*/
#include "includes.h"
+#include "system/filesys.h"
+#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "dbwrap.h"
+#include "util_tdb.h"
/*******************************************************************
Create the share security tdb.
def_access is a GENERIC_XXX access mode.
********************************************************************/
-SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
+struct security_descriptor *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
{
uint32_t sa;
- SEC_ACE ace;
- SEC_ACL *psa = NULL;
- SEC_DESC *psd = NULL;
+ struct security_ace ace;
+ struct security_acl *psa = NULL;
+ struct security_descriptor *psd = NULL;
uint32 spec_access = def_access;
se_map_generic(&spec_access, &file_generic_mapping);
Pull a security descriptor from the share tdb.
********************************************************************/
-SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename,
+struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *servicename,
size_t *psize)
{
char *key;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
TDB_DATA data;
char *c_servicename = canonicalize_servicename(talloc_tos(), servicename);
NTSTATUS status;
Store a security descriptor in the share db.
********************************************************************/
-bool set_share_security(const char *share_name, SEC_DESC *psd)
+bool set_share_security(const char *share_name, struct security_descriptor *psd)
{
TALLOC_CTX *frame = talloc_stackframe();
char *key;
Can this user access with share with the required permissions ?
********************************************************************/
-bool share_access_check(const NT_USER_TOKEN *token, const char *sharename,
- uint32 desired_access)
+bool share_access_check(const struct security_token *token,
+ const char *sharename,
+ uint32 desired_access,
+ uint32_t *pgranted)
{
uint32 granted;
NTSTATUS status;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size;
psd = get_share_security(talloc_tos(), sharename, &sd_size);
if (!psd) {
- return True;
+ if (pgranted != NULL) {
+ *pgranted = desired_access;
+ }
+ return false;
}
status = se_access_check(psd, token, desired_access, &granted);
TALLOC_FREE(psd);
+ if (pgranted != NULL) {
+ *pgranted = granted;
+ }
+
return NT_STATUS_IS_OK(status);
}
Parse the contents of an acl string from a usershare file.
***************************************************************************/
-bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
+bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd)
{
size_t s_size = 0;
const char *pacl = acl_str;
int num_aces = 0;
- SEC_ACE *ace_list = NULL;
- SEC_ACL *psa = NULL;
- SEC_DESC *psd = NULL;
+ struct security_ace *ace_list = NULL;
+ struct security_acl *psa = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size = 0;
int i;
/* If the acl string is blank return "Everyone:R" */
if (!*acl_str) {
- SEC_DESC *default_psd = get_share_security_default(ctx, &s_size, GENERIC_READ_ACCESS);
+ struct security_descriptor *default_psd = get_share_security_default(ctx, &s_size, GENERIC_READ_ACCESS);
if (!default_psd) {
return False;
}
/* Add the number of ',' characters to get the number of aces. */
num_aces += count_chars(pacl,',');
- ace_list = TALLOC_ARRAY(ctx, SEC_ACE, num_aces);
+ ace_list = talloc_array(ctx, struct security_ace, num_aces);
if (!ace_list) {
return False;
}
uint32_t sa;
uint32 g_access;
uint32 s_access;
- DOM_SID sid;
+ struct dom_sid sid;
char *sidstr;
enum security_ace_type type = SEC_ACE_TYPE_ACCESS_ALLOWED;