関数 | |
| BOOL | share_info_db_init (void) |
| SEC_DESC * | get_share_security_default (TALLOC_CTX *ctx, size_t *psize, uint32 def_access) |
| SEC_DESC * | get_share_security (TALLOC_CTX *ctx, const char *servicename, size_t *psize) |
| BOOL | set_share_security (const char *share_name, SEC_DESC *psd) |
| BOOL | delete_share_security (const struct share_params *params) |
| BOOL | share_access_check (const NT_USER_TOKEN *token, const char *sharename, uint32 desired_access) |
| BOOL | parse_usershare_acl (TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) |
変数 | |
| static TDB_CONTEXT * | share_tdb |
| static struct generic_mapping | file_generic_mapping |
| BOOL share_info_db_init | ( | void | ) |
sharesec.c の 41 行で定義されています。
参照先 errno・lock_path()・share_tdb・strerror()・tdb_fetch_int32()・tdb_lock_bystring()・tdb_open_log()・tdb_store_int32()・tdb_traverse()・tdb_traverse_delete_fn()・tdb_unlock_bystring().
参照元 get_share_security()・set_share_security().
00042 { 00043 const char *vstring = "INFO/version"; 00044 int32 vers_id; 00045 00046 if (share_tdb) { 00047 return True; 00048 } 00049 00050 share_tdb = tdb_open_log(lock_path("share_info.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); 00051 if (!share_tdb) { 00052 DEBUG(0,("Failed to open share info database %s (%s)\n", 00053 lock_path("share_info.tdb"), strerror(errno) )); 00054 return False; 00055 } 00056 00057 /* handle a Samba upgrade */ 00058 tdb_lock_bystring(share_tdb, vstring); 00059 00060 /* Cope with byte-reversed older versions of the db. */ 00061 vers_id = tdb_fetch_int32(share_tdb, vstring); 00062 if ((vers_id == SHARE_DATABASE_VERSION_V1) || (IREV(vers_id) == SHARE_DATABASE_VERSION_V1)) { 00063 /* Written on a bigendian machine with old fetch_int code. Save as le. */ 00064 tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); 00065 vers_id = SHARE_DATABASE_VERSION_V2; 00066 } 00067 00068 if (vers_id != SHARE_DATABASE_VERSION_V2) { 00069 tdb_traverse(share_tdb, tdb_traverse_delete_fn, NULL); 00070 tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); 00071 } 00072 tdb_unlock_bystring(share_tdb, vstring); 00073 00074 return True; 00075 }
| SEC_DESC* get_share_security_default | ( | TALLOC_CTX * | ctx, | |
| size_t * | psize, | |||
| uint32 | def_access | |||
| ) |
sharesec.c の 82 行で定義されています。
参照先 file_generic_mapping・global_sid_World・init_sec_access()・init_sec_ace()・make_sec_acl()・make_sec_desc()・se_map_generic()・SEC_ACE_TYPE_ACCESS_ALLOWED.
参照元 get_share_security()・parse_usershare_acl().
00083 { 00084 SEC_ACCESS sa; 00085 SEC_ACE ace; 00086 SEC_ACL *psa = NULL; 00087 SEC_DESC *psd = NULL; 00088 uint32 spec_access = def_access; 00089 00090 se_map_generic(&spec_access, &file_generic_mapping); 00091 00092 init_sec_access(&sa, def_access | spec_access ); 00093 init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); 00094 00095 if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { 00096 psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, psize); 00097 } 00098 00099 if (!psd) { 00100 DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); 00101 return NULL; 00102 } 00103 00104 return psd; 00105 }
| SEC_DESC* get_share_security | ( | TALLOC_CTX * | ctx, | |
| const char * | servicename, | |||
| size_t * | psize | |||
| ) |
sharesec.c の 111 行で定義されています。
参照先 get_share_security_default()・prs_mem_free()・sec_desc_size()・sec_io_desc()・share_info_db_init()・share_tdb.
参照元 _srv_net_share_set_info()・change_share_sec()・init_srv_share_info_1501()・init_srv_share_info_502()・share_access_check().
