search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3/packaging: pam_winbind has been moved to section 8.
[Samba/gbeck.git] / source3 / libsmb / libsmb_xattr.c
blobe4a0a0558638b272aac39e517fee1c3e26e63556
1 /*
2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "libsmbclient.h"
27 #include "libsmb_internal.h"
28
29
30 /*
31 * Find an lsa pipe handle associated with a cli struct.
32 */
33 static struct rpc_pipe_client *
34 find_lsa_pipe_hnd(struct cli_state *ipc_cli)
35 {
36 struct rpc_pipe_client *pipe_hnd;
37
38 for (pipe_hnd = ipc_cli->pipe_list;
39 pipe_hnd;
40 pipe_hnd = pipe_hnd->next) {
41
42 if (ndr_syntax_id_equal(&pipe_hnd->abstract_syntax,
43 &ndr_table_lsarpc.syntax_id)) {
44 return pipe_hnd;
45 }
46 }
47
48 return NULL;
49 }
50
51 /*
52 * Sort ACEs according to the documentation at
53 * http://support.microsoft.com/kb/269175, at least as far as it defines the
54 * order.
55 */
56
57 static int
58 ace_compare(SEC_ACE *ace1,
59 SEC_ACE *ace2)
60 {
61 bool b1;
62 bool b2;
63
64 /* If the ACEs are equal, we have nothing more to do. */
65 if (sec_ace_equal(ace1, ace2)) {
66 return 0;
67 }
68
69 /* Inherited follow non-inherited */
70 b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
71 b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
72 if (b1 != b2) {
73 return (b1 ? 1 : -1);
74 }
75
76 /*
77 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
78 * sort them after DENY and ALLOW.
79 */
80 b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
81 ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
82 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
83 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
84 b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
85 ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
86 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
87 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
88 if (b1 != b2) {
89 return (b1 ? 1 : -1);
90 }
91
92 /* Allowed ACEs follow denied ACEs */
93 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
94 ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
95 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
96 ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
97 if (b1 != b2) {
98 return (b1 ? 1 : -1);
99 }
100
101 /*
102 * ACEs applying to an entity's object follow those applying to the
103 * entity itself
104 */
105 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
106 ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
107 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
108 ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
109 if (b1 != b2) {
110 return (b1 ? 1 : -1);
111 }
112
113 /*
114 * If we get this far, the ACEs are similar as far as the
115 * characteristics we typically care about (those defined by the
116 * referenced MS document). We'll now sort by characteristics that
117 * just seems reasonable.
118 */
119
120 if (ace1->type != ace2->type) {
121 return ace2->type - ace1->type;
122 }
123
124 if (sid_compare(&ace1->trustee, &ace2->trustee)) {
125 return sid_compare(&ace1->trustee, &ace2->trustee);
126 }
127
128 if (ace1->flags != ace2->flags) {
129 return ace1->flags - ace2->flags;
130 }
131
132 if (ace1->access_mask != ace2->access_mask) {
133 return ace1->access_mask - ace2->access_mask;
134 }
135
136 if (ace1->size != ace2->size) {
137 return ace1->size - ace2->size;
138 }
139
140 return memcmp(ace1, ace2, sizeof(SEC_ACE));
141 }
142
143
144 static void
145 sort_acl(SEC_ACL *the_acl)
146 {
147 uint32 i;
148 if (!the_acl) return;
149
150 qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]),
151 QSORT_CAST ace_compare);
152
153 for (i=1;i<the_acl->num_aces;) {
154 if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) {
155 int j;
156 for (j=i; j<the_acl->num_aces-1; j++) {
157 the_acl->aces[j] = the_acl->aces[j+1];
158 }
159 the_acl->num_aces--;
160 } else {
161 i++;
162 }
163 }
164 }
165
166 /* convert a SID to a string, either numeric or username/group */
167 static void
168 convert_sid_to_string(struct cli_state *ipc_cli,
169 struct policy_handle *pol,
170 fstring str,
171 bool numeric,
172 DOM_SID *sid)
173 {
174 char **domains = NULL;
175 char **names = NULL;
176 enum lsa_SidType *types = NULL;
177 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
178 TALLOC_CTX *ctx;
179
180 sid_to_fstring(str, sid);
181
182 if (numeric) {
183 return; /* no lookup desired */
184 }
185
186 if (!pipe_hnd) {
187 return;
188 }
189
190 /* Ask LSA to convert the sid to a name */
191
192 ctx = talloc_stackframe();
193
194 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd, ctx,
195 pol, 1, sid, &domains,
196 &names, &types)) ||
197 !domains || !domains[0] || !names || !names[0]) {
198 TALLOC_FREE(ctx);
199 return;
200 }
201
202 /* Converted OK */
203
204 slprintf(str, sizeof(fstring) - 1, "%s%s%s",
205 domains[0], lp_winbind_separator(),
206 names[0]);
207
208 TALLOC_FREE(ctx);
209 }
210
211 /* convert a string to a SID, either numeric or username/group */
212 static bool
213 convert_string_to_sid(struct cli_state *ipc_cli,
214 struct policy_handle *pol,
215 bool numeric,
216 DOM_SID *sid,
217 const char *str)
218 {
219 enum lsa_SidType *types = NULL;
220 DOM_SID *sids = NULL;
221 bool result = True;
222 TALLOC_CTX *ctx = NULL;
223 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
224
225 if (!pipe_hnd) {
226 return False;
227 }
228
229 if (numeric) {
230 if (strncmp(str, "S-", 2) == 0) {
231 return string_to_sid(sid, str);
232 }
233
234 result = False;
235 goto done;
236 }
237
238 ctx = talloc_stackframe();
239 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd, ctx,
240 pol, 1, &str,
241 NULL, 1, &sids,
242 &types))) {
243 result = False;
244 goto done;
245 }
246
247 sid_copy(sid, &sids[0]);
248 done:
249
250 TALLOC_FREE(ctx);
251 return result;
252 }
253
254
255 /* parse an ACE in the same format as print_ace() */
256 static bool
257 parse_ace(struct cli_state *ipc_cli,
258 struct policy_handle *pol,
259 SEC_ACE *ace,
260 bool numeric,
261 char *str)
262 {
263 char *p;
264 const char *cp;
265 char *tok;
266 unsigned int atype;
267 unsigned int aflags;
268 unsigned int amask;
269 DOM_SID sid;
270 uint32_t mask;
271 const struct perm_value *v;
272 struct perm_value {
273 const char *perm;
274 uint32 mask;
275 };
276 TALLOC_CTX *frame = talloc_stackframe();
277
278 /* These values discovered by inspection */
279 static const struct perm_value special_values[] = {
280 { "R", 0x00120089 },
281 { "W", 0x00120116 },
282 { "X", 0x001200a0 },
283 { "D", 0x00010000 },
284 { "P", 0x00040000 },
285 { "O", 0x00080000 },
286 { NULL, 0 },
287 };
288
289 static const struct perm_value standard_values[] = {
290 { "READ", 0x001200a9 },
291 { "CHANGE", 0x001301bf },
292 { "FULL", 0x001f01ff },
293 { NULL, 0 },
294 };
295
296
297 ZERO_STRUCTP(ace);
298 p = strchr_m(str,':');
299 if (!p) {
300 TALLOC_FREE(frame);
301 return False;
302 }
303 *p = '\0';
304 p++;
305 /* Try to parse numeric form */
306
307 if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
308 convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
309 goto done;
310 }
311
312 /* Try to parse text form */
313
314 if (!convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
315 TALLOC_FREE(frame);
316 return false;
317 }
318
319 cp = p;
320 if (!next_token_talloc(frame, &cp, &tok, "/")) {
321 TALLOC_FREE(frame);
322 return false;
323 }
324
325 if (StrnCaseCmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
326 atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
327 } else if (StrnCaseCmp(tok, "DENIED", strlen("DENIED")) == 0) {
328 atype = SEC_ACE_TYPE_ACCESS_DENIED;
329 } else {
330 TALLOC_FREE(frame);
331 return false;
332 }
333
334 /* Only numeric form accepted for flags at present */
335
336 if (!(next_token_talloc(frame, &cp, &tok, "/") &&
337 sscanf(tok, "%i", &aflags))) {
338 TALLOC_FREE(frame);
339 return false;
340 }
341
342 if (!next_token_talloc(frame, &cp, &tok, "/")) {
343 TALLOC_FREE(frame);
344 return false;
345 }
346
347 if (strncmp(tok, "0x", 2) == 0) {
348 if (sscanf(tok, "%i", &amask) != 1) {
349 TALLOC_FREE(frame);
350 return false;
351 }
352 goto done;
353 }
354
355 for (v = standard_values; v->perm; v++) {
356 if (strcmp(tok, v->perm) == 0) {
357 amask = v->mask;
