2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "libsmb/libsmb.h"
27 #include "libsmbclient.h"
28 #include "libsmb_internal.h"
29 #include "../librpc/gen_ndr/ndr_lsa.h"
30 #include "rpc_client/rpc_client.h"
31 #include "rpc_client/cli_lsarpc.h"
32 #include "../libcli/security/security.h"
35 * Find an lsa pipe handle associated with a cli struct.
37 static struct rpc_pipe_client
*
38 find_lsa_pipe_hnd(struct cli_state
*ipc_cli
)
40 struct rpc_pipe_client
*pipe_hnd
;
42 for (pipe_hnd
= ipc_cli
->pipe_list
;
44 pipe_hnd
= pipe_hnd
->next
) {
45 if (ndr_syntax_id_equal(&pipe_hnd
->abstract_syntax
,
46 &ndr_table_lsarpc
.syntax_id
)) {
54 * Sort ACEs according to the documentation at
55 * http://support.microsoft.com/kb/269175, at least as far as it defines the
60 ace_compare(struct security_ace
*ace1
,
61 struct security_ace
*ace2
)
66 /* If the ACEs are equal, we have nothing more to do. */
67 if (sec_ace_equal(ace1
, ace2
)) {
71 /* Inherited follow non-inherited */
72 b1
= ((ace1
->flags
& SEC_ACE_FLAG_INHERITED_ACE
) != 0);
73 b2
= ((ace2
->flags
& SEC_ACE_FLAG_INHERITED_ACE
) != 0);
79 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
80 * sort them after DENY and ALLOW.
82 b1
= (ace1
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED
&&
83 ace1
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
&&
84 ace1
->type
!= SEC_ACE_TYPE_ACCESS_DENIED
&&
85 ace1
->type
!= SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
86 b2
= (ace2
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED
&&
87 ace2
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
&&
88 ace2
->type
!= SEC_ACE_TYPE_ACCESS_DENIED
&&
89 ace2
->type
!= SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
94 /* Allowed ACEs follow denied ACEs */
95 b1
= (ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
||
96 ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
);
97 b2
= (ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
||
98 ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
);
100 return (b1
? 1 : -1);
104 * ACEs applying to an entity's object follow those applying to the
107 b1
= (ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
||
108 ace1
->type
== SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
109 b2
= (ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
||
110 ace2
->type
== SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
112 return (b1
? 1 : -1);
116 * If we get this far, the ACEs are similar as far as the
117 * characteristics we typically care about (those defined by the
118 * referenced MS document). We'll now sort by characteristics that
119 * just seems reasonable.
122 if (ace1
->type
!= ace2
->type
) {
123 return ace2
->type
- ace1
->type
;
126 if (dom_sid_compare(&ace1
->trustee
, &ace2
->trustee
)) {
127 return dom_sid_compare(&ace1
->trustee
, &ace2
->trustee
);
130 if (ace1
->flags
!= ace2
->flags
) {
131 return ace1
->flags
- ace2
->flags
;
134 if (ace1
->access_mask
!= ace2
->access_mask
) {
135 return ace1
->access_mask
- ace2
->access_mask
;
138 if (ace1
->size
!= ace2
->size
) {
139 return ace1
->size
- ace2
->size
;
142 return memcmp(ace1
, ace2
, sizeof(struct security_ace
));
147 sort_acl(struct security_acl
*the_acl
)
150 if (!the_acl
) return;
152 TYPESAFE_QSORT(the_acl
->aces
, the_acl
->num_aces
, ace_compare
);
154 for (i
=1;i
<the_acl
->num_aces
;) {
155 if (sec_ace_equal(&the_acl
->aces
[i
-1], &the_acl
->aces
[i
])) {
157 for (j
=i
; j
<the_acl
->num_aces
-1; j
++) {
158 the_acl
->aces
[j
] = the_acl
->aces
[j
+1];
167 /* convert a SID to a string, either numeric or username/group */
169 convert_sid_to_string(struct cli_state
*ipc_cli
,
170 struct policy_handle
*pol
,
175 char **domains
= NULL
;
177 enum lsa_SidType
*types
= NULL
;
178 struct rpc_pipe_client
*pipe_hnd
= find_lsa_pipe_hnd(ipc_cli
);
181 sid_to_fstring(str
, sid
);
184 return; /* no lookup desired */
191 /* Ask LSA to convert the sid to a name */
193 ctx
= talloc_stackframe();
195 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd
, ctx
,
196 pol
, 1, sid
, &domains
,
198 !domains
|| !domains
[0] || !names
|| !names
[0]) {
205 slprintf(str
, sizeof(fstring
) - 1, "%s%s%s",
206 domains
[0], lp_winbind_separator(),
212 /* convert a string to a SID, either numeric or username/group */
214 convert_string_to_sid(struct cli_state
*ipc_cli
,
215 struct policy_handle
*pol
,
220 enum lsa_SidType
*types
= NULL
;
221 struct dom_sid
*sids
= NULL
;
223 TALLOC_CTX
*ctx
= NULL
;
224 struct rpc_pipe_client
*pipe_hnd
= find_lsa_pipe_hnd(ipc_cli
);
231 if (strncmp(str
, "S-", 2) == 0) {
232 return string_to_sid(sid
, str
);
239 ctx
= talloc_stackframe();
240 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd
, ctx
,
248 sid_copy(sid
, &sids
[0]);
255 /* parse an struct security_ace in the same format as print_ace() */
257 parse_ace(struct cli_state
*ipc_cli
,
258 struct policy_handle
*pol
,
259 struct security_ace
*ace
,
271 const struct perm_value
*v
;
276 TALLOC_CTX
*frame
= talloc_stackframe();
278 /* These values discovered by inspection */
279 static const struct perm_value special_values
[] = {
289 static const struct perm_value standard_values
[] = {
290 { "READ", 0x001200a9 },
291 { "CHANGE", 0x001301bf },
292 { "FULL", 0x001f01ff },
297 p
= strchr_m(str
,':');
304 /* Try to parse numeric form */
306 if (sscanf(p
, "%i/%i/%i", &atype
, &aflags
, &amask
) == 3 &&
307 convert_string_to_sid(ipc_cli
, pol
, numeric
, &sid
, str
)) {
311 /* Try to parse text form */
313 if (!convert_string_to_sid(ipc_cli
, pol
, numeric
, &sid
, str
)) {
319 if (!next_token_talloc(frame
, &cp
, &tok
, "/")) {
324 if (strncasecmp_m(tok
, "ALLOWED", strlen("ALLOWED")) == 0) {
325 atype
= SEC_ACE_TYPE_ACCESS_ALLOWED
;
326 } else if (strncasecmp_m(tok
, "DENIED", strlen("DENIED")) == 0) {
