search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fixed error check which caused domain logons to fail
[Samba.git] / source / utils / smbcacls.c
blob09c61ff28d3536a46afd5bc001f9b979722063e9
1 /*
2 Unix SMB/Netbios implementation.
3 ACL get/set utility
4 Version 3.0
5
6 Copyright (C) Andrew Tridgell 2000
7 Copyright (C) Tim Potter 2000
8 Copyright (C) Jeremy Allison 2000
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 #include "includes.h"
26
27 static fstring password;
28 static pstring username;
29 static pstring owner_username;
30 static fstring server;
31 static int got_pass;
32 static int test_args;
33 TALLOC_CTX *ctx;
34
35 #define CREATE_ACCESS_READ READ_CONTROL_ACCESS
36 #define CREATE_ACCESS_WRITE (WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS)
37
38 /* numeric is set when the user wants numeric SIDs and ACEs rather
39 than going via LSA calls to resolve them */
40 static int numeric;
41
42 enum acl_mode {SMB_ACL_SET, SMB_ACL_DELETE, SMB_ACL_MODIFY, SMB_ACL_ADD };
43 enum chown_mode {REQUEST_NONE, REQUEST_CHOWN, REQUEST_CHGRP};
44 enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR};
45
46 struct perm_value {
47 char *perm;
48 uint32 mask;
49 };
50
51 /* These values discovered by inspection */
52
53 static struct perm_value special_values[] = {
54 { "R", 0x00120089 },
55 { "W", 0x00120116 },
56 { "X", 0x001200a0 },
57 { "D", 0x00010000 },
58 { "P", 0x00040000 },
59 { "O", 0x00080000 },
60 { NULL, 0 },
61 };
62
63 static struct perm_value standard_values[] = {
64 { "READ", 0x001200a9 },
65 { "CHANGE", 0x001301bf },
66 { "FULL", 0x001f01ff },
67 { NULL, 0 },
68 };
69
70 struct cli_state lsa_cli;
71 POLICY_HND pol;
72 struct ntuser_creds creds;
73 BOOL got_policy_hnd;
74
75 /* Open cli connection and policy handle */
76
77 static BOOL cacls_open_policy_hnd(void)
78 {
79 creds.pwd.null_pwd = 1;
80
81 /* Initialise cli LSA connection */
82
83 if (!lsa_cli.initialised &&
84 !cli_lsa_initialise(&lsa_cli, server, &creds)) {
85 return False;
86 }
87
88 /* Open policy handle */
89
90 if (!got_policy_hnd) {
91
92 /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
93 but NT sends 0x2000000 so we might as well do it too. */
94
95 if (!NT_STATUS_IS_OK(cli_lsa_open_policy(&lsa_cli, lsa_cli.mem_ctx, True,
96 GENERIC_EXECUTE_ACCESS, &pol))) {
97 return False;
98 }
99
100 got_policy_hnd = True;
101 }
102
103 return True;
104 }
105
106 /* convert a SID to a string, either numeric or username/group */
107 static void SidToString(fstring str, DOM_SID *sid)
108 {
109 char **names = NULL;
110 uint32 *types = NULL;
111 int num_names;
112
113 sid_to_string(str, sid);
114
115 if (numeric) return;
116
117 /* Ask LSA to convert the sid to a name */
118
119 if (!cacls_open_policy_hnd() ||
120 !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, sid, &names, &types,
121 &num_names)) ||
122 !names || !names[0]) {
123 return;
124 }
125
126 /* Converted OK */
127
128 fstrcpy(str, names[0]);
129 }
130
131 /* convert a string to a SID, either numeric or username/group */
132 static BOOL StringToSid(DOM_SID *sid, char *str)
133 {
134 uint32 *types = NULL;
135 DOM_SID *sids = NULL;
136 int num_sids;
137 BOOL result = True;
138
139 if (strncmp(str, "S-", 2) == 0) {
140 return string_to_sid(sid, str);
141 }
142
143 if (!cacls_open_policy_hnd() ||
144 !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, &str, &sids, &types,
145 &num_sids))) {
146 result = False;
147 goto done;
148 }
149
150 sid_copy(sid, &sids[0]);
151
152 done:
153
154 return result;
155 }
156