358 goto done;
359 }
360 }
361
362 p = tok;
363
364 while(*p) {
365 bool found = False;
366
367 for (v = special_values; v->perm; v++) {
368 if (v->perm[0] == *p) {
369 amask |= v->mask;
370 found = True;
371 }
372 }
373
374 if (!found) {
375 TALLOC_FREE(frame);
376 return false;
377 }
378 p++;
379 }
380
381 if (*p) {
382 TALLOC_FREE(frame);
383 return false;
384 }
385
386 done:
387 mask = amask;
388 init_sec_ace(ace, &sid, atype, mask, aflags);
389 TALLOC_FREE(frame);
390 return true;
391 }
392
393 /* add an ACE to a list of ACEs in a SEC_ACL */
394 static bool
395 add_ace(SEC_ACL **the_acl,
396 SEC_ACE *ace,
397 TALLOC_CTX *ctx)
398 {
399 SEC_ACL *newacl;
400 SEC_ACE *aces;
401
402 if (! *the_acl) {
403 (*the_acl) = make_sec_acl(ctx, 3, 1, ace);
404 return True;
405 }
406
407 if ((aces = SMB_CALLOC_ARRAY(SEC_ACE,
408 1+(*the_acl)->num_aces)) == NULL) {
409 return False;
410 }
411 memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE));
412 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
413 newacl = make_sec_acl(ctx, (*the_acl)->revision,
414 1+(*the_acl)->num_aces, aces);
415 SAFE_FREE(aces);
416 (*the_acl) = newacl;
417 return True;
418 }
419
420
421 /* parse a ascii version of a security descriptor */
422 static SEC_DESC *
423 sec_desc_parse(TALLOC_CTX *ctx,
424 struct cli_state *ipc_cli,
425 struct policy_handle *pol,
426 bool numeric,
427 const char *str)
428 {
429 const char *p = str;
430 char *tok;
431 SEC_DESC *ret = NULL;
432 size_t sd_size;
433 DOM_SID *group_sid=NULL;
434 DOM_SID *owner_sid=NULL;
435 SEC_ACL *dacl=NULL;
436 int revision=1;
437
438 while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
439
440 if (StrnCaseCmp(tok,"REVISION:", 9) == 0) {
441 revision = strtol(tok+9, NULL, 16);
442 continue;
443 }
444
445 if (StrnCaseCmp(tok,"OWNER:", 6) == 0) {
446 if (owner_sid) {
447 DEBUG(5,("OWNER specified more than once!\n"));
448 goto done;
449 }
450 owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
451 if (!owner_sid ||
452 !convert_string_to_sid(ipc_cli, pol,
453 numeric,
454 owner_sid, tok+6)) {
455 DEBUG(5, ("Failed to parse owner sid\n"));
456 goto done;
457 }
458 continue;
459 }
460
461 if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) {
462 if (owner_sid) {
463 DEBUG(5,("OWNER specified more than once!\n"));
464 goto done;
465 }
466 owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
467 if (!owner_sid ||
468 !convert_string_to_sid(ipc_cli, pol,
469 False,
470 owner_sid, tok+7)) {
471 DEBUG(5, ("Failed to parse owner sid\n"));
472 goto done;
473 }
474 continue;
475 }
476
477 if (StrnCaseCmp(tok,"GROUP:", 6) == 0) {
478 if (group_sid) {
479 DEBUG(5,("GROUP specified more than once!\n"));
480 goto done;
481 }
482 group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
483 if (!group_sid ||
484 !convert_string_to_sid(ipc_cli, pol,
485 numeric,
486 group_sid, tok+6)) {
487 DEBUG(5, ("Failed to parse group sid\n"));
488 goto done;
489 }
490 continue;
491 }
492
493 if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) {
494 if (group_sid) {
495 DEBUG(5,("GROUP specified more than once!\n"));
496 goto done;
497 }
498 group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
499 if (!group_sid ||
500 !convert_string_to_sid(ipc_cli, pol,
501 False,
502 group_sid, tok+6)) {
503 DEBUG(5, ("Failed to parse group sid\n"));
504 goto done;
505 }
506 continue;
507 }
508
509 if (StrnCaseCmp(tok,"ACL:", 4) == 0) {
510 SEC_ACE ace;
511 if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
512 DEBUG(5, ("Failed to parse ACL %s\n", tok));
513 goto done;
514 }
515 if(!add_ace(&dacl, &ace, ctx)) {
516 DEBUG(5, ("Failed to add ACL %s\n", tok));
517 goto done;
518 }
519 continue;
520 }
521
522 if (StrnCaseCmp(tok,"ACL+:", 5) == 0) {
523 SEC_ACE ace;
524 if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
525 DEBUG(5, ("Failed to parse ACL %s\n", tok));
526 goto done;
527 }
528 if(!add_ace(&dacl, &ace, ctx)) {
529 DEBUG(5, ("Failed to add ACL %s\n", tok));
530 goto done;
531 }
532 continue;
533 }
534
535 DEBUG(5, ("Failed to parse security descriptor\n"));
536 goto done;
537 }
538
539 ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE,
540 owner_sid, group_sid, NULL, dacl, &sd_size);
541
542 done:
543 SAFE_FREE(group_sid);
544 SAFE_FREE(owner_sid);
545
546 return ret;
547 }
548
549
550 /* Obtain the current dos attributes */
551 static DOS_ATTR_DESC *
552 dos_attr_query(SMBCCTX *context,
553 TALLOC_CTX *ctx,
554 const char *filename,
555 SMBCSRV *srv)
556 {
557 struct timespec create_time_ts;
558 struct timespec write_time_ts;
559 struct timespec access_time_ts;
560 struct timespec change_time_ts;
561 SMB_OFF_T size = 0;
562 uint16 mode = 0;
563 SMB_INO_T inode = 0;
564 DOS_ATTR_DESC *ret;
565
566 ret = TALLOC_P(ctx, DOS_ATTR_DESC);
567 if (!ret) {
568 errno = ENOMEM;
569 return NULL;
570 }
571
572 /* Obtain the DOS attributes */
573 if (!SMBC_getatr(context, srv, CONST_DISCARD(char *, filename),
574 &mode, &size,
575 &create_time_ts,
576 &access_time_ts,
577 &write_time_ts,
578 &change_time_ts,
579 &inode)) {
580 errno = SMBC_errno(context, srv->cli);
581 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
582 return NULL;
583 }
584
585 ret->mode = mode;
586 ret->size = size;
587 ret->create_time = convert_timespec_to_time_t(create_time_ts);
588 ret->access_time = convert_timespec_to_time_t(access_time_ts);
589 ret->write_time = convert_timespec_to_time_t(write_time_ts);
590 ret->change_time = convert_timespec_to_time_t(change_time_ts);
591 ret->inode = inode;
592
593 return ret;
594 }
595
596
597 /* parse a ascii version of a security descriptor */
598 static void
599 dos_attr_parse(SMBCCTX *context,
600 DOS_ATTR_DESC *dad,
601 SMBCSRV *srv,
602 char *str)
603 {
604 int n;
605 const char *p = str;
606 char *tok = NULL;
607 TALLOC_CTX *frame = NULL;
608 struct {
609 const char * create_time_attr;
610 const char * access_time_attr;
611 const char * write_time_attr;
612 const char * change_time_attr;
613 } attr_strings;
614
615 /* Determine whether to use old-style or new-style attribute names */
616 if (context->internal->full_time_names) {
617 /* new-style names */
618 attr_strings.create_time_attr = "CREATE_TIME";
619 attr_strings.access_time_attr = "ACCESS_TIME";
620 attr_strings.write_time_attr = "WRITE_TIME";
621 attr_strings.change_time_attr = "CHANGE_TIME";
622 } else {
623 /* old-style names */
624 attr_strings.create_time_attr = NULL;
625 attr_strings.access_time_attr = "A_TIME";
626 attr_strings.write_time_attr = "M_TIME";
627 attr_strings.change_time_attr = "C_TIME";
628 }
629
630 /* if this is to set the entire ACL... */
631 if (*str == '*') {
632 /* ... then increment past the first colon if there is one */
633 if ((p = strchr(str, ':')) != NULL) {
634 ++p;
635 } else {
636 p = str;
637 }
638 }
639
640 frame = talloc_stackframe();
641 while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
642 if (StrnCaseCmp(tok, "MODE:", 5) == 0) {
643 long request = strtol(tok+5, NULL, 16);
644 if (request == 0) {
645 dad->mode = (request |
646 (IS_DOS_DIR(dad->mode)
647 ? FILE_ATTRIBUTE_DIRECTORY
648 : FILE_ATTRIBUTE_NORMAL));
649 } else {
650 dad->mode = request;
651 }
652 continue;
653 }
654
655 if (StrnCaseCmp(tok, "SIZE:", 5) == 0) {
656 dad->size = (SMB_OFF_T)atof(tok+5);
657 continue;
658 }
659
660 n = strlen(attr_strings.access_time_attr);
661 if (StrnCaseCmp(tok, attr_strings.access_time_attr, n) == 0) {
662 dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
663 continue;
664 }
665
666 n = strlen(attr_strings.change_time_attr);
667 if (StrnCaseCmp(tok, attr_strings.change_time_attr, n) == 0) {
668 dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
669 continue;
670 }
671
672 n = strlen(attr_strings.write_time_attr);
673 if (StrnCaseCmp(tok, attr_strings.write_time_attr, n) == 0) {
674 dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
675 continue;
676 }
677
678 if (attr_strings.create_time_attr != NULL) {
679 n = strlen(attr_strings.create_time_attr);
680 if (StrnCaseCmp(tok, attr_strings.create_time_attr,
681 n) == 0) {
682 dad->create_time = (time_t)strtol(tok+n+1,
683 NULL, 10);
684 continue;
685 }
686 }
687
688 if (StrnCaseCmp(tok, "INODE:", 6) == 0) {
689 dad->inode = (SMB_INO_T)atof(tok+6);
690 continue;
