fstring buf;
int ret = 0;
TALLOC_CTX *mem_ctx;
- struct smb_query_secdesc query;
+ union smb_fileinfo query;
NTSTATUS status;
int fnum;
mem_ctx = talloc_init("%s", fname);
- query.in.fnum = fnum;
- query.in.secinfo_flags = 0x7;
+ query.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+ query.query_secdesc.in.fnum = fnum;
+ query.query_secdesc.in.secinfo_flags = 0x7;
- status = smb_raw_query_secdesc(cli->tree, mem_ctx, &query);
+ status = smb_raw_fileinfo(cli->tree, mem_ctx, &query);
if (!NT_STATUS_IS_OK(status)) {
d_printf("%s - %s\n", fname, nt_errstr(status));
ret = 1;
goto done;
}
- NDR_PRINT_DEBUG(security_descriptor, query.out.sd);
+ NDR_PRINT_DEBUG(security_descriptor, query.query_secdesc.out.sd);
talloc_destroy(mem_ctx);
#include "module.h"
#include "mutex.h"
#include "librpc/ndr/libndr.h"
-#include "librpc/ndr/ndr_sec.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
#include "librpc/rpc/dcerpc.h"
} WIRE_STRING;
+/*
+ use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
+ just a dom sid, but with the sub_auths represented as a conformant
+ array. As with all in-structure conformant arrays, the array length
+ is placed before the start of the structure. That's what gives rise
+ to the extra num_auths elemenent. We don't want the Samba code to
+ have to bother with such esoteric NDR details, so its easier to just
+ define it as a dom_sid and use pidl magic to make it all work. It
+ just means you need to mark a sid as a "dom_sid2" in the IDL when you
+ know it is of the conformant array variety
+*/
+#define dom_sid2 dom_sid
+
+
/*
this header defines the structures and unions used between the SMB
parser and the backends.
RAW_FILEINFO_GENERIC = 0xF000,
RAW_FILEINFO_GETATTR, /* SMBgetatr */
RAW_FILEINFO_GETATTRE, /* SMBgetattrE */
+ RAW_FILEINFO_SEC_DESC, /* NT_TRANSACT_QUERY_SECURITY_DESC */
RAW_FILEINFO_STANDARD = SMB_QFILEINFO_STANDARD,
RAW_FILEINFO_EA_SIZE = SMB_QFILEINFO_EA_SIZE,
RAW_FILEINFO_ALL_EAS = SMB_QFILEINFO_ALL_EAS,
uint32_t reparse_tag;
} out;
} attribute_tag_information;
+
+ /* RAW_FILEINFO_QUERY_SEC_DESC */
+ struct {
+ enum smb_fileinfo_level level;
+ struct {
+ uint16_t fnum;
+ uint32_t secinfo_flags;
+ } in;
+ struct {
+ struct security_descriptor *sd;
+ } out;
+ } query_secdesc;
};
RAW_SFILEINFO_GENERIC = 0xF000,
RAW_SFILEINFO_SETATTR, /* SMBsetatr */
RAW_SFILEINFO_SETATTRE, /* SMBsetattrE */
+ RAW_SFILEINFO_SEC_DESC, /* NT_TRANSACT_SET_SECURITY_DESC */
RAW_SFILEINFO_STANDARD = SMB_SFILEINFO_STANDARD,
RAW_SFILEINFO_EA_SET = SMB_SFILEINFO_EA_SET,
RAW_SFILEINFO_BASIC_INFO = SMB_SFILEINFO_BASIC_INFO,
const char *link_dest;
} in;
} unix_link, unix_hlink;
+
+ /* RAW_FILEINFO_SET_SEC_DESC */
+ struct {
+ enum smb_setfileinfo_level level;
+ union setfileinfo_file file;
+ struct {
+ uint32_t secinfo_flags;
+ struct security_descriptor *sd;
+ } in;
+ } set_secdesc;
};
fetch file ACL (async send)
****************************************************************************/
struct smbcli_request *smb_raw_query_secdesc_send(struct smbcli_tree *tree,
- struct smb_query_secdesc *query)
+ union smb_fileinfo *io)
{
struct smb_nttrans nt;
uint8_t params[8];
nt.in.function = NT_TRANSACT_QUERY_SECURITY_DESC;
nt.in.setup = NULL;
- SSVAL(params, 0, query->in.fnum);
+ SSVAL(params, 0, io->query_secdesc.in.fnum);
SSVAL(params, 2, 0); /* padding */
- SIVAL(params, 4, query->in.secinfo_flags);
+ SIVAL(params, 4, io->query_secdesc.in.secinfo_flags);
nt.in.params.data = params;
nt.in.params.length = 8;
****************************************************************************/
NTSTATUS smb_raw_query_secdesc_recv(struct smbcli_request *req,
TALLOC_CTX *mem_ctx,
- struct smb_query_secdesc *query)
+ union smb_fileinfo *io)
{
NTSTATUS status;
struct smb_nttrans nt;
return NT_STATUS_INVALID_PARAMETER;
}
- query->out.sd = talloc_p(mem_ctx, struct security_descriptor);
- if (!query->out.sd) {
