search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
upgradeprovision: never use xattr it's pointless in this usecase
[Samba/ekacnet.git] / source3 / libsmb / libsmb_xattr.c
blob27c3e123995d16f889aeb6e088c6ad37079a3c81
1 /*
2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "libsmbclient.h"
27 #include "libsmb_internal.h"
28
29
30 /*
31 * Find an lsa pipe handle associated with a cli struct.
32 */
33 static struct rpc_pipe_client *
34 find_lsa_pipe_hnd(struct cli_state *ipc_cli)
35 {
36 struct rpc_pipe_client *pipe_hnd;
37
38 for (pipe_hnd = ipc_cli->pipe_list;
39 pipe_hnd;
40 pipe_hnd = pipe_hnd->next) {
41 if (ndr_syntax_id_equal(&pipe_hnd->abstract_syntax,
42 &ndr_table_lsarpc.syntax_id)) {
43 return pipe_hnd;
44 }
45 }
46 return NULL;
47 }
48
49 /*
50 * Sort ACEs according to the documentation at
51 * http://support.microsoft.com/kb/269175, at least as far as it defines the
52 * order.
53 */
54
55 static int
56 ace_compare(SEC_ACE *ace1,
57 SEC_ACE *ace2)
58 {
59 bool b1;
60 bool b2;
61
62 /* If the ACEs are equal, we have nothing more to do. */
63 if (sec_ace_equal(ace1, ace2)) {
64 return 0;
65 }
66
67 /* Inherited follow non-inherited */
68 b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
69 b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
70 if (b1 != b2) {
71 return (b1 ? 1 : -1);
72 }
73
74 /*
75 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
76 * sort them after DENY and ALLOW.
77 */
78 b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
79 ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
80 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
81 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
82 b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
83 ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
84 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
85 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
86 if (b1 != b2) {
87 return (b1 ? 1 : -1);
88 }
89
90 /* Allowed ACEs follow denied ACEs */
91 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
92 ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
93 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
94 ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
95 if (b1 != b2) {
96 return (b1 ? 1 : -1);
97 }
98
99 /*
100 * ACEs applying to an entity's object follow those applying to the
101 * entity itself
102 */
103 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
104 ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
105 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
106 ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
107 if (b1 != b2) {
108 return (b1 ? 1 : -1);
109 }
110
111 /*
112 * If we get this far, the ACEs are similar as far as the
113 * characteristics we typically care about (those defined by the
114 * referenced MS document). We'll now sort by characteristics that
115 * just seems reasonable.
116 */
117
118 if (ace1->type != ace2->type) {
119 return ace2->type - ace1->type;
120 }
121
122 if (sid_compare(&ace1->trustee, &ace2->trustee)) {
123 return sid_compare(&ace1->trustee, &ace2->trustee);
124 }
125
126 if (ace1->flags != ace2->flags) {
127 return ace1->flags - ace2->flags;
128 }
129
130 if (ace1->access_mask != ace2->access_mask) {
131 return ace1->access_mask - ace2->access_mask;
132 }
133
134 if (ace1->size != ace2->size) {
135 return ace1->size - ace2->size;
136 }
137
138 return memcmp(ace1, ace2, sizeof(SEC_ACE));
139 }
140
141
142 static void
143 sort_acl(SEC_ACL *the_acl)
144 {
145 uint32 i;
146 if (!the_acl) return;
147
148 qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]),
149 QSORT_CAST ace_compare);
150
151 for (i=1;i<the_acl->num_aces;) {
152 if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) {
153 int j;
154 for (j=i; j<the_acl->num_aces-1; j++) {
155 the_acl->aces[j] = the_acl->aces[j+1];
156 }
157 the_acl->num_aces--;
158 } else {
159 i++;
160 }
161 }
162 }
163
164 /* convert a SID to a string, either numeric or username/group */
165 static void
166 convert_sid_to_string(struct cli_state *ipc_cli,
167 struct policy_handle *pol,
168 fstring str,
169 bool numeric,
170 DOM_SID *sid)
171 {
172 char **domains = NULL;
173 char **names = NULL;
174 enum lsa_SidType *types = NULL;
175 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
176 TALLOC_CTX *ctx;
177
178 sid_to_fstring(str, sid);
179
180 if (numeric) {
181 return; /* no lookup desired */
182 }
183
184 if (!pipe_hnd) {
185 return;
186 }
187
188 /* Ask LSA to convert the sid to a name */
189
190 ctx = talloc_stackframe();
191
192 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd, ctx,
193 pol, 1, sid, &domains,
194 &names, &types)) ||
195 !domains || !domains[0] || !names || !names[0]) {
196 TALLOC_FREE(ctx);
197 return;
198 }
199
200 /* Converted OK */
201
202 slprintf(str, sizeof(fstring) - 1, "%s%s%s",
203 domains[0], lp_winbind_separator(),
204 names[0]);
205
206 TALLOC_FREE(ctx);
207 }
208
209 /* convert a string to a SID, either numeric or username/group */
210 static bool
211 convert_string_to_sid(struct cli_state *ipc_cli,
212 struct policy_handle *pol,
213 bool numeric,
214 DOM_SID *sid,
215 const char *str)
216 {
217 enum lsa_SidType *types = NULL;
218 DOM_SID *sids = NULL;
219 bool result = True;
220 TALLOC_CTX *ctx = NULL;
221 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
222
223 if (!pipe_hnd) {
224 return False;
225 }
226
227 if (numeric) {
228 if (strncmp(str, "S-", 2) == 0) {
229 return string_to_sid(sid, str);
230 }
231
232 result = False;
233 goto done;
234 }
235
236 ctx = talloc_stackframe();
237 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd, ctx,
238 pol, 1, &str,
239 NULL, 1, &sids,
240 &types))) {
241 result = False;
242 goto done;
243 }
244
245 sid_copy(sid, &sids[0]);
246 done:
247 TALLOC_FREE(ctx);
248 return result;
249 }
250
251
252 /* parse an ACE in the same format as print_ace() */
253 static bool
254 parse_ace(struct cli_state *ipc_cli,
255 struct policy_handle *pol,
256 SEC_ACE *ace,
257 bool numeric,
258 char *str)
259 {
260 char *p;
261 const char *cp;
262 char *tok;
263 unsigned int atype;
264 unsigned int aflags;
265 unsigned int amask;
266 DOM_SID sid;
267 uint32_t mask;
268 const struct perm_value *v;
269 struct perm_value {
270 const char perm[7];
271 uint32 mask;
272 };
273 TALLOC_CTX *frame = talloc_stackframe();
274
275 /* These values discovered by inspection */
276 static const struct perm_value special_values[] = {
277 { "R", 0x00120089 },
278 { "W", 0x00120116 },
279 { "X", 0x001200a0 },
280 { "D", 0x00010000 },
281 { "P", 0x00040000 },
282 { "O", 0x00080000 },
283 { "", 0 },
284 };
285
286 static const struct perm_value standard_values[] = {
287 { "READ", 0x001200a9 },
288 { "CHANGE", 0x001301bf },
289 { "FULL", 0x001f01ff },
290 { "", 0 },
291 };
292
293 ZERO_STRUCTP(ace);
294 p = strchr_m(str,':');
295 if (!p) {
296 TALLOC_FREE(frame);
297 return False;
298 }
299 *p = '\0';
300 p++;
301 /* Try to parse numeric form */
302
303 if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
304 convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
305 goto done;
306 }
307
308 /* Try to parse text form */
309
310 if (!convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
311 TALLOC_FREE(frame);
312 return false;
313 }
314
315 cp = p;
316 if (!next_token_talloc(frame, &cp, &tok, "/")) {
317 TALLOC_FREE(frame);
318 return false;
319 }
320
321 if (StrnCaseCmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
322 atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
323 } else if (StrnCaseCmp(tok, "DENIED", strlen("DENIED")) == 0) {
324 atype = SEC_ACE_TYPE_ACCESS_DENIED;
325 } else {
326 TALLOC_FREE(frame);
327 return false;
328 }
329
330 /* Only numeric form accepted for flags at present */
331
332 if (!(next_token_talloc(frame, &cp, &tok, "/") &&
333 sscanf(tok, "%i", &aflags))) {
334 TALLOC_FREE(frame);
335 return false;
336 }
337
338 if (!next_token_talloc(frame, &cp, &tok, "/")) {
339 TALLOC_FREE(frame);
340 return false;
341 }
342
343 if (strncmp(tok, "0x", 2) == 0) {
344 if (sscanf(tok, "%i", &amask) != 1) {
345 TALLOC_FREE(frame);
346 return false;
347 }
348 goto done;
349 }
350
351 for (v = standard_values; v->perm; v++) {
352 if (strcmp(tok, v->perm) == 0) {
353 amask = v->mask;
