2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "libsmbclient.h"
27 #include "libsmb_internal.h"
31 * Find an lsa pipe handle associated with a cli struct.
33 static struct rpc_pipe_client
*
34 find_lsa_pipe_hnd(struct cli_state
*ipc_cli
)
36 struct rpc_pipe_client
*pipe_hnd
;
38 for (pipe_hnd
= ipc_cli
->pipe_list
;
40 pipe_hnd
= pipe_hnd
->next
) {
42 if (ndr_syntax_id_equal(&pipe_hnd
->abstract_syntax
,
43 &ndr_table_lsarpc
.syntax_id
)) {
52 * Sort ACEs according to the documentation at
53 * http://support.microsoft.com/kb/269175, at least as far as it defines the
58 ace_compare(SEC_ACE
*ace1
,
64 /* If the ACEs are equal, we have nothing more to do. */
65 if (sec_ace_equal(ace1
, ace2
)) {
69 /* Inherited follow non-inherited */
70 b1
= ((ace1
->flags
& SEC_ACE_FLAG_INHERITED_ACE
) != 0);
71 b2
= ((ace2
->flags
& SEC_ACE_FLAG_INHERITED_ACE
) != 0);
77 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
78 * sort them after DENY and ALLOW.
80 b1
= (ace1
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED
&&
81 ace1
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
&&
82 ace1
->type
!= SEC_ACE_TYPE_ACCESS_DENIED
&&
83 ace1
->type
!= SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
84 b2
= (ace2
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED
&&
85 ace2
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
&&
86 ace2
->type
!= SEC_ACE_TYPE_ACCESS_DENIED
&&
87 ace2
->type
!= SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
92 /* Allowed ACEs follow denied ACEs */
93 b1
= (ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
||
94 ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
);
95 b2
= (ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
||
96 ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
);
102 * ACEs applying to an entity's object follow those applying to the
105 b1
= (ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
||
106 ace1
->type
== SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
107 b2
= (ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
||
108 ace2
->type
== SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
110 return (b1
? 1 : -1);
114 * If we get this far, the ACEs are similar as far as the
115 * characteristics we typically care about (those defined by the
116 * referenced MS document). We'll now sort by characteristics that
117 * just seems reasonable.
120 if (ace1
->type
!= ace2
->type
) {
121 return ace2
->type
- ace1
->type
;
124 if (sid_compare(&ace1
->trustee
, &ace2
->trustee
)) {
125 return sid_compare(&ace1
->trustee
, &ace2
->trustee
);
128 if (ace1
->flags
!= ace2
->flags
) {
129 return ace1
->flags
- ace2
->flags
;
132 if (ace1
->access_mask
!= ace2
->access_mask
) {
133 return ace1
->access_mask
- ace2
->access_mask
;
136 if (ace1
->size
!= ace2
->size
) {
137 return ace1
->size
- ace2
->size
;
140 return memcmp(ace1
, ace2
, sizeof(SEC_ACE
));
145 sort_acl(SEC_ACL
*the_acl
)
148 if (!the_acl
) return;
150 qsort(the_acl
->aces
, the_acl
->num_aces
, sizeof(the_acl
->aces
[0]),
151 QSORT_CAST ace_compare
);
153 for (i
=1;i
<the_acl
->num_aces
;) {
154 if (sec_ace_equal(&the_acl
->aces
[i
-1], &the_acl
->aces
[i
])) {
156 for (j
=i
; j
<the_acl
->num_aces
-1; j
++) {
157 the_acl
->aces
[j
] = the_acl
->aces
[j
+1];
166 /* convert a SID to a string, either numeric or username/group */
168 convert_sid_to_string(struct cli_state
*ipc_cli
,
174 char **domains
= NULL
;
176 enum lsa_SidType
*types
= NULL
;
177 struct rpc_pipe_client
*pipe_hnd
= find_lsa_pipe_hnd(ipc_cli
);
180 sid_to_fstring(str
, sid
);
183 return; /* no lookup desired */
190 /* Ask LSA to convert the sid to a name */
192 ctx
= talloc_stackframe();
194 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd
, ctx
,
195 pol
, 1, sid
, &domains
,
197 !domains
|| !domains
[0] || !names
|| !names
[0]) {
204 slprintf(str
, sizeof(fstring
) - 1, "%s%s%s",
205 domains
[0], lp_winbind_separator(),
211 /* convert a string to a SID, either numeric or username/group */
213 convert_string_to_sid(struct cli_state
*ipc_cli
,
219 enum lsa_SidType
*types
= NULL
;
220 DOM_SID
*sids
= NULL
;
222 TALLOC_CTX
*ctx
= NULL
;
223 struct rpc_pipe_client
*pipe_hnd
= find_lsa_pipe_hnd(ipc_cli
);
230 if (strncmp(str
, "S-", 2) == 0) {
231 return string_to_sid(sid
, str
);
238 ctx
= talloc_stackframe();
239 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd
, ctx
,
247 sid_copy(sid
, &sids
[0]);
255 /* parse an ACE in the same format as print_ace() */
257 parse_ace(struct cli_state
*ipc_cli
,
271 const struct perm_value
*v
;
276 TALLOC_CTX
*frame
= talloc_stackframe();
278 /* These values discovered by inspection */
279 static const struct perm_value special_values
[] = {
289 static const struct perm_value standard_values
[] = {
290 { "READ", 0x001200a9 },
291 { "CHANGE", 0x001301bf },
292 { "FULL", 0x001f01ff },
298 p
= strchr_m(str
,':');
305 /* Try to parse numeric form */
307 if (sscanf(p
, "%i/%i/%i", &atype
, &aflags
, &amask
) == 3 &&
308 convert_string_to_sid(ipc_cli
, pol
, numeric
, &sid
, str
)) {
312 /* Try to parse text form */
314 if (!convert_string_to_sid(ipc_cli
, pol
, numeric
, &sid
, str
)) {
320 if (!next_token_talloc(frame
, &cp
, &tok
, "/")) {
325 if (StrnCaseCmp(tok
, "ALLOWED", strlen("ALLOWED")) == 0) {
326 atype
= SEC_ACE_TYPE_ACCESS_ALLOWED
;
327 } else if (StrnCaseCmp(tok
, "DENIED", strlen("DENIED")) == 0) {
328 atype
= SEC_ACE_TYPE_ACCESS_DENIED
;