157
158 /* print an ACE on a FILE, using either numeric or ascii representation */
159 static void print_ace(FILE *f, SEC_ACE *ace)
160 {
161 struct perm_value *v;
162 fstring sidstr;
163 int do_print = 0;
164 uint32 got_mask;
165
166 SidToString(sidstr, &ace->trustee);
167
168 fprintf(f, "%s:", sidstr);
169
170 if (numeric) {
171 fprintf(f, "%d/%d/0x%08x",
172 ace->type, ace->flags, ace->info.mask);
173 return;
174 }
175
176 /* Ace type */
177
178 if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
179 fprintf(f, "ALLOWED");
180 } else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
181 fprintf(f, "DENIED");
182 } else {
183 fprintf(f, "%d", ace->type);
184 }
185
186 /* Not sure what flags can be set in a file ACL */
187
188 fprintf(f, "/%d/", ace->flags);
189
190 /* Standard permissions */
191
192 for (v = standard_values; v->perm; v++) {
193 if (ace->info.mask == v->mask) {
194 fprintf(f, "%s", v->perm);
195 return;
196 }
197 }
198
199 /* Special permissions. Print out a hex value if we have
200 leftover bits in the mask. */
201
202 got_mask = ace->info.mask;
203
204 again:
205 for (v = special_values; v->perm; v++) {
206 if ((ace->info.mask & v->mask) == v->mask) {
207 if (do_print) {
208 fprintf(f, "%s", v->perm);
209 }
210 got_mask &= ~v->mask;
211 }
212 }
213
214 if (!do_print) {
215 if (got_mask != 0) {
216 fprintf(f, "0x%08x", ace->info.mask);
217 } else {
218 do_print = 1;
219 goto again;
220 }
221 }
222 }
223
224
225 /* parse an ACE in the same format as print_ace() */
226 static BOOL parse_ace(SEC_ACE *ace, char *str)
227 {
228 char *p;
229 fstring tok;
230 unsigned atype, aflags, amask;
231 DOM_SID sid;
232 SEC_ACCESS mask;
233 struct perm_value *v;
234
235 ZERO_STRUCTP(ace);
236 p = strchr(str,':');
237 if (!p) return False;
238 *p = '\0';
239 p++;
240
241 /* Try to parse numeric form */
242
243 if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
244 StringToSid(&sid, str)) {
245 goto done;
246 }
247
248 /* Try to parse text form */
249
250 if (!StringToSid(&sid, str)) {
251 return False;
252 }
253
254 if (!next_token(&p, tok, "/", sizeof(fstring))) {
255 return False;
256 }
257
258 if (strncmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
259 atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
260 } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) {
261 atype = SEC_ACE_TYPE_ACCESS_DENIED;
262 } else {
263 return False;
264 }
265
266 /* Only numeric form accepted for flags at present */
267
268 if (!(next_token(NULL, tok, "/", sizeof(fstring)) &&
269 sscanf(tok, "%i", &aflags))) {
270 return False;
271 }
272
273 if (!next_token(NULL, tok, "/", sizeof(fstring))) {
274 return False;
275 }
276
277 if (strncmp(tok, "0x", 2) == 0) {
278 if (sscanf(tok, "%i", &amask) != 1) {
279 return False;
280 }
281 goto done;
282 }
283
284 for (v = standard_values; v->perm; v++) {
285 if (strcmp(tok, v->perm) == 0) {
286 amask = v->mask;
287 goto done;
288 }
289 }
290
291 p = tok;
292
293 while(*p) {
294 BOOL found = False;
295
296 for (v = special_values; v->perm; v++) {
297 if (v->perm[0] == *p) {
298 amask |= v->mask;
299 found = True;
300 }
301 }
302
303 if (!found) return False;
304 p++;
305 }
306
307 if (*p) {
308 return False;
309 }
310
311 done:
312 mask.mask = amask;
313 init_sec_ace(ace, &sid, atype, mask, aflags);
314 return True;
315 }
316
317 /* add an ACE to a list of ACEs in a SEC_ACL */
318 static BOOL add_ace(SEC_ACL **the_acl, SEC_ACE *ace)
319 {
320 SEC_ACL *new;
321 SEC_ACE *aces;
322 if (! *the_acl) {
323 (*the_acl) = make_sec_acl(ctx, 3, 1, ace);
