2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "libsmbclient.h"
27 #include "libsmb_internal.h"
31 * Find an lsa pipe handle associated with a cli struct.
33 static struct rpc_pipe_client
*
34 find_lsa_pipe_hnd(struct cli_state
*ipc_cli
)
36 struct rpc_pipe_client
*pipe_hnd
;
38 for (pipe_hnd
= ipc_cli
->pipe_list
;
40 pipe_hnd
= pipe_hnd
->next
) {
42 if (rpccli_is_pipe_idx(pipe_hnd
, PI_LSARPC
)) {
51 * Sort ACEs according to the documentation at
52 * http://support.microsoft.com/kb/269175, at least as far as it defines the
57 ace_compare(SEC_ACE
*ace1
,
63 /* If the ACEs are equal, we have nothing more to do. */
64 if (sec_ace_equal(ace1
, ace2
)) {
68 /* Inherited follow non-inherited */
69 b1
= ((ace1
->flags
& SEC_ACE_FLAG_INHERITED_ACE
) != 0);
70 b2
= ((ace2
->flags
& SEC_ACE_FLAG_INHERITED_ACE
) != 0);
76 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
77 * sort them after DENY and ALLOW.
79 b1
= (ace1
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED
&&
80 ace1
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
&&
81 ace1
->type
!= SEC_ACE_TYPE_ACCESS_DENIED
&&
82 ace1
->type
!= SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
83 b2
= (ace2
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED
&&
84 ace2
->type
!= SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
&&
85 ace2
->type
!= SEC_ACE_TYPE_ACCESS_DENIED
&&
86 ace2
->type
!= SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
91 /* Allowed ACEs follow denied ACEs */
92 b1
= (ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
||
93 ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
);
94 b2
= (ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED
||
95 ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
);
101 * ACEs applying to an entity's object follow those applying to the
104 b1
= (ace1
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
||
105 ace1
->type
== SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
106 b2
= (ace2
->type
== SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
||
107 ace2
->type
== SEC_ACE_TYPE_ACCESS_DENIED_OBJECT
);
109 return (b1
? 1 : -1);
113 * If we get this far, the ACEs are similar as far as the
114 * characteristics we typically care about (those defined by the
115 * referenced MS document). We'll now sort by characteristics that
116 * just seems reasonable.
119 if (ace1
->type
!= ace2
->type
) {
120 return ace2
->type
- ace1
->type
;
123 if (sid_compare(&ace1
->trustee
, &ace2
->trustee
)) {
124 return sid_compare(&ace1
->trustee
, &ace2
->trustee
);
127 if (ace1
->flags
!= ace2
->flags
) {
128 return ace1
->flags
- ace2
->flags
;
131 if (ace1
->access_mask
!= ace2
->access_mask
) {
132 return ace1
->access_mask
- ace2
->access_mask
;
135 if (ace1
->size
!= ace2
->size
) {
136 return ace1
->size
- ace2
->size
;
139 return memcmp(ace1
, ace2
, sizeof(SEC_ACE
));
144 sort_acl(SEC_ACL
*the_acl
)
147 if (!the_acl
) return;
149 qsort(the_acl
->aces
, the_acl
->num_aces
, sizeof(the_acl
->aces
[0]),
150 QSORT_CAST ace_compare
);
152 for (i
=1;i
<the_acl
->num_aces
;) {
153 if (sec_ace_equal(&the_acl
->aces
[i
-1], &the_acl
->aces
[i
])) {
155 for (j
=i
; j
<the_acl
->num_aces
-1; j
++) {
156 the_acl
->aces
[j
] = the_acl
->aces
[j
+1];
