diff options
-rw-r--r-- | source3/include/proto.h | 4 | ||||
-rw-r--r-- | source3/include/rpc_reg.h | 20 | ||||
-rw-r--r-- | source3/include/smb.h | 6 | ||||
-rw-r--r-- | source3/rpc_client/cli_reg.c | 17 | ||||
-rw-r--r-- | source3/rpc_parse/parse_reg.c | 99 | ||||
-rw-r--r-- | source3/rpc_parse/parse_sec.c | 41 |
6 files changed, 104 insertions, 83 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index aa2d3b6486..843c0a3311 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1648,7 +1648,9 @@ void reg_io_q_flush_key(char *desc, REG_Q_FLUSH_KEY *r_q, prs_struct *ps, int d void reg_io_r_flush_key(char *desc, REG_R_FLUSH_KEY *r_r, prs_struct *ps, int depth); void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd, char *name, char *class, - SEC_ACCESS *sam_access); + SEC_ACCESS *sam_access, + SEC_DESC_BUF *sec_buf, + int sec_len, SEC_DESC *sec); void reg_io_q_create_key(char *desc, REG_Q_CREATE_KEY *r_q, prs_struct *ps, int depth); void reg_io_r_create_key(char *desc, REG_R_CREATE_KEY *r_r, prs_struct *ps, int depth); void make_reg_q_delete_val(REG_Q_DELETE_VALUE *q_c, POLICY_HND *hnd, diff --git a/source3/include/rpc_reg.h b/source3/include/rpc_reg.h index ceb88ad657..7766052588 100644 --- a/source3/include/rpc_reg.h +++ b/source3/include/rpc_reg.h @@ -228,20 +228,12 @@ typedef struct q_reg_create_key_info SEC_ACCESS sam_access; /* access rights flags, see rpc_secdes.h */ uint32 ptr1; - uint32 unknown_0; /* 0x0000 000C */ - - uint32 ptr2; - uint32 sec_len1; /* 0x14 - length of security descriptor, bytes */ - uint32 sec_len2; /* 0x14 - length of security descriptor, bytes */ - uint32 sec_len3; /* 0x0 - length of security descriptor, bytes */ - uint32 sec_len4; /* 0x14 - length of security descriptor, bytes */ - uint32 sec_len5; /* 0x0 - length of security descriptor, bytes */ - uint32 sec_len6; /* 0x14 - length of security descriptor, bytes */ -#if 0 - SEC_DES sec_desc; -#else - uint8 buf_unk[20]; /* 01 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 */ -#endif + uint32 sec_info; /* xxxx_SECURITY_INFORMATION */ + + uint32 ptr2; /* pointer */ + BUFHDR hdr_sec; /* header for security data */ + uint32 ptr3; /* pointer */ + SEC_DESC_BUF *data; uint32 unknown_2; /* 0x0000 0000 */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 4f064d27d1..9339cdda6f 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1655,11 +1655,7 @@ extern int unix_ERR_code; #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) /* zero a structure given a pointer to the structure */ -#if 0 -#define ZERO_STRUCTP(x) { } -#else -#define ZERO_STRUCTP(x) { if (x != NULL) memset((char *)(x), 0, sizeof(*(x))); } -#endif +#define ZERO_STRUCTP(x) { memset((char *)(x), 0, sizeof(*(x))); } #define ZERO_STRUCTPN(x) { if (x != NULL) ZERO_STRUCTP(x); } diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c index dc6f45ed86..61e38a8d96 100644 --- a/source3/rpc_client/cli_reg.c +++ b/source3/rpc_client/cli_reg.c @@ -674,6 +674,13 @@ BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd, prs_struct buf; REG_Q_CREATE_KEY q_o; BOOL valid_create = False; + SEC_DESC sec; + SEC_DESC_BUF sec_buf; + int sec_len; + + ZERO_STRUCT(sec); + ZERO_STRUCT(sec_buf); + ZERO_STRUCT(q_o); if (hnd == NULL) return False; @@ -685,7 +692,13 @@ BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd, DEBUG(4,("REG Create Key: %s %s 0x%08x\n", key_name, key_class, sam_access != NULL ? sam_access->mask : 0)); - make_reg_q_create_key(&q_o, hnd, key_name, key_class, sam_access); + sec_len = make_sec_desc(&sec, 1, SEC_DESC_SELF_RELATIVE, + NULL, NULL, NULL, NULL); + + DEBUG(10,("make_sec_desc: len = %d\n", sec_len)); + + make_reg_q_create_key(&q_o, hnd, key_name, key_class, sam_access, + &sec_buf, sec_len, &sec); /* turn parameters into data stream */ reg_io_q_create_key("", &q_o, &buf, 0); @@ -715,6 +728,8 @@ BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd, } } + free_sec_desc(&sec); + prs_mem_free(&rbuf); prs_mem_free(&buf ); diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c index 103e6b0f85..ff57535caf 100644 --- a/source3/rpc_parse/parse_reg.c +++ b/source3/rpc_parse/parse_reg.c @@ -118,6 +118,32 @@ void reg_io_r_flush_key(char *desc, REG_R_FLUSH_KEY *r_r, prs_struct *ps, int d prs_uint32("status", ps, depth, &(r_r->status)); } +/******************************************************************* +reads or writes SEC_DESC_BUF and SEC_DATA structures. +********************************************************************/ +static void reg_io_hdrbuf_sec(uint32 ptr, uint32 *ptr3, BUFHDR *hdr_sec, SEC_DESC_BUF *data, prs_struct *ps, int depth) +{ + if (ptr != 0) + { + uint32 hdr_offset; + uint32 old_offset; + smb_io_hdrbuf_pre("hdr_sec", hdr_sec, ps, depth, &hdr_offset); + old_offset = ps->offset; + if (ptr3 != NULL) + { + prs_uint32("ptr3", ps, depth, ptr3); + } + if (ptr3 == NULL || *ptr3 != 0) + { + sec_io_desc_buf("data ", data , ps, depth); + } + smb_io_hdrbuf_post("hdr_sec", hdr_sec, ps, depth, hdr_offset, + data->max_len, data->len); + ps->offset = old_offset + data->len + sizeof(uint32) * ((ptr3 != NULL) ? 5 : 3); + prs_align(ps); + } +} + /******************************************************************* @@ -125,20 +151,13 @@ creates a structure. ********************************************************************/ void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd, char *name, char *class, - SEC_ACCESS *sam_access) + SEC_ACCESS *sam_access, + SEC_DESC_BUF *sec_buf, + int sec_len, SEC_DESC *sec) { int len_name = name != NULL ? strlen(name ) + 1: 0; int len_class = class != NULL ? strlen(class) + 1: 0; - static unsigned char data[] = - { - 0x01, 0x00, 0x00, 0x80, - 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 - }; - ZERO_STRUCTP(q_c); memcpy(&(q_c->pnt_pol), hnd, sizeof(q_c->pnt_pol)); @@ -153,17 +172,13 @@ void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd, memcpy(&(q_c->sam_access), sam_access, sizeof(q_c->sam_access)); q_c->ptr1 = 1; - q_c->unknown_0 = 0x0000000C; + q_c->sec_info = DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION; + q_c->data = sec_buf; q_c->ptr2 = 1; - q_c->sec_len1 = 0x14; - q_c->sec_len2 = 0x14; - q_c->sec_len3 = 0x0; - q_c->sec_len4 = 0x14; - q_c->sec_len5 = 0x0; - q_c->sec_len6 = 0x14; - - memcpy(&q_c->buf_unk, data, sizeof(q_c->buf_unk)); + make_buf_hdr(&(q_c->hdr_sec), sec_len, sec_len); + q_c->ptr3 = 1; + make_sec_desc_buf(q_c->data, sec_len, sec); q_c->unknown_2 = 0x00000000; } @@ -194,27 +209,15 @@ void reg_io_q_create_key(char *desc, REG_Q_CREATE_KEY *r_q, prs_struct *ps, int sec_io_access("sam_access", &r_q->sam_access, ps, depth); prs_uint32("ptr1", ps, depth, &(r_q->ptr1)); - if (r_q->ptr2 != 0) + if (r_q->ptr1 != 0) { - prs_uint32("unknown_0", ps, depth, &(r_q->unknown_0)); + prs_uint32("sec_info", ps, depth, &(r_q->sec_info)); } prs_uint32("ptr2", ps, depth, &(r_q->ptr2)); - if (r_q->ptr2) - { - prs_uint32("sec_len1", ps, depth, &(r_q->sec_len1)); - prs_uint32("sec_len2", ps, depth, &(r_q->sec_len2)); - prs_uint32("sec_len3", ps, depth, &(r_q->sec_len3)); - prs_uint32("sec_len4", ps, depth, &(r_q->sec_len4)); - prs_uint32("sec_len5", ps, depth, &(r_q->sec_len5)); - prs_uint32("sec_len6", ps, depth, &(r_q->sec_len6)); - prs_uint8s(False, "buf_unk", ps, depth, r_q->buf_unk, sizeof(r_q->buf_unk)); - prs_align(ps); - - prs_uint32("unknown_2", ps, depth, &(r_q->unknown_2)); - } + reg_io_hdrbuf_sec(r_q->ptr2, &r_q->ptr3, &r_q->hdr_sec, r_q->data, ps, depth); - prs_align(ps); + prs_uint32("unknown_2", ps, depth, &(r_q->unknown_2)); } @@ -575,18 +578,7 @@ void reg_io_q_set_key_sec(char *desc, REG_Q_SET_KEY_SEC *r_q, prs_struct *ps, i prs_uint32("sec_info", ps, depth, &(r_q->sec_info)); prs_uint32("ptr ", ps, depth, &(r_q->ptr )); - if (r_q->ptr != 0) - { - uint32 hdr_offset; - uint32 old_offset; - smb_io_hdrbuf_pre("hdr_sec", &(r_q->hdr_sec), ps, depth, &hdr_offset); - old_offset = ps->offset; - sec_io_desc_buf("data ", r_q->data , ps, depth); - smb_io_hdrbuf_post("hdr_sec", &(r_q->hdr_sec), ps, depth, hdr_offset, - r_q->data->max_len, r_q->data->len); - ps->offset = old_offset + r_q->data->len + sizeof(uint32) * 