LCOV - code coverage report
Current view: top level - source3/lib - sharesec.c (source / functions) Hit Total Coverage
Test: coverage report for master 70ed9daf Lines: 158 288 54.9 %
Date: 2024-01-11 09:59:51 Functions: 8 9 88.9 %

          Line data    Source code
       1             : /* 
       2             :  *  Unix SMB/Netbios implementation.
       3             :  *  SEC_DESC handling functions
       4             :  *  Copyright (C) Jeremy R. Allison            1995-2003.
       5             :  *  
       6             :  *  This program is free software; you can redistribute it and/or modify
       7             :  *  it under the terms of the GNU General Public License as published by
       8             :  *  the Free Software Foundation; either version 3 of the License, or
       9             :  *  (at your option) any later version.
      10             :  *  
      11             :  *  This program is distributed in the hope that it will be useful,
      12             :  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :  *  GNU General Public License for more details.
      15             :  *  
      16             :  *  You should have received a copy of the GNU General Public License
      17             :  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
      18             :  */
      19             : 
      20             : #include "includes.h"
      21             : #include "system/filesys.h"
      22             : #include "../libcli/security/security.h"
      23             : #include "../librpc/gen_ndr/ndr_security.h"
      24             : #include "dbwrap/dbwrap.h"
      25             : #include "dbwrap/dbwrap_open.h"
      26             : #include "util_tdb.h"
      27             : #include "libcli/util/ntstatus.h"
      28             : 
      29             : /*******************************************************************
      30             :  Create the share security tdb.
      31             :  ********************************************************************/
      32             : 
      33             : static struct db_context *share_db; /* used for share security descriptors */
      34             : #define SHARE_DATABASE_VERSION_V1 1
      35             : #define SHARE_DATABASE_VERSION_V2 2 /* version id in little endian. */
      36             : #define SHARE_DATABASE_VERSION_V3 3 /* canonicalized sharenames as lower case */
      37             : 
      38             : #define SHARE_SECURITY_DB_KEY_PREFIX_STR "SECDESC/"
      39             : /* Map generic permissions to file object specific permissions */
      40             : 
      41             : extern const struct generic_mapping file_generic_mapping;
      42             : 
      43           0 : static int delete_fn(struct db_record *rec, void *priv)
      44             : {
      45           0 :         dbwrap_record_delete(rec);
      46           0 :         return 0;
      47             : }
      48             : 
      49             : /*****************************************************
      50             :  Looking for keys of the form: SHARE_SECURITY_DB_KEY_PREFIX_STR + "non lower case str".
      51             :  If we find one re-write it into a canonical case form.
      52             : *****************************************************/
      53             : 
      54          87 : static int upgrade_v2_to_v3(struct db_record *rec, void *priv)
      55             : {
      56          87 :         size_t prefix_len = strlen(SHARE_SECURITY_DB_KEY_PREFIX_STR);
      57          87 :         const char *servicename = NULL;
      58          87 :         char *c_servicename = NULL;
      59          87 :         char *newkey = NULL;
      60          87 :         bool *p_upgrade_ok = (bool *)priv;
      61           5 :         NTSTATUS status;
      62           5 :         TDB_DATA key;
      63           5 :         TDB_DATA value;
      64             : 
      65          87 :         key = dbwrap_record_get_key(rec);
      66             : 
      67             :         /* Is there space for a one character sharename ? */
      68          87 :         if (key.dsize <= prefix_len+2) {
      69           0 :                 return 0;
      70             :         }
      71             : 
      72             :         /* Does it start with the share key prefix ? */