165 /* convert a SID to a string, either numeric or username/group */
167 convert_sid_to_string(struct cli_state
*ipc_cli
,
173 char **domains
= NULL
;
175 enum lsa_SidType
*types
= NULL
;
176 struct rpc_pipe_client
*pipe_hnd
= find_lsa_pipe_hnd(ipc_cli
);
179 sid_to_fstring(str
, sid
);
182 return; /* no lookup desired */
189 /* Ask LSA to convert the sid to a name */
191 ctx
= talloc_stackframe();
193 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd
, ctx
,
194 pol
, 1, sid
, &domains
,
196 !domains
|| !domains
[0] || !names
|| !names
[0]) {
204 slprintf(str
, sizeof(fstring
) - 1, "%s%s%s",
205 domains
[0], lp_winbind_separator(),
209 /* convert a string to a SID, either numeric or username/group */
211 convert_string_to_sid(struct cli_state
*ipc_cli
,
217 enum lsa_SidType
*types
= NULL
;
218 DOM_SID
*sids
= NULL
;
220 TALLOC_CTX
*ctx
= NULL
;
221 struct rpc_pipe_client
*pipe_hnd
= find_lsa_pipe_hnd(ipc_cli
);
228 if (strncmp(str
, "S-", 2) == 0) {
229 return string_to_sid(sid
, str
);
236 ctx
= talloc_stackframe();
237 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd
, ctx
,
245 sid_copy(sid
, &sids
[0]);
253 /* parse an ACE in the same format as print_ace() */
255 parse_ace(struct cli_state
*ipc_cli
,
269 const struct perm_value
*v
;
274 TALLOC_CTX
*frame
= talloc_stackframe();
276 /* These values discovered by inspection */
277 static const struct perm_value special_values
[] = {
287 static const struct perm_value standard_values
[] = {
288 { "READ", 0x001200a9 },
289 { "CHANGE", 0x001301bf },
290 { "FULL", 0x001f01ff },
296 p
= strchr_m(str
,':');
303 /* Try to parse numeric form */
305 if (sscanf(p
, "%i/%i/%i", &atype
, &aflags
, &amask
) == 3 &&
306 convert_string_to_sid(ipc_cli
, pol
, numeric
, &sid
, str
)) {
310 /* Try to parse text form */
312 if (!convert_string_to_sid(ipc_cli
, pol
, numeric
, &sid
, str
)) {
318 if (!next_token_talloc(frame
, &cp
, &tok
, "/")) {
323 if (StrnCaseCmp(tok
, "ALLOWED", strlen("ALLOWED")) == 0) {
324 atype
= SEC_ACE_TYPE_ACCESS_ALLOWED
;
325 } else if (StrnCaseCmp(tok
, "DENIED", strlen("DENIED")) == 0) {
326 atype
= SEC_ACE_TYPE_ACCESS_DENIED
;
332 /* Only numeric form accepted for flags at present */
334 if (!(next_token_talloc(frame
, &cp
, &tok
, "/") &&
335 sscanf(tok
, "%i", &aflags
))) {
340 if (!next_token_talloc(frame
, &cp
, &tok
, "/")) {
345 if (strncmp(tok
, "0x", 2) == 0) {
346 if (sscanf(tok
, "%i", &amask
) != 1) {
353 for (v
= standard_values
; v
->perm
; v
++) {
354 if (strcmp(tok
, v
->perm
) == 0) {
365 for (v
= special_values
; v
->perm
; v
++) {
366 if (v
->perm
[0] == *p
) {
386 init_sec_ace(ace
, &sid
, atype
, mask
, aflags
);
391 /* add an ACE to a list of ACEs in a SEC_ACL */
393 add_ace(SEC_ACL
**the_acl
,
401 (*the_acl
) = make_sec_acl(ctx
, 3, 1, ace
);
405 if ((aces
= SMB_CALLOC_ARRAY(SEC_ACE
,
406 1+(*the_acl
)->num_aces
)) == NULL
) {
409 memcpy(aces
, (*the_acl
)->aces
, (*the_acl
)->num_aces
* sizeof(SEC_ACE
));
410 memcpy(aces
+(*the_acl
)->num_aces
, ace
, sizeof(SEC_ACE
));
411 newacl
= make_sec_acl(ctx
, (*the_acl
)->revision
,
412 1+(*the_acl
)->num_aces
, aces
);
419 /* parse a ascii version of a security descriptor */
421 sec_desc_parse(TALLOC_CTX
*ctx
,
422 struct cli_state
*ipc_cli
,
429 SEC_DESC
*ret
= NULL