3; - prs_align(ps); - } + reg_io_hdrbuf_sec(r_q->ptr, NULL, &r_q->hdr_sec, r_q->data, ps, depth); } /******************************************************************* @@ -646,18 +638,7 @@ void reg_io_q_get_key_sec(char *desc, REG_Q_GET_KEY_SEC *r_q, prs_struct *ps, i prs_uint32("sec_info", ps, depth, &(r_q->sec_info)); prs_uint32("ptr ", ps, depth, &(r_q->ptr )); - if (r_q->ptr != 0) - { - uint32 hdr_offset; - uint32 old_offset; - smb_io_hdrbuf_pre("hdr_sec", &(r_q->hdr_sec), ps, depth, &hdr_offset); - old_offset = ps->offset; - sec_io_desc_buf("data ", r_q->data , ps, depth); - smb_io_hdrbuf_post("hdr_sec", &(r_q->hdr_sec), ps, depth, hdr_offset, - r_q->data->max_len, r_q->data->len); - ps->offset = old_offset + r_q->data->len + sizeof(uint32) * 3; - prs_align(ps); - } + reg_io_hdrbuf_sec(r_q->ptr, NULL, &r_q->hdr_sec, r_q->data, ps, depth); } #if 0 diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index b3c75fb0dc..0b0c08fe13 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -194,33 +194,49 @@ int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type, t->owner_sid = owner_sid; t->grp_sid = grp_sid; - offset = 0x14; + offset = 0x0; if (dacl != NULL) { + if (offset == 0) + { + offset = 0x14; + } t->off_dacl = offset; offset += dacl->size; } if (sacl != NULL) { + if (offset == 0) + { + offset = 0x14; + } t->off_dacl = offset; offset += dacl->size; } if (owner_sid != NULL) { + if (offset == 0) + { + offset = 0x14; + } t->off_owner_sid = offset; offset += sid_size(owner_sid); } if (grp_sid != NULL) { + if (offset == 0) + { + offset = 0x14; + } t->off_grp_sid = offset; offset += sid_size(grp_sid); } - return offset; + return (offset == 0) ? 0x14 : offset; } @@ -256,10 +272,12 @@ reads or writes a structure. ********************************************************************/ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { +#if 0 uint32 off_owner_sid; uint32 off_grp_sid ; uint32 off_sacl ; uint32 off_dacl ; +#endif uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ @@ -276,16 +294,23 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) prs_uint16("revision ", ps, depth, &(t->revision )); prs_uint16("type ", ps, depth, &(t->type )); + prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid)); + prs_uint32("off_grp_sid ", ps, depth, &(t->off_grp_sid )); + prs_uint32("off_sacl ", ps, depth, &(t->off_sacl )); + prs_uint32("off_dacl ", ps, depth, &(t->off_dacl )); +#if 0 prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), &off_owner_sid); prs_uint32_pre("off_grp_sid ", ps, depth, &(t->off_grp_sid ), &off_grp_sid ); prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl ), &off_sacl ); prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl ), &off_dacl ); - +#endif max_offset = MAX(max_offset, ps->offset); if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) { +#if 0 prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , ps->offset - old_offset); +#endif ps->offset = old_offset + t->off_dacl; if (ps->io) { @@ -304,16 +329,20 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) sec_io_acl ("dacl" , t->dacl , ps, depth); prs_align(ps); } +#if 0 else { prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , 0); } +#endif max_offset = MAX(max_offset, ps->offset); if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) { +#if 0 prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset - old_offset); +#endif ps->offset = old_offset + t->off_sacl; if (ps->io) { @@ -332,14 +361,18 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) sec_io_acl ("sacl" , t->sacl , ps, depth); prs_align(ps); } +#if 0 else { prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , 0); } +#endif max_offset = MAX(max_offset, ps->offset); +#if 0 prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, ps->offset - old_offset); +#endif if (t->off_owner_sid != 0) { if (ps->io) @@ -366,7 +399,9 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) max_offset = MAX(max_offset, ps->offset); +#if 0 prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , ps->offset - old_offset); +#endif if (t->off_grp_sid != 0) { if (ps->io) |