327 atype
= SEC_ACE_TYPE_ACCESS_DENIED
;
333 /* Only numeric form accepted for flags at present */
335 if (!(next_token_talloc(frame
, &cp
, &tok
, "/") &&
336 sscanf(tok
, "%i", &aflags
))) {
341 if (!next_token_talloc(frame
, &cp
, &tok
, "/")) {
346 if (strncmp(tok
, "0x", 2) == 0) {
347 if (sscanf(tok
, "%i", &amask
) != 1) {
354 for (v
= standard_values
; v
->perm
; v
++) {
355 if (strcmp(tok
, v
->perm
) == 0) {
366 for (v
= special_values
; v
->perm
; v
++) {
367 if (v
->perm
[0] == *p
) {
387 init_sec_ace(ace
, &sid
, atype
, mask
, aflags
);
392 /* add an struct security_ace to a list of struct security_aces in a struct security_acl */
394 add_ace(struct security_acl
**the_acl
,
395 struct security_ace
*ace
,
398 struct security_acl
*newacl
;
399 struct security_ace
*aces
;
402 (*the_acl
) = make_sec_acl(ctx
, 3, 1, ace
);
406 if ((aces
= SMB_CALLOC_ARRAY(struct security_ace
,
407 1+(*the_acl
)->num_aces
)) == NULL
) {
410 memcpy(aces
, (*the_acl
)->aces
, (*the_acl
)->num_aces
* sizeof(struct security_ace
));
411 memcpy(aces
+(*the_acl
)->num_aces
, ace
, sizeof(struct security_ace
));
412 newacl
= make_sec_acl(ctx
, (*the_acl
)->revision
,
413 1+(*the_acl
)->num_aces
, aces
);
420 /* parse a ascii version of a security descriptor */
421 static struct security_descriptor
*
422 sec_desc_parse(TALLOC_CTX
*ctx
,
423 struct cli_state
*ipc_cli
,
424 struct policy_handle
*pol
,
430 struct security_descriptor
*ret
= NULL
;
432 struct dom_sid
*group_sid
=NULL
;
433 struct dom_sid
*owner_sid
=NULL
;
434 struct security_acl
*dacl
=NULL
;
437 while (next_token_talloc(ctx
, &p
, &tok
, "\t,\r\n")) {
439 if (strncasecmp_m(tok
,"REVISION:", 9) == 0) {
440 revision
= strtol(tok
+9, NULL
, 16);
444 if (strncasecmp_m(tok
,"OWNER:", 6) == 0) {
446 DEBUG(5,("OWNER specified more than once!\n"));
449 owner_sid
= SMB_CALLOC_ARRAY(struct dom_sid
, 1);
451 !convert_string_to_sid(ipc_cli
, pol
,
454 DEBUG(5, ("Failed to parse owner sid\n"));
460 if (strncasecmp_m(tok
,"OWNER+:", 7) == 0) {
462 DEBUG(5,("OWNER specified more than once!\n"));
465 owner_sid
= SMB_CALLOC_ARRAY(struct dom_sid
, 1);
467 !convert_string_to_sid(ipc_cli
, pol
,
470 DEBUG(5, ("Failed to parse owner sid\n"));
476 if (strncasecmp_m(tok
,"GROUP:", 6) == 0) {
478 DEBUG(5,("GROUP specified more than once!\n"));
481 group_sid
= SMB_CALLOC_ARRAY(struct dom_sid
, 1);
483 !convert_string_to_sid(ipc_cli
, pol
,
486 DEBUG(5, ("Failed to parse group sid\n"));
492 if (strncasecmp_m(tok
,"GROUP+:", 7) == 0) {
494 DEBUG(5,("GROUP specified more than once!\n"));
497 group_sid
= SMB_CALLOC_ARRAY(struct dom_sid
, 1);
499 !convert_string_to_sid(ipc_cli
, pol
,
502 DEBUG(5, ("Failed to parse group sid\n"));
508 if (strncasecmp_m(tok
,"ACL:", 4) == 0) {
509 struct security_ace ace
;
510 if (!parse_ace(ipc_cli
, pol
, &ace
, numeric
, tok
+4)) {
511 DEBUG(5, ("Failed to parse ACL %s\n", tok
));
514 if(!add_ace(&dacl
, &ace
, ctx
)) {
515 DEBUG(5, ("Failed to add ACL %s\n", tok
));
521 if (strncasecmp_m(tok
,"ACL+:", 5) == 0) {
522 struct security_ace ace
;
523 if (!parse_ace(ipc_cli
, pol
, &ace
, False
, tok
+5)) {
524 DEBUG(5, ("Failed to parse ACL %s\n", tok
));
527 if(!add_ace(&dacl
, &ace
, ctx
)) {
528 DEBUG(5, ("Failed to add ACL %s\n", tok
));
534 DEBUG(5, ("Failed to parse security descriptor\n"));
538 ret
= make_sec_desc(ctx
, revision
, SEC_DESC_SELF_RELATIVE
,
539 owner_sid
, group_sid
, NULL
, dacl
, &sd_size
);
542 SAFE_FREE(group_sid
);
543 SAFE_FREE(owner_sid
);
548 /* Obtain the current dos attributes */
549 static DOS_ATTR_DESC
*
550 dos_attr_query(SMBCCTX
*context
,
552 const char *filename
,
555 struct timespec create_time_ts
;
556 struct timespec write_time_ts
;
557 struct timespec access_time_ts
;
558 struct timespec change_time_ts
;
564 ret
= talloc(ctx
, DOS_ATTR_DESC
);
570 /* Obtain the DOS attributes */
571 if (!SMBC_getatr(context
, srv
, filename
,
578 errno
= SMBC_errno(context
, srv
->cli
);
579 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
585 ret
->create_time
= convert_timespec_to_time_t(create_time_ts
);
586 ret
->access_time
= convert_timespec_to_time_t(access_time_ts
);
587 ret
->write_time
= convert_timespec_to_time_t(write_time_ts
);
588 ret
->change_time
= convert_timespec_to_time_t(change_time_ts
);
595 /* parse a ascii version of a security descriptor */
597 dos_attr_parse(SMBCCTX
*context
,
605 TALLOC_CTX
*frame
= NULL
;
607 const char * create_time_attr
;
608 const char * access_time_attr
;
609 const char * write_time_attr
;
610 const char * change_time_attr
;
613 /* Determine whether to use old-style or new-style attribute names */
614 if (context
->internal
->full_time_names
) {
615 /* new-style names */
616 attr_strings
.create_time_attr
= "CREATE_TIME";
617 attr_strings
.access_time_attr
= "ACCESS_TIME";
618 attr_strings
.write_time_attr
= "WRITE_TIME";
619 attr_strings
.change_time_attr
= "CHANGE_TIME";
621 /* old-style names */
622 attr_strings
.create_time_attr
= NULL
;
623 attr_strings
.access_time_attr
= "A_TIME";
624 attr_strings
.write_time_attr
= "M_TIME";
625 attr_strings
.change_time_attr
= "C_TIME";
628 /* if this is to set the entire ACL... */
630 /* ... then increment past the first colon if there is one */
631 if ((p
= strchr(str
, ':')) != NULL
) {
638 frame
= talloc_stackframe();
639 while (next_token_talloc(frame
, &p
, &tok
, "\t,\r\n")) {
640 if (strncasecmp_m(tok
, "MODE:", 5) == 0) {
641 long request
= strtol(tok
+5, NULL
, 16);
643 dad
->mode
= (request
|
644 (IS_DOS_DIR(dad
->mode
)
645 ? FILE_ATTRIBUTE_DIRECTORY
646 : FILE_ATTRIBUTE_NORMAL
));
653 if (strncasecmp_m(tok
, "SIZE:", 5) == 0) {
654 dad
->size
= (SMB_OFF_T
)atof(tok
+5);
658 n
= strlen(attr_strings
.access_time_attr
);
659 if (strncasecmp_m(tok
, attr_strings
.access_time_attr
, n
) == 0) {
