search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-torture: Add a lsarpc test_LookupNames4_fail function.
[Samba/gbeck.git] / source3 / libsmb / libsmb_xattr.c
blob199f2259754cd15f8b712dde981a8e76e18d5cde
1 /*
2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "libsmb/libsmb.h"
27 #include "libsmbclient.h"
28 #include "libsmb_internal.h"
29 #include "../librpc/gen_ndr/ndr_lsa.h"
30 #include "rpc_client/rpc_client.h"
31 #include "rpc_client/cli_lsarpc.h"
32 #include "../libcli/security/security.h"
33
34 /*
35 * Find an lsa pipe handle associated with a cli struct.
36 */
37 static struct rpc_pipe_client *
38 find_lsa_pipe_hnd(struct cli_state *ipc_cli)
39 {
40 struct rpc_pipe_client *pipe_hnd;
41
42 for (pipe_hnd = ipc_cli->pipe_list;
43 pipe_hnd;
44 pipe_hnd = pipe_hnd->next) {
45 if (ndr_syntax_id_equal(&pipe_hnd->abstract_syntax,
46 &ndr_table_lsarpc.syntax_id)) {
47 return pipe_hnd;
48 }
49 }
50 return NULL;
51 }
52
53 /*
54 * Sort ACEs according to the documentation at
55 * http://support.microsoft.com/kb/269175, at least as far as it defines the
56 * order.
57 */
58
59 static int
60 ace_compare(struct security_ace *ace1,
61 struct security_ace *ace2)
62 {
63 bool b1;
64 bool b2;
65
66 /* If the ACEs are equal, we have nothing more to do. */
67 if (sec_ace_equal(ace1, ace2)) {
68 return 0;
69 }
70
71 /* Inherited follow non-inherited */
72 b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
73 b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
74 if (b1 != b2) {
75 return (b1 ? 1 : -1);
76 }
77
78 /*
79 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
80 * sort them after DENY and ALLOW.
81 */
82 b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
83 ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
84 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
85 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
86 b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
87 ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
88 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
89 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
90 if (b1 != b2) {
91 return (b1 ? 1 : -1);
92 }
93
94 /* Allowed ACEs follow denied ACEs */
95 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
96 ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
97 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
98 ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
99 if (b1 != b2) {
100 return (b1 ? 1 : -1);
101 }
102
103 /*
104 * ACEs applying to an entity's object follow those applying to the
105 * entity itself
106 */
107 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
108 ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
109 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
110 ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
111 if (b1 != b2) {
112 return (b1 ? 1 : -1);
113 }
114
115 /*
116 * If we get this far, the ACEs are similar as far as the
117 * characteristics we typically care about (those defined by the
118 * referenced MS document). We'll now sort by characteristics that
119 * just seems reasonable.
120 */
121
122 if (ace1->type != ace2->type) {
123 return ace2->type - ace1->type;
124 }
125
126 if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
127 return dom_sid_compare(&ace1->trustee, &ace2->trustee);
128 }
129
130 if (ace1->flags != ace2->flags) {
131 return ace1->flags - ace2->flags;
132 }
133
134 if (ace1->access_mask != ace2->access_mask) {
135 return ace1->access_mask - ace2->access_mask;
136 }
137
138 if (ace1->size != ace2->size) {
139 return ace1->size - ace2->size;
140 }
141
142 return memcmp(ace1, ace2, sizeof(struct security_ace));
143 }
144
145
146 static void
147 sort_acl(struct security_acl *the_acl)
148 {
149 uint32 i;
150 if (!the_acl) return;
151
152 TYPESAFE_QSORT(the_acl->aces, the_acl->num_aces, ace_compare);
153
154 for (i=1;i<the_acl->num_aces;) {
155 if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) {
156 int j;
157 for (j=i; j<the_acl->num_aces-1; j++) {
158 the_acl->aces[j] = the_acl->aces[j+1];
159 }
160 the_acl->num_aces--;
161 } else {
162 i++;
163 }
164 }
165 }
166
167 /* convert a SID to a string, either numeric or username/group */
168 static void
169 convert_sid_to_string(struct cli_state *ipc_cli,
170 struct policy_handle *pol,
171 fstring str,
172 bool numeric,
173 struct dom_sid *sid)
174 {
175 char **domains = NULL;
176 char **names = NULL;
177 enum lsa_SidType *types = NULL;
178 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
179 TALLOC_CTX *ctx;
180
181 sid_to_fstring(str, sid);
182
183 if (numeric) {
184 return; /* no lookup desired */
185 }
186
187 if (!pipe_hnd) {
188 return;
189 }
190
191 /* Ask LSA to convert the sid to a name */
192
193 ctx = talloc_stackframe();
194
195 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd, ctx,
196 pol, 1, sid, &domains,
197 &names, &types)) ||
198 !domains || !domains[0] || !names || !names[0]) {
199 TALLOC_FREE(ctx);
200 return;
201 }
202
203 /* Converted OK */
204
205 slprintf(str, sizeof(fstring) - 1, "%s%s%s",
206 domains[0], lp_winbind_separator(),
207 names[0]);
208
209 TALLOC_FREE(ctx);
210 }
211
212 /* convert a string to a SID, either numeric or username/group */
213 static bool
214 convert_string_to_sid(struct cli_state *ipc_cli,
215 struct policy_handle *pol,
216 bool numeric,
217 struct dom_sid *sid,
218 const char *str)
219 {
220 enum lsa_SidType *types = NULL;
221 struct dom_sid *sids = NULL;
222 bool result = True;
223 TALLOC_CTX *ctx = NULL;
224 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
225
226 if (!pipe_hnd) {
227 return False;
228 }
229
230 if (numeric) {
231 if (strncmp(str, "S-", 2) == 0) {
232 return string_to_sid(sid, str);
233 }
234
235 result = False;
236 goto done;
237 }
238
239 ctx = talloc_stackframe();
240 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd, ctx,
241 pol, 1, &str,
242 NULL, 1, &sids,
243 &types))) {
244 result = False;
245 goto done;
246 }
247
248 sid_copy(sid, &sids[0]);
249 done:
250 TALLOC_FREE(ctx);
251 return result;
252 }
253
254
255 /* parse an struct security_ace in the same format as print_ace() */
256 static bool
257 parse_ace(struct cli_state *ipc_cli,
258 struct policy_handle *pol,
259 struct security_ace *ace,
260 bool numeric,
261 char *str)
262 {
263 char *p;
264 const char *cp;
265 char *tok;
266 unsigned int atype;
267 unsigned int aflags;
268 unsigned int amask;
269 struct dom_sid sid;
270 uint32_t mask;
271 const struct perm_value *v;
272 struct perm_value {
273 const char perm[7];
274 uint32 mask;
275 };
276 TALLOC_CTX *frame = talloc_stackframe();
277
278 /* These values discovered by inspection */
279 static const struct perm_value special_values[] = {
280 { "R", 0x00120089 },
281 { "W", 0x00120116 },
282 { "X", 0x001200a0 },
283 { "D", 0x00010000 },
284 { "P", 0x00040000 },
285 { "O", 0x00080000 },
286 { "", 0 },
287 };
288
289 static const struct perm_value standard_values[] = {
290 { "READ", 0x001200a9 },
291 { "CHANGE", 0x001301bf },
292 { "FULL", 0x001f01ff },
293 { "", 0 },
294 };
295
296 ZERO_STRUCTP(ace);
297 p = strchr_m(str,':');
298 if (!p) {
299 TALLOC_FREE(frame);
300 return False;
301 }
302 *p = '\0';
303 p++;
304 /* Try to parse numeric form */
305
306 if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
307 convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
308 goto done;
309 }
310
311 /* Try to parse text form */
312
313 if (!convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
314 TALLOC_FREE(frame);
315 return false;
316 }
317
318 cp = p;
319 if (!next_token_talloc(frame, &cp, &tok, "/")) {
320 TALLOC_FREE(frame);
321 return false;
322 }
323
324 if (strncasecmp_m(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
325 atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
326 } else if (strncasecmp_m(tok, "DENIED", strlen("DENIED")) == 0) {
327 atype = SEC_ACE_TYPE_ACCESS_DENIED;
328 } else {
329 TALLOC_FREE(frame);
330 return false;
331 }
332
333 /* Only numeric form accepted for flags at present */
334
335 if (!(next_token_talloc(frame, &cp, &tok, "/") &&
336 sscanf(tok, "%i", &aflags))) {
337 TALLOC_FREE(frame);
338 return false;
339 }
340
341 if (!next_token_talloc(frame, &cp, &tok, "/")) {
342 TALLOC_FREE(frame);
343 return false;
344 }
345
346 if (strncmp(tok, "0x", 2) == 0) {
347 if (sscanf(tok, "%i", &amask) != 1) {
348 TALLOC_FREE(frame);
349 return false;
350 }
351 goto done;
352 }
353
354 for (v = standard_values; v->perm; v++) {
