2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "libsmbclient.h"
27 #include "libsmb_internal.h"
28 #include "../librpc/gen_ndr/ndr_lsa.h"
29 #include "rpc_client/cli_lsarpc.h"
30 #include "../libcli/security/security.h"
33 * Find an lsa pipe handle associated with a cli struct.
35 static struct rpc_pipe_client
*
36 find_lsa_pipe_hnd(struct cli_state
*ipc_cli
)
38 struct rpc_pipe_client
*pipe_hnd
;
40 for (pipe_hnd
= ipc_cli
->pipe_list
;
42 pipe_hnd
= pipe_hnd
->next
) {
43 if (ndr_syntax_id_equal(&pipe_hnd
->abstract_syntax
,
44 &ndr_table_lsarpc
.syntax_id
)) {
52 * Sort ACEs according to the documentation at
53 * http://support.microsoft.com/kb/269175, at least as far as it defines the
58 ace_compare(struct security_ace
*ace1
,
59 struct security_ace
*ace2
)
64 /* If the ACEs are equal, we have nothing more to do. */
65 if (sec_ace_equal(ace1
, ace2
)) {
69 /* Inherited follow non-inherited */
70 b1
= ((ace1
->flags
& SEC_ACE_FLAG_INHERITED_ACE
) != 0);
71 b2
= ((ace2
->flags
& SEC_ACE_FLAG_INHERITED_ACE
) != 0);
77 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
78 * sort them after DENY and ALLOW.
80 b1
= (ace1
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED
&&
81 ace1
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
&&
82 ace1
->type
!= SEC_ACE_TYPE_ACCESS_DENIED
&&
83 ace1
->type
!= SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
84 b2
= (ace2
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED
&&
85 ace2
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
&&
86 ace2
->type
!= SEC_ACE_TYPE_ACCESS_DENIED
&&
87 ace2
->type
!= SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
92 /* Allowed ACEs follow denied ACEs */
93 b1
= (ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
||
94 ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
);
95 b2
= (ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
||
96 ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
);
102 * ACEs applying to an entity's object follow those applying to the
105 b1
= (ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
||
106 ace1
->type
== SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
107 b2
= (ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
||
108 ace2
->type
== SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
110 return (b1
? 1 : -1);
114 * If we get this far, the ACEs are similar as far as the
115 * characteristics we typically care about (those defined by the
116 * referenced MS document). We'll now sort by characteristics that
117 * just seems reasonable.
120 if (ace1
->type
!= ace2
->type
) {
121 return ace2
->type
- ace1
->type
;
124 if (dom_sid_compare(&ace1
->trustee
, &ace2
->trustee
)) {
125 return dom_sid_compare(&ace1
->trustee
, &ace2
->trustee
);
128 if (ace1
->flags
!= ace2
->flags
) {
129 return ace1
->flags
- ace2
->flags
;
132 if (ace1
->access_mask
!= ace2
->access_mask
) {
133 return ace1
->access_mask
- ace2
->access_mask
;
136 if (ace1
->size
!= ace2
->size
) {
137 return ace1
->size
- ace2
->size
;
140 return memcmp(ace1
, ace2
, sizeof(struct security_ace
));
145 sort_acl(struct security_acl
*the_acl
)
148 if (!the_acl
) return;
150 TYPESAFE_QSORT(the_acl
->aces
, the_acl
->num_aces
, ace_compare
);
152 for (i
=1;i
<the_acl
->num_aces
;) {
153 if (sec_ace_equal(&the_acl
->aces
[i
-1], &the_acl
->aces
[i
])) {
155 for (j
=i
; j
<the_acl
->num_aces
-1; j
++) {
156 the_acl
->aces
[j
] = the_acl
->aces
[j
+1];
165 /* convert a SID to a string, either numeric or username/group */
167 convert_sid_to_string(struct cli_state
*ipc_cli
,
168 struct policy_handle
*pol
,
173 char **domains
= NULL
;
175 enum lsa_SidType
*types
= NULL
;
176 struct rpc_pipe_client
*pipe_hnd
= find_lsa_pipe_hnd(ipc_cli
);
179 sid_to_fstring(str
, sid
);
182 return; /* no lookup desired */
189 /* Ask LSA to convert the sid to a name */
191 ctx
= talloc_stackframe();
193 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd
, ctx
,
194 pol
, 1, sid
, &domains
,
196 !domains
|| !domains
[0] || !names
|| !names
[0]) {
203 slprintf(str
, sizeof(fstring
) - 1, "%s%s%s",
204 domains
[0], lp_winbind_separator(),
210 /* convert a string to a SID, either numeric or username/group */
212 convert_string_to_sid(struct cli_state
*ipc_cli
,
213 struct policy_handle
*pol
,
218 enum lsa_SidType
*types
= NULL
;
219 struct dom_sid
*sids
= NULL
;
221 TALLOC_CTX
*ctx
= NULL
;
222 struct rpc_pipe_client
*pipe_hnd
= find_lsa_pipe_hnd(ipc_cli
);
229 if (strncmp(str
, "S-", 2) == 0) {
230 return string_to_sid(sid
, str
);
237 ctx
= talloc_stackframe();
238 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd
, ctx
,
246 sid_copy(sid
, &sids
[0]);
253 /* parse an struct security_ace in the same format as print_ace() */
255 parse_ace(struct cli_state
*ipc_cli
,
256 struct policy_handle
*pol
,
257 struct security_ace
*ace
,
269 const struct perm_value
*v
;
274 TALLOC_CTX
*frame
= talloc_stackframe();
276 /* These values discovered by inspection */
277 static const struct perm_value special_values
[] = {