660 dad
->access_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
664 n
= strlen(attr_strings
.change_time_attr
);
665 if (strncasecmp_m(tok
, attr_strings
.change_time_attr
, n
) == 0) {
666 dad
->change_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
670 n
= strlen(attr_strings
.write_time_attr
);
671 if (strncasecmp_m(tok
, attr_strings
.write_time_attr
, n
) == 0) {
672 dad
->write_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
676 if (attr_strings
.create_time_attr
!= NULL
) {
677 n
= strlen(attr_strings
.create_time_attr
);
678 if (strncasecmp_m(tok
, attr_strings
.create_time_attr
,
680 dad
->create_time
= (time_t)strtol(tok
+n
+1,
686 if (strncasecmp_m(tok
, "INODE:", 6) == 0) {
687 dad
->inode
= (SMB_INO_T
)atof(tok
+6);
694 /*****************************************************
695 Retrieve the acls for a file.
696 *******************************************************/
699 cacl_get(SMBCCTX
*context
,
702 struct cli_state
*ipc_cli
,
703 struct policy_handle
*pol
,
704 const char *filename
,
705 const char *attr_name
,
718 bool exclude_nt_revision
= False
;
719 bool exclude_nt_owner
= False
;
720 bool exclude_nt_group
= False
;
721 bool exclude_nt_acl
= False
;
722 bool exclude_dos_mode
= False
;
723 bool exclude_dos_size
= False
;
724 bool exclude_dos_create_time
= False
;
725 bool exclude_dos_access_time
= False
;
726 bool exclude_dos_write_time
= False
;
727 bool exclude_dos_change_time
= False
;
728 bool exclude_dos_inode
= False
;
730 bool determine_size
= (bufsize
== 0);
732 struct security_descriptor
*sd
;
734 fstring name_sandbox
;
738 struct timespec create_time_ts
;
739 struct timespec write_time_ts
;
740 struct timespec access_time_ts
;
741 struct timespec change_time_ts
;
742 time_t create_time
= (time_t)0;
743 time_t write_time
= (time_t)0;
744 time_t access_time
= (time_t)0;
745 time_t change_time
= (time_t)0;
749 struct cli_state
*cli
= srv
->cli
;
751 const char * create_time_attr
;
752 const char * access_time_attr
;
753 const char * write_time_attr
;
754 const char * change_time_attr
;
757 const char * create_time_attr
;
758 const char * access_time_attr
;
759 const char * write_time_attr
;
760 const char * change_time_attr
;
763 /* Determine whether to use old-style or new-style attribute names */
764 if (context
->internal
->full_time_names
) {
765 /* new-style names */
766 attr_strings
.create_time_attr
= "CREATE_TIME";
767 attr_strings
.access_time_attr
= "ACCESS_TIME";
768 attr_strings
.write_time_attr
= "WRITE_TIME";
769 attr_strings
.change_time_attr
= "CHANGE_TIME";
771 excl_attr_strings
.create_time_attr
= "CREATE_TIME";
772 excl_attr_strings
.access_time_attr
= "ACCESS_TIME";
773 excl_attr_strings
.write_time_attr
= "WRITE_TIME";
774 excl_attr_strings
.change_time_attr
= "CHANGE_TIME";
776 /* old-style names */
777 attr_strings
.create_time_attr
= NULL
;
778 attr_strings
.access_time_attr
= "A_TIME";
779 attr_strings
.write_time_attr
= "M_TIME";
780 attr_strings
.change_time_attr
= "C_TIME";
782 excl_attr_strings
.create_time_attr
= NULL
;
783 excl_attr_strings
.access_time_attr
= "dos_attr.A_TIME";
784 excl_attr_strings
.write_time_attr
= "dos_attr.M_TIME";
785 excl_attr_strings
.change_time_attr
= "dos_attr.C_TIME";
788 /* Copy name so we can strip off exclusions (if any are specified) */
789 strncpy(name_sandbox
, attr_name
, sizeof(name_sandbox
) - 1);
791 /* Ensure name is null terminated */
792 name_sandbox
[sizeof(name_sandbox
) - 1] = '\0';
794 /* Play in the sandbox */
797 /* If there are any exclusions, point to them and mask them from name */
798 if ((pExclude
= strchr(name
, '!')) != NULL
)
803 all
= (strncasecmp_m(name
, "system.*", 8) == 0);
804 all_nt
= (strncasecmp_m(name
, "system.nt_sec_desc.*", 20) == 0);
805 all_nt_acls
= (strncasecmp_m(name
, "system.nt_sec_desc.acl.*", 24) == 0);
806 all_dos
= (strncasecmp_m(name
, "system.dos_attr.*", 17) == 0);
807 some_nt
= (strncasecmp_m(name
, "system.nt_sec_desc.", 19) == 0);
808 some_dos
= (strncasecmp_m(name
, "system.dos_attr.", 16) == 0);
809 numeric
= (* (name
+ strlen(name
) - 1) != '+');
811 /* Look for exclusions from "all" requests */
812 if (all
|| all_nt
|| all_dos
) {
813 /* Exclusions are delimited by '!' */
816 pExclude
= (p
== NULL
? NULL
: p
+ 1)) {
818 /* Find end of this exclusion name */
819 if ((p
= strchr(pExclude
, '!')) != NULL
)
824 /* Which exclusion name is this? */
825 if (strcasecmp_m(pExclude
,
826 "nt_sec_desc.revision") == 0) {
827 exclude_nt_revision
= True
;
829 else if (strcasecmp_m(pExclude
,
830 "nt_sec_desc.owner") == 0) {
831 exclude_nt_owner
= True
;
833 else if (strcasecmp_m(pExclude
,
834 "nt_sec_desc.group") == 0) {
835 exclude_nt_group
= True
;
837 else if (strcasecmp_m(pExclude
,
838 "nt_sec_desc.acl") == 0) {
839 exclude_nt_acl
= True
;
841 else if (strcasecmp_m(pExclude
,
842 "dos_attr.mode") == 0) {
843 exclude_dos_mode
= True
;
845 else if (strcasecmp_m(pExclude
,
846 "dos_attr.size") == 0) {
847 exclude_dos_size
= True
;
849 else if (excl_attr_strings
.create_time_attr
!= NULL
&&
850 strcasecmp_m(pExclude
,
851 excl_attr_strings
.change_time_attr
) == 0) {
852 exclude_dos_create_time
= True
;
854 else if (strcasecmp_m(pExclude
,
855 excl_attr_strings
.access_time_attr
) == 0) {
856 exclude_dos_access_time
= True
;
858 else if (strcasecmp_m(pExclude
,
859 excl_attr_strings
.write_time_attr
) == 0) {
860 exclude_dos_write_time
= True
;
862 else if (strcasecmp_m(pExclude
,
863 excl_attr_strings
.change_time_attr
) == 0) {
864 exclude_dos_change_time
= True
;
866 else if (strcasecmp_m(pExclude
, "dos_attr.inode") == 0) {
867 exclude_dos_inode
= True
;
870 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
881 * If we are (possibly) talking to an NT or new system and some NT
882 * attributes have been requested...