00113 { 00114 prs_struct ps; 00115 fstring key; 00116 SEC_DESC *psd = NULL; 00117 00118 if (!share_info_db_init()) { 00119 return NULL; 00120 } 00121 00122 *psize = 0; 00123 00124 /* Fetch security descriptor from tdb */ 00125 00126 slprintf(key, sizeof(key)-1, "SECDESC/%s", servicename); 00127 00128 if (tdb_prs_fetch(share_tdb, key, &ps, ctx)!=0 || 00129 !sec_io_desc("get_share_security", &psd, &ps, 1)) { 00130 00131 DEBUG(4, ("get_share_security: using default secdesc for %s\n", 00132 servicename)); 00133 00134 return get_share_security_default(ctx, psize, GENERIC_ALL_ACCESS); 00135 } 00136 00137 if (psd) 00138 *psize = sec_desc_size(psd); 00139 00140 prs_mem_free(&ps); 00141 return psd; 00142 }
sharesec.c の 148 行で定義されています。
参照先 prs_init()・prs_mem_free()・sec_desc_size()・sec_io_desc()・share_info_db_init()・share_tdb・talloc_init().
参照元 _srv_net_share_add()・_srv_net_share_set_info()・process_usershare_file().
00149 { 00150 prs_struct ps; 00151 TALLOC_CTX *mem_ctx = NULL; 00152 fstring key; 00153 BOOL ret = False; 00154 00155 if (!share_info_db_init()) { 00156 return False; 00157 } 00158 00159 mem_ctx = talloc_init("set_share_security"); 00160 if (mem_ctx == NULL) 00161 return False; 00162 00163 prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL); 00164 00165 if (!sec_io_desc("share_security", &psd, &ps, 1)) 00166 goto out; 00167 00168 slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name); 00169 00170 if (tdb_prs_store(share_tdb, key, &ps)==0) { 00171 ret = True; 00172 DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name )); 00173 } else { 00174 DEBUG(1,("set_share_security: Failed to store secdesc for %s\n", share_name )); 00175 } 00176 00177 /* Free malloc'ed memory */ 00178 00179 out: 00180 00181 prs_mem_free(&ps); 00182 if (mem_ctx) 00183 talloc_destroy(mem_ctx); 00184 return ret; 00185 }
| BOOL delete_share_security | ( | const struct share_params * | params | ) |
sharesec.c の 191 行で定義されています。
参照先 TDB_DATA::dptr・TDB_DATA::dsize・share_params::service・share_tdb・tdb_trans_delete().
参照元 _srv_net_share_del().
00192 { 00193 TDB_DATA kbuf; 00194 fstring key; 00195 00196 slprintf(key, sizeof(key)-1, "SECDESC/%s", 00197 lp_servicename(params->service)); 00198 kbuf.dptr = key; 00199 kbuf.dsize = strlen(key)+1; 00200 00201 if (tdb_trans_delete(share_tdb, kbuf) != 0) { 00202 DEBUG(0,("delete_share_security: Failed to delete entry for share %s\n", 00203 lp_servicename(params->service) )); 00204 return False; 00205 } 00206 00207 return True; 00208 }
| BOOL share_access_check | ( | const NT_USER_TOKEN * | token, | |
| const char * | sharename, | |||
| uint32 | desired_access | |||
| ) |
sharesec.c の 214 行で定義されています。
参照先 get_share_security()・se_access_check()・status・talloc_init().
00216 { 00217 uint32 granted; 00218 NTSTATUS status; 00219 TALLOC_CTX *mem_ctx = NULL; 00220 SEC_DESC *psd = NULL; 00221 size_t sd_size; 00222 BOOL ret = True; 00223 00224 if (!(mem_ctx = talloc_init("share_access_check"))) { 00225 return False; 00226 } 00227 00228 psd = get_share_security(mem_ctx, sharename, &sd_size); 00229 00230 if (!psd) { 00231 TALLOC_FREE(mem_ctx); 00232 return True; 00233 } 00234 00235 ret = se_access_check(psd, token, desired_access, &granted, &status); 00236 00237 talloc_destroy(mem_ctx); 00238 return ret; 00239 }
| BOOL parse_usershare_acl | ( | TALLOC_CTX * | ctx, | |
| const char * | acl_str, | |||
| SEC_DESC ** | ppsd | |||
| ) |
sharesec.c の 245 行で定義されています。
参照先 count_chars()・file_generic_mapping・get_share_security_default()・init_sec_access()・init_sec_ace()・make_sec_acl()・make_sec_desc()・next_token()・se_map_generic()・SEC_ACE_TYPE_ACCESS_ALLOWED・SEC_ACE_TYPE_ACCESS_DENIED・string_to_sid()・type.