324 return True;
325 }
326
327 aces = calloc(1+(*the_acl)->num_aces,sizeof(SEC_ACE));
328 memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
329 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
330 new = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces);
331 free(aces);
332 (*the_acl) = new;
333 return True;
334 }
335
336 /* parse a ascii version of a security descriptor */
337 static SEC_DESC *sec_desc_parse(char *str)
338 {
339 char *p = str;
340 fstring tok;
341 SEC_DESC *ret;
342 size_t sd_size;
343 DOM_SID *grp_sid=NULL, *owner_sid=NULL;
344 SEC_ACL *dacl=NULL;
345 int revision=1;
346
347 while (next_token(&p, tok, "\t,\r\n", sizeof(tok))) {
348
349 if (strncmp(tok,"REVISION:", 9) == 0) {
350 revision = strtol(tok+9, NULL, 16);
351 continue;
352 }
353
354 if (strncmp(tok,"OWNER:", 6) == 0) {
355 owner_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
356 if (!owner_sid ||
357 !StringToSid(owner_sid, tok+6)) {
358 printf("Failed to parse owner sid\n");
359 return NULL;
360 }
361 continue;
362 }
363
364 if (strncmp(tok,"GROUP:", 6) == 0) {
365 grp_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
366 if (!grp_sid ||
367 !StringToSid(grp_sid, tok+6)) {
368 printf("Failed to parse group sid\n");
369 return NULL;
370 }
371 continue;
372 }
373
374 if (strncmp(tok,"ACL:", 4) == 0) {
375 SEC_ACE ace;
376 if (!parse_ace(&ace, tok+4)) {
377 printf("Failed to parse ACL %s\n", tok);
378 return NULL;
379 }
380 if(!add_ace(&dacl, &ace)) {
381 printf("Failed to add ACL %s\n", tok);
382 return NULL;
383 }
384 continue;
385 }
386
387 printf("Failed to parse security descriptor\n");
388 return NULL;
389 }
390
391 ret = make_sec_desc(ctx,revision, owner_sid, grp_sid,
392 NULL, dacl, &sd_size);
393
394 if (grp_sid) free(grp_sid);
395 if (owner_sid) free(owner_sid);
396
397 return ret;
398 }
399
400
401 /* print a ascii version of a security descriptor on a FILE handle */
402 static void sec_desc_print(FILE *f, SEC_DESC *sd)
403 {
404 fstring sidstr;
405 int i;
406
407 printf("REVISION:%d\n", sd->revision);
408
409 /* Print owner and group sid */
410
411 if (sd->owner_sid) {
412 SidToString(sidstr, sd->owner_sid);
413 } else {
414 fstrcpy(sidstr, "");
415 }
416
417 printf("OWNER:%s\n", sidstr);
418
419 if (sd->grp_sid) {
420 SidToString(sidstr, sd->grp_sid);
421 } else {
422 fstrcpy(sidstr, "");
423 }
424
425 fprintf(f, "GROUP:%s\n", sidstr);
426
427 /* Print aces */
428 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
429 SEC_ACE *ace = &sd->dacl->ace[i];
430 fprintf(f, "ACL:");
431 print_ace(f, ace);
432 fprintf(f, "\n");
433 }
434
435 }
436
437 /*****************************************************
438 dump the acls for a file
439 *******************************************************/
440 static int cacl_dump(struct cli_state *cli, char *filename)
441 {
442 int fnum;
443 SEC_DESC *sd;
444
445 if (test_args) return EXIT_OK;
446
447 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
448 if (fnum == -1) {
449 printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
450 return EXIT_FAILED;
451 }
452
453 sd = cli_query_secdesc(cli, fnum, ctx);
454
455 if (!sd) {
456 printf("ERROR: secdesc query failed: %s\n", cli_errstr(cli));
457 return EXIT_FAILED;
458 }
459
460 sec_desc_print(stdout, sd);
461
462 cli_close(cli, fnum);
463
464 return EXIT_OK;
465 }
466
467 /*****************************************************
468 Change the ownership or group ownership of a file. Just
469 because the NT docs say this can't be done :-). JRA.