355 if (strcmp(tok, v->perm) == 0) {
356 amask = v->mask;
357 goto done;
358 }
359 }
360
361 p = tok;
362
363 while(*p) {
364 bool found = False;
365
366 for (v = special_values; v->perm; v++) {
367 if (v->perm[0] == *p) {
368 amask |= v->mask;
369 found = True;
370 }
371 }
372
373 if (!found) {
374 TALLOC_FREE(frame);
375 return false;
376 }
377 p++;
378 }
379
380 if (*p) {
381 TALLOC_FREE(frame);
382 return false;
383 }
384
385 done:
386 mask = amask;
387 init_sec_ace(ace, &sid, atype, mask, aflags);
388 TALLOC_FREE(frame);
389 return true;
390 }
391
392 /* add an struct security_ace to a list of struct security_aces in a struct security_acl */
393 static bool
394 add_ace(struct security_acl **the_acl,
395 struct security_ace *ace,
396 TALLOC_CTX *ctx)
397 {
398 struct security_acl *newacl;
399 struct security_ace *aces;
400
401 if (! *the_acl) {
402 (*the_acl) = make_sec_acl(ctx, 3, 1, ace);
403 return True;
404 }
405
406 if ((aces = SMB_CALLOC_ARRAY(struct security_ace,
407 1+(*the_acl)->num_aces)) == NULL) {
408 return False;
409 }
410 memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(struct security_ace));
411 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(struct security_ace));
412 newacl = make_sec_acl(ctx, (*the_acl)->revision,
413 1+(*the_acl)->num_aces, aces);
414 SAFE_FREE(aces);
415 (*the_acl) = newacl;
416 return True;
417 }
418
419
420 /* parse a ascii version of a security descriptor */
421 static struct security_descriptor *
422 sec_desc_parse(TALLOC_CTX *ctx,
423 struct cli_state *ipc_cli,
424 struct policy_handle *pol,
425 bool numeric,
426 const char *str)
427 {
428 const char *p = str;
429 char *tok;
430 struct security_descriptor *ret = NULL;
431 size_t sd_size;
432 struct dom_sid *group_sid=NULL;
433 struct dom_sid *owner_sid=NULL;
434 struct security_acl *dacl=NULL;
435 int revision=1;
436
437 while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
438
439 if (strncasecmp_m(tok,"REVISION:", 9) == 0) {
440 revision = strtol(tok+9, NULL, 16);
441 continue;
442 }
443
444 if (strncasecmp_m(tok,"OWNER:", 6) == 0) {
445 if (owner_sid) {
446 DEBUG(5,("OWNER specified more than once!\n"));
447 goto done;
448 }
449 owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
450 if (!owner_sid ||
451 !convert_string_to_sid(ipc_cli, pol,
452 numeric,
453 owner_sid, tok+6)) {
454 DEBUG(5, ("Failed to parse owner sid\n"));
455 goto done;
456 }
457 continue;
458 }
459
460 if (strncasecmp_m(tok,"OWNER+:", 7) == 0) {
461 if (owner_sid) {
462 DEBUG(5,("OWNER specified more than once!\n"));
463 goto done;
464 }
465 owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
466 if (!owner_sid ||
467 !convert_string_to_sid(ipc_cli, pol,
468 False,
469 owner_sid, tok+7)) {
470 DEBUG(5, ("Failed to parse owner sid\n"));
471 goto done;
472 }
473 continue;
474 }
475
476 if (strncasecmp_m(tok,"GROUP:", 6) == 0) {
477 if (group_sid) {
478 DEBUG(5,("GROUP specified more than once!\n"));
479 goto done;
480 }
481 group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
482 if (!group_sid ||
483 !convert_string_to_sid(ipc_cli, pol,
484 numeric,
485 group_sid, tok+6)) {
486 DEBUG(5, ("Failed to parse group sid\n"));
487 goto done;
488 }
489 continue;
490 }
491
492 if (strncasecmp_m(tok,"GROUP+:", 7) == 0) {
493 if (group_sid) {
494 DEBUG(5,("GROUP specified more than once!\n"));
495 goto done;
496 }
497 group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
498 if (!group_sid ||
499 !convert_string_to_sid(ipc_cli, pol,
500 False,
501 group_sid, tok+6)) {
502 DEBUG(5, ("Failed to parse group sid\n"));
503 goto done;
504 }
505 continue;
506 }
507
508 if (strncasecmp_m(tok,"ACL:", 4) == 0) {
509 struct security_ace ace;
510 if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
511 DEBUG(5, ("Failed to parse ACL %s\n", tok));
512 goto done;
513 }
514 if(!add_ace(&dacl, &ace, ctx)) {
515 DEBUG(5, ("Failed to add ACL %s\n", tok));
516 goto done;
517 }
518 continue;
519 }
520
521 if (strncasecmp_m(tok,"ACL+:", 5) == 0) {
522 struct security_ace ace;
523 if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
524 DEBUG(5, ("Failed to parse ACL %s\n", tok));
525 goto done;
526 }
527 if(!add_ace(&dacl, &ace, ctx)) {
528 DEBUG(5, ("Failed to add ACL %s\n", tok));
529 goto done;
530 }
531 continue;
532 }
533
534 DEBUG(5, ("Failed to parse security descriptor\n"));
535 goto done;
536 }
537
538 ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE,
539 owner_sid, group_sid, NULL, dacl, &sd_size);
540
541 done:
542 SAFE_FREE(group_sid);
543 SAFE_FREE(owner_sid);
544 return ret;
545 }
546
547
548 /* Obtain the current dos attributes */
549 static DOS_ATTR_DESC *
550 dos_attr_query(SMBCCTX *context,
551 TALLOC_CTX *ctx,
552 const char *filename,
553 SMBCSRV *srv)
554 {
555 struct timespec create_time_ts;
556 struct timespec write_time_ts;
557 struct timespec access_time_ts;
558 struct timespec change_time_ts;
559 off_t size = 0;
560 uint16 mode = 0;
561 SMB_INO_T inode = 0;
562 DOS_ATTR_DESC *ret;
563
564 ret = talloc(ctx, DOS_ATTR_DESC);
565 if (!ret) {
566 errno = ENOMEM;
567 return NULL;
568 }
569
570 /* Obtain the DOS attributes */
571 if (!SMBC_getatr(context, srv, filename,
572 &mode, &size,
573 &create_time_ts,
574 &access_time_ts,
575 &write_time_ts,
576 &change_time_ts,
577 &inode)) {
578 errno = SMBC_errno(context, srv->cli);
579 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
580 return NULL;
581 }
582
583 ret->mode = mode;
584 ret->size = size;
585 ret->create_time = convert_timespec_to_time_t(create_time_ts);
586 ret->access_time = convert_timespec_to_time_t(access_time_ts);
587 ret->write_time = convert_timespec_to_time_t(write_time_ts);
588 ret->change_time = convert_timespec_to_time_t(change_time_ts);
589 ret->inode = inode;
590
591 return ret;
592 }
593
594
595 /* parse a ascii version of a security descriptor */
596 static void
597 dos_attr_parse(SMBCCTX *context,
598 DOS_ATTR_DESC *dad,
599 SMBCSRV *srv,
600 char *str)
601 {
602 int n;
603 const char *p = str;
604 char *tok = NULL;
605 TALLOC_CTX *frame = NULL;
606 struct {
607 const char * create_time_attr;
608 const char * access_time_attr;
609 const char * write_time_attr;
610 const char * change_time_attr;
611 } attr_strings;
612
613 /* Determine whether to use old-style or new-style attribute names */
614 if (context->internal->full_time_names) {
615 /* new-style names */
616 attr_strings.create_time_attr = "CREATE_TIME";
617 attr_strings.access_time_attr = "ACCESS_TIME";
618 attr_strings.write_time_attr = "WRITE_TIME";
619 attr_strings.change_time_attr = "CHANGE_TIME";
620 } else {
621 /* old-style names */
622 attr_strings.create_time_attr = NULL;
623 attr_strings.access_time_attr = "A_TIME";
624 attr_strings.write_time_attr = "M_TIME";
625 attr_strings.change_time_attr = "C_TIME";
626 }
627
628 /* if this is to set the entire ACL... */
629 if (*str == '*') {
630 /* ... then increment past the first colon if there is one */
631 if ((p = strchr(str, ':')) != NULL) {
632 ++p;
633 } else {
634 p = str;
635 }
636 }
637
638 frame = talloc_stackframe();
639 while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
640 if (strncasecmp_m(tok, "MODE:", 5) == 0) {
641 long request = strtol(tok+5, NULL, 16);
642 if (request == 0) {
643 dad->mode = (request |
644 (IS_DOS_DIR(dad->mode)
645 ? FILE_ATTRIBUTE_DIRECTORY
646 : FILE_ATTRIBUTE_NORMAL));
647 } else {
648 dad->mode = request;
649 }
650 continue;
651 }
652
653 if (strncasecmp_m(tok, "SIZE:", 5) == 0) {
654 dad->size = (off_t)atof(tok+5);
655 continue;
656 }
657
658 n = strlen(attr_strings.access_time_attr);
659 if (strncasecmp_m(tok, attr_strings.access_time_attr, n) == 0) {
660 dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
661 continue;
662 }
663
664 n = strlen(attr_strings.change_time_attr);
665 if (strncasecmp_m(tok, attr_strings.change_time_attr, n) == 0) {
666 dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
667 continue;
668 }
669
670 n = strlen(attr_strings.write_time_attr);
671 if (strncasecmp_m(tok, attr_strings.write_time_attr, n) == 0) {
672 dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
673 continue;
674 }
675
676 if (attr_strings.create_time_attr != NULL) {
677 n = strlen(attr_strings.create_time_attr);
678 if (strncasecmp_m(tok, attr_strings.create_time_attr,
679 n) == 0) {
680 dad->create_time = (time_t)strtol(tok+n+1,
681 NULL, 10);
682 continue;
683 }
684 }
685
686 if (strncasecmp_m(tok, "INODE:", 6) == 0) {
687 dad->inode = (SMB_INO_T)atof(tok+6);
688 continue;