334 /* Only numeric form accepted for flags at present */
336 if (!(next_token_talloc(frame
, &cp
, &tok
, "/") &&
337 sscanf(tok
, "%i", &aflags
))) {
342 if (!next_token_talloc(frame
, &cp
, &tok
, "/")) {
347 if (strncmp(tok
, "0x", 2) == 0) {
348 if (sscanf(tok
, "%i", &amask
) != 1) {
355 for (v
= standard_values
; v
->perm
; v
++) {
356 if (strcmp(tok
, v
->perm
) == 0) {
367 for (v
= special_values
; v
->perm
; v
++) {
368 if (v
->perm
[0] == *p
) {
388 init_sec_ace(ace
, &sid
, atype
, mask
, aflags
);
393 /* add an ACE to a list of ACEs in a SEC_ACL */
395 add_ace(SEC_ACL
**the_acl
,
403 (*the_acl
) = make_sec_acl(ctx
, 3, 1, ace
);
407 if ((aces
= SMB_CALLOC_ARRAY(SEC_ACE
,
408 1+(*the_acl
)->num_aces
)) == NULL
) {
411 memcpy(aces
, (*the_acl
)->aces
, (*the_acl
)->num_aces
* sizeof(SEC_ACE
));
412 memcpy(aces
+(*the_acl
)->num_aces
, ace
, sizeof(SEC_ACE
));
413 newacl
= make_sec_acl(ctx
, (*the_acl
)->revision
,
414 1+(*the_acl
)->num_aces
, aces
);
421 /* parse a ascii version of a security descriptor */
423 sec_desc_parse(TALLOC_CTX
*ctx
,
424 struct cli_state
*ipc_cli
,
431 SEC_DESC
*ret
= NULL
;
433 DOM_SID
*group_sid
=NULL
;
434 DOM_SID
*owner_sid
=NULL
;
438 while (next_token_talloc(ctx
, &p
, &tok
, "\t,\r\n")) {
440 if (StrnCaseCmp(tok
,"REVISION:", 9) == 0) {
441 revision
= strtol(tok
+9, NULL
, 16);
445 if (StrnCaseCmp(tok
,"OWNER:", 6) == 0) {
447 DEBUG(5,("OWNER specified more than once!\n"));
450 owner_sid
= SMB_CALLOC_ARRAY(DOM_SID
, 1);
452 !convert_string_to_sid(ipc_cli
, pol
,
455 DEBUG(5, ("Failed to parse owner sid\n"));
461 if (StrnCaseCmp(tok
,"OWNER+:", 7) == 0) {
463 DEBUG(5,("OWNER specified more than once!\n"));
466 owner_sid
= SMB_CALLOC_ARRAY(DOM_SID
, 1);
468 !convert_string_to_sid(ipc_cli
, pol
,
471 DEBUG(5, ("Failed to parse owner sid\n"));
477 if (StrnCaseCmp(tok
,"GROUP:", 6) == 0) {
479 DEBUG(5,("GROUP specified more than once!\n"));
482 group_sid
= SMB_CALLOC_ARRAY(DOM_SID
, 1);
484 !convert_string_to_sid(ipc_cli
, pol
,
487 DEBUG(5, ("Failed to parse group sid\n"));
493 if (StrnCaseCmp(tok
,"GROUP+:", 7) == 0) {
495 DEBUG(5,("GROUP specified more than once!\n"));
498 group_sid
= SMB_CALLOC_ARRAY(DOM_SID
, 1);
500 !convert_string_to_sid(ipc_cli
, pol
,
503 DEBUG(5, ("Failed to parse group sid\n"));
509 if (StrnCaseCmp(tok
,"ACL:", 4) == 0) {
511 if (!parse_ace(ipc_cli
, pol
, &ace
, numeric
, tok
+4)) {
512 DEBUG(5, ("Failed to parse ACL %s\n", tok
));
515 if(!add_ace(&dacl
, &ace
, ctx
)) {
516 DEBUG(5, ("Failed to add ACL %s\n", tok
));
522 if (StrnCaseCmp(tok
,"ACL+:", 5) == 0) {
524 if (!parse_ace(ipc_cli
, pol
, &ace
, False
, tok
+5)) {
525 DEBUG(5, ("Failed to parse ACL %s\n", tok
));
528 if(!add_ace(&dacl
, &ace
, ctx
)) {
529 DEBUG(5, ("Failed to add ACL %s\n", tok
));
535 DEBUG(5, ("Failed to parse security descriptor\n"));
539 ret
= make_sec_desc(ctx
, revision
, SEC_DESC_SELF_RELATIVE
,
540 owner_sid
, group_sid
, NULL
, dacl
, &sd_size
);
543 SAFE_FREE(group_sid
);
544 SAFE_FREE(owner_sid
);
550 /* Obtain the current dos attributes */
551 static DOS_ATTR_DESC
*
552 dos_attr_query(SMBCCTX
*context
,
554 const char *filename
,
557 struct timespec create_time_ts
;
558 struct timespec write_time_ts
;
559 struct timespec access_time_ts
;
560 struct timespec change_time_ts
;
566 ret
= TALLOC_P(ctx
, DOS_ATTR_DESC
);
572 /* Obtain the DOS attributes */
573 if (!SMBC_getatr(context
, srv
, CONST_DISCARD(char *, filename
),
580 errno
= SMBC_errno(context
, srv
->cli
);
581 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
587 ret
->create_time
= convert_timespec_to_time_t(create_time_ts
);
588 ret
->access_time
= convert_timespec_to_time_t(access_time_ts
);
589 ret
->write_time
= convert_timespec_to_time_t(write_time_ts
);
590 ret
->change_time
= convert_timespec_to_time_t(change_time_ts
);
597 /* parse a ascii version of a security descriptor */
599 dos_attr_parse(SMBCCTX
*context
,
607 TALLOC_CTX
*frame
= NULL
;
609 const char * create_time_attr
;
610 const char * access_time_attr
;
611 const char * write_time_attr
;
612 const char * change_time_attr
;
615 /* Determine whether to use old-style or new-style attribute names */
616 if (context
->internal
->full_time_names
) {
617 /* new-style names */
618 attr_strings
.create_time_attr
= "CREATE_TIME";
619 attr_strings
.access_time_attr
= "ACCESS_TIME";
620 attr_strings
.write_time_attr
= "WRITE_TIME";
621 attr_strings
.change_time_attr
= "CHANGE_TIME";
623 /* old-style names */
624 attr_strings
.create_time_attr
= NULL
;
625 attr_strings
.access_time_attr
= "A_TIME";
626 attr_strings
.write_time_attr
= "M_TIME";
627 attr_strings
.change_time_attr
= "C_TIME";
630 /* if this is to set the entire ACL... */
632 /* ... then increment past the first colon if there is one */
633 if ((p
= strchr(str
, ':')) != NULL
) {
640 frame
= talloc_stackframe();
641 while (next_token_talloc(frame
, &p
, &tok
, "\t,\r\n")) {
642 if (StrnCaseCmp(tok
, "MODE:", 5) == 0) {
643 long request
= strtol(tok
+5, NULL
, 16);
645 dad
->mode
= (request
|
646 (IS_DOS_DIR(dad
->mode
)
647 ? FILE_ATTRIBUTE_DIRECTORY
648 : FILE_ATTRIBUTE_NORMAL
));
655 if (StrnCaseCmp(tok
, "SIZE:", 5) == 0) {
656 dad
->size
= (SMB_OFF_T
)atof(tok
+5);
660 n
= strlen(attr_strings
.access_time_attr
);
661 if (StrnCaseCmp(tok
, attr_strings
.access_time_attr
, n
) == 0) {
662 dad
->access_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
666 n
= strlen(attr_strings
.change_time_attr
);
667 if (StrnCaseCmp(tok