691 }
692 }
693 TALLOC_FREE(frame);
694 }
695
696 /*****************************************************
697 Retrieve the acls for a file.
698 *******************************************************/
699
700 static int
701 cacl_get(SMBCCTX *context,
702 TALLOC_CTX *ctx,
703 SMBCSRV *srv,
704 struct cli_state *ipc_cli,
705 struct policy_handle *pol,
706 char *filename,
707 char *attr_name,
708 char *buf,
709 int bufsize)
710 {
711 uint32 i;
712 int n = 0;
713 int n_used;
714 bool all;
715 bool all_nt;
716 bool all_nt_acls;
717 bool all_dos;
718 bool some_nt;
719 bool some_dos;
720 bool exclude_nt_revision = False;
721 bool exclude_nt_owner = False;
722 bool exclude_nt_group = False;
723 bool exclude_nt_acl = False;
724 bool exclude_dos_mode = False;
725 bool exclude_dos_size = False;
726 bool exclude_dos_create_time = False;
727 bool exclude_dos_access_time = False;
728 bool exclude_dos_write_time = False;
729 bool exclude_dos_change_time = False;
730 bool exclude_dos_inode = False;
731 bool numeric = True;
732 bool determine_size = (bufsize == 0);
733 int fnum = -1;
734 SEC_DESC *sd;
735 fstring sidstr;
736 fstring name_sandbox;
737 char *name;
738 char *pExclude;
739 char *p;
740 struct timespec create_time_ts;
741 struct timespec write_time_ts;
742 struct timespec access_time_ts;
743 struct timespec change_time_ts;
744 time_t create_time = (time_t)0;
745 time_t write_time = (time_t)0;
746 time_t access_time = (time_t)0;
747 time_t change_time = (time_t)0;
748 SMB_OFF_T size = 0;
749 uint16 mode = 0;
750 SMB_INO_T ino = 0;
751 struct cli_state *cli = srv->cli;
752 struct {
753 const char * create_time_attr;
754 const char * access_time_attr;
755 const char * write_time_attr;
756 const char * change_time_attr;
757 } attr_strings;
758 struct {
759 const char * create_time_attr;
760 const char * access_time_attr;
761 const char * write_time_attr;
762 const char * change_time_attr;
763 } excl_attr_strings;
764
765 /* Determine whether to use old-style or new-style attribute names */
766 if (context->internal->full_time_names) {
767 /* new-style names */
768 attr_strings.create_time_attr = "CREATE_TIME";
769 attr_strings.access_time_attr = "ACCESS_TIME";
770 attr_strings.write_time_attr = "WRITE_TIME";
771 attr_strings.change_time_attr = "CHANGE_TIME";
772
773 excl_attr_strings.create_time_attr = "CREATE_TIME";
774 excl_attr_strings.access_time_attr = "ACCESS_TIME";
775 excl_attr_strings.write_time_attr = "WRITE_TIME";
776 excl_attr_strings.change_time_attr = "CHANGE_TIME";
777 } else {
778 /* old-style names */
779 attr_strings.create_time_attr = NULL;
780 attr_strings.access_time_attr = "A_TIME";
781 attr_strings.write_time_attr = "M_TIME";
782 attr_strings.change_time_attr = "C_TIME";
783
784 excl_attr_strings.create_time_attr = NULL;
785 excl_attr_strings.access_time_attr = "dos_attr.A_TIME";
786 excl_attr_strings.write_time_attr = "dos_attr.M_TIME";
787 excl_attr_strings.change_time_attr = "dos_attr.C_TIME";
788 }
789
790 /* Copy name so we can strip off exclusions (if any are specified) */
791 strncpy(name_sandbox, attr_name, sizeof(name_sandbox) - 1);
792
793 /* Ensure name is null terminated */
794 name_sandbox[sizeof(name_sandbox) - 1] = '\0';
795
796 /* Play in the sandbox */
797 name = name_sandbox;
798
799 /* If there are any exclusions, point to them and mask them from name */
800 if ((pExclude = strchr(name, '!')) != NULL)
801 {
802 *pExclude++ = '\0';
803 }
804
805 all = (StrnCaseCmp(name, "system.*", 8) == 0);
806 all_nt = (StrnCaseCmp(name, "system.nt_sec_desc.*", 20) == 0);
807 all_nt_acls = (StrnCaseCmp(name, "system.nt_sec_desc.acl.*", 24) == 0);
808 all_dos = (StrnCaseCmp(name, "system.dos_attr.*", 17) == 0);
809 some_nt = (StrnCaseCmp(name, "system.nt_sec_desc.", 19) == 0);
810 some_dos = (StrnCaseCmp(name, "system.dos_attr.", 16) == 0);
811 numeric = (* (name + strlen(name) - 1) != '+');
812
813 /* Look for exclusions from "all" requests */
814 if (all || all_nt || all_dos) {
815
816 /* Exclusions are delimited by '!' */
817 for (;
818 pExclude != NULL;
819 pExclude = (p == NULL ? NULL : p + 1)) {
820
821 /* Find end of this exclusion name */
822 if ((p = strchr(pExclude, '!')) != NULL)
823 {
824 *p = '\0';
825 }
826
827 /* Which exclusion name is this? */
828 if (StrCaseCmp(pExclude,
829 "nt_sec_desc.revision") == 0) {
830 exclude_nt_revision = True;
831 }
832 else if (StrCaseCmp(pExclude,
833 "nt_sec_desc.owner") == 0) {
834 exclude_nt_owner = True;
835 }
836 else if (StrCaseCmp(pExclude,
837 "nt_sec_desc.group") == 0) {
838 exclude_nt_group = True;
839 }
840 else if (StrCaseCmp(pExclude,
841 "nt_sec_desc.acl") == 0) {
842 exclude_nt_acl = True;
843 }
844 else if (StrCaseCmp(pExclude,
845 "dos_attr.mode") == 0) {
846 exclude_dos_mode = True;
847 }
848 else if (StrCaseCmp(pExclude,
849 "dos_attr.size") == 0) {
850 exclude_dos_size = True;
851 }
852 else if (excl_attr_strings.create_time_attr != NULL &&
853 StrCaseCmp(pExclude,
854 excl_attr_strings.change_time_attr) == 0) {
855 exclude_dos_create_time = True;
856 }
857 else if (StrCaseCmp(pExclude,
858 excl_attr_strings.access_time_attr) == 0) {
859 exclude_dos_access_time = True;
860 }
861 else if (StrCaseCmp(pExclude,
862 excl_attr_strings.write_time_attr) == 0) {
863 exclude_dos_write_time = True;
864 }
865 else if (StrCaseCmp(pExclude,
866 excl_attr_strings.change_time_attr) == 0) {
867 exclude_dos_change_time = True;
868 }
869 else if (StrCaseCmp(pExclude, "dos_attr.inode") == 0) {
870 exclude_dos_inode = True;
871 }
872 else {
873 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
874 pExclude));
875 errno = ENOATTR;
876 return -1;
877 }
878 }
879 }
880
881 n_used = 0;
882
883 /*
884 * If we are (possibly) talking to an NT or new system and some NT
885 * attributes have been requested...