884 if (ipc_cli
&& (all
|| some_nt
|| all_nt_acls
)) {
885 char *targetpath
= NULL
;
886 struct cli_state
*targetcli
= NULL
;
889 /* Point to the portion after "system.nt_sec_desc." */
890 name
+= 19; /* if (all) this will be invalid but unused */
892 status
= cli_resolve_path(
893 ctx
, "", context
->internal
->auth_info
,
894 cli
, filename
, &targetcli
, &targetpath
);
895 if (!NT_STATUS_IS_OK(status
)) {
896 DEBUG(5, ("cacl_get Could not resolve %s\n",
902 /* ... then obtain any NT attributes which were requested */
903 status
= cli_ntcreate(targetcli
, targetpath
, 0,
904 CREATE_ACCESS_READ
, 0,
905 FILE_SHARE_READ
|FILE_SHARE_WRITE
,
906 FILE_OPEN
, 0x0, 0x0, &fnum
);
907 if (!NT_STATUS_IS_OK(status
)) {
908 DEBUG(5, ("cacl_get failed to open %s: %s\n",
909 targetpath
, nt_errstr(status
)));
914 status
= cli_query_secdesc(targetcli
, fnum
, ctx
, &sd
);
915 if (!NT_STATUS_IS_OK(status
)) {
916 DEBUG(5,("cacl_get Failed to query old descriptor "
918 targetpath
, nt_errstr(status
)));
923 cli_close(targetcli
, fnum
);
925 if (! exclude_nt_revision
) {
927 if (determine_size
) {
928 p
= talloc_asprintf(ctx
,
937 n
= snprintf(buf
, bufsize
,
941 } else if (strcasecmp_m(name
, "revision") == 0) {
942 if (determine_size
) {
943 p
= talloc_asprintf(ctx
, "%d",
951 n
= snprintf(buf
, bufsize
, "%d",
956 if (!determine_size
&& n
> bufsize
) {
966 if (! exclude_nt_owner
) {
967 /* Get owner and group sid */
969 convert_sid_to_string(ipc_cli
, pol
,
978 if (determine_size
) {
979 p
= talloc_asprintf(ctx
, ",OWNER:%s",
986 } else if (sidstr
[0] != '\0') {
987 n
= snprintf(buf
, bufsize
,
988 ",OWNER:%s", sidstr
);
990 } else if (strncasecmp_m(name
, "owner", 5) == 0) {
991 if (determine_size
) {
992 p
= talloc_asprintf(ctx
, "%s", sidstr
);
999 n
= snprintf(buf
, bufsize
, "%s",
1004 if (!determine_size
&& n
> bufsize
) {
1014 if (! exclude_nt_group
) {
1015 if (sd
->group_sid
) {
1016 convert_sid_to_string(ipc_cli
, pol
,
1020 fstrcpy(sidstr
, "");
1023 if (all
|| all_nt
) {
1024 if (determine_size
) {
1025 p
= talloc_asprintf(ctx
, ",GROUP:%s",
1032 } else if (sidstr
[0] != '\0') {
1033 n
= snprintf(buf
, bufsize
,
1034 ",GROUP:%s", sidstr
);
1036 } else if (strncasecmp_m(name
, "group", 5) == 0) {
1037 if (determine_size
) {
1038 p
= talloc_asprintf(ctx
, "%s", sidstr
);
1045 n
= snprintf(buf
, bufsize
,
1050 if (!determine_size
&& n
> bufsize
) {
1060 if (! exclude_nt_acl
) {
1061 /* Add aces to value buffer */
1062 for (i
= 0; sd
->dacl
&& i
< sd
->dacl
->num_aces
; i
++) {
1064 struct security_ace
*ace
= &sd
->dacl
->aces
[i
];
1065 convert_sid_to_string(ipc_cli
, pol
,
1069 if (all
|| all_nt
) {
1070 if (determine_size
) {
1071 p
= talloc_asprintf(
1087 ",ACL:%s:%d/%d/0x%08x",
1093 } else if ((strncasecmp_m(name
, "acl", 3) == 0 &&
1094 strcasecmp_m(name
+3, sidstr
) == 0) ||
1095 (strncasecmp_m(name
, "acl+", 4) == 0 &&
1096 strcasecmp_m(name
+4, sidstr
) == 0)) {
1097 if (determine_size
) {
1098 p
= talloc_asprintf(
1110 n
= snprintf(buf
, bufsize
,
1116 } else if (all_nt_acls
) {
1117 if (determine_size
) {
1118 p
= talloc_asprintf(
1120 "%s%s:%d/%d/0x%08x",
1132 n
= snprintf(buf
, bufsize
,
1133 "%s%s:%d/%d/0x%08x",
1141 if (!determine_size
&& n
> bufsize
) {
1152 /* Restore name pointer to its original value */
1156 if (all
|| some_dos
) {
1157 /* Point to the portion after "system.dos_attr." */
1158 name
+= 16; /* if (all) this will be invalid but unused */
1160 /* Obtain the DOS attributes */
1161 if (!SMBC_getatr(context
, srv
, filename
, &mode
, &size
,
1168 errno
= SMBC_errno(context
, srv
->cli
);
1172 create_time
= convert_timespec_to_time_t(create_time_ts
);
1173 access_time
= convert_timespec_to_time_t(access_time_ts
);
1174 write_time
= convert_timespec_to_time_t(write_time_ts
);
1175 change_time
= convert_timespec_to_time_t(change_time_ts
);
1177 if (! exclude_dos_mode
) {
1178 if (all
|| all_dos
) {
1179 if (determine_size
) {
1180 p
= talloc_asprintf(ctx
,
1193 n
= snprintf(buf
, bufsize
,
1201 } else if (strcasecmp_m(name
, "mode") == 0) {
1202 if (determine_size
) {
1203 p
= talloc_asprintf(ctx
, "0x%x", mode
);
1210 n
= snprintf(buf
, bufsize
,
1215 if (!determine_size
&& n
> bufsize
) {
1225 if (! exclude_dos_size
) {
1226 if (all
|| all_dos
) {
1227 if (determine_size
) {
1228 p
= talloc_asprintf(
1238 n
= snprintf(buf
, bufsize
,
1242 } else if (strcasecmp_m(name
, "size") == 0) {
1243 if (determine_size
) {
1244 p
= talloc_asprintf(
1254 n
= snprintf(buf