689 }
690 }
691 TALLOC_FREE(frame);
692 }
693
694 /*****************************************************
695 Retrieve the acls for a file.
696 *******************************************************/
697
698 static int
699 cacl_get(SMBCCTX *context,
700 TALLOC_CTX *ctx,
701 SMBCSRV *srv,
702 struct cli_state *ipc_cli,
703 struct policy_handle *pol,
704 const char *filename,
705 const char *attr_name,
706 char *buf,
707 int bufsize)
708 {
709 uint32 i;
710 int n = 0;
711 int n_used;
712 bool all;
713 bool all_nt;
714 bool all_nt_acls;
715 bool all_dos;
716 bool some_nt;
717 bool some_dos;
718 bool exclude_nt_revision = False;
719 bool exclude_nt_owner = False;
720 bool exclude_nt_group = False;
721 bool exclude_nt_acl = False;
722 bool exclude_dos_mode = False;
723 bool exclude_dos_size = False;
724 bool exclude_dos_create_time = False;
725 bool exclude_dos_access_time = False;
726 bool exclude_dos_write_time = False;
727 bool exclude_dos_change_time = False;
728 bool exclude_dos_inode = False;
729 bool numeric = True;
730 bool determine_size = (bufsize == 0);
731 uint16_t fnum;
732 struct security_descriptor *sd;
733 fstring sidstr;
734 fstring name_sandbox;
735 char *name;
736 char *pExclude;
737 char *p;
738 struct timespec create_time_ts;
739 struct timespec write_time_ts;
740 struct timespec access_time_ts;
741 struct timespec change_time_ts;
742 time_t create_time = (time_t)0;
743 time_t write_time = (time_t)0;
744 time_t access_time = (time_t)0;
745 time_t change_time = (time_t)0;
746 off_t size = 0;
747 uint16 mode = 0;
748 SMB_INO_T ino = 0;
749 struct cli_state *cli = srv->cli;
750 struct {
751 const char * create_time_attr;
752 const char * access_time_attr;
753 const char * write_time_attr;
754 const char * change_time_attr;
755 } attr_strings;
756 struct {
757 const char * create_time_attr;
758 const char * access_time_attr;
759 const char * write_time_attr;
760 const char * change_time_attr;
761 } excl_attr_strings;
762
763 /* Determine whether to use old-style or new-style attribute names */
764 if (context->internal->full_time_names) {
765 /* new-style names */
766 attr_strings.create_time_attr = "CREATE_TIME";
767 attr_strings.access_time_attr = "ACCESS_TIME";
768 attr_strings.write_time_attr = "WRITE_TIME";
769 attr_strings.change_time_attr = "CHANGE_TIME";
770
771 excl_attr_strings.create_time_attr = "CREATE_TIME";
772 excl_attr_strings.access_time_attr = "ACCESS_TIME";
773 excl_attr_strings.write_time_attr = "WRITE_TIME";
774 excl_attr_strings.change_time_attr = "CHANGE_TIME";
775 } else {
776 /* old-style names */
777 attr_strings.create_time_attr = NULL;
778 attr_strings.access_time_attr = "A_TIME";
779 attr_strings.write_time_attr = "M_TIME";
780 attr_strings.change_time_attr = "C_TIME";
781
782 excl_attr_strings.create_time_attr = NULL;
783 excl_attr_strings.access_time_attr = "dos_attr.A_TIME";
784 excl_attr_strings.write_time_attr = "dos_attr.M_TIME";
785 excl_attr_strings.change_time_attr = "dos_attr.C_TIME";
786 }
787
788 /* Copy name so we can strip off exclusions (if any are specified) */
789 strncpy(name_sandbox, attr_name, sizeof(name_sandbox) - 1);
790
791 /* Ensure name is null terminated */
792 name_sandbox[sizeof(name_sandbox) - 1] = '\0';
793
794 /* Play in the sandbox */
795 name = name_sandbox;
796
797 /* If there are any exclusions, point to them and mask them from name */
798 if ((pExclude = strchr(name, '!')) != NULL)
799 {
800 *pExclude++ = '\0';
801 }
802
803 all = (strncasecmp_m(name, "system.*", 8) == 0);
804 all_nt = (strncasecmp_m(name, "system.nt_sec_desc.*", 20) == 0);
805 all_nt_acls = (strncasecmp_m(name, "system.nt_sec_desc.acl.*", 24) == 0);
806 all_dos = (strncasecmp_m(name, "system.dos_attr.*", 17) == 0);
807 some_nt = (strncasecmp_m(name, "system.nt_sec_desc.", 19) == 0);
808 some_dos = (strncasecmp_m(name, "system.dos_attr.", 16) == 0);
809 numeric = (* (name + strlen(name) - 1) != '+');
810
811 /* Look for exclusions from "all" requests */
812 if (all || all_nt || all_dos) {
813 /* Exclusions are delimited by '!' */
814 for (;
815 pExclude != NULL;
816 pExclude = (p == NULL ? NULL : p + 1)) {
817
818 /* Find end of this exclusion name */
819 if ((p = strchr(pExclude, '!')) != NULL)
820 {
821 *p = '\0';
822 }
823
824 /* Which exclusion name is this? */
825 if (strcasecmp_m(pExclude,
826 "nt_sec_desc.revision") == 0) {
827 exclude_nt_revision = True;
828 }
829 else if (strcasecmp_m(pExclude,
830 "nt_sec_desc.owner") == 0) {
831 exclude_nt_owner = True;
832 }
833 else if (strcasecmp_m(pExclude,
834 "nt_sec_desc.group") == 0) {
835 exclude_nt_group = True;
836 }
837 else if (strcasecmp_m(pExclude,
838 "nt_sec_desc.acl") == 0) {
839 exclude_nt_acl = True;
840 }
841 else if (strcasecmp_m(pExclude,
842 "dos_attr.mode") == 0) {
843 exclude_dos_mode = True;
844 }
845 else if (strcasecmp_m(pExclude,
846 "dos_attr.size") == 0) {
847 exclude_dos_size = True;
848 }
849 else if (excl_attr_strings.create_time_attr != NULL &&
850 strcasecmp_m(pExclude,
851 excl_attr_strings.change_time_attr) == 0) {
852 exclude_dos_create_time = True;
853 }
854 else if (strcasecmp_m(pExclude,
855 excl_attr_strings.access_time_attr) == 0) {
856 exclude_dos_access_time = True;
857 }
858 else if (strcasecmp_m(pExclude,
859 excl_attr_strings.write_time_attr) == 0) {
860 exclude_dos_write_time = True;
861 }
862 else if (strcasecmp_m(pExclude,
863 excl_attr_strings.change_time_attr) == 0) {
864 exclude_dos_change_time = True;
865 }
866 else if (strcasecmp_m(pExclude, "dos_attr.inode") == 0) {
867 exclude_dos_inode = True;
868 }
869 else {
870 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
871 pExclude));
872 errno = ENOATTR;
873 return -1;
874 }
875 }
876 }
877
878 n_used = 0;
879
880 /*
881 * If we are (possibly) talking to an NT or new system and some NT
882 * attributes have been requested...