354 goto done;
355 }
356 }
357
358 p = tok;
359
360 while(*p) {
361 bool found = False;
362
363 for (v = special_values; v->perm; v++) {
364 if (v->perm[0] == *p) {
365 amask |= v->mask;
366 found = True;
367 }
368 }
369
370 if (!found) {
371 TALLOC_FREE(frame);
372 return false;
373 }
374 p++;
375 }
376
377 if (*p) {
378 TALLOC_FREE(frame);
379 return false;
380 }
381
382 done:
383 mask = amask;
384 init_sec_ace(ace, &sid, atype, mask, aflags);
385 TALLOC_FREE(frame);
386 return true;
387 }
388
389 /* add an ACE to a list of ACEs in a SEC_ACL */
390 static bool
391 add_ace(SEC_ACL **the_acl,
392 SEC_ACE *ace,
393 TALLOC_CTX *ctx)
394 {
395 SEC_ACL *newacl;
396 SEC_ACE *aces;
397
398 if (! *the_acl) {
399 (*the_acl) = make_sec_acl(ctx, 3, 1, ace);
400 return True;
401 }
402
403 if ((aces = SMB_CALLOC_ARRAY(SEC_ACE,
404 1+(*the_acl)->num_aces)) == NULL) {
405 return False;
406 }
407 memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE));
408 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
409 newacl = make_sec_acl(ctx, (*the_acl)->revision,
410 1+(*the_acl)->num_aces, aces);
411 SAFE_FREE(aces);
412 (*the_acl) = newacl;
413 return True;
414 }
415
416
417 /* parse a ascii version of a security descriptor */
418 static SEC_DESC *
419 sec_desc_parse(TALLOC_CTX *ctx,
420 struct cli_state *ipc_cli,
421 struct policy_handle *pol,
422 bool numeric,
423 const char *str)
424 {
425 const char *p = str;
426 char *tok;
427 SEC_DESC *ret = NULL;
428 size_t sd_size;
429 DOM_SID *group_sid=NULL;
430 DOM_SID *owner_sid=NULL;
431 SEC_ACL *dacl=NULL;
432 int revision=1;
433
434 while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
435
436 if (StrnCaseCmp(tok,"REVISION:", 9) == 0) {
437 revision = strtol(tok+9, NULL, 16);
438 continue;
439 }
440
441 if (StrnCaseCmp(tok,"OWNER:", 6) == 0) {
442 if (owner_sid) {
443 DEBUG(5,("OWNER specified more than once!\n"));
444 goto done;
445 }
446 owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
447 if (!owner_sid ||
448 !convert_string_to_sid(ipc_cli, pol,
449 numeric,
450 owner_sid, tok+6)) {
451 DEBUG(5, ("Failed to parse owner sid\n"));
452 goto done;
453 }
454 continue;
455 }
456
457 if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) {
458 if (owner_sid) {
459 DEBUG(5,("OWNER specified more than once!\n"));
460 goto done;
461 }
462 owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
463 if (!owner_sid ||
464 !convert_string_to_sid(ipc_cli, pol,
465 False,
466 owner_sid, tok+7)) {
467 DEBUG(5, ("Failed to parse owner sid\n"));
468 goto done;
469 }
470 continue;
471 }
472
473 if (StrnCaseCmp(tok,"GROUP:", 6) == 0) {
474 if (group_sid) {
475 DEBUG(5,("GROUP specified more than once!\n"));
476 goto done;
477 }
478 group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
479 if (!group_sid ||
480 !convert_string_to_sid(ipc_cli, pol,
481 numeric,
482 group_sid, tok+6)) {
483 DEBUG(5, ("Failed to parse group sid\n"));
484 goto done;
485 }
486 continue;
487 }
488
489 if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) {
490 if (group_sid) {
491 DEBUG(5,("GROUP specified more than once!\n"));
492 goto done;
493 }
494 group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
495 if (!group_sid ||
496 !convert_string_to_sid(ipc_cli, pol,
497 False,
498 group_sid, tok+6)) {
499 DEBUG(5, ("Failed to parse group sid\n"));
500 goto done;
501 }
502 continue;
503 }
504
505 if (StrnCaseCmp(tok,"ACL:", 4) == 0) {
506 SEC_ACE ace;
507 if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
508 DEBUG(5, ("Failed to parse ACL %s\n", tok));
509 goto done;
510 }
511 if(!add_ace(&dacl, &ace, ctx)) {
512 DEBUG(5, ("Failed to add ACL %s\n", tok));
513 goto done;
514 }
515 continue;
516 }
517
518 if (StrnCaseCmp(tok,"ACL+:", 5) == 0) {
519 SEC_ACE ace;
520 if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
521 DEBUG(5, ("Failed to parse ACL %s\n", tok));
522 goto done;
523 }
524 if(!add_ace(&dacl, &ace, ctx)) {
525 DEBUG(5, ("Failed to add ACL %s\n", tok));
526 goto done;
527 }
528 continue;
529 }
530
531 DEBUG(5, ("Failed to parse security descriptor\n"));
532 goto done;
533 }
534
535 ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE,
536 owner_sid, group_sid, NULL, dacl, &sd_size);
537
538 done:
539 SAFE_FREE(group_sid);
540 SAFE_FREE(owner_sid);
541 return ret;
542 }
543
544
545 /* Obtain the current dos attributes */
546 static DOS_ATTR_DESC *
547 dos_attr_query(SMBCCTX *context,
548 TALLOC_CTX *ctx,
549 const char *filename,
550 SMBCSRV *srv)
551 {
552 struct timespec create_time_ts;
553 struct timespec write_time_ts;
554 struct timespec access_time_ts;
555 struct timespec change_time_ts;
556 SMB_OFF_T size = 0;
557 uint16 mode = 0;
558 SMB_INO_T inode = 0;
559 DOS_ATTR_DESC *ret;
560
561 ret = TALLOC_P(ctx, DOS_ATTR_DESC);
562 if (!ret) {
563 errno = ENOMEM;
564 return NULL;
565 }
566
567 /* Obtain the DOS attributes */
568 if (!SMBC_getatr(context, srv, CONST_DISCARD(char *, filename),
569 &mode, &size,
570 &create_time_ts,
571 &access_time_ts,
572 &write_time_ts,
573 &change_time_ts,
574 &inode)) {
575 errno = SMBC_errno(context, srv->cli);
576 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
577 return NULL;
578 }
579
580 ret->mode = mode;
581 ret->size = size;
582 ret->create_time = convert_timespec_to_time_t(create_time_ts);
583 ret->access_time = convert_timespec_to_time_t(access_time_ts);
584 ret->write_time = convert_timespec_to_time_t(write_time_ts);
585 ret->change_time = convert_timespec_to_time_t(change_time_ts);
586 ret->inode = inode;
587
588 return ret;
589 }
590
591
592 /* parse a ascii version of a security descriptor */
593 static void
594 dos_attr_parse(SMBCCTX *context,
595 DOS_ATTR_DESC *dad,
596 SMBCSRV *srv,
597 char *str)
598 {
599 int n;
600 const char *p = str;
601 char *tok = NULL;
602 TALLOC_CTX *frame = NULL;
603 struct {
604 const char * create_time_attr;
605 const char * access_time_attr;
606 const char * write_time_attr;
607 const char * change_time_attr;
608 } attr_strings;
609
610 /* Determine whether to use old-style or new-style attribute names */
611 if (context->internal->full_time_names) {
612 /* new-style names */
613 attr_strings.create_time_attr = "CREATE_TIME";
614 attr_strings.access_time_attr = "ACCESS_TIME";
615 attr_strings.write_time_attr = "WRITE_TIME";
616 attr_strings.change_time_attr = "CHANGE_TIME";
617 } else {
618 /* old-style names */
619 attr_strings.create_time_attr = NULL;
620 attr_strings.access_time_attr = "A_TIME";
621 attr_strings.write_time_attr = "M_TIME";
622 attr_strings.change_time_attr = "C_TIME";
623 }
624
625 /* if this is to set the entire ACL... */
626 if (*str == '*') {
627 /* ... then increment past the first colon if there is one */
628 if ((p = strchr(str, ':')) != NULL) {
629 ++p;
630 } else {
631 p = str;
632 }
633 }
634
635 frame = talloc_stackframe();
636 while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
637 if (StrnCaseCmp(tok, "MODE:", 5) == 0) {
638 long request = strtol(tok+5, NULL, 16);
639 if (request == 0) {
640 dad->mode = (request |
641 (IS_DOS_DIR(dad->mode)
642 ? FILE_ATTRIBUTE_DIRECTORY
643 : FILE_ATTRIBUTE_NORMAL));
644 } else {
645 dad->mode = request;
646 }
647 continue;
648 }
649
650 if (StrnCaseCmp(tok, "SIZE:", 5) == 0) {
651 dad->size = (SMB_OFF_T)atof(tok+5);
652 continue;
653 }
654
655 n = strlen(attr_strings.access_time_attr);
656 if (StrnCaseCmp(tok, attr_strings.access_time_attr, n) == 0) {
657 dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
658 continue;
659 }
660
661 n = strlen(attr_strings.change_time_attr);
662 if (StrnCaseCmp(tok, attr_strings.change_time_attr, n) == 0) {
663 dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
664 continue;
665 }
666
667 n = strlen(attr_strings.write_time_attr);
668 if (StrnCaseCmp(tok, attr_strings.write_time_attr, n) == 0) {
669 dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
670 continue;
671 }
672
673 if (attr_strings.create_time_attr != NULL) {
674 n = strlen(attr_strings.create_time_attr);
675 if (StrnCaseCmp(tok, attr_strings.create_time_attr,
676 n) == 0) {
677 dad->create_time = (time_t)strtol(tok+n+1,
678 NULL, 10);
679 continue;
680 }
681 }
682
683 if (StrnCaseCmp(tok, "INODE:", 6) == 0) {
684 dad->inode = (SMB_INO_T)atof(tok+6);
685 continue;
