1 /*
2 * Unix SMB/CIFS implementation.
3 * Group Policy Object Support
4 * Copyright (C) Wilco Baan Hofman 2008-2010
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "includes.h"
20 #include "system/filesys.h"
21 #include "lib/policy/policy.h"
22 #include "libcli/raw/smb.h"
23 #include "libcli/libcli.h"
24 #include "param/param.h"
25 #include "libcli/resolve/resolve.h"
26 #include "libcli/raw/libcliraw.h"
27 #include <dirent.h>
28 #include <errno.h>
29
30 #define GP_MAX_DEPTH 25
31
32 struct gp_file_entry {
33 bool is_directory;
34 const char *rel_path;
35 };
36 struct gp_file_list {
37 uint32_t num_files;
38 struct gp_file_entry *files;
39 };
40 struct gp_list_state {
41 struct smbcli_tree *tree;
42 uint8_t depth;
43 const char *cur_rel_path;
44 const char *share_path;
45
46 struct gp_file_list list;
47 };
48
49 static NTSTATUS gp_do_list(const char *, struct gp_list_state *);
50
51 /* Create a temporary policy directory */
gp_tmpdir(TALLOC_CTX * mem_ctx)52 static const char *gp_tmpdir(TALLOC_CTX *mem_ctx)
53 {
54 char *gp_dir = talloc_asprintf(mem_ctx, "%s/policy", tmpdir());
55 struct stat st;
56 int rv;
57
58 if (gp_dir == NULL) return NULL;
59
60 if (stat(gp_dir, &st) != 0) {
61 rv = mkdir(gp_dir, 0755);
62 if (rv < 0) {
63 DEBUG(0, ("Failed to create directory %s: %s\n",
64 gp_dir, strerror(errno)));
65 talloc_free(gp_dir);
66 return NULL;
67 }
68 }
69
70 return gp_dir;
71 }
72
73 /* This function is called by the smbcli_list function */
gp_list_helper(struct clilist_file_info * info,const char * mask,void * list_state_ptr)74 static void gp_list_helper (struct clilist_file_info *info, const char *mask,
75 void *list_state_ptr)
76 {
77 struct gp_list_state *state = list_state_ptr;
78 const char *rel_path;
79
80 /* Ignore . and .. directory entries */
81 if (strcmp(info->name, ".") == 0 || strcmp(info->name, "..") == 0) {
82 return;
83 }
84
85 /* Safety check against ../.. in filenames which may occur on non-POSIX
86 * platforms */
87 if (strstr(info->name, "../")) {
88 return;
89 }
90
91 rel_path = talloc_asprintf(state, "%s\\%s", state->cur_rel_path, info->name);
92 if (rel_path == NULL) return;
93
94 /* Append entry to file list */
95 state->list.files = talloc_realloc(state, state->list.files,
96 struct gp_file_entry,
97 state->list.num_files + 1);
98 if (state->list.files == NULL) return;
99
100 state->list.files[state->list.num_files].rel_path = rel_path;
101
102 /* Directory */
103 if (info->attrib & FILE_ATTRIBUTE_DIRECTORY) {
104 state->list.files[state->list.num_files].is_directory = true;
105 state->list.num_files++;
106
107 /* Recurse into this directory if the depth is below the maximum */
108 if (state->depth < GP_MAX_DEPTH) {
109 gp_do_list(rel_path, state);
110 }
111
112 return;
113 }
114
115 state->list.files[state->list.num_files].is_directory = false;
116 state->list.num_files++;
117
118 return;
119 }
120
gp_do_list(const char * rel_path,struct gp_list_state * state)121 static NTSTATUS gp_do_list (const char *rel_path, struct gp_list_state *state)
122 {
123 uint16_t attributes;
124 int rv;
125 char *mask;
126 const char *old_rel_path;
127
128 attributes = FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN |
129 FILE_ATTRIBUTE_DIRECTORY;
130
131 /* Update the relative paths, while buffering the parent */
132 old_rel_path = state->cur_rel_path;
133 state->cur_rel_path = rel_path;
134 state->depth++;
135