+ io->query_secdesc.out.sd = talloc_p(mem_ctx, struct security_descriptor);
+ if (!io->query_secdesc.out.sd) {
return NT_STATUS_NO_MEMORY;
}
- status = ndr_pull_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, query->out.sd);
+ status = ndr_pull_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS,
+ io->query_secdesc.out.sd);
return status;
}
****************************************************************************/
NTSTATUS smb_raw_query_secdesc(struct smbcli_tree *tree,
TALLOC_CTX *mem_ctx,
- struct smb_query_secdesc *query)
+ union smb_fileinfo *io)
{
- struct smbcli_request *req = smb_raw_query_secdesc_send(tree, query);
- return smb_raw_query_secdesc_recv(req, mem_ctx, query);
+ struct smbcli_request *req = smb_raw_query_secdesc_send(tree, io);
+ return smb_raw_query_secdesc_recv(req, mem_ctx, io);
}
set file ACL (async send)
****************************************************************************/
struct smbcli_request *smb_raw_set_secdesc_send(struct smbcli_tree *tree,
- struct smb_set_secdesc *set)
+ union smb_setfileinfo *io)
{
struct smb_nttrans nt;
uint8_t params[8];
nt.in.function = NT_TRANSACT_SET_SECURITY_DESC;
nt.in.setup = NULL;
- SSVAL(params, 0, set->in.fnum);
+ SSVAL(params, 0, io->set_secdesc.file.fnum);
SSVAL(params, 2, 0); /* padding */
- SIVAL(params, 4, set->in.secinfo_flags);
+ SIVAL(params, 4, io->set_secdesc.in.secinfo_flags);
nt.in.params.data = params;
nt.in.params.length = 8;
ndr = ndr_push_init();
if (!ndr) return NULL;
- status = ndr_push_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, set->in.sd);
+ status = ndr_push_security_descriptor(ndr, NDR_SCALARS|NDR_BUFFERS, io->set_secdesc.in.sd);
if (!NT_STATUS_IS_OK(status)) {
ndr_push_free(ndr);
return NULL;
set file ACL (sync interface)
****************************************************************************/
NTSTATUS smb_raw_set_secdesc(struct smbcli_tree *tree,
- struct smb_set_secdesc *set)
+ union smb_setfileinfo *io)
{
- struct smbcli_request *req = smb_raw_set_secdesc_send(tree, set);
+ struct smbcli_request *req = smb_raw_set_secdesc_send(tree, io);
return smbcli_request_simple_recv(req);
}
case RAW_FILEINFO_GENERIC:
case RAW_FILEINFO_GETATTR:
case RAW_FILEINFO_GETATTRE:
+ case RAW_FILEINFO_SEC_DESC:
/* not handled here */
return NT_STATUS_INVALID_LEVEL;
Query file info (async send)
****************************************************************************/
struct smbcli_request *smb_raw_fileinfo_send(struct smbcli_tree *tree,
- union smb_fileinfo *parms)
+ union smb_fileinfo *parms)
{
/* pass off the non-trans2 level to specialised functions */
if (parms->generic.level == RAW_FILEINFO_GETATTRE) {
return smb_raw_getattrE_send(tree, parms);
}
+ if (parms->generic.level == RAW_FILEINFO_SEC_DESC) {
+ return smb_raw_query_secdesc_send(tree, parms);
+ }
if (parms->generic.level >= RAW_FILEINFO_GENERIC) {
return NULL;
}
if (parms->generic.level == RAW_FILEINFO_GETATTRE) {
return smb_raw_getattrE_recv(req, parms);
}
+ if (parms->generic.level == RAW_FILEINFO_SEC_DESC) {
+ return smb_raw_query_secdesc_recv(req, mem_ctx, parms);
+ }
if (parms->generic.level == RAW_FILEINFO_GETATTR) {
return smb_raw_getattr_recv(req, parms);
}
case RAW_SFILEINFO_GENERIC:
case RAW_SFILEINFO_SETATTR:
case RAW_SFILEINFO_SETATTRE:
+ case RAW_SFILEINFO_SEC_DESC:
/* not handled here */
return False;
if (parms->generic.level == RAW_SFILEINFO_SETATTRE) {
return smb_raw_setattrE_send(tree, parms);
}
+ if (parms->generic.level == RAW_SFILEINFO_SEC_DESC) {
+ return smb_raw_set_secdesc_send(tree, parms);
+ }
if (parms->generic.level >= RAW_SFILEINFO_GENERIC) {
return NULL;
}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- definitions for marshalling/unmarshalling security descriptors
- and related structures
-
- Copyright (C) Andrew Tridgell 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-
-/*
