summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/posix_acls.c55
1 files changed, 55 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 818bf95b3f..ffb1698394 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -4182,3 +4182,58 @@ BOOL can_write_to_file(connection_struct *conn, const char *fname, SMB_STRUCT_ST
/* Finally check other write access. */
return (psbuf->st_mode & S_IWOTH) ? True : False;
}
+
+/********************************************************************
+ Pull the NT ACL from a file on disk or the OpenEventlog() access
+ check. Caller is responsible for freeing the returned security
+ descriptor via TALLOC_FREE(). This is designed for dealing with
+ user space access checks in smbd outside of the VFS. For example,
+ checking access rights in OpenEventlog().
+
+ Assume we are dealing with files (for now)
+********************************************************************/
+
+SEC_DESC* get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
+{
+ SEC_DESC *psd, *ret_sd;
+ size_t sd_size;
+ connection_struct conn;
+ files_struct finfo;
+ struct fd_handle fh;
+ fstring path;
+ pstring filename;
+
+ ZERO_STRUCT( conn );
+ conn.service = -1;
+
+ if ( !(conn.mem_ctx = talloc_init( "novfs_get_nt_acl" )) ) {
+ DEBUG(0,("novfs_get_nt_acl: talloc() failed!\n"));
+ return NULL;
+ }
+
+ fstrcpy( path, "/" );
+ string_set(&conn.connectpath, path);
+
+ if (!smbd_vfs_init(&conn)) {
+ DEBUG(0,("novfs_get_nt_acl: Unable to create a fake connection struct!\n"));
+ return NULL;
+ }
+
+ ZERO_STRUCT( finfo );
+ ZERO_STRUCT( fh );
+
+ finfo.fnum = -1;
+ finfo.conn = &conn;
+ finfo.fh = &fh;
+ finfo.fh->fd = -1;
+ pstrcpy( filename, fname );
+ finfo.fsp_name = filename;
+
+ sd_size = get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd );
+
+ ret_sd = dup_sec_desc( ctx, psd );
+
+ conn_free_internal( &conn );
+
+ return ret_sd;
+}