SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename,
size_t *psize)
{
- prs_struct ps;
- fstring key;
+ char *key;
SEC_DESC *psd = NULL;
+ TDB_DATA data;
+ NTSTATUS status;
if (!share_info_db_init()) {
return NULL;
}
- *psize = 0;
+ if (!(key = talloc_asprintf(ctx, "SECDESC/%s", servicename))) {
+ DEBUG(0, ("talloc_asprintf failed\n"));
+ return NULL;
+ }
- /* Fetch security descriptor from tdb */
-
- slprintf(key, sizeof(key)-1, "SECDESC/%s", servicename);
-
- if (tdb_prs_fetch_bystring(share_tdb, key, &ps, ctx)!=0 ||
- !sec_io_desc("get_share_security", &psd, &ps, 1)) {
-
- DEBUG(4, ("get_share_security: using default secdesc for %s\n",
- servicename));
-
- return get_share_security_default(ctx, psize, GENERIC_ALL_ACCESS);
+ data = tdb_fetch_bystring(share_tdb, key);
+
+ TALLOC_FREE(key);
+
+ if (data.dptr == NULL) {
+ return get_share_security_default(ctx, psize,
+ GENERIC_ALL_ACCESS);
+ }
+
+ status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("unmarshall_sec_desc failed: %s\n",
+ nt_errstr(status)));
+ return NULL;
}
if (psd)
*psize = sec_desc_size(psd);
- prs_mem_free(&ps);
return psd;
}
BOOL set_share_security(const char *share_name, SEC_DESC *psd)
{
- prs_struct ps;
- TALLOC_CTX *mem_ctx = NULL;
- fstring key;
+ TALLOC_CTX *frame;
+ char *key;
BOOL ret = False;
+ TDB_DATA blob;
+ NTSTATUS status;
if (!share_info_db_init()) {
return False;
}
- mem_ctx = talloc_init("set_share_security");
- if (mem_ctx == NULL)
- return False;
+ frame = talloc_stackframe();
- prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL);
-
- if (!sec_io_desc("share_security", &psd, &ps, 1))
+ status = marshall_sec_desc(frame, psd, &blob.dptr, &blob.dsize);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("marshall_sec_desc failed: %s\n",
+ nt_errstr(status)));
goto out;
-
- slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name);
-
- if (tdb_prs_store_bystring(share_tdb, key, &ps)==0) {
- ret = True;
- DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name ));
- } else {
- DEBUG(1,("set_share_security: Failed to store secdesc for %s\n", share_name ));
- }
-
- /* Free malloc'ed memory */
-
-out:
-
- prs_mem_free(&ps);
- TALLOC_FREE(mem_ctx);
+ }
+
+ if (!(key = talloc_asprintf(frame, "SECDESC/%s", share_name))) {
+ DEBUG(0, ("talloc_asprintf failed\n"));
+ goto out;
+ }
+
+ if (tdb_trans_store_bystring(share_tdb, key, blob,
+ TDB_REPLACE) == -1) {
+ DEBUG(1,("set_share_security: Failed to store secdesc for "
+ "%s\n", share_name ));
+ goto out;
+ }
+
+ DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name ));
+ ret = True;
+
+ out:
+ TALLOC_FREE(frame);
return ret;
}
return tdb_trans_store(tdb, kbuf, dbuf, TDB_REPLACE);
}
-int tdb_prs_store_bystring(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
-{
- TDB_DATA kbuf = string_term_tdb_data(keystr);
- return tdb_prs_store(tdb, kbuf, ps);
-}
-
/* useful function to fetch a structure into rpc wire format */
int tdb_prs_fetch(TDB_CONTEXT *tdb, TDB_DATA kbuf, prs_struct *ps, TALLOC_CTX *mem_ctx)
{
return 0;
}
-int tdb_prs_fetch_bystring(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx)
-{
- TDB_DATA kbuf = string_term_tdb_data(keystr);
- return tdb_prs_fetch(tdb, kbuf, ps, mem_ctx);
-}
-
/*******************************************************************
hash a stream.
********************************************************************/
REGVAL_CTR *values;
REGSUBKEY_CTR *svc_subkeys;
SEC_DESC *sd;
- prs_struct ps;
+ DATA_BLOB sd_blob;
+ NTSTATUS status;
/* add to the list and create the subkey path */
TALLOC_FREE( key_secdesc );
return;
}
-
- /* stream the printer security descriptor */
-
- prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key_secdesc, MARSHALL);
-
- if ( sec_io_desc("sec_desc", &sd, &ps, 0 ) ) {
- uint32 offset = prs_offset( &ps );
- regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&ps), offset );
- store_reg_values( key_secdesc, values );
+
+ status = marshall_sec_desc(key_secdesc, sd, &sd_blob.data,
+ &sd_blob.length);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("marshall_sec_desc failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(key_secdesc);
+ return;
}
- /* finally cleanup the Security key */
+ regval_ctr_addvalue(values, "Security", REG_BINARY,
+ (const char *)sd_blob.data, sd_blob.length);
+ store_reg_values( key_secdesc, values );
- prs_mem_free( &ps );
TALLOC_FREE( key_secdesc );
return;
SEC_DESC* svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
{
REGISTRY_KEY *key;
- prs_struct ps;
REGVAL_CTR *values;
REGISTRY_VALUE *val;
- SEC_DESC *sd = NULL;
SEC_DESC *ret_sd = NULL;
pstring path;
WERROR wresult;
+ NTSTATUS status;
/* now add the security descriptor */
}
fetch_reg_values( key, values );
+
+ TALLOC_FREE(key);
if ( !(val = regval_ctr_getvalue( values, "Security" )) ) {
DEBUG(6,("svcctl_get_secdesc: constructing default secdesc for service [%s]\n",
name));
- TALLOC_FREE( key );
return construct_service_sd( ctx );
}
- /* stream the printer security descriptor */
-
- prs_init( &ps, 0, key, UNMARSHALL);
- prs_give_memory( &ps, (char *)regval_data_p(val), regval_size(val), False );
-
- if ( !sec_io_desc("sec_desc", &sd, &ps, 0 ) ) {
- TALLOC_FREE( key );
+ /* stream the service security descriptor */
+
+ status = unmarshall_sec_desc(ctx, regval_data_p(val),
+ regval_size(val), &ret_sd);
+
+ if (!NT_STATUS_IS_OK(status)) {
return construct_service_sd( ctx );
}
-
- ret_sd = dup_sec_desc( ctx, sd );
-
- /* finally cleanup the Security key */
-
- prs_mem_free( &ps );
- TALLOC_FREE( key );
return ret_sd;
}