, attr_strings
.change_time_attr
, n
) == 0) {
668 dad
->change_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
672 n
= strlen(attr_strings
.write_time_attr
);
673 if (StrnCaseCmp(tok
, attr_strings
.write_time_attr
, n
) == 0) {
674 dad
->write_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
678 if (attr_strings
.create_time_attr
!= NULL
) {
679 n
= strlen(attr_strings
.create_time_attr
);
680 if (StrnCaseCmp(tok
, attr_strings
.create_time_attr
,
682 dad
->create_time
= (time_t)strtol(tok
+n
+1,
688 if (StrnCaseCmp(tok
, "INODE:", 6) == 0) {
689 dad
->inode
= (SMB_INO_T
)atof(tok
+6);
696 /*****************************************************
697 Retrieve the acls for a file.
698 *******************************************************/
701 cacl_get(SMBCCTX
*context
,
704 struct cli_state
*ipc_cli
,
720 bool exclude_nt_revision
= False
;
721 bool exclude_nt_owner
= False
;
722 bool exclude_nt_group
= False
;
723 bool exclude_nt_acl
= False
;
724 bool exclude_dos_mode
= False
;
725 bool exclude_dos_size
= False
;
726 bool exclude_dos_create_time
= False
;
727 bool exclude_dos_access_time
= False
;
728 bool exclude_dos_write_time
= False
;
729 bool exclude_dos_change_time
= False
;
730 bool exclude_dos_inode
= False
;
732 bool determine_size
= (bufsize
== 0);
736 fstring name_sandbox
;
740 struct timespec create_time_ts
;
741 struct timespec write_time_ts
;
742 struct timespec access_time_ts
;
743 struct timespec change_time_ts
;
744 time_t create_time
= (time_t)0;
745 time_t write_time
= (time_t)0;
746 time_t access_time
= (time_t)0;
747 time_t change_time
= (time_t)0;
751 struct cli_state
*cli
= srv
->cli
;
753 const char * create_time_attr
;
754 const char * access_time_attr
;
755 const char * write_time_attr
;
756 const char * change_time_attr
;
759 const char * create_time_attr
;
760 const char * access_time_attr
;
761 const char * write_time_attr
;
762 const char * change_time_attr
;
765 /* Determine whether to use old-style or new-style attribute names */
766 if (context
->internal
->full_time_names
) {
767 /* new-style names */
768 attr_strings
.create_time_attr
= "CREATE_TIME";
769 attr_strings
.access_time_attr
= "ACCESS_TIME";
770 attr_strings
.write_time_attr
= "WRITE_TIME";
771 attr_strings
.change_time_attr
= "CHANGE_TIME";
773 excl_attr_strings
.create_time_attr
= "CREATE_TIME";
774 excl_attr_strings
.access_time_attr
= "ACCESS_TIME";
775 excl_attr_strings
.write_time_attr
= "WRITE_TIME";
776 excl_attr_strings
.change_time_attr
= "CHANGE_TIME";
778 /* old-style names */
779 attr_strings
.create_time_attr
= NULL
;
780 attr_strings
.access_time_attr
= "A_TIME";
781 attr_strings
.write_time_attr
= "M_TIME";
782 attr_strings
.change_time_attr
= "C_TIME";
784 excl_attr_strings
.create_time_attr
= NULL
;
785 excl_attr_strings
.access_time_attr
= "dos_attr.A_TIME";
786 excl_attr_strings
.write_time_attr
= "dos_attr.M_TIME";
787 excl_attr_strings
.change_time_attr
= "dos_attr.C_TIME";
790 /* Copy name so we can strip off exclusions (if any are specified) */
791 strncpy(name_sandbox
, attr_name
, sizeof(name_sandbox
) - 1);
793 /* Ensure name is null terminated */
794 name_sandbox
[sizeof(name_sandbox
) - 1] = '\0';
796 /* Play in the sandbox */
799 /* If there are any exclusions, point to them and mask them from name */
800 if ((pExclude
= strchr(name
, '!')) != NULL
)
805 all
= (StrnCaseCmp(name
, "system.*", 8) == 0);
806 all_nt
= (StrnCaseCmp(name
, "system.nt_sec_desc.*", 20) == 0);
807 all_nt_acls
= (StrnCaseCmp(name
, "system.nt_sec_desc.acl.*", 24) == 0);
808 all_dos
= (StrnCaseCmp(name
, "system.dos_attr.*", 17) == 0);
809 some_nt
= (StrnCaseCmp(name
, "system.nt_sec_desc.", 19) == 0);
810 some_dos
= (StrnCaseCmp(name
, "system.dos_attr.", 16) == 0);
811 numeric
= (* (name
+ strlen(name
) - 1) != '+');
813 /* Look for exclusions from "all" requests */
814 if (all
|| all_nt
|| all_dos
) {
816 /* Exclusions are delimited by '!' */
819 pExclude
= (p
== NULL
? NULL
: p
+ 1)) {
821 /* Find end of this exclusion name */
822 if ((p
= strchr(pExclude
, '!')) != NULL
)
827 /* Which exclusion name is this? */
828 if (StrCaseCmp(pExclude
,
829 "nt_sec_desc.revision") == 0) {
830 exclude_nt_revision
= True
;
832 else if (StrCaseCmp(pExclude
,
833 "nt_sec_desc.owner") == 0) {
834 exclude_nt_owner
= True
;
836 else if (StrCaseCmp(pExclude
,
837 "nt_sec_desc.group") == 0) {
838 exclude_nt_group
= True
;
840 else if (StrCaseCmp(pExclude
,
841 "nt_sec_desc.acl") == 0) {
842 exclude_nt_acl
= True
;
844 else if (StrCaseCmp(pExclude
,
845 "dos_attr.mode") == 0) {
846 exclude_dos_mode
= True
;
848 else if (StrCaseCmp(pExclude
,
849 "dos_attr.size") == 0) {
850 exclude_dos_size
= True
;
852 else if (excl_attr_strings
.create_time_attr
!= NULL
&&
854 excl_attr_strings
.change_time_attr
) == 0) {
855 exclude_dos_create_time
= True
;
857 else if (StrCaseCmp(pExclude
,
858 excl_attr_strings
.access_time_attr
) == 0) {
859 exclude_dos_access_time
= True
;
861 else if (StrCaseCmp(pExclude
,
862 excl_attr_strings
.write_time_attr
) == 0) {
863 exclude_dos_write_time
= True
;
865 else if (StrCaseCmp(pExclude
,
866 excl_attr_strings
.change_time_attr
) == 0) {
867 exclude_dos_change_time
= True
;
869 else if (StrCaseCmp(pExclude
, "dos_attr.inode") == 0) {
870 exclude_dos_inode
= True
;
873 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
884 * If we are (possibly) talking to an NT or new system and some NT
885 * attributes have been requested...
