summaryrefslogtreecommitdiff
path: root/source4/libcli/security
diff options
context:
space:
mode:
authorAlexander Bokovoy <ab@samba.org>2005-04-15 14:45:00 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:11:34 -0500
commit9779e6d670d19a5dfdc034084b580653d5ca0670 (patch)
tree41dd03bbb94b5c80bf8f3943c2a5b39ab101318b /source4/libcli/security
parent7fc2109b9e5e3e1c100da9d9feb865ce412d8b0f (diff)
downloadsamba-9779e6d670d19a5dfdc034084b580653d5ca0670.tar.gz
samba-9779e6d670d19a5dfdc034084b580653d5ca0670.tar.bz2
samba-9779e6d670d19a5dfdc034084b580653d5ca0670.zip
r6352: Two new composite calls:
- qfsinfo (query file system information) - appendacl (append an ACL to existing file's security descriptor and get new full ACL) The second one also includes an improvement to security descriptor handling which allows to copy security descriptor. Written by Peter Novodvorsky <peter.novodvorsky@ru.ibm.com> Both functions have corresponding torture tests added. Tested under valgrind and work against Samba 4 and Windows XP. ToDo: document composite call creation process in prog_guide.txt (This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
Diffstat (limited to 'source4/libcli/security')
-rw-r--r--source4/libcli/security/security_descriptor.c80
1 files changed, 77 insertions, 3 deletions
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c
index 77d296235a..54c4bcb6cb 100644
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -50,6 +50,46 @@ struct security_descriptor *security_descriptor_initialise(TALLOC_CTX *mem_ctx)
return sd;
}
+static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx,
+ const struct security_acl *oacl)
+{
+ struct security_acl *nacl;
+ int i;
+
+ nacl = talloc (mem_ctx, struct security_acl);
+ if (nacl == NULL) {
+ return NULL;
+ }
+
+ nacl->aces = talloc_memdup (nacl, oacl->aces, sizeof(struct security_ace) * oacl->num_aces);
+ if ((nacl->aces == NULL) && (oacl->num_aces > 0)) {
+ goto failed;
+ }
+
+ /* remapping array in trustee dom_sid from old acl to new acl */
+
+ for (i = 0; i < oacl->num_aces; i++) {
+ nacl->aces[i].trustee.sub_auths =
+ talloc_memdup(nacl->aces, nacl->aces[i].trustee.sub_auths,
+ sizeof(uint32_t) * nacl->aces[i].trustee.num_auths);
+
+ if ((nacl->aces[i].trustee.sub_auths == NULL) && (nacl->aces[i].trustee.num_auths > 0)) {
+ goto failed;
+ }
+ }
+
+ nacl->revision = oacl->revision;
+ nacl->size = oacl->size;
+ nacl->num_aces = oacl->num_aces;
+
+ return nacl;
+
+ failed:
+ talloc_free (nacl);
+ return NULL;
+
+}
+
/*
talloc and copy a security descriptor
*/
@@ -58,11 +98,45 @@ struct security_descriptor *security_descriptor_copy(TALLOC_CTX *mem_ctx,
{
struct security_descriptor *nsd;
- /* FIXME */
- DEBUG(1, ("security_descriptor_copy(): sorry unimplemented yet\n"));
- nsd = NULL;
+ nsd = talloc_zero(mem_ctx, struct security_descriptor);
+ if (!nsd) {
+ return NULL;
+ }
+
+ if (osd->owner_sid) {
+ nsd->owner_sid = dom_sid_dup(nsd, osd->owner_sid);
+ if (nsd->owner_sid == NULL) {
+ goto failed;
+ }
+ }
+
+ if (osd->group_sid) {
+ nsd->group_sid = dom_sid_dup(nsd, osd->group_sid);
+ if (nsd->group_sid == NULL) {
+ goto failed;
+ }
+ }
+
+ if (osd->sacl) {
+ nsd->sacl = security_acl_dup(nsd, osd->sacl);
+ if (nsd->sacl == NULL) {
+ goto failed;
+ }
+ }
+
+ if (osd->dacl) {
+ nsd->dacl = security_acl_dup(nsd, osd->dacl);
+ if (nsd->dacl == NULL) {
+ goto failed;
+ }
+ }
return nsd;
+
+ failed:
+ talloc_free(nsd);
+
+ return NULL;
}
/*