886 */
887 if (ipc_cli && (all || some_nt || all_nt_acls)) {
888 char *targetpath = NULL;
889 struct cli_state *targetcli = NULL;
890
891 /* Point to the portion after "system.nt_sec_desc." */
892 name += 19; /* if (all) this will be invalid but unused */
893
894 if (!cli_resolve_path(ctx, "", context->internal->auth_info,
895 cli, filename,
896 &targetcli, &targetpath)) {
897 DEBUG(5, ("cacl_get Could not resolve %s\n",
898 filename));
899 errno = ENOENT;
900 return -1;
901 }
902
903 /* ... then obtain any NT attributes which were requested */
904 fnum = cli_nt_create(targetcli, targetpath, CREATE_ACCESS_READ);
905
906 if (fnum == -1) {
907 DEBUG(5, ("cacl_get failed to open %s: %s\n",
908 targetpath, cli_errstr(targetcli)));
909 errno = 0;
910 return -1;
911 }
912
913 sd = cli_query_secdesc(targetcli, fnum, ctx);
914
915 if (!sd) {
916 DEBUG(5,
917 ("cacl_get Failed to query old descriptor\n"));
918 errno = 0;
919 return -1;
920 }
921
922 cli_close(targetcli, fnum);
923
924 if (! exclude_nt_revision) {
925 if (all || all_nt) {
926 if (determine_size) {
927 p = talloc_asprintf(ctx,
928 "REVISION:%d",
929 sd->revision);
930 if (!p) {
931 errno = ENOMEM;
932 return -1;
933 }
934 n = strlen(p);
935 } else {
936 n = snprintf(buf, bufsize,
937 "REVISION:%d",
938 sd->revision);
939 }
940 } else if (StrCaseCmp(name, "revision") == 0) {
941 if (determine_size) {
942 p = talloc_asprintf(ctx, "%d",
943 sd->revision);
944 if (!p) {
945 errno = ENOMEM;
946 return -1;
947 }
948 n = strlen(p);
949 } else {
950 n = snprintf(buf, bufsize, "%d",
951 sd->revision);
952 }
953 }
954
955 if (!determine_size && n > bufsize) {
956 errno = ERANGE;
957 return -1;
958 }
959 buf += n;
960 n_used += n;
961 bufsize -= n;
962 n = 0;
963 }
964
965 if (! exclude_nt_owner) {
966 /* Get owner and group sid */
967 if (sd->owner_sid) {
968 convert_sid_to_string(ipc_cli, pol,
969 sidstr,
970 numeric,
971 sd->owner_sid);
972 } else {
973 fstrcpy(sidstr, "");
974 }
975
976 if (all || all_nt) {
977 if (determine_size) {
978 p = talloc_asprintf(ctx, ",OWNER:%s",
979 sidstr);
980 if (!p) {
981 errno = ENOMEM;
982 return -1;
983 }
984 n = strlen(p);
985 } else if (sidstr[0] != '\0') {
986 n = snprintf(buf, bufsize,
987 ",OWNER:%s", sidstr);
988 }
989 } else if (StrnCaseCmp(name, "owner", 5) == 0) {
990 if (determine_size) {
991 p = talloc_asprintf(ctx, "%s", sidstr);
992 if (!p) {
993 errno = ENOMEM;
994 return -1;
995 }
996 n = strlen(p);
997 } else {
998 n = snprintf(buf, bufsize, "%s",
999 sidstr);
1000 }
1001 }
1002
1003 if (!determine_size && n > bufsize) {
1004 errno = ERANGE;
1005 return -1;
1006 }
1007 buf += n;
1008 n_used += n;
1009 bufsize -= n;
1010 n = 0;
1011 }
1012
1013 if (! exclude_nt_group) {
1014 if (sd->group_sid) {
1015 convert_sid_to_string(ipc_cli, pol,
1016 sidstr, numeric,
1017 sd->group_sid);
1018 } else {
1019 fstrcpy(sidstr, "");
1020 }
1021
1022 if (all || all_nt) {
1023 if (determine_size) {
1024 p = talloc_asprintf(ctx, ",GROUP:%s",
1025 sidstr);
1026 if (!p) {
1027 errno = ENOMEM;
1028 return -1;
1029 }
1030 n = strlen(p);
1031 } else if (sidstr[0] != '\0') {
1032 n = snprintf(buf, bufsize,
1033 ",GROUP:%s", sidstr);
1034 }
1035 } else if (StrnCaseCmp(name, "group", 5) == 0) {
1036 if (determine_size) {
1037 p = talloc_asprintf(ctx, "%s", sidstr);
1038 if (!p) {
1039 errno = ENOMEM;
1040 return -1;
1041 }
1042 n = strlen(p);
1043 } else {
1044 n = snprintf(buf, bufsize,
1045 "%s", sidstr);
1046 }
1047 }
1048
1049 if (!determine_size && n > bufsize) {
1050 errno = ERANGE;
1051 return -1;
1052 }
1053 buf += n;
1054 n_used += n;
1055 bufsize -= n;
1056 n = 0;
1057 }
1058
1059 if (! exclude_nt_acl) {
1060 /* Add aces to value buffer */
1061 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1062
1063 SEC_ACE *ace = &sd->dacl->aces[i];
1064 convert_sid_to_string(ipc_cli, pol,
1065 sidstr, numeric,
1066 &ace->trustee);
1067
1068 if (all || all_nt) {
1069 if (determine_size) {
1070 p = talloc_asprintf(
1071 ctx,
1072 ",ACL:"
1073 "%s:%d/%d/0x%08x",
1074 sidstr,
1075 ace->type,
1076 ace->flags,
1077 ace->access_mask);
1078 if (!p) {
1079 errno = ENOMEM;
1080 return -1;
1081 }
1082 n = strlen(p);
1083 } else {
1084 n = snprintf(
1085 buf, bufsize,
1086 ",ACL:%s:%d/%d/0x%08x",
1087 sidstr,
1088 ace->type,
1089 ace->flags,
1090 ace->access_mask);
1091 }
1092 } else if ((StrnCaseCmp(name, "acl", 3) == 0 &&
1093 StrCaseCmp(name+3, sidstr) == 0) ||
1094 (StrnCaseCmp(name, "acl+", 4) == 0 &&
1095 StrCaseCmp(name+4, sidstr) == 0)) {
1096 if (determine_size) {
1097 p = talloc_asprintf(
1098 ctx,
1099 "%d/%d/0x%08x",
1100 ace->type,
1101 ace->flags,
1102 ace->access_mask);
1103 if (!p) {
1104 errno = ENOMEM;
1105 return -1;
1106 }
1107 n = strlen(p);
1108 } else {
1109 n = snprintf(buf, bufsize,
1110 "%d/%d/0x%08x",
1111 ace->type,
1112 ace->flags,
1113 ace->access_mask);
1114 }
1115 } else if (all_nt_acls) {
1116 if (determine_size) {
1117 p = talloc_asprintf(
1118 ctx,
1119 "%s%s:%d/%d/0x%08x",
1120 i ? "," : "",
1121 sidstr,
1122 ace->type,
1123 ace->flags,
1124 ace->access_mask);
1125 if (!p) {
1126 errno = ENOMEM;
1127 return -1;
1128 }
1129 n = strlen(p);
1130 } else {
1131 n = snprintf(buf, bufsize,
1132 "%s%s:%d/%d/0x%08x",
1133 i ? "," : "",
1134 sidstr,
1135 ace->type,
1136 ace->flags,
1137 ace->access_mask);
1138 }
1139 }
1140 if (!determine_size && n > bufsize) {
1141 errno = ERANGE;
1142 return -1;
1143 }
1144 buf += n;
1145 n_used += n;
1146 bufsize -= n;
1147 n = 0;
1148 }
1149 }
1150
1151 /* Restore name pointer to its original value */
1152 name -= 19;
1153 }
1154
1155 if (all || some_dos) {
1156 /* Point to the portion after "system.dos_attr." */
1157 name += 16; /* if (all) this will be invalid but unused */
1158
1159 /* Obtain the DOS attributes */
1160 if (!SMBC_getatr(context, srv, filename, &mode, &size,
1161 &create_time_ts,
1162 &access_time_ts,
1163 &write_time_ts,
1164 &change_time_ts,
1165 &ino)) {
1166
1167 errno = SMBC_errno(context, srv->cli);
1168 return -1;
1169
1170 }
1171
1172 create_time = convert_timespec_to_time_t(create_time_ts);
1173 access_time = convert_timespec_to_time_t(access_time_ts);
1174 write_time = convert_timespec_to_time_t(write_time_ts);
1175 change_time = convert_timespec_to_time_t(change_time_ts);
1176
1177 if (! exclude_dos_mode) {
1178 if (all || all_dos) {
1179 if (determine_size) {
1180 p = talloc_asprintf(ctx,
1181 "%sMODE:0x%x",
1182 (ipc_cli &&
1183 (all || some_nt)
1184 ? ","
1185 : ""),
1186 mode);
1187 if (!p) {
1188 errno = ENOMEM;
1189 return -1;
1190 }
1191 n = strlen(p);
1192 } else {