;
431 DOM_SID
*group_sid
=NULL
;
432 DOM_SID
*owner_sid
=NULL
;
436 while (next_token_talloc(ctx
, &p
, &tok
, "\t,\r\n")) {
438 if (StrnCaseCmp(tok
,"REVISION:", 9) == 0) {
439 revision
= strtol(tok
+9, NULL
, 16);
443 if (StrnCaseCmp(tok
,"OWNER:", 6) == 0) {
445 DEBUG(5,("OWNER specified more than once!\n"));
448 owner_sid
= SMB_CALLOC_ARRAY(DOM_SID
, 1);
450 !convert_string_to_sid(ipc_cli
, pol
,
453 DEBUG(5, ("Failed to parse owner sid\n"));
459 if (StrnCaseCmp(tok
,"OWNER+:", 7) == 0) {
461 DEBUG(5,("OWNER specified more than once!\n"));
464 owner_sid
= SMB_CALLOC_ARRAY(DOM_SID
, 1);
466 !convert_string_to_sid(ipc_cli
, pol
,
469 DEBUG(5, ("Failed to parse owner sid\n"));
475 if (StrnCaseCmp(tok
,"GROUP:", 6) == 0) {
477 DEBUG(5,("GROUP specified more than once!\n"));
480 group_sid
= SMB_CALLOC_ARRAY(DOM_SID
, 1);
482 !convert_string_to_sid(ipc_cli
, pol
,
485 DEBUG(5, ("Failed to parse group sid\n"));
491 if (StrnCaseCmp(tok
,"GROUP+:", 7) == 0) {
493 DEBUG(5,("GROUP specified more than once!\n"));
496 group_sid
= SMB_CALLOC_ARRAY(DOM_SID
, 1);
498 !convert_string_to_sid(ipc_cli
, pol
,
501 DEBUG(5, ("Failed to parse group sid\n"));
507 if (StrnCaseCmp(tok
,"ACL:", 4) == 0) {
509 if (!parse_ace(ipc_cli
, pol
, &ace
, numeric
, tok
+4)) {
510 DEBUG(5, ("Failed to parse ACL %s\n", tok
));
513 if(!add_ace(&dacl
, &ace
, ctx
)) {
514 DEBUG(5, ("Failed to add ACL %s\n", tok
));
520 if (StrnCaseCmp(tok
,"ACL+:", 5) == 0) {
522 if (!parse_ace(ipc_cli
, pol
, &ace
, False
, tok
+5)) {
523 DEBUG(5, ("Failed to parse ACL %s\n", tok
));
526 if(!add_ace(&dacl
, &ace
, ctx
)) {
527 DEBUG(5, ("Failed to add ACL %s\n", tok
));
533 DEBUG(5, ("Failed to parse security descriptor\n"));
537 ret
= make_sec_desc(ctx
, revision
, SEC_DESC_SELF_RELATIVE
,
538 owner_sid
, group_sid
, NULL
, dacl
, &sd_size
);
541 SAFE_FREE(group_sid
);
542 SAFE_FREE(owner_sid
);
548 /* Obtain the current dos attributes */
549 static DOS_ATTR_DESC
*
550 dos_attr_query(SMBCCTX
*context
,
552 const char *filename
,
555 struct timespec create_time_ts
;
556 struct timespec write_time_ts
;
557 struct timespec access_time_ts
;
558 struct timespec change_time_ts
;
564 ret
= TALLOC_P(ctx
, DOS_ATTR_DESC
);
570 /* Obtain the DOS attributes */
571 if (!SMBC_getatr(context
, srv
, CONST_DISCARD(char *, filename
),
578 errno
= SMBC_errno(context
, srv
->cli
);
579 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
585 ret
->create_time
= convert_timespec_to_time_t(create_time_ts
);
586 ret
->access_time
= convert_timespec_to_time_t(access_time_ts
);
587 ret
->write_time
= convert_timespec_to_time_t(write_time_ts
);
588 ret
->change_time
= convert_timespec_to_time_t(change_time_ts
);
595 /* parse a ascii version of a security descriptor */
597 dos_attr_parse(SMBCCTX
*context
,
605 TALLOC_CTX
*frame
= NULL
;
607 const char * create_time_attr
;
608 const char * access_time_attr
;
609 const char * write_time_attr
;
610 const char * change_time_attr
;
613 /* Determine whether to use old-style or new-style attribute names */
614 if (context
->internal
->full_time_names
) {
615 /* new-style names */
616 attr_strings
.create_time_attr
= "CREATE_TIME";
617 attr_strings
.access_time_attr
= "ACCESS_TIME";
618 attr_strings
.write_time_attr
= "WRITE_TIME";