00246 { 00247 size_t s_size = 0; 00248 const char *pacl = acl_str; 00249 int num_aces = 0; 00250 SEC_ACE *ace_list = NULL; 00251 SEC_ACL *psa = NULL; 00252 SEC_DESC *psd = NULL; 00253 size_t sd_size = 0; 00254 int i; 00255 00256 *ppsd = NULL; 00257 00258 /* If the acl string is blank return "Everyone:R" */ 00259 if (!*acl_str) { 00260 SEC_DESC *default_psd = get_share_security_default(ctx, &s_size, GENERIC_READ_ACCESS); 00261 if (!default_psd) { 00262 return False; 00263 } 00264 *ppsd = default_psd; 00265 return True; 00266 } 00267 00268 num_aces = 1; 00269 00270 /* Add the number of ',' characters to get the number of aces. */ 00271 num_aces += count_chars(pacl,','); 00272 00273 ace_list = TALLOC_ARRAY(ctx, SEC_ACE, num_aces); 00274 if (!ace_list) { 00275 return False; 00276 } 00277 00278 for (i = 0; i < num_aces; i++) { 00279 SEC_ACCESS sa; 00280 uint32 g_access; 00281 uint32 s_access; 00282 DOM_SID sid; 00283 fstring sidstr; 00284 uint8 type = SEC_ACE_TYPE_ACCESS_ALLOWED; 00285 00286 if (!next_token(&pacl, sidstr, ":", sizeof(sidstr))) { 00287 DEBUG(0,("parse_usershare_acl: malformed usershare acl looking " 00288 "for ':' in string '%s'\n", pacl)); 00289 return False; 00290 } 00291 00292 if (!string_to_sid(&sid, sidstr)) { 00293 DEBUG(0,("parse_usershare_acl: failed to convert %s to sid.\n", 00294 sidstr )); 00295 return False; 00296 } 00297 00298 switch (*pacl) { 00299 case 'F': /* Full Control, ie. R+W */ 00300 case 'f': /* Full Control, ie. R+W */ 00301 s_access = g_access = GENERIC_ALL_ACCESS; 00302 break; 00303 case 'R': /* Read only. */ 00304 case 'r': /* Read only. */ 00305 s_access = g_access = GENERIC_READ_ACCESS; 00306 break; 00307 case 'D': /* Deny all to this SID. */ 00308 case 'd': /* Deny all to this SID. */ 00309 type = SEC_ACE_TYPE_ACCESS_DENIED; 00310 s_access = g_access = GENERIC_ALL_ACCESS; 00311 break; 00312 default: 00313 DEBUG(0,("parse_usershare_acl: unknown acl type at %s.\n", 00314 pacl )); 00315 return False; 00316 } 00317 00318 pacl++; 00319 if (*pacl && *pacl != ',') { 00320 DEBUG(0,("parse_usershare_acl: bad acl string at %s.\n", 00321 pacl )); 00322 return False; 00323 } 00324 pacl++; /* Go past any ',' */ 00325 00326 se_map_generic(&s_access, &file_generic_mapping); 00327 init_sec_access(&sa, g_access | s_access ); 00328 init_sec_ace(&ace_list[i], &sid, type, sa, 0); 00329 } 00330 00331 if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, num_aces, ace_list)) != NULL) { 00332 psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, &sd_size); 00333 } 00334 00335 if (!psd) { 00336 DEBUG(0,("parse_usershare_acl: Failed to make SEC_DESC.\n")); 00337 return False; 00338 } 00339 00340 *ppsd = psd; 00341 return True; 00342 }
TDB_CONTEXT* share_tdb [static] |
sharesec.c の 27 行で定義されています。
参照元 delete_share_security()・get_share_security()・set_share_security()・share_info_db_init().
struct generic_mapping file_generic_mapping [static] |
初期値:
{
FILE_GENERIC_READ,
FILE_GENERIC_WRITE,
FILE_GENERIC_EXECUTE,
FILE_GENERIC_ALL
}
sharesec.c の 33 行で定義されています。
1.4.7