1193 n = snprintf(buf, bufsize,
1194 "%sMODE:0x%x",
1195 (ipc_cli &&
1196 (all || some_nt)
1197 ? ","
1198 : ""),
1199 mode);
1200 }
1201 } else if (StrCaseCmp(name, "mode") == 0) {
1202 if (determine_size) {
1203 p = talloc_asprintf(ctx, "0x%x", mode);
1204 if (!p) {
1205 errno = ENOMEM;
1206 return -1;
1207 }
1208 n = strlen(p);
1209 } else {
1210 n = snprintf(buf, bufsize,
1211 "0x%x", mode);
1212 }
1213 }
1214
1215 if (!determine_size && n > bufsize) {
1216 errno = ERANGE;
1217 return -1;
1218 }
1219 buf += n;
1220 n_used += n;
1221 bufsize -= n;
1222 n = 0;
1223 }
1224
1225 if (! exclude_dos_size) {
1226 if (all || all_dos) {
1227 if (determine_size) {
1228 p = talloc_asprintf(
1229 ctx,
1230 ",SIZE:%.0f",
1231 (double)size);
1232 if (!p) {
1233 errno = ENOMEM;
1234 return -1;
1235 }
1236 n = strlen(p);
1237 } else {
1238 n = snprintf(buf, bufsize,
1239 ",SIZE:%.0f",
1240 (double)size);
1241 }
1242 } else if (StrCaseCmp(name, "size") == 0) {
1243 if (determine_size) {
1244 p = talloc_asprintf(
1245 ctx,
1246 "%.0f",
1247 (double)size);
1248 if (!p) {
1249 errno = ENOMEM;
1250 return -1;
1251 }
1252 n = strlen(p);
1253 } else {
1254 n = snprintf(buf, bufsize,
1255 "%.0f",
1256 (double)size);
1257 }
1258 }
1259
1260 if (!determine_size && n > bufsize) {
1261 errno = ERANGE;
1262 return -1;
1263 }
1264 buf += n;
1265 n_used += n;
1266 bufsize -= n;
1267 n = 0;
1268 }
1269
1270 if (! exclude_dos_create_time &&
1271 attr_strings.create_time_attr != NULL) {
1272 if (all || all_dos) {
1273 if (determine_size) {
1274 p = talloc_asprintf(ctx,
1275 ",%s:%lu",
1276 attr_strings.create_time_attr,
1277 (unsigned long) create_time);
1278 if (!p) {
1279 errno = ENOMEM;
1280 return -1;
1281 }
1282 n = strlen(p);
1283 } else {
1284 n = snprintf(buf, bufsize,
1285 ",%s:%lu",
1286 attr_strings.create_time_attr,
1287 (unsigned long) create_time);
1288 }
1289 } else if (StrCaseCmp(name, attr_strings.create_time_attr) == 0) {
1290 if (determine_size) {
1291 p = talloc_asprintf(ctx, "%lu", (unsigned long) create_time);
1292 if (!p) {
1293 errno = ENOMEM;
1294 return -1;
1295 }
1296 n = strlen(p);
1297 } else {
1298 n = snprintf(buf, bufsize,
1299 "%lu", (unsigned long) create_time);
1300 }
1301 }
1302
1303 if (!determine_size && n > bufsize) {
1304 errno = ERANGE;
1305 return -1;
1306 }
1307 buf += n;
1308 n_used += n;
1309 bufsize -= n;
1310 n = 0;
1311 }
1312
1313 if (! exclude_dos_access_time) {
1314 if (all || all_dos) {
1315 if (determine_size) {
1316 p = talloc_asprintf(ctx,
1317 ",%s:%lu",
1318 attr_strings.access_time_attr,
1319 (unsigned long) access_time);
1320 if (!p) {
1321 errno = ENOMEM;
1322 return -1;
1323 }
1324 n = strlen(p);
1325 } else {
1326 n = snprintf(buf, bufsize,
1327 ",%s:%lu",
1328 attr_strings.access_time_attr,
1329 (unsigned long) access_time);
1330 }
1331 } else if (StrCaseCmp(name, attr_strings.access_time_attr) == 0) {
1332 if (determine_size) {
1333 p = talloc_asprintf(ctx, "%lu", (unsigned long) access_time);
1334 if (!p) {
1335 errno = ENOMEM;
1336 return -1;
1337 }
1338 n = strlen(p);
1339 } else {
1340 n = snprintf(buf, bufsize,
1341 "%lu", (unsigned long) access_time);
1342 }
1343 }
1344
1345 if (!determine_size && n > bufsize) {
1346 errno = ERANGE;
1347 return -1;
1348 }
1349 buf += n;
1350 n_used += n;
1351 bufsize -= n;
1352 n = 0;
1353 }
1354
1355 if (! exclude_dos_write_time) {
1356 if (all || all_dos) {
1357 if (determine_size) {
1358 p = talloc_asprintf(ctx,
1359 ",%s:%lu",
1360 attr_strings.write_time_attr,
1361 (unsigned long) write_time);
1362 if (!p) {
1363 errno = ENOMEM;
1364 return -1;
1365 }
1366 n = strlen(p);
1367 } else {
1368 n = snprintf(buf, bufsize,
1369 ",%s:%lu",
1370 attr_strings.write_time_attr,
1371 (unsigned long) write_time);
1372 }
1373 } else if (StrCaseCmp(name, attr_strings.write_time_attr) == 0) {
1374 if (determine_size) {
1375 p = talloc_asprintf(ctx, "%lu", (unsigned long) write_time);
1376 if (!p) {
1377 errno = ENOMEM;
1378 return -1;
1379 }
1380 n = strlen(p);
1381 } else {
1382 n = snprintf(buf, bufsize,
1383 "%lu", (unsigned long) write_time);
1384 }
1385 }
1386
1387 if (!determine_size && n > bufsize) {
1388 errno = ERANGE;
1389 return -1;
1390 }
1391 buf += n;
1392 n_used += n;
1393 bufsize -= n;
1394 n = 0;
1395 }
1396
1397 if (! exclude_dos_change_time) {
1398 if (all || all_dos) {
1399 if (determine_size) {
1400 p = talloc_asprintf(ctx,
1401 ",%s:%lu",
1402 attr_strings.change_time_attr,
1403 (unsigned long) change_time);
1404 if (!p) {
1405 errno = ENOMEM;
1406 return -1;
1407 }
1408 n = strlen(p);
1409 } else {
1410 n = snprintf(buf, bufsize,
1411 ",%s:%lu",
1412 attr_strings.change_time_attr,
1413 (unsigned long) change_time);
1414 }
1415 } else if (StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
1416 if (determine_size) {
1417 p = talloc_asprintf(ctx, "%lu", (unsigned long) change_time);
1418 if (!p) {
1419 errno = ENOMEM;
1420 return -1;
1421 }
1422 n = strlen(p);
1423 } else {
1424 n = snprintf(buf, bufsize,
1425 "%lu", (unsigned long) change_time);
1426 }
1427 }
1428
1429 if (!determine_size && n > bufsize) {
1430 errno = ERANGE;
1431 return -1;
1432 }
1433 buf += n;
1434 n_used += n;
1435 bufsize -= n;
1436 n = 0;
1437 }
1438
1439 if (! exclude_dos_inode) {
1440 if (all || all_dos) {
1441 if (determine_size) {
1442 p = talloc_asprintf(
1443 ctx,
1444 ",INODE:%.0f",
1445 (double)ino);
1446 if (!p) {
1447 errno = ENOMEM;
1448 return -1;
1449 }
1450 n = strlen(p);
1451 } else {
1452 n = snprintf(buf, bufsize,
1453 ",INODE:%.0f",
1454 (double) ino);
1455 }
1456 } else if (StrCaseCmp(name, "inode") == 0) {
1457 if (determine_size) {
1458 p = talloc_asprintf(
1459 ctx,
1460 "%.0f",
1461 (double) ino);
1462 if (!p) {
1463 errno = ENOMEM;
1464 return -1;
1465 }
1466 n = strlen(p);
1467 } else {
1468 n = snprintf(buf, bufsize,
1469 "%.0f",
1470 (double) ino);
1471 }
1472 }
1473
1474 if (!determine_size && n > bufsize) {
1475 errno = ERANGE;
1476 return -1;
1477 }
1478 buf += n;
1479 n_used += n;
1480 bufsize -= n;
1481 n = 0;
1482 }
1483
1484 /* Restore name pointer to its original value */
1485 name -= 16;
1486 }
1487
1488 if (n_used == 0) {
1489 errno = ENOATTR;
1490 return -1;
1491 }
1492
1493 return n_used;
1494 }
1495
1496 /*****************************************************
1497 set the ACLs on a file given an ascii description
1498 *******************************************************/
1499 static int
1500 cacl_set(SMBCCTX *context,
1501 TALLOC_CTX *ctx,
1502 struct cli_state *cli,
1503 struct cli_state *ipc_cli,
1504 struct policy_handle *pol,