619 attr_strings
.change_time_attr
= "CHANGE_TIME";
621 /* old-style names */
622 attr_strings
.create_time_attr
= NULL
;
623 attr_strings
.access_time_attr
= "A_TIME";
624 attr_strings
.write_time_attr
= "M_TIME";
625 attr_strings
.change_time_attr
= "C_TIME";
628 /* if this is to set the entire ACL... */
630 /* ... then increment past the first colon if there is one */
631 if ((p
= strchr(str
, ':')) != NULL
) {
638 frame
= talloc_stackframe();
639 while (next_token_talloc(frame
, &p
, &tok
, "\t,\r\n")) {
640 if (StrnCaseCmp(tok
, "MODE:", 5) == 0) {
641 long request
= strtol(tok
+5, NULL
, 16);
643 dad
->mode
= (request
|
644 (IS_DOS_DIR(dad
->mode
)
645 ? FILE_ATTRIBUTE_DIRECTORY
646 : FILE_ATTRIBUTE_NORMAL
));
653 if (StrnCaseCmp(tok
, "SIZE:", 5) == 0) {
654 dad
->size
= (SMB_OFF_T
)atof(tok
+5);
658 n
= strlen(attr_strings
.access_time_attr
);
659 if (StrnCaseCmp(tok
, attr_strings
.access_time_attr
, n
) == 0) {
660 dad
->access_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
664 n
= strlen(attr_strings
.change_time_attr
);
665 if (StrnCaseCmp(tok
, attr_strings
.change_time_attr
, n
) == 0) {
666 dad
->change_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
670 n
= strlen(attr_strings
.write_time_attr
);
671 if (StrnCaseCmp(tok
, attr_strings
.write_time_attr
, n
) == 0) {
672 dad
->write_time
= (time_t)strtol(tok
+n
+1, NULL
, 10);
676 if (attr_strings
.create_time_attr
!= NULL
) {
677 n
= strlen(attr_strings
.create_time_attr
);
678 if (StrnCaseCmp(tok
, attr_strings
.create_time_attr
,
680 dad
->create_time
= (time_t)strtol(tok
+n
+1,
686 if (StrnCaseCmp(tok
, "INODE:", 6) == 0) {
687 dad
->inode
= (SMB_INO_T
)atof(tok
+6);
694 /*****************************************************
695 Retrieve the acls for a file.
696 *******************************************************/
699 cacl_get(SMBCCTX
*context
,
702 struct cli_state
*ipc_cli
,
718 bool exclude_nt_revision
= False
;
719 bool exclude_nt_owner
= False
;
720 bool exclude_nt_group
= False
;
721 bool exclude_nt_acl
= False
;
722 bool exclude_dos_mode
= False
;
723 bool exclude_dos_size
= False
;
724 bool exclude_dos_create_time
= False
;
725 bool exclude_dos_access_time
= False
;
726 bool exclude_dos_write_time
= False
;
727 bool exclude_dos_change_time
= False
;
728 bool exclude_dos_inode
= False
;
730 bool determine_size
= (bufsize
== 0);
734 fstring name_sandbox
;
738 struct timespec create_time_ts
;
739 struct timespec write_time_ts
;
740 struct timespec access_time_ts
;
741 struct timespec change_time_ts
;
742 time_t create_time
= (time_t)0;
743 time_t write_time
= (time_t)0;
744 time_t access_time
= (time_t)0;
745 time_t change_time
= (time_t)0;
749 struct cli_state
*cli
= srv
->cli
;
751 const char * create_time_attr
;
752 const char * access_time_attr
;
753 const char * write_time_attr
;
754 const char * change_time_attr
;
757 const char * create_time_attr
;
758 const char * access_time_attr
;
759 const char * write_time_attr
;
760 const char * change_time_attr
;
763 /* Determine whether to use old-style or new-style attribute names */
764 if (context
->internal
->full_time_names
) {
765 /* new-style names */
766 attr_strings
.create_time_attr
= "CREATE_TIME";
767 attr_strings
.access_time_attr
= "ACCESS_TIME";
