diff options
author | Jeremy Allison <jra@samba.org> | 2012-08-29 13:29:34 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2012-08-30 10:08:50 -0700 |
commit | 70ebf1da67e30b585543ffe55a6d7c9da6023138 (patch) | |
tree | 1a08df5de042b9d482af52633779fe041fcbc387 | |
parent | 8c84ecef89dfbfd2cd76b92272fbd32fb13d00b8 (diff) | |
download | samba-70ebf1da67e30b585543ffe55a6d7c9da6023138.tar.gz samba-70ebf1da67e30b585543ffe55a6d7c9da6023138.tar.xz samba-70ebf1da67e30b585543ffe55a6d7c9da6023138.zip |
Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization.
-rw-r--r-- | source3/smbd/nttrans.c | 40 | ||||
-rw-r--r-- | source3/smbd/proto.h | 2 |
2 files changed, 28 insertions, 14 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 107e8f3558..1e28482fc9 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -831,19 +831,14 @@ static void do_nt_transact_create_pipe(connection_struct *conn, } /**************************************************************************** - Internal fn to set security descriptors from a data blob. + Internal fn to set security descriptors. ****************************************************************************/ -NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, +NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, uint32_t security_info_sent) { - struct security_descriptor *psd = NULL; NTSTATUS status; - if (sd_len == 0) { - return NT_STATUS_INVALID_PARAMETER; - } - if (!CAN_WRITE(fsp->conn)) { return NT_STATUS_ACCESS_DENIED; } @@ -852,12 +847,6 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, return NT_STATUS_OK; } - status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - if (psd->owner_sid == NULL) { security_info_sent &= ~SECINFO_OWNER; } @@ -910,7 +899,7 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, } if (DEBUGLEVEL >= 10) { - DEBUG(10,("set_sd_blob for file %s\n", fsp_str_dbg(fsp))); + DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp))); NDR_PRINT_DEBUG(security_descriptor, psd); } @@ -922,6 +911,29 @@ NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, } /**************************************************************************** + Internal fn to set security descriptors from a data blob. +****************************************************************************/ + +NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, + uint32_t security_info_sent) +{ + struct security_descriptor *psd = NULL; + NTSTATUS status; + + if (sd_len == 0) { + return NT_STATUS_INVALID_PARAMETER; + } + + status = unmarshall_sec_desc(talloc_tos(), data, sd_len, &psd); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return set_sd(fsp, psd, security_info_sent); +} + +/**************************************************************************** Read a list of EA names and data from an incoming data buffer. Create an ea_list with them. ****************************************************************************/ diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 83555906e8..5f4947e934 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -577,6 +577,8 @@ void *init_quota_handle(TALLOC_CTX *mem_ctx); /* The following definitions come from smbd/nttrans.c */ void reply_ntcreate_and_X(struct smb_request *req); +NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, + uint32_t security_info_sent); NTSTATUS set_sd_blob(files_struct *fsp, uint8_t *data, uint32_t sd_len, uint32_t security_info_sent); struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size); |