686 }
687 }
688 TALLOC_FREE(frame);
689 }
690
691 /*****************************************************
692 Retrieve the acls for a file.
693 *******************************************************/
694
695 static int
696 cacl_get(SMBCCTX *context,
697 TALLOC_CTX *ctx,
698 SMBCSRV *srv,
699 struct cli_state *ipc_cli,
700 struct policy_handle *pol,
701 char *filename,
702 char *attr_name,
703 char *buf,
704 int bufsize)
705 {
706 uint32 i;
707 int n = 0;
708 int n_used;
709 bool all;
710 bool all_nt;
711 bool all_nt_acls;
712 bool all_dos;
713 bool some_nt;
714 bool some_dos;
715 bool exclude_nt_revision = False;
716 bool exclude_nt_owner = False;
717 bool exclude_nt_group = False;
718 bool exclude_nt_acl = False;
719 bool exclude_dos_mode = False;
720 bool exclude_dos_size = False;
721 bool exclude_dos_create_time = False;
722 bool exclude_dos_access_time = False;
723 bool exclude_dos_write_time = False;
724 bool exclude_dos_change_time = False;
725 bool exclude_dos_inode = False;
726 bool numeric = True;
727 bool determine_size = (bufsize == 0);
728 uint16_t fnum;
729 SEC_DESC *sd;
730 fstring sidstr;
731 fstring name_sandbox;
732 char *name;
733 char *pExclude;
734 char *p;
735 struct timespec create_time_ts;
736 struct timespec write_time_ts;
737 struct timespec access_time_ts;
738 struct timespec change_time_ts;
739 time_t create_time = (time_t)0;
740 time_t write_time = (time_t)0;
741 time_t access_time = (time_t)0;
742 time_t change_time = (time_t)0;
743 SMB_OFF_T size = 0;
744 uint16 mode = 0;
745 SMB_INO_T ino = 0;
746 struct cli_state *cli = srv->cli;
747 struct {
748 const char * create_time_attr;
749 const char * access_time_attr;
750 const char * write_time_attr;
751 const char * change_time_attr;
752 } attr_strings;
753 struct {
754 const char * create_time_attr;
755 const char * access_time_attr;
756 const char * write_time_attr;
757 const char * change_time_attr;
758 } excl_attr_strings;
759
760 /* Determine whether to use old-style or new-style attribute names */
761 if (context->internal->full_time_names) {
762 /* new-style names */
763 attr_strings.create_time_attr = "CREATE_TIME";
764 attr_strings.access_time_attr = "ACCESS_TIME";
765 attr_strings.write_time_attr = "WRITE_TIME";
766 attr_strings.change_time_attr = "CHANGE_TIME";
767
768 excl_attr_strings.create_time_attr = "CREATE_TIME";
769 excl_attr_strings.access_time_attr = "ACCESS_TIME";
770 excl_attr_strings.write_time_attr = "WRITE_TIME";
771 excl_attr_strings.change_time_attr = "CHANGE_TIME";
772 } else {
773 /* old-style names */
774 attr_strings.create_time_attr = NULL;
775 attr_strings.access_time_attr = "A_TIME";
776 attr_strings.write_time_attr = "M_TIME";
777 attr_strings.change_time_attr = "C_TIME";
778
779 excl_attr_strings.create_time_attr = NULL;
780 excl_attr_strings.access_time_attr = "dos_attr.A_TIME";
781 excl_attr_strings.write_time_attr = "dos_attr.M_TIME";
782 excl_attr_strings.change_time_attr = "dos_attr.C_TIME";
783 }
784
785 /* Copy name so we can strip off exclusions (if any are specified) */
786 strncpy(name_sandbox, attr_name, sizeof(name_sandbox) - 1);
787
788 /* Ensure name is null terminated */
789 name_sandbox[sizeof(name_sandbox) - 1] = '\0';
790
791 /* Play in the sandbox */
792 name = name_sandbox;
793
794 /* If there are any exclusions, point to them and mask them from name */
795 if ((pExclude = strchr(name, '!')) != NULL)
796 {
797 *pExclude++ = '\0';
798 }
799
800 all = (StrnCaseCmp(name, "system.*", 8) == 0);
801 all_nt = (StrnCaseCmp(name, "system.nt_sec_desc.*", 20) == 0);
802 all_nt_acls = (StrnCaseCmp(name, "system.nt_sec_desc.acl.*", 24) == 0);
803 all_dos = (StrnCaseCmp(name, "system.dos_attr.*", 17) == 0);
804 some_nt = (StrnCaseCmp(name, "system.nt_sec_desc.", 19) == 0);
805 some_dos = (StrnCaseCmp(name, "system.dos_attr.", 16) == 0);
806 numeric = (* (name + strlen(name) - 1) != '+');
807
808 /* Look for exclusions from "all" requests */
809 if (all || all_nt || all_dos) {
810 /* Exclusions are delimited by '!' */
811 for (;
812 pExclude != NULL;
813 pExclude = (p == NULL ? NULL : p + 1)) {
814
815 /* Find end of this exclusion name */
816 if ((p = strchr(pExclude, '!')) != NULL)
817 {
818 *p = '\0';
819 }
820
821 /* Which exclusion name is this? */
822 if (StrCaseCmp(pExclude,
823 "nt_sec_desc.revision") == 0) {
824 exclude_nt_revision = True;
825 }
826 else if (StrCaseCmp(pExclude,
827 "nt_sec_desc.owner") == 0) {
828 exclude_nt_owner = True;
829 }
830 else if (StrCaseCmp(pExclude,
831 "nt_sec_desc.group") == 0) {
832 exclude_nt_group = True;
833 }
834 else if (StrCaseCmp(pExclude,
835 "nt_sec_desc.acl") == 0) {
836 exclude_nt_acl = True;
837 }
838 else if (StrCaseCmp(pExclude,
839 "dos_attr.mode") == 0) {
840 exclude_dos_mode = True;
841 }
842 else if (StrCaseCmp(pExclude,
843 "dos_attr.size") == 0) {
844 exclude_dos_size = True;
845 }
846 else if (excl_attr_strings.create_time_attr != NULL &&
847 StrCaseCmp(pExclude,
848 excl_attr_strings.change_time_attr) == 0) {
849 exclude_dos_create_time = True;
850 }
851 else if (StrCaseCmp(pExclude,
852 excl_attr_strings.access_time_attr) == 0) {
853 exclude_dos_access_time = True;
854 }
855 else if (StrCaseCmp(pExclude,
856 excl_attr_strings.write_time_attr) == 0) {
857 exclude_dos_write_time = True;
858 }
859 else if (StrCaseCmp(pExclude,
860 excl_attr_strings.change_time_attr) == 0) {
861 exclude_dos_change_time = True;
862 }
863 else if (StrCaseCmp(pExclude, "dos_attr.inode") == 0) {
864 exclude_dos_inode = True;
865 }
866 else {
867 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
868 pExclude));
869 errno = ENOATTR;
870 return -1;
871 }
872 }
873 }
874
875 n_used = 0;
876
877 /*
878 * If we are (possibly) talking to an NT or new system and some NT
879 * attributes have been requested...
