search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fairly large change to printing code.
[Samba.git] / source / utils / smbcacls.c
blob4f9df90fa28155af75eab0d13d005ee4a210b4fa
1 /*
2 Unix SMB/CIFS implementation.
3 ACL get/set utility
4
5 Copyright (C) Andrew Tridgell 2000
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Jeremy Allison 2000
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 static fstring password;
27 static pstring username;
28 static pstring owner_username;
29 static fstring server;
30 static int got_pass;
31 static int test_args;
32 static TALLOC_CTX *ctx;
33
34 #define CREATE_ACCESS_READ READ_CONTROL_ACCESS
35 #define CREATE_ACCESS_WRITE (WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS)
36
37 /* numeric is set when the user wants numeric SIDs and ACEs rather
38 than going via LSA calls to resolve them */
39 static int numeric;
40
41 enum acl_mode {SMB_ACL_SET, SMB_ACL_DELETE, SMB_ACL_MODIFY, SMB_ACL_ADD };
42 enum chown_mode {REQUEST_NONE, REQUEST_CHOWN, REQUEST_CHGRP};
43 enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR};
44
45 extern pstring global_myname;
46 extern fstring global_myworkgroup;
47
48 struct perm_value {
49 char *perm;
50 uint32 mask;
51 };
52
53 /* These values discovered by inspection */
54
55 static struct perm_value special_values[] = {
56 { "R", 0x00120089 },
57 { "W", 0x00120116 },
58 { "X", 0x001200a0 },
59 { "D", 0x00010000 },
60 { "P", 0x00040000 },
61 { "O", 0x00080000 },
62 { NULL, 0 },
63 };
64
65 static struct perm_value standard_values[] = {
66 { "READ", 0x001200a9 },
67 { "CHANGE", 0x001301bf },
68 { "FULL", 0x001f01ff },
69 { NULL, 0 },
70 };
71
72 static struct cli_state *global_hack_cli;
73 static POLICY_HND pol;
74 static BOOL got_policy_hnd;
75
76 static struct cli_state *connect_one(char *share);
77
78 /* Open cli connection and policy handle */
79
80 static BOOL cacls_open_policy_hnd(void)
81 {
82 /* Initialise cli LSA connection */
83
84 if (!global_hack_cli) {
85 global_hack_cli = connect_one("IPC$");
86 if (!cli_nt_session_open (global_hack_cli, PIPE_LSARPC)) {
87 return False;
88 }
89 }
90
91 /* Open policy handle */
92
93 if (!got_policy_hnd) {
94
95 /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
96 but NT sends 0x2000000 so we might as well do it too. */
97
98 if (!NT_STATUS_IS_OK(cli_lsa_open_policy(global_hack_cli, global_hack_cli->mem_ctx, True,
99 GENERIC_EXECUTE_ACCESS, &pol))) {
100 return False;
101 }
102
103 got_policy_hnd = True;
104 }
105
106 return True;
107 }
108
109 /* convert a SID to a string, either numeric or username/group */
110 static void SidToString(fstring str, DOM_SID *sid)
111 {
112 char **domains = NULL;
113 char **names = NULL;
114 uint32 *types = NULL;
115
116 sid_to_string(str, sid);
117
118 if (numeric) return;
119
120 /* Ask LSA to convert the sid to a name */
121
122 if (!cacls_open_policy_hnd() ||
123 !NT_STATUS_IS_OK(cli_lsa_lookup_sids(global_hack_cli, global_hack_cli->mem_ctx,
124 &pol, 1, sid, &domains,
125 &names, &types)) ||
126 !domains || !domains[0] || !names || !names[0]) {
127 return;
128 }
129
130 /* Converted OK */
131
132 slprintf(str, sizeof(fstring) - 1, "%s%s%s",
133 domains[0], lp_winbind_separator(),
134 names[0]);
135
136 }
137
138 /* convert a string to a SID, either numeric or username/group */
139 static BOOL StringToSid(DOM_SID *sid, const char *str)
140 {
141 uint32 *types = NULL;
142 DOM_SID *sids = NULL;
143 BOOL result = True;
144
145 if (strncmp(str, "S-", 2) == 0) {
146 return string_to_sid(sid, str);
147 }
148
149 if (!cacls_open_policy_hnd() ||
150 !NT_STATUS_IS_OK(cli_lsa_lookup_names(global_hack_cli, global_hack_cli->mem_ctx,