287 static const struct perm_value standard_values
[] = {
288 { "READ", 0x001200a9 },
289 { "CHANGE", 0x001301bf },
290 { "FULL", 0x001f01ff },
295 p
= strchr_m(str
,':');
302 /* Try to parse numeric form */
304 if (sscanf(p
, "%i/%i/%i", &atype
, &aflags
, &amask
) == 3 &&
305 convert_string_to_sid(ipc_cli
, pol
, numeric
, &sid
, str
)) {
309 /* Try to parse text form */
311 if (!convert_string_to_sid(ipc_cli
, pol
, numeric
, &sid
, str
)) {
317 if (!next_token_talloc(frame
, &cp
, &tok
, "/")) {
322 if (StrnCaseCmp(tok
, "ALLOWED", strlen("ALLOWED")) == 0) {
323 atype
= SEC_ACE_TYPE_ACCESS_ALLOWED
;
324 } else if (StrnCaseCmp(tok
, "DENIED", strlen("DENIED")) == 0) {
325 atype
= SEC_ACE_TYPE_ACCESS_DENIED
;
331 /* Only numeric form accepted for flags at present */
333 if (!(next_token_talloc(frame
, &cp
, &tok
, "/") &&
334 sscanf(tok
, "%i", &aflags
))) {
339 if (!next_token_talloc(frame
, &cp
, &tok
, "/")) {
344 if (strncmp(tok
, "0x", 2) == 0) {
345 if (sscanf(tok
, "%i", &amask
) != 1) {
352 for (v
= standard_values
; v
->perm
; v
++) {
353 if (strcmp(tok
, v
->perm
) == 0) {
364 for (v
= special_values
; v
->perm
; v
++) {
365 if (v
->perm
[0] == *p
) {
385 init_sec_ace(ace
, &sid
, atype
, mask
, aflags
);
390 /* add an struct security_ace to a list of struct security_aces in a struct security_acl */
392 add_ace(struct security_acl
**the_acl
,
393 struct security_ace
*ace
,
396 struct security_acl
*newacl
;
397 struct security_ace
*aces
;
400 (*the_acl
) = make_sec_acl(ctx
, 3, 1, ace
);
404 if ((aces
= SMB_CALLOC_ARRAY(struct security_ace
,
405 1+(*the_acl
)->num_aces
)) == NULL
) {
408 memcpy(aces
, (*the_acl
)->aces
, (*the_acl
)->num_aces
* sizeof(struct security_ace
));
409 memcpy(aces
+(*the_acl
)->num_aces
, ace
, sizeof(struct security_ace
));
410 newacl
= make_sec_acl(ctx
, (*the_acl
)->revision
,
411 1+(*the_acl
)->num_aces
, aces
);
418 /* parse a ascii version of a security descriptor */
419 static struct security_descriptor
*
420 sec_desc_parse(TALLOC_CTX
*ctx
,
421 struct cli_state
*ipc_cli
,
422 struct policy_handle
*pol
,
428 struct security_descriptor
*ret
= NULL
;
430 struct dom_sid
*group_sid
=NULL
;
431 struct dom_sid
*owner_sid
=NULL
;
432 struct security_acl
*dacl
=NULL
;
435 while (next_token_talloc(ctx
, &p
, &tok
, "\t,\r\n")) {
437 if (StrnCaseCmp(tok
,"REVISION:", 9) == 0) {
438 revision
= strtol(tok
+9, NULL
, 16);
442 if (StrnCaseCmp(tok
,"OWNER:", 6) == 0) {
444 DEBUG(5,("OWNER specified more than once!\n"));
447 owner_sid
= SMB_CALLOC_ARRAY(struct dom_sid
, 1);
449 !convert_string_to_sid(ipc_cli
, pol
,
452 DEBUG(5, ("Failed to parse owner sid\n"));
458 if (StrnCaseCmp(tok
,"OWNER+:", 7) == 0) {
460 DEBUG(5,("OWNER specified more than once!\n"));
463 owner_sid
= SMB_CALLOC_ARRAY(struct dom_sid
, 1);
465 !convert_string_to_sid(ipc_cli
, pol
,
468 DEBUG(5, ("Failed to parse owner sid\n"));
474 if (StrnCaseCmp(tok
,"GROUP:", 6) == 0) {
476 DEBUG(5,("GROUP specified more than once!\n"));
479 group_sid
= SMB_CALLOC_ARRAY(struct dom_sid
, 1);
481 !convert_string_to_sid(ipc_cli
, pol
,
484 DEBUG(5, ("Failed to parse group sid\n"));
490 if (StrnCaseCmp(tok
,"GROUP+:", 7) == 0) {
492 DEBUG(5,("GROUP specified more than once!\n"));
495 group_sid
= SMB_CALLOC_ARRAY(struct dom_sid
, 1);
497 !convert_string_to_sid(ipc_cli
, pol
,
500 DEBUG(5, ("Failed to parse group sid\n"));
506 if (StrnCaseCmp(tok
,"ACL:", 4) == 0) {
507 struct security_ace ace
;
508 if (!parse_ace(ipc_cli
, pol
, &ace
, numeric
, tok
+4)) {
509 DEBUG(5, ("Failed to parse ACL %s\n", tok
));
512 if(!add_ace(&dacl
, &ace
, ctx
)) {
513 DEBUG(5, ("Failed to add ACL %s\n", tok
));
519 if (StrnCaseCmp(tok
,"ACL+:", 5) == 0) {
520 struct security_ace ace
;
521 if (!parse_ace(ipc_cli
, pol
, &ace
, False
, tok
+5)) {
522 DEBUG(5, ("Failed to parse ACL %s\n", tok
));
525 if(!add_ace(&dacl
, &ace
, ctx
)) {
526 DEBUG(5, ("Failed to add ACL %s\n", tok
));
532 DEBUG(5, ("Failed to parse security descriptor\n"));
536 ret
= make_sec_desc(ctx
, revision
, SEC_DESC_SELF_RELATIVE
,
537 owner_sid
, group_sid
, NULL
, dacl
, &sd_size
);
540 SAFE_FREE(group_sid
);
541 SAFE_FREE(owner_sid
);
546 /* Obtain the current dos attributes */
547 static DOS_ATTR_DESC
*
548 dos_attr_query(SMBCCTX
*context
,
550 const char *filename
,
553 struct timespec create_time_ts
;
554 struct timespec write_time_ts
;
555 struct timespec access_time_ts
;
556 struct timespec change_time_ts
;
562 ret
= TALLOC_P(ctx
, DOS_ATTR_DESC
);
568 /* Obtain the DOS attributes */
569 if (!SMBC_getatr(context
, srv
, CONST_DISCARD(char *, filename
),
576 errno
= SMBC_errno(context
, srv
->cli
);
577 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
583 ret
->create_time
= convert_timespec_to_time_t(create_time_ts
);
584 ret
->access_time
= convert_timespec_to_time_t(access_time_ts
);
585 ret
->write_time
= convert_timespec_to_time_t(write_time_ts
);
586 ret
->change_time
= convert_timespec_to_time_t(change_time_ts
);
593 /* parse a ascii version of a security descriptor */
595 dos_attr_parse(SMBCCTX
*context
,
603 TALLOC_CTX