136 /* Get the current mask */
137 mask = talloc_asprintf(state, "%s%s\\*", state->share_path, rel_path);
138 NT_STATUS_HAVE_NO_MEMORY(mask);
139 rv = smbcli_list(state->tree, mask, attributes, gp_list_helper, state);
140 talloc_free(mask);
141
142 /* Go back to the state of the parent */
143 state->cur_rel_path = old_rel_path;
144 state->depth--;
145
146 if (rv == -1)
147 return NT_STATUS_UNSUCCESSFUL;
148
149 return NT_STATUS_OK;
150 }
151
gp_cli_connect(struct gp_context * gp_ctx)152 static NTSTATUS gp_cli_connect(struct gp_context *gp_ctx)
153 {
154 struct smbcli_options options;
155 struct smbcli_session_options session_options;
156
157 if (gp_ctx->cli != NULL)
158 return NT_STATUS_OK;
159
160 gp_ctx->cli = smbcli_state_init(gp_ctx);
161
162 lpcfg_smbcli_options(gp_ctx->lp_ctx, &options);
163 lpcfg_smbcli_session_options(gp_ctx->lp_ctx, &session_options);
164
165 return smbcli_full_connection(gp_ctx,
166 &gp_ctx->cli,
167 gp_ctx->active_dc->name,
168 lpcfg_smb_ports(gp_ctx->lp_ctx),
169 "sysvol",
170 NULL,
171 lpcfg_socket_options(gp_ctx->lp_ctx),
172 gp_ctx->credentials,
173 lpcfg_resolve_context(gp_ctx->lp_ctx),
174 gp_ctx->ev_ctx,
175 &options,
176 &session_options,
177 lpcfg_gensec_settings(gp_ctx, gp_ctx->lp_ctx));
178 }
179
gp_get_share_path(TALLOC_CTX * mem_ctx,const char * file_sys_path)180 static char * gp_get_share_path(TALLOC_CTX *mem_ctx, const char *file_sys_path)
181 {
182 unsigned int i, bkslash_cnt;
183
184 /* Get the path from the share down (\\..\..\(this\stuff) */
185 for (i = 0, bkslash_cnt = 0; file_sys_path[i] != '\0'; i++) {
186 if (file_sys_path[i] == '\\')
187 bkslash_cnt++;
188
189 if (bkslash_cnt == 4) {
190 return talloc_strdup(mem_ctx, &file_sys_path[i]);
191 }
192 }
193
194 return NULL;
195 }
196
gp_get_file(struct smbcli_tree * tree,const char * remote_src,const char * local_dst)197 static NTSTATUS gp_get_file (struct smbcli_tree *tree, const char *remote_src,
198 const char *local_dst)
199 {
200 int fh_remote, fh_local;
201 uint8_t *buf;
202 size_t nread = 0;
203 size_t buf_size = 1024;
204 size_t file_size;
205 uint16_t attr;
206
207 /* Open the remote file */
208 fh_remote = smbcli_open(tree, remote_src, O_RDONLY, DENY_NONE);
209 if (fh_remote == -1) {
210 DEBUG(0, ("Failed to open remote file: %s\n", remote_src));
211 return NT_STATUS_UNSUCCESSFUL;
212 }
213
214 /* Open the local file */
215 fh_local = open(local_dst, O_WRONLY | O_CREAT | O_TRUNC, 0644);
216 if (fh_local == -1) {
217 DEBUG(0, ("Failed to open local file: %s\n", local_dst));
218 smbcli_close(tree, fh_remote);
219 return NT_STATUS_UNSUCCESSFUL;
220 }
221
222 /* Get the remote file size for error checking */
223 if (NT_STATUS_IS_ERR(smbcli_qfileinfo(tree, fh_remote,
224 &attr, &file_size, NULL, NULL, NULL, NULL, NULL)) &&
225 NT_STATUS_IS_ERR(smbcli_getattrE(tree, fh_remote,
226 &attr, &file_size, NULL, NULL, NULL))) {
227 DEBUG(0, ("Failed to get remote file size: %s\n", smbcli_errstr(tree)));
228 smbcli_close(tree, fh_remote);
229 close(fh_local);
230 return NT_STATUS_UNSUCCESSFUL;
231 }
232
233 buf = talloc_zero_array(tree, uint8_t, buf_size);
234 if (buf == NULL) {
235 smbcli_close(tree, fh_remote);
236 close(fh_local);
237 return NT_STATUS_NO_MEMORY;
238 }
239
240 /* Copy the contents of the file */
241 while (1) {
242 int n = smbcli_read(tree, fh_remote, buf, nread, buf_size);
243
244 if (n <= 0) {
245 break;
246 }
247
