-/*
+/*
Unix SMB/CIFS implementation.
client security descriptor functions
Copyright (C) Andrew Tridgell 2000
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../libcli/security/secdesc.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/util/tevent_ntstatus.h"
-/****************************************************************************
- query the security descriptor for a open file
- ****************************************************************************/
-SEC_DESC *cli_query_secdesc(struct cli_state *cli, int fnum,
- TALLOC_CTX *mem_ctx)
+struct cli_query_security_descriptor_state {
+ uint8_t param[8];
+ DATA_BLOB outbuf;
+};
+
+static void cli_query_security_descriptor_done1(struct tevent_req *subreq);
+static void cli_query_security_descriptor_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_query_security_descriptor_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info)
{
- char param[8];
- char *rparam=NULL, *rdata=NULL;
- unsigned int rparam_count=0, rdata_count=0;
- prs_struct pd;
- BOOL pd_initialized = False;
- SEC_DESC *psd = NULL;
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_query_security_descriptor_state *state = NULL;
- SIVAL(param, 0, fnum);
- SIVAL(param, 4, 0x7);
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_query_security_descriptor_state);
+ if (req == NULL) {
+ return NULL;
+ }
- if (!cli_send_nt_trans(cli,
- NT_TRANSACT_QUERY_SECURITY_DESC,
- 0,
- NULL, 0, 0,
- param, 8, 4,
- NULL, 0, 0x10000)) {
- DEBUG(1,("Failed to send NT_TRANSACT_QUERY_SECURITY_DESC\n"));
- goto cleanup;
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_query_info_fnum_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ fnum, /* fnum */
+ SMB2_0_INFO_SECURITY, /* in_info_type */
+ 0, /* in_info_class */
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ sec_info, /* in_additional_info */
+ 0); /* in_flags */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_query_security_descriptor_done2, req);
+ return req;
}
+ PUSH_LE_U32(state->param, 0, fnum);
+ PUSH_LE_U32(state->param, 4, sec_info);
- if (!cli_receive_nt_trans(cli,
- &rparam, &rparam_count,
- &rdata, &rdata_count)) {
- DEBUG(1,("Failed to recv NT_TRANSACT_QUERY_SECURITY_DESC\n"));
- goto cleanup;
+ subreq = cli_trans_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ 0, /* additional_flags2 */
+ SMBnttrans, /* cmd */
+ NULL, /* pipe_name */
+ -1, /* fid */
+ NT_TRANSACT_QUERY_SECURITY_DESC, /* function */
+ 0, /* flags */
+ NULL, /* setup */
+ 0, /* num_setup */
+ 0, /* max_setup */
+ state->param, /* param */
+ 8, /* num_param */
+ 4, /* max_param */
+ NULL, /* data */
+ 0, /* num_data */
+ 0x10000); /* max_data */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
}
+ tevent_req_set_callback(
+ subreq, cli_query_security_descriptor_done1, req);
+ return req;
+}
- if (cli_is_error(cli))
- goto cleanup;
+static void cli_query_security_descriptor_done1(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_query_security_descriptor_state *state = tevent_req_data(
+ req, struct cli_query_security_descriptor_state);
+ NTSTATUS status;
+ uint32_t len;
- if (!prs_init(&pd, rdata_count, mem_ctx, UNMARSHALL)) {
- goto cleanup;
+ status = cli_trans_recv(
+ subreq, /* req */
+ state, /* mem_ctx */
+ NULL, /* recv_flags2 */
+ NULL, /* setup */
+ 0, /* min_setup */
+ NULL, /* num_setup */
+ NULL, /* param */
+ 0, /* min_param */
+ NULL, /* num_param */
+ &state->outbuf.data, /* data */
+ 0, /* min_data */
+ &len); /* num_data */
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
}
- pd_initialized = True;
- prs_copy_data_in(&pd, rdata, rdata_count);
- prs_set_offset(&pd,0);
+ state->outbuf.length = len; /* uint32_t -> size_t */
+ tevent_req_done(req);
+}
- if (!sec_io_desc("sd data", &psd, &pd, 1)) {
- DEBUG(1,("Failed to parse secdesc\n"));
- goto cleanup;
- }
+static void cli_query_security_descriptor_done2(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_query_security_descriptor_state *state = tevent_req_data(
+ req, struct cli_query_security_descriptor_state);
+ NTSTATUS status;
- cleanup:
+ status = cli_smb2_query_info_fnum_recv(subreq, state, &state->outbuf);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
- SAFE_FREE(rparam);
- SAFE_FREE(rdata);
+NTSTATUS cli_query_security_descriptor_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **sd)
+{
+ struct cli_query_security_descriptor_state *state = tevent_req_data(
+ req, struct cli_query_security_descriptor_state);
+ NTSTATUS status = NT_STATUS_OK;
- if (pd_initialized)
- prs_mem_free(&pd);
- return psd;
+ if (tevent_req_is_nterror(req, &status)) {
+ goto done;
+ }
+ if (sd != NULL) {
+ status = unmarshall_sec_desc(
+ mem_ctx, state->outbuf.data, state->outbuf.length, sd);
+ }
+done:
+ tevent_req_received(req);
+ return status;
}
-/****************************************************************************
- set the security descriptor for a open file
- ****************************************************************************/
-BOOL cli_set_secdesc(struct cli_state *cli, int fnum, SEC_DESC *sd)
+NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **sd)
{
- char param[8];
- char *rparam=NULL, *rdata=NULL;
- unsigned int rparam_count=0, rdata_count=0;
- uint32 sec_info = 0;
