mirror of
https://github.com/samba-team/samba.git
synced 2025-01-05 09:18:06 +03:00
e617cb5fa1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
373 lines
9.7 KiB
C
373 lines
9.7 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
client security descriptor functions
|
|
Copyright (C) Andrew Tridgell 2000
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
#include "libsmb/libsmb.h"
|
|
#include "../libcli/security/secdesc.h"
|
|
#include "../libcli/smb/smbXcli_base.h"
|
|
#include "lib/util/tevent_ntstatus.h"
|
|
|
|
struct cli_query_security_descriptor_state {
|
|
uint8_t param[8];
|
|
DATA_BLOB outbuf;
|
|
};
|
|
|
|
static void cli_query_security_descriptor_done1(struct tevent_req *subreq);
|
|
static void cli_query_security_descriptor_done2(struct tevent_req *subreq);
|
|
|
|
struct tevent_req *cli_query_security_descriptor_send(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct tevent_context *ev,
|
|
struct cli_state *cli,
|
|
uint16_t fnum,
|
|
uint32_t sec_info)
|
|
{
|
|
struct tevent_req *req = NULL, *subreq = NULL;
|
|
struct cli_query_security_descriptor_state *state = NULL;
|
|
|
|
req = tevent_req_create(
|
|
mem_ctx, &state, struct cli_query_security_descriptor_state);
|
|
if (req == NULL) {
|
|
return NULL;
|
|
}
|
|
|
|
if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
|
|
subreq = cli_smb2_query_info_fnum_send(
|
|
state, /* mem_ctx */
|
|
ev, /* ev */
|
|
cli, /* cli */
|
|
fnum, /* fnum */
|
|
3, /* in_info_type */
|
|
0, /* in_info_class */
|
|
0xFFFF, /* in_max_output_length */
|
|
NULL, /* in_input_buffer */
|
|
sec_info, /* in_additional_info */
|
|
0); /* in_flags */
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, cli_query_security_descriptor_done2, req);
|
|
return req;
|
|
}
|
|
|
|
PUSH_LE_U32(state->param, 0, fnum);
|
|
PUSH_LE_U32(state->param, 4, sec_info);
|
|
|
|
subreq = cli_trans_send(
|
|
state, /* mem_ctx */
|
|
ev, /* ev */
|
|
cli, /* cli */
|
|
0, /* additional_flags2 */
|
|
SMBnttrans, /* cmd */
|
|
NULL, /* pipe_name */
|
|
-1, /* fid */
|
|
NT_TRANSACT_QUERY_SECURITY_DESC, /* function */
|
|
0, /* flags */
|
|
NULL, /* setup */
|
|
0, /* num_setup */
|
|
0, /* max_setup */
|
|
state->param, /* param */
|
|
8, /* num_param */
|
|
4, /* max_param */
|
|
NULL, /* data */
|
|
0, /* num_data */
|
|
0x10000); /* max_data */
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, cli_query_security_descriptor_done1, req);
|
|
return req;
|
|
}
|
|
|
|
static void cli_query_security_descriptor_done1(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct cli_query_security_descriptor_state *state = tevent_req_data(
|
|
req, struct cli_query_security_descriptor_state);
|
|
NTSTATUS status;
|
|
uint32_t len;
|
|
|
|
status = cli_trans_recv(
|
|
subreq, /* req */
|
|
state, /* mem_ctx */
|
|
NULL, /* recv_flags2 */
|
|
NULL, /* setup */
|
|
0, /* min_setup */
|
|
NULL, /* num_setup */
|
|
NULL, /* param */
|
|
0, /* min_param */
|
|
NULL, /* num_param */
|
|
&state->outbuf.data, /* data */
|
|
0, /* min_data */
|
|
&len); /* num_data */
|
|
TALLOC_FREE(subreq);
|
|
if (tevent_req_nterror(req, status)) {
|
|
return;
|
|
}
|
|
state->outbuf.length = len; /* uint32_t -> size_t */
|
|
tevent_req_done(req);
|
|
}
|
|
|
|
static void cli_query_security_descriptor_done2(struct tevent_req *subreq)
|
