mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3:libsmb: add cli_{query,set}_security_descriptor() which take sec_info flags
In order to set and get security_descriptors it's important to specify the sec_info flags. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
This commit is contained in:
parent
cf60338ada
commit
9afba14417
@ -21,8 +21,11 @@
|
|||||||
#include "libsmb/libsmb.h"
|
#include "libsmb/libsmb.h"
|
||||||
#include "../libcli/security/secdesc.h"
|
#include "../libcli/security/secdesc.h"
|
||||||
|
|
||||||
NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
|
NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
|
||||||
TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
|
uint16_t fnum,
|
||||||
|
uint32_t sec_info,
|
||||||
|
TALLOC_CTX *mem_ctx,
|
||||||
|
struct security_descriptor **sd)
|
||||||
{
|
{
|
||||||
uint8_t param[8];
|
uint8_t param[8];
|
||||||
uint8_t *rdata=NULL;
|
uint8_t *rdata=NULL;
|
||||||
@ -31,7 +34,7 @@ NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
|
|||||||
struct security_descriptor *lsd;
|
struct security_descriptor *lsd;
|
||||||
|
|
||||||
SIVAL(param, 0, fnum);
|
SIVAL(param, 0, fnum);
|
||||||
SIVAL(param, 4, 0x7);
|
SIVAL(param, 4, sec_info);
|
||||||
|
|
||||||
status = cli_trans(talloc_tos(), cli, SMBnttrans,
|
status = cli_trans(talloc_tos(), cli, SMBnttrans,
|
||||||
NULL, -1, /* name, fid */
|
NULL, -1, /* name, fid */
|
||||||
@ -71,14 +74,23 @@ NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
|
|||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
|
||||||
|
TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
|
||||||
|
{
|
||||||
|
uint32_t sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
|
||||||
|
|
||||||
|
return cli_query_security_descriptor(cli, fnum, sec_info, mem_ctx, sd);
|
||||||
|
}
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
set the security descriptor for a open file
|
set the security descriptor for a open file
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
|
NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
|
||||||
|
uint16_t fnum,
|
||||||
|
uint32_t sec_info,
|
||||||
const struct security_descriptor *sd)
|
const struct security_descriptor *sd)
|
||||||
{
|
{
|
||||||
uint8_t param[8];
|
uint8_t param[8];
|
||||||
uint32 sec_info = 0;
|
|
||||||
uint8 *data;
|
uint8 *data;
|
||||||
size_t len;
|
size_t len;
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
@ -91,16 +103,7 @@ NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
|
|||||||
}
|
}
|
||||||
|
|
||||||
SIVAL(param, 0, fnum);
|
SIVAL(param, 0, fnum);
|
||||||
|
SIVAL(param, 4, sec_info);
|
||||||
if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT))
|
|
||||||
sec_info |= SECINFO_DACL;
|
|
||||||
if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT))
|
|
||||||
sec_info |= SECINFO_SACL;
|
|
||||||
if (sd->owner_sid)
|
|
||||||
sec_info |= SECINFO_OWNER;
|
|
||||||
if (sd->group_sid)
|
|
||||||
sec_info |= SECINFO_GROUP;
|
|
||||||
SSVAL(param, 4, sec_info);
|
|
||||||
|
|
||||||
status = cli_trans(talloc_tos(), cli, SMBnttrans,
|
status = cli_trans(talloc_tos(), cli, SMBnttrans,
|
||||||
NULL, -1, /* name, fid */
|
NULL, -1, /* name, fid */
|
||||||
@ -119,3 +122,24 @@ NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
|
|||||||
}
|
}
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
|
||||||
|
const struct security_descriptor *sd)
|
||||||
|
{
|
||||||
|
uint32_t sec_info = 0;
|
||||||
|
|
||||||
|
if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT)) {
|
||||||
|
sec_info |= SECINFO_DACL;
|
||||||
|
}
|
||||||
|
if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT)) {
|
||||||
|
sec_info |= SECINFO_SACL;
|
||||||
|
}
|
||||||
|
if (sd->owner_sid) {
|
||||||
|
sec_info |= SECINFO_OWNER;
|
||||||
|
}
|
||||||
|
if (sd->group_sid) {
|
||||||
|
sec_info |= SECINFO_GROUP;
|
||||||
|
}
|
||||||
|
|
||||||
|
return cli_set_security_descriptor(cli, fnum, sec_info, sd);
|
||||||
|
}
|
||||||
|
@ -792,8 +792,17 @@ NTSTATUS cli_push(struct cli_state *cli, uint16_t fnum, uint16_t mode,
|
|||||||
|
|
||||||
/* The following definitions come from libsmb/clisecdesc.c */
|
/* The following definitions come from libsmb/clisecdesc.c */
|
||||||
|
|
||||||
|
NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
|
||||||
|
uint16_t fnum,
|
||||||
|
uint32_t sec_info,
|
||||||
|
TALLOC_CTX *mem_ctx,
|
||||||
|
struct security_descriptor **sd);
|
||||||
NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
|
NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
|
||||||
TALLOC_CTX *mem_ctx, struct security_descriptor **sd);
|
TALLOC_CTX *mem_ctx, struct security_descriptor **sd);
|
||||||
|
NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
|
||||||
|
uint16_t fnum,
|
||||||
|
uint32_t sec_info,
|
||||||
|
const struct security_descriptor *sd);
|
||||||
NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
|
NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
|
||||||
const struct security_descriptor *sd);
|
const struct security_descriptor *sd);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user