      73          87 :         if (memcmp(key.dptr, SHARE_SECURITY_DB_KEY_PREFIX_STR,
      74             :                         prefix_len) != 0) {
      75          82 :                 return 0;
      76             :         }
      77             : 
      78             :         /* Is it a null terminated string as a key ? */
      79           0 :         if (key.dptr[key.dsize-1] != '\0') {
      80           0 :                 return 0;
      81             :         }
      82             : 
      83             :         /* Bytes after the prefix are the sharename string. */
      84           0 :         servicename = (char *)&key.dptr[prefix_len];
      85           0 :         c_servicename = canonicalize_servicename(talloc_tos(), servicename);
      86           0 :         if (!c_servicename) {
      87           0 :                 smb_panic("out of memory upgrading share security db from v2 -> v3");
      88             :         }
      89             : 
      90           0 :         if (strcmp(servicename, c_servicename) == 0) {
      91             :                 /* Old and new names match. No canonicalization needed. */
      92           0 :                 TALLOC_FREE(c_servicename);
      93           0 :                 return 0;
      94             :         }
      95             : 
      96             :         /* Oops. Need to canonicalize name, delete old then store new. */
      97           0 :         status = dbwrap_record_delete(rec);
      98           0 :         if (!NT_STATUS_IS_OK(status)) {
      99           0 :                 DEBUG(1, ("upgrade_v2_to_v3: Failed to delete secdesc for "
     100             :                           "%s: %s\n", (const char *)key.dptr,
     101             :                           nt_errstr(status)));
     102           0 :                 TALLOC_FREE(c_servicename);
     103           0 :                 *p_upgrade_ok = false;
     104           0 :                 return -1;
     105             :         } else {
     106           0 :                 DEBUG(10, ("upgrade_v2_to_v3: deleted secdesc for "
     107             :                           "%s\n", (const char *)key.dptr));
     108             :         }
     109             : 
     110           0 :         if (!(newkey = talloc_asprintf(talloc_tos(),
     111             :                         SHARE_SECURITY_DB_KEY_PREFIX_STR "%s",
     112             :                         c_servicename))) {
     113           0 :                 smb_panic("out of memory upgrading share security db from v2 -> v3");
     114             :         }
     115             : 
     116           0 :         value = dbwrap_record_get_value(rec);
     117           0 :         status = dbwrap_store(share_db,
     118             :                                 string_term_tdb_data(newkey),
     119             :                                 value,
     120             :                                 TDB_REPLACE);
     121             : 
     122           0 :         if (!NT_STATUS_IS_OK(status)) {
     123           0 :                 DEBUG(1, ("upgrade_v2_to_v3: Failed to store secdesc for "
     124             :                           "%s: %s\n", c_servicename, nt_errstr(status)));
     125           0 :                 TALLOC_FREE(c_servicename);
     126           0 :                 TALLOC_FREE(newkey);
     127           0 :                 *p_upgrade_ok = false;
     128           0 :                 return -1;
     129             :         } else {
     130           0 :                 DEBUG(10, ("upgrade_v2_to_v3: stored secdesc for "
     131             :                           "%s\n", newkey ));
     132             :         }
     133             : 
     134           0 :         TALLOC_FREE(newkey);
     135           0 :         TALLOC_FREE(c_servicename);
     136             : 
     137           0 :         return 0;
     138             : }
     139             : 
     140      105628 : NTSTATUS share_info_db_init(void)
     141             : {
     142      105628 :         const char *vstring = "INFO/version";
     143      105628 :         int32_t vers_id = 0;
     144      105628 :         bool upgrade_ok = true;
     145        1657 :         NTSTATUS status;
     146        1657 :         char *db_path;
     147             : 
     148      105628 :         if (share_db != NULL) {
     149      105219 :                 return NT_STATUS_OK;