|
{
|
|
struct tevent_req *req = tevent_req_callback_data(
|
|
subreq, struct tevent_req);
|
|
struct cli_query_security_descriptor_state *state = tevent_req_data(
|
|
req, struct cli_query_security_descriptor_state);
|
|
NTSTATUS status;
|
|
|
|
status = cli_smb2_query_info_fnum_recv(subreq, state, &state->outbuf);
|
|
TALLOC_FREE(subreq);
|
|
if (tevent_req_nterror(req, status)) {
|
|
return;
|
|
}
|
|
tevent_req_done(req);
|
|
}
|
|
|
|
NTSTATUS cli_query_security_descriptor_recv(
|
|
struct tevent_req *req,
|
|
TALLOC_CTX *mem_ctx,
|
|
struct security_descriptor **sd)
|
|
{
|
|
struct cli_query_security_descriptor_state *state = tevent_req_data(
|
|
req, struct cli_query_security_descriptor_state);
|
|
NTSTATUS status = NT_STATUS_OK;
|
|
|
|
if (tevent_req_is_nterror(req, &status)) {
|
|
goto done;
|
|
}
|
|
if (sd != NULL) {
|
|
status = unmarshall_sec_desc(
|
|
mem_ctx, state->outbuf.data, state->outbuf.length, sd);
|
|
}
|
|
done:
|
|
tevent_req_received(req);
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
|
|
uint16_t fnum,
|
|
uint32_t sec_info,
|
|
TALLOC_CTX *mem_ctx,
|
|
struct security_descriptor **sd)
|
|
{
|
|
TALLOC_CTX *frame = talloc_stackframe();
|
|
struct tevent_context *ev = NULL;
|
|
struct tevent_req *req = NULL;
|
|
NTSTATUS status = NT_STATUS_NO_MEMORY;
|
|
|
|
if (smbXcli_conn_has_async_calls(cli->conn)) {
|
|
status = NT_STATUS_INVALID_PARAMETER;
|
|
goto fail;
|
|
}
|
|
ev = samba_tevent_context_init(frame);
|
|
if (ev == NULL) {
|
|
goto fail;
|
|
}
|
|
req = cli_query_security_descriptor_send(
|
|
frame, ev, cli, fnum, sec_info);
|
|
if (req == NULL) {
|
|
goto fail;
|
|
}
|
|
if (!tevent_req_poll_ntstatus(req, ev, &status)) {
|
|
goto fail;
|
|
}
|
|
status = cli_query_security_descriptor_recv(req, mem_ctx, sd);
|
|
fail:
|
|
TALLOC_FREE(frame);
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
|
|
TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
|
|
{
|
|
uint32_t sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
|
|
|
|
return cli_query_security_descriptor(cli, fnum, sec_info, mem_ctx, sd);
|
|
}
|
|
|
|
NTSTATUS cli_query_mxac(struct cli_state *cli,
|
|
const char *filename,
|
|
uint32_t *mxac)
|
|
{
|
|
if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
|
|
return NT_STATUS_NOT_SUPPORTED;
|
|
}
|
|
|
|
return cli_smb2_query_mxac(cli, filename, mxac);
|
|
}
|
|
|
|
struct cli_set_security_descriptor_state {
|
|
uint8_t param[8];
|
|
DATA_BLOB buf;
|
|
};
|
|
|
|
static void cli_set_security_descriptor_done1(struct tevent_req *subreq);
|
|
static void cli_set_security_descriptor_done2(struct tevent_req *subreq);
|
|
|
|
struct tevent_req *cli_set_security_descriptor_send(
|
|
TALLOC_CTX *mem_ctx,
|
|
struct tevent_context *ev,
|
|
struct cli_state *cli,
|
|
uint16_t fnum,
|
|
uint32_t sec_info,
|
|
const struct security_descriptor *sd)
|
|
{
|
|
struct tevent_req *req = NULL, *subreq = NULL;
|
|
struct cli_set_security_descriptor_state *state = NULL;
|
|
NTSTATUS status;
|
|
|
|
req = tevent_req_create(
|
|
mem_ctx, &state, struct cli_set_security_descriptor_state);
|
|
if (req == NULL) {
|
|
return NULL;
|
|
}
|
|
|
|
status = marshall_sec_desc(
|
|
state, sd, &state->buf.data, &state->buf.length);
|
|
if (tevent_req_nterror(req, status)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