*frame
= NULL
;
605 const char * create_time_attr
;
606 const char * access_time_attr
;
607 const char * write_time_attr
;
608 const char * change_time_attr
;
611 /* Determine whether to use old-style or new-style attribute names */
612 if (context
->internal
->full_time_names
) {
613 /* new-style names */
614 attr_strings
.create_time_attr
= "CREATE_TIME";
615 attr_strings
.access_time_attr
= "ACCESS_TIME";
616 attr_strings
.write_time_attr
= "WRITE_TIME";
617 attr_strings
.change_time_attr
= "CHANGE_TIME";
619 /* old-style names */
620 attr_strings
.create_time_attr
= NULL
;
621 attr_strings
.access_time_attr
= "A_TIME";
622 attr_strings
.write_time_attr
= "M_TIME";
623 attr_strings
.change_time_attr
= "C_TIME";
626 /* if this is to set the entire ACL... */
628 /* ... then increment past the first colon if there is one */
629 if ((p
= strchr(str
, ':')) != NULL
) {
636 frame
= talloc_stackframe();
637 while (next_token_talloc(frame
, &p
, &tok
, "\t,\r\n")) {
638 if (StrnCaseCmp(tok
, "MODE:", 5) == 0) {
639 long request
= strtol(tok
+5, NULL
, 16);
641 dad
->mode
= (request
|
642 (IS_DOS_DIR(dad
->mode
)
643 ? FILE_ATTRIBUTE_DIRECTORY
644 : FILE_ATTRIBUTE_NORMAL
));
651 if (StrnCaseCmp(tok
, "SIZE:", 5) == 0) {
652 dad
->size
= (SMB_OFF_T
)atof(tok
+5);
656 n
= strlen(attr_strings
.access_time_attr
);
657 if (StrnCaseCmp(tok
, attr_strings
.access_time_attr
, n
) == 0) {
658 dad
->access_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
662 n
= strlen(attr_strings
.change_time_attr
);
663 if (StrnCaseCmp(tok
, attr_strings
.change_time_attr
, n
) == 0) {
664 dad
->change_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
668 n
= strlen(attr_strings
.write_time_attr
);
669 if (StrnCaseCmp(tok
, attr_strings
.write_time_attr
, n
) == 0) {
670 dad
->write_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
674 if (attr_strings
.create_time_attr
!= NULL
) {
675 n
= strlen(attr_strings
.create_time_attr
);
676 if (StrnCaseCmp(tok
, attr_strings
.create_time_attr
,
678 dad
->create_time
= (time_t)strtol(tok
+n
+1,
684 if (StrnCaseCmp(tok
, "INODE:", 6) == 0) {
685 dad
->inode
= (SMB_INO_T
)atof(tok
+6);
692 /*****************************************************
693 Retrieve the acls for a file.
694 *******************************************************/
697 cacl_get(SMBCCTX
*context
,
700 struct cli_state
*ipc_cli
,
701 struct policy_handle
*pol
,
716 bool exclude_nt_revision
= False
;
717 bool exclude_nt_owner
= False
;
718 bool exclude_nt_group
= False
;
719 bool exclude_nt_acl
= False
;
720 bool exclude_dos_mode
= False
;
721 bool exclude_dos_size
= False
;
722 bool exclude_dos_create_time
= False
;
723 bool exclude_dos_access_time
= False
;
724 bool exclude_dos_write_time
= False
;
725 bool exclude_dos_change_time
= False
;
726 bool exclude_dos_inode
= False
;
728 bool determine_size
= (bufsize
== 0);
730 struct security_descriptor
*sd
;
732 fstring name_sandbox
;
736 struct timespec create_time_ts
;
737 struct timespec write_time_ts
;
738 struct timespec access_time_ts
;
739 struct timespec change_time_ts
;
740 time_t create_time
= (time_t)0;
741 time_t write_time
= (time_t)0;
742 time_t access_time
= (time_t)0;
743 time_t change_time
= (time_t)0;
747 struct cli_state
*cli
= srv
->cli
;
749 const char * create_time_attr
;
750 const char * access_time_attr
;
751 const char * write_time_attr
;
752 const char * change_time_attr
;
755 const char * create_time_attr
;
756 const char * access_time_attr
;
757 const char * write_time_attr
;
758 const char * change_time_attr
;
761 /* Determine whether to use old-style or new-style attribute names */
762 if (context
->internal
->full_time_names
) {
763 /* new-style names */
764 attr_strings
.create_time_attr
= "CREATE_TIME";
765 attr_strings
.access_time_attr
= "ACCESS_TIME";
766 attr_strings
.write_time_attr
= "WRITE_TIME";
767 attr_strings
.change_time_attr
= "CHANGE_TIME";
769 excl_attr_strings
.create_time_attr
= "CREATE_TIME";
770 excl_attr_strings
.access_time_attr
= "ACCESS_TIME";
771 excl_attr_strings
.write_time_attr
= "WRITE_TIME";
772 excl_attr_strings
.change_time_attr
= "CHANGE_TIME";
774 /* old-style names */
775 attr_strings
.create_time_attr
= NULL
;
776 attr_strings
.access_time_attr
= "A_TIME";
777 attr_strings
.write_time_attr
= "M_TIME";
778 attr_strings
.change_time_attr
= "C_TIME";
780 excl_attr_strings
.create_time_attr
= NULL
;
781 excl_attr_strings
.access_time_attr
= "dos_attr.A_TIME";
782 excl_attr_strings
.write_time_attr
= "dos_attr.M_TIME";
783 excl_attr_strings
.change_time_attr
= "dos_attr.C_TIME";
786 /* Copy name so we can strip off exclusions (if any are specified) */
787 strncpy(name_sandbox
, attr_name
, sizeof(name_sandbox
) - 1);
789 /* Ensure name is null terminated */
790 name_sandbox
[sizeof(name_sandbox
) - 1] = '\0';
792 /* Play in the sandbox */
795 /* If there are any exclusions, point to them and mask them from name */
796 if ((pExclude
= strchr(name
, '!')) != NULL
)
801 all
= (StrnCaseCmp(name
, "system.*", 8) == 0);
802 all_nt