880 */
881 if (ipc_cli && (all || some_nt || all_nt_acls)) {
882 char *targetpath = NULL;
883 struct cli_state *targetcli = NULL;
884
885 /* Point to the portion after "system.nt_sec_desc." */
886 name += 19; /* if (all) this will be invalid but unused */
887
888 if (!cli_resolve_path(ctx, "", context->internal->auth_info,
889 cli, filename,
890 &targetcli, &targetpath)) {
891 DEBUG(5, ("cacl_get Could not resolve %s\n",
892 filename));
893 errno = ENOENT;
894 return -1;
895 }
896
897 /* ... then obtain any NT attributes which were requested */
898 if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli, targetpath, 0, CREATE_ACCESS_READ, 0,
899 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
900 DEBUG(5, ("cacl_get failed to open %s: %s\n",
901 targetpath, cli_errstr(targetcli)));
902 errno = 0;
903 return -1;
904 }
905
906 sd = cli_query_secdesc(targetcli, fnum, ctx);
907
908 if (!sd) {
909 DEBUG(5,
910 ("cacl_get Failed to query old descriptor\n"));
911 errno = 0;
912 return -1;
913 }
914
915 cli_close(targetcli, fnum);
916
917 if (! exclude_nt_revision) {
918 if (all || all_nt) {
919 if (determine_size) {
920 p = talloc_asprintf(ctx,
921 "REVISION:%d",
922 sd->revision);
923 if (!p) {
924 errno = ENOMEM;
925 return -1;
926 }
927 n = strlen(p);
928 } else {
929 n = snprintf(buf, bufsize,
930 "REVISION:%d",
931 sd->revision);
932 }
933 } else if (StrCaseCmp(name, "revision") == 0) {
934 if (determine_size) {
935 p = talloc_asprintf(ctx, "%d",
936 sd->revision);
937 if (!p) {
938 errno = ENOMEM;
939 return -1;
940 }
941 n = strlen(p);
942 } else {
943 n = snprintf(buf, bufsize, "%d",
944 sd->revision);
945 }
946 }
947
948 if (!determine_size && n > bufsize) {
949 errno = ERANGE;
950 return -1;
951 }
952 buf += n;
953 n_used += n;
954 bufsize -= n;
955 n = 0;
956 }
957
958 if (! exclude_nt_owner) {
959 /* Get owner and group sid */
960 if (sd->owner_sid) {
961 convert_sid_to_string(ipc_cli, pol,
962 sidstr,
963 numeric,
964 sd->owner_sid);
965 } else {
966 fstrcpy(sidstr, "");
967 }
968
969 if (all || all_nt) {
970 if (determine_size) {
971 p = talloc_asprintf(ctx, ",OWNER:%s",
972 sidstr);
973 if (!p) {
974 errno = ENOMEM;
975 return -1;
976 }
977 n = strlen(p);
978 } else if (sidstr[0] != '\0') {
979 n = snprintf(buf, bufsize,
980 ",OWNER:%s", sidstr);
981 }
982 } else if (StrnCaseCmp(name, "owner", 5) == 0) {
983 if (determine_size) {
984 p = talloc_asprintf(ctx, "%s", sidstr);
985 if (!p) {
986 errno = ENOMEM;
987 return -1;
988 }
989 n = strlen(p);
990 } else {
991 n = snprintf(buf, bufsize, "%s",
992 sidstr);
993 }
994 }
995
996 if (!determine_size && n > bufsize) {
997 errno = ERANGE;
998 return -1;
999 }
1000 buf += n;
1001 n_used += n;
1002 bufsize -= n;
1003 n = 0;
1004 }
1005
1006 if (! exclude_nt_group) {
1007 if (sd->group_sid) {
1008 convert_sid_to_string(ipc_cli, pol,
1009 sidstr, numeric,
1010 sd->group_sid);
1011 } else {
1012 fstrcpy(sidstr, "");
1013 }
1014
1015 if (all || all_nt) {
1016 if (determine_size) {
1017 p = talloc_asprintf(ctx, ",GROUP:%s",
1018 sidstr);
1019 if (!p) {
1020 errno = ENOMEM;
1021 return -1;
1022 }
1023 n = strlen(p);
1024 } else if (sidstr[0] != '\0') {
1025 n = snprintf(buf, bufsize,
1026 ",GROUP:%s", sidstr);
1027 }
1028 } else if (StrnCaseCmp(name, "group", 5) == 0) {
1029 if (determine_size) {
1030 p = talloc_asprintf(ctx, "%s", sidstr);
1031 if (!p) {
1032 errno = ENOMEM;
1033 return -1;
1034 }
1035 n = strlen(p);
1036 } else {
1037 n = snprintf(buf, bufsize,
1038 "%s", sidstr);
1039 }
1040 }
1041
1042 if (!determine_size && n > bufsize) {
1043 errno = ERANGE;
1044 return -1;
1045 }
1046 buf += n;
1047 n_used += n;
1048 bufsize -= n;
1049 n = 0;
1050 }
1051
1052 if (! exclude_nt_acl) {
1053 /* Add aces to value buffer */
1054 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1055
1056 SEC_ACE *ace = &sd->dacl->aces[i];
1057 convert_sid_to_string(ipc_cli, pol,
1058 sidstr, numeric,
1059 &ace->trustee);
1060
1061 if (all || all_nt) {
1062 if (determine_size) {
1063 p = talloc_asprintf(
1064 ctx,
1065 ",ACL:"
1066 "%s:%d/%d/0x%08x",
1067 sidstr,
1068 ace->type,
1069 ace->flags,
1070 ace->access_mask);
1071 if (!p) {
1072 errno = ENOMEM;
1073 return -1;
1074 }
1075 n = strlen(p);
1076 } else {
1077 n = snprintf(
1078 buf, bufsize,
1079 ",ACL:%s:%d/%d/0x%08x",
1080 sidstr,
1081 ace->type,
1082 ace->flags,
1083 ace->access_mask);
1084 }
1085 } else if ((StrnCaseCmp(name, "acl", 3) == 0 &&
1086 StrCaseCmp(name+3, sidstr) == 0) ||
1087 (StrnCaseCmp(name, "acl+", 4) == 0 &&
1088 StrCaseCmp(name+4, sidstr) == 0)) {
1089 if (determine_size) {
1090 p = talloc_asprintf(
1091 ctx,
1092 "%d/%d/0x%08x",
1093 ace->type,
1094 ace->flags,
1095 ace->access_mask);
1096 if (!p) {
1097 errno = ENOMEM;
1098 return -1;
1099 }
1100 n = strlen(p);
1101 } else {
1102 n = snprintf(buf, bufsize,
1103 "%d/%d/0x%08x",
1104 ace->type,
1105 ace->flags,
1106 ace->access_mask);
1107 }
1108 } else if (all_nt_acls) {
1109 if (determine_size) {
1110 p = talloc_asprintf(
1111 ctx,
1112 "%s%s:%d/%d/0x%08x",
1113 i ? "," : "",
1114 sidstr,
1115 ace->type,
1116 ace->flags,
1117 ace->access_mask);
1118 if (!p) {
1119 errno = ENOMEM;
1120 return -1;
1121 }
1122 n = strlen(p);
1123 } else {
1124 n = snprintf(buf, bufsize,
1125 "%s%s:%d/%d/0x%08x",
1126 i ? "," : "",
1127 sidstr,
1128 ace->type,
1129 ace->flags,
1130 ace->access_mask);
1131 }
1132 }
1133 if (!determine_size && n > bufsize) {
1134 errno = ERANGE;
1135 return -1;
1136 }
1137 buf += n;
1138 n_used += n;
1139 bufsize -= n;
1140 n = 0;
1141 }
1142 }
1143
1144 /* Restore name pointer to its original value */
1145 name -= 19;
1146 }
1147
1148 if (all || some_dos) {
1149 /* Point to the portion after "system.dos_attr." */
1150 name += 16; /* if (all) this will be invalid but unused */
1151
1152 /* Obtain the DOS attributes */
1153 if (!SMBC_getatr(context, srv, filename, &mode, &size,
1154 &create_time_ts,
1155 &access_time_ts,
1156 &write_time_ts,
1157 &change_time_ts,
1158 &ino)) {
1159
1160 errno = SMBC_errno(context, srv->cli);
1161 return -1;
1162 }
1163
1164 create_time = convert_timespec_to_time_t(create_time_ts);
1165 access_time = convert_timespec_to_time_t(access_time_ts);
1166 write_time = convert_timespec_to_time_t(write_time_ts);
1167 change_time = convert_timespec_to_time_t(change_time_ts);
1168
1169 if (! exclude_dos_mode) {
1170 if (all || all_dos) {
1171 if (determine_size) {
1172 p = talloc_asprintf(ctx,
1173 "%sMODE:0x%x",
1174 (ipc_cli &&
1175 (all || some_nt)
1176 ? ","
1177 : ""),
1178 mode);
1179 if (!p) {
1180 errno = ENOMEM;
1181 return -1;
1182 }
1183 n = strlen(p);
1184 } else {