|
|
subreq = cli_smb2_set_info_fnum_send(
|
|
state, /* mem_ctx */
|
|
ev, /* ev */
|
|
cli, /* cli */
|
|
fnum, /* fnum */
|
|
3, /* in_info_type */
|
|
0, /* in_file_info_class */
|
|
&state->buf, /* in_input_buffer */
|
|
sec_info); /* in_additional_info */
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, cli_set_security_descriptor_done2, req);
|
|
return req;
|
|
}
|
|
|
|
SIVAL(state->param, 0, fnum);
|
|
SIVAL(state->param, 4, sec_info);
|
|
|
|
subreq = cli_trans_send(
|
|
state, /* mem_ctx */
|
|
ev, /* ev */
|
|
cli, /* cli */
|
|
0, /* additional_flags2 */
|
|
SMBnttrans, /* cmd */
|
|
NULL, /* pipe_name */
|
|
-1, /* fid */
|
|
NT_TRANSACT_SET_SECURITY_DESC, /* function */
|
|
0, /* flags */
|
|
NULL, /* setup */
|
|
0, /* num_setup */
|
|
0, /* max_setup */
|
|
state->param, /* param */
|
|
8, /* num_param */
|
|
0, /* max_param */
|
|
state->buf.data, /* data */
|
|
state->buf.length, /* num_data */
|
|
0); /* max_data */
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
tevent_req_set_callback(
|
|
subreq, cli_set_security_descriptor_done1, req);
|
|
return req;
|
|
}
|
|
|
|
static void cli_set_security_descriptor_done1(struct tevent_req *subreq)
|
|
{
|
|
NTSTATUS status = cli_trans_recv(
|
|
subreq, NULL, NULL, NULL, 0, NULL, NULL, 0, NULL,
|
|
NULL, 0, NULL);
|
|
return tevent_req_simple_finish_ntstatus(subreq, status);
|
|
}
|
|
|
|
static void cli_set_security_descriptor_done2(struct tevent_req *subreq)
|
|
{
|
|
NTSTATUS status = cli_smb2_set_info_fnum_recv(subreq);
|
|
tevent_req_simple_finish_ntstatus(subreq, status);
|
|
}
|
|
|
|
NTSTATUS cli_set_security_descriptor_recv(struct tevent_req *req)
|
|
{
|
|
return tevent_req_simple_recv_ntstatus(req);
|
|
}
|
|
|
|
/****************************************************************************
|
|
set the security descriptor for a open file
|
|
****************************************************************************/
|
|
NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
|
|
uint16_t fnum,
|
|
uint32_t sec_info,
|
|
const struct security_descriptor *sd)
|
|
{
|
|
TALLOC_CTX *frame = talloc_stackframe();
|
|
struct tevent_context *ev = NULL;
|
|
struct tevent_req *req = NULL;
|
|
NTSTATUS status = NT_STATUS_NO_MEMORY;
|
|
|
|
if (smbXcli_conn_has_async_calls(cli->conn)) {
|
|
status = NT_STATUS_INVALID_PARAMETER;
|
|
goto fail;
|
|
}
|
|
ev = samba_tevent_context_init(frame);
|
|
if (ev == NULL) {
|
|
goto fail;
|
|
}
|
|
req = cli_set_security_descriptor_send(
|
|
frame, ev, cli, fnum, sec_info, sd);
|
|
if (req == NULL) {
|
|
goto fail;
|
|
}
|
|
if (!tevent_req_poll_ntstatus(req, ev, &status)) {
|
|
goto fail;
|
|
}
|
|
status = cli_set_security_descriptor_recv(req);
|
|
fail:
|
|
TALLOC_FREE(frame);
|
|
return status;
|
|
}
|
|
|
|
NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
|
|
const struct security_descriptor *sd)
|
|
{
|
|
uint32_t sec_info = 0;
|
|
|
|
if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT)) {
|
|
sec_info |= SECINFO_DACL;
|
|
}
|
|
if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT)) {
|
|
sec_info |= SECINFO_SACL;
|
|
}
|
|
if (sd->owner_sid) {
|
|
sec_info |= SECINFO_OWNER;
|
|
}
|
|
if (sd->group_sid) {
|
|
sec_info |= SECINFO_GROUP;
|
|
}
|
|
|
|
return cli_set_security_descriptor(cli, fnum, sec_info, sd);
|
|
}
|