248 if (write(fh_local, buf, n) != n) {
249 DEBUG(0, ("Short write while copying file.\n"));
250 smbcli_close(tree, fh_remote);
251 close(fh_local);
252 talloc_free(buf);
253 return NT_STATUS_UNSUCCESSFUL;
254 }
255 nread += n;
256 }
257
258 /* Close the files */
259 smbcli_close(tree, fh_remote);
260 close(fh_local);
261
262 talloc_free(buf);
263
264 /* Bytes read should match the file size, or the copy was incomplete */
265 if (nread != file_size) {
266 DEBUG(0, ("Remote/local file size mismatch after copying file: "
267 "%s (remote %zu, local %zu).\n",
268 remote_src, file_size, nread));
269 return NT_STATUS_UNSUCCESSFUL;
270 }
271
272 return NT_STATUS_OK;
273 }
274
gp_get_files(struct smbcli_tree * tree,const char * share_path,const char * local_path,struct gp_file_list * list)275 static NTSTATUS gp_get_files(struct smbcli_tree *tree, const char *share_path,
276 const char *local_path, struct gp_file_list *list)
277 {
278 uint32_t i;
279 int rv;
280 char *local_rel_path, *full_local_path, *full_remote_path;
281 TALLOC_CTX *mem_ctx;
282 NTSTATUS status;
283
284 mem_ctx = talloc_new(tree);
285 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
286
287 for (i = 0; i < list->num_files; i++) {
288
289 /* Get local path by replacing backslashes with slashes */
290 local_rel_path = talloc_strdup(mem_ctx, list->files[i].rel_path);
291 if (local_rel_path == NULL) {
292 TALLOC_FREE(mem_ctx);
293 return NT_STATUS_NO_MEMORY;
294 }
295 string_replace(local_rel_path, '\\', '/');
296
297 full_local_path = talloc_asprintf(mem_ctx, "%s%s", local_path,
298 local_rel_path);
299 if (full_local_path == NULL) {
300 TALLOC_FREE(mem_ctx);
301 return NT_STATUS_NO_MEMORY;
302 }
303
304 /* If the entry is a directory, create it. */
305 if (list->files[i].is_directory == true) {
306 rv = mkdir(full_local_path, 0755);
307 if (rv < 0) {
308 DEBUG(0, ("Failed to create directory %s: %s\n",
309 full_local_path, strerror(errno)));
310 talloc_free(mem_ctx);
311 return NT_STATUS_UNSUCCESSFUL;
312 }
313 continue;
314 }
315
316 full_remote_path = talloc_asprintf(mem_ctx, "%s%s", share_path,
317 list->files[i].rel_path);
318 if (full_remote_path == NULL) {
319 TALLOC_FREE(mem_ctx);
320 return NT_STATUS_NO_MEMORY;
321 }
322
323 /* Get the file */
324 status = gp_get_file(tree, full_remote_path, full_local_path);
325 if (!NT_STATUS_IS_OK(status)) {
326 DEBUG(0, ("Error getting file.\n"));
327 talloc_free(mem_ctx);
328 return status;
329 }
330 }
331
332 return NT_STATUS_OK;
333 }
334
gp_fetch_gpt(struct gp_context * gp_ctx,struct gp_object * gpo,const char ** ret_local_path)335 NTSTATUS gp_fetch_gpt (struct gp_context *gp_ctx, struct gp_object *gpo,
336 const char **ret_local_path)
337 {
338 TALLOC_CTX *mem_ctx;
339 struct gp_list_state *state;
340 NTSTATUS status;
341 struct stat st;
342 int rv;
343 const char *local_path, *share_path;
344
345 /* Create a forked memory context, as a base for everything here */
346 mem_ctx = talloc_new(gp_ctx);
347 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
348
349 if (gp_ctx->cli == NULL) {
350 status = gp_cli_connect(gp_ctx);
351 if (!NT_STATUS_IS_OK(status)) {
352 DEBUG(0, ("Failed to create cli connection to DC\n"));
353 talloc_free(mem_ctx);
354 return status;
355 }
356 }
357
358 /* Get the remote path to copy from */
359 share_path = gp_get_share_path(mem_ctx, gpo->file_sys_path);
360 if (share_path == NULL) {
361 TALLOC_FREE(mem_ctx);