151 &pol, 1, &str, &sids,
152 &types))) {
153 result = False;
154 goto done;
155 }
156
157 sid_copy(sid, &sids[0]);
158 done:
159
160 return result;
161 }
162
163
164 /* print an ACE on a FILE, using either numeric or ascii representation */
165 static void print_ace(FILE *f, SEC_ACE *ace)
166 {
167 struct perm_value *v;
168 fstring sidstr;
169 int do_print = 0;
170 uint32 got_mask;
171
172 SidToString(sidstr, &ace->trustee);
173
174 fprintf(f, "%s:", sidstr);
175
176 if (numeric) {
177 fprintf(f, "%d/%d/0x%08x",
178 ace->type, ace->flags, ace->info.mask);
179 return;
180 }
181
182 /* Ace type */
183
184 if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
185 fprintf(f, "ALLOWED");
186 } else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
187 fprintf(f, "DENIED");
188 } else {
189 fprintf(f, "%d", ace->type);
190 }
191
192 /* Not sure what flags can be set in a file ACL */
193
194 fprintf(f, "/%d/", ace->flags);
195
196 /* Standard permissions */
197
198 for (v = standard_values; v->perm; v++) {
199 if (ace->info.mask == v->mask) {
200 fprintf(f, "%s", v->perm);
201 return;
202 }
203 }
204
205 /* Special permissions. Print out a hex value if we have
206 leftover bits in the mask. */
207
208 got_mask = ace->info.mask;
209
210 again:
211 for (v = special_values; v->perm; v++) {
212 if ((ace->info.mask & v->mask) == v->mask) {
213 if (do_print) {
214 fprintf(f, "%s", v->perm);
215 }
216 got_mask &= ~v->mask;
217 }
218 }
219
220 if (!do_print) {
221 if (got_mask != 0) {
222 fprintf(f, "0x%08x", ace->info.mask);
223 } else {
224 do_print = 1;
225 goto again;
226 }
227 }
228 }
229
230
231 /* parse an ACE in the same format as print_ace() */
232 static BOOL parse_ace(SEC_ACE *ace, char *str)
233 {
234 char *p;
235 fstring tok;
236 unsigned atype, aflags, amask;
237 DOM_SID sid;
238 SEC_ACCESS mask;
239 struct perm_value *v;
240
241 ZERO_STRUCTP(ace);
242 p = strchr_m(str,':');
243 if (!p) return False;
244 *p = '\0';
245 p++;
246
247 /* Try to parse numeric form */
248
249 if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
250 StringToSid(&sid, str)) {
251 goto done;
252 }
253
254 /* Try to parse text form */
255
256 if (!StringToSid(&sid, str)) {
257 return False;
258 }
259
260 if (!next_token(&p, tok, "/", sizeof(fstring))) {
261 return False;
262 }
263
264 if (strncmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
265 atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
266 } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) {
267 atype = SEC_ACE_TYPE_ACCESS_DENIED;
268 } else {
269 return False;
270 }
271
272 /* Only numeric form accepted for flags at present */
273
274 if (!(next_token(&p, tok, "/", sizeof(fstring)) &&
275 sscanf(tok, "%i", &aflags))) {
276 return False;
277 }
278
279 if (!next_token(&p, tok, "/", sizeof(fstring))) {
280 return False;
281 }
282
283 if (strncmp(tok, "0x", 2) == 0) {
284 if (sscanf(tok, "%i", &amask) != 1) {
285 return False;
286 }
287 goto done;
288 }
289
290 for (v = standard_values; v->perm; v++) {
291 if (strcmp(tok, v->perm) == 0) {
292 amask = v->mask;
293 goto done;
294 }
295 }
296
297 p = tok;
298
299 while(*p) {
300 BOOL found = False;
301
302 for (v = special_values; v->perm; v++) {
303 if (v->perm[0] == *p) {
304 amask |= v->mask;
305 found = True;
306 }
307 }
308
309 if (!found) return False;
310 p++;
311 }
312
313 if (*p) {
314 return False;
315 }
316
317 done:
318 mask.mask = amask;
319 init_sec_ace(ace, &sid, atype, mask, aflags);
320 return True;
321 }
322
323 /* add an ACE to a list of ACEs in a SEC_ACL */
324 static BOOL add_ace(SEC_ACL **the_acl, SEC_ACE *ace)
