diff options
Diffstat (limited to 'source3/smbd/posix_acls.c')
-rw-r--r-- | source3/smbd/posix_acls.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 818bf95b3f..ffb1698394 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4182,3 +4182,58 @@ BOOL can_write_to_file(connection_struct *conn, const char *fname, SMB_STRUCT_ST /* Finally check other write access. */ return (psbuf->st_mode & S_IWOTH) ? True : False; } + +/******************************************************************** + Pull the NT ACL from a file on disk or the OpenEventlog() access + check. Caller is responsible for freeing the returned security + descriptor via TALLOC_FREE(). This is designed for dealing with + user space access checks in smbd outside of the VFS. For example, + checking access rights in OpenEventlog(). + + Assume we are dealing with files (for now) +********************************************************************/ + +SEC_DESC* get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) +{ + SEC_DESC *psd, *ret_sd; + size_t sd_size; + connection_struct conn; + files_struct finfo; + struct fd_handle fh; + fstring path; + pstring filename; + + ZERO_STRUCT( conn ); + conn.service = -1; + + if ( !(conn.mem_ctx = talloc_init( "novfs_get_nt_acl" )) ) { + DEBUG(0,("novfs_get_nt_acl: talloc() failed!\n")); + return NULL; + } + + fstrcpy( path, "/" ); + string_set(&conn.connectpath, path); + + if (!smbd_vfs_init(&conn)) { + DEBUG(0,("novfs_get_nt_acl: Unable to create a fake connection struct!\n")); + return NULL; + } + + ZERO_STRUCT( finfo ); + ZERO_STRUCT( fh ); + + finfo.fnum = -1; + finfo.conn = &conn; + finfo.fh = &fh; + finfo.fh->fd = -1; + pstrcpy( filename, fname ); + finfo.fsp_name = filename; + + sd_size = get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ); + + ret_sd = dup_sec_desc( ctx, psd ); + + conn_free_internal( &conn ); + + return ret_sd; +} |