From 9afba14417ebb8e13623b62d3c81492629b92f29 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 30 Nov 2012 13:52:53 +0100
Subject: [PATCH] s3:libsmb: add cli_{query,set}_security_descriptor() which
 take sec_info flags

In order to set and get security_descriptors it's important to specify
the sec_info flags.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---
 source3/libsmb/clisecdesc.c | 56 ++++++++++++++++++++++++++++++++-------------
 source3/libsmb/proto.h      |  9 ++++++++
 2 files changed, 49 insertions(+), 16 deletions(-)

diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index 04f661cc820..24da39dc1f8 100644
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -21,8 +21,11 @@
 #include "libsmb/libsmb.h"
 #include "../libcli/security/secdesc.h"
 
-NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
-			   TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
+NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
+				       uint16_t fnum,
+				       uint32_t sec_info,
+				       TALLOC_CTX *mem_ctx,
+				       struct security_descriptor **sd)
 {
 	uint8_t param[8];
 	uint8_t *rdata=NULL;
@@ -31,7 +34,7 @@ NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
 	struct security_descriptor *lsd;
 
 	SIVAL(param, 0, fnum);
-	SIVAL(param, 4, 0x7);
+	SIVAL(param, 4, sec_info);
 
 	status = cli_trans(talloc_tos(), cli, SMBnttrans,
 			   NULL, -1, /* name, fid */
@@ -71,14 +74,23 @@ NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
 	return status;
 }
 
+NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
+			   TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
+{
+	uint32_t sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
+
+	return cli_query_security_descriptor(cli, fnum, sec_info, mem_ctx, sd);
+}
+
 /****************************************************************************
   set the security descriptor for a open file
  ****************************************************************************/
-NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
-			 const struct security_descriptor *sd)
+NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
+				     uint16_t fnum,
+				     uint32_t sec_info,
+				     const struct security_descriptor *sd)
 {
 	uint8_t param[8];
-	uint32 sec_info = 0;
 	uint8 *data;
 	size_t len;
 	NTSTATUS status;
@@ -91,16 +103,7 @@ NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
 	}
 
 	SIVAL(param, 0, fnum);
-
-	if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT))
-		sec_info |= SECINFO_DACL;
-	if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT))
-		sec_info |= SECINFO_SACL;
-	if (sd->owner_sid)
-		sec_info |= SECINFO_OWNER;
-	if (sd->group_sid)
-		sec_info |= SECINFO_GROUP;
-	SSVAL(param, 4, sec_info);
+	SIVAL(param, 4, sec_info);
 
 	status = cli_trans(talloc_tos(), cli, SMBnttrans,
 			   NULL, -1, /* name, fid */
@@ -119,3 +122,24 @@ NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
 	}
 	return status;
 }
+
+NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
+			 const struct security_descriptor *sd)
+{
+	uint32_t sec_info = 0;
+
+	if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT)) {
+		sec_info |= SECINFO_DACL;
+	}
+	if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT)) {
+		sec_info |= SECINFO_SACL;
+	}
+	if (sd->owner_sid) {
+		sec_info |= SECINFO_OWNER;
+	}
+	if (sd->group_sid) {
+		sec_info |= SECINFO_GROUP;
+	}
+
+	return cli_set_security_descriptor(cli, fnum, sec_info, sd);
+}
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index e6d0ce82760..f186feeef4c 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -792,8 +792,17 @@ NTSTATUS cli_push(struct cli_state *cli, uint16_t fnum, uint16_t mode,
 
 /* The following definitions come from libsmb/clisecdesc.c  */
 
+NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
+				       uint16_t fnum,
+				       uint32_t sec_info,
+				       TALLOC_CTX *mem_ctx,
+				       struct security_descriptor **sd);
 NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
 			  TALLOC_CTX *mem_ctx, struct security_descriptor **sd);
+NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
+				     uint16_t fnum,
+				     uint32_t sec_info,
+				     const struct security_descriptor *sd);
 NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
 			 const struct security_descriptor *sd);
 
-- 
2.11.4.GIT