= (StrnCaseCmp(name
, "system.nt_sec_desc.*", 20) == 0);
803 all_nt_acls
= (StrnCaseCmp(name
, "system.nt_sec_desc.acl.*", 24) == 0);
804 all_dos
= (StrnCaseCmp(name
, "system.dos_attr.*", 17) == 0);
805 some_nt
= (StrnCaseCmp(name
, "system.nt_sec_desc.", 19) == 0);
806 some_dos
= (StrnCaseCmp(name
, "system.dos_attr.", 16) == 0);
807 numeric
= (* (name
+ strlen(name
) - 1) != '+');
809 /* Look for exclusions from "all" requests */
810 if (all
|| all_nt
|| all_dos
) {
811 /* Exclusions are delimited by '!' */
814 pExclude
= (p
== NULL
? NULL
: p
+ 1)) {
816 /* Find end of this exclusion name */
817 if ((p
= strchr(pExclude
, '!')) != NULL
)
822 /* Which exclusion name is this? */
823 if (StrCaseCmp(pExclude
,
824 "nt_sec_desc.revision") == 0) {
825 exclude_nt_revision
= True
;
827 else if (StrCaseCmp(pExclude
,
828 "nt_sec_desc.owner") == 0) {
829 exclude_nt_owner
= True
;
831 else if (StrCaseCmp(pExclude
,
832 "nt_sec_desc.group") == 0) {
833 exclude_nt_group
= True
;
835 else if (StrCaseCmp(pExclude
,
836 "nt_sec_desc.acl") == 0) {
837 exclude_nt_acl
= True
;
839 else if (StrCaseCmp(pExclude
,
840 "dos_attr.mode") == 0) {
841 exclude_dos_mode
= True
;
843 else if (StrCaseCmp(pExclude
,
844 "dos_attr.size") == 0) {
845 exclude_dos_size
= True
;
847 else if (excl_attr_strings
.create_time_attr
!= NULL
&&
849 excl_attr_strings
.change_time_attr
) == 0) {
850 exclude_dos_create_time
= True
;
852 else if (StrCaseCmp(pExclude
,
853 excl_attr_strings
.access_time_attr
) == 0) {
854 exclude_dos_access_time
= True
;
856 else if (StrCaseCmp(pExclude
,
857 excl_attr_strings
.write_time_attr
) == 0) {
858 exclude_dos_write_time
= True
;
860 else if (StrCaseCmp(pExclude
,
861 excl_attr_strings
.change_time_attr
) == 0) {
862 exclude_dos_change_time
= True
;
864 else if (StrCaseCmp(pExclude
, "dos_attr.inode") == 0) {
865 exclude_dos_inode
= True
;
868 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
879 * If we are (possibly) talking to an NT or new system and some NT
880 * attributes have been requested...
882 if (ipc_cli
&& (all
|| some_nt
|| all_nt_acls
)) {
883 char *targetpath
= NULL
;
884 struct cli_state
*targetcli
= NULL
;
886 /* Point to the portion after "system.nt_sec_desc." */
887 name
+= 19; /* if (all) this will be invalid but unused */
889 if (!cli_resolve_path(ctx
, "", context
->internal
->auth_info
,
891 &targetcli
, &targetpath
)) {
892 DEBUG(5, ("cacl_get Could not resolve %s\n",
898 /* ... then obtain any NT attributes which were requested */
899 if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli
, targetpath
, 0, CREATE_ACCESS_READ
, 0,
900 FILE_SHARE_READ
|FILE_SHARE_WRITE
, FILE_OPEN
, 0x0, 0x0, &fnum
))) {
901 DEBUG(5, ("cacl_get failed to open %s: %s\n",
902 targetpath
, cli_errstr(targetcli
)));
907 sd
= cli_query_secdesc(targetcli
, fnum
, ctx
);
911 ("cacl_get Failed to query old descriptor\n"));
916 cli_close(targetcli
, fnum
);
918 if (! exclude_nt_revision
) {
920 if (determine_size
) {
921 p
= talloc_asprintf(ctx
,
930 n
= snprintf(buf
, bufsize
,
934 } else if (StrCaseCmp(name
, "revision") == 0) {
935 if (determine_size
) {
936 p
= talloc_asprintf(ctx
, "%d",
944 n
= snprintf(buf
, bufsize
, "%d",
949 if (!determine_size
&& n
> bufsize
) {
959 if (! exclude_nt_owner
) {
960 /* Get owner and group sid */
962 convert_sid_to_string(ipc_cli
, pol
,
971 if (determine_size
) {
972 p
= talloc_asprintf(ctx
, ",OWNER:%s",
979 } else if (sidstr
[0] != '\0') {
980 n
= snprintf(buf
, bufsize
,
981 ",OWNER:%s", sidstr
);
983 } else if (StrnCaseCmp(name
, "owner", 5) == 0) {
984 if (determine_size
) {
985 p
= talloc_asprintf(ctx
, "%s", sidstr
);
992 n
= snprintf(buf
, bufsize
, "%s",
997 if (!determine_size
&& n
> bufsize
) {
1007 if (! exclude_nt_group
) {
1008 if (sd
->group_sid
) {
1009 convert_sid_to_string(ipc_cli
, pol
,
1013 fstrcpy(sidstr
, "");
1016 if (all
|| all_nt
) {
1017 if (determine_size
) {
1018 p
= talloc_asprintf(ctx
, ",GROUP:%s",
1025 } else if (sidstr
[0] != '\0') {
1026 n
= snprintf(buf
, bufsize
,
1027 ",GROUP:%s", sidstr
);
1029 } else if (StrnCaseCmp(name
, "group", 5) == 0) {
1030 if (determine_size
) {
1031 p
= talloc_asprintf(ctx
, "%s", sidstr
);
1038 n
= snprintf(buf
, bufsize
,
1043 if (!determine_size
&& n
> bufsize
) {
1053 if (! exclude_nt_acl
) {
1054 /* Add aces to value buffer */
1055 for (i
= 0; sd
->dacl
&& i
< sd
->dacl
->num_aces
; i
++) {
1057 struct security_ace
*ace
= &sd
->dacl
->aces
[i
];
1058 convert_sid_to_string(ipc_cli
, pol
,
1062 if (all
|| all_nt
) {
1063 if (determine_size
) {
1064 p
= talloc_asprintf(
1080 ",ACL:%s:%d/%d/0x%08x",
1086 } else if ((StrnCaseCmp(name
, "acl", 3) == 0 &&
1087 StrCaseCmp(name
+3, sidstr
) == 0) ||
1088 (StrnCaseCmp(name
, "acl+", 4) == 0 &&
1089 StrCaseCmp(name
+4, sidstr
) == 0)) {
1090 if (determine_size
) {
1091 p
= talloc_asprintf(
1103 n
= snprintf(buf
, bufsize
,
1109 } else if (all_nt_acls
) {
1110 if (determine_size
) {
1111 p
= talloc_asprintf(
1113 "%s%s:%d/%d/0x%08x",
1125 n
= snprintf(buf
, bufsize
,
1126 "%s%s:%d/%d/0x%08x",
