r6352: Two new composite calls:

- qfsinfo (query file system information)
- appendacl (append an ACL to existing file's security descriptor and get new
full ACL)

The second one also includes an improvement to security descriptor handling
which allows to copy security descriptor. Written by Peter Novodvorsky
<peter.novodvorsky@ru.ibm.com>

Both functions have corresponding torture tests added. Tested under valgrind and
work against Samba 4 and Windows XP.

ToDo: document composite call creation process in prog_guide.txt
(This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)

1 files changed, 311 insertions, 0 deletions

diff --git a/source4/libcli/composite/appendacl.c b/source4/libcli/composite/appendacl.c
new file mode 100644
index 0000000000..76702e6bca
--- /dev/null
+++ b/source4/libcli/composite/appendacl.c
@@ -0,0 +1,311 @@
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/composite/composite.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/* the stages of this call */
+enum appendacl_stage {APPENDACL_OPENPATH, APPENDACL_GET, 
+		       APPENDACL_SET, APPENDACL_GETAGAIN, APPENDACL_CLOSEPATH};
+
+static void appendacl_handler(struct smbcli_request *req);
+
+struct appendacl_state {
+	enum appendacl_stage stage;
+	struct smb_composite_appendacl *io;
+
+	union smb_open *io_open;
+	union smb_setfileinfo *io_setfileinfo;
+	union smb_fileinfo *io_fileinfo;
+
+	struct smbcli_request *req;
+};
+
+
+static NTSTATUS appendacl_open(struct composite_context *c, 
+			      struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+	struct smbcli_tree *tree = state->req->tree;
+	NTSTATUS status;
+
+	status = smb_raw_open_recv(state->req, c, state->io_open);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* setup structures for getting fileinfo */
+	state->io_fileinfo = talloc(c, union smb_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_fileinfo);
+	
+	state->io_fileinfo->query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	state->io_fileinfo->query_secdesc.in.fnum = state->io_open->ntcreatex.out.fnum;
+	state->io_fileinfo->query_secdesc.secinfo_flags = SECINFO_DACL;
+
+	state->req = smb_raw_fileinfo_send(tree, state->io_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* set the handler */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private = c;
+	state->stage = APPENDACL_GET;
+	
+	talloc_free (state->io_open);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS appendacl_get(struct composite_context *c, 
+			       struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+	struct smbcli_tree *tree = state->req->tree;
+	int i;
+	NTSTATUS status;
+	
+	status = smb_raw_fileinfo_recv(state->req, state->io_fileinfo, state->io_fileinfo);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	/* setup structures for setting fileinfo */
+	state->io_setfileinfo = talloc(c, union smb_setfileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_setfileinfo);
+	
+	state->io_setfileinfo->set_secdesc.level            = RAW_SFILEINFO_SEC_DESC;
+	state->io_setfileinfo->set_secdesc.file.fnum        = state->io_fileinfo->query_secdesc.in.fnum;
+	
+	state->io_setfileinfo->set_secdesc.in.secinfo_flags = SECINFO_DACL;
+	state->io_setfileinfo->set_secdesc.in.sd            = state->io_fileinfo->query_secdesc.out.sd;
+	talloc_steal(state->io_setfileinfo, state->io_setfileinfo->set_secdesc.in.sd);
+
+	/* append all aces from io->in.sd->dacl to new security descriptor */
+	if (io->in.sd->dacl != NULL) {
+		for (i = 0; i < io->in.sd->dacl->num_aces; i++) {
+			security_descriptor_dacl_add(state->io_setfileinfo->set_secdesc.in.sd,
+						     &(io->in.sd->dacl->aces[i]));
+		}
+	}
+
+	status = smb_raw_setfileinfo(tree, state->io_setfileinfo);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	state->req = smb_raw_setfileinfo_send(tree, state->io_setfileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call handler when done setting new security descriptor on file */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private = c;
+	state->stage = APPENDACL_SET;
+
+	talloc_free (state->io_fileinfo);
+
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS appendacl_set(struct composite_context *c, 
+			      struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+	struct smbcli_tree *tree = state->req->tree;
+	NTSTATUS status;
+
+	status = smbcli_request_simple_recv(state->req);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* setup structures for getting fileinfo */
+	state->io_fileinfo = talloc(c, union smb_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->io_fileinfo);
+	
+
+	state->io_fileinfo->query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+	state->io_fileinfo->query_secdesc.in.fnum = state->io_setfileinfo->set_secdesc.file.fnum;
+	state->io_fileinfo->query_secdesc.secinfo_flags = SECINFO_DACL;
+
+	state->req = smb_raw_fileinfo_send(tree, state->io_fileinfo);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* set the handler */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private = c;