1185 n = snprintf(buf, bufsize,
1186 "%sMODE:0x%x",
1187 (ipc_cli &&
1188 (all || some_nt)
1189 ? ","
1190 : ""),
1191 mode);
1192 }
1193 } else if (StrCaseCmp(name, "mode") == 0) {
1194 if (determine_size) {
1195 p = talloc_asprintf(ctx, "0x%x", mode);
1196 if (!p) {
1197 errno = ENOMEM;
1198 return -1;
1199 }
1200 n = strlen(p);
1201 } else {
1202 n = snprintf(buf, bufsize,
1203 "0x%x", mode);
1204 }
1205 }
1206
1207 if (!determine_size && n > bufsize) {
1208 errno = ERANGE;
1209 return -1;
1210 }
1211 buf += n;
1212 n_used += n;
1213 bufsize -= n;
1214 n = 0;
1215 }
1216
1217 if (! exclude_dos_size) {
1218 if (all || all_dos) {
1219 if (determine_size) {
1220 p = talloc_asprintf(
1221 ctx,
1222 ",SIZE:%.0f",
1223 (double)size);
1224 if (!p) {
1225 errno = ENOMEM;
1226 return -1;
1227 }
1228 n = strlen(p);
1229 } else {
1230 n = snprintf(buf, bufsize,
1231 ",SIZE:%.0f",
1232 (double)size);
1233 }
1234 } else if (StrCaseCmp(name, "size") == 0) {
1235 if (determine_size) {
1236 p = talloc_asprintf(
1237 ctx,
1238 "%.0f",
1239 (double)size);
1240 if (!p) {
1241 errno = ENOMEM;
1242 return -1;
1243 }
1244 n = strlen(p);
1245 } else {
1246 n = snprintf(buf, bufsize,
1247 "%.0f",
1248 (double)size);
1249 }
1250 }
1251
1252 if (!determine_size && n > bufsize) {
1253 errno = ERANGE;
1254 return -1;
1255 }
1256 buf += n;
1257 n_used += n;
1258 bufsize -= n;
1259 n = 0;
1260 }
1261
1262 if (! exclude_dos_create_time &&
1263 attr_strings.create_time_attr != NULL) {
1264 if (all || all_dos) {
1265 if (determine_size) {
1266 p = talloc_asprintf(ctx,
1267 ",%s:%lu",
1268 attr_strings.create_time_attr,
1269 (unsigned long) create_time);
1270 if (!p) {
1271 errno = ENOMEM;
1272 return -1;
1273 }
1274 n = strlen(p);
1275 } else {
1276 n = snprintf(buf, bufsize,
1277 ",%s:%lu",
1278 attr_strings.create_time_attr,
1279 (unsigned long) create_time);
1280 }
1281 } else if (StrCaseCmp(name, attr_strings.create_time_attr) == 0) {
1282 if (determine_size) {
1283 p = talloc_asprintf(ctx, "%lu", (unsigned long) create_time);
1284 if (!p) {
1285 errno = ENOMEM;
1286 return -1;
1287 }
1288 n = strlen(p);
1289 } else {
1290 n = snprintf(buf, bufsize,
1291 "%lu", (unsigned long) create_time);
1292 }
1293 }
1294
1295 if (!determine_size && n > bufsize) {
1296 errno = ERANGE;
1297 return -1;
1298 }
1299 buf += n;
1300 n_used += n;
1301 bufsize -= n;
1302 n = 0;
1303 }
1304
1305 if (! exclude_dos_access_time) {
1306 if (all || all_dos) {
1307 if (determine_size) {
1308 p = talloc_asprintf(ctx,
1309 ",%s:%lu",
1310 attr_strings.access_time_attr,
1311 (unsigned long) access_time);
1312 if (!p) {
1313 errno = ENOMEM;
1314 return -1;
1315 }
1316 n = strlen(p);
1317 } else {
1318 n = snprintf(buf, bufsize,
1319 ",%s:%lu",
1320 attr_strings.access_time_attr,
1321 (unsigned long) access_time);
1322 }
1323 } else if (StrCaseCmp(name, attr_strings.access_time_attr) == 0) {
1324 if (determine_size) {
1325 p = talloc_asprintf(ctx, "%lu", (unsigned long) access_time);
1326 if (!p) {
1327 errno = ENOMEM;
1328 return -1;
1329 }
1330 n = strlen(p);
1331 } else {
1332 n = snprintf(buf, bufsize,
1333 "%lu", (unsigned long) access_time);
1334 }
1335 }
1336
1337 if (!determine_size && n > bufsize) {
1338 errno = ERANGE;
1339 return -1;
1340 }
1341 buf += n;
1342 n_used += n;
1343 bufsize -= n;
1344 n = 0;
1345 }
1346
1347 if (! exclude_dos_write_time) {
1348 if (all || all_dos) {
1349 if (determine_size) {
1350 p = talloc_asprintf(ctx,
1351 ",%s:%lu",
1352 attr_strings.write_time_attr,
1353 (unsigned long) write_time);
1354 if (!p) {
1355 errno = ENOMEM;
1356 return -1;
1357 }
1358 n = strlen(p);
1359 } else {
1360 n = snprintf(buf, bufsize,
1361 ",%s:%lu",
1362 attr_strings.write_time_attr,
1363 (unsigned long) write_time);
1364 }
1365 } else if (StrCaseCmp(name, attr_strings.write_time_attr) == 0) {
1366 if (determine_size) {
1367 p = talloc_asprintf(ctx, "%lu", (unsigned long) write_time);
1368 if (!p) {
1369 errno = ENOMEM;
1370 return -1;
1371 }
1372 n = strlen(p);
1373 } else {
1374 n = snprintf(buf, bufsize,
1375 "%lu", (unsigned long) write_time);
1376 }
1377 }
1378
1379 if (!determine_size && n > bufsize) {
1380 errno = ERANGE;
1381 return -1;
1382 }
1383 buf += n;
1384 n_used += n;
1385 bufsize -= n;
1386 n = 0;
1387 }
1388
1389 if (! exclude_dos_change_time) {
1390 if (all || all_dos) {
1391 if (determine_size) {
1392 p = talloc_asprintf(ctx,
1393 ",%s:%lu",
1394 attr_strings.change_time_attr,
1395 (unsigned long) change_time);
1396 if (!p) {
1397 errno = ENOMEM;
1398 return -1;
1399 }
1400 n = strlen(p);
1401 } else {
1402 n = snprintf(buf, bufsize,
1403 ",%s:%lu",
1404 attr_strings.change_time_attr,
1405 (unsigned long) change_time);
1406 }
1407 } else if (StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
1408 if (determine_size) {
1409 p = talloc_asprintf(ctx, "%lu", (unsigned long) change_time);
1410 if (!p) {
1411 errno = ENOMEM;
1412 return -1;
1413 }
1414 n = strlen(p);
1415 } else {
1416 n = snprintf(buf, bufsize,
1417 "%lu", (unsigned long) change_time);
1418 }
1419 }
1420
1421 if (!determine_size && n > bufsize) {
1422 errno = ERANGE;
1423 return -1;
1424 }
1425 buf += n;
1426 n_used += n;
1427 bufsize -= n;
1428 n = 0;
1429 }
1430
1431 if (! exclude_dos_inode) {
1432 if (all || all_dos) {
1433 if (determine_size) {
1434 p = talloc_asprintf(
1435 ctx,
1436 ",INODE:%.0f",
1437 (double)ino);
1438 if (!p) {
1439 errno = ENOMEM;
1440 return -1;
1441 }
1442 n = strlen(p);
1443 } else {
1444 n = snprintf(buf, bufsize,
1445 ",INODE:%.0f",
1446 (double) ino);
1447 }
1448 } else if (StrCaseCmp(name, "inode") == 0) {
1449 if (determine_size) {
1450 p = talloc_asprintf(
1451 ctx,
1452 "%.0f",
1453 (double) ino);
1454 if (!p) {
1455 errno = ENOMEM;
1456 return -1;
1457 }
1458 n = strlen(p);
1459 } else {
1460 n = snprintf(buf, bufsize,
1461 "%.0f",
1462 (double) ino);
1463 }
1464 }
1465
1466 if (!determine_size && n > bufsize) {
1467 errno = ERANGE;
1468 return -1;
1469 }
1470 buf += n;
1471 n_used += n;
1472 bufsize -= n;
1473 n = 0;
1474 }
1475
1476 /* Restore name pointer to its original value */
1477 name -= 16;
1478 }
1479
1480 if (n_used == 0) {
1481 errno = ENOATTR;
1482 return -1;
1483 }
1484
1485 return n_used;
1486 }
1487
1488 /*****************************************************
1489 set the ACLs on a file given an ascii description
1490 *******************************************************/
1491 static int
1492 cacl_set(SMBCCTX *context,
1493 TALLOC_CTX *ctx,
1494 struct cli_state *cli,
1495 struct cli_state *ipc_cli,
1496 struct policy_handle *pol,
1497 const char *filename,
1498 char *the_acl,
1499 int mode,