362 return NT_STATUS_NO_MEMORY;
363 }
364
365 /* Get the local path to copy to */
366 local_path = talloc_asprintf(gp_ctx, "%s/%s", gp_tmpdir(mem_ctx), gpo->name);
367 if (local_path == NULL) {
368 TALLOC_FREE(mem_ctx);
369 return NT_STATUS_NO_MEMORY;
370 }
371
372 /* Prepare the state structure */
373 state = talloc_zero(mem_ctx, struct gp_list_state);
374 if (state == NULL) {
375 TALLOC_FREE(mem_ctx);
376 return NT_STATUS_NO_MEMORY;
377 }
378
379 state->tree = gp_ctx->cli->tree;
380 state->share_path = share_path;
381
382 /* Create the GPO dir if it does not exist */
383 if (stat(local_path, &st) != 0) {
384 rv = mkdir(local_path, 0755);
385 if (rv < 0) {
386 DEBUG(0, ("Could not create local path\n"));
387 talloc_free(mem_ctx);
388 return NT_STATUS_UNSUCCESSFUL;
389 }
390 }
391
392 /* Get the file list */
393 status = gp_do_list("", state);
394 if (!NT_STATUS_IS_OK(status)) {
395 DEBUG(0, ("Could not list GPO files on remote server\n"));
396 talloc_free(mem_ctx);
397 return status;
398 }
399
400 /* If the list has no entries there is a problem. */
401 if (state->list.num_files == 0) {
402 DEBUG(0, ("File list is has no entries. Is the GPT directory empty?\n"));
403 talloc_free(mem_ctx);
404 return NT_STATUS_UNSUCCESSFUL;
405 }
406
407 /* Fetch the files */
408 status = gp_get_files(gp_ctx->cli->tree, share_path, local_path, &state->list);
409
410 /* Return the local path to the gpo */
411 *ret_local_path = local_path;
412
413 talloc_free(mem_ctx);
414 return NT_STATUS_OK;
415 }
416
push_recursive(struct gp_context * gp_ctx,const char * local_path,const char * remote_path,int depth)417 static NTSTATUS push_recursive (struct gp_context *gp_ctx, const char *local_path,
418 const char *remote_path, int depth)
419 {
420 DIR *dir;
421 struct dirent *dirent;
422 char *entry_local_path = NULL;
423 char *entry_remote_path = NULL;
424 int local_fd = -1, remote_fd = -1;
425 int buf[1024];
426 int nread, total_read;
427 struct stat s;
428 NTSTATUS status;
429
430 dir = opendir(local_path);
431 while ((dirent = readdir(dir)) != NULL) {
432 if (strcmp(dirent->d_name, ".") == 0 ||
433 strcmp(dirent->d_name, "..") == 0) {
434 continue;
435 }
436
437 entry_local_path = talloc_asprintf(gp_ctx, "%s/%s", local_path,
438 dirent->d_name);
439 if (entry_local_path == NULL) {
440 status = NT_STATUS_NO_MEMORY;
441 goto done;
442 }
443
444 entry_remote_path = talloc_asprintf(gp_ctx, "%s\\%s",
445 remote_path, dirent->d_name);
446 if (entry_remote_path == NULL) {
447 status = NT_STATUS_NO_MEMORY;
448 goto done;
449 }
450
451 if (stat(entry_local_path, &s) != 0) {
452 status = NT_STATUS_UNSUCCESSFUL;
453 goto done;
454 }
455 if (s.st_mode & S_IFDIR) {
456 DEBUG(6, ("Pushing directory %s to %s on sysvol\n",
457 entry_local_path, entry_remote_path));
458 smbcli_mkdir(gp_ctx->cli->tree, entry_remote_path);
459 if (depth < GP_MAX_DEPTH) {
460 push_recursive(gp_ctx, entry_local_path,
461 entry_remote_path, depth+1);
462 }
463 } else {
464 DEBUG(6, ("Pushing file %s to %s on sysvol\n",
465 entry_local_path, entry_remote_path));
466 remote_fd = smbcli_open(gp_ctx->cli->tree,
467 entry_remote_path,
468 O_WRONLY | O_CREAT,
469 0);
470 if (remote_fd < 0) {
471 DEBUG(0, ("Failed to create remote file: %s\n",
472 entry_remote_path));
473 status = NT_STATUS_UNSUCCESSFUL;
474 goto done;
475 }
476 local_fd = open(entry_local_path, O_RDONLY);
477 if (local_fd < 0) {