- use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
- just a dom sid, but with the sub_auths represented as a conformant
- array. As with all in-structure conformant arrays, the array length
- is placed before the start of the structure. That's what gives rise
- to the extra num_auths elemenent. We don't want the Samba code to
- have to bother with such esoteric NDR details, so its easier to just
- define it as a dom_sid and use pidl magic to make it all work. It
- just means you need to mark a sid as a "dom_sid2" in the IDL when you
- know it is of the conformant array variety
-*/
-#define dom_sid2 dom_sid
-
-/* query security descriptor */
-struct smb_query_secdesc {
- struct {
- uint16_t fnum;
- uint32_t secinfo_flags;
- } in;
- struct {
- struct security_descriptor *sd;
- } out;
-};
-
-/* set security descriptor */
-struct smb_set_secdesc {
- struct {
- uint16_t fnum;
- uint32_t secinfo_flags;
- struct security_descriptor *sd;
- } in;
-};
case RAW_FILEINFO_GENERIC:
case RAW_FILEINFO_GETATTR:
case RAW_FILEINFO_GETATTRE:
+ case RAW_FILEINFO_SEC_DESC:
/* handled elsewhere */
return NT_STATUS_INVALID_LEVEL;
case RAW_SFILEINFO_GENERIC:
case RAW_SFILEINFO_SETATTR:
case RAW_SFILEINFO_SETATTRE:
+ case RAW_SFILEINFO_SEC_DESC:
/* handled elsewhere */
return NT_STATUS_INVALID_LEVEL;
const char *fname = BASEDIR "\\sd.txt";
BOOL ret = True;
int fnum;
- struct smb_query_secdesc q;
- struct smb_set_secdesc set;
+ union smb_fileinfo q;
+ union smb_setfileinfo set;
struct security_ace ace;
struct security_descriptor *sd;
struct dom_sid *test_sid;
status = smb_raw_open(cli->tree, mem_ctx, &io);
CHECK_STATUS(status, NT_STATUS_OK);
fnum = io.ntcreatex.out.fnum;
-
- q.in.fnum = fnum;
- q.in.secinfo_flags =
+
+ q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+ q.query_secdesc.in.fnum = fnum;
+ q.query_secdesc.in.secinfo_flags =
OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION;
- status = smb_raw_query_secdesc(cli->tree, mem_ctx, &q);
+ status = smb_raw_fileinfo(cli->tree, mem_ctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
- sd = q.out.sd;
+ sd = q.query_secdesc.out.sd;
printf("add a new ACE to the DACL\n");
status = security_descriptor_dacl_add(sd, &ace);
CHECK_STATUS(status, NT_STATUS_OK);
- set.in.fnum = fnum;
- set.in.secinfo_flags = q.in.secinfo_flags;
- set.in.sd = sd;
+ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+ set.set_secdesc.file.fnum = fnum;
+ set.set_secdesc.in.secinfo_flags = q.query_secdesc.in.secinfo_flags;
+ set.set_secdesc.in.sd = sd;
- status = smb_raw_set_secdesc(cli->tree, &set);
+ status = smb_raw_setfileinfo(cli->tree, &set);
CHECK_STATUS(status, NT_STATUS_OK);
- status = smb_raw_query_secdesc(cli->tree, mem_ctx, &q);
+ status = smb_raw_fileinfo(cli->tree, mem_ctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
- if (!security_descriptor_equal(q.out.sd, sd)) {
+ if (!security_descriptor_equal(q.query_secdesc.out.sd, sd)) {
printf("security descriptors don't match!\n");
printf("got:\n");
- NDR_PRINT_DEBUG(security_descriptor, q.out.sd);
+ NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
printf("expected:\n");
NDR_PRINT_DEBUG(security_descriptor, sd);
}
status = security_descriptor_dacl_del(sd, test_sid);
CHECK_STATUS(status, NT_STATUS_OK);
- status = smb_raw_set_secdesc(cli->tree, &set);
+ status = smb_raw_setfileinfo(cli->tree, &set);
CHECK_STATUS(status, NT_STATUS_OK);
- status = smb_raw_query_secdesc(cli->tree, mem_ctx, &q);
+ status = smb_raw_fileinfo(cli->tree, mem_ctx, &q);
CHECK_STATUS(status, NT_STATUS_OK);
- if (!security_descriptor_equal(q.out.sd, sd)) {
+ if (!security_descriptor_equal(q.query_secdesc.out.sd, sd)) {
printf("security descriptors don't match!\n");
printf("got:\n");
- NDR_PRINT_DEBUG(security_descriptor, q.out.sd);
+ NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd);
printf("expected:\n");
NDR_PRINT_DEBUG(security_descriptor, sd);
}