1500 int flags)
1501 {
1502 uint16_t fnum = (uint16_t)-1;
1503 int err = 0;
1504 SEC_DESC *sd = NULL, *old;
1505 SEC_ACL *dacl = NULL;
1506 DOM_SID *owner_sid = NULL;
1507 DOM_SID *group_sid = NULL;
1508 uint32 i, j;
1509 size_t sd_size;
1510 int ret = 0;
1511 char *p;
1512 bool numeric = True;
1513 char *targetpath = NULL;
1514 struct cli_state *targetcli = NULL;
1515
1516 /* the_acl will be null for REMOVE_ALL operations */
1517 if (the_acl) {
1518 numeric = ((p = strchr(the_acl, ':')) != NULL &&
1519 p > the_acl &&
1520 p[-1] != '+');
1521
1522 /* if this is to set the entire ACL... */
1523 if (*the_acl == '*') {
1524 /* ... then increment past the first colon */
1525 the_acl = p + 1;
1526 }
1527
1528 sd = sec_desc_parse(ctx, ipc_cli, pol, numeric, the_acl);
1529 if (!sd) {
1530 errno = EINVAL;
1531 return -1;
1532 }
1533 }
1534
1535 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1536 that doesn't deref sd */
1537
1538 if (!sd && (mode != SMBC_XATTR_MODE_REMOVE_ALL)) {
1539 errno = EINVAL;
1540 return -1;
1541 }
1542
1543 if (!cli_resolve_path(ctx, "", context->internal->auth_info,
1544 cli, filename,
1545 &targetcli, &targetpath)) {
1546 DEBUG(5,("cacl_set: Could not resolve %s\n", filename));
1547 errno = ENOENT;
1548 return -1;
1549 }
1550
1551 /* The desired access below is the only one I could find that works
1552 with NT4, W2KP and Samba */
1553
1554 if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli, targetpath, 0, CREATE_ACCESS_READ, 0,
1555 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
1556 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1557 targetpath, cli_errstr(targetcli)));
1558 errno = 0;
1559 return -1;
1560 }
1561
1562 old = cli_query_secdesc(targetcli, fnum, ctx);
1563
1564 if (!old) {
1565 DEBUG(5, ("cacl_set Failed to query old descriptor\n"));
1566 errno = 0;
1567 return -1;
1568 }
1569
1570 cli_close(targetcli, fnum);
1571
1572 switch (mode) {
1573 case SMBC_XATTR_MODE_REMOVE_ALL:
1574 old->dacl->num_aces = 0;
1575 dacl = old->dacl;
1576 break;
1577
1578 case SMBC_XATTR_MODE_REMOVE:
1579 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1580 bool found = False;
1581
1582 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1583 if (sec_ace_equal(&sd->dacl->aces[i],
1584 &old->dacl->aces[j])) {
1585 uint32 k;
1586 for (k=j; k<old->dacl->num_aces-1;k++) {
1587 old->dacl->aces[k] =
1588 old->dacl->aces[k+1];
1589 }
1590 old->dacl->num_aces--;
1591 found = True;
1592 dacl = old->dacl;
1593 break;
1594 }
1595 }
1596
1597 if (!found) {
1598 err = ENOATTR;
1599 ret = -1;
1600 goto failed;
1601 }
1602 }
1603 break;
1604
1605 case SMBC_XATTR_MODE_ADD:
1606 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1607 bool found = False;
1608
1609 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1610 if (sid_equal(&sd->dacl->aces[i].trustee,
1611 &old->dacl->aces[j].trustee)) {
1612 if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
1613 err = EEXIST;
1614 ret = -1;
1615 goto failed;
1616 }
1617 old->dacl->aces[j] = sd->dacl->aces[i];
1618 ret = -1;
1619 found = True;
1620 }
1621 }
1622
1623 if (!found && (flags & SMBC_XATTR_FLAG_REPLACE)) {
1624 err = ENOATTR;
1625 ret = -1;
1626 goto failed;
1627 }
1628
1629 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1630 add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
1631 }
1632 }
1633 dacl = old->dacl;
1634 break;
1635
1636 case SMBC_XATTR_MODE_SET:
1637 old = sd;
1638 owner_sid = old->owner_sid;
1639 group_sid = old->group_sid;
1640 dacl = old->dacl;
1641 break;
1642
1643 case SMBC_XATTR_MODE_CHOWN:
1644 owner_sid = sd->owner_sid;
1645 break;
1646
1647 case SMBC_XATTR_MODE_CHGRP:
1648 group_sid = sd->group_sid;
1649 break;
1650 }
1651
1652 /* Denied ACE entries must come before allowed ones */
1653 sort_acl(old->dacl);
1654
1655 /* Create new security descriptor and set it */
1656 sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
1657 owner_sid, group_sid, NULL, dacl, &sd_size);
1658
1659 if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli, targetpath, 0,
1660 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS, 0,
1661 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
1662 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1663 targetpath, cli_errstr(targetcli)));
1664 errno = 0;
1665 return -1;
1666 }
1667
1668 if (!cli_set_secdesc(targetcli, fnum, sd)) {
1669 DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1670 cli_errstr(targetcli)));
1671 ret = -1;
1672 }
1673
1674 /* Clean up */
1675
1676 failed:
1677 cli_close(targetcli, fnum);
1678
1679 if (err != 0) {
1680 errno = err;
1681 }
1682
1683 return ret;
1684 }
1685
1686
1687 int
1688 SMBC_setxattr_ctx(SMBCCTX *context,
1689 const char *fname,
1690 const char *name,
1691 const void *value,
1692 size_t size,
1693 int flags)
1694 {
1695 int ret;
1696 int ret2;
1697 SMBCSRV *srv = NULL;
1698 SMBCSRV *ipc_srv = NULL;
1699 char *server = NULL;
1700 char *share = NULL;
1701 char *user = NULL;
1702 char *password = NULL;
1703 char *workgroup = NULL;
1704 char *path = NULL;
1705 DOS_ATTR_DESC *dad = NULL;
1706 struct {
1707 const char * create_time_attr;
1708 const char * access_time_attr;
1709 const char * write_time_attr;
1710 const char * change_time_attr;
1711 } attr_strings;
1712 TALLOC_CTX *frame = talloc_stackframe();
1713
1714 if (!context || !context->internal->initialized) {
1715 errno = EINVAL; /* Best I can think of ... */
1716 TALLOC_FREE(frame);
1717 return -1;
1718 }
1719
1720 if (!fname) {
1721 errno = EINVAL;
1722 TALLOC_FREE(frame);
1723 return -1;
1724 }
1725
1726 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1727 fname, name, (int) size, (const char*)value));
1728
1729 if (SMBC_parse_path(frame,
1730 context,
1731 fname,
1732 &workgroup,
1733 &server,
1734 &share,
1735 &path,
1736 &user,
1737 &password,
1738 NULL)) {
1739 errno = EINVAL;
1740 TALLOC_FREE(frame);
1741 return -1;
1742 }
1743
1744 if (!user || user[0] == (char)0) {
1745 user = talloc_strdup(frame, smbc_getUser(context));
1746 if (!user) {
1747 errno = ENOMEM;
1748 TALLOC_FREE(frame);
1749 return -1;
1750 }
1751 }
1752
1753 srv = SMBC_server(frame, context, True,
1754 server, share, &workgroup, &user, &password);
1755 if (!srv) {
1756 TALLOC_FREE(frame);
1757 return -1; /* errno set by SMBC_server */
1758 }
1759
1760 if (! srv->no_nt_session) {
1761 ipc_srv = SMBC_attr_server(frame, context, server, share,
1762 &workgroup, &user, &password);
1763 if (! ipc_srv) {
1764 srv->no_nt_session = True;
1765 }
1766 } else {
1767 ipc_srv = NULL;
1768 }
1769
1770 /*
1771 * Are they asking to set the entire set of known attributes?