478 DEBUG(0, ("Failed to open local file: %s\n",
479 entry_local_path));
480 status = NT_STATUS_UNSUCCESSFUL;
481 goto done;
482 }
483 total_read = 0;
484 while ((nread = read(local_fd, &buf, sizeof(buf)))) {
485 if (nread == -1) {
486 DBG_ERR("read failed with errno %s\n",
487 strerror(errno));
488 status = NT_STATUS_UNSUCCESSFUL;
489 goto done;
490 }
491 smbcli_write(gp_ctx->cli->tree, remote_fd, 0,
492 &buf, total_read, nread);
493 total_read += nread;
494 }
495
496 close(local_fd);
497 local_fd = -1;
498 smbcli_close(gp_ctx->cli->tree, remote_fd);
499 remote_fd = -1;
500 }
501 TALLOC_FREE(entry_local_path);
502 TALLOC_FREE(entry_remote_path);
503 }
504
505 status = NT_STATUS_OK;
506 done:
507 if (local_fd != -1) {
508 close(local_fd);
509 }
510 if (remote_fd != -1) {
511 smbcli_close(gp_ctx->cli->tree, remote_fd);
512 }
513 talloc_free(entry_local_path);
514 talloc_free(entry_remote_path);
515
516 closedir(dir);
517
518 return status;
519 }
520
521
522
gp_push_gpt(struct gp_context * gp_ctx,const char * local_path,const char * file_sys_path)523 NTSTATUS gp_push_gpt(struct gp_context *gp_ctx, const char *local_path,
524 const char *file_sys_path)
525 {
526 NTSTATUS status;
527 char *share_path;
528
529 if (gp_ctx->cli == NULL) {
530 status = gp_cli_connect(gp_ctx);
531 if (!NT_STATUS_IS_OK(status)) {
532 DEBUG(0, ("Failed to create cli connection to DC\n"));
533 return status;
534 }
535 }
536 share_path = gp_get_share_path(gp_ctx, file_sys_path);
537
538 DEBUG(5, ("Copying %s to %s on sysvol\n", local_path, share_path));
539
540 smbcli_mkdir(gp_ctx->cli->tree, share_path);
541
542 status = push_recursive(gp_ctx, local_path, share_path, 0);
543
544 talloc_free(share_path);
545 return status;
546 }
547
gp_create_gpt(struct gp_context * gp_ctx,const char * name,const char * file_sys_path)548 NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name,
549 const char *file_sys_path)
550 {
551 TALLOC_CTX *mem_ctx;
552 const char *tmp_dir, *policy_dir, *tmp_str;
553 int rv;
554 int fd;
555 NTSTATUS status;
556 const char *file_content = "[General]\r\nVersion=0\r\n";
557
558 /* Create a forked memory context, as a base for everything here */
559 mem_ctx = talloc_new(gp_ctx);
560 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
561
562 tmp_dir = gp_tmpdir(mem_ctx);
563 NT_STATUS_HAVE_NO_MEMORY(tmp_dir);
564 policy_dir = talloc_asprintf(mem_ctx, "%s/%s", tmp_dir, name);
565 NT_STATUS_HAVE_NO_MEMORY(policy_dir);
566
567 /* Create the directories */
568
569 rv = mkdir(policy_dir, 0755);
570 if (rv < 0) {
571 DEBUG(0, ("Could not create the policy dir: %s\n", policy_dir));
572 talloc_free(mem_ctx);
573 return NT_STATUS_UNSUCCESSFUL;
574 }
575
576 tmp_str = talloc_asprintf(mem_ctx, "%s/User", policy_dir);
577 NT_STATUS_HAVE_NO_MEMORY(tmp_str);
578 rv = mkdir(tmp_str, 0755);
579 if (rv < 0) {
580 DEBUG(0, ("Could not create the User dir: %s\n", tmp_str));
581 talloc_free(mem_ctx);
582 return NT_STATUS_UNSUCCESSFUL;
583 }
584
585 tmp_str = talloc_asprintf(mem_ctx, "%s/Machine", policy_dir);
586 NT_STATUS_HAVE_NO_MEMORY(tmp_str);
587 rv = mkdir(tmp_str, 0755);
588 if (rv < 0) {
589 DEBUG(0, ("Could not create the Machine dir: %s\n", tmp_str));
590 talloc_free(mem_ctx);
591 return NT_STATUS_UNSUCCESSFUL;
592 }
593
594 /* Create a GPT.INI with version 0 */
595
596 tmp_str = talloc_asprintf(mem_ctx, "%s/GPT.INI", policy_dir);
597 NT_STATUS_HAVE_NO_MEMORY(tmp_str);