470 *******************************************************/
471
472 static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
473 char *filename, char *new_username)
474 {
475 int fnum;
476 DOM_SID sid;
477 SEC_DESC *sd, *old;
478 size_t sd_size;
479
480 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
481
482 if (fnum == -1) {
483 printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
484 return EXIT_FAILED;
485 }
486
487 if (!StringToSid(&sid, new_username))
488 return EXIT_PARSE_ERROR;
489
490 old = cli_query_secdesc(cli, fnum, ctx);
491
492 cli_close(cli, fnum);
493
494 if (!old) {
495 printf("owner_set: Failed to query old descriptor\n");
496 return EXIT_FAILED;
497 }
498
499 sd = make_sec_desc(ctx,old->revision,
500 (change_mode == REQUEST_CHOWN) ? &sid : old->owner_sid,
501 (change_mode == REQUEST_CHGRP) ? &sid : old->grp_sid,
502 NULL, old->dacl, &sd_size);
503
504 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE);
505
506 if (fnum == -1) {
507 printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
508 return EXIT_FAILED;
509 }
510
511 if (!cli_set_secdesc(cli, fnum, sd)) {
512 printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
513 }
514
515 cli_close(cli, fnum);
516
517 return EXIT_OK;
518 }
519
520
521 /* The MSDN is contradictory over the ordering of ACE entries in an ACL.
522 However NT4 gives a "The information may have been modified by a
523 computer running Windows NT 5.0" if denied ACEs do not appear before
524 allowed ACEs. */
525
526 static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2)
527 {
528 if (sec_ace_equal(ace1, ace2)) return 0;
529 if (ace1->type != ace2->type) return ace2->type - ace1->type;
530 if (sid_compare(&ace1->trustee, &ace2->trustee)) return sid_compare(&ace1->trustee, &ace2->trustee);
531 if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags;
532 if (ace1->info.mask != ace2->info.mask) return ace1->info.mask - ace2->info.mask;
533 if (ace1->size != ace2->size) return ace1->size - ace2->size;
534 return memcmp(ace1, ace2, sizeof(SEC_ACE));
535 }
536
537 static void sort_acl(SEC_ACL *the_acl)
538 {
539 int i;
540 if (!the_acl) return;
541
542 qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]), QSORT_CAST ace_compare);
543
544 for (i=1;i<the_acl->num_aces;) {
545 if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) {
546 int j;
547 for (j=i; j<the_acl->num_aces-1; j++) {
548 the_acl->ace[j] = the_acl->ace[j+1];
549 }
550 the_acl->num_aces--;
551 } else {
552 i++;
553 }
554 }
555 }
556
557 /*****************************************************
558 set the ACLs on a file given an ascii description
559 *******************************************************/
560 static int cacl_set(struct cli_state *cli, char *filename,
561 char *the_acl, enum acl_mode mode)
562 {
563 int fnum;
564 SEC_DESC *sd, *old;
565 int i, j;
566 size_t sd_size;
567 int result = EXIT_OK;
568
569 sd = sec_desc_parse(the_acl);
570
571 if (!sd) return EXIT_PARSE_ERROR;
572 if (test_args) return EXIT_OK;
573
574 /* The desired access below is the only one I could find that works
575 with NT4, W2KP and Samba */
576
577 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
578
579 if (fnum == -1) {
580 printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli));
581 return EXIT_FAILED;
582 }
583
584 old = cli_query_secdesc(cli, fnum, ctx);
585
586 if (!old) {
587 printf("calc_set: Failed to query old descriptor\n");
588 return EXIT_FAILED;
589 }
590
591 cli_close(cli, fnum);
592
593 /* the logic here is rather more complex than I would like */
594 switch (mode) {
595 case SMB_ACL_DELETE:
596 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
597 BOOL found = False;
598
599 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
600 if (sec_ace_equal(&sd->dacl->ace[i],
601 &old->dacl->ace[j])) {
602 int k;
603 for (k=j; k<old->dacl->num_aces-1;k++) {