325 {
326 SEC_ACL *new;
327 SEC_ACE *aces;
328 if (! *the_acl) {
329 (*the_acl) = make_sec_acl(ctx, 3, 1, ace);
330 return True;
331 }
332
333 aces = calloc(1+(*the_acl)->num_aces,sizeof(SEC_ACE));
334 memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
335 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
336 new = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces);
337 SAFE_FREE(aces);
338 (*the_acl) = new;
339 return True;
340 }
341
342 /* parse a ascii version of a security descriptor */
343 static SEC_DESC *sec_desc_parse(char *str)
344 {
345 char *p = str;
346 fstring tok;
347 SEC_DESC *ret;
348 size_t sd_size;
349 DOM_SID *grp_sid=NULL, *owner_sid=NULL;
350 SEC_ACL *dacl=NULL;
351 int revision=1;
352
353 while (next_token(&p, tok, "\t,\r\n", sizeof(tok))) {
354
355 if (strncmp(tok,"REVISION:", 9) == 0) {
356 revision = strtol(tok+9, NULL, 16);
357 continue;
358 }
359
360 if (strncmp(tok,"OWNER:", 6) == 0) {
361 owner_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
362 if (!owner_sid ||
363 !StringToSid(owner_sid, tok+6)) {
364 printf("Failed to parse owner sid\n");
365 return NULL;
366 }
367 continue;
368 }
369
370 if (strncmp(tok,"GROUP:", 6) == 0) {
371 grp_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
372 if (!grp_sid ||
373 !StringToSid(grp_sid, tok+6)) {
374 printf("Failed to parse group sid\n");
375 return NULL;
376 }
377 continue;
378 }
379
380 if (strncmp(tok,"ACL:", 4) == 0) {
381 SEC_ACE ace;
382 if (!parse_ace(&ace, tok+4)) {
383 printf("Failed to parse ACL %s\n", tok);
384 return NULL;
385 }
386 if(!add_ace(&dacl, &ace)) {
387 printf("Failed to add ACL %s\n", tok);
388 return NULL;
389 }
390 continue;
391 }
392
393 printf("Failed to parse security descriptor\n");
394 return NULL;
395 }
396
397 ret = make_sec_desc(ctx,revision, owner_sid, grp_sid,
398 NULL, dacl, &sd_size);
399
400 SAFE_FREE(grp_sid);
401 SAFE_FREE(owner_sid);
402
403 return ret;
404 }
405
406
407 /* print a ascii version of a security descriptor on a FILE handle */
408 static void sec_desc_print(FILE *f, SEC_DESC *sd)
409 {
410 fstring sidstr;
411 uint32 i;
412
413 printf("REVISION:%d\n", sd->revision);
414
415 /* Print owner and group sid */
416
417 if (sd->owner_sid) {
418 SidToString(sidstr, sd->owner_sid);
419 } else {
420 fstrcpy(sidstr, "");
421 }
422
423 printf("OWNER:%s\n", sidstr);
424
425 if (sd->grp_sid) {
426 SidToString(sidstr, sd->grp_sid);
427 } else {
428 fstrcpy(sidstr, "");
429 }
430
431 fprintf(f, "GROUP:%s\n", sidstr);
432
433 /* Print aces */
434 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
435 SEC_ACE *ace = &sd->dacl->ace[i];
436 fprintf(f, "ACL:");
437 print_ace(f, ace);
438 fprintf(f, "\n");
439 }
440
441 }
442
443 /*****************************************************
444 dump the acls for a file
445 *******************************************************/
446 static int cacl_dump(struct cli_state *cli, char *filename)
447 {
448 int fnum;
449 SEC_DESC *sd;
450
451 if (test_args) return EXIT_OK;
452
453 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
454 if (fnum == -1) {
455 printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
456 return EXIT_FAILED;
457 }
458
459 sd = cli_query_secdesc(cli, fnum, ctx);
460
461 if (!sd) {
462 printf("ERROR: secdesc query failed: %s\n", cli_errstr(cli));
463 return EXIT_FAILED;
464 }
465
466 sec_desc_print(stdout, sd);
467
468 cli_close(cli, fnum);
469
470 return EXIT_OK;
471 }
472
473 /*****************************************************
474 Change the ownership or group ownership of a file. Just
475 because the NT docs say this can't be done :-). JRA.