, bufsize
,
1260 if (!determine_size
&& n
> bufsize
) {
1270 if (! exclude_dos_create_time
&&
1271 attr_strings
.create_time_attr
!= NULL
) {
1272 if (all
|| all_dos
) {
1273 if (determine_size
) {
1274 p
= talloc_asprintf(ctx
,
1276 attr_strings
.create_time_attr
,
1277 (unsigned long) create_time
);
1284 n
= snprintf(buf
, bufsize
,
1286 attr_strings
.create_time_attr
,
1287 (unsigned long) create_time
);
1289 } else if (strcasecmp_m(name
, attr_strings
.create_time_attr
) == 0) {
1290 if (determine_size
) {
1291 p
= talloc_asprintf(ctx
, "%lu", (unsigned long) create_time
);
1298 n
= snprintf(buf
, bufsize
,
1299 "%lu", (unsigned long) create_time
);
1303 if (!determine_size
&& n
> bufsize
) {
1313 if (! exclude_dos_access_time
) {
1314 if (all
|| all_dos
) {
1315 if (determine_size
) {
1316 p
= talloc_asprintf(ctx
,
1318 attr_strings
.access_time_attr
,
1319 (unsigned long) access_time
);
1326 n
= snprintf(buf
, bufsize
,
1328 attr_strings
.access_time_attr
,
1329 (unsigned long) access_time
);
1331 } else if (strcasecmp_m(name
, attr_strings
.access_time_attr
) == 0) {
1332 if (determine_size
) {
1333 p
= talloc_asprintf(ctx
, "%lu", (unsigned long) access_time
);
1340 n
= snprintf(buf
, bufsize
,
1341 "%lu", (unsigned long) access_time
);
1345 if (!determine_size
&& n
> bufsize
) {
1355 if (! exclude_dos_write_time
) {
1356 if (all
|| all_dos
) {
1357 if (determine_size
) {
1358 p
= talloc_asprintf(ctx
,
1360 attr_strings
.write_time_attr
,
1361 (unsigned long) write_time
);
1368 n
= snprintf(buf
, bufsize
,
1370 attr_strings
.write_time_attr
,
1371 (unsigned long) write_time
);
1373 } else if (strcasecmp_m(name
, attr_strings
.write_time_attr
) == 0) {
1374 if (determine_size
) {
1375 p
= talloc_asprintf(ctx
, "%lu", (unsigned long) write_time
);
1382 n
= snprintf(buf
, bufsize
,
1383 "%lu", (unsigned long) write_time
);
1387 if (!determine_size
&& n
> bufsize
) {
1397 if (! exclude_dos_change_time
) {
1398 if (all
|| all_dos
) {
1399 if (determine_size
) {
1400 p
= talloc_asprintf(ctx
,
1402 attr_strings
.change_time_attr
,
1403 (unsigned long) change_time
);
1410 n
= snprintf(buf
, bufsize
,
1412 attr_strings
.change_time_attr
,
1413 (unsigned long) change_time
);
1415 } else if (strcasecmp_m(name
, attr_strings
.change_time_attr
) == 0) {
1416 if (determine_size
) {
1417 p
= talloc_asprintf(ctx
, "%lu", (unsigned long) change_time
);
1424 n
= snprintf(buf
, bufsize
,
1425 "%lu", (unsigned long) change_time
);
1429 if (!determine_size
&& n
> bufsize
) {
1439 if (! exclude_dos_inode
) {
1440 if (all
|| all_dos
) {
1441 if (determine_size
) {
1442 p
= talloc_asprintf(
1452 n
= snprintf(buf
, bufsize
,
1456 } else if (strcasecmp_m(name
, "inode") == 0) {
1457 if (determine_size
) {
1458 p
= talloc_asprintf(
1468 n
= snprintf(buf
, bufsize
,
1474 if (!determine_size
&& n
> bufsize
) {
1484 /* Restore name pointer to its original value */
1496 /*****************************************************
1497 set the ACLs on a file given an ascii description
1498 *******************************************************/
1500 cacl_set(SMBCCTX
*context
,
1502 struct cli_state
*cli
,
1503 struct cli_state
*ipc_cli
,
1504 struct policy_handle
*pol
,
1505 const char *filename
,
1510 uint16_t fnum
= (uint16_t)-1;
1512 struct security_descriptor
*sd
= NULL
, *old
;
1513 struct security_acl
*dacl
= NULL
;
1514 struct dom_sid
*owner_sid
= NULL
;
1515 struct dom_sid
*group_sid
= NULL
;
1520 bool numeric
= True
;
1521 char *targetpath
= NULL
;
1522 struct cli_state
*targetcli
= NULL
;
1525 /* the_acl will be null for REMOVE_ALL operations */
1527 numeric
= ((p
= strchr(the_acl
, ':')) != NULL
&&
1531 /* if this is to set the entire ACL... */
1532 if (*the_acl
== '*') {
1533 /* ... then increment past the first colon */
1537 sd
= sec_desc_parse(ctx
, ipc_cli
, pol
, numeric
, the_acl
);
1544 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1545 that doesn't deref sd */
1547 if (!sd
&& (mode
!= SMBC_XATTR_MODE_REMOVE_ALL
)) {
1552 status
= cli_resolve_path(ctx
, "", context
->internal
->auth_info
,
1553 cli
, filename
, &targetcli
, &targetpath
);
1554 if (!NT_STATUS_IS_OK(status
)) {
1555 DEBUG(5,("cacl_set: Could not resolve %s\n", filename
));
1560 /* The desired access below is the only one I could find that works
1561 with NT4, W2KP and Samba */
1563 status
= cli_ntcreate(targetcli
, targetpath
, 0, CREATE_ACCESS_READ
, 0,
1564 FILE_SHARE_READ
|FILE_SHARE_WRITE
, FILE_OPEN
,