604 old->dacl->ace[k] = old->dacl->ace[k+1];
605 }
606 old->dacl->num_aces--;
607 if (old->dacl->num_aces == 0) {
608 free(old->dacl->ace);
609 old->dacl->ace=NULL;
610 free(old->dacl);
611 old->dacl = NULL;
612 old->off_dacl = 0;
613 }
614 found = True;
615 break;
616 }
617 }
618
619 if (!found) {
620 printf("ACL for ACE:");
621 print_ace(stdout, &sd->dacl->ace[i]);
622 printf(" not found\n");
623 }
624 }
625 break;
626
627 case SMB_ACL_MODIFY:
628 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
629 BOOL found = False;
630
631 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
632 if (sid_equal(&sd->dacl->ace[i].trustee,
633 &old->dacl->ace[j].trustee)) {
634 old->dacl->ace[j] = sd->dacl->ace[i];
635 found = True;
636 }
637 }
638
639 if (!found) {
640 fstring str;
641
642 SidToString(str, &sd->dacl->ace[i].trustee);
643 printf("ACL for SID %s not found\n", str);
644 }
645 }
646
647 break;
648
649 case SMB_ACL_ADD:
650 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
651 add_ace(&old->dacl, &sd->dacl->ace[i]);
652 }
653 break;
654
655 case SMB_ACL_SET:
656 old = sd;
657 break;
658 }
659
660 /* Denied ACE entries must come before allowed ones */
661 sort_acl(old->dacl);
662
663 /* Create new security descriptor and set it */
664 sd = make_sec_desc(ctx,old->revision, old->owner_sid, old->grp_sid,
665 NULL, old->dacl, &sd_size);
666
667 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE);
668
669 if (fnum == -1) {
670 printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli));
671 return EXIT_FAILED;
672 }
673
674 if (!cli_set_secdesc(cli, fnum, sd)) {
675 printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
676 result = EXIT_FAILED;
677 }
678
679 /* Clean up */
680
681 cli_close(cli, fnum);
682
683 return result;
684 }
685
686
687 /*****************************************************
688 return a connection to a server
689 *******************************************************/
690 struct cli_state *connect_one(char *share)
691 {
692 struct cli_state *c;
693 struct nmb_name called, calling;
694 char *server_n;
695 struct in_addr ip;
696 extern struct in_addr ipzero;
697 extern pstring global_myname;
698
699 fstrcpy(server,share+2);
700 share = strchr(server,'\\');
701 if (!share) return NULL;
702 *share = 0;
703 share++;
704
705 server_n = server;
706
707 ip = ipzero;
708
709 make_nmb_name(&calling, global_myname, 0x0);
710 make_nmb_name(&called , server, 0x20);
711
712 again:
713 ip = ipzero;
714
715 /* have to open a new connection */
716 if (!(c=cli_initialise(NULL)) || (cli_set_port(c, 139) == 0) ||
717 !cli_connect(c, server_n, &ip)) {
718 DEBUG(0,("Connection to %s failed\n", server_n));
719 cli_shutdown(c);
720 return NULL;
721 }
722
723 if (!cli_session_request(c, &calling, &called)) {
724 DEBUG(0,("session request to %s failed\n", called.name));
725 cli_shutdown(c);
726 if (strcmp(called.name, "*SMBSERVER")) {
727 make_nmb_name(&called , "*SMBSERVER", 0x20);
728 goto again;
729 }
730 return NULL;
731 }
732
733 DEBUG(4,(" session request ok\n"));
734
735 if (!cli_negprot(c)) {
736 DEBUG(0,("protocol negotiation failed\n"));
737 cli_shutdown(c);
738 return NULL;
739 }
740
741 if (!got_pass) {
742 char *pass = getpass("Password: ");
743 if (pass) {
744 pstrcpy(password, pass);
745 }
746 }
747
748 if (!cli_session_setup(c, username,
749 password, strlen(password),
750 password, strlen(password),
751 lp_workgroup())) {
752 DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
753 cli_shutdown(c);
754 return NULL;
755 }
756
757 DEBUG(4,(" session setup ok\n"));
758
759 if (!cli_send_tconX(c, share, "?????",
760 password, strlen(password)+1)) {
761 DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
762 cli_shutdown(c);
763 return NULL;
764 }
765
766 DEBUG(4,(" tconx ok\n"));
767
768 return c;
769 }
770
771
772 static void usage(void)
773 {
774 printf(