883 */
884 if (ipc_cli && (all || some_nt || all_nt_acls)) {
885 char *targetpath = NULL;
886 struct cli_state *targetcli = NULL;
887 NTSTATUS status;
888
889 /* Point to the portion after "system.nt_sec_desc." */
890 name += 19; /* if (all) this will be invalid but unused */
891
892 status = cli_resolve_path(
893 ctx, "", context->internal->auth_info,
894 cli, filename, &targetcli, &targetpath);
895 if (!NT_STATUS_IS_OK(status)) {
896 DEBUG(5, ("cacl_get Could not resolve %s\n",
897 filename));
898 errno = ENOENT;
899 return -1;
900 }
901
902 /* ... then obtain any NT attributes which were requested */
903 status = cli_ntcreate(targetcli, targetpath, 0,
904 CREATE_ACCESS_READ, 0,
905 FILE_SHARE_READ|FILE_SHARE_WRITE,
906 FILE_OPEN, 0x0, 0x0, &fnum);
907 if (!NT_STATUS_IS_OK(status)) {
908 DEBUG(5, ("cacl_get failed to open %s: %s\n",
909 targetpath, nt_errstr(status)));
910 errno = 0;
911 return -1;
912 }
913
914 status = cli_query_secdesc(targetcli, fnum, ctx, &sd);
915 if (!NT_STATUS_IS_OK(status)) {
916 DEBUG(5,("cacl_get Failed to query old descriptor "
917 "of %s: %s\n",
918 targetpath, nt_errstr(status)));
919 errno = 0;
920 return -1;
921 }
922
923 cli_close(targetcli, fnum);
924
925 if (! exclude_nt_revision) {
926 if (all || all_nt) {
927 if (determine_size) {
928 p = talloc_asprintf(ctx,
929 "REVISION:%d",
930 sd->revision);
931 if (!p) {
932 errno = ENOMEM;
933 return -1;
934 }
935 n = strlen(p);
936 } else {
937 n = snprintf(buf, bufsize,
938 "REVISION:%d",
939 sd->revision);
940 }
941 } else if (strcasecmp_m(name, "revision") == 0) {
942 if (determine_size) {
943 p = talloc_asprintf(ctx, "%d",
944 sd->revision);
945 if (!p) {
946 errno = ENOMEM;
947 return -1;
948 }
949 n = strlen(p);
950 } else {
951 n = snprintf(buf, bufsize, "%d",
952 sd->revision);
953 }
954 }
955
956 if (!determine_size && n > bufsize) {
957 errno = ERANGE;
958 return -1;
959 }
960 buf += n;
961 n_used += n;
962 bufsize -= n;
963 n = 0;
964 }
965
966 if (! exclude_nt_owner) {
967 /* Get owner and group sid */
968 if (sd->owner_sid) {
969 convert_sid_to_string(ipc_cli, pol,
970 sidstr,
971 numeric,
972 sd->owner_sid);
973 } else {
974 fstrcpy(sidstr, "");
975 }
976
977 if (all || all_nt) {
978 if (determine_size) {
979 p = talloc_asprintf(ctx, ",OWNER:%s",
980 sidstr);
981 if (!p) {
982 errno = ENOMEM;
983 return -1;
984 }
985 n = strlen(p);
986 } else if (sidstr[0] != '\0') {
987 n = snprintf(buf, bufsize,
988 ",OWNER:%s", sidstr);
989 }
990 } else if (strncasecmp_m(name, "owner", 5) == 0) {
991 if (determine_size) {
992 p = talloc_asprintf(ctx, "%s", sidstr);
993 if (!p) {
994 errno = ENOMEM;
995 return -1;
996 }
997 n = strlen(p);
998 } else {
999 n = snprintf(buf, bufsize, "%s",
1000 sidstr);
1001 }
1002 }
1003
1004 if (!determine_size && n > bufsize) {
1005 errno = ERANGE;
1006 return -1;
1007 }
1008 buf += n;
1009 n_used += n;
1010 bufsize -= n;
1011 n = 0;
1012 }
1013
1014 if (! exclude_nt_group) {
1015 if (sd->group_sid) {
1016 convert_sid_to_string(ipc_cli, pol,
1017 sidstr, numeric,
1018 sd->group_sid);
1019 } else {
1020 fstrcpy(sidstr, "");
1021 }
1022
1023 if (all || all_nt) {
1024 if (determine_size) {
1025 p = talloc_asprintf(ctx, ",GROUP:%s",
1026 sidstr);
1027 if (!p) {
1028 errno = ENOMEM;
1029 return -1;
1030 }
1031 n = strlen(p);
1032 } else if (sidstr[0] != '\0') {
1033 n = snprintf(buf, bufsize,
1034 ",GROUP:%s", sidstr);
1035 }
1036 } else if (strncasecmp_m(name, "group", 5) == 0) {
1037 if (determine_size) {
1038 p = talloc_asprintf(ctx, "%s", sidstr);
1039 if (!p) {
1040 errno = ENOMEM;
1041 return -1;
1042 }
1043 n = strlen(p);
1044 } else {
1045 n = snprintf(buf, bufsize,
1046 "%s", sidstr);
1047 }
1048 }
1049
1050 if (!determine_size && n > bufsize) {
1051 errno = ERANGE;
1052 return -1;
1053 }
1054 buf += n;
1055 n_used += n;
1056 bufsize -= n;
1057 n = 0;
1058 }
1059
1060 if (! exclude_nt_acl) {
1061 /* Add aces to value buffer */
1062 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1063
1064 struct security_ace *ace = &sd->dacl->aces[i];
1065 convert_sid_to_string(ipc_cli, pol,
1066 sidstr, numeric,
1067 &ace->trustee);
1068
1069 if (all || all_nt) {
1070 if (determine_size) {
1071 p = talloc_asprintf(
1072 ctx,
1073 ",ACL:"
1074 "%s:%d/%d/0x%08x",
1075 sidstr,
1076 ace->type,
1077 ace->flags,
1078 ace->access_mask);
1079 if (!p) {
1080 errno = ENOMEM;
1081 return -1;
1082 }
1083 n = strlen(p);
1084 } else {
1085 n = snprintf(
1086 buf, bufsize,
1087 ",ACL:%s:%d/%d/0x%08x",
1088 sidstr,
1089 ace->type,
1090 ace->flags,
1091 ace->access_mask);
1092 }
1093 } else if ((strncasecmp_m(name, "acl", 3) == 0 &&
1094 strcasecmp_m(name+3, sidstr) == 0) ||
1095 (strncasecmp_m(name, "acl+", 4) == 0 &&
1096 strcasecmp_m(name+4, sidstr) == 0)) {
1097 if (determine_size) {
1098 p = talloc_asprintf(
1099 ctx,
1100 "%d/%d/0x%08x",
1101 ace->type,
1102 ace->flags,
1103 ace->access_mask);
1104 if (!p) {
1105 errno = ENOMEM;
1106 return -1;
1107 }
1108 n = strlen(p);
1109 } else {
1110 n = snprintf(buf, bufsize,
1111 "%d/%d/0x%08x",
1112 ace->type,
1113 ace->flags,
1114 ace->access_mask);
1115 }
1116 } else if (all_nt_acls) {
1117 if (determine_size) {
1118 p = talloc_asprintf(
1119 ctx,
1120 "%s%s:%d/%d/0x%08x",
1121 i ? "," : "",
1122 sidstr,
1123 ace->type,
1124 ace->flags,
1125 ace->access_mask);
1126 if (!p) {
1127 errno = ENOMEM;
1128 return -1;
1129 }
1130 n = strlen(p);
1131 } else {
1132 n = snprintf(buf, bufsize,
1133 "%s%s:%d/%d/0x%08x",
1134 i ? "," : "",
1135 sidstr,
1136 ace->type,
1137 ace->flags,
1138 ace->access_mask);
1139 }
1140 }
1141 if (!determine_size && n > bufsize) {
1142 errno = ERANGE;
1143 return -1;
1144 }
1145 buf += n;
1146 n_used += n;
1147 bufsize -= n;
1148 n = 0;
1149 }
1150 }
1151
1152 /* Restore name pointer to its original value */
1153 name -= 19;
1154 }
1155
1156 if (all || some_dos) {
1157 /* Point to the portion after "system.dos_attr." */
1158 name += 16; /* if (all) this will be invalid but unused */
1159
1160 /* Obtain the DOS attributes */
1161 if (!SMBC_getatr(context, srv, filename, &mode, &size,
1162 &create_time_ts,
1163 &access_time_ts,
1164 &write_time_ts,
1165 &change_time_ts,
1166 &ino)) {
1167
1168 errno = SMBC_errno(context, srv->cli);
1169 return -1;
1170 }
1171
1172 create_time = convert_timespec_to_time_t(create_time_ts);
1173 access_time = convert_timespec_to_time_t(access_time_ts);
1174 write_time = convert_timespec_to_time_t(write_time_ts);
1175 change_time = convert_timespec_to_time_t(change_time_ts);
1176
1177 if (! exclude_dos_mode) {
1178 if (all || all_dos) {
1179 if (determine_size) {
1180 p = talloc_asprintf(ctx,
1181 "%sMODE:0x%x",
1182 (ipc_cli &&
1183 (all || some_nt)
1184 ? ","
1185 : ""),
1186 mode);
1187 if (!p) {
1188 errno = ENOMEM;
1189 return -1;
1190 }
