From 70ebf1da67e30b585543ffe55a6d7c9da6023138 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 29 Aug 2012 13:29:34 -0700 Subject: [PATCH] Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. --- source3/smbd/nttrans.c | 40 ++++++++++++++++++++++++++-------------- source3/smbd/proto.h | 2 ++ 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 107e8f35584c..1e28482fc9f1 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -831,19 +831,14 @@ static void do_nt_transact_create_pipe(connection_struct *conn, } /**************************************************************************** - Internal fn to set security descriptors from a data blob. + Internal fn to set security descriptors. ****************************************************************************/ -NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, +NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, uint32_t security_info_sent) { - struct security_descriptor *psd = NULL; NTSTATUS status; - if (sd_len == 0) { - return NT_STATUS_INVALID_PARAMETER; - } - if (!CAN_WRITE(fsp->conn)) { return NT_STATUS_ACCESS_DENIED; } @@ -852,12 +847,6 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, return NT_STATUS_OK; } - status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - if (psd->owner_sid == NULL) { security_info_sent &= ~SECINFO_OWNER; } @@ -910,7 +899,7 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, } if (DEBUGLEVEL >= 10) { - DEBUG(10,("set_sd_blob for file %s\n", fsp_str_dbg(fsp))); + DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp))); NDR_PRINT_DEBUG(security_descriptor, psd); } @@ -921,6 +910,29 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, return status; } +/**************************************************************************** + Internal fn to set security descriptors from a data blob. +****************************************************************************/ + +NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, + uint32_t security_info_sent) +{ + struct security_descriptor *psd = NULL; + NTSTATUS status; + + if (sd_len == 0) { + return NT_STATUS_INVALID_PARAMETER; + } + + status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return set_sd(fsp, psd, security_info_sent); +} + /**************************************************************************** Read a list of EA names and data from an incoming data buffer. Create an ea_list with them. ****************************************************************************/ diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 83555906e850..5f4947e93494 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -577,6 +577,8 @@ void *init_quota_handle(TALLOC_CTX *mem_ctx); /* The following definitions come from smbd/nttrans.c */ void reply_ntcreate_and_X(struct smb_request *req); +NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, + uint32_t security_info_sent); NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, uint32_t security_info_sent); struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size); -- 2.34.1