1134 if (!determine_size
&& n
> bufsize
) {
1145 /* Restore name pointer to its original value */
1149 if (all
|| some_dos
) {
1150 /* Point to the portion after "system.dos_attr." */
1151 name
+= 16; /* if (all) this will be invalid but unused */
1153 /* Obtain the DOS attributes */
1154 if (!SMBC_getatr(context
, srv
, filename
, &mode
, &size
,
1161 errno
= SMBC_errno(context
, srv
->cli
);
1165 create_time
= convert_timespec_to_time_t(create_time_ts
);
1166 access_time
= convert_timespec_to_time_t(access_time_ts
);
1167 write_time
= convert_timespec_to_time_t(write_time_ts
);
1168 change_time
= convert_timespec_to_time_t(change_time_ts
);
1170 if (! exclude_dos_mode
) {
1171 if (all
|| all_dos
) {
1172 if (determine_size
) {
1173 p
= talloc_asprintf(ctx
,
1186 n
= snprintf(buf
, bufsize
,
1194 } else if (StrCaseCmp(name
, "mode") == 0) {
1195 if (determine_size
) {
1196 p
= talloc_asprintf(ctx
, "0x%x", mode
);
1203 n
= snprintf(buf
, bufsize
,
1208 if (!determine_size
&& n
> bufsize
) {
1218 if (! exclude_dos_size
) {
1219 if (all
|| all_dos
) {
1220 if (determine_size
) {
1221 p
= talloc_asprintf(
1231 n
= snprintf(buf
, bufsize
,
1235 } else if (StrCaseCmp(name
, "size") == 0) {
1236 if (determine_size
) {
1237 p
= talloc_asprintf(
1247 n
= snprintf(buf
, bufsize
,
1253 if (!determine_size
&& n
> bufsize
) {
1263 if (! exclude_dos_create_time
&&
1264 attr_strings
.create_time_attr
!= NULL
) {
1265 if (all
|| all_dos
) {
1266 if (determine_size
) {
1267 p
= talloc_asprintf(ctx
,
1269 attr_strings
.create_time_attr
,
1270 (unsigned long) create_time
);
1277 n
= snprintf(buf
, bufsize
,
1279 attr_strings
.create_time_attr
,
1280 (unsigned long) create_time
);
1282 } else if (StrCaseCmp(name
, attr_strings
.create_time_attr
) == 0) {
1283 if (determine_size
) {
1284 p
= talloc_asprintf(ctx
, "%lu", (unsigned long) create_time
);
1291 n
= snprintf(buf
, bufsize
,
1292 "%lu", (unsigned long) create_time
);
1296 if (!determine_size
&& n
> bufsize
) {
1306 if (! exclude_dos_access_time
) {
1307 if (all
|| all_dos
) {
1308 if (determine_size
) {
1309 p
= talloc_asprintf(ctx
,
1311 attr_strings
.access_time_attr
,
1312 (unsigned long) access_time
);
1319 n
= snprintf(buf
, bufsize
,
1321 attr_strings
.access_time_attr
,
1322 (unsigned long) access_time
);
1324 } else if (StrCaseCmp(name
, attr_strings
.access_time_attr
) == 0) {
1325 if (determine_size
) {
1326 p
= talloc_asprintf(ctx
, "%lu", (unsigned long) access_time
);
1333 n
= snprintf(buf
, bufsize
,
1334 "%lu", (unsigned long) access_time
);
1338 if (!determine_size
&& n
> bufsize
) {
1348 if (! exclude_dos_write_time
) {
1349 if (all
|| all_dos
) {
1350 if (determine_size
) {
1351 p
= talloc_asprintf(ctx
,
1353 attr_strings
.write_time_attr
,
1354 (unsigned long) write_time
);
1361 n
= snprintf(buf
, bufsize
,
1363 attr_strings
.write_time_attr
,
1364 (unsigned long) write_time
);
1366 } else if (StrCaseCmp(name
, attr_strings
.write_time_attr
) == 0) {
1367 if (determine_size
) {
1368 p
= talloc_asprintf(ctx
, "%lu", (unsigned long) write_time
);
1375 n
= snprintf(buf
, bufsize
,
1376 "%lu", (unsigned long) write_time
);
1380 if (!determine_size
&& n
> bufsize
) {
1390 if (! exclude_dos_change_time
) {
1391 if (all
|| all_dos
) {
1392 if (determine_size
) {
1393 p
= talloc_asprintf(ctx
,
1395 attr_strings
.change_time_attr
,
1396 (unsigned long) change_time
);
1403 n
= snprintf(buf
, bufsize
,
1405 attr_strings
.change_time_attr
,
1406 (unsigned long) change_time
);
1408 } else if (StrCaseCmp(name
, attr_strings
.change_time_attr
) == 0) {
1409 if (determine_size
) {
1410 p
= talloc_asprintf(ctx
, "%lu", (unsigned long) change_time
);
1417 n
= snprintf(buf
, bufsize
,
1418 "%lu", (unsigned long) change_time
);
1422 if (!determine_size
&& n
> bufsize
) {
1432 if (! exclude_dos_inode
) {
1433 if (all
|| all_dos
) {
1434 if (determine_size
) {
1435 p
= talloc_asprintf(
1445 n
= snprintf(buf
, bufsize
,
1449 } else if (StrCaseCmp(name
, "inode") == 0) {
1450 if (determine_size
) {
1451 p
= talloc_asprintf(
1461 n
= snprintf(buf
, bufsize
,
1467 if (!determine_size
&& n
> bufsize
) {
1477 /* Restore name pointer to its original value */
1489 /*****************************************************
1490 set the ACLs on a file given an ascii description
1491 *******************************************************/
1493 cacl_set(SMBCCTX
*context
,
1495 struct cli_state
*cli
,
1496 struct cli_state
*ipc_cli
,
1497 struct policy_handle
*pol
,
1498 const char *filename
,
1503 uint16_t fnum
= (uint16_t)-1;
1505 struct security_descriptor
*sd
= NULL
, *old
;
1506 struct security_acl
*dacl
= NULL
;
1507 struct dom_sid
*owner_sid
= NULL
;
1508 struct dom_sid
*group_sid
= NULL
;
1513 bool numeric
= True
;
1514 char *targetpath
= NULL
;
1515 struct cli_state
*targetcli
= NULL
;
1518 /* the_acl will be null for REMOVE_ALL operations */
1520 numeric
= ((p
= strchr(the_acl
, ':')) != NULL
&&
1524 /* if this is to set the entire ACL... */
1525 if (*the_acl
== '*') {
1526 /* ... then increment past the first colon */