1566 if (!NT_STATUS_IS_OK(status
)) {
1567 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1568 targetpath
, nt_errstr(status
)));
1573 status
= cli_query_secdesc(targetcli
, fnum
, ctx
, &old
);
1574 if (!NT_STATUS_IS_OK(status
)) {
1575 DEBUG(5,("cacl_set Failed to query old descriptor of %s: %s\n",
1576 targetpath
, nt_errstr(status
)));
1581 cli_close(targetcli
, fnum
);
1584 case SMBC_XATTR_MODE_REMOVE_ALL
:
1585 old
->dacl
->num_aces
= 0;
1589 case SMBC_XATTR_MODE_REMOVE
:
1590 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1593 for (j
=0;old
->dacl
&& j
<old
->dacl
->num_aces
;j
++) {
1594 if (sec_ace_equal(&sd
->dacl
->aces
[i
],
1595 &old
->dacl
->aces
[j
])) {
1597 for (k
=j
; k
<old
->dacl
->num_aces
-1;k
++) {
1598 old
->dacl
->aces
[k
] =
1599 old
->dacl
->aces
[k
+1];
1601 old
->dacl
->num_aces
--;
1616 case SMBC_XATTR_MODE_ADD
:
1617 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1620 for (j
=0;old
->dacl
&& j
<old
->dacl
->num_aces
;j
++) {
1621 if (dom_sid_equal(&sd
->dacl
->aces
[i
].trustee
,
1622 &old
->dacl
->aces
[j
].trustee
)) {
1623 if (!(flags
& SMBC_XATTR_FLAG_CREATE
)) {
1628 old
->dacl
->aces
[j
] = sd
->dacl
->aces
[i
];
1634 if (!found
&& (flags
& SMBC_XATTR_FLAG_REPLACE
)) {
1640 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1641 add_ace(&old
->dacl
, &sd
->dacl
->aces
[i
], ctx
);
1647 case SMBC_XATTR_MODE_SET
:
1649 owner_sid
= old
->owner_sid
;
1650 group_sid
= old
->group_sid
;
1654 case SMBC_XATTR_MODE_CHOWN
:
1655 owner_sid
= sd
->owner_sid
;
1658 case SMBC_XATTR_MODE_CHGRP
:
1659 group_sid
= sd
->group_sid
;
1663 /* Denied ACE entries must come before allowed ones */
1664 sort_acl(old
->dacl
);
1666 /* Create new security descriptor and set it */
1667 sd
= make_sec_desc(ctx
, old
->revision
, SEC_DESC_SELF_RELATIVE
,
1668 owner_sid
, group_sid
, NULL
, dacl
, &sd_size
);
1670 status
= cli_ntcreate(targetcli
, targetpath
, 0,
1671 WRITE_DAC_ACCESS
| WRITE_OWNER_ACCESS
, 0,
1672 FILE_SHARE_READ
|FILE_SHARE_WRITE
, FILE_OPEN
,
1674 if (!NT_STATUS_IS_OK(status
)) {
1675 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1676 targetpath
, nt_errstr(status
)));
1681 status
= cli_set_secdesc(targetcli
, fnum
, sd
);
1682 if (!NT_STATUS_IS_OK(status
)) {
1683 DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1684 nt_errstr(status
)));
1691 cli_close(targetcli
, fnum
);
1702 SMBC_setxattr_ctx(SMBCCTX
*context
,
1711 SMBCSRV
*srv
= NULL
;
1712 SMBCSRV
*ipc_srv
= NULL
;
1713 char *server
= NULL
;
1716 char *password
= NULL
;
1717 char *workgroup
= NULL
;
1719 DOS_ATTR_DESC
*dad
= NULL
;
1721 const char * create_time_attr
;
1722 const char * access_time_attr
;
1723 const char * write_time_attr
;
1724 const char * change_time_attr
;
1726 TALLOC_CTX
*frame
= talloc_stackframe();
1728 if (!context
|| !context
->internal
->initialized
) {
1729 errno
= EINVAL
; /* Best I can think of ... */
1740 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1741 fname
, name
, (int) size
, (const char*)value
));
1743 if (SMBC_parse_path(frame
,
1758 if (!user
|| user
[0] == (char)0) {
1759 user
= talloc_strdup(frame
, smbc_getUser(context
));
1767 srv
= SMBC_server(frame
, context
, True
,
1768 server
, share
, &workgroup
, &user
, &password
);
1771 return -1; /* errno set by SMBC_server */
1774 if (! srv
->no_nt_session
) {
1775 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
1776 &workgroup
, &user
, &password
);
1778 srv
->no_nt_session
= True
;
1785 * Are they asking to set the entire set of known attributes?
1787 if (strcasecmp_m(name
, "system.*") == 0 ||
1788 strcasecmp_m(name
, "system.*+") == 0) {
1791 talloc_asprintf(talloc_tos(), "%s:%s",
1792 name
+7, (const char *) value
);
1801 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
1802 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1805 ? SMBC_XATTR_MODE_SET
1806 : SMBC_XATTR_MODE_ADD
),
1812 /* get a DOS Attribute Descriptor with current attributes */
1813 dad
= dos_attr_query(context
, talloc_tos(), path
, srv
);
1815 /* Overwrite old with new, using what was provided */
1816 dos_attr_parse(context
, dad
, srv
, namevalue
);
1818 /* Set the new DOS attributes */
1819 if (! SMBC_setatr(context
, srv
, path
,
1826 /* cause failure if NT failed too */
1831 /* we only fail if both NT and DOS sets failed */
1832 if (ret
< 0 && ! dad
) {
1833 ret
= -1; /* in case dad was null */
1844 * Are they asking to set an access control element or to set
1845 * the entire access control list?