     150             :         }
     151             : 
     152         409 :         db_path = state_path(talloc_tos(), "share_info.tdb");
     153         409 :         if (db_path == NULL) {
     154           0 :                 return NT_STATUS_NO_MEMORY;
     155             :         }
     156             : 
     157         409 :         share_db = db_open(NULL, db_path, 0,
     158             :                            TDB_DEFAULT, O_RDWR|O_CREAT, 0600,
     159             :                            DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
     160         409 :         if (share_db == NULL) {
     161           0 :                 DEBUG(0,("Failed to open share info database %s (%s)\n",
     162             :                          db_path, strerror(errno)));
     163           0 :                 TALLOC_FREE(db_path);
     164           0 :                 return map_nt_error_from_unix_common(errno);
     165             :         }
     166         409 :         TALLOC_FREE(db_path);
     167             : 
     168         409 :         status = dbwrap_fetch_int32_bystring(share_db, vstring, &vers_id);
     169         409 :         if (!NT_STATUS_IS_OK(status)) {
     170          87 :                 vers_id = 0;
     171             :         }
     172             : 
     173         409 :         if (vers_id == SHARE_DATABASE_VERSION_V3) {
     174         322 :                 return NT_STATUS_OK;
     175             :         }
     176             : 
     177          87 :         if (dbwrap_transaction_start(share_db) != 0) {
     178           0 :                 DEBUG(0, ("transaction_start failed\n"));
     179           0 :                 TALLOC_FREE(share_db);
     180           0 :                 return NT_STATUS_INTERNAL_DB_ERROR;
     181             :         }
     182             : 
     183          87 :         status = dbwrap_fetch_int32_bystring(share_db, vstring, &vers_id);
     184          87 :         if (!NT_STATUS_IS_OK(status)) {
     185          87 :                 vers_id = 0;
     186             :         }
     187             : 
     188          87 :         if (vers_id == SHARE_DATABASE_VERSION_V3) {
     189             :                 /*
     190             :                  * Race condition
     191             :                  */
     192           0 :                 if (dbwrap_transaction_cancel(share_db)) {
     193           0 :                         smb_panic("transaction_cancel failed");
     194             :                 }
     195           0 :                 return NT_STATUS_OK;
     196             :         }
     197             : 
     198             :         /* Move to at least V2. */
     199             : 
     200             :         /* Cope with byte-reversed older versions of the db. */
     201          87 :         if ((vers_id == SHARE_DATABASE_VERSION_V1) || (IREV(vers_id) == SHARE_DATABASE_VERSION_V1)) {
     202             :                 /* Written on a bigendian machine with old fetch_int code. Save as le. */
     203             : 
     204           0 :                 status = dbwrap_store_int32_bystring(
     205             :                         share_db, vstring, SHARE_DATABASE_VERSION_V2);
     206           0 :                 if (!NT_STATUS_IS_OK(status)) {
     207           0 :                         DEBUG(0, ("dbwrap_store_int32 failed: %s\n",
     208             :                                   nt_errstr(status)));
     209           0 :                         goto cancel;
     210             :                 }
     211           0 :                 vers_id = SHARE_DATABASE_VERSION_V2;
     212             :         }
     213             : 
     214          87 :         if (vers_id != SHARE_DATABASE_VERSION_V2) {
     215          87 :                 status = dbwrap_traverse(share_db, delete_fn, NULL, NULL);
     216          87 :                 if (!NT_STATUS_IS_OK(status)) {
     217           0 :                         DEBUG(0, ("traverse failed\n"));
     218           0 :                         goto cancel;
     219             :                 }
     220          87 :                 status = dbwrap_store_int32_bystring(
     221             :                         share_db, vstring, SHARE_DATABASE_VERSION_V2);
     222          87 :                 if (!NT_STATUS_IS_OK(status)) {