1772 */
1773 if (StrCaseCmp(name, "system.*") == 0 ||
1774 StrCaseCmp(name, "system.*+") == 0) {
1775 /* Yup. */
1776 char *namevalue =
1777 talloc_asprintf(talloc_tos(), "%s:%s",
1778 name+7, (const char *) value);
1779 if (! namevalue) {
1780 errno = ENOMEM;
1781 ret = -1;
1782 TALLOC_FREE(frame);
1783 return -1;
1784 }
1785
1786 if (ipc_srv) {
1787 ret = cacl_set(context, talloc_tos(), srv->cli,
1788 ipc_srv->cli, &ipc_srv->pol, path,
1789 namevalue,
1790 (*namevalue == '*'
1791 ? SMBC_XATTR_MODE_SET
1792 : SMBC_XATTR_MODE_ADD),
1793 flags);
1794 } else {
1795 ret = 0;
1796 }
1797
1798 /* get a DOS Attribute Descriptor with current attributes */
1799 dad = dos_attr_query(context, talloc_tos(), path, srv);
1800 if (dad) {
1801 /* Overwrite old with new, using what was provided */
1802 dos_attr_parse(context, dad, srv, namevalue);
1803
1804 /* Set the new DOS attributes */
1805 if (! SMBC_setatr(context, srv, path,
1806 dad->create_time,
1807 dad->access_time,
1808 dad->write_time,
1809 dad->change_time,
1810 dad->mode)) {
1811
1812 /* cause failure if NT failed too */
1813 dad = NULL;
1814 }
1815 }
1816
1817 /* we only fail if both NT and DOS sets failed */
1818 if (ret < 0 && ! dad) {
1819 ret = -1; /* in case dad was null */
1820 }
1821 else {
1822 ret = 0;
1823 }
1824
1825 TALLOC_FREE(frame);
1826 return ret;
1827 }
1828
1829 /*
1830 * Are they asking to set an access control element or to set
1831 * the entire access control list?
1832 */
1833 if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
1834 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
1835 StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
1836 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
1837 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
1838
1839 /* Yup. */
1840 char *namevalue =
1841 talloc_asprintf(talloc_tos(), "%s:%s",
1842 name+19, (const char *) value);
1843
1844 if (! ipc_srv) {
1845 ret = -1; /* errno set by SMBC_server() */
1846 }
1847 else if (! namevalue) {
1848 errno = ENOMEM;
1849 ret = -1;
1850 } else {
1851 ret = cacl_set(context, talloc_tos(), srv->cli,
1852 ipc_srv->cli, &ipc_srv->pol, path,
1853 namevalue,
1854 (*namevalue == '*'
1855 ? SMBC_XATTR_MODE_SET
1856 : SMBC_XATTR_MODE_ADD),
1857 flags);
1858 }
1859 TALLOC_FREE(frame);
1860 return ret;
1861 }
1862
1863 /*
1864 * Are they asking to set the owner?
1865 */
1866 if (StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
1867 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0) {
1868
1869 /* Yup. */
1870 char *namevalue =
1871 talloc_asprintf(talloc_tos(), "%s:%s",
1872 name+19, (const char *) value);
1873
1874 if (! ipc_srv) {
1875 ret = -1; /* errno set by SMBC_server() */
1876 }
1877 else if (! namevalue) {
1878 errno = ENOMEM;
1879 ret = -1;
1880 } else {
1881 ret = cacl_set(context, talloc_tos(), srv->cli,
1882 ipc_srv->cli, &ipc_srv->pol, path,
1883 namevalue, SMBC_XATTR_MODE_CHOWN, 0);
1884 }
1885 TALLOC_FREE(frame);
1886 return ret;
1887 }
1888
1889 /*
1890 * Are they asking to set the group?
1891 */
1892 if (StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
1893 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0) {
1894
1895 /* Yup. */
1896 char *namevalue =
1897 talloc_asprintf(talloc_tos(), "%s:%s",
1898 name+19, (const char *) value);
1899
1900 if (! ipc_srv) {
1901 /* errno set by SMBC_server() */
1902 ret = -1;
1903 }
1904 else if (! namevalue) {
1905 errno = ENOMEM;
1906 ret = -1;
1907 } else {
1908 ret = cacl_set(context, talloc_tos(), srv->cli,
1909 ipc_srv->cli, &ipc_srv->pol, path,
1910 namevalue, SMBC_XATTR_MODE_CHGRP, 0);
1911 }
1912 TALLOC_FREE(frame);
1913 return ret;
1914 }
1915
1916 /* Determine whether to use old-style or new-style attribute names */
1917 if (context->internal->full_time_names) {
1918 /* new-style names */
1919 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
1920 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
1921 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
1922 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
1923 } else {
1924 /* old-style names */
1925 attr_strings.create_time_attr = NULL;
1926 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
1927 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
1928 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
1929 }
1930
1931 /*
1932 * Are they asking to set a DOS attribute?
1933 */
1934 if (StrCaseCmp(name, "system.dos_attr.*") == 0 ||
1935 StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
1936 (attr_strings.create_time_attr != NULL &&
1937 StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
1938 StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
1939 StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
1940 StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
1941
1942 /* get a DOS Attribute Descriptor with current attributes */
1943 dad = dos_attr_query(context, talloc_tos(), path, srv);
1944 if (dad) {
1945 char *namevalue =
1946 talloc_asprintf(talloc_tos(), "%s:%s",
1947 name+16, (const char *) value);
1948 if (! namevalue) {
1949 errno = ENOMEM;
1950 ret = -1;
1951 } else {
1952 /* Overwrite old with provided new params */
1953 dos_attr_parse(context, dad, srv, namevalue);
1954
1955 /* Set the new DOS attributes */
1956 ret2 = SMBC_setatr(context, srv, path,
1957 dad->create_time,
1958 dad->access_time,
1959 dad->write_time,
1960 dad->change_time,
1961 dad->mode);
1962
1963 /* ret2 has True (success) / False (failure) */
1964 if (ret2) {
1965 ret = 0;
1966 } else {
1967 ret = -1;
1968 }
1969 }
1970 } else {
1971 ret = -1;
1972 }
1973
1974 TALLOC_FREE(frame);
1975 return ret;
1976 }
1977
1978 /* Unsupported attribute name */
1979 errno = EINVAL;
1980 TALLOC_FREE(frame);
1981 return -1;
1982 }
1983
1984 int
1985 SMBC_getxattr_ctx(SMBCCTX *context,
1986 const char *fname,
1987 const char *name,
1988 const void *value,
1989 size_t size)
1990 {
1991 int ret;
1992 SMBCSRV *srv = NULL;
1993 SMBCSRV *ipc_srv = NULL;
1994 char *server = NULL;
1995 char *share = NULL;
1996 char *user = NULL;
1997 char *password = NULL;
1998 char *workgroup = NULL;
1999 char *path = NULL;
2000 struct {
2001 const char * create_time_attr;
2002 const char * access_time_attr;
2003 const char * write_time_attr;
2004 const char * change_time_attr;
2005 } attr_strings;
2006 TALLOC_CTX *frame = talloc_stackframe();
2007
2008 if (!context || !context->internal->initialized) {
2009 errno = EINVAL; /* Best I can think of ... */
2010 TALLOC_FREE(frame);
2011 return -1;
2012 }
2013
2014 if (!fname) {
2015 errno = EINVAL;
2016 TALLOC_FREE(frame);
2017 return -1;
2018 }
2019
2020 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname, name));
2021
2022 if (SMBC_parse_path(frame,
2023 context,
2024 fname,
2025 &workgroup,
2026 &server,
2027 &share,
2028 &path,
2029 &user,
2030 &password,
2031 NULL)) {
2032 errno = EINVAL;
2033 TALLOC_FREE(frame);
2034 return -1;
2035 }
2036
2037 if (!user || user[0] == (char)0) {
2038 user = talloc_strdup(frame, smbc_getUser(context));
2039 if (!user) {
2040 errno = ENOMEM;
2041 TALLOC_FREE(frame);
2042 return -1;
2043 }
2044 }
2045
2046 srv = SMBC_server(frame, context, True,
2047 server, share, &workgroup, &user, &password);
2048 if (!srv) {
2049 TALLOC_FREE(frame);
2050 return -1; /* errno set by SMBC_server */
2051 }
2052
2053 if (! srv->no_nt_session) {
2054 ipc_srv = SMBC_attr_server(frame, context, server, share,
2055 &workgroup, &user, &password);
2056 if (! ipc_srv) {
2057 srv->no_nt_session = True;
2058 }
2059 } else {
2060 ipc_srv = NULL;
2061 }
2062
2063 /* Determine whether to use old-style or new-style attribute names */