775 "Usage: smbcacls //server1/share1 filename [options]\n\
776 \n\
777 \t-D <acls> delete an acl\n\
778 \t-M <acls> modify an acl\n\
779 \t-A <acls> add an acl\n\
780 \t-S <acls> set acls\n\
781 \t-C username change ownership of a file\n\
782 \t-G username change group ownership of a file\n\
783 \t-n don't resolve sids or masks to names\n\
784 \t-h print help\n\
785 \n\
786 The username can be of the form username%%password or\n\
787 workgroup\\username%%password.\n\n\
788 An acl is of the form ACL:<SID>:type/flags/mask\n\
789 You can string acls together with spaces, commas or newlines\n\
790 ");
791 }
792
793 /****************************************************************************
794 main program
795 ****************************************************************************/
796 int main(int argc,char *argv[])
797 {
798 char *share;
799 pstring filename;
800 extern char *optarg;
801 extern int optind;
802 extern FILE *dbf;
803 int opt;
804 char *p;
805 static pstring servicesf = CONFIGFILE;
806 struct cli_state *cli=NULL;
807 enum acl_mode mode = SMB_ACL_SET;
808 char *the_acl = NULL;
809 enum chown_mode change_mode = REQUEST_NONE;
810 int result;
811
812 ctx=talloc_init();
813
814 setlinebuf(stdout);
815
816 dbf = stderr;
817
818 if (argc < 3 || argv[1][0] == '-') {
819 usage();
820 talloc_destroy(ctx);
821 exit(EXIT_PARSE_ERROR);
822 }
823
824 setup_logging(argv[0],True);
825
826 share = argv[1];
827 pstrcpy(filename, argv[2]);
828 all_string_sub(share,"/","\\",0);
829
830 argc -= 2;
831 argv += 2;
832
833 TimeInit();
834 charset_initialise();
835
836 lp_load(servicesf,True,False,False);
837 codepage_initialise(lp_client_code_page());
838 load_interfaces();
839
840 if (getenv("USER")) {
841 pstrcpy(username,getenv("USER"));
842
843 if ((p=strchr(username,'%'))) {
844 *p = 0;
845 pstrcpy(password,p+1);
846 got_pass = True;
847 memset(strchr(getenv("USER"), '%') + 1, 'X',
848 strlen(password));
849 }
850 }
851
852 while ((opt = getopt(argc, argv, "U:nhS:D:A:M:C:G:t")) != EOF) {
853 switch (opt) {
854 case 'U':
855 pstrcpy(username,optarg);
856 p = strchr(username,'%');
857 if (p) {
858 *p = 0;
859 pstrcpy(password, p+1);
860 got_pass = 1;
861 }
862 break;
863
864 case 'S':
865 the_acl = optarg;
866 mode = SMB_ACL_SET;
867 break;
868
869 case 'D':
870 the_acl = optarg;
871 mode = SMB_ACL_DELETE;
872 break;
873
874 case 'M':
875 the_acl = optarg;
876 mode = SMB_ACL_MODIFY;
877 break;
878
879 case 'A':
880 the_acl = optarg;
881 mode = SMB_ACL_ADD;
882 break;
883
884 case 'C':
885 pstrcpy(owner_username,optarg);
886 change_mode = REQUEST_CHOWN;
887 break;
888
889 case 'G':
890 pstrcpy(owner_username,optarg);
891 change_mode = REQUEST_CHGRP;
892 break;
893
894 case 'n':
895 numeric = 1;
896 break;
897
898 case 't':
899 test_args = 1;
900 break;
901
902 case 'h':
903 usage();
904 talloc_destroy(ctx);
905 exit(EXIT_PARSE_ERROR);
906
907 default:
908 printf("Unknown option %c (%d)\n", (char)opt, opt);
909 talloc_destroy(ctx);
910 exit(EXIT_PARSE_ERROR);
911 }
912 }
913
914 argc -= optind;
915 argv += optind;
916
917 if (argc > 0) {
918 usage();
919 talloc_destroy(ctx);
920 exit(EXIT_PARSE_ERROR);
921 }
922
923 /* Make connection to server */
924
925 if (!test_args) {
926 cli = connect_one(share);
927 if (!cli) {
928 talloc_destroy(ctx);
929 exit(EXIT_FAILED);
930 }
931 }
932
933 all_string_sub(filename, "/", "\\", 0);
934 if (filename[0] != '\\') {
935 pstring s;
936 s[0] = '\\';
937 safe_strcpy(&s[1], filename, sizeof(pstring)-1);
938 pstrcpy(filename, s);
939 }
940
941 /* Perform requested action */
942
943 if (change_mode != REQUEST_NONE) {
944 result = owner_set(cli, change_mode, filename, owner_username);
945 } else if (the_acl) {
946 result = cacl_set(cli, filename, the_acl, mode);
947 } else {
948 result = cacl_dump(cli, filename);
949 }
950
951 talloc_destroy(ctx);
952
953 return result;
954 }
Samba GIT mirror