768 attr_strings
.write_time_attr
= "WRITE_TIME";
769 attr_strings
.change_time_attr
= "CHANGE_TIME";
771 excl_attr_strings
.create_time_attr
= "CREATE_TIME";
772 excl_attr_strings
.access_time_attr
= "ACCESS_TIME";
773 excl_attr_strings
.write_time_attr
= "WRITE_TIME";
774 excl_attr_strings
.change_time_attr
= "CHANGE_TIME";
776 /* old-style names */
777 attr_strings
.create_time_attr
= NULL
;
778 attr_strings
.access_time_attr
= "A_TIME";
779 attr_strings
.write_time_attr
= "M_TIME";
780 attr_strings
.change_time_attr
= "C_TIME";
782 excl_attr_strings
.create_time_attr
= NULL
;
783 excl_attr_strings
.access_time_attr
= "dos_attr.A_TIME";
784 excl_attr_strings
.write_time_attr
= "dos_attr.M_TIME";
785 excl_attr_strings
.change_time_attr
= "dos_attr.C_TIME";
788 /* Copy name so we can strip off exclusions (if any are specified) */
789 strncpy(name_sandbox
, attr_name
, sizeof(name_sandbox
) - 1);
791 /* Ensure name is null terminated */
792 name_sandbox
[sizeof(name_sandbox
) - 1] = '\0';
794 /* Play in the sandbox */
797 /* If there are any exclusions, point to them and mask them from name */
798 if ((pExclude
= strchr(name
, '!')) != NULL
)
803 all
= (StrnCaseCmp(name
, "system.*", 8) == 0);
804 all_nt
= (StrnCaseCmp(name
, "system.nt_sec_desc.*", 20) == 0);
805 all_nt_acls
= (StrnCaseCmp(name
, "system.nt_sec_desc.acl.*", 24) == 0);
806 all_dos
= (StrnCaseCmp(name
, "system.dos_attr.*", 17) == 0);
807 some_nt
= (StrnCaseCmp(name
, "system.nt_sec_desc.", 19) == 0);
808 some_dos
= (StrnCaseCmp(name
, "system.dos_attr.", 16) == 0);
809 numeric
= (* (name
+ strlen(name
) - 1) != '+');
811 /* Look for exclusions from "all" requests */
812 if (all
|| all_nt
|| all_dos
) {
814 /* Exclusions are delimited by '!' */
817 pExclude
= (p
== NULL
? NULL
: p
+ 1)) {
819 /* Find end of this exclusion name */
820 if ((p
= strchr(pExclude
, '!')) != NULL
)
825 /* Which exclusion name is this? */
826 if (StrCaseCmp(pExclude
,
827 "nt_sec_desc.revision") == 0) {
828 exclude_nt_revision
= True
;
830 else if (StrCaseCmp(pExclude
,
831 "nt_sec_desc.owner") == 0) {
832 exclude_nt_owner
= True
;
834 else if (StrCaseCmp(pExclude
,
835 "nt_sec_desc.group") == 0) {
836 exclude_nt_group
= True
;
838 else if (StrCaseCmp(pExclude
,
839 "nt_sec_desc.acl") == 0) {
840 exclude_nt_acl
= True
;
842 else if (StrCaseCmp(pExclude
,
843 "dos_attr.mode") == 0) {
844 exclude_dos_mode
= True
;
846 else if (StrCaseCmp(pExclude
,
847 "dos_attr.size") == 0) {
848 exclude_dos_size
= True
;
850 else if (excl_attr_strings
.create_time_attr
!= NULL
&&
852 excl_attr_strings
.change_time_attr
) == 0) {
853 exclude_dos_create_time
= True
;
855 else if (StrCaseCmp(pExclude
,
856 excl_attr_strings
.access_time_attr
) == 0) {
857 exclude_dos_access_time
= True
;
859 else if (StrCaseCmp(pExclude
,
860 excl_attr_strings
.write_time_attr
) == 0) {
861 exclude_dos_write_time
= True
;
863 else if (StrCaseCmp(pExclude
,
864 excl_attr_strings
.change_time_attr
) == 0) {
865 exclude_dos_change_time
= True
;
867 else if (StrCaseCmp(pExclude
, "dos_attr.inode") == 0) {
868 exclude_dos_inode
= True
;
871 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
882 * If we are (possibly) talking to an NT or new system and some NT
883 * attributes have been requested...