2064 if (context->internal->full_time_names) {
2065 /* new-style names */
2066 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
2067 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
2068 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
2069 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
2070 } else {
2071 /* old-style names */
2072 attr_strings.create_time_attr = NULL;
2073 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
2074 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
2075 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
2076 }
2077
2078 /* Are they requesting a supported attribute? */
2079 if (StrCaseCmp(name, "system.*") == 0 ||
2080 StrnCaseCmp(name, "system.*!", 9) == 0 ||
2081 StrCaseCmp(name, "system.*+") == 0 ||
2082 StrnCaseCmp(name, "system.*+!", 10) == 0 ||
2083 StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
2084 StrnCaseCmp(name, "system.nt_sec_desc.*!", 21) == 0 ||
2085 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
2086 StrnCaseCmp(name, "system.nt_sec_desc.*+!", 22) == 0 ||
2087 StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
2088 StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
2089 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
2090 StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
2091 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
2092 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
2093 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0 ||
2094 StrCaseCmp(name, "system.dos_attr.*") == 0 ||
2095 StrnCaseCmp(name, "system.dos_attr.*!", 18) == 0 ||
2096 StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
2097 StrCaseCmp(name, "system.dos_attr.size") == 0 ||
2098 (attr_strings.create_time_attr != NULL &&
2099 StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
2100 StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
2101 StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
2102 StrCaseCmp(name, attr_strings.change_time_attr) == 0 ||
2103 StrCaseCmp(name, "system.dos_attr.inode") == 0) {
2104
2105 /* Yup. */
2106 char *filename = (char *) name;
2107 ret = cacl_get(context, talloc_tos(), srv,
2108 ipc_srv == NULL ? NULL : ipc_srv->cli,
2109 &ipc_srv->pol, path,
2110 filename,
2111 CONST_DISCARD(char *, value),
2112 size);
2113 if (ret < 0 && errno == 0) {
2114 errno = SMBC_errno(context, srv->cli);
2115 }
2116 TALLOC_FREE(frame);
2117 return ret;
2118 }
2119
2120 /* Unsupported attribute name */
2121 errno = EINVAL;
2122 TALLOC_FREE(frame);
2123 return -1;
2124 }
2125
2126
2127 int
2128 SMBC_removexattr_ctx(SMBCCTX *context,
2129 const char *fname,
2130 const char *name)
2131 {
2132 int ret;
2133 SMBCSRV *srv = NULL;
2134 SMBCSRV *ipc_srv = NULL;
2135 char *server = NULL;
2136 char *share = NULL;
2137 char *user = NULL;
2138 char *password = NULL;
2139 char *workgroup = NULL;
2140 char *path = NULL;
2141 TALLOC_CTX *frame = talloc_stackframe();
2142
2143 if (!context || !context->internal->initialized) {
2144 errno = EINVAL; /* Best I can think of ... */
2145 TALLOC_FREE(frame);
2146 return -1;
2147 }
2148
2149 if (!fname) {
2150 errno = EINVAL;
2151 TALLOC_FREE(frame);
2152 return -1;
2153 }
2154
2155 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname, name));
2156
2157 if (SMBC_parse_path(frame,
2158 context,
2159 fname,
2160 &workgroup,
2161 &server,
2162 &share,
2163 &path,
2164 &user,
2165 &password,
2166 NULL)) {
2167 errno = EINVAL;
2168 TALLOC_FREE(frame);
2169 return -1;
2170 }
2171
2172 if (!user || user[0] == (char)0) {
2173 user = talloc_strdup(frame, smbc_getUser(context));
2174 if (!user) {
2175 errno = ENOMEM;
2176 TALLOC_FREE(frame);
2177 return -1;
2178 }
2179 }
2180
2181 srv = SMBC_server(frame, context, True,
2182 server, share, &workgroup, &user, &password);
2183 if (!srv) {
2184 TALLOC_FREE(frame);
2185 return -1; /* errno set by SMBC_server */
2186 }
2187
2188 if (! srv->no_nt_session) {
2189 ipc_srv = SMBC_attr_server(frame, context, server, share,
2190 &workgroup, &user, &password);
2191 if (! ipc_srv) {
2192 srv->no_nt_session = True;
2193 }
2194 } else {
2195 ipc_srv = NULL;
2196 }
2197
2198 if (! ipc_srv) {
2199 TALLOC_FREE(frame);
2200 return -1; /* errno set by SMBC_attr_server */
2201 }
2202
2203 /* Are they asking to set the entire ACL? */
2204 if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
2205 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0) {
2206
2207 /* Yup. */
2208 ret = cacl_set(context, talloc_tos(), srv->cli,
2209 ipc_srv->cli, &ipc_srv->pol, path,
2210 NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
2211 TALLOC_FREE(frame);
2212 return ret;
2213 }
2214
2215 /*
2216 * Are they asking to remove one or more spceific security descriptor
2217 * attributes?
2218 */
2219 if (StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
2220 StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
2221 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
2222 StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
2223 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
2224 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
2225 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
2226
2227 /* Yup. */
2228 ret = cacl_set(context, talloc_tos(), srv->cli,
2229 ipc_srv->cli, &ipc_srv->pol, path,
2230 CONST_DISCARD(char *, name) + 19,
2231 SMBC_XATTR_MODE_REMOVE, 0);
2232 TALLOC_FREE(frame);
2233 return ret;
2234 }
2235
2236 /* Unsupported attribute name */
2237 errno = EINVAL;
2238 TALLOC_FREE(frame);
2239 return -1;
2240 }
2241
2242 int
2243 SMBC_listxattr_ctx(SMBCCTX *context,
2244 const char *fname,
2245 char *list,
2246 size_t size)
2247 {
2248 /*
2249 * This isn't quite what listxattr() is supposed to do. This returns
2250 * the complete set of attribute names, always, rather than only those
2251 * attribute names which actually exist for a file. Hmmm...
2252 */
2253 size_t retsize;
2254 const char supported_old[] =
2255 "system.*\0"
2256 "system.*+\0"
2257 "system.nt_sec_desc.revision\0"
2258 "system.nt_sec_desc.owner\0"
2259 "system.nt_sec_desc.owner+\0"
2260 "system.nt_sec_desc.group\0"
2261 "system.nt_sec_desc.group+\0"
2262 "system.nt_sec_desc.acl.*\0"
2263 "system.nt_sec_desc.acl\0"
2264 "system.nt_sec_desc.acl+\0"
2265 "system.nt_sec_desc.*\0"
2266 "system.nt_sec_desc.*+\0"
2267 "system.dos_attr.*\0"
2268 "system.dos_attr.mode\0"
2269 "system.dos_attr.c_time\0"
2270 "system.dos_attr.a_time\0"
2271 "system.dos_attr.m_time\0"
2272 ;
2273 const char supported_new[] =
2274 "system.*\0"
2275 "system.*+\0"
2276 "system.nt_sec_desc.revision\0"
2277 "system.nt_sec_desc.owner\0"
2278 "system.nt_sec_desc.owner+\0"
2279 "system.nt_sec_desc.group\0"
2280 "system.nt_sec_desc.group+\0"
2281 "system.nt_sec_desc.acl.*\0"
2282 "system.nt_sec_desc.acl\0"
2283 "system.nt_sec_desc.acl+\0"
2284 "system.nt_sec_desc.*\0"
2285 "system.nt_sec_desc.*+\0"
2286 "system.dos_attr.*\0"
2287 "system.dos_attr.mode\0"
2288 "system.dos_attr.create_time\0"
2289 "system.dos_attr.access_time\0"
2290 "system.dos_attr.write_time\0"
2291 "system.dos_attr.change_time\0"
2292 ;
2293 const char * supported;
2294
2295 if (context->internal->full_time_names) {
2296 supported = supported_new;
2297 retsize = sizeof(supported_new);
2298 } else {
2299 supported = supported_old;
2300 retsize = sizeof(supported_old);
2301 }
2302
2303 if (size == 0) {
2304 return retsize;
2305 }
2306
2307 if (retsize > size) {
2308 errno = ERANGE;
2309 return -1;
2310 }
2311
2312 /* this can't be strcpy() because there are embedded null characters */
2313 memcpy(list, supported, retsize);
2314 return retsize;
2315 }