- TALLOC_CTX *mem_ctx;
- prs_struct pd;
- BOOL ret = False;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
- if ((mem_ctx = talloc_init("cli_set_secdesc")) == NULL) {
- DEBUG(0,("talloc_init failed.\n"));
- goto cleanup;
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_query_security_descriptor_send(
+ frame, ev, cli, fnum, sec_info);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
}
+ status = cli_query_security_descriptor_recv(req, mem_ctx, sd);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
+ TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
+{
+ uint32_t sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
- prs_init(&pd, 0, mem_ctx, MARSHALL);
- prs_give_memory(&pd, NULL, 0, True);
+ return cli_query_security_descriptor(cli, fnum, sec_info, mem_ctx, sd);
+}
- if (!sec_io_desc("sd data", &sd, &pd, 1)) {
- DEBUG(1,("Failed to marshall secdesc\n"));
- goto cleanup;
+NTSTATUS cli_query_mxac(struct cli_state *cli,
+ const char *filename,
+ uint32_t *mxac)
+{
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+ return NT_STATUS_NOT_SUPPORTED;
}
- SIVAL(param, 0, fnum);
+ return cli_smb2_query_mxac(cli, filename, mxac);
+}
+
+struct cli_set_security_descriptor_state {
+ uint8_t param[8];
+ DATA_BLOB buf;
+};
- if (sd->dacl)
- sec_info |= DACL_SECURITY_INFORMATION;
- if (sd->owner_sid)
- sec_info |= OWNER_SECURITY_INFORMATION;
- if (sd->group_sid)
- sec_info |= GROUP_SECURITY_INFORMATION;
- SSVAL(param, 4, sec_info);
+static void cli_set_security_descriptor_done1(struct tevent_req *subreq);
+static void cli_set_security_descriptor_done2(struct tevent_req *subreq);
- if (!cli_send_nt_trans(cli,
- NT_TRANSACT_SET_SECURITY_DESC,
- 0,
- NULL, 0, 0,
- param, 8, 0,
- prs_data_p(&pd), prs_offset(&pd), 0)) {
- DEBUG(1,("Failed to send NT_TRANSACT_SET_SECURITY_DESC\n"));
- goto cleanup;
+struct tevent_req *cli_set_security_descriptor_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info,
+ const struct security_descriptor *sd)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_set_security_descriptor_state *state = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_set_security_descriptor_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = marshall_sec_desc(
+ state, sd, &state->buf.data, &state->buf.length);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
}
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_set_info_fnum_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ fnum, /* fnum */
+ 3, /* in_info_type */
+ 0, /* in_file_info_class */
+ &state->buf, /* in_input_buffer */
+ sec_info); /* in_additional_info */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_set_security_descriptor_done2, req);
+ return req;
+ }
+
+ SIVAL(state->param, 0, fnum);
+ SIVAL(state->param, 4, sec_info);
- if (!cli_receive_nt_trans(cli,
- &rparam, &rparam_count,
- &rdata, &rdata_count)) {
- DEBUG(1,("NT_TRANSACT_SET_SECURITY_DESC failed\n"));
- goto cleanup;
+ subreq = cli_trans_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ 0, /* additional_flags2 */
+ SMBnttrans, /* cmd */
+ NULL, /* pipe_name */
+ -1, /* fid */
+ NT_TRANSACT_SET_SECURITY_DESC, /* function */
+ 0, /* flags */
+ NULL, /* setup */
+ 0, /* num_setup */
+ 0, /* max_setup */
+ state->param, /* param */
+ 8, /* num_param */
+ 0, /* max_param */
+ state->buf.data, /* data */
+ state->buf.length, /* num_data */
+ 0); /* max_data */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
}
+ tevent_req_set_callback(
+ subreq, cli_set_security_descriptor_done1, req);
+ return req;
+}
+
+static void cli_set_security_descriptor_done1(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_trans_recv(
+ subreq, NULL, NULL, NULL, 0, NULL, NULL, 0, NULL,
+ NULL, 0, NULL);
+ return tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_set_security_descriptor_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_set_info_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_set_security_descriptor_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
- ret = True;
+/****************************************************************************
+ set the security descriptor for a open file
+ ****************************************************************************/
+NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info,
+ const struct security_descriptor *sd)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
- cleanup:
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_set_security_descriptor_send(
+ frame, ev, cli, fnum, sec_info, sd);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_set_security_descriptor_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
- SAFE_FREE(rparam);
- SAFE_FREE(rdata);
+NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
+ const struct security_descriptor *sd)
+{
+ uint32_t sec_info = 0;
- talloc_destroy(mem_ctx);
+ if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT)) {
+ sec_info |= SECINFO_DACL;
+ }
+ if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT)) {
+ sec_info |= SECINFO_SACL;
+ }
+ if (sd->owner_sid) {
+ sec_info |= SECINFO_OWNER;
+ }
+ if (sd->group_sid) {
+ sec_info |= SECINFO_GROUP;
+ }
- prs_mem_free(&pd);
- return ret;
+ return cli_set_security_descriptor(cli, fnum, sec_info, sd);
}