source3/libsmb/clisecdesc.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    client security descriptor functions
   4    Copyright (C) Andrew Tridgell 2000
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20 #include "includes.h"
  21 #include "libsmb/libsmb.h"
  22 #include "../libcli/security/secdesc.h"
  23 #include "../libcli/smb/smbXcli_base.h"
  24
  25 NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
  26                                        uint16_t fnum,
  27                                        uint32_t sec_info,
  28                                        TALLOC_CTX *mem_ctx,
  29                                        struct security_descriptor **sd)
  30 {
  31         uint8_t param[8];
  32         uint8_t *rdata=NULL;
  33         uint32_t rdata_count=0;
  34         NTSTATUS status;
  35         struct security_descriptor *lsd;
  36
  37         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
  38                 return cli_smb2_query_security_descriptor(cli,
  39                                                         fnum,
  40                                                         sec_info,
  41                                                         mem_ctx,
  42                                                         sd);
  43         }
  44
  45         SIVAL(param, 0, fnum);
  46         SIVAL(param, 4, sec_info);
  47
  48         status = cli_trans(talloc_tos(), cli, SMBnttrans,
  49                            NULL, -1, /* name, fid */
  50                            NT_TRANSACT_QUERY_SECURITY_DESC, 0, /* function, flags */
  51                            NULL, 0, 0, /* setup, length, max */
  52                            param, 8, 4, /* param, length, max */
  53                            NULL, 0, 0x10000, /* data, length, max */
  54                            NULL,             /* recv_flags2 */
  55                            NULL, 0, NULL, /* rsetup, length */
  56                            NULL, 0, NULL,
  57                            &rdata, 0, &rdata_count);
  58
  59         if (!NT_STATUS_IS_OK(status)) {
  60                 DEBUG(1, ("NT_TRANSACT_QUERY_SECURITY_DESC failed: %s\n",
  61                           nt_errstr(status)));
  62                 goto cleanup;
  63         }
  64
  65         status = unmarshall_sec_desc(mem_ctx, (uint8 *)rdata, rdata_count,
  66                                      &lsd);
  67         if (!NT_STATUS_IS_OK(status)) {
  68                 DEBUG(10, ("unmarshall_sec_desc failed: %s\n",
  69                            nt_errstr(status)));
  70                 goto cleanup;
  71         }
  72
  73         if (sd != NULL) {
  74                 *sd = lsd;
  75         } else {
  76                 TALLOC_FREE(lsd);
  77         }
  78
  79  cleanup:
  80
  81         TALLOC_FREE(rdata);
  82
  83         return status;
  84 }
  85
  86 NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
  87                            TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
  88 {
  89         uint32_t sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
  90
  91         return cli_query_security_descriptor(cli, fnum, sec_info, mem_ctx, sd);
  92 }
  93
  94 /****************************************************************************
  95   set the security descriptor for a open file
  96  ****************************************************************************/
  97 NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
  98                                      uint16_t fnum,
  99                                      uint32_t sec_info,
 100                                      const struct security_descriptor *sd)
 101 {
 102         uint8_t param[8];
 103         uint8 *data;
 104         size_t len;
 105         NTSTATUS status;
 106
 107         if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
 108                 return cli_smb2_set_security_descriptor(cli,
 109                                                         fnum,
 110                                                         sec_info,
 111                                                         sd);
 112         }
 113
 114         status = marshall_sec_desc(talloc_tos(), sd, &data, &len);
 115         if (!NT_STATUS_IS_OK(status)) {
 116                 DEBUG(10, ("marshall_sec_desc failed: %s\n",
 117                            nt_errstr(status)));
 118                 return status;
 119         }
 120
 121         SIVAL(param, 0, fnum);
 122         SIVAL(param, 4, sec_info);
 123
 124         status = cli_trans(talloc_tos(), cli, SMBnttrans,
 125                            NULL, -1, /* name, fid */
 126                            NT_TRANSACT_SET_SECURITY_DESC, 0,
 127                            NULL, 0, 0, /* setup */
 128                            param, 8, 0, /* param */
 129                            data, len, 0, /* data */
 130                            NULL,         /* recv_flags2 */
 131                            NULL, 0, NULL, /* rsetup */
 132                            NULL, 0, NULL, /* rparam */
 133                            NULL, 0, NULL); /* rdata */
 134         TALLOC_FREE(data);
 135         if (!NT_STATUS_IS_OK(status)) {
 136                 DEBUG(1, ("Failed to send NT_TRANSACT_SET_SECURITY_DESC: %s\n",
 137                           nt_errstr(status)));
 138         }
 139         return status;
 140 }
 141
 142 NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
 143                          const struct security_descriptor *sd)
 144 {
 145         uint32_t sec_info = 0;
 146
 147         if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT)) {
 148                 sec_info |= SECINFO_DACL;
 149         }
 150         if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT)) {
 151                 sec_info |= SECINFO_SACL;
 152         }
 153         if (sd->owner_sid) {
 154                 sec_info |= SECINFO_OWNER;
 155         }
 156         if (sd->group_sid) {
 157                 sec_info |= SECINFO_GROUP;
 158         }
 159
 160         return cli_set_security_descriptor(cli, fnum, sec_info, sd);
 161 }