1505 const char *filename,
1506 char *the_acl,
1507 int mode,
1508 int flags)
1509 {
1510 int fnum;
1511 int err = 0;
1512 SEC_DESC *sd = NULL, *old;
1513 SEC_ACL *dacl = NULL;
1514 DOM_SID *owner_sid = NULL;
1515 DOM_SID *group_sid = NULL;
1516 uint32 i, j;
1517 size_t sd_size;
1518 int ret = 0;
1519 char *p;
1520 bool numeric = True;
1521 char *targetpath = NULL;
1522 struct cli_state *targetcli = NULL;
1523
1524 /* the_acl will be null for REMOVE_ALL operations */
1525 if (the_acl) {
1526 numeric = ((p = strchr(the_acl, ':')) != NULL &&
1527 p > the_acl &&
1528 p[-1] != '+');
1529
1530 /* if this is to set the entire ACL... */
1531 if (*the_acl == '*') {
1532 /* ... then increment past the first colon */
1533 the_acl = p + 1;
1534 }
1535
1536 sd = sec_desc_parse(ctx, ipc_cli, pol, numeric, the_acl);
1537
1538 if (!sd) {
1539 errno = EINVAL;
1540 return -1;
1541 }
1542 }
1543
1544 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1545 that doesn't deref sd */
1546
1547 if (!sd && (mode != SMBC_XATTR_MODE_REMOVE_ALL)) {
1548 errno = EINVAL;
1549 return -1;
1550 }
1551
1552 if (!cli_resolve_path(ctx, "", context->internal->auth_info,
1553 cli, filename,
1554 &targetcli, &targetpath)) {
1555 DEBUG(5,("cacl_set: Could not resolve %s\n", filename));
1556 errno = ENOENT;
1557 return -1;
1558 }
1559
1560 /* The desired access below is the only one I could find that works
1561 with NT4, W2KP and Samba */
1562
1563 fnum = cli_nt_create(targetcli, targetpath, CREATE_ACCESS_READ);
1564
1565 if (fnum == -1) {
1566 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1567 targetpath, cli_errstr(targetcli)));
1568 errno = 0;
1569 return -1;
1570 }
1571
1572 old = cli_query_secdesc(targetcli, fnum, ctx);
1573
1574 if (!old) {
1575 DEBUG(5, ("cacl_set Failed to query old descriptor\n"));
1576 errno = 0;
1577 return -1;
1578 }
1579
1580 cli_close(targetcli, fnum);
1581
1582 switch (mode) {
1583 case SMBC_XATTR_MODE_REMOVE_ALL:
1584 old->dacl->num_aces = 0;
1585 dacl = old->dacl;
1586 break;
1587
1588 case SMBC_XATTR_MODE_REMOVE:
1589 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1590 bool found = False;
1591
1592 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1593 if (sec_ace_equal(&sd->dacl->aces[i],
1594 &old->dacl->aces[j])) {
1595 uint32 k;
1596 for (k=j; k<old->dacl->num_aces-1;k++) {
1597 old->dacl->aces[k] =
1598 old->dacl->aces[k+1];
1599 }
1600 old->dacl->num_aces--;
1601 found = True;
1602 dacl = old->dacl;
1603 break;
1604 }
1605 }
1606
1607 if (!found) {
1608 err = ENOATTR;
1609 ret = -1;
1610 goto failed;
1611 }
1612 }
1613 break;
1614
1615 case SMBC_XATTR_MODE_ADD:
1616 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1617 bool found = False;
1618
1619 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1620 if (sid_equal(&sd->dacl->aces[i].trustee,
1621 &old->dacl->aces[j].trustee)) {
1622 if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
1623 err = EEXIST;
1624 ret = -1;
1625 goto failed;
1626 }
1627 old->dacl->aces[j] = sd->dacl->aces[i];
1628 ret = -1;
1629 found = True;
1630 }
1631 }
1632
1633 if (!found && (flags & SMBC_XATTR_FLAG_REPLACE)) {
1634 err = ENOATTR;
1635 ret = -1;
1636 goto failed;
1637 }
1638
1639 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1640 add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
1641 }
1642 }
1643 dacl = old->dacl;
1644 break;
1645
1646 case SMBC_XATTR_MODE_SET:
1647 old = sd;
1648 owner_sid = old->owner_sid;
1649 group_sid = old->group_sid;
1650 dacl = old->dacl;
1651 break;
1652
1653 case SMBC_XATTR_MODE_CHOWN:
1654 owner_sid = sd->owner_sid;
1655 break;
1656
1657 case SMBC_XATTR_MODE_CHGRP:
1658 group_sid = sd->group_sid;
1659 break;
1660 }
1661
1662 /* Denied ACE entries must come before allowed ones */
1663 sort_acl(old->dacl);
1664
1665 /* Create new security descriptor and set it */
1666 sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
1667 owner_sid, group_sid, NULL, dacl, &sd_size);
1668
1669 fnum = cli_nt_create(targetcli, targetpath,
1670 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS);
1671
1672 if (fnum == -1) {
1673 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1674 targetpath, cli_errstr(targetcli)));
1675 errno = 0;
1676 return -1;
1677 }
1678
1679 if (!cli_set_secdesc(targetcli, fnum, sd)) {
1680 DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1681 cli_errstr(targetcli)));
1682 ret = -1;
1683 }
1684
1685 /* Clean up */
1686
1687 failed:
1688 cli_close(targetcli, fnum);
1689
1690 if (err != 0) {
1691 errno = err;
1692 }
1693
1694 return ret;
1695 }
1696
1697
1698 int
1699 SMBC_setxattr_ctx(SMBCCTX *context,
1700 const char *fname,
1701 const char *name,
1702 const void *value,
1703 size_t size,
1704 int flags)
1705 {
1706 int ret;
1707 int ret2;
1708 SMBCSRV *srv = NULL;
1709 SMBCSRV *ipc_srv = NULL;
1710 char *server = NULL;
1711 char *share = NULL;
1712 char *user = NULL;
1713 char *password = NULL;
1714 char *workgroup = NULL;
1715 char *path = NULL;
1716 DOS_ATTR_DESC *dad = NULL;
1717 struct {
1718 const char * create_time_attr;
1719 const char * access_time_attr;
1720 const char * write_time_attr;
1721 const char * change_time_attr;
1722 } attr_strings;
1723 TALLOC_CTX *frame = talloc_stackframe();
1724
1725 if (!context || !context->internal->initialized) {
1726
1727 errno = EINVAL; /* Best I can think of ... */
1728 TALLOC_FREE(frame);
1729 return -1;
1730 }
1731
1732 if (!fname) {
1733 errno = EINVAL;
1734 TALLOC_FREE(frame);
1735 return -1;
1736 }
1737
1738 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1739 fname, name, (int) size, (const char*)value));
1740
1741 if (SMBC_parse_path(frame,
1742 context,
1743 fname,
1744 &workgroup,
1745 &server,
1746 &share,
1747 &path,
1748 &user,
1749 &password,
1750 NULL)) {
1751 errno = EINVAL;
1752 TALLOC_FREE(frame);
1753 return -1;
1754 }
1755
1756 if (!user || user[0] == (char)0) {
1757 user = talloc_strdup(frame, smbc_getUser(context));
1758 if (!user) {
1759 errno = ENOMEM;
1760 TALLOC_FREE(frame);
1761 return -1;
1762 }
1763 }
1764
1765 srv = SMBC_server(frame, context, True,
1766 server, share, &workgroup, &user, &password);
1767 if (!srv) {
1768 TALLOC_FREE(frame);
1769 return -1; /* errno set by SMBC_server */
1770 }
1771
1772 if (! srv->no_nt_session) {
1773 ipc_srv = SMBC_attr_server(frame, context, server, share,
1774 &workgroup, &user, &password);
1775 if (! ipc_srv) {
1776 srv->no_nt_session = True;
1777 }
1778 } else {
1779 ipc_srv = NULL;
1780 }
1781
1782 /*
1783 * Are they asking to set the entire set of known attributes?
