source3/libsmb/clisecdesc.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    client security descriptor functions
   4    Copyright (C) Andrew Tridgell 2000
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "includes.h"
  21 #include "libsmb/libsmb.h"
  22 #include "../libcli/security/secdesc.h"
  23 #include "../libcli/smb/smbXcli_base.h"
  24
  25 NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
  26                                        uint16_t fnum,
  27                                        uint32_t sec_info,
  28                                        TALLOC_CTX *mem_ctx,
  29                                        struct security_descriptor **sd)
  30 {
  31         uint8_t param[8];
  32         uint8_t *rdata=NULL;
  33         uint32_t rdata_count=0;
  34         NTSTATUS status;
  35         struct security_descriptor *lsd;
  36
  37         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
  38                 return cli_smb2_query_security_descriptor(cli,
  39                                                         fnum,
  40                                                         sec_info,
  41                                                         mem_ctx,
  42                                                         sd);
  43         }
  44
  45         SIVAL(param, 0, fnum);
  46         SIVAL(param, 4, sec_info);
  47
  48         status = cli_trans(talloc_tos(), cli, SMBnttrans,
  49                            NULL, -1, /* name, fid */
  50                            NT_TRANSACT_QUERY_SECURITY_DESC, 0, /* function, flags */
  51                            NULL, 0, 0, /* setup, length, max */
  52                            param, 8, 4, /* param, length, max */
  53                            NULL, 0, 0x10000, /* data, length, max */
  54                            NULL,             /* recv_flags2 */
  55                            NULL, 0, NULL, /* rsetup, length */
  56                            NULL, 0, NULL,
  57                            &rdata, 0, &rdata_count);
  58
  59         if (!NT_STATUS_IS_OK(status)) {
  60                 DEBUG(1, ("NT_TRANSACT_QUERY_SECURITY_DESC failed: %s\n",
  61                           nt_errstr(status)));
  62                 goto cleanup;
  63         }
  64
  65         status = unmarshall_sec_desc(mem_ctx, (uint8_t *)rdata, rdata_count,
  66                                      &lsd);
  67         if (!NT_STATUS_IS_OK(status)) {
  68                 DEBUG(10, ("unmarshall_sec_desc failed: %s\n",
  69                            nt_errstr(status)));
  70                 goto cleanup;
  71         }
  72
  73         if (sd != NULL) {
  74                 *sd = lsd;
  75         } else {
  76                 TALLOC_FREE(lsd);
  77         }
  78
  79  cleanup:
  80
  81         TALLOC_FREE(rdata);
  82
  83         return status;
  84 }
  85
  86 NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
  87                            TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
  88 {
  89         uint32_t sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
  90
  91         return cli_query_security_descriptor(cli, fnum, sec_info, mem_ctx, sd);
  92 }
  93
  94 NTSTATUS cli_query_mxac(struct cli_state *cli,
  95                         const char *filename,
  96                         uint32_t *mxac)
  97 {
  98         if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
  99                 return NT_STATUS_NOT_SUPPORTED;
 100         }
 101
 102         return cli_smb2_query_mxac(cli, filename, mxac);
 103 }
 104
 105
 106 /****************************************************************************
 107   set the security descriptor for a open file
 108  ****************************************************************************/
 109 NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
 110                                      uint16_t fnum,
 111                                      uint32_t sec_info,
 112                                      const struct security_descriptor *sd)
 113 {
 114         uint8_t param[8];
 115         uint8_t *data;
 116         size_t len;
 117         NTSTATUS status;
 118
 119         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
 120                 return cli_smb2_set_security_descriptor(cli,
 121                                                         fnum,
 122                                                         sec_info,
 123                                                         sd);
 124         }
 125
 126         status = marshall_sec_desc(talloc_tos(), sd, &data, &len);
 127         if (!NT_STATUS_IS_OK(status)) {
 128                 DEBUG(10, ("marshall_sec_desc failed: %s\n",
 129                            nt_errstr(status)));
 130                 return status;
 131         }
 132
 133         SIVAL(param, 0, fnum);
 134         SIVAL(param, 4, sec_info);
 135
 136         status = cli_trans(talloc_tos(), cli, SMBnttrans,
 137                            NULL, -1, /* name, fid */
 138                            NT_TRANSACT_SET_SECURITY_DESC, 0,
 139                            NULL, 0, 0, /* setup */
 140                            param, 8, 0, /* param */
 141                            data, len, 0, /* data */
 142                            NULL,         /* recv_flags2 */
 143                            NULL, 0, NULL, /* rsetup */
 144                            NULL, 0, NULL, /* rparam */
 145                            NULL, 0, NULL); /* rdata */
 146         TALLOC_FREE(data);
 147         if (!NT_STATUS_IS_OK(status)) {
 148                 DEBUG(1, ("Failed to send NT_TRANSACT_SET_SECURITY_DESC: %s\n",
 149                           nt_errstr(status)));
 150         }
 151         return status;
 152 }
 153
 154 NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
 155                          const struct security_descriptor *sd)
 156 {
 157         uint32_t sec_info = 0;
 158
 159         if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT)) {
 160                 sec_info |= SECINFO_DACL;
 161         }
 162         if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT)) {
 163                 sec_info |= SECINFO_SACL;
 164         }
 165         if (sd->owner_sid) {
 166                 sec_info |= SECINFO_OWNER;
 167         }
 168         if (sd->group_sid) {
 169                 sec_info |= SECINFO_GROUP;
 170         }
 171
 172         return cli_set_security_descriptor(cli, fnum, sec_info, sd);
 173 }