     223           0 :                         DEBUG(0, ("dbwrap_store_int32 failed: %s\n",
     224             :                                   nt_errstr(status)));
     225           0 :                         goto cancel;
     226             :                 }
     227             :         }
     228             : 
     229             :         /* Finally upgrade to version 3, with canonicalized sharenames. */
     230             : 
     231          87 :         status = dbwrap_traverse(share_db, upgrade_v2_to_v3, &upgrade_ok, NULL);
     232          87 :         if (!NT_STATUS_IS_OK(status)) {
     233           0 :                 DEBUG(0, ("traverse failed\n"));
     234           0 :                 goto cancel;
     235             :         }
     236          87 :         if (!upgrade_ok) {
     237           0 :                 DBG_ERR("upgrade failed.\n");
     238           0 :                 status = NT_STATUS_INTERNAL_ERROR;
     239           0 :                 goto cancel;
     240             :         }
     241             : 
     242          87 :         status = dbwrap_store_int32_bystring(
     243             :                 share_db, vstring, SHARE_DATABASE_VERSION_V3);
     244          87 :         if (!NT_STATUS_IS_OK(status)) {
     245           0 :                 DEBUG(0, ("dbwrap_store_int32 failed: %s\n",
     246             :                           nt_errstr(status)));
     247           0 :                 goto cancel;
     248             :         }
     249             : 
     250          87 :         if (dbwrap_transaction_commit(share_db) != 0) {
     251           0 :                 DEBUG(0, ("transaction_commit failed\n"));
     252           0 :                 return NT_STATUS_INTERNAL_ERROR;
     253             :         }
     254             : 
     255          87 :         return NT_STATUS_OK;
     256             : 
     257           0 :  cancel:
     258           0 :         if (dbwrap_transaction_cancel(share_db)) {
     259           0 :                 smb_panic("transaction_cancel failed");
     260             :         }
     261             : 
     262           0 :         return status;
     263             : }
     264             : 
     265             : /*******************************************************************
     266             :  Fake up a Everyone, default access as a default.
     267             :  def_access is a GENERIC_XXX access mode.
     268             :  ********************************************************************/
     269             : 
     270      104888 : static struct security_descriptor *get_share_security_default(TALLOC_CTX *ctx,
     271             :                                                         size_t *psize,
     272             :                                                         uint32_t def_access)
     273             : {
     274        1657 :         uint32_t sa;
     275        1657 :         struct security_ace ace;
     276      104888 :         struct security_acl *psa = NULL;
     277      104888 :         struct security_descriptor *psd = NULL;
     278      104888 :         uint32_t spec_access = def_access;
     279             : 
     280      104888 :         se_map_generic(&spec_access, &file_generic_mapping);
     281             : 
     282      104888 :         sa = (def_access | spec_access );
     283      104888 :         init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
     284             : 
     285      104888 :         if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
     286      104888 :                 psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
     287             :                                     SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
     288             :                                     psa, psize);
     289             :         }
     290             : 
     291      104888 :         if (!psd) {
     292           0 :                 DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
     293           0 :                 return NULL;
     294             :         }
     295             : 
     296      103231 :         return psd;
     297             : }
     298             : 
     299             : /*******************************************************************
     300             :  Pull a security descriptor from the share tdb.