885 if (ipc_cli
&& (all
|| some_nt
|| all_nt_acls
)) {
886 /* Point to the portion after "system.nt_sec_desc." */
887 name
+= 19; /* if (all) this will be invalid but unused */
889 /* ... then obtain any NT attributes which were requested */
890 fnum
= cli_nt_create(cli
, filename
, CREATE_ACCESS_READ
);
893 DEBUG(5, ("cacl_get failed to open %s: %s\n",
894 filename
, cli_errstr(cli
)));
899 sd
= cli_query_secdesc(cli
, fnum
, ctx
);
903 ("cacl_get Failed to query old descriptor\n"));
908 cli_close(cli
, fnum
);
910 if (! exclude_nt_revision
) {
912 if (determine_size
) {
913 p
= talloc_asprintf(ctx
,
922 n
= snprintf(buf
, bufsize
,
926 } else if (StrCaseCmp(name
, "revision") == 0) {
927 if (determine_size
) {
928 p
= talloc_asprintf(ctx
, "%d",
936 n
= snprintf(buf
, bufsize
, "%d",
941 if (!determine_size
&& n
> bufsize
) {
951 if (! exclude_nt_owner
) {
952 /* Get owner and group sid */
954 convert_sid_to_string(ipc_cli
, pol
,
963 if (determine_size
) {
964 p
= talloc_asprintf(ctx
, ",OWNER:%s",
971 } else if (sidstr
[0] != '\0') {
972 n
= snprintf(buf
, bufsize
,
973 ",OWNER:%s", sidstr
);
975 } else if (StrnCaseCmp(name
, "owner", 5) == 0) {
976 if (determine_size
) {
977 p
= talloc_asprintf(ctx
, "%s", sidstr
);
984 n
= snprintf(buf
, bufsize
, "%s",
989 if (!determine_size
&& n
> bufsize
) {
999 if (! exclude_nt_group
) {
1000 if (sd
->group_sid
) {
1001 convert_sid_to_string(ipc_cli
, pol
,
1005 fstrcpy(sidstr
, "");
1008 if (all
|| all_nt
) {
1009 if (determine_size
) {
1010 p
= talloc_asprintf(ctx
, ",GROUP:%s",
1017 } else if (sidstr
[0] != '\0') {
1018 n
= snprintf(buf
, bufsize
,
1019 ",GROUP:%s", sidstr
);
1021 } else if (StrnCaseCmp(name
, "group", 5) == 0) {
1022 if (determine_size
) {
1023 p
= talloc_asprintf(ctx
, "%s", sidstr
);
1030 n
= snprintf(buf
, bufsize
,
1035 if (!determine_size
&& n
> bufsize
) {
1045 if (! exclude_nt_acl
) {
1046 /* Add aces to value buffer */
1047 for (i
= 0; sd
->dacl
&& i
< sd
->dacl
->num_aces
; i
++) {
1049 SEC_ACE
*ace
= &sd
->dacl
->aces
[i
];
1050 convert_sid_to_string(ipc_cli
, pol
,
1054 if (all
|| all_nt
) {
1055 if (determine_size
) {
1056 p
= talloc_asprintf(
1072 ",ACL:%s:%d/%d/0x%08x",
1078 } else if ((StrnCaseCmp(name
, "acl", 3) == 0 &&
1079 StrCaseCmp(name
+3, sidstr
) == 0) ||
1080 (StrnCaseCmp(name
, "acl+", 4) == 0 &&
1081 StrCaseCmp(name
+4, sidstr
) == 0)) {
1082 if (determine_size
) {
1083 p
= talloc_asprintf(
1095 n
= snprintf(buf
, bufsize
,
1101 } else if (all_nt_acls
) {
1102 if (determine_size
) {
1103 p
= talloc_asprintf(
1105 "%s%s:%d/%d/0x%08x",
1117 n
= snprintf(buf
, bufsize
,
1118 "%s%s:%d/%d/0x%08x",
1126 if (!determine_size
&& n
> bufsize
) {
1137 /* Restore name pointer to its original value */
1141 if (all
|| some_dos
) {
1142 /* Point to the portion after "system.dos_attr." */
1143 name
+= 16; /* if (all) this will be invalid but unused */
1145 /* Obtain the DOS attributes */
1146 if (!SMBC_getatr(context
, srv
, filename
, &mode
, &size
,
1153 errno
= SMBC_errno(context
, srv
->cli
);
1158 create_time
= convert_timespec_to_time_t(create_time_ts
);
1159 access_time
= convert_timespec_to_time_t(access_time_ts
);
1160 write_time
= convert_timespec_to_time_t(write_time_ts
);
1161 change_time