887 if (ipc_cli
&& (all
|| some_nt
|| all_nt_acls
)) {
888 char *targetpath
= NULL
;
889 struct cli_state
*targetcli
= NULL
;
891 /* Point to the portion after "system.nt_sec_desc." */
892 name
+= 19; /* if (all) this will be invalid but unused */
894 if (!cli_resolve_path(ctx
, "", cli
, filename
,
895 &targetcli
, &targetpath
)) {
896 DEBUG(5, ("cacl_get Could not resolve %s\n",
902 /* ... then obtain any NT attributes which were requested */
903 fnum
= cli_nt_create(targetcli
, targetpath
, CREATE_ACCESS_READ
);
906 DEBUG(5, ("cacl_get failed to open %s: %s\n",
907 targetpath
, cli_errstr(targetcli
)));
912 sd
= cli_query_secdesc(targetcli
, fnum
, ctx
);
916 ("cacl_get Failed to query old descriptor\n"));
921 cli_close(targetcli
, fnum
);
923 if (! exclude_nt_revision
) {
925 if (determine_size
) {
926 p
= talloc_asprintf(ctx
,
935 n
= snprintf(buf
, bufsize
,
939 } else if (StrCaseCmp(name
, "revision") == 0) {
940 if (determine_size
) {
941 p
= talloc_asprintf(ctx
, "%d",
949 n
= snprintf(buf
, bufsize
, "%d",
954 if (!determine_size
&& n
> bufsize
) {
964 if (! exclude_nt_owner
) {
965 /* Get owner and group sid */
967 convert_sid_to_string(ipc_cli
, pol
,
976 if (determine_size
) {
977 p
= talloc_asprintf(ctx
, ",OWNER:%s",
984 } else if (sidstr
[0] != '\0') {
985 n
= snprintf(buf
, bufsize
,
986 ",OWNER:%s", sidstr
);
988 } else if (StrnCaseCmp(name
, "owner", 5) == 0) {
989 if (determine_size
) {
990 p
= talloc_asprintf(ctx
, "%s", sidstr
);
997 n
= snprintf(buf
, bufsize
, "%s",
1002 if (!determine_size
&& n
> bufsize
) {
1012 if (! exclude_nt_group
) {
1013 if (sd
->group_sid
) {
1014 convert_sid_to_string(ipc_cli
, pol
,
1018 fstrcpy(sidstr
, "");
1021 if (all
|| all_nt
) {
1022 if (determine_size
) {
1023 p
= talloc_asprintf(ctx
, ",GROUP:%s",
1030 } else if (sidstr
[0] != '\0') {
1031 n
= snprintf(buf
, bufsize
,
1032 ",GROUP:%s", sidstr
);
1034 } else if (StrnCaseCmp(name
, "group", 5) == 0) {
1035 if (determine_size
) {
1036 p
= talloc_asprintf(ctx
, "%s", sidstr
);
1043 n
= snprintf(buf
, bufsize
,
1048 if (!determine_size
&& n
> bufsize
) {
1058 if (! exclude_nt_acl
) {
1059 /* Add aces to value buffer */
1060 for (i
= 0; sd
->dacl
&& i
< sd
->dacl
->num_aces
; i
++) {
1062 SEC_ACE
*ace
= &sd
->dacl
->aces
[i
];
1063 convert_sid_to_string(ipc_cli
, pol
,
1067 if (all
|| all_nt
) {
1068 if (determine_size
) {
1069 p
= talloc_asprintf(
1085 ",ACL:%s:%d/%d/0x%08x",
1091 } else if ((StrnCaseCmp(name
, "acl", 3) == 0 &&
1092 StrCaseCmp(name
+3, sidstr
) == 0) ||
1093 (StrnCaseCmp(name
, "acl+", 4) == 0 &&
1094 StrCaseCmp(name
+4, sidstr
) == 0)) {
1095 if (determine_size
) {
1096 p
= talloc_asprintf(
1108 n
= snprintf(buf
, bufsize
,
1114 } else if (all_nt_acls
) {
1115 if (determine_size
) {
1116 p
= talloc_asprintf(
1118 "%s%s:%d/%d/0x%08x",
1130 n
= snprintf(buf
, bufsize
,
1131 "%s%s:%d/%d/0x%08x",
1139 if (!determine_size
&& n
> bufsize
) {
1150 /* Restore name pointer to its original value */
1154 if (all
|| some_dos
) {
1155 /* Point to the portion after "system.dos_attr." */
1156 name
+= 16; /* if (all) this will be invalid but unused */
1158 /* Obtain the DOS attributes */
1159 if (!SMBC_getatr(context
, srv
, filename
, &mode
, &size
,
1166 errno
= SMBC_errno(context
, srv
->cli
);
1171 create_time
= convert_timespec_to_time_t(create_time_ts
);
1172 access_time
= convert_timespec_to_time_t(access_time_ts
);
1173 write_time
= convert_timespec_to_time_t(write_time_ts
);
1174 change_time
= convert_timespec_to_time_t(change_time_ts
);
1176 if (! exclude_dos_mode
) {
1177 if (all
|| all_dos
) {
1178 if (determine_size
) {
1179 p
= talloc_asprintf(ctx
,
1192 n
= snprintf(buf
, bufsize
,
1200 } else if (StrCaseCmp(name
, "mode") == 0) {
1201 if (determine_size
) {
1202 p
= talloc_asprintf(ctx
, "0x%x", mode
);
1209 n
= snprintf(buf
, bufsize
,
1214 if (!determine_size
&& n
> bufsize
) {
1224 if (! exclude_dos_size
) {
1225 if (all
|| all_dos
) {
1226 if (determine_size
) {
1227 p
= talloc_asprintf(
1237 n
= snprintf(buf
, bufsize
,
1241 } else if (StrCaseCmp(name
, "size") == 0) {
1242 if (determine_size
) {
1243 p
= talloc_asprintf(
1253 n
= snprintf(buf
, bufsize
,
1259 if (!determine_size
&& n
> bufsize
) {
1269 if (! exclude_dos_create_time
&&
1270 attr_strings
