summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAmitay Isaacs <amitay@gmail.com>2011-08-02 16:10:21 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-08-03 14:26:04 +1000
commit65dcf82e644e8b57d3e09ad428a63a4708057311 (patch)
tree87ea51debf641279ce6626989a8f0dbabe414e3a
parent52d602335be1826e6a99a6470c03062ba908d373 (diff)
downloadsamba-65dcf82e644e8b57d3e09ad428a63a4708057311.tar.gz
samba-65dcf82e644e8b57d3e09ad428a63a4708057311.tar.bz2
samba-65dcf82e644e8b57d3e09ad428a63a4708057311.zip
s4-libcli: get_acl and set_acl require raw_open to set security descriptor
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r--source4/libcli/pysmb.c90
1 files changed, 75 insertions, 15 deletions
diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
index 43478ea5a8..91ecc83d01 100644
--- a/source4/libcli/pysmb.c
+++ b/source4/libcli/pysmb.c
@@ -24,6 +24,7 @@
#include "param/param.h"
#include "param/pyparam.h"
#include "system/dir.h"
+#include "system/filesys.h"
#include "lib/events/events.h"
#include "auth/credentials/credentials.h"
#include "auth/credentials/pycredentials.h"
@@ -297,9 +298,11 @@ static PyObject *py_smb_chkpath(py_talloc_Object *self, PyObject *args)
static PyObject *py_smb_getacl(py_talloc_Object *self, PyObject *args, PyObject *kwargs)
{
NTSTATUS status;
- union smb_fileinfo io;
+ union smb_open io;
+ union smb_fileinfo fio;
struct smb_private_data *spdata;
const char *filename;
+ int fnum;
if (!PyArg_ParseTuple(args, "s:get_acl", &filename)) {
return NULL;
@@ -307,17 +310,48 @@ static PyObject *py_smb_getacl(py_talloc_Object *self, PyObject *args, PyObject
ZERO_STRUCT(io);
- io.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
- io.query_secdesc.in.file.path = filename;
- io.query_secdesc.in.secinfo_flags = 0;
+ spdata = self->ptr;
+
+ io.generic.level = RAW_OPEN_NTCREATEX;
+ io.ntcreatex.in.root_fid.fnum = 0;
+ io.ntcreatex.in.flags = 0;
+ io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.create_options = 0;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.ntcreatex.in.alloc_size = 0;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.fname = filename;
+
+ status = smb_raw_open(spdata->tree, self->talloc_ctx, &io);
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ fnum = io.ntcreatex.out.file.fnum;
+
+ ZERO_STRUCT(fio);
+
+ fio.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+ fio.query_secdesc.in.file.fnum = fnum;
+ fio.query_secdesc.in.secinfo_flags = SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL |
+ SECINFO_PROTECTED_DACL |
+ SECINFO_UNPROTECTED_DACL |
+ SECINFO_DACL |
+ SECINFO_PROTECTED_SACL |
+ SECINFO_UNPROTECTED_SACL;
- spdata = self->ptr;
- status = smb_raw_query_secdesc(spdata->tree, self->talloc_ctx, &io);
+ status = smb_raw_query_secdesc(spdata->tree, self->talloc_ctx, &fio);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
+ smbcli_close(spdata->tree, fnum);
+
return py_return_ndr_struct("samba.dcerpc.security", "descriptor",
- self->talloc_ctx, io.query_secdesc.out.sd);
+ self->talloc_ctx, fio.query_secdesc.out.sd);
}
@@ -327,11 +361,13 @@ static PyObject *py_smb_getacl(py_talloc_Object *self, PyObject *args, PyObject
static PyObject *py_smb_setacl(py_talloc_Object *self, PyObject *args, PyObject *kwargs)
{
NTSTATUS status;
- union smb_setfileinfo io;
+ union smb_open io;
+ union smb_setfileinfo fio;
struct smb_private_data *spdata;
const char *filename;
PyObject *py_sd;
struct security_descriptor *sd;
+ int fnum;
if (!PyArg_ParseTuple(args, "sO:set_acl", &filename, &py_sd)) {
return NULL;
@@ -341,19 +377,43 @@ static PyObject *py_smb_setacl(py_talloc_Object *self, PyObject *args, PyObject
sd = py_talloc_get_type(py_sd, struct security_descriptor);
if (!sd) {
- PyErr_Format(PyExc_TypeError,
- "Expected dcerpc.security.descriptor for security_descriptor argument, got %s", talloc_get_name(py_talloc_get_ptr(py_sd)));
+ PyErr_Format(PyExc_TypeError,
+ "Expected dcerpc.security.descriptor as argument, got %s",
+ talloc_get_name(py_talloc_get_ptr(py_sd)));
return NULL;
}
ZERO_STRUCT(io);
- io.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
- io.set_secdesc.in.file.path = filename;
- io.set_secdesc.in.secinfo_flags = 0;
- io.set_secdesc.in.sd = sd;
+ spdata = self->ptr;
+
+ io.generic.level = RAW_OPEN_NTCREATEX;
+ io.ntcreatex.in.root_fid.fnum = 0;
+ io.ntcreatex.in.flags = 0;
+ io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ io.ntcreatex.in.create_options = 0;
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.ntcreatex.in.alloc_size = 0;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.fname = filename;
+
+ status = smb_raw_open(spdata->tree, self->talloc_ctx, &io);
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ fnum = io.ntcreatex.out.file.fnum;
+
+ ZERO_STRUCT(fio);
+
+ fio.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+ fio.set_secdesc.in.file.fnum = fnum;
+ fio.set_secdesc.in.secinfo_flags = 0;
+ fio.set_secdesc.in.sd = sd;
- status = smb_raw_set_secdesc(spdata->tree, &io);
+ status = smb_raw_set_secdesc(spdata->tree, &fio);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;