476 *******************************************************/
477
478 static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
479 char *filename, char *new_username)
480 {
481 int fnum;
482 DOM_SID sid;
483 SEC_DESC *sd, *old;
484 size_t sd_size;
485
486 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
487
488 if (fnum == -1) {
489 printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
490 return EXIT_FAILED;
491 }
492
493 if (!StringToSid(&sid, new_username))
494 return EXIT_PARSE_ERROR;
495
496 old = cli_query_secdesc(cli, fnum, ctx);
497
498 cli_close(cli, fnum);
499
500 if (!old) {
501 printf("owner_set: Failed to query old descriptor\n");
502 return EXIT_FAILED;
503 }
504
505 sd = make_sec_desc(ctx,old->revision,
506 (change_mode == REQUEST_CHOWN) ? &sid : old->owner_sid,
507 (change_mode == REQUEST_CHGRP) ? &sid : old->grp_sid,
508 NULL, old->dacl, &sd_size);
509
510 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE);
511
512 if (fnum == -1) {
513 printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
514 return EXIT_FAILED;
515 }
516
517 if (!cli_set_secdesc(cli, fnum, sd)) {
518 printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
519 }
520
521 cli_close(cli, fnum);
522
523 return EXIT_OK;
524 }
525
526
527 /* The MSDN is contradictory over the ordering of ACE entries in an ACL.
528 However NT4 gives a "The information may have been modified by a
529 computer running Windows NT 5.0" if denied ACEs do not appear before
530 allowed ACEs. */
531
532 static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2)
533 {
534 if (sec_ace_equal(ace1, ace2))
535 return 0;
536
537 if (ace1->type != ace2->type)
538 return ace2->type - ace1->type;
539
540 if (sid_compare(&ace1->trustee, &ace2->trustee))
541 return sid_compare(&ace1->trustee, &ace2->trustee);
542
543 if (ace1->flags != ace2->flags)
544 return ace1->flags - ace2->flags;
545
546 if (ace1->info.mask != ace2->info.mask)
547 return ace1->info.mask - ace2->info.mask;
548
549 if (ace1->size != ace2->size)
550 return ace1->size - ace2->size;
551
552 return memcmp(ace1, ace2, sizeof(SEC_ACE));
553 }
554
555 static void sort_acl(SEC_ACL *the_acl)
556 {
557 uint32 i;
558 if (!the_acl) return;
559
560 qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]), QSORT_CAST ace_compare);
561
562 for (i=1;i<the_acl->num_aces;) {
563 if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) {
564 int j;
565 for (j=i; j<the_acl->num_aces-1; j++) {
566 the_acl->ace[j] = the_acl->ace[j+1];
567 }
568 the_acl->num_aces--;
569 } else {
570 i++;
571 }
572 }
573 }
574
575 /*****************************************************
576 set the ACLs on a file given an ascii description
577 *******************************************************/
578 static int cacl_set(struct cli_state *cli, char *filename,
579 char *the_acl, enum acl_mode mode)
580 {
581 int fnum;
582 SEC_DESC *sd, *old;
583 uint32 i, j;
584 size_t sd_size;
585 int result = EXIT_OK;
586
587 sd = sec_desc_parse(the_acl);
588
589 if (!sd) return EXIT_PARSE_ERROR;
590 if (test_args) return EXIT_OK;
591
592 /* The desired access below is the only one I could find that works
593 with NT4, W2KP and Samba */
594
595 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
596
597 if (fnum == -1) {
598 printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli));
599 return EXIT_FAILED;
600 }
601
602 old = cli_query_secdesc(cli, fnum, ctx);
603
604 if (!old) {
605 printf("calc_set: Failed to query old descriptor\n");
606 return EXIT_FAILED;
607 }
608