.create_time_attr
!= NULL
) {
1271 if (all
|| all_dos
) {
1272 if (determine_size
) {
1273 p
= talloc_asprintf(ctx
,
1275 attr_strings
.create_time_attr
,
1283 n
= snprintf(buf
, bufsize
,
1285 attr_strings
.create_time_attr
,
1288 } else if (StrCaseCmp(name
, attr_strings
.create_time_attr
) == 0) {
1289 if (determine_size
) {
1290 p
= talloc_asprintf(ctx
, "%lu", create_time
);
1297 n
= snprintf(buf
, bufsize
,
1298 "%lu", create_time
);
1302 if (!determine_size
&& n
> bufsize
) {
1312 if (! exclude_dos_access_time
) {
1313 if (all
|| all_dos
) {
1314 if (determine_size
) {
1315 p
= talloc_asprintf(ctx
,
1317 attr_strings
.access_time_attr
,
1325 n
= snprintf(buf
, bufsize
,
1327 attr_strings
.access_time_attr
,
1330 } else if (StrCaseCmp(name
, attr_strings
.access_time_attr
) == 0) {
1331 if (determine_size
) {
1332 p
= talloc_asprintf(ctx
, "%lu", access_time
);
1339 n
= snprintf(buf
, bufsize
,
1340 "%lu", access_time
);
1344 if (!determine_size
&& n
> bufsize
) {
1354 if (! exclude_dos_write_time
) {
1355 if (all
|| all_dos
) {
1356 if (determine_size
) {
1357 p
= talloc_asprintf(ctx
,
1359 attr_strings
.write_time_attr
,
1367 n
= snprintf(buf
, bufsize
,
1369 attr_strings
.write_time_attr
,
1372 } else if (StrCaseCmp(name
, attr_strings
.write_time_attr
) == 0) {
1373 if (determine_size
) {
1374 p
= talloc_asprintf(ctx
, "%lu", write_time
);
1381 n
= snprintf(buf
, bufsize
,
1386 if (!determine_size
&& n
> bufsize
) {
1396 if (! exclude_dos_change_time
) {
1397 if (all
|| all_dos
) {
1398 if (determine_size
) {
1399 p
= talloc_asprintf(ctx
,
1401 attr_strings
.change_time_attr
,
1409 n
= snprintf(buf
, bufsize
,
1411 attr_strings
.change_time_attr
,
1414 } else if (StrCaseCmp(name
, attr_strings
.change_time_attr
) == 0) {
1415 if (determine_size
) {
1416 p
= talloc_asprintf(ctx
, "%lu", change_time
);
1423 n
= snprintf(buf
, bufsize
,
1424 "%lu", change_time
);
1428 if (!determine_size
&& n
> bufsize
) {
1438 if (! exclude_dos_inode
) {
1439 if (all
|| all_dos
) {
1440 if (determine_size
) {
1441 p
= talloc_asprintf(
1451 n
= snprintf(buf
, bufsize
,
1455 } else if (StrCaseCmp(name
, "inode") == 0) {
1456 if (determine_size
) {
1457 p
= talloc_asprintf(
1467 n
= snprintf(buf
, bufsize
,
1473 if (!determine_size
&& n
> bufsize
) {
1483 /* Restore name pointer to its original value */
1495 /*****************************************************
1496 set the ACLs on a file given an ascii description
1497 *******************************************************/
1499 cacl_set(TALLOC_CTX
*ctx
,
1500 struct cli_state
*cli
,
1501 struct cli_state
*ipc_cli
,
1503 const char *filename
,
1504 const char *the_acl
,
1510 SEC_DESC
*sd
= NULL
, *old
;
1511 SEC_ACL
*dacl
= NULL
;
1512 DOM_SID
*owner_sid
= NULL
;
1513 DOM_SID
*group_sid
= NULL
;
1518 bool numeric
= True
;
1519 char *targetpath
= NULL
;
1520 struct cli_state
*targetcli
= NULL
;
1522 /* the_acl will be null for REMOVE_ALL operations */
1524 numeric
= ((p
= strchr(the_acl
, ':')) != NULL
&&
1528 /* if this is to set the entire ACL... */
1529 if (*the_acl
== '*') {
1530 /* ... then increment past the first colon */
1534 sd
= sec_desc_parse(ctx
, ipc_cli
, pol
, numeric
, the_acl
);
1542 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1543 that doesn't deref sd */
1545 if (!sd
&& (mode
!= SMBC_XATTR_MODE_REMOVE_ALL
)) {
1550 if (!cli_resolve_path(ctx
, "", cli
, filename
,
1551 &targetcli
, &targetpath
)) {
1552 DEBUG(5,("cacl_set: Could not resolve %s\n", filename
));
1557 /* The desired access below is the only one I could find that works
1558 with NT4, W2KP and Samba */
1560 fnum
= cli_nt_create(targetcli
, targetpath
, CREATE_ACCESS_READ
);
1563 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1564 targetpath
, cli_errstr(targetcli
)));
1569 old
= cli_query_secdesc(targetcli
, fnum
, ctx
);
1572 DEBUG(5, ("cacl_set Failed to query old descriptor\n"));
1577 cli_close(targetcli
, fnum
);
1580 case SMBC_XATTR_MODE_REMOVE_ALL
:
1581 old
->dacl
->num_aces
= 0;
1585 case SMBC_XATTR_MODE_REMOVE
:
1586 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1589 for (j
=0;old
->dacl
&& j
<old
->dacl
->num_aces
;j
++) {
1590 if (sec_ace_equal(&sd
->dacl
->aces
[i
],
1591 &old
->dacl
->aces
[j
])) {
1593 for (k
=j
; k
<old
->dacl
->num_aces