     301             :  ********************************************************************/
     302             : 
     303      105444 : struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *servicename,
     304             :                               size_t *psize)
     305             : {
     306        1657 :         char *key;
     307      105444 :         struct security_descriptor *psd = NULL;
     308        1657 :         TDB_DATA data;
     309      105444 :         char *c_servicename = canonicalize_servicename(talloc_tos(), servicename);
     310        1657 :         NTSTATUS status;
     311             : 
     312      105444 :         if (!c_servicename) {
     313           0 :                 return NULL;
     314             :         }
     315             : 
     316      105444 :         status = share_info_db_init();
     317      105444 :         if (!NT_STATUS_IS_OK(status)) {
     318           0 :                 TALLOC_FREE(c_servicename);
     319           0 :                 return NULL;
     320             :         }
     321             : 
     322      105444 :         if (!(key = talloc_asprintf(ctx, SHARE_SECURITY_DB_KEY_PREFIX_STR "%s", c_servicename))) {
     323           0 :                 TALLOC_FREE(c_servicename);
     324           0 :                 DEBUG(0, ("talloc_asprintf failed\n"));
     325           0 :                 return NULL;
     326             :         }
     327             : 
     328      105444 :         TALLOC_FREE(c_servicename);
     329             : 
     330      105444 :         status = dbwrap_fetch_bystring(share_db, talloc_tos(), key, &data);
     331             : 
     332      105444 :         TALLOC_FREE(key);
     333             : 
     334      105444 :         if (!NT_STATUS_IS_OK(status)) {
     335      104888 :                 return get_share_security_default(ctx, psize,
     336             :                                                   SEC_RIGHTS_DIR_ALL);
     337             :         }
     338             : 
     339         556 :         status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd);
     340             : 
     341         556 :         TALLOC_FREE(data.dptr);
     342             : 
     343         556 :         if (!NT_STATUS_IS_OK(status)) {
     344           0 :                 return get_share_security_default(ctx, psize,
     345             :                                                   SEC_RIGHTS_DIR_ALL);
     346             :         }
     347             : 
     348         556 :         if (psd) {
     349         556 :                 *psize = ndr_size_security_descriptor(psd, 0);
     350             :         } else {
     351           0 :                 return get_share_security_default(ctx, psize,
     352             :                                                   SEC_RIGHTS_DIR_ALL);
     353             :         }
     354             : 
     355         556 :         return psd;
     356             : }
     357             : 
     358             : /*******************************************************************
     359             :  Store a security descriptor in the share db.
     360             :  ********************************************************************/
     361             : 
     362          64 : NTSTATUS set_share_security(const char *share_name,
     363             :                             struct security_descriptor *psd)
     364             : {
     365          64 :         TALLOC_CTX *frame = talloc_stackframe();
     366           0 :         char *key;
     367           0 :         TDB_DATA blob;
     368           0 :         NTSTATUS status;
     369          64 :         char *c_share_name = canonicalize_servicename(frame, share_name);
     370             : 
     371          64 :         if (c_share_name == NULL) {
     372           0 :                 status = NT_STATUS_INVALID_PARAMETER;
     373           0 :                 goto out;
     374             :         }
     375             : 
     376          64 :         status = share_info_db_init();
     377          64 :         if (!NT_STATUS_IS_OK(status)) {
     378           0 :                 goto out;
     379             :         }
     380             : 
     381          64 :         status = marshall_sec_desc(frame, psd, &blob.dptr, &blob.dsize);
     382             : 
     383          64 :         if (!NT_STATUS_IS_OK(status)) {
     384           0 :                 DEBUG(0, ("marshall_sec_desc failed: %s\n",
     385             :                           nt_errstr(status)));
     386           0 :                 goto out;
     387             :         }
     388             : 
     389          64 :         if (!(key = talloc_asprintf(frame, SHARE_SECURITY_DB_KEY_PREFIX_STR "%s", c_share_name))) {
     390           0 :                 DEBUG(0, ("talloc_asprintf failed\n"));
     391           0 :                 status = NT_STATUS_NO_MEMORY;
     392           0 :                 goto out;
     393             :         }
     394             : 
     395          64 :         status = dbwrap_trans_store(share_db, string_term_tdb_data(key), blob,
     396             :                                     TDB_REPLACE);
     397          64 :         if (!NT_STATUS_IS_OK(status)) {
     398           0 :                 DEBUG(1, ("set_share_security: Failed to store secdesc for "
     399             :                           "%s: %s\n", share_name, nt_errstr(status)));
     400           0 :                 goto out;
     401             :         }
     402             : 
     403          64 :         DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name ));
     404          64 :         status = NT_STATUS_OK;
     405             : 
     406          64 :  out:
     407          64 :         TALLOC_FREE(frame);
     408          64 :         return status;
     409             : }
     410             : 
     411             : /*******************************************************************
     412             :  Delete a security descriptor.