1530 sd
= sec_desc_parse(ctx
, ipc_cli
, pol
, numeric
, the_acl
);
1537 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1538 that doesn't deref sd */
1540 if (!sd
&& (mode
!= SMBC_XATTR_MODE_REMOVE_ALL
)) {
1545 if (!cli_resolve_path(ctx
, "", context
->internal
->auth_info
,
1547 &targetcli
, &targetpath
)) {
1548 DEBUG(5,("cacl_set: Could not resolve %s\n", filename
));
1553 /* The desired access below is the only one I could find that works
1554 with NT4, W2KP and Samba */
1556 if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli
, targetpath
, 0, CREATE_ACCESS_READ
, 0,
1557 FILE_SHARE_READ
|FILE_SHARE_WRITE
, FILE_OPEN
, 0x0, 0x0, &fnum
))) {
1558 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1559 targetpath
, cli_errstr(targetcli
)));
1564 old
= cli_query_secdesc(targetcli
, fnum
, ctx
);
1567 DEBUG(5, ("cacl_set Failed to query old descriptor\n"));
1572 cli_close(targetcli
, fnum
);
1575 case SMBC_XATTR_MODE_REMOVE_ALL
:
1576 old
->dacl
->num_aces
= 0;
1580 case SMBC_XATTR_MODE_REMOVE
:
1581 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1584 for (j
=0;old
->dacl
&& j
<old
->dacl
->num_aces
;j
++) {
1585 if (sec_ace_equal(&sd
->dacl
->aces
[i
],
1586 &old
->dacl
->aces
[j
])) {
1588 for (k
=j
; k
<old
->dacl
->num_aces
-1;k
++) {
1589 old
->dacl
->aces
[k
] =
1590 old
->dacl
->aces
[k
+1];
1592 old
->dacl
->num_aces
--;
1607 case SMBC_XATTR_MODE_ADD
:
1608 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1611 for (j
=0;old
->dacl
&& j
<old
->dacl
->num_aces
;j
++) {
1612 if (dom_sid_equal(&sd
->dacl
->aces
[i
].trustee
,
1613 &old
->dacl
->aces
[j
].trustee
)) {
1614 if (!(flags
& SMBC_XATTR_FLAG_CREATE
)) {
1619 old
->dacl
->aces
[j
] = sd
->dacl
->aces
[i
];
1625 if (!found
&& (flags
& SMBC_XATTR_FLAG_REPLACE
)) {
1631 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1632 add_ace(&old
->dacl
, &sd
->dacl
->aces
[i
], ctx
);
1638 case SMBC_XATTR_MODE_SET
:
1640 owner_sid
= old
->owner_sid
;
1641 group_sid
= old
->group_sid
;
1645 case SMBC_XATTR_MODE_CHOWN
:
1646 owner_sid
= sd
->owner_sid
;
1649 case SMBC_XATTR_MODE_CHGRP
:
1650 group_sid
= sd
->group_sid
;
1654 /* Denied ACE entries must come before allowed ones */
1655 sort_acl(old
->dacl
);
1657 /* Create new security descriptor and set it */
1658 sd
= make_sec_desc(ctx
, old
->revision
, SEC_DESC_SELF_RELATIVE
,
1659 owner_sid
, group_sid
, NULL
, dacl
, &sd_size
);
1661 if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli
, targetpath
, 0,
1662 WRITE_DAC_ACCESS
| WRITE_OWNER_ACCESS
, 0,
1663 FILE_SHARE_READ
|FILE_SHARE_WRITE
, FILE_OPEN
, 0x0, 0x0, &fnum
))) {
1664 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1665 targetpath
, cli_errstr(targetcli
)));
1670 status
= cli_set_secdesc(targetcli
, fnum
, sd
);
1671 if (!NT_STATUS_IS_OK(status
)) {
1672 DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1673 nt_errstr(status
)));
1680 cli_close(targetcli
, fnum
);
1691 SMBC_setxattr_ctx(SMBCCTX
*context
,
1700 SMBCSRV
*srv
= NULL
;
1701 SMBCSRV
*ipc_srv
= NULL
;
1702 char *server
= NULL
;
1705 char *password
= NULL
;
1706 char *workgroup
= NULL
;
1708 DOS_ATTR_DESC
*dad
= NULL
;
1710 const char * create_time_attr
;
1711 const char * access_time_attr
;
1712 const char * write_time_attr
;
1713 const char * change_time_attr
;
1715 TALLOC_CTX
*frame
= talloc_stackframe();
1717 if (!context
|| !context
->internal
->initialized
) {
1718 errno
= EINVAL
; /* Best I can think of ... */
1729 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1730 fname
, name
, (int) size
, (const char*)value
));
1732 if (SMBC_parse_path(frame
,
1747 if (!user
|| user
[0] == (char)0) {
1748 user
= talloc_strdup(frame
, smbc_getUser(context
));
1756 srv
= SMBC_server(frame
, context
, True
,
1757 server
, share
, &workgroup
, &user
, &password
);
1760 return -1; /* errno set by SMBC_server */
1763 if (! srv
->no_nt_session
) {
1764 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
1765 &workgroup
, &user
, &password
);
1767 srv
->no_nt_session
= True
;
1774 * Are they asking to set the entire set of known attributes?
1776 if (StrCaseCmp(name
, "system.*") == 0 ||
1777 StrCaseCmp(name
, "system.*+") == 0) {
1780 talloc_asprintf(talloc_tos(), "%s:%s",
1781 name
+7, (const char *) value
);
1790 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
1791 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1794 ? SMBC_XATTR_MODE_SET
1795 : SMBC_XATTR_MODE_ADD
),
1801 /* get a DOS Attribute Descriptor with current attributes */
1802 dad
= dos_attr_query(context
, talloc_tos(), path
, srv
);
1804 /* Overwrite old with new, using what was provided */
1805 dos_attr_parse(context
, dad
, srv
, namevalue
);
1807 /* Set the new DOS attributes */
1808 if (! SMBC_setatr(context
, srv
, path
,
1815 /* cause failure if NT failed too */
1820 /* we only fail if both NT and DOS sets failed */
1821 if (ret
< 0 && ! dad
) {
1822 ret
= -1; /* in case dad was null */
1833 * Are they asking to set an access control element or to set
1834 * the entire access control list?