= convert_timespec_to_time_t(change_time_ts
);
1163 if (! exclude_dos_mode
) {
1164 if (all
|| all_dos
) {
1165 if (determine_size
) {
1166 p
= talloc_asprintf(ctx
,
1179 n
= snprintf(buf
, bufsize
,
1187 } else if (StrCaseCmp(name
, "mode") == 0) {
1188 if (determine_size
) {
1189 p
= talloc_asprintf(ctx
, "0x%x", mode
);
1196 n
= snprintf(buf
, bufsize
,
1201 if (!determine_size
&& n
> bufsize
) {
1211 if (! exclude_dos_size
) {
1212 if (all
|| all_dos
) {
1213 if (determine_size
) {
1214 p
= talloc_asprintf(
1224 n
= snprintf(buf
, bufsize
,
1228 } else if (StrCaseCmp(name
, "size") == 0) {
1229 if (determine_size
) {
1230 p
= talloc_asprintf(
1240 n
= snprintf(buf
, bufsize
,
1246 if (!determine_size
&& n
> bufsize
) {
1256 if (! exclude_dos_create_time
&&
1257 attr_strings
.create_time_attr
!= NULL
) {
1258 if (all
|| all_dos
) {
1259 if (determine_size
) {
1260 p
= talloc_asprintf(ctx
,
1262 attr_strings
.create_time_attr
,
1270 n
= snprintf(buf
, bufsize
,
1272 attr_strings
.create_time_attr
,
1275 } else if (StrCaseCmp(name
, attr_strings
.create_time_attr
) == 0) {
1276 if (determine_size
) {
1277 p
= talloc_asprintf(ctx
, "%lu", create_time
);
1284 n
= snprintf(buf
, bufsize
,
1285 "%lu", create_time
);
1289 if (!determine_size
&& n
> bufsize
) {
1299 if (! exclude_dos_access_time
) {
1300 if (all
|| all_dos
) {
1301 if (determine_size
) {
1302 p
= talloc_asprintf(ctx
,
1304 attr_strings
.access_time_attr
,
1312 n
= snprintf(buf
, bufsize
,
1314 attr_strings
.access_time_attr
,
1317 } else if (StrCaseCmp(name
, attr_strings
.access_time_attr
) == 0) {
1318 if (determine_size
) {
1319 p
= talloc_asprintf(ctx
, "%lu", access_time
);
1326 n
= snprintf(buf
, bufsize
,
1327 "%lu", access_time
);
1331 if (!determine_size
&& n
> bufsize
) {
1341 if (! exclude_dos_write_time
) {
1342 if (all
|| all_dos
) {
1343 if (determine_size
) {
1344 p
= talloc_asprintf(ctx
,
1346 attr_strings
.write_time_attr
,
1354 n
= snprintf(buf
, bufsize
,
1356 attr_strings
.write_time_attr
,
1359 } else if (StrCaseCmp(name
, attr_strings
.write_time_attr
) == 0) {
1360 if (determine_size
) {
1361 p
= talloc_asprintf(ctx
, "%lu", write_time
);
1368 n
= snprintf(buf
, bufsize
,
1373 if (!determine_size
&& n
> bufsize
) {
1383 if (! exclude_dos_change_time
) {
1384 if (all
|| all_dos
) {
1385 if (determine_size
) {
1386 p
= talloc_asprintf(ctx
,
1388 attr_strings
.change_time_attr
,
1396 n
= snprintf(buf
, bufsize
,
1398 attr_strings
.change_time_attr
,
1401 } else if (StrCaseCmp(name
, attr_strings
.change_time_attr
) == 0) {
1402 if (determine_size
) {
1403 p
= talloc_asprintf(ctx
, "%lu", change_time
);
1410 n
= snprintf(buf
, bufsize
,
1411 "%lu", change_time
);
1415 if (!determine_size
&& n
> bufsize
) {
1425 if (! exclude_dos_inode
) {
1426 if (all
|| all_dos
) {
1427 if (determine_size
) {
1428 p
= talloc_asprintf(
1438 n
= snprintf(buf
, bufsize
,
1442 } else if (StrCaseCmp(name
, "inode") == 0) {
1443 if (determine_size
) {
1444 p
= talloc_asprintf(
1454 n
= snprintf(buf
, bufsize
,
1460 if (!determine_size
&& n
> bufsize
) {
1470 /* Restore name pointer to its original value */
1482 /*****************************************************
1483 set the ACLs on a file given an ascii description
