diff options
| author | Jeremy Allison <jra@samba.org> | 2001-06-16 00:32:13 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2001-06-16 00:32:13 +0000 |
| commit | af604fe7694f3e1d1acdecfab366dfe31cfee9ef (patch) | |
| tree | 64d5e1ce5e743341e1f29d7739cd4b5a8503ea2c /source3/rpc_server/srv_srvsvc_nt.c | |
| parent | 438e89b187fe985cddb0c6f59a1f3cd0c185d331 (diff) | |
| download | samba-af604fe7694f3e1d1acdecfab366dfe31cfee9ef.tar.gz samba-af604fe7694f3e1d1acdecfab366dfe31cfee9ef.tar.bz2 samba-af604fe7694f3e1d1acdecfab366dfe31cfee9ef.zip | |
Modified version of Jim's 0x27 and 0x28 Win9x Secdesc patch.
Jeremy.
(This used to be commit 5690ec77c87475f1fd2e854cda594eb996d6fd04)
Diffstat (limited to 'source3/rpc_server/srv_srvsvc_nt.c')
| -rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 167 |
1 files changed, 167 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 13d27788e0..7ae95a5eac 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1564,6 +1564,173 @@ uint32 _srv_net_remote_tod(pipes_struct *p, SRV_Q_NET_REMOTE_TOD *q_u, SRV_R_NET } /*********************************************************************************** + Win9x NT tools get security descriptor. +***********************************************************************************/ + +uint32 _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC *q_u, + SRV_R_NET_FILE_QUERY_SECDESC *r_u) +{ + SEC_DESC *psd = NULL; + size_t sd_size; + fstring null_pw; + pstring filename; + pstring qualname; + files_struct *fsp = NULL; + SMB_STRUCT_STAT st; + BOOL bad_path; + int access_mode; + int action; + int ecode; + struct current_user user; + fstring user_name; + connection_struct *conn = NULL; + + ZERO_STRUCT(st); + + r_u->status = NT_STATUS_NOPROBLEMO; + + unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname)); + + /* Null password is ok - we are already an authenticated user... */ + *null_pw = '\0'; + + get_current_user(&user, p); + fstrcpy(user_name, uidtoname(user.uid)); + + conn = make_connection(qualname, user_name, "", 0, "A:", user.vuid, &ecode); + + if (conn == NULL) { + DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname)); + r_u->status = (uint32)ecode; + goto error_exit; + } + + unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename)); + unix_convert(filename, conn, NULL, &bad_path, &st); + fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDONLY), + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action); + + if (!fsp) { + DEBUG(3,("_srv_net_file_query_secdesc: Unable to open file %s\n", filename)); + r_u->status = ERROR_ACCESS_DENIED; + goto error_exit; + } + + sd_size = conn->vfs_ops.get_nt_acl(fsp, fsp->fsp_name, &psd); + + if (sd_size == 0) { + DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename)); + r_u->status = ERROR_ACCESS_DENIED; + goto error_exit; + } + + r_u->ptr_response = 1; + r_u->size_response = sd_size; + r_u->ptr_secdesc = 1; + r_u->size_secdesc = sd_size; + r_u->sec_desc = psd; + + psd->dacl->revision = (uint16) NT4_ACL_REVISION; + + fsp->conn->vfs_ops.close(fsp, fsp->fd); + file_free(fsp); + + close_cnum(conn, user.vuid); + return r_u->status; + + error_exit: + + if(fsp) { + fsp->conn->vfs_ops.close(fsp, fsp->fd); + file_free(fsp); + } + + if (conn) + close_cnum(conn, user.vuid); + + return r_u->status; +} + +/*********************************************************************************** + Win9x NT tools set security descriptor. +***********************************************************************************/ + +uint32 _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_u, + SRV_R_NET_FILE_SET_SECDESC *r_u) +{ + BOOL ret; + pstring filename; + pstring qualname; + fstring null_pw; + files_struct *fsp = NULL; + SMB_STRUCT_STAT st; + BOOL bad_path; + int access_mode; + int action; + int ecode; + struct current_user user; + fstring user_name; + connection_struct *conn = NULL; + + ZERO_STRUCT(st); + + r_u->status = NT_STATUS_NOPROBLEMO; + + unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname)); + + /* Null password is ok - we are already an authenticated user... */ + *null_pw = '\0'; + + get_current_user(&user, p); + fstrcpy(user_name, uidtoname(user.uid)); + + conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode); + + if (conn == NULL) { + DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname)); + r_u->status = (uint32)ecode; + goto error_exit; + } + + unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename)); + unix_convert(filename, conn, NULL, &bad_path, &st); + + fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDWR), + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action); + + if (!fsp) { + DEBUG(3,("_srv_net_file_set_secdesc: Unable to open file %s\n", filename)); + r_u->status = ERROR_ACCESS_DENIED; + goto error_exit; + } + + ret = conn->vfs_ops.set_nt_acl(fsp, fsp->fsp_name, q_u->sec_info, q_u->sec_desc); + + if (ret == False) { + DEBUG(3,("_srv_net_file_set_secdesc: Unable to set NT ACL on file %s\n", filename)); + r_u->status = ERROR_ACCESS_DENIED; + goto error_exit; + } + + fsp->conn->vfs_ops.close(fsp, fsp->fd); + file_free(fsp); + close_cnum(conn, user.vuid); + return r_u->status; + + error_exit: + + if(fsp) { + fsp->conn->vfs_ops.close(fsp, fsp->fd); + file_free(fsp); + } + + if (conn) + close_cnum(conn, user.vuid); + + return r_u->status; +} + +/*********************************************************************************** It may be that we want to limit users to creating shares on certain areas of the UNIX file area. We could define areas by mapping Windows style disks to points on the UNIX directory hierarchy. These disks would the disks listed by this function. |