-1;k
++) {
1594 old
->dacl
->aces
[k
] =
1595 old
->dacl
->aces
[k
+1];
1597 old
->dacl
->num_aces
--;
1612 case SMBC_XATTR_MODE_ADD
:
1613 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1616 for (j
=0;old
->dacl
&& j
<old
->dacl
->num_aces
;j
++) {
1617 if (sid_equal(&sd
->dacl
->aces
[i
].trustee
,
1618 &old
->dacl
->aces
[j
].trustee
)) {
1619 if (!(flags
& SMBC_XATTR_FLAG_CREATE
)) {
1624 old
->dacl
->aces
[j
] = sd
->dacl
->aces
[i
];
1630 if (!found
&& (flags
& SMBC_XATTR_FLAG_REPLACE
)) {
1636 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1637 add_ace(&old
->dacl
, &sd
->dacl
->aces
[i
], ctx
);
1643 case SMBC_XATTR_MODE_SET
:
1645 owner_sid
= old
->owner_sid
;
1646 group_sid
= old
->group_sid
;
1650 case SMBC_XATTR_MODE_CHOWN
:
1651 owner_sid
= sd
->owner_sid
;
1654 case SMBC_XATTR_MODE_CHGRP
:
1655 group_sid
= sd
->group_sid
;
1659 /* Denied ACE entries must come before allowed ones */
1660 sort_acl(old
->dacl
);
1662 /* Create new security descriptor and set it */
1663 sd
= make_sec_desc(ctx
, old
->revision
, SEC_DESC_SELF_RELATIVE
,
1664 owner_sid
, group_sid
, NULL
, dacl
, &sd_size
);
1666 fnum
= cli_nt_create(targetcli
, targetpath
,
1667 WRITE_DAC_ACCESS
| WRITE_OWNER_ACCESS
);
1670 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1671 targetpath
, cli_errstr(targetcli
)));
1676 if (!cli_set_secdesc(targetcli
, fnum
, sd
)) {
1677 DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1678 cli_errstr(targetcli
)));
1685 cli_close(targetcli
, fnum
);
1696 SMBC_setxattr_ctx(SMBCCTX
*context
,
1705 SMBCSRV
*srv
= NULL
;
1706 SMBCSRV
*ipc_srv
= NULL
;
1707 char *server
= NULL
;
1710 char *password
= NULL
;
1711 char *workgroup
= NULL
;
1713 DOS_ATTR_DESC
*dad
= NULL
;
1715 const char * create_time_attr
;
1716 const char * access_time_attr
;
1717 const char * write_time_attr
;
1718 const char * change_time_attr
;
1720 TALLOC_CTX
*frame
= talloc_stackframe();
1722 if (!context
|| !context
->internal
->initialized
) {
1724 errno
= EINVAL
; /* Best I can think of ... */
1735 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1736 fname
, name
, (int) size
, (const char*)value
));
1738 if (SMBC_parse_path(frame
,
1753 if (!user
|| user
[0] == (char)0) {
1754 user
= talloc_strdup(frame
, smbc_getUser(context
));
1762 srv
= SMBC_server(frame
, context
, True
,
1763 server
, share
, &workgroup
, &user
, &password
);
1766 return -1; /* errno set by SMBC_server */
1769 if (! srv
->no_nt_session
) {
1770 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
1771 &workgroup
, &user
, &password
);
1773 srv
->no_nt_session
= True
;
1780 * Are they asking to set the entire set of known attributes?
1782 if (StrCaseCmp(name
, "system.*") == 0 ||
1783 StrCaseCmp(name
, "system.*+") == 0) {
1786 talloc_asprintf(talloc_tos(), "%s:%s",
1787 name
+7, (const char *) value
);
1796 ret
= cacl_set(talloc_tos(), srv
->cli
,
1797 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1800 ? SMBC_XATTR_MODE_SET
1801 : SMBC_XATTR_MODE_ADD
),
1807 /* get a DOS Attribute Descriptor with current attributes */
1808 dad
= dos_attr_query(context
, talloc_tos(), path
, srv
);
1810 /* Overwrite old with new, using what was provided */
1811 dos_attr_parse(context
, dad
, srv
, namevalue
);
1813 /* Set the new DOS attributes */
1814 if (! SMBC_setatr(context
, srv
, path
,
1821 /* cause failure if NT failed too */
1826 /* we only fail if both NT and DOS sets failed */
1827 if (ret
< 0 && ! dad
) {
1828 ret
= -1; /* in case dad was null */
1839 * Are they asking to set an access control element or to set
1840 * the entire access control list?
1842 if (StrCaseCmp(name
, "system.nt_sec_desc.*") == 0 ||
1843 StrCaseCmp(name
, "system.nt_sec_desc.*+") == 0 ||
1844 StrCaseCmp(name
, "system.nt_sec_desc.revision") == 0 ||
1845 StrnCaseCmp(name
, "system.nt_sec_desc.acl", 22) == 0 ||
1846 StrnCaseCmp(name
, "system.nt_sec_desc.acl+", 23) == 0) {
1850 talloc_asprintf(talloc_tos(), "%s:%s",
1851 name
+19, (const char *) value
);
1854 ret
= -1; /* errno set by SMBC_server() */
1856 else if (! namevalue
) {
1860 ret
= cacl_set(talloc_tos(), srv
->cli
,
1861 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1864 ? SMBC_XATTR_MODE_SET
1865 : SMBC_XATTR_MODE_ADD
),
1873 * Are they asking to set the owner?