1484 *******************************************************/
1486 cacl_set(TALLOC_CTX
*ctx
,
1487 struct cli_state
*cli
,
1488 struct cli_state
*ipc_cli
,
1490 const char *filename
,
1491 const char *the_acl
,
1497 SEC_DESC
*sd
= NULL
, *old
;
1498 SEC_ACL
*dacl
= NULL
;
1499 DOM_SID
*owner_sid
= NULL
;
1500 DOM_SID
*group_sid
= NULL
;
1505 bool numeric
= True
;
1507 /* the_acl will be null for REMOVE_ALL operations */
1509 numeric
= ((p
= strchr(the_acl
, ':')) != NULL
&&
1513 /* if this is to set the entire ACL... */
1514 if (*the_acl
== '*') {
1515 /* ... then increment past the first colon */
1519 sd
= sec_desc_parse(ctx
, ipc_cli
, pol
, numeric
,
1520 CONST_DISCARD(char *, the_acl
));
1528 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1529 that doesn't deref sd */
1531 if (!sd
&& (mode
!= SMBC_XATTR_MODE_REMOVE_ALL
)) {
1536 /* The desired access below is the only one I could find that works
1537 with NT4, W2KP and Samba */
1539 fnum
= cli_nt_create(cli
, filename
, CREATE_ACCESS_READ
);
1542 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1543 filename
, cli_errstr(cli
)));
1548 old
= cli_query_secdesc(cli
, fnum
, ctx
);
1551 DEBUG(5, ("cacl_set Failed to query old descriptor\n"));
1556 cli_close(cli
, fnum
);
1559 case SMBC_XATTR_MODE_REMOVE_ALL
:
1560 old
->dacl
->num_aces
= 0;
1564 case SMBC_XATTR_MODE_REMOVE
:
1565 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1568 for (j
=0;old
->dacl
&& j
<old
->dacl
->num_aces
;j
++) {
1569 if (sec_ace_equal(&sd
->dacl
->aces
[i
],
1570 &old
->dacl
->aces
[j
])) {
1572 for (k
=j
; k
<old
->dacl
->num_aces
-1;k
++) {
1573 old
->dacl
->aces
[k
] =
1574 old
->dacl
->aces
[k
+1];
1576 old
->dacl
->num_aces
--;
1591 case SMBC_XATTR_MODE_ADD
:
1592 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1595 for (j
=0;old
->dacl
&& j
<old
->dacl
->num_aces
;j
++) {
1596 if (sid_equal(&sd
->dacl
->aces
[i
].trustee
,
1597 &old
->dacl
->aces
[j
].trustee
)) {
1598 if (!(flags
& SMBC_XATTR_FLAG_CREATE
)) {
1603 old
->dacl
->aces
[j
] = sd
->dacl
->aces
[i
];
1609 if (!found
&& (flags
& SMBC_XATTR_FLAG_REPLACE
)) {
1615 for (i
=0;sd
->dacl
&& i
<sd
->dacl
->num_aces
;i
++) {
1616 add_ace(&old
->dacl
, &sd
->dacl
->aces
[i
], ctx
);
1622 case SMBC_XATTR_MODE_SET
:
1624 owner_sid
= old
->owner_sid
;
1625 group_sid
= old
->group_sid
;
1629 case SMBC_XATTR_MODE_CHOWN
:
1630 owner_sid
= sd
->owner_sid
;
1633 case SMBC_XATTR_MODE_CHGRP
:
1634 group_sid
= sd
->group_sid
;
1638 /* Denied ACE entries must come before allowed ones */
1639 sort_acl(old
->dacl
);
1641 /* Create new security descriptor and set it */
1642 sd
= make_sec_desc(ctx
, old
->revision
, SEC_DESC_SELF_RELATIVE
,
1643 owner_sid
, group_sid
, NULL
, dacl
, &sd_size
);
1645 fnum
= cli_nt_create(cli
, filename
,
1646 WRITE_DAC_ACCESS
| WRITE_OWNER_ACCESS
);
1649 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1650 filename
, cli_errstr(cli
)));
1655 if (!cli_set_secdesc(cli
, fnum
, sd
)) {
1656 DEBUG(5, ("ERROR: secdesc set failed: %s\n", cli_errstr(cli
)));
1663 cli_close(cli
, fnum
);
1674 SMBC_setxattr_ctx(SMBCCTX
*context
,
1683 SMBCSRV
*srv
= NULL
;
1684 SMBCSRV
*ipc_srv
= NULL
;
1685 char *server
= NULL
;
1688 char *password
= NULL
;
1689 char *