1784 */
1785 if (StrCaseCmp(name, "system.*") == 0 ||
1786 StrCaseCmp(name, "system.*+") == 0) {
1787 /* Yup. */
1788 char *namevalue =
1789 talloc_asprintf(talloc_tos(), "%s:%s",
1790 name+7, (const char *) value);
1791 if (! namevalue) {
1792 errno = ENOMEM;
1793 ret = -1;
1794 TALLOC_FREE(frame);
1795 return -1;
1796 }
1797
1798 if (ipc_srv) {
1799 ret = cacl_set(context, talloc_tos(), srv->cli,
1800 ipc_srv->cli, &ipc_srv->pol, path,
1801 namevalue,
1802 (*namevalue == '*'
1803 ? SMBC_XATTR_MODE_SET
1804 : SMBC_XATTR_MODE_ADD),
1805 flags);
1806 } else {
1807 ret = 0;
1808 }
1809
1810 /* get a DOS Attribute Descriptor with current attributes */
1811 dad = dos_attr_query(context, talloc_tos(), path, srv);
1812 if (dad) {
1813 /* Overwrite old with new, using what was provided */
1814 dos_attr_parse(context, dad, srv, namevalue);
1815
1816 /* Set the new DOS attributes */
1817 if (! SMBC_setatr(context, srv, path,
1818 dad->create_time,
1819 dad->access_time,
1820 dad->write_time,
1821 dad->change_time,
1822 dad->mode)) {
1823
1824 /* cause failure if NT failed too */
1825 dad = NULL;
1826 }
1827 }
1828
1829 /* we only fail if both NT and DOS sets failed */
1830 if (ret < 0 && ! dad) {
1831 ret = -1; /* in case dad was null */
1832 }
1833 else {
1834 ret = 0;
1835 }
1836
1837 TALLOC_FREE(frame);
1838 return ret;
1839 }
1840
1841 /*
1842 * Are they asking to set an access control element or to set
1843 * the entire access control list?
1844 */
1845 if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
1846 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
1847 StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
1848 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
1849 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
1850
1851 /* Yup. */
1852 char *namevalue =
1853 talloc_asprintf(talloc_tos(), "%s:%s",
1854 name+19, (const char *) value);
1855
1856 if (! ipc_srv) {
1857 ret = -1; /* errno set by SMBC_server() */
1858 }
1859 else if (! namevalue) {
1860 errno = ENOMEM;
1861 ret = -1;
1862 } else {
1863 ret = cacl_set(context, talloc_tos(), srv->cli,
1864 ipc_srv->cli, &ipc_srv->pol, path,
1865 namevalue,
1866 (*namevalue == '*'
1867 ? SMBC_XATTR_MODE_SET
1868 : SMBC_XATTR_MODE_ADD),
1869 flags);
1870 }
1871 TALLOC_FREE(frame);
1872 return ret;
1873 }
1874
1875 /*
1876 * Are they asking to set the owner?
1877 */
1878 if (StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
1879 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0) {
1880
1881 /* Yup. */
1882 char *namevalue =
1883 talloc_asprintf(talloc_tos(), "%s:%s",
1884 name+19, (const char *) value);
1885
1886 if (! ipc_srv) {
1887 ret = -1; /* errno set by SMBC_server() */
1888 }
1889 else if (! namevalue) {
1890 errno = ENOMEM;
1891 ret = -1;
1892 } else {
1893 ret = cacl_set(context, talloc_tos(), srv->cli,
1894 ipc_srv->cli, &ipc_srv->pol, path,
1895 namevalue, SMBC_XATTR_MODE_CHOWN, 0);
1896 }
1897 TALLOC_FREE(frame);
1898 return ret;
1899 }
1900
1901 /*
1902 * Are they asking to set the group?
1903 */
1904 if (StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
1905 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0) {
1906
1907 /* Yup. */
1908 char *namevalue =
1909 talloc_asprintf(talloc_tos(), "%s:%s",
1910 name+19, (const char *) value);
1911
1912 if (! ipc_srv) {
1913 /* errno set by SMBC_server() */
1914 ret = -1;
1915 }
1916 else if (! namevalue) {
1917 errno = ENOMEM;
1918 ret = -1;
1919 } else {
1920 ret = cacl_set(context, talloc_tos(), srv->cli,
1921 ipc_srv->cli, &ipc_srv->pol, path,
1922 namevalue, SMBC_XATTR_MODE_CHGRP, 0);
1923 }
1924 TALLOC_FREE(frame);
1925 return ret;
1926 }
1927
1928 /* Determine whether to use old-style or new-style attribute names */
1929 if (context->internal->full_time_names) {
1930 /* new-style names */
1931 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
1932 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
1933 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
1934 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
1935 } else {
1936 /* old-style names */
1937 attr_strings.create_time_attr = NULL;
1938 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
1939 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
1940 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
1941 }
1942
1943 /*
1944 * Are they asking to set a DOS attribute?
1945 */
1946 if (StrCaseCmp(name, "system.dos_attr.*") == 0 ||
1947 StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
1948 (attr_strings.create_time_attr != NULL &&
1949 StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
1950 StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
1951 StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
1952 StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
1953
1954 /* get a DOS Attribute Descriptor with current attributes */
1955 dad = dos_attr_query(context, talloc_tos(), path, srv);
1956 if (dad) {
1957 char *namevalue =
1958 talloc_asprintf(talloc_tos(), "%s:%s",
1959 name+16, (const char *) value);
1960 if (! namevalue) {
1961 errno = ENOMEM;
1962 ret = -1;
1963 } else {
1964 /* Overwrite old with provided new params */
1965 dos_attr_parse(context, dad, srv, namevalue);
1966
1967 /* Set the new DOS attributes */
1968 ret2 = SMBC_setatr(context, srv, path,
1969 dad->create_time,
1970 dad->access_time,
1971 dad->write_time,
1972 dad->change_time,
1973 dad->mode);
1974
1975 /* ret2 has True (success) / False (failure) */
1976 if (ret2) {
1977 ret = 0;
1978 } else {
1979 ret = -1;
1980 }
1981 }
1982 } else {
1983 ret = -1;
1984 }
1985
1986 TALLOC_FREE(frame);
1987 return ret;
1988 }
1989
1990 /* Unsupported attribute name */
1991 errno = EINVAL;
1992 TALLOC_FREE(frame);
1993 return -1;
1994 }
1995
1996 int
1997 SMBC_getxattr_ctx(SMBCCTX *context,
1998 const char *fname,
1999 const char *name,
2000 const void *value,
2001 size_t size)
2002 {
2003 int ret;
2004 SMBCSRV *srv = NULL;
2005 SMBCSRV *ipc_srv = NULL;
2006 char *server = NULL;
2007 char *share = NULL;
2008 char *user = NULL;
2009 char *password = NULL;
2010 char *workgroup = NULL;
2011 char *path = NULL;
2012 struct {
2013 const char * create_time_attr;
2014 const char * access_time_attr;
2015 const char * write_time_attr;
2016 const char * change_time_attr;
2017 } attr_strings;
2018 TALLOC_CTX *frame = talloc_stackframe();
2019
2020 if (!context || !context->internal->initialized) {
2021
2022 errno = EINVAL; /* Best I can think of ... */
2023 TALLOC_FREE(frame);
2024 return -1;
2025 }
2026
2027 if (!fname) {
2028 errno = EINVAL;
2029 TALLOC_FREE(frame);
2030 return -1;
2031 }
2032
2033 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname, name));
2034
2035 if (SMBC_parse_path(frame,
2036 context,
2037 fname,
2038 &workgroup,
2039 &server,
2040 &share,
2041 &path,
2042 &user,
2043 &password,
2044 NULL)) {
2045 errno = EINVAL;
2046 TALLOC_FREE(frame);
2047 return -1;
2048 }
2049
2050 if (!user || user[0] == (char)0) {
2051 user = talloc_strdup(frame, smbc_getUser(context));
2052 if (!user) {
2053 errno = ENOMEM;
2054 TALLOC_FREE(frame);
2055 return -1;
2056 }
2057 }
2058
2059 srv = SMBC_server(frame, context, True,
2060 server, share, &workgroup, &user, &password);
2061 if (!srv) {
2062 TALLOC_FREE(frame);
2063 return -1; /* errno set by SMBC_server */
2064 }
2065
2066 if (! srv->no_nt_session) {
2067 ipc_srv = SMBC_attr_server(frame, context, server, share,
2068 &workgroup, &user, &password);
2069 if (! ipc_srv) {
2070 srv->no_nt_session = True;
2071 }
2072 } else {
2073 ipc_srv = NULL;
2074 }
2075
2076 /* Determine whether to use old-style or new-style attribute names */
