summaryrefslogtreecommitdiff
path: root/source4/libcli/composite/appendacl.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/composite/appendacl.c')
-rw-r--r--source4/libcli/composite/appendacl.c311
1 files changed, 311 insertions, 0 deletions
diff --git a/source4/libcli/composite/appendacl.c b/source4/libcli/composite/appendacl.c
new file mode 100644
index 0000000000..76702e6bca
--- /dev/null
+++ b/source4/libcli/composite/appendacl.c
@@ -0,0 +1,311 @@
+#include "includes.h"
+#include "libcli/raw/libcliraw.h"
+#include "libcli/composite/composite.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/* the stages of this call */
+enum appendacl_stage {APPENDACL_OPENPATH, APPENDACL_GET,
+ APPENDACL_SET, APPENDACL_GETAGAIN, APPENDACL_CLOSEPATH};
+
+static void appendacl_handler(struct smbcli_request *req);
+
+struct appendacl_state {
+ enum appendacl_stage stage;
+ struct smb_composite_appendacl *io;
+
+ union smb_open *io_open;
+ union smb_setfileinfo *io_setfileinfo;
+ union smb_fileinfo *io_fileinfo;
+
+ struct smbcli_request *req;
+};
+
+
+static NTSTATUS appendacl_open(struct composite_context *c,
+ struct smb_composite_appendacl *io)
+{
+ struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+ struct smbcli_tree *tree = state->req->tree;
+ NTSTATUS status;
+
+ status = smb_raw_open_recv(state->req, c, state->io_open);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ /* setup structures for getting fileinfo */
+ state->io_fileinfo = talloc(c, union smb_fileinfo);
+ NT_STATUS_HAVE_NO_MEMORY(state->io_fileinfo);
+
+ state->io_fileinfo->query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+ state->io_fileinfo->query_secdesc.in.fnum = state->io_open->ntcreatex.out.fnum;
+ state->io_fileinfo->query_secdesc.secinfo_flags = SECINFO_DACL;
+
+ state->req = smb_raw_fileinfo_send(tree, state->io_fileinfo);
+ NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+ /* set the handler */
+ state->req->async.fn = appendacl_handler;
+ state->req->async.private = c;
+ state->stage = APPENDACL_GET;
+
+ talloc_free (state->io_open);
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS appendacl_get(struct composite_context *c,
+ struct smb_composite_appendacl *io)
+{
+ struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+ struct smbcli_tree *tree = state->req->tree;
+ int i;
+ NTSTATUS status;
+
+ status = smb_raw_fileinfo_recv(state->req, state->io_fileinfo, state->io_fileinfo);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ /* setup structures for setting fileinfo */
+ state->io_setfileinfo = talloc(c, union smb_setfileinfo);
+ NT_STATUS_HAVE_NO_MEMORY(state->io_setfileinfo);
+
+ state->io_setfileinfo->set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
+ state->io_setfileinfo->set_secdesc.file.fnum = state->io_fileinfo->query_secdesc.in.fnum;
+
+ state->io_setfileinfo->set_secdesc.in.secinfo_flags = SECINFO_DACL;
+ state->io_setfileinfo->set_secdesc.in.sd = state->io_fileinfo->query_secdesc.out.sd;
+ talloc_steal(state->io_setfileinfo, state->io_setfileinfo->set_secdesc.in.sd);
+
+ /* append all aces from io->in.sd->dacl to new security descriptor */
+ if (io->in.sd->dacl != NULL) {
+ for (i = 0; i < io->in.sd->dacl->num_aces; i++) {
+ security_descriptor_dacl_add(state->io_setfileinfo->set_secdesc.in.sd,
+ &(io->in.sd->dacl->aces[i]));
+ }
+ }
+
+ status = smb_raw_setfileinfo(tree, state->io_setfileinfo);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ state->req = smb_raw_setfileinfo_send(tree, state->io_setfileinfo);
+ NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+ /* call handler when done setting new security descriptor on file */
+ state->req->async.fn = appendacl_handler;
+ state->req->async.private = c;
+ state->stage = APPENDACL_SET;
+
+ talloc_free (state->io_fileinfo);
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS appendacl_set(struct composite_context *c,
+ struct smb_composite_appendacl *io)
+{
+ struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+ struct smbcli_tree *tree = state->req->tree;
+ NTSTATUS status;
+
+ status = smbcli_request_simple_recv(state->req);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ /* setup structures for getting fileinfo */
+ state->io_fileinfo = talloc(c, union smb_fileinfo);
+ NT_STATUS_HAVE_NO_MEMORY(state->io_fileinfo);
+
+
+ state->io_fileinfo->query_secdesc.level = RAW_FILEINFO_SEC_DESC;
+ state->io_fileinfo->query_secdesc.in.fnum = state->io_setfileinfo->set_secdesc.file.fnum;
+ state->io_fileinfo->query_secdesc.secinfo_flags = SECINFO_DACL;
+
+ state->req = smb_raw_fileinfo_send(tree, state->io_fileinfo);
+ NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+ /* set the handler */
+ state->req->async.fn = appendacl_handler;
+ state->req->async.private = c;
+ state->stage = APPENDACL_GETAGAIN;
+
+ talloc_free (state->io_setfileinfo);
+
+ return NT_STATUS_OK;
+}
+
+