1191 n = strlen(p);
1192 } else {
1193 n = snprintf(buf, bufsize,
1194 "%sMODE:0x%x",
1195 (ipc_cli &&
1196 (all || some_nt)
1197 ? ","
1198 : ""),
1199 mode);
1200 }
1201 } else if (strcasecmp_m(name, "mode") == 0) {
1202 if (determine_size) {
1203 p = talloc_asprintf(ctx, "0x%x", mode);
1204 if (!p) {
1205 errno = ENOMEM;
1206 return -1;
1207 }
1208 n = strlen(p);
1209 } else {
1210 n = snprintf(buf, bufsize,
1211 "0x%x", mode);
1212 }
1213 }
1214
1215 if (!determine_size && n > bufsize) {
1216 errno = ERANGE;
1217 return -1;
1218 }
1219 buf += n;
1220 n_used += n;
1221 bufsize -= n;
1222 n = 0;
1223 }
1224
1225 if (! exclude_dos_size) {
1226 if (all || all_dos) {
1227 if (determine_size) {
1228 p = talloc_asprintf(
1229 ctx,
1230 ",SIZE:%.0f",
1231 (double)size);
1232 if (!p) {
1233 errno = ENOMEM;
1234 return -1;
1235 }
1236 n = strlen(p);
1237 } else {
1238 n = snprintf(buf, bufsize,
1239 ",SIZE:%.0f",
1240 (double)size);
1241 }
1242 } else if (strcasecmp_m(name, "size") == 0) {
1243 if (determine_size) {
1244 p = talloc_asprintf(
1245 ctx,
1246 "%.0f",
1247 (double)size);
1248 if (!p) {
1249 errno = ENOMEM;
1250 return -1;
1251 }
1252 n = strlen(p);
1253 } else {
1254 n = snprintf(buf, bufsize,
1255 "%.0f",
1256 (double)size);
1257 }
1258 }
1259
1260 if (!determine_size && n > bufsize) {
1261 errno = ERANGE;
1262 return -1;
1263 }
1264 buf += n;
1265 n_used += n;
1266 bufsize -= n;
1267 n = 0;
1268 }
1269
1270 if (! exclude_dos_create_time &&
1271 attr_strings.create_time_attr != NULL) {
1272 if (all || all_dos) {
1273 if (determine_size) {
1274 p = talloc_asprintf(ctx,
1275 ",%s:%lu",
1276 attr_strings.create_time_attr,
1277 (unsigned long) create_time);
1278 if (!p) {
1279 errno = ENOMEM;
1280 return -1;
1281 }
1282 n = strlen(p);
1283 } else {
1284 n = snprintf(buf, bufsize,
1285 ",%s:%lu",
1286 attr_strings.create_time_attr,
1287 (unsigned long) create_time);
1288 }
1289 } else if (strcasecmp_m(name, attr_strings.create_time_attr) == 0) {
1290 if (determine_size) {
1291 p = talloc_asprintf(ctx, "%lu", (unsigned long) create_time);
1292 if (!p) {
1293 errno = ENOMEM;
1294 return -1;
1295 }
1296 n = strlen(p);
1297 } else {
1298 n = snprintf(buf, bufsize,
1299 "%lu", (unsigned long) create_time);
1300 }
1301 }
1302
1303 if (!determine_size && n > bufsize) {
1304 errno = ERANGE;
1305 return -1;
1306 }
1307 buf += n;
1308 n_used += n;
1309 bufsize -= n;
1310 n = 0;
1311 }
1312
1313 if (! exclude_dos_access_time) {
1314 if (all || all_dos) {
1315 if (determine_size) {
1316 p = talloc_asprintf(ctx,
1317 ",%s:%lu",
1318 attr_strings.access_time_attr,
1319 (unsigned long) access_time);
1320 if (!p) {
1321 errno = ENOMEM;
1322 return -1;
1323 }
1324 n = strlen(p);
1325 } else {
1326 n = snprintf(buf, bufsize,
1327 ",%s:%lu",
1328 attr_strings.access_time_attr,
1329 (unsigned long) access_time);
1330 }
1331 } else if (strcasecmp_m(name, attr_strings.access_time_attr) == 0) {
1332 if (determine_size) {
1333 p = talloc_asprintf(ctx, "%lu", (unsigned long) access_time);
1334 if (!p) {
1335 errno = ENOMEM;
1336 return -1;
1337 }
1338 n = strlen(p);
1339 } else {
1340 n = snprintf(buf, bufsize,
1341 "%lu", (unsigned long) access_time);
1342 }
1343 }
1344
1345 if (!determine_size && n > bufsize) {
1346 errno = ERANGE;
1347 return -1;
1348 }
1349 buf += n;
1350 n_used += n;
1351 bufsize -= n;
1352 n = 0;
1353 }
1354
1355 if (! exclude_dos_write_time) {
1356 if (all || all_dos) {
1357 if (determine_size) {
1358 p = talloc_asprintf(ctx,
1359 ",%s:%lu",
1360 attr_strings.write_time_attr,
1361 (unsigned long) write_time);
1362 if (!p) {
1363 errno = ENOMEM;
1364 return -1;
1365 }
1366 n = strlen(p);
1367 } else {
1368 n = snprintf(buf, bufsize,
1369 ",%s:%lu",
1370 attr_strings.write_time_attr,
1371 (unsigned long) write_time);
1372 }
1373 } else if (strcasecmp_m(name, attr_strings.write_time_attr) == 0) {
1374 if (determine_size) {
1375 p = talloc_asprintf(ctx, "%lu", (unsigned long) write_time);
1376 if (!p) {
1377 errno = ENOMEM;
1378 return -1;
1379 }
1380 n = strlen(p);
1381 } else {
1382 n = snprintf(buf, bufsize,
1383 "%lu", (unsigned long) write_time);
1384 }
1385 }
1386
1387 if (!determine_size && n > bufsize) {
1388 errno = ERANGE;
1389 return -1;
1390 }
1391 buf += n;
1392 n_used += n;
1393 bufsize -= n;
1394 n = 0;
1395 }
1396
1397 if (! exclude_dos_change_time) {
1398 if (all || all_dos) {
1399 if (determine_size) {
1400 p = talloc_asprintf(ctx,
1401 ",%s:%lu",
1402 attr_strings.change_time_attr,
1403 (unsigned long) change_time);
1404 if (!p) {
1405 errno = ENOMEM;
1406 return -1;
1407 }
1408 n = strlen(p);
1409 } else {
1410 n = snprintf(buf, bufsize,
1411 ",%s:%lu",
1412 attr_strings.change_time_attr,
1413 (unsigned long) change_time);
1414 }
1415 } else if (strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
1416 if (determine_size) {
1417 p = talloc_asprintf(ctx, "%lu", (unsigned long) change_time);
1418 if (!p) {
1419 errno = ENOMEM;
1420 return -1;
1421 }
1422 n = strlen(p);
1423 } else {
1424 n = snprintf(buf, bufsize,
1425 "%lu", (unsigned long) change_time);
1426 }
1427 }
1428
1429 if (!determine_size && n > bufsize) {
1430 errno = ERANGE;
1431 return -1;
1432 }
1433 buf += n;
1434 n_used += n;
1435 bufsize -= n;
1436 n = 0;
1437 }
1438
1439 if (! exclude_dos_inode) {
1440 if (all || all_dos) {
1441 if (determine_size) {
1442 p = talloc_asprintf(
1443 ctx,
1444 ",INODE:%.0f",
1445 (double)ino);
1446 if (!p) {
1447 errno = ENOMEM;
1448 return -1;
1449 }
1450 n = strlen(p);
1451 } else {
1452 n = snprintf(buf, bufsize,
1453 ",INODE:%.0f",
1454 (double) ino);
1455 }
1456 } else if (strcasecmp_m(name, "inode") == 0) {
1457 if (determine_size) {
1458 p = talloc_asprintf(
1459 ctx,
1460 "%.0f",
1461 (double) ino);
1462 if (!p) {
1463 errno = ENOMEM;
1464 return -1;
1465 }
1466 n = strlen(p);
1467 } else {
1468 n = snprintf(buf, bufsize,
1469 "%.0f",
1470 (double) ino);
1471 }
1472 }
1473
1474 if (!determine_size && n > bufsize) {
1475 errno = ERANGE;
1476 return -1;
1477 }
1478 buf += n;
1479 n_used += n;
1480 bufsize -= n;
1481 n = 0;
1482 }
1483
1484 /* Restore name pointer to its original value */
1485 name -= 16;
1486 }
1487
1488 if (n_used == 0) {
1489 errno = ENOATTR;
1490 return -1;
1491 }
1492
1493 return n_used;
1494 }
1495
1496 /*****************************************************
1497 set the ACLs on a file given an ascii description
1498 *******************************************************/
1499 static int
1500 cacl_set(SMBCCTX *context,
1501 TALLOC_CTX *ctx,
1502 struct cli_state *cli,
1503 struct cli_state *ipc_cli,
1504 struct policy_handle *pol,
1505 const char *filename,
1506 char *the_acl,
1507 int mode,
1508 int flags)
1509 {
1510 uint16_t fnum = (uint16_t)-1;
1511 int err = 0;
1512 struct security_descriptor *sd = NULL, *old;