2077 if (context->internal->full_time_names) {
2078 /* new-style names */
2079 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
2080 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
2081 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
2082 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
2083 } else {
2084 /* old-style names */
2085 attr_strings.create_time_attr = NULL;
2086 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
2087 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
2088 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
2089 }
2090
2091 /* Are they requesting a supported attribute? */
2092 if (StrCaseCmp(name, "system.*") == 0 ||
2093 StrnCaseCmp(name, "system.*!", 9) == 0 ||
2094 StrCaseCmp(name, "system.*+") == 0 ||
2095 StrnCaseCmp(name, "system.*+!", 10) == 0 ||
2096 StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
2097 StrnCaseCmp(name, "system.nt_sec_desc.*!", 21) == 0 ||
2098 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
2099 StrnCaseCmp(name, "system.nt_sec_desc.*+!", 22) == 0 ||
2100 StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
2101 StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
2102 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
2103 StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
2104 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
2105 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
2106 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0 ||
2107 StrCaseCmp(name, "system.dos_attr.*") == 0 ||
2108 StrnCaseCmp(name, "system.dos_attr.*!", 18) == 0 ||
2109 StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
2110 StrCaseCmp(name, "system.dos_attr.size") == 0 ||
2111 (attr_strings.create_time_attr != NULL &&
2112 StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
2113 StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
2114 StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
2115 StrCaseCmp(name, attr_strings.change_time_attr) == 0 ||
2116 StrCaseCmp(name, "system.dos_attr.inode") == 0) {
2117
2118 /* Yup. */
2119 char *filename = (char *) name;
2120 ret = cacl_get(context, talloc_tos(), srv,
2121 ipc_srv == NULL ? NULL : ipc_srv->cli,
2122 &ipc_srv->pol, path,
2123 filename,
2124 CONST_DISCARD(char *, value),
2125 size);
2126 if (ret < 0 && errno == 0) {
2127 errno = SMBC_errno(context, srv->cli);
2128 }
2129 TALLOC_FREE(frame);
2130 return ret;
2131 }
2132
2133 /* Unsupported attribute name */
2134 errno = EINVAL;
2135 TALLOC_FREE(frame);
2136 return -1;
2137 }
2138
2139
2140 int
2141 SMBC_removexattr_ctx(SMBCCTX *context,
2142 const char *fname,
2143 const char *name)
2144 {
2145 int ret;
2146 SMBCSRV *srv = NULL;
2147 SMBCSRV *ipc_srv = NULL;
2148 char *server = NULL;
2149 char *share = NULL;
2150 char *user = NULL;
2151 char *password = NULL;
2152 char *workgroup = NULL;
2153 char *path = NULL;
2154 TALLOC_CTX *frame = talloc_stackframe();
2155
2156 if (!context || !context->internal->initialized) {
2157
2158 errno = EINVAL; /* Best I can think of ... */
2159 TALLOC_FREE(frame);
2160 return -1;
2161 }
2162
2163 if (!fname) {
2164 errno = EINVAL;
2165 TALLOC_FREE(frame);
2166 return -1;
2167 }
2168
2169 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname, name));
2170
2171 if (SMBC_parse_path(frame,
2172 context,
2173 fname,
2174 &workgroup,
2175 &server,
2176 &share,
2177 &path,
2178 &user,
2179 &password,
2180 NULL)) {
2181 errno = EINVAL;
2182 TALLOC_FREE(frame);
2183 return -1;
2184 }
2185
2186 if (!user || user[0] == (char)0) {
2187 user = talloc_strdup(frame, smbc_getUser(context));
2188 if (!user) {
2189 errno = ENOMEM;
2190 TALLOC_FREE(frame);
2191 return -1;
2192 }
2193 }
2194
2195 srv = SMBC_server(frame, context, True,
2196 server, share, &workgroup, &user, &password);
2197 if (!srv) {
2198 TALLOC_FREE(frame);
2199 return -1; /* errno set by SMBC_server */
2200 }
2201
2202 if (! srv->no_nt_session) {
2203 ipc_srv = SMBC_attr_server(frame, context, server, share,
2204 &workgroup, &user, &password);
2205 if (! ipc_srv) {
2206 srv->no_nt_session = True;
2207 }
2208 } else {
2209 ipc_srv = NULL;
2210 }
2211
2212 if (! ipc_srv) {
2213 TALLOC_FREE(frame);
2214 return -1; /* errno set by SMBC_attr_server */
2215 }
2216
2217 /* Are they asking to set the entire ACL? */
2218 if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
2219 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0) {
2220
2221 /* Yup. */
2222 ret = cacl_set(context, talloc_tos(), srv->cli,
2223 ipc_srv->cli, &ipc_srv->pol, path,
2224 NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
2225 TALLOC_FREE(frame);
2226 return ret;
2227 }
2228
2229 /*
2230 * Are they asking to remove one or more spceific security descriptor
2231 * attributes?
2232 */
2233 if (StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
2234 StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
2235 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
2236 StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
2237 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
2238 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
2239 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
2240
2241 /* Yup. */
2242 ret = cacl_set(context, talloc_tos(), srv->cli,
2243 ipc_srv->cli, &ipc_srv->pol, path,
2244 CONST_DISCARD(char *, name) + 19,
2245 SMBC_XATTR_MODE_REMOVE, 0);
2246 TALLOC_FREE(frame);
2247 return ret;
2248 }
2249
2250 /* Unsupported attribute name */
2251 errno = EINVAL;
2252 TALLOC_FREE(frame);
2253 return -1;
2254 }
2255
2256 int
2257 SMBC_listxattr_ctx(SMBCCTX *context,
2258 const char *fname,
2259 char *list,
2260 size_t size)
2261 {
2262 /*
2263 * This isn't quite what listxattr() is supposed to do. This returns
2264 * the complete set of attribute names, always, rather than only those
2265 * attribute names which actually exist for a file. Hmmm...
2266 */
2267 size_t retsize;
2268 const char supported_old[] =
2269 "system.*\0"
2270 "system.*+\0"
2271 "system.nt_sec_desc.revision\0"
2272 "system.nt_sec_desc.owner\0"
2273 "system.nt_sec_desc.owner+\0"
2274 "system.nt_sec_desc.group\0"
2275 "system.nt_sec_desc.group+\0"
2276 "system.nt_sec_desc.acl.*\0"
2277 "system.nt_sec_desc.acl\0"
2278 "system.nt_sec_desc.acl+\0"
2279 "system.nt_sec_desc.*\0"
2280 "system.nt_sec_desc.*+\0"
2281 "system.dos_attr.*\0"
2282 "system.dos_attr.mode\0"
2283 "system.dos_attr.c_time\0"
2284 "system.dos_attr.a_time\0"
2285 "system.dos_attr.m_time\0"
2286 ;
2287 const char supported_new[] =
2288 "system.*\0"
2289 "system.*+\0"
2290 "system.nt_sec_desc.revision\0"
2291 "system.nt_sec_desc.owner\0"
2292 "system.nt_sec_desc.owner+\0"
2293 "system.nt_sec_desc.group\0"
2294 "system.nt_sec_desc.group+\0"
2295 "system.nt_sec_desc.acl.*\0"
2296 "system.nt_sec_desc.acl\0"
2297 "system.nt_sec_desc.acl+\0"
2298 "system.nt_sec_desc.*\0"
2299 "system.nt_sec_desc.*+\0"
2300 "system.dos_attr.*\0"
2301 "system.dos_attr.mode\0"
2302 "system.dos_attr.create_time\0"
2303 "system.dos_attr.access_time\0"
2304 "system.dos_attr.write_time\0"
2305 "system.dos_attr.change_time\0"
2306 ;
2307 const char * supported;
2308
2309 if (context->internal->full_time_names) {
2310 supported = supported_new;
2311 retsize = sizeof(supported_new);
2312 } else {
2313 supported = supported_old;
2314 retsize = sizeof(supported_old);
2315 }
2316
2317 if (size == 0) {
2318 return retsize;
2319 }
2320
2321 if (retsize > size) {
2322 errno = ERANGE;
2323 return -1;
2324 }
2325
2326 /* this can't be strcpy() because there are embedded null characters */
2327 memcpy(list, supported, retsize);
2328 return retsize;
2329 }
WIP