1836 if (StrCaseCmp(name
, "system.nt_sec_desc.*") == 0 ||
1837 StrCaseCmp(name
, "system.nt_sec_desc.*+") == 0 ||
1838 StrCaseCmp(name
, "system.nt_sec_desc.revision") == 0 ||
1839 StrnCaseCmp(name
, "system.nt_sec_desc.acl", 22) == 0 ||
1840 StrnCaseCmp(name
, "system.nt_sec_desc.acl+", 23) == 0) {
1844 talloc_asprintf(talloc_tos(), "%s:%s",
1845 name
+19, (const char *) value
);
1848 ret
= -1; /* errno set by SMBC_server() */
1850 else if (! namevalue
) {
1854 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
1855 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1858 ? SMBC_XATTR_MODE_SET
1859 : SMBC_XATTR_MODE_ADD
),
1867 * Are they asking to set the owner?
1869 if (StrCaseCmp(name
, "system.nt_sec_desc.owner") == 0 ||
1870 StrCaseCmp(name
, "system.nt_sec_desc.owner+") == 0) {
1874 talloc_asprintf(talloc_tos(), "%s:%s",
1875 name
+19, (const char *) value
);
1878 ret
= -1; /* errno set by SMBC_server() */
1880 else if (! namevalue
) {
1884 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
1885 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1886 namevalue
, SMBC_XATTR_MODE_CHOWN
, 0);
1893 * Are they asking to set the group?
1895 if (StrCaseCmp(name
, "system.nt_sec_desc.group") == 0 ||
1896 StrCaseCmp(name
, "system.nt_sec_desc.group+") == 0) {
1900 talloc_asprintf(talloc_tos(), "%s:%s",
1901 name
+19, (const char *) value
);
1904 /* errno set by SMBC_server() */
1907 else if (! namevalue
) {
1911 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
1912 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1913 namevalue
, SMBC_XATTR_MODE_CHGRP
, 0);
1919 /* Determine whether to use old-style or new-style attribute names */
1920 if (context
->internal
->full_time_names
) {
1921 /* new-style names */
1922 attr_strings
.create_time_attr
= "system.dos_attr.CREATE_TIME";
1923 attr_strings
.access_time_attr
= "system.dos_attr.ACCESS_TIME";
1924 attr_strings
.write_time_attr
= "system.dos_attr.WRITE_TIME";
1925 attr_strings
.change_time_attr
= "system.dos_attr.CHANGE_TIME";
1927 /* old-style names */
1928 attr_strings
.create_time_attr
= NULL
;
1929 attr_strings
.access_time_attr
= "system.dos_attr.A_TIME";
1930 attr_strings
.write_time_attr
= "system.dos_attr.M_TIME";
1931 attr_strings
.change_time_attr
= "system.dos_attr.C_TIME";
1935 * Are they asking to set a DOS attribute?
1937 if (StrCaseCmp(name
, "system.dos_attr.*") == 0 ||
1938 StrCaseCmp(name
, "system.dos_attr.mode") == 0 ||
1939 (attr_strings
.create_time_attr
!= NULL
&&
1940 StrCaseCmp(name
, attr_strings
.create_time_attr
) == 0) ||
1941 StrCaseCmp(name
, attr_strings
.access_time_attr
) == 0 ||
1942 StrCaseCmp(name
, attr_strings
.write_time_attr
) == 0 ||
1943 StrCaseCmp(name
, attr_strings
.change_time_attr
) == 0) {
1945 /* get a DOS Attribute Descriptor with current attributes */
1946 dad
= dos_attr_query(context
, talloc_tos(), path
, srv
);
1949 talloc_asprintf(talloc_tos(), "%s:%s",
1950 name
+16, (const char *) value
);
1955 /* Overwrite old with provided new params */
1956 dos_attr_parse(context
, dad
, srv
, namevalue
);
1958 /* Set the new DOS attributes */
1959 ret2
= SMBC_setatr(context
, srv
, path
,
1966 /* ret2 has True (success) / False (failure) */
1981 /* Unsupported attribute name */
1988 SMBC_getxattr_ctx(SMBCCTX
*context
,
1995 SMBCSRV
*srv
= NULL
;
1996 SMBCSRV
*ipc_srv
= NULL
;
1997 char *server
= NULL
;
2000 char *password
= NULL
;
2001 char *workgroup
= NULL
;
2004 const char * create_time_attr
;
2005 const char * access_time_attr
;
2006 const char * write_time_attr
;
2007 const char * change_time_attr
;
2009 TALLOC_CTX
*frame
= talloc_stackframe();
2011 if (!context
|| !context
->internal
->initialized
) {
2012 errno
= EINVAL
; /* Best I can think of ... */
2023 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname
, name
));
2025 if (SMBC_parse_path(frame
,
2040 if (!user
|| user
[0] == (char)0) {
2041 user
= talloc_strdup(frame
, smbc_getUser(context
));
2049 srv
= SMBC_server(frame
, context
, True
,
2050 server
, share
, &workgroup
, &user
, &password
);
2053 return -1; /* errno set by SMBC_server */
2056 if (! srv
->no_nt_session
) {
2057 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
2058 &workgroup
, &user
, &password
);
2060 srv
->no_nt_session
= True
;
2066 /* Determine whether to use old-style or new-style attribute names */
2067 if (context
->internal
->full_time_names
) {
2068 /* new-style names */
2069 attr_strings
.create_time_attr
= "system.dos_attr.CREATE_TIME";
2070 attr_strings
.access_time_attr
= "system.dos_attr.ACCESS_TIME";
2071 attr_strings
.write_time_attr
= "system.dos_attr.WRITE_TIME";
2072 attr_strings
.change_time_attr
= "system.dos_attr.CHANGE_TIME";
2074 /* old-style names */
2075 attr_strings
.create_time_attr
= NULL
;
2076 attr_strings
.access_time_attr
= "system.dos_attr.A_TIME";
2077 attr_strings
.write_time_attr
= "system.dos_attr.M_TIME";
2078 attr_strings
.change_time_attr
= "system.dos_attr.C_TIME";
2081 /* Are they requesting a supported attribute? */
2082 if (StrCaseCmp(name
, "system.*") == 0 ||
2083 StrnCaseCmp(name
, "system.*!", 9) == 0 ||
2084 StrCaseCmp(name
, "system.*+") == 0 ||
2085 StrnCaseCmp(name
, "system.*+!", 10) == 0 ||
2086 StrCaseCmp(name