609 cli_close(cli, fnum);
610
611 /* the logic here is rather more complex than I would like */
612 switch (mode) {
613 case SMB_ACL_DELETE:
614 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
615 BOOL found = False;
616
617 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
618 if (sec_ace_equal(&sd->dacl->ace[i],
619 &old->dacl->ace[j])) {
620 uint32 k;
621 for (k=j; k<old->dacl->num_aces-1;k++) {
622 old->dacl->ace[k] = old->dacl->ace[k+1];
623 }
624 old->dacl->num_aces--;
625 if (old->dacl->num_aces == 0) {
626 SAFE_FREE(old->dacl->ace);
627 SAFE_FREE(old->dacl);
628 old->off_dacl = 0;
629 }
630 found = True;
631 break;
632 }
633 }
634
635 if (!found) {
636 printf("ACL for ACE:");
637 print_ace(stdout, &sd->dacl->ace[i]);
638 printf(" not found\n");
639 }
640 }
641 break;
642
643 case SMB_ACL_MODIFY:
644 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
645 BOOL found = False;
646
647 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
648 if (sid_equal(&sd->dacl->ace[i].trustee,
649 &old->dacl->ace[j].trustee)) {
650 old->dacl->ace[j] = sd->dacl->ace[i];
651 found = True;
652 }
653 }
654
655 if (!found) {
656 fstring str;
657
658 SidToString(str, &sd->dacl->ace[i].trustee);
659 printf("ACL for SID %s not found\n", str);
660 }
661 }
662
663 break;
664
665 case SMB_ACL_ADD:
666 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
667 add_ace(&old->dacl, &sd->dacl->ace[i]);
668 }
669 break;
670
671 case SMB_ACL_SET:
672 old = sd;
673 break;
674 }
675
676 /* Denied ACE entries must come before allowed ones */
677 sort_acl(old->dacl);
678
679 /* Create new security descriptor and set it */
680 sd = make_sec_desc(ctx,old->revision, old->owner_sid, old->grp_sid,
681 NULL, old->dacl, &sd_size);
682
683 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE);
684
685 if (fnum == -1) {
686 printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli));
687 return EXIT_FAILED;
688 }
689
690 if (!cli_set_secdesc(cli, fnum, sd)) {
691 printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
692 result = EXIT_FAILED;
693 }
694
695 /* Clean up */
696
697 cli_close(cli, fnum);
698
699 return result;
700 }
701
702
703 /*****************************************************
704 return a connection to a server
705 *******************************************************/
706 static struct cli_state *connect_one(char *share)
707 {
708 struct cli_state *c;
709 struct in_addr ip;
710 NTSTATUS nt_status;
711 zero_ip(&ip);
712
713 if (!got_pass) {
714 char *pass = getpass("Password: ");
715 if (pass) {
716 pstrcpy(password, pass);
717 got_pass = True;
718 }
719 }
720
721 if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname, server,
722 &ip, 0,
723 share, "?????",
724 username, global_myworkgroup,
725 password, 0))) {
726 return c;
727 } else {
728 DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status)));
729 return NULL;
730 }
731 }
732
733
734 static void usage(void)
735 {
736 printf(
737 "Usage: smbcacls //server1/share1 filename [options]\n\
738 \n\
739 \t-D <acls> delete an acl\n\
740 \t-M <acls> modify an acl\n\
741 \t-A <acls> add an acl\n\
742 \t-S <acls> set acls\n\
743 \t-C username change ownership of a file\n\
744 \t-G username change group ownership of a file\n\
745 \t-n don't resolve sids or masks to names\n\
746 \t-h print help\n\
747 \t-d debuglevel set debug output level\n\
748 \t-U username user to autheticate as\n\
749 \n\
750 The username can be of the form username%%password or\n\
751 workgroup\\username%%password.\n\n\
