_ctx,
+				  struct dcerpc_binding_handle *winreg_handle,
+				  const char *sharename,
+				  const struct spoolss_security_descriptor *secdesc)
+{
+	char *path;
+	WERROR result;
+
+	path = winreg_printer_data_keyname(mem_ctx, sharename);
+	if (path == NULL) {
+		return WERR_NOMEM;
+	}
+
+	result = winreg_set_secdesc(mem_ctx, winreg_handle,
+				    path,
+				    "Security", secdesc);
+	talloc_free(path);
+
+	return result;
+}
+
+WERROR winreg_set_printserver_secdesc(TALLOC_CTX *mem_ctx,
+				      struct dcerpc_binding_handle *winreg_handle,
+				      const struct spoolss_security_descriptor *secdesc)
+{
+	return winreg_set_secdesc(mem_ctx, winreg_handle,
+				  TOP_LEVEL_CONTROL_KEY,
+				  "ServerSecurityDescriptor",
+				  secdesc);
+}
+
 /* Set printer data over the winreg pipe. */
 WERROR winreg_set_printer_dataex(TALLOC_CTX *mem_ctx,
 				 struct dcerpc_binding_handle *winreg_handle,

source3/rpc_client/cli_winreg_spoolss.h

@@ -181,6 +181,23 @@ WERROR winreg_set_printer_secdesc(TALLOC_CTX *mem_ctx,
 				  const char *sharename,
 				  const struct spoolss_security_descriptor *secdesc);
 
+/**
+ * @brief Set the security descriptor for a printserver.
+ *
+ * @param[in]  mem_ctx  The talloc memory context to use.
+ *
+ * @param[in]  b The dcerpc binding handle
+ *
+ * @param[in]  secdesc  The security descriptor to save.
+ *
+ * @return              On success WERR_OK, a corresponding DOS error is
+ *                      something went wrong.
+ */
+WERROR winreg_set_printserver_secdesc(TALLOC_CTX *mem_ctx,
+				      struct dcerpc_binding_handle *b,
+				      const struct spoolss_security_descriptor *secdesc);
+
+
 /**
  * @internal
  *