, "system.nt_sec_desc.*") == 0 ||
2087 StrnCaseCmp(name
, "system.nt_sec_desc.*!", 21) == 0 ||
2088 StrCaseCmp(name
, "system.nt_sec_desc.*+") == 0 ||
2089 StrnCaseCmp(name
, "system.nt_sec_desc.*+!", 22) == 0 ||
2090 StrCaseCmp(name
, "system.nt_sec_desc.revision") == 0 ||
2091 StrCaseCmp(name
, "system.nt_sec_desc.owner") == 0 ||
2092 StrCaseCmp(name
, "system.nt_sec_desc.owner+") == 0 ||
2093 StrCaseCmp(name
, "system.nt_sec_desc.group") == 0 ||
2094 StrCaseCmp(name
, "system.nt_sec_desc.group+") == 0 ||
2095 StrnCaseCmp(name
, "system.nt_sec_desc.acl", 22) == 0 ||
2096 StrnCaseCmp(name
, "system.nt_sec_desc.acl+", 23) == 0 ||
2097 StrCaseCmp(name
, "system.dos_attr.*") == 0 ||
2098 StrnCaseCmp(name
, "system.dos_attr.*!", 18) == 0 ||
2099 StrCaseCmp(name
, "system.dos_attr.mode") == 0 ||
2100 StrCaseCmp(name
, "system.dos_attr.size") == 0 ||
2101 (attr_strings
.create_time_attr
!= NULL
&&
2102 StrCaseCmp(name
, attr_strings
.create_time_attr
) == 0) ||
2103 StrCaseCmp(name
, attr_strings
.access_time_attr
) == 0 ||
2104 StrCaseCmp(name
, attr_strings
.write_time_attr
) == 0 ||
2105 StrCaseCmp(name
, attr_strings
.change_time_attr
) == 0 ||
2106 StrCaseCmp(name
, "system.dos_attr.inode") == 0) {
2109 char *filename
= (char *) name
;
2110 ret
= cacl_get(context
, talloc_tos(), srv
,
2111 ipc_srv
== NULL
? NULL
: ipc_srv
->cli
,
2112 &ipc_srv
->pol
, path
,
2114 CONST_DISCARD(char *, value
),
2116 if (ret
< 0 && errno
== 0) {
2117 errno
= SMBC_errno(context
, srv
->cli
);
2123 /* Unsupported attribute name */
2131 SMBC_removexattr_ctx(SMBCCTX
*context
,
2136 SMBCSRV
*srv
= NULL
;
2137 SMBCSRV
*ipc_srv
= NULL
;
2138 char *server
= NULL
;
2141 char *password
= NULL
;
2142 char *workgroup
= NULL
;
2144 TALLOC_CTX
*frame
= talloc_stackframe();
2146 if (!context
|| !context
->internal
->initialized
) {
2147 errno
= EINVAL
; /* Best I can think of ... */
2158 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname
, name
));
2160 if (SMBC_parse_path(frame
,
2175 if (!user
|| user
[0] == (char)0) {
2176 user
= talloc_strdup(frame
, smbc_getUser(context
));
2184 srv
= SMBC_server(frame
, context
, True
,
2185 server
, share
, &workgroup
, &user
, &password
);
2188 return -1; /* errno set by SMBC_server */
2191 if (! srv
->no_nt_session
) {
2192 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
2193 &workgroup
, &user
, &password
);
2195 srv
->no_nt_session
= True
;
2203 return -1; /* errno set by SMBC_attr_server */
2206 /* Are they asking to set the entire ACL? */
2207 if (StrCaseCmp(name
, "system.nt_sec_desc.*") == 0 ||
2208 StrCaseCmp(name
, "system.nt_sec_desc.*+") == 0) {
2211 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
2212 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
2213 NULL
, SMBC_XATTR_MODE_REMOVE_ALL
, 0);
2219 * Are they asking to remove one or more spceific security descriptor
2222 if (StrCaseCmp(name
, "system.nt_sec_desc.revision") == 0 ||
2223 StrCaseCmp(name
, "system.nt_sec_desc.owner") == 0 ||
2224 StrCaseCmp(name
, "system.nt_sec_desc.owner+") == 0 ||
2225 StrCaseCmp(name
, "system.nt_sec_desc.group") == 0 ||
2226 StrCaseCmp(name
, "system.nt_sec_desc.group+") == 0 ||
2227 StrnCaseCmp(name
, "system.nt_sec_desc.acl", 22) == 0 ||
2228 StrnCaseCmp(name
, "system.nt_sec_desc.acl+", 23) == 0) {
2231 ret
= cacl_set(context
, talloc_tos(), srv
->cli
,
2232 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
2233 CONST_DISCARD(char *, name
) + 19,
2234 SMBC_XATTR_MODE_REMOVE
, 0);
2239 /* Unsupported attribute name */
2246 SMBC_listxattr_ctx(SMBCCTX
*context
,
2252 * This isn't quite what listxattr() is supposed to do. This returns
2253 * the complete set of attribute names, always, rather than only those
2254 * attribute names which actually exist for a file. Hmmm...
2257 const char supported_old
[] =
2260 "system.nt_sec_desc.revision\0"
2261 "system.nt_sec_desc.owner\0"
2262 "system.nt_sec_desc.owner+\0"
2263 "system.nt_sec_desc.group\0"
2264 "system.nt_sec_desc.group+\0"
2265 "system.nt_sec_desc.acl.*\0"
2266 "system.nt_sec_desc.acl\0"
2267 "system.nt_sec_desc.acl+\0"
2268 "system.nt_sec_desc.*\0"
2269 "system.nt_sec_desc.*+\0"
2270 "system.dos_attr.*\0"
2271 "system.dos_attr.mode\0"
2272 "system.dos_attr.c_time\0"
2273 "system.dos_attr.a_time\0"
2274 "system.dos_attr.m_time\0"
2276 const char supported_new
[] =
2279 "system.nt_sec_desc.revision\0"
2280 "system.nt_sec_desc.owner\0"
2281 "system.nt_sec_desc.owner+\0"
2282 "system.nt_sec_desc.group\0"
2283 "system.nt_sec_desc.group+\0"
2284 "system.nt_sec_desc.acl.*\0"
2285 "system.nt_sec_desc.acl\0"
2286 "system.nt_sec_desc.acl+\0"
2287 "system.nt_sec_desc.*\0"
2288 "system.nt_sec_desc.*+\0"
2289 "system.dos_attr.*\0"
2290 "system.dos_attr.mode\0"
2291 "system.dos_attr.create_time\0"
2292 "system.dos_attr.access_time\0"
2293 "system.dos_attr.write_time\0"
2294 "system.dos_attr.change_time\0"
2296 const char * supported
;
2298 if (context
->internal
->full_time_names
) {
2299 supported
= supported_new
;
2300 retsize
= sizeof(supported_new
);
2302 supported
= supported_old
;
2303 retsize
= sizeof(supported_old
);
2310 if (retsize
> size
) {
2315 /* this can't be strcpy() because there are embedded null characters */
2316 memcpy(list
, supported
, retsize
);