1847 if (strcasecmp_m(name
, "system.nt_sec_desc.*") == 0 ||
1848 strcasecmp_m(name
, "system.nt_sec_desc.*+") == 0 ||
1849 strcasecmp_m(name
, "system.nt_sec_desc.revision") == 0 ||
1850 strncasecmp_m(name
, "system.nt_sec_desc.acl", 22) == 0 ||
1851 strncasecmp_m(name
, "system.nt_sec_desc.acl+", 23) == 0) {
1855 talloc_asprintf(talloc_tos(), "%s:%s",
1856 name
+19, (const char *) value
);
1859 ret
= -1; /* errno set by SMBC_server() */
1861 else if (! namevalue
) {
1865 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
1866 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1869 ? SMBC_XATTR_MODE_SET
1870 : SMBC_XATTR_MODE_ADD
),
1878 * Are they asking to set the owner?
1880 if (strcasecmp_m(name
, "system.nt_sec_desc.owner") == 0 ||
1881 strcasecmp_m(name
, "system.nt_sec_desc.owner+") == 0) {
1885 talloc_asprintf(talloc_tos(), "%s:%s",
1886 name
+19, (const char *) value
);
1889 ret
= -1; /* errno set by SMBC_server() */
1891 else if (! namevalue
) {
1895 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
1896 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1897 namevalue
, SMBC_XATTR_MODE_CHOWN
, 0);
1904 * Are they asking to set the group?
1906 if (strcasecmp_m(name
, "system.nt_sec_desc.group") == 0 ||
1907 strcasecmp_m(name
, "system.nt_sec_desc.group+") == 0) {
1911 talloc_asprintf(talloc_tos(), "%s:%s",
1912 name
+19, (const char *) value
);
1915 /* errno set by SMBC_server() */
1918 else if (! namevalue
) {
1922 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
1923 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1924 namevalue
, SMBC_XATTR_MODE_CHGRP
, 0);
1930 /* Determine whether to use old-style or new-style attribute names */
1931 if (context
->internal
->full_time_names
) {
1932 /* new-style names */
1933 attr_strings
.create_time_attr
= "system.dos_attr.CREATE_TIME";
1934 attr_strings
.access_time_attr
= "system.dos_attr.ACCESS_TIME";
1935 attr_strings
.write_time_attr
= "system.dos_attr.WRITE_TIME";
1936 attr_strings
.change_time_attr
= "system.dos_attr.CHANGE_TIME";
1938 /* old-style names */
1939 attr_strings
.create_time_attr
= NULL
;
1940 attr_strings
.access_time_attr
= "system.dos_attr.A_TIME";
1941 attr_strings
.write_time_attr
= "system.dos_attr.M_TIME";
1942 attr_strings
.change_time_attr
= "system.dos_attr.C_TIME";
1946 * Are they asking to set a DOS attribute?
1948 if (strcasecmp_m(name
, "system.dos_attr.*") == 0 ||
1949 strcasecmp_m(name
, "system.dos_attr.mode") == 0 ||
1950 (attr_strings
.create_time_attr
!= NULL
&&
1951 strcasecmp_m(name
, attr_strings
.create_time_attr
) == 0) ||
1952 strcasecmp_m(name
, attr_strings
.access_time_attr
) == 0 ||
1953 strcasecmp_m(name
, attr_strings
.write_time_attr
) == 0 ||
1954 strcasecmp_m(name
, attr_strings
.change_time_attr
) == 0) {
1956 /* get a DOS Attribute Descriptor with current attributes */
1957 dad
= dos_attr_query(context
, talloc_tos(), path
, srv
);
1960 talloc_asprintf(talloc_tos(), "%s:%s",
1961 name
+16, (const char *) value
);
1966 /* Overwrite old with provided new params */
1967 dos_attr_parse(context
, dad
, srv
, namevalue
);
1969 /* Set the new DOS attributes */
1970 ret2
= SMBC_setatr(context
, srv
, path
,
1977 /* ret2 has True (success) / False (failure) */
1992 /* Unsupported attribute name */
1999 SMBC_getxattr_ctx(SMBCCTX
*context
,
2006 SMBCSRV
*srv
= NULL
;
2007 SMBCSRV
*ipc_srv
= NULL
;
2008 char *server
= NULL
;
2011 char *password
= NULL
;
2012 char *workgroup
= NULL
;
2015 const char * create_time_attr
;
2016 const char * access_time_attr
;
2017 const char * write_time_attr
;
2018 const char * change_time_attr
;
2020 TALLOC_CTX
*frame
= talloc_stackframe();
2022 if (!context
|| !context
->internal
->initialized
) {
2023 errno
= EINVAL
; /* Best I can think of ... */
2034 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname
, name
));
2036 if (SMBC_parse_path(frame
,
2051 if (!user
|| user
[0] == (char)0) {
2052 user
= talloc_strdup(frame
, smbc_getUser(context
));
2060 srv
= SMBC_server(frame
, context
, True
,
2061 server
, share
, &workgroup
, &user
, &password
);
2064 return -1; /* errno set by SMBC_server */
2067 if (! srv
->no_nt_session
) {
2068 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
2069 &workgroup
, &user
, &password
);
2071 srv
->no_nt_session
= True
;
2077 /* Determine whether to use old-style or new-style attribute names */
2078 if (context
->internal
->full_time_names
) {
2079 /* new-style names */
2080 attr_strings
.create_time_attr
= "system.dos_attr.CREATE_TIME";
2081 attr_strings
.access_time_attr
= "system.dos_attr.ACCESS_TIME";
2082 attr_strings
.write_time_attr
= "system.dos_attr.WRITE_TIME";
2083 attr_strings
.change_time_attr
= "system.dos_attr.CHANGE_TIME";
2085 /* old-style names */
2086 attr_strings
.create_time_attr
= NULL
;
2087 attr_strings
.access_time_attr
= "system.dos_attr.A_TIME";
2088 attr_strings
.write_time_attr
= "system.dos_attr.M_TIME";
2089 attr_strings
.change_time_attr
= "system.dos_attr.C_TIME";
2092 /* Are they requesting a supported attribute? */
2093 if (strcasecmp_m(name
, "system.*") == 0 ||
2094 strncasecmp_m(name
, "system.*!", 9) == 0 ||
2095 strcasecmp_m(name
, "system.*+") == 0 ||
2096 strncasecmp_m(name
, "system.*+!", 10) == 0 ||
2097 strcasecmp_m(name
, "system.nt_sec_desc.*") == 0 ||