+	state->stage = APPENDACL_GETAGAIN;
+	
+	talloc_free (state->io_setfileinfo);
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS appendacl_getagain(struct composite_context *c, 
+				   struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+	struct smbcli_tree *tree = state->req->tree;
+	union smb_close *io_close;
+	NTSTATUS status;
+	
+	status = smb_raw_fileinfo_recv(state->req, c, state->io_fileinfo);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	io->out.sd = state->io_fileinfo->query_secdesc.out.sd;
+
+	/* setup structures for close */
+	io_close = talloc(c, union smb_close);
+	NT_STATUS_HAVE_NO_MEMORY(io_close);
+	
+	io_close->close.level = RAW_CLOSE_CLOSE;
+	io_close->close.in.fnum = state->io_fileinfo->query_secdesc.in.fnum;
+	io_close->close.in.write_time = 0;
+
+	state->req = smb_raw_close_send(tree, io_close);
+	NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+	/* call the handler */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private = c;
+	state->stage = APPENDACL_CLOSEPATH;
+
+	talloc_free (state->io_fileinfo);
+
+	return NT_STATUS_OK;
+}
+
+
+
+static NTSTATUS appendacl_close(struct composite_context *c, 
+				struct smb_composite_appendacl *io)
+{
+	struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+	NTSTATUS status;
+
+	status = smbcli_request_simple_recv(state->req);
+	NT_STATUS_NOT_OK_RETURN(status);
+	
+	c->state = SMBCLI_REQUEST_DONE;
+
+	return NT_STATUS_OK;
+}
+
+/*
+  handler for completion of a sub-request in appendacl
+*/
+static void appendacl_handler(struct smbcli_request *req)
+{
+	struct composite_context *c = req->async.private;
+	struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+
+	/* when this handler is called, the stage indicates what
+	   call has just finished */
+	switch (state->stage) {
+	case APPENDACL_OPENPATH:
+		c->status = appendacl_open(c, state->io);
+		break;
+
+	case APPENDACL_GET:
+		c->status = appendacl_get(c, state->io);
+		break;
+
+	case APPENDACL_SET:
+		c->status = appendacl_set(c, state->io);
+		break;
+
+	case APPENDACL_GETAGAIN:
+		c->status = appendacl_getagain(c, state->io);
+		break;
+
+	case APPENDACL_CLOSEPATH:
+		c->status = appendacl_close(c, state->io);
+		break;
+	}
+
+	/* We should get here if c->state >= SMBCLI_REQUEST_DONE */
+	if (!NT_STATUS_IS_OK(c->status)) {
+		c->state = SMBCLI_REQUEST_ERROR;
+	}
+
+	if (c->state >= SMBCLI_REQUEST_DONE &&
+	    c->async.fn) {
+		c->async.fn(c);
+	}
+}
+
+
+/*
+  composite appendacl call - does an open followed by a number setfileinfo,
+  after that new acls are read with fileinfo, followed by a close
+*/
+struct composite_context *smb_composite_appendacl_send(struct smbcli_tree *tree, 
+							struct smb_composite_appendacl *io)
+{
+	struct composite_context *c;
+	struct appendacl_state *state;
+
+	c = talloc_zero(tree, struct composite_context);
+	if (c == NULL) goto failed;
+
+	state = talloc(c, struct appendacl_state);
+	if (state == NULL) goto failed;
+
+	state->io = io;
+
+	c->private = state;
+	c->state = SMBCLI_REQUEST_SEND;
+	c->event_ctx = tree->session->transport->socket->event.ctx;
+
+	/* setup structures for opening file */
+	state->io_open = talloc_zero(c, union smb_open);
+	if (state->io_open == NULL) goto failed;
+	
+	state->io_open->ntcreatex.level               = RAW_OPEN_NTCREATEX;
+	state->io_open->ntcreatex.in.root_fid = 0;
+	state->io_open->ntcreatex.in.flags            = 0;
+	state->io_open->ntcreatex.in.access_mask      = SEC_FLAG_MAXIMUM_ALLOWED;
+	state->io_open->ntcreatex.in.file_attr        = FILE_ATTRIBUTE_NORMAL;
+	state->io_open->ntcreatex.in.share_access     = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+	state->io_open->ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+	state->io_open->ntcreatex.in.impersonation    = NTCREATEX_IMPERSONATION_ANONYMOUS;
+	state->io_open->ntcreatex.in.security_flags   = 0;
+	state->io_open->ntcreatex.in.fname            = io->in.fname;
+
+	/* send the open on its way */
+	state->req = smb_raw_open_send(tree, state->io_open);
+	if (state->req == NULL) goto failed;
+
+	/* setup the callback handler */
+	state->req->async.fn = appendacl_handler;
+	state->req->async.private = c;
+	state->stage = APPENDACL_OPENPATH;
+
+	return c;
+
+failed:
+	talloc_free(c);
+	return NULL;
+}
+
+
+/*
+  composite appendacl call - recv side
+*/
+NTSTATUS smb_composite_appendacl_recv(struct composite_context *c, TALLOC_CTX *mem_ctx)
+{
+	NTSTATUS status;
+
+	status = composite_wait(c);
+
+	if (NT_STATUS_IS_OK(status)) {
+		struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+		state->io->out.sd = security_descriptor_copy (mem_ctx, state->io->out.sd);
+	}
+
+	talloc_free(c);
+	return status;
+}
+
+
+/*
+  composite appendacl call - sync interface
+*/
+NTSTATUS smb_composite_appendacl(struct smbcli_tree *tree, 
+				TALLOC_CTX *mem_ctx,
+				struct smb_composite_appendacl *io)
+{
+	struct composite_context *c = smb_composite_appendacl_send(tree, io);
+	return smb_composite_appendacl_recv(c, mem_ctx);
+}
+