     413             : ********************************************************************/
     414             : 
     415          10 : NTSTATUS delete_share_security(const char *servicename)
     416             : {
     417           0 :         TDB_DATA kbuf;
     418           0 :         char *key;
     419           0 :         NTSTATUS status;
     420          10 :         char *c_servicename = canonicalize_servicename(talloc_tos(), servicename);
     421             : 
     422          10 :         if (c_servicename == NULL) {
     423           0 :                 return NT_STATUS_INVALID_PARAMETER;
     424             :         }
     425             : 
     426          10 :         status = share_info_db_init();
     427          10 :         if (!NT_STATUS_IS_OK(status)) {
     428           0 :                 TALLOC_FREE(c_servicename);
     429           0 :                 return status;
     430             :         }
     431             : 
     432          10 :         if (!(key = talloc_asprintf(talloc_tos(), SHARE_SECURITY_DB_KEY_PREFIX_STR "%s",
     433             :                                     c_servicename))) {
     434           0 :                 TALLOC_FREE(c_servicename);
     435           0 :                 return NT_STATUS_NO_MEMORY;
     436             :         }
     437          10 :         kbuf = string_term_tdb_data(key);
     438             : 
     439          10 :         status = dbwrap_trans_delete(share_db, kbuf);
     440          10 :         if (!NT_STATUS_IS_OK(status)) {
     441           8 :                 DEBUG(0, ("delete_share_security: Failed to delete entry for "
     442             :                           "share %s: %s\n", c_servicename, nt_errstr(status)));
     443           8 :                 TALLOC_FREE(c_servicename);
     444           8 :                 return status;
     445             :         }
     446             : 
     447           2 :         TALLOC_FREE(c_servicename);
     448           2 :         return NT_STATUS_OK;
     449             : }
     450             : 
     451             : /*******************************************************************
     452             :  Can this user access with share with the required permissions ?
     453             : ********************************************************************/
     454             : 
     455      104840 : bool share_access_check(const struct security_token *token,
     456             :                         const char *sharename,
     457             :                         uint32_t desired_access,
     458             :                         uint32_t *pgranted)
     459             : {
     460        1657 :         uint32_t granted;
     461        1657 :         NTSTATUS status;
     462      104840 :         struct security_descriptor *psd = NULL;
     463        1657 :         size_t sd_size;
     464             : 
     465      104840 :         psd = get_share_security(talloc_tos(), sharename, &sd_size);
     466             : 
     467      104840 :         if (!psd) {
     468           0 :                 if (pgranted != NULL) {
     469           0 :                         *pgranted = desired_access;
     470             :                 }
     471           0 :                 return false;
     472             :         }
     473             : 
     474      104840 :         status = se_file_access_check(psd, token, true, desired_access, &granted);
     475             : 
     476      104840 :         TALLOC_FREE(psd);
     477             : 
     478      104840 :         if (pgranted != NULL) {
     479      104810 :                 *pgranted = granted;
     480             :         }
     481             : 
     482      104840 :         return NT_STATUS_IS_OK(status);
     483             : }
     484             : 
     485             : /***************************************************************************
     486             :  Parse the contents of an acl string from a usershare file.