+static NTSTATUS appendacl_getagain(struct composite_context *c,
+ struct smb_composite_appendacl *io)
+{
+ struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+ struct smbcli_tree *tree = state->req->tree;
+ union smb_close *io_close;
+ NTSTATUS status;
+
+ status = smb_raw_fileinfo_recv(state->req, c, state->io_fileinfo);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ io->out.sd = state->io_fileinfo->query_secdesc.out.sd;
+
+ /* setup structures for close */
+ io_close = talloc(c, union smb_close);
+ NT_STATUS_HAVE_NO_MEMORY(io_close);
+
+ io_close->close.level = RAW_CLOSE_CLOSE;
+ io_close->close.in.fnum = state->io_fileinfo->query_secdesc.in.fnum;
+ io_close->close.in.write_time = 0;
+
+ state->req = smb_raw_close_send(tree, io_close);
+ NT_STATUS_HAVE_NO_MEMORY(state->req);
+
+ /* call the handler */
+ state->req->async.fn = appendacl_handler;
+ state->req->async.private = c;
+ state->stage = APPENDACL_CLOSEPATH;
+
+ talloc_free (state->io_fileinfo);
+
+ return NT_STATUS_OK;
+}
+
+
+
+static NTSTATUS appendacl_close(struct composite_context *c,
+ struct smb_composite_appendacl *io)
+{
+ struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+ NTSTATUS status;
+
+ status = smbcli_request_simple_recv(state->req);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ c->state = SMBCLI_REQUEST_DONE;
+
+ return NT_STATUS_OK;
+}
+
+/*
+ handler for completion of a sub-request in appendacl
+*/
+static void appendacl_handler(struct smbcli_request *req)
+{
+ struct composite_context *c = req->async.private;
+ struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+
+ /* when this handler is called, the stage indicates what
+ call has just finished */
+ switch (state->stage) {
+ case APPENDACL_OPENPATH:
+ c->status = appendacl_open(c, state->io);
+ break;
+
+ case APPENDACL_GET:
+ c->status = appendacl_get(c, state->io);
+ break;
+
+ case APPENDACL_SET:
+ c->status = appendacl_set(c, state->io);
+ break;
+
+ case APPENDACL_GETAGAIN:
+ c->status = appendacl_getagain(c, state->io);
+ break;
+
+ case APPENDACL_CLOSEPATH:
+ c->status = appendacl_close(c, state->io);
+ break;
+ }
+
+ /* We should get here if c->state >= SMBCLI_REQUEST_DONE */
+ if (!NT_STATUS_IS_OK(c->status)) {
+ c->state = SMBCLI_REQUEST_ERROR;
+ }
+
+ if (c->state >= SMBCLI_REQUEST_DONE &&
+ c->async.fn) {
+ c->async.fn(c);
+ }
+}
+
+
+/*
+ composite appendacl call - does an open followed by a number setfileinfo,
+ after that new acls are read with fileinfo, followed by a close
+*/
+struct composite_context *smb_composite_appendacl_send(struct smbcli_tree *tree,
+ struct smb_composite_appendacl *io)
+{
+ struct composite_context *c;
+ struct appendacl_state *state;
+
+ c = talloc_zero(tree, struct composite_context);
+ if (c == NULL) goto failed;
+
+ state = talloc(c, struct appendacl_state);
+ if (state == NULL) goto failed;
+
+ state->io = io;
+
+ c->private = state;
+ c->state = SMBCLI_REQUEST_SEND;
+ c->event_ctx = tree->session->transport->socket->event.ctx;
+
+ /* setup structures for opening file */
+ state->io_open = talloc_zero(c, union smb_open);
+ if (state->io_open == NULL) goto failed;
+
+ state->io_open->ntcreatex.level = RAW_OPEN_NTCREATEX;
+ state->io_open->ntcreatex.in.root_fid = 0;
+ state->io_open->ntcreatex.in.flags = 0;
+ state->io_open->ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ state->io_open->ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ state->io_open->ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
+ state->io_open->ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+ state->io_open->ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ state->io_open->ntcreatex.in.security_flags = 0;
+ state->io_open->ntcreatex.in.fname = io->in.fname;
+
+ /* send the open on its way */
+ state->req = smb_raw_open_send(tree, state->io_open);
+ if (state->req == NULL) goto failed;
+
+ /* setup the callback handler */
+ state->req->async.fn = appendacl_handler;
+ state->req->async.private = c;
+ state->stage = APPENDACL_OPENPATH;
+
+ return c;
+
+failed:
+ talloc_free(c);
+ return NULL;
+}
+
+
+/*
+ composite appendacl call - recv side
+*/
+NTSTATUS smb_composite_appendacl_recv(struct composite_context *c, TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+
+ status = composite_wait(c);
+
+ if (NT_STATUS_IS_OK(status)) {
+ struct appendacl_state *state = talloc_get_type(c->private, struct appendacl_state);
+ state->io->out.sd = security_descriptor_copy (mem_ctx, state->io->out.sd);
+ }
+
+ talloc_free(c);
+ return status;
+}
+
+
+/*
+ composite appendacl call - sync interface
+*/
+NTSTATUS smb_composite_appendacl(struct smbcli_tree *tree,
+ TALLOC_CTX *mem_ctx,
+ struct smb_composite_appendacl *io)
+{
+ struct composite_context *c = smb_composite_appendacl_send(tree, io);
+ return smb_composite_appendacl_recv(c, mem_ctx);
+}
+
generated by cgit (git 2.34.1) at 2024-11-13 10:45:12 +0000