s3:libsmb: add cli_{query,set}_security_descriptor() which take sec_info flags

In order to set and get security_descriptors it's important to specify
the sec_info flags.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index 04f661cc8207695dd3c4bfa2ee893ffb694604d8..24da39dc1f800299ed07a43040f968c19a7392b1 100644 (file)
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -21,8 +21,11 @@
 #include "libsmb/libsmb.h"
 #include "../libcli/security/secdesc.h"
 
-NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
-                          TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
+NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
+                                      uint16_t fnum,
+                                      uint32_t sec_info,
+                                      TALLOC_CTX *mem_ctx,
+                                      struct security_descriptor **sd)
 {
        uint8_t param[8];
        uint8_t *rdata=NULL;
@@ -31,7 +34,7 @@ NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
        struct security_descriptor *lsd;
 
        SIVAL(param, 0, fnum);
-       SIVAL(param, 4, 0x7);
+       SIVAL(param, 4, sec_info);
 
        status = cli_trans(talloc_tos(), cli, SMBnttrans,
                           NULL, -1, /* name, fid */
@@ -71,14 +74,23 @@ NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
        return status;
 }
 
+NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
+                          TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
+{
+       uint32_t sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
+
+       return cli_query_security_descriptor(cli, fnum, sec_info, mem_ctx, sd);
+}
+
 /****************************************************************************
   set the security descriptor for a open file
  ****************************************************************************/
-NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
-                        const struct security_descriptor *sd)
+NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
+                                    uint16_t fnum,
+                                    uint32_t sec_info,
+                                    const struct security_descriptor *sd)
 {
        uint8_t param[8];
-       uint32 sec_info = 0;
        uint8 *data;
        size_t len;
        NTSTATUS status;
@@ -91,16 +103,7 @@ NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
        }
 
        SIVAL(param, 0, fnum);
-
-       if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT))
-               sec_info |= SECINFO_DACL;
-       if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT))
-               sec_info |= SECINFO_SACL;
-       if (sd->owner_sid)
-               sec_info |= SECINFO_OWNER;
-       if (sd->group_sid)
-               sec_info |= SECINFO_GROUP;
-       SSVAL(param, 4, sec_info);
+       SIVAL(param, 4, sec_info);
 
        status = cli_trans(talloc_tos(), cli, SMBnttrans,
                           NULL, -1, /* name, fid */
@@ -119,3 +122,24 @@ NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
        }
        return status;
 }
+
+NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
+                        const struct security_descriptor *sd)
+{
+       uint32_t sec_info = 0;
+
+       if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT)) {
+               sec_info |= SECINFO_DACL;
+       }
+       if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT)) {
+               sec_info |= SECINFO_SACL;
+       }
+       if (sd->owner_sid) {
+               sec_info |= SECINFO_OWNER;
+       }
+       if (sd->group_sid) {
+               sec_info |= SECINFO_GROUP;
+       }
+
+       return cli_set_security_descriptor(cli, fnum, sec_info, sd);
+}

diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index e6d0ce827603178e159a894b2e8a1899413a7134..f186feeef4c6f64d7ad7b3511f31e0f046e83485 100644 (file)
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -792,8 +792,17 @@ NTSTATUS cli_push(struct cli_state *cli, uint16_t fnum, uint16_t mode,
 
 /* The following definitions come from libsmb/clisecdesc.c  */
 
+NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
+                                      uint16_t fnum,
+                                      uint32_t sec_info,
+                                      TALLOC_CTX *mem_ctx,
+                                      struct security_descriptor **sd);
 NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
                          TALLOC_CTX *mem_ctx, struct security_descriptor **sd);
+NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
+                                    uint16_t fnum,
+                                    uint32_t sec_info,
+                                    const struct security_descriptor *sd);
 NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
                         const struct security_descriptor *sd);