summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2012-08-29 13:29:34 -0700
committerJeremy Allison <jra@samba.org>2012-08-30 10:08:50 -0700
commit70ebf1da67e30b585543ffe55a6d7c9da6023138 (patch)
tree1a08df5de042b9d482af52633779fe041fcbc387
parent8c84ecef89dfbfd2cd76b92272fbd32fb13d00b8 (diff)
downloadsamba-70ebf1da67e30b585543ffe55a6d7c9da6023138.tar.gz
samba-70ebf1da67e30b585543ffe55a6d7c9da6023138.tar.xz
samba-70ebf1da67e30b585543ffe55a6d7c9da6023138.zip
Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization.
-rw-r--r--source3/smbd/nttrans.c40
-rw-r--r--source3/smbd/proto.h2
2 files changed, 28 insertions, 14 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 107e8f3558..1e28482fc9 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -831,19 +831,14 @@ static void do_nt_transact_create_pipe(connection_struct *conn,
}
/****************************************************************************
- Internal fn to set security descriptors from a data blob.
+ Internal fn to set security descriptors.
****************************************************************************/
-NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
+NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
uint32_t security_info_sent)
{
- struct security_descriptor *psd = NULL;
NTSTATUS status;
- if (sd_len == 0) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
if (!CAN_WRITE(fsp->conn)) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -852,12 +847,6 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
return NT_STATUS_OK;
}
- status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
-
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
if (psd->owner_sid == NULL) {
security_info_sent &= ~SECINFO_OWNER;
}
@@ -910,7 +899,7 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
}
if (DEBUGLEVEL >= 10) {
- DEBUG(10,("set_sd_blob for file %s\n", fsp_str_dbg(fsp)));
+ DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp)));
NDR_PRINT_DEBUG(security_descriptor, psd);
}
@@ -922,6 +911,29 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
}
/****************************************************************************
+ Internal fn to set security descriptors from a data blob.
+****************************************************************************/
+
+NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
+ uint32_t security_info_sent)
+{
+ struct security_descriptor *psd = NULL;
+ NTSTATUS status;
+
+ if (sd_len == 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return set_sd(fsp, psd, security_info_sent);
+}
+
+/****************************************************************************
Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
****************************************************************************/
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 83555906e8..5f4947e934 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -577,6 +577,8 @@ void *init_quota_handle(TALLOC_CTX *mem_ctx);
/* The following definitions come from smbd/nttrans.c */
void reply_ntcreate_and_X(struct smb_request *req);
+NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
+ uint32_t security_info_sent);
NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len,
uint32_t security_info_sent);
struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size);