1875 if (StrCaseCmp(name
, "system.nt_sec_desc.owner") == 0 ||
1876 StrCaseCmp(name
, "system.nt_sec_desc.owner+") == 0) {
1880 talloc_asprintf(talloc_tos(), "%s:%s",
1881 name
+19, (const char *) value
);
1884 ret
= -1; /* errno set by SMBC_server() */
1886 else if (! namevalue
) {
1890 ret
= cacl_set(talloc_tos(), srv
->cli
,
1891 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1892 namevalue
, SMBC_XATTR_MODE_CHOWN
, 0);
1899 * Are they asking to set the group?
1901 if (StrCaseCmp(name
, "system.nt_sec_desc.group") == 0 ||
1902 StrCaseCmp(name
, "system.nt_sec_desc.group+") == 0) {
1906 talloc_asprintf(talloc_tos(), "%s:%s",
1907 name
+19, (const char *) value
);
1910 /* errno set by SMBC_server() */
1913 else if (! namevalue
) {
1917 ret
= cacl_set(talloc_tos(), srv
->cli
,
1918 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1919 namevalue
, SMBC_XATTR_MODE_CHGRP
, 0);
1925 /* Determine whether to use old-style or new-style attribute names */
1926 if (context
->internal
->full_time_names
) {
1927 /* new-style names */
1928 attr_strings
.create_time_attr
= "system.dos_attr.CREATE_TIME";
1929 attr_strings
.access_time_attr
= "system.dos_attr.ACCESS_TIME";
1930 attr_strings
.write_time_attr
= "system.dos_attr.WRITE_TIME";
1931 attr_strings
.change_time_attr
= "system.dos_attr.CHANGE_TIME";
1933 /* old-style names */
1934 attr_strings
.create_time_attr
= NULL
;
1935 attr_strings
.access_time_attr
= "system.dos_attr.A_TIME";
1936 attr_strings
.write_time_attr
= "system.dos_attr.M_TIME";
1937 attr_strings
.change_time_attr
= "system.dos_attr.C_TIME";
1941 * Are they asking to set a DOS attribute?
1943 if (StrCaseCmp(name
, "system.dos_attr.*") == 0 ||
1944 StrCaseCmp(name
, "system.dos_attr.mode") == 0 ||
1945 (attr_strings
.create_time_attr
!= NULL
&&
1946 StrCaseCmp(name
, attr_strings
.create_time_attr
) == 0) ||
1947 StrCaseCmp(name
, attr_strings
.access_time_attr
) == 0 ||
1948 StrCaseCmp(name
, attr_strings
.write_time_attr
) == 0 ||
1949 StrCaseCmp(name
, attr_strings
.change_time_attr
) == 0) {
1951 /* get a DOS Attribute Descriptor with current attributes */
1952 dad
= dos_attr_query(context
, talloc_tos(), path
, srv
);
1955 talloc_asprintf(talloc_tos(), "%s:%s",
1956 name
+16, (const char *) value
);
1961 /* Overwrite old with provided new params */
1962 dos_attr_parse(context
, dad
, srv
, namevalue
);
1964 /* Set the new DOS attributes */
1965 ret2
= SMBC_setatr(context
, srv
, path
,
1972 /* ret2 has True (success) / False (failure) */
1987 /* Unsupported attribute name */
1994 SMBC_getxattr_ctx(SMBCCTX
*context
,
2001 SMBCSRV
*srv
= NULL
;
2002 SMBCSRV
*ipc_srv
= NULL
;
2003 char *server
= NULL
;
2006 char *password
= NULL
;
2007 char *workgroup
= NULL
;
2010 const char * create_time_attr
;
2011 const char * access_time_attr
;
2012 const char * write_time_attr
;
2013 const char * change_time_attr
;
2015 TALLOC_CTX
*frame
= talloc_stackframe();
2017 if (!context
|| !context
->internal
->initialized
) {
2019 errno
= EINVAL
; /* Best I can think of ... */
2030 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname
, name
));
2032 if (SMBC_parse_path(frame
,
2047 if (!user
|| user
[0] == (char)0) {
2048 user
= talloc_strdup(frame
, smbc_getUser(context
));
2056 srv
= SMBC_server(frame
, context
, True
,
2057 server
, share
, &workgroup
, &user
, &password
);
2060 return -1; /* errno set by SMBC_server */
2063 if (! srv
->no_nt_session
) {
2064 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
2065 &workgroup
, &user
, &password
);
2067 srv
->no_nt_session
= True
;
2073 /* Determine whether to use old-style or new-style attribute names */
2074 if (context
->internal
->full_time_names
) {
2075 /* new-style names */
2076 attr_strings
.create_time_attr
= "system.dos_attr.CREATE_TIME";
2077 attr_strings
.access_time_attr
= "system.dos_attr.ACCESS_TIME";
2078 attr_strings
.write_time_attr
= "system.dos_attr.WRITE_TIME";
2079 attr_strings
.change_time_attr
= "system.dos_attr.CHANGE_TIME";
2081 /* old-style names */
2082 attr_strings
.create_time_attr
= NULL
;
2083 attr_strings
.access_time_attr
= "system.dos_attr.A_TIME";
2084 attr_strings
.write_time_attr
= "system.dos_attr.M_TIME";
2085 attr_strings
.change_time_attr
= "system.dos_attr.C_TIME";
2088 /* Are they requesting a supported attribute? */
2089 if (StrCaseCmp(name
, "system.*") == 0 ||
2090 StrnCaseCmp(name
, "system.*!", 9) == 0 ||
2091 StrCaseCmp(name
, "system.*+") == 0 ||
2092 StrnCaseCmp(name
, "system.*+!", 10) == 0 ||
2093 StrCaseCmp(name
, "system.nt_sec_desc.*") == 0 ||
2094 StrnCaseCmp(name
, "system.nt_sec_desc.*!", 21) == 0 ||
2095 StrCaseCmp(name
, "system.nt_sec_desc.*+") == 0 ||
2096 StrnCaseCmp(name
, "system.nt_sec_desc.*+!", 22) == 0 ||
2097 StrCaseCmp(name
, "system.nt_sec_desc.revision") == 0 ||
2098 StrCaseCmp(name
, "system.nt_sec_desc.owner") == 0 ||