752 An acl is of the form ACL:<SID>:type/flags/mask\n\
753 You can string acls together with spaces, commas or newlines\n\
754 ");
755 }
756
757 /****************************************************************************
758 main program
759 ****************************************************************************/
760 int main(int argc,char *argv[])
761 {
762 char *share;
763 pstring filename;
764 extern char *optarg;
765 extern int optind;
766 int opt;
767 char *p;
768 enum acl_mode mode = SMB_ACL_SET;
769 char *the_acl = NULL;
770 enum chown_mode change_mode = REQUEST_NONE;
771 int result;
772
773 struct cli_state *cli;
774
775 ctx=talloc_init();
776
777 setlinebuf(stdout);
778
779 dbf = x_stderr;
780
781 if (argc < 3 || argv[1][0] == '-') {
782 usage();
783 talloc_destroy(ctx);
784 exit(EXIT_PARSE_ERROR);
785 }
786
787 setup_logging(argv[0],True);
788
789 share = argv[1];
790 pstrcpy(filename, argv[2]);
791 all_string_sub(share,"/","\\",0);
792
793 argc -= 2;
794 argv += 2;
795
796 lp_load(dyn_CONFIGFILE,True,False,False);
797 load_interfaces();
798
799 if (getenv("USER")) {
800 pstrcpy(username,getenv("USER"));
801
802 if ((p=strchr_m(username,'%'))) {
803 *p = 0;
804 pstrcpy(password,p+1);
805 got_pass = True;
806 memset(strchr_m(getenv("USER"), '%') + 1, 'X',
807 strlen(password));
808 }
809 }
810
811 while ((opt = getopt(argc, argv, "U:nhS:D:A:M:C:G:td:")) != EOF) {
812 switch (opt) {
813 case 'U':
814 pstrcpy(username,optarg);
815 p = strchr_m(username,'%');
816 if (p) {
817 *p = 0;
818 pstrcpy(password, p+1);
819 got_pass = 1;
820 }
821 break;
822
823 case 'S':
824 the_acl = optarg;
825 mode = SMB_ACL_SET;
826 break;
827
828 case 'D':
829 the_acl = optarg;
830 mode = SMB_ACL_DELETE;
831 break;
832
833 case 'M':
834 the_acl = optarg;
835 mode = SMB_ACL_MODIFY;
836 break;
837
838 case 'A':
839 the_acl = optarg;
840 mode = SMB_ACL_ADD;
841 break;
842
843 case 'C':
844 pstrcpy(owner_username,optarg);
845 change_mode = REQUEST_CHOWN;
846 break;
847
848 case 'G':
849 pstrcpy(owner_username,optarg);
850 change_mode = REQUEST_CHGRP;
851 break;
852
853 case 'n':
854 numeric = 1;
855 break;
856
857 case 't':
858 test_args = 1;
859 break;
860
861 case 'h':
862 usage();
863 talloc_destroy(ctx);
864 exit(EXIT_PARSE_ERROR);
865
866 case 'd':
867 DEBUGLEVEL = atoi(optarg);
868 break;
869
870 default:
871 printf("Unknown option %c (%d)\n", (char)opt, opt);
872 talloc_destroy(ctx);
873 exit(EXIT_PARSE_ERROR);
874 }
875 }
876
877 argc -= optind;
878 argv += optind;
879
880 if (argc > 0) {
881 usage();
882 talloc_destroy(ctx);
883 exit(EXIT_PARSE_ERROR);
884 }
885
886 /* Make connection to server */
887
888 fstrcpy(server,share+2);
889 share = strchr_m(server,'\\');
890 if (!share) {
891 share = strchr_m(server,'/');
892 if (!share) {
893 return -1;
894 }
895 }
896
897 *share = 0;
898 share++;
899
900 if (!test_args) {
901 cli = connect_one(share);
902 if (!cli) {
903 talloc_destroy(ctx);
904 exit(EXIT_FAILED);
905 }
906 } else {
907 exit(0);
908 }
909
910 all_string_sub(filename, "/", "\\", 0);
911 if (filename[0] != '\\') {
912 pstring s;
913 s[0] = '\\';
914 safe_strcpy(&s[1], filename, sizeof(pstring)-1);
915 pstrcpy(filename, s);
916 }
917
918 /* Perform requested action */
919
920 if (change_mode != REQUEST_NONE) {
921 result = owner_set(cli, change_mode, filename, owner_username);
922 } else if (the_acl) {
923 result = cacl_set(cli, filename, the_acl, mode);
924 } else {
925 result = cacl_dump(cli, filename);
926 }
927
928 talloc_destroy(ctx);
929
930 return result;
931 }
932
Samba GIT mirror