2098 strncasecmp_m(name
, "system.nt_sec_desc.*!", 21) == 0 ||
2099 strcasecmp_m(name
, "system.nt_sec_desc.*+") == 0 ||
2100 strncasecmp_m(name
, "system.nt_sec_desc.*+!", 22) == 0 ||
2101 strcasecmp_m(name
, "system.nt_sec_desc.revision") == 0 ||
2102 strcasecmp_m(name
, "system.nt_sec_desc.owner") == 0 ||
2103 strcasecmp_m(name
, "system.nt_sec_desc.owner+") == 0 ||
2104 strcasecmp_m(name
, "system.nt_sec_desc.group") == 0 ||
2105 strcasecmp_m(name
, "system.nt_sec_desc.group+") == 0 ||
2106 strncasecmp_m(name
, "system.nt_sec_desc.acl", 22) == 0 ||
2107 strncasecmp_m(name
, "system.nt_sec_desc.acl+", 23) == 0 ||
2108 strcasecmp_m(name
, "system.dos_attr.*") == 0 ||
2109 strncasecmp_m(name
, "system.dos_attr.*!", 18) == 0 ||
2110 strcasecmp_m(name
, "system.dos_attr.mode") == 0 ||
2111 strcasecmp_m(name
, "system.dos_attr.size") == 0 ||
2112 (attr_strings
.create_time_attr
!= NULL
&&
2113 strcasecmp_m(name
, attr_strings
.create_time_attr
) == 0) ||
2114 strcasecmp_m(name
, attr_strings
.access_time_attr
) == 0 ||
2115 strcasecmp_m(name
, attr_strings
.write_time_attr
) == 0 ||
2116 strcasecmp_m(name
, attr_strings
.change_time_attr
) == 0 ||
2117 strcasecmp_m(name
, "system.dos_attr.inode") == 0) {
2120 const char *filename
= name
;
2121 ret
= cacl_get(context
, talloc_tos(), srv
,
2122 ipc_srv
== NULL
? NULL
: ipc_srv
->cli
,
2123 &ipc_srv
->pol
, path
,
2125 discard_const_p(char, value
),
2127 if (ret
< 0 && errno
== 0) {
2128 errno
= SMBC_errno(context
, srv
->cli
);
2134 /* Unsupported attribute name */
2142 SMBC_removexattr_ctx(SMBCCTX
*context
,
2147 SMBCSRV
*srv
= NULL
;
2148 SMBCSRV
*ipc_srv
= NULL
;
2149 char *server
= NULL
;
2152 char *password
= NULL
;
2153 char *workgroup
= NULL
;
2155 TALLOC_CTX
*frame
= talloc_stackframe();
2157 if (!context
|| !context
->internal
->initialized
) {
2158 errno
= EINVAL
; /* Best I can think of ... */
2169 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname
, name
));
2171 if (SMBC_parse_path(frame
,
2186 if (!user
|| user
[0] == (char)0) {
2187 user
= talloc_strdup(frame
, smbc_getUser(context
));
2195 srv
= SMBC_server(frame
, context
, True
,
2196 server
, share
, &workgroup
, &user
, &password
);
2199 return -1; /* errno set by SMBC_server */
2202 if (! srv
->no_nt_session
) {
2203 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
2204 &workgroup
, &user
, &password
);
2206 srv
->no_nt_session
= True
;
2214 return -1; /* errno set by SMBC_attr_server */
2217 /* Are they asking to set the entire ACL? */
2218 if (strcasecmp_m(name
, "system.nt_sec_desc.*") == 0 ||
2219 strcasecmp_m(name
, "system.nt_sec_desc.*+") == 0) {
2222 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
2223 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
2224 NULL
, SMBC_XATTR_MODE_REMOVE_ALL
, 0);
2230 * Are they asking to remove one or more spceific security descriptor
2233 if (strcasecmp_m(name
, "system.nt_sec_desc.revision") == 0 ||
2234 strcasecmp_m(name
, "system.nt_sec_desc.owner") == 0 ||
2235 strcasecmp_m(name
, "system.nt_sec_desc.owner+") == 0 ||
2236 strcasecmp_m(name
, "system.nt_sec_desc.group") == 0 ||
2237 strcasecmp_m(name
, "system.nt_sec_desc.group+") == 0 ||
2238 strncasecmp_m(name
, "system.nt_sec_desc.acl", 22) == 0 ||
2239 strncasecmp_m(name
, "system.nt_sec_desc.acl+", 23) == 0) {
2242 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
2243 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
2244 discard_const_p(char, name
) + 19,
2245 SMBC_XATTR_MODE_REMOVE
, 0);
2250 /* Unsupported attribute name */
2257 SMBC_listxattr_ctx(SMBCCTX
*context
,
2263 * This isn't quite what listxattr() is supposed to do. This returns
2264 * the complete set of attribute names, always, rather than only those
2265 * attribute names which actually exist for a file. Hmmm...
2268 const char supported_old
[] =
2271 "system.nt_sec_desc.revision\0"
2272 "system.nt_sec_desc.owner\0"
2273 "system.nt_sec_desc.owner+\0"
2274 "system.nt_sec_desc.group\0"
2275 "system.nt_sec_desc.group+\0"
2276 "system.nt_sec_desc.acl.*\0"
2277 "system.nt_sec_desc.acl\0"
2278 "system.nt_sec_desc.acl+\0"
2279 "system.nt_sec_desc.*\0"
2280 "system.nt_sec_desc.*+\0"
2281 "system.dos_attr.*\0"
2282 "system.dos_attr.mode\0"
2283 "system.dos_attr.c_time\0"
2284 "system.dos_attr.a_time\0"
2285 "system.dos_attr.m_time\0"
2287 const char supported_new
[] =
2290 "system.nt_sec_desc.revision\0"
2291 "system.nt_sec_desc.owner\0"
2292 "system.nt_sec_desc.owner+\0"
2293 "system.nt_sec_desc.group\0"
2294 "system.nt_sec_desc.group+\0"
2295 "system.nt_sec_desc.acl.*\0"
2296 "system.nt_sec_desc.acl\0"
2297 "system.nt_sec_desc.acl+\0"
2298 "system.nt_sec_desc.*\0"
2299 "system.nt_sec_desc.*+\0"
2300 "system.dos_attr.*\0"
2301 "system.dos_attr.mode\0"
2302 "system.dos_attr.create_time\0"
2303 "system.dos_attr.access_time\0"
2304 "system.dos_attr.write_time\0"
2305 "system.dos_attr.change_time\0"
2307 const char * supported
;
2309 if (context
->internal
->full_time_names
) {
2310 supported
= supported_new
;
2311 retsize
= sizeof(supported_new
);
2313 supported
= supported_old
;
2314 retsize
= sizeof(supported_old
);
2321 if (retsize
> size
) {
2326 /* this can't be strcpy() because there are embedded null characters */
2327 memcpy(list
, supported
, retsize
);