2099 StrCaseCmp(name
, "system.nt_sec_desc.owner+") == 0 ||
2100 StrCaseCmp(name
, "system.nt_sec_desc.group") == 0 ||
2101 StrCaseCmp(name
, "system.nt_sec_desc.group+") == 0 ||
2102 StrnCaseCmp(name
, "system.nt_sec_desc.acl", 22) == 0 ||
2103 StrnCaseCmp(name
, "system.nt_sec_desc.acl+", 23) == 0 ||
2104 StrCaseCmp(name
, "system.dos_attr.*") == 0 ||
2105 StrnCaseCmp(name
, "system.dos_attr.*!", 18) == 0 ||
2106 StrCaseCmp(name
, "system.dos_attr.mode") == 0 ||
2107 StrCaseCmp(name
, "system.dos_attr.size") == 0 ||
2108 (attr_strings
.create_time_attr
!= NULL
&&
2109 StrCaseCmp(name
, attr_strings
.create_time_attr
) == 0) ||
2110 StrCaseCmp(name
, attr_strings
.access_time_attr
) == 0 ||
2111 StrCaseCmp(name
, attr_strings
.write_time_attr
) == 0 ||
2112 StrCaseCmp(name
, attr_strings
.change_time_attr
) == 0 ||
2113 StrCaseCmp(name
, "system.dos_attr.inode") == 0) {
2116 ret
= cacl_get(context
, talloc_tos(), srv
,
2117 ipc_srv
== NULL
? NULL
: ipc_srv
->cli
,
2118 &ipc_srv
->pol
, path
,
2119 CONST_DISCARD(char *, name
),
2120 CONST_DISCARD(char *, value
), size
);
2121 if (ret
< 0 && errno
== 0) {
2122 errno
= SMBC_errno(context
, srv
->cli
);
2128 /* Unsupported attribute name */
2136 SMBC_removexattr_ctx(SMBCCTX
*context
,
2141 SMBCSRV
*srv
= NULL
;
2142 SMBCSRV
*ipc_srv
= NULL
;
2143 char *server
= NULL
;
2146 char *password
= NULL
;
2147 char *workgroup
= NULL
;
2149 TALLOC_CTX
*frame
= talloc_stackframe();
2151 if (!context
|| !context
->internal
->initialized
) {
2153 errno
= EINVAL
; /* Best I can think of ... */
2164 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname
, name
));
2166 if (SMBC_parse_path(frame
,
2181 if (!user
|| user
[0] == (char)0) {
2182 user
= talloc_strdup(frame
, smbc_getUser(context
));
2190 srv
= SMBC_server(frame
, context
, True
,
2191 server
, share
, &workgroup
, &user
, &password
);
2194 return -1; /* errno set by SMBC_server */
2197 if (! srv
->no_nt_session
) {
2198 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
2199 &workgroup
, &user
, &password
);
2201 srv
->no_nt_session
= True
;
2209 return -1; /* errno set by SMBC_attr_server */
2212 /* Are they asking to set the entire ACL? */
2213 if (StrCaseCmp(name
, "system.nt_sec_desc.*") == 0 ||
2214 StrCaseCmp(name
, "system.nt_sec_desc.*+") == 0) {
2217 ret
= cacl_set(talloc_tos(), srv
->cli
,
2218 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
2219 NULL
, SMBC_XATTR_MODE_REMOVE_ALL
, 0);
2225 * Are they asking to remove one or more spceific security descriptor
2228 if (StrCaseCmp(name
, "system.nt_sec_desc.revision") == 0 ||
2229 StrCaseCmp(name
, "system.nt_sec_desc.owner") == 0 ||
2230 StrCaseCmp(name
, "system.nt_sec_desc.owner+") == 0 ||
2231 StrCaseCmp(name
, "system.nt_sec_desc.group") == 0 ||
2232 StrCaseCmp(name
, "system.nt_sec_desc.group+") == 0 ||
2233 StrnCaseCmp(name
, "system.nt_sec_desc.acl", 22) == 0 ||
2234 StrnCaseCmp(name
, "system.nt_sec_desc.acl+", 23) == 0) {
2237 ret
= cacl_set(talloc_tos(), srv
->cli
,
2238 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
2239 name
+ 19, SMBC_XATTR_MODE_REMOVE
, 0);
2244 /* Unsupported attribute name */
2251 SMBC_listxattr_ctx(SMBCCTX
*context
,
2257 * This isn't quite what listxattr() is supposed to do. This returns
2258 * the complete set of attribute names, always, rather than only those
2259 * attribute names which actually exist for a file. Hmmm...
2262 const char supported_old
[] =
2265 "system.nt_sec_desc.revision\0"
2266 "system.nt_sec_desc.owner\0"
2267 "system.nt_sec_desc.owner+\0"
2268 "system.nt_sec_desc.group\0"
2269 "system.nt_sec_desc.group+\0"
2270 "system.nt_sec_desc.acl.*\0"
2271 "system.nt_sec_desc.acl\0"
2272 "system.nt_sec_desc.acl+\0"
2273 "system.nt_sec_desc.*\0"
2274 "system.nt_sec_desc.*+\0"
2275 "system.dos_attr.*\0"
2276 "system.dos_attr.mode\0"
2277 "system.dos_attr.c_time\0"
2278 "system.dos_attr.a_time\0"
2279 "system.dos_attr.m_time\0"
2281 const char supported_new
[] =
2284 "system.nt_sec_desc.revision\0"
2285 "system.nt_sec_desc.owner\0"
2286 "system.nt_sec_desc.owner+\0"
2287 "system.nt_sec_desc.group\0"
2288 "system.nt_sec_desc.group+\0"
2289 "system.nt_sec_desc.acl.*\0"
2290 "system.nt_sec_desc.acl\0"
2291 "system.nt_sec_desc.acl+\0"
2292 "system.nt_sec_desc.*\0"
2293 "system.nt_sec_desc.*+\0"
2294 "system.dos_attr.*\0"
2295 "system.dos_attr.mode\0"
2296 "system.dos_attr.create_time\0"
2297 "system.dos_attr.access_time\0"
2298 "system.dos_attr.write_time\0"
2299 "system.dos_attr.change_time\0"
2301 const char * supported
;
2303 if (context
->internal
->full_time_names
) {
2304 supported
= supported_new
;
2305 retsize
= sizeof(supported_new
);
2307 supported
= supported_old
;
2308 retsize
= sizeof(supported_old
);
2315 if (retsize
> size
) {
2320 /* this can't be strcpy() because there are embedded null characters */
2321 memcpy(list
, supported
, retsize
);