598 fd = open(tmp_str, O_CREAT | O_WRONLY, 0644);
599 if (fd < 0) {
600 DEBUG(0, ("Could not create the GPT.INI: %s\n", tmp_str));
601 talloc_free(mem_ctx);
602 return NT_STATUS_UNSUCCESSFUL;
603 }
604
605 rv = write(fd, file_content, strlen(file_content));
606 close(fd);
607 if (rv != strlen(file_content)) {
608 DEBUG(0, ("Short write in GPT.INI\n"));
609 talloc_free(mem_ctx);
610 return NT_STATUS_UNSUCCESSFUL;
611 }
612
613 /* Upload the GPT to the sysvol share on a DC */
614 status = gp_push_gpt(gp_ctx, policy_dir, file_sys_path);
615 if (!NT_STATUS_IS_OK(status)) {
616 talloc_free(mem_ctx);
617 return status;
618 }
619
620 talloc_free(mem_ctx);
621 return NT_STATUS_OK;
622 }
623
gp_set_gpt_security_descriptor(struct gp_context * gp_ctx,struct gp_object * gpo,struct security_descriptor * sd)624 NTSTATUS gp_set_gpt_security_descriptor(struct gp_context *gp_ctx,
625 struct gp_object *gpo,
626 struct security_descriptor *sd)
627 {
628 TALLOC_CTX *mem_ctx;
629 NTSTATUS status;
630 union smb_setfileinfo fileinfo;
631 union smb_open io;
632 union smb_close io_close;
633
634 /* Create a connection to sysvol if it is not already there */
635 if (gp_ctx->cli == NULL) {
636 status = gp_cli_connect(gp_ctx);
637 if (!NT_STATUS_IS_OK(status)) {
638 DEBUG(0, ("Failed to create cli connection to DC\n"));
639 return status;
640 }
641 }
642
643 /* Create a forked memory context which can be freed easily */
644 mem_ctx = talloc_new(gp_ctx);
645 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
646
647 /* Open the directory with NTCreate AndX call */
648 io.generic.level = RAW_OPEN_NTCREATEX;
649 io.ntcreatex.in.root_fid.fnum = 0;
650 io.ntcreatex.in.flags = 0;
651 io.ntcreatex.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
652 io.ntcreatex.in.create_options = 0;
653 io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
654 io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
655 NTCREATEX_SHARE_ACCESS_WRITE;
656 io.ntcreatex.in.alloc_size = 0;
657 io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
658 io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
659 io.ntcreatex.in.security_flags = 0;
660 io.ntcreatex.in.fname = gp_get_share_path(mem_ctx, gpo->file_sys_path);
661 status = smb_raw_open(gp_ctx->cli->tree, mem_ctx, &io);
662 if (!NT_STATUS_IS_OK(status)) {
663 DEBUG(0, ("Can't open GPT directory\n"));
664 talloc_free(mem_ctx);
665 return status;
666 }
667
668 /* Set the security descriptor on the directory */
669 fileinfo.generic.level = RAW_SFILEINFO_SEC_DESC;
670 fileinfo.set_secdesc.in.file.fnum = io.ntcreatex.out.file.fnum;
671 fileinfo.set_secdesc.in.secinfo_flags = SECINFO_PROTECTED_DACL |
672 SECINFO_OWNER |
673 SECINFO_GROUP |
674 SECINFO_DACL;
675 fileinfo.set_secdesc.in.sd = sd;
676 status = smb_raw_setfileinfo(gp_ctx->cli->tree, &fileinfo);
677 if (!NT_STATUS_IS_OK(status)) {
678 DEBUG(0, ("Failed to set security descriptor on the GPT\n"));
679 talloc_free(mem_ctx);
680 return status;
681 }
682
683 /* Close the directory */
684 io_close.close.level = RAW_CLOSE_CLOSE;
685 io_close.close.in.file.fnum = io.ntcreatex.out.file.fnum;
686 io_close.close.in.write_time = 0;
687 status = smb_raw_close(gp_ctx->cli->tree, &io_close);
688 if (!NT_STATUS_IS_OK(status)) {
689 DEBUG(0, ("Failed to close directory\n"));
690 talloc_free(mem_ctx);
691 return status;
692 }
693
694 talloc_free(mem_ctx);
695 return NT_STATUS_OK;
696 }
697