1513 struct security_acl *dacl = NULL;
1514 struct dom_sid *owner_sid = NULL;
1515 struct dom_sid *group_sid = NULL;
1516 uint32 i, j;
1517 size_t sd_size;
1518 int ret = 0;
1519 char *p;
1520 bool numeric = True;
1521 char *targetpath = NULL;
1522 struct cli_state *targetcli = NULL;
1523 NTSTATUS status;
1524
1525 /* the_acl will be null for REMOVE_ALL operations */
1526 if (the_acl) {
1527 numeric = ((p = strchr(the_acl, ':')) != NULL &&
1528 p > the_acl &&
1529 p[-1] != '+');
1530
1531 /* if this is to set the entire ACL... */
1532 if (*the_acl == '*') {
1533 /* ... then increment past the first colon */
1534 the_acl = p + 1;
1535 }
1536
1537 sd = sec_desc_parse(ctx, ipc_cli, pol, numeric, the_acl);
1538 if (!sd) {
1539 errno = EINVAL;
1540 return -1;
1541 }
1542 }
1543
1544 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1545 that doesn't deref sd */
1546
1547 if (!sd && (mode != SMBC_XATTR_MODE_REMOVE_ALL)) {
1548 errno = EINVAL;
1549 return -1;
1550 }
1551
1552 status = cli_resolve_path(ctx, "", context->internal->auth_info,
1553 cli, filename, &targetcli, &targetpath);
1554 if (!NT_STATUS_IS_OK(status)) {
1555 DEBUG(5,("cacl_set: Could not resolve %s\n", filename));
1556 errno = ENOENT;
1557 return -1;
1558 }
1559
1560 /* The desired access below is the only one I could find that works
1561 with NT4, W2KP and Samba */
1562
1563 status = cli_ntcreate(targetcli, targetpath, 0, CREATE_ACCESS_READ, 0,
1564 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN,
1565 0x0, 0x0, &fnum);
1566 if (!NT_STATUS_IS_OK(status)) {
1567 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1568 targetpath, nt_errstr(status)));
1569 errno = 0;
1570 return -1;
1571 }
1572
1573 status = cli_query_secdesc(targetcli, fnum, ctx, &old);
1574 if (!NT_STATUS_IS_OK(status)) {
1575 DEBUG(5,("cacl_set Failed to query old descriptor of %s: %s\n",
1576 targetpath, nt_errstr(status)));
1577 errno = 0;
1578 return -1;
1579 }
1580
1581 cli_close(targetcli, fnum);
1582
1583 switch (mode) {
1584 case SMBC_XATTR_MODE_REMOVE_ALL:
1585 old->dacl->num_aces = 0;
1586 dacl = old->dacl;
1587 break;
1588
1589 case SMBC_XATTR_MODE_REMOVE:
1590 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1591 bool found = False;
1592
1593 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1594 if (sec_ace_equal(&sd->dacl->aces[i],
1595 &old->dacl->aces[j])) {
1596 uint32 k;
1597 for (k=j; k<old->dacl->num_aces-1;k++) {
1598 old->dacl->aces[k] =
1599 old->dacl->aces[k+1];
1600 }
1601 old->dacl->num_aces--;
1602 found = True;
1603 dacl = old->dacl;
1604 break;
1605 }
1606 }
1607
1608 if (!found) {
1609 err = ENOATTR;
1610 ret = -1;
1611 goto failed;
1612 }
1613 }
1614 break;
1615
1616 case SMBC_XATTR_MODE_ADD:
1617 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1618 bool found = False;
1619
1620 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1621 if (dom_sid_equal(&sd->dacl->aces[i].trustee,
1622 &old->dacl->aces[j].trustee)) {
1623 if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
1624 err = EEXIST;
1625 ret = -1;
1626 goto failed;
1627 }
1628 old->dacl->aces[j] = sd->dacl->aces[i];
1629 ret = -1;
1630 found = True;
1631 }
1632 }
1633
1634 if (!found && (flags & SMBC_XATTR_FLAG_REPLACE)) {
1635 err = ENOATTR;
1636 ret = -1;
1637 goto failed;
1638 }
1639
1640 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1641 add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
1642 }
1643 }
1644 dacl = old->dacl;
1645 break;
1646
1647 case SMBC_XATTR_MODE_SET:
1648 old = sd;
1649 owner_sid = old->owner_sid;
1650 group_sid = old->group_sid;
1651 dacl = old->dacl;
1652 break;
1653
1654 case SMBC_XATTR_MODE_CHOWN:
1655 owner_sid = sd->owner_sid;
1656 break;
1657
1658 case SMBC_XATTR_MODE_CHGRP:
1659 group_sid = sd->group_sid;
1660 break;
1661 }
1662
1663 /* Denied ACE entries must come before allowed ones */
1664 sort_acl(old->dacl);
1665
1666 /* Create new security descriptor and set it */
1667 sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
1668 owner_sid, group_sid, NULL, dacl, &sd_size);
1669
1670 status = cli_ntcreate(targetcli, targetpath, 0,
1671 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS, 0,
1672 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN,
1673 0x0, 0x0, &fnum);
1674 if (!NT_STATUS_IS_OK(status)) {
1675 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1676 targetpath, nt_errstr(status)));
1677 errno = 0;
1678 return -1;
1679 }
1680
1681 status = cli_set_secdesc(targetcli, fnum, sd);
1682 if (!NT_STATUS_IS_OK(status)) {
1683 DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1684 nt_errstr(status)));
1685 ret = -1;
1686 }
1687
1688 /* Clean up */
1689
1690 failed:
1691 cli_close(targetcli, fnum);
1692
1693 if (err != 0) {
1694 errno = err;
1695 }
1696
1697 return ret;
1698 }
1699
1700
1701 int
1702 SMBC_setxattr_ctx(SMBCCTX *context,
1703 const char *fname,
1704 const char *name,
1705 const void *value,
1706 size_t size,
1707 int flags)
1708 {
1709 int ret;
1710 int ret2;
1711 SMBCSRV *srv = NULL;
1712 SMBCSRV *ipc_srv = NULL;
1713 char *server = NULL;
1714 char *share = NULL;
1715 char *user = NULL;
1716 char *password = NULL;
1717 char *workgroup = NULL;
1718 char *path = NULL;
1719 DOS_ATTR_DESC *dad = NULL;
1720 struct {
1721 const char * create_time_attr;
1722 const char * access_time_attr;
1723 const char * write_time_attr;
1724 const char * change_time_attr;
1725 } attr_strings;
1726 TALLOC_CTX *frame = talloc_stackframe();
1727
1728 if (!context || !context->internal->initialized) {
1729 errno = EINVAL; /* Best I can think of ... */
1730 TALLOC_FREE(frame);
1731 return -1;
1732 }
1733
1734 if (!fname) {
1735 errno = EINVAL;
1736 TALLOC_FREE(frame);
1737 return -1;
1738 }
1739
1740 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1741 fname, name, (int) size, (const char*)value));
1742
1743 if (SMBC_parse_path(frame,
1744 context,
1745 fname,
1746 &workgroup,
1747 &server,
1748 &share,
1749 &path,
1750 &user,
1751 &password,
1752 NULL)) {
1753 errno = EINVAL;
1754 TALLOC_FREE(frame);
1755 return -1;
1756 }
1757
1758 if (!user || user[0] == (char)0) {
1759 user = talloc_strdup(frame, smbc_getUser(context));
1760 if (!user) {
1761 errno = ENOMEM;
1762 TALLOC_FREE(frame);
1763 return -1;
1764 }
1765 }
1766
1767 srv = SMBC_server(frame, context, True,
1768 server, share, &workgroup, &user, &password);
1769 if (!srv) {
1770 TALLOC_FREE(frame);
1771 return -1; /* errno set by SMBC_server */
1772 }
1773
1774 if (! srv->no_nt_session) {
1775 ipc_srv = SMBC_attr_server(frame, context, server, share,
1776 &workgroup, &user, &password);
1777 if (! ipc_srv) {
1778 srv->no_nt_session = True;
1779 }
1780 } else {
1781 ipc_srv = NULL;
1782 }
1783
1784 /*
1785 * Are they asking to set the entire set of known attributes?