     487             : ***************************************************************************/
     488             : 
     489           4 : bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd)
     490             : {
     491           4 :         size_t s_size = 0;
     492           4 :         const char *pacl = acl_str;
     493           4 :         int num_aces = 0;
     494           4 :         struct security_ace *ace_list = NULL;
     495           4 :         struct security_acl *psa = NULL;
     496           4 :         struct security_descriptor *psd = NULL;
     497           4 :         size_t sd_size = 0;
     498           0 :         int i;
     499             : 
     500           4 :         *ppsd = NULL;
     501             : 
     502             :         /* If the acl string is blank return "Everyone:R" */
     503           4 :         if (!*acl_str) {
     504           0 :                 struct security_descriptor *default_psd = get_share_security_default(ctx, &s_size, GENERIC_READ_ACCESS);
     505           0 :                 if (!default_psd) {
     506           0 :                         return False;
     507             :                 }
     508           0 :                 *ppsd = default_psd;
     509           0 :                 return True;
     510             :         }
     511             : 
     512           4 :         num_aces = 1;
     513             : 
     514             :         /* Add the number of ',' characters to get the number of aces. */
     515           4 :         num_aces += count_chars(pacl,',');
     516             : 
     517           4 :         ace_list = talloc_array(ctx, struct security_ace, num_aces);
     518           4 :         if (!ace_list) {
     519           0 :                 return False;
     520             :         }
     521             : 
     522           8 :         for (i = 0; i < num_aces; i++) {
     523           0 :                 uint32_t sa;
     524           0 :                 uint32_t g_access;
     525           0 :                 uint32_t s_access;
     526           0 :                 struct dom_sid sid;
     527           0 :                 char *sidstr;
     528           4 :                 enum security_ace_type type = SEC_ACE_TYPE_ACCESS_ALLOWED;
     529             : 
     530           4 :                 if (!next_token_talloc(ctx, &pacl, &sidstr, ":")) {
     531           0 :                         DEBUG(0,("parse_usershare_acl: malformed usershare acl looking "
     532             :                                 "for ':' in string '%s'\n", pacl));
     533           0 :                         return False;
     534             :                 }
     535             : 
     536           4 :                 if (!string_to_sid(&sid, sidstr)) {
     537           0 :                         DEBUG(0,("parse_usershare_acl: failed to convert %s to sid.\n",
     538             :                                 sidstr ));
     539           0 :                         return False;
     540             :                 }
     541             : 
     542           4 :                 switch (*pacl) {
     543           0 :                         case 'F': /* Full Control, ie. R+W */
     544             :                         case 'f': /* Full Control, ie. R+W */
     545           0 :                                 s_access = g_access = GENERIC_ALL_ACCESS;
     546           0 :                                 break;
     547           4 :                         case 'R': /* Read only. */
     548             :                         case 'r': /* Read only. */
     549           4 :                                 s_access = g_access = GENERIC_READ_ACCESS;
     550           4 :                                 break;
     551           0 :                         case 'D': /* Deny all to this SID. */
     552             :                         case 'd': /* Deny all to this SID. */
     553           0 :                                 type = SEC_ACE_TYPE_ACCESS_DENIED;
     554           0 :                                 s_access = g_access = GENERIC_ALL_ACCESS;
     555           0 :                                 break;
     556           0 :                         default:
     557           0 :                                 DEBUG(0,("parse_usershare_acl: unknown acl type at %s.\n",
     558             :                                         pacl ));
     559           0 :                                 return False;
     560             :                 }
     561             : 
     562           4 :                 pacl++;
     563           4 :                 if (*pacl && *pacl != ',') {
     564           0 :                         DEBUG(0,("parse_usershare_acl: bad acl string at %s.\n",
     565             :                                 pacl ));
     566           0 :                         return False;
     567             :                 }
     568           4 :                 pacl++; /* Go past any ',' */
     569             : 
     570           4 :                 se_map_generic(&s_access, &file_generic_mapping);
     571           4 :                 sa = (g_access | s_access);
     572           4 :                 init_sec_ace(&ace_list[i], &sid, type, sa, 0);
     573             :         }
     574             : 
     575           4 :         if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, num_aces, ace_list)) != NULL) {
     576           4 :                 psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
     577             :                                     SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
     578             :                                     psa, &sd_size);
     579             :         }
     580             : 
     581           4 :         if (!psd) {
     582           0 :                 DEBUG(0,("parse_usershare_acl: Failed to make SEC_DESC.\n"));
     583           0 :                 return False;
     584             :         }
     585             : 
     586           4 :         *ppsd = psd;
     587           4 :         return True;
     588             : }

Generated by: LCOV version 1.14