1786 */
1787 if (strcasecmp_m(name, "system.*") == 0 ||
1788 strcasecmp_m(name, "system.*+") == 0) {
1789 /* Yup. */
1790 char *namevalue =
1791 talloc_asprintf(talloc_tos(), "%s:%s",
1792 name+7, (const char *) value);
1793 if (! namevalue) {
1794 errno = ENOMEM;
1795 ret = -1;
1796 TALLOC_FREE(frame);
1797 return -1;
1798 }
1799
1800 if (ipc_srv) {
1801 ret = cacl_set(context, talloc_tos(), srv->cli,
1802 ipc_srv->cli, &ipc_srv->pol, path,
1803 namevalue,
1804 (*namevalue == '*'
1805 ? SMBC_XATTR_MODE_SET
1806 : SMBC_XATTR_MODE_ADD),
1807 flags);
1808 } else {
1809 ret = 0;
1810 }
1811
1812 /* get a DOS Attribute Descriptor with current attributes */
1813 dad = dos_attr_query(context, talloc_tos(), path, srv);
1814 if (dad) {
1815 /* Overwrite old with new, using what was provided */
1816 dos_attr_parse(context, dad, srv, namevalue);
1817
1818 /* Set the new DOS attributes */
1819 if (! SMBC_setatr(context, srv, path,
1820 dad->create_time,
1821 dad->access_time,
1822 dad->write_time,
1823 dad->change_time,
1824 dad->mode)) {
1825
1826 /* cause failure if NT failed too */
1827 dad = NULL;
1828 }
1829 }
1830
1831 /* we only fail if both NT and DOS sets failed */
1832 if (ret < 0 && ! dad) {
1833 ret = -1; /* in case dad was null */
1834 }
1835 else {
1836 ret = 0;
1837 }
1838
1839 TALLOC_FREE(frame);
1840 return ret;
1841 }
1842
1843 /*
1844 * Are they asking to set an access control element or to set
1845 * the entire access control list?
1846 */
1847 if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
1848 strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
1849 strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
1850 strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
1851 strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
1852
1853 /* Yup. */
1854 char *namevalue =
1855 talloc_asprintf(talloc_tos(), "%s:%s",
1856 name+19, (const char *) value);
1857
1858 if (! ipc_srv) {
1859 ret = -1; /* errno set by SMBC_server() */
1860 }
1861 else if (! namevalue) {
1862 errno = ENOMEM;
1863 ret = -1;
1864 } else {
1865 ret = cacl_set(context, talloc_tos(), srv->cli,
1866 ipc_srv->cli, &ipc_srv->pol, path,
1867 namevalue,
1868 (*namevalue == '*'
1869 ? SMBC_XATTR_MODE_SET
1870 : SMBC_XATTR_MODE_ADD),
1871 flags);
1872 }
1873 TALLOC_FREE(frame);
1874 return ret;
1875 }
1876
1877 /*
1878 * Are they asking to set the owner?
1879 */
1880 if (strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
1881 strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0) {
1882
1883 /* Yup. */
1884 char *namevalue =
1885 talloc_asprintf(talloc_tos(), "%s:%s",
1886 name+19, (const char *) value);
1887
1888 if (! ipc_srv) {
1889 ret = -1; /* errno set by SMBC_server() */
1890 }
1891 else if (! namevalue) {
1892 errno = ENOMEM;
1893 ret = -1;
1894 } else {
1895 ret = cacl_set(context, talloc_tos(), srv->cli,
1896 ipc_srv->cli, &ipc_srv->pol, path,
1897 namevalue, SMBC_XATTR_MODE_CHOWN, 0);
1898 }
1899 TALLOC_FREE(frame);
1900 return ret;
1901 }
1902
1903 /*
1904 * Are they asking to set the group?
1905 */
1906 if (strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
1907 strcasecmp_m(name, "system.nt_sec_desc.group+") == 0) {
1908
1909 /* Yup. */
1910 char *namevalue =
1911 talloc_asprintf(talloc_tos(), "%s:%s",
1912 name+19, (const char *) value);
1913
1914 if (! ipc_srv) {
1915 /* errno set by SMBC_server() */
1916 ret = -1;
1917 }
1918 else if (! namevalue) {
1919 errno = ENOMEM;
1920 ret = -1;
1921 } else {
1922 ret = cacl_set(context, talloc_tos(), srv->cli,
1923 ipc_srv->cli, &ipc_srv->pol, path,
1924 namevalue, SMBC_XATTR_MODE_CHGRP, 0);
1925 }
1926 TALLOC_FREE(frame);
1927 return ret;
1928 }
1929
1930 /* Determine whether to use old-style or new-style attribute names */
1931 if (context->internal->full_time_names) {
1932 /* new-style names */
1933 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
1934 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
1935 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
1936 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
1937 } else {
1938 /* old-style names */
1939 attr_strings.create_time_attr = NULL;
1940 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
1941 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
1942 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
1943 }
1944
1945 /*
1946 * Are they asking to set a DOS attribute?
1947 */
1948 if (strcasecmp_m(name, "system.dos_attr.*") == 0 ||
1949 strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
1950 (attr_strings.create_time_attr != NULL &&
1951 strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
1952 strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
1953 strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
1954 strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
1955
1956 /* get a DOS Attribute Descriptor with current attributes */
1957 dad = dos_attr_query(context, talloc_tos(), path, srv);
1958 if (dad) {
1959 char *namevalue =
1960 talloc_asprintf(talloc_tos(), "%s:%s",
1961 name+16, (const char *) value);
1962 if (! namevalue) {
1963 errno = ENOMEM;
1964 ret = -1;
1965 } else {
1966 /* Overwrite old with provided new params */
1967 dos_attr_parse(context, dad, srv, namevalue);
1968
1969 /* Set the new DOS attributes */
1970 ret2 = SMBC_setatr(context, srv, path,
1971 dad->create_time,
1972 dad->access_time,
1973 dad->write_time,
1974 dad->change_time,
1975 dad->mode);
1976
1977 /* ret2 has True (success) / False (failure) */
1978 if (ret2) {
1979 ret = 0;
1980 } else {
1981 ret = -1;
1982 }
1983 }
1984 } else {
1985 ret = -1;
1986 }
1987
1988 TALLOC_FREE(frame);
1989 return ret;
1990 }
1991
1992 /* Unsupported attribute name */
1993 errno = EINVAL;
1994 TALLOC_FREE(frame);
1995 return -1;
1996 }
1997
1998 int
1999 SMBC_getxattr_ctx(SMBCCTX *context,
2000 const char *fname,
2001 const char *name,
2002 const void *value,
2003 size_t size)
2004 {
2005 int ret;
2006 SMBCSRV *srv = NULL;
2007 SMBCSRV *ipc_srv = NULL;
2008 char *server = NULL;
2009 char *share = NULL;
2010 char *user = NULL;
2011 char *password = NULL;
2012 char *workgroup = NULL;
2013 char *path = NULL;
2014 struct {
2015 const char * create_time_attr;
2016 const char * access_time_attr;
2017 const char * write_time_attr;
2018 const char * change_time_attr;
2019 } attr_strings;
2020 TALLOC_CTX *frame = talloc_stackframe();
2021
2022 if (!context || !context->internal->initialized) {
2023 errno = EINVAL; /* Best I can think of ... */
2024 TALLOC_FREE(frame);
2025 return -1;
2026 }
2027
2028 if (!fname) {
2029 errno = EINVAL;
2030 TALLOC_FREE(frame);
2031 return -1;
2032 }
2033
2034 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname, name));
2035
2036 if (SMBC_parse_path(frame,
2037 context,
2038 fname,
2039 &workgroup,
2040 &server,
2041 &share,
2042 &path,
2043 &user,
2044 &password,
2045 NULL)) {
2046 errno = EINVAL;
2047 TALLOC_FREE(frame);
2048 return -1;
2049 }
2050
2051 if (!user || user[0] == (char)0) {
2052 user = talloc_strdup(frame, smbc_getUser(context));
2053 if (!user) {
2054 errno = ENOMEM;
2055 TALLOC_FREE(frame);
2056 return -1;
2057 }
2058 }
2059
2060 srv = SMBC_server(frame, context, True,
2061 server, share, &workgroup, &user, &password);
2062 if (!srv) {
2063 TALLOC_FREE(frame);
2064 return -1; /* errno set by SMBC_server */
2065 }
2066
2067 if (! srv->no_nt_session) {
2068 ipc_srv = SMBC_attr_server(frame, context, server, share,
2069 &workgroup, &user, &password);
2070 if (! ipc_srv) {
2071 srv->no_nt_session = True;
2072 }
2073 } else {
2074 ipc_srv = NULL;
2075 }
2076
2077 /* Determine whether to use old-style or new-style attribute names */
2078 if (context->internal->full_time_names) {
2079 /* new-style names */
2080 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
2081 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
2082 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
2083 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
2084 } else {
2085 /* old-style names */
2086 attr_strings.create_time_attr = NULL;
2087 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
2088 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
2089 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
2090 }
2091
2092 /* Are they requesting a supported attribute? */
2093 if (strcasecmp_m(name, "system.*") == 0 ||
2094 strncasecmp_m(name, "system.*!", 9) == 0 ||
2095 strcasecmp_m(name, "system.*+") == 0 ||
2096 strncasecmp_m(name, "system.*+!", 10) == 0 ||
2097 strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
2098 strncasecmp_m(name, "system.nt_sec_desc.*!", 21) == 0 ||
2099 strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
2100 strncasecmp_m(name, "system.nt_sec_desc.*+!", 22) == 0 ||
2101 strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
2102 strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
2103 strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
2104 strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
2105 strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
2106 strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
2107 strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0 ||
2108 strcasecmp_m(name, "system.dos_attr.*") == 0 ||
2109 strncasecmp_m(name, "system.dos_attr.*!", 18) == 0 ||
2110 strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
2111 strcasecmp_m(name, "system.dos_attr.size") == 0 ||
2112 (attr_strings.create_time_attr != NULL &&
2113 strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
2114 strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
2115 strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
2116 strcasecmp_m(name, attr_strings.change_time_attr) == 0 ||
2117 strcasecmp_m(name, "system.dos_attr.inode") == 0) {
2118
2119 /* Yup. */
2120 const char *filename = name;
2121 ret = cacl_get(context, talloc_tos(), srv,
2122 ipc_srv == NULL ? NULL : ipc_srv->cli,
2123 &ipc_srv->pol, path,
2124 filename,
2125 discard_const_p(char, value),
2126 size);
2127 if (ret < 0 && errno == 0) {
2128 errno = SMBC_errno(context, srv->cli);
2129 }
2130 TALLOC_FREE(frame);
2131 return ret;
2132 }
2133
2134 /* Unsupported attribute name */
2135 errno = EINVAL;
2136 TALLOC_FREE(frame);
2137 return -1;
2138 }
2139
2140
2141 int
2142 SMBC_removexattr_ctx(SMBCCTX *context,
2143 const char *fname,
2144 const char *name)
2145 {
2146 int ret;
2147 SMBCSRV *srv = NULL;
2148 SMBCSRV *ipc_srv = NULL;
2149 char *server = NULL;
2150 char *share = NULL;
2151 char *user = NULL;
2152 char *password = NULL;
2153 char *workgroup = NULL;
2154 char *path = NULL;
2155 TALLOC_CTX *frame = talloc_stackframe();
2156
2157 if (!context || !context->internal->initialized) {
2158 errno = EINVAL; /* Best I can think of ... */
2159 TALLOC_FREE(frame);
2160 return -1;
2161 }
2162
2163 if (!fname) {
2164 errno = EINVAL;
2165 TALLOC_FREE(frame);
2166 return -1;
2167 }
2168
2169 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname, name));
2170
2171 if (SMBC_parse_path(frame,
2172 context,
2173 fname,
2174 &workgroup,
2175 &server,
2176 &share,
2177 &path,
2178 &user,
2179 &password,
2180 NULL)) {
2181 errno = EINVAL;
2182 TALLOC_FREE(frame);
2183 return -1;
2184 }
2185
2186 if (!user || user[0] == (char)0) {
2187 user = talloc_strdup(frame, smbc_getUser(context));
2188 if (!user) {
2189 errno = ENOMEM;
2190 TALLOC_FREE(frame);
2191 return -1;
2192 }
2193 }
2194
2195 srv = SMBC_server(frame, context, True,
2196 server, share, &workgroup, &user, &password);
2197 if (!srv) {
2198 TALLOC_FREE(frame);
2199 return -1; /* errno set by SMBC_server */
2200 }
2201
2202 if (! srv->no_nt_session) {
2203 ipc_srv = SMBC_attr_server(frame, context, server, share,
2204 &workgroup, &user, &password);
2205 if (! ipc_srv) {
2206 srv->no_nt_session = True;
2207 }
2208 } else {
2209 ipc_srv = NULL;
2210 }
2211
2212 if (! ipc_srv) {
2213 TALLOC_FREE(frame);
2214 return -1; /* errno set by SMBC_attr_server */
2215 }
2216
2217 /* Are they asking to set the entire ACL? */
2218 if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
2219 strcasecmp_m(name, "system.nt_sec_desc.*+") == 0) {
2220
2221 /* Yup. */
2222 ret = cacl_set(context, talloc_tos(), srv->cli,
2223 ipc_srv->cli, &ipc_srv->pol, path,
2224 NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
2225 TALLOC_FREE(frame);
2226 return ret;
2227 }
2228
2229 /*
2230 * Are they asking to remove one or more spceific security descriptor
2231 * attributes?
2232 */
2233 if (strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
2234 strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
2235 strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
2236 strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
2237 strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
2238 strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
2239 strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
2240
2241 /* Yup. */
2242 ret = cacl_set(context, talloc_tos(), srv->cli,
2243 ipc_srv->cli, &ipc_srv->pol, path,
2244 discard_const_p(char, name) + 19,
2245 SMBC_XATTR_MODE_REMOVE, 0);
2246 TALLOC_FREE(frame);
2247 return ret;
2248 }
2249
2250 /* Unsupported attribute name */
2251 errno = EINVAL;
2252 TALLOC_FREE(frame);
2253 return -1;
2254 }
2255
2256 int
2257 SMBC_listxattr_ctx(SMBCCTX *context,
2258 const char *fname,
2259 char *list,
2260 size_t size)
2261 {
2262 /*
2263 * This isn't quite what listxattr() is supposed to do. This returns
2264 * the complete set of attribute names, always, rather than only those
2265 * attribute names which actually exist for a file. Hmmm...
2266 */
2267 size_t retsize;
2268 const char supported_old[] =
2269 "system.*\0"
2270 "system.*+\0"
2271 "system.nt_sec_desc.revision\0"
2272 "system.nt_sec_desc.owner\0"
2273 "system.nt_sec_desc.owner+\0"
2274 "system.nt_sec_desc.group\0"
2275 "system.nt_sec_desc.group+\0"
2276 "system.nt_sec_desc.acl.*\0"
2277 "system.nt_sec_desc.acl\0"
2278 "system.nt_sec_desc.acl+\0"
2279 "system.nt_sec_desc.*\0"
2280 "system.nt_sec_desc.*+\0"
2281 "system.dos_attr.*\0"
2282 "system.dos_attr.mode\0"
2283 "system.dos_attr.c_time\0"
2284 "system.dos_attr.a_time\0"
2285 "system.dos_attr.m_time\0"
2286 ;
2287 const char supported_new[] =
2288 "system.*\0"
2289 "system.*+\0"
2290 "system.nt_sec_desc.revision\0"
2291 "system.nt_sec_desc.owner\0"
2292 "system.nt_sec_desc.owner+\0"
2293 "system.nt_sec_desc.group\0"
2294 "system.nt_sec_desc.group+\0"
2295 "system.nt_sec_desc.acl.*\0"
2296 "system.nt_sec_desc.acl\0"
2297 "system.nt_sec_desc.acl+\0"
2298 "system.nt_sec_desc.*\0"
2299 "system.nt_sec_desc.*+\0"
2300 "system.dos_attr.*\0"
2301 "system.dos_attr.mode\0"
2302 "system.dos_attr.create_time\0"
2303 "system.dos_attr.access_time\0"
2304 "system.dos_attr.write_time\0"
2305 "system.dos_attr.change_time\0"
2306 ;
2307 const char * supported;
2308
2309 if (context->internal->full_time_names) {
2310 supported = supported_new;
2311 retsize = sizeof(supported_new);
2312 } else {
2313 supported = supported_old;
2314 retsize = sizeof(supported_old);
2315 }
2316
2317 if (size == 0) {
2318 return retsize;
2319 }
2320
2321 if (retsize > size) {
2322 errno = ERANGE;
2323 return -1;
2324 }
2325
2326 /* this can't be strcpy() because there are embedded null characters */
2327 memcpy(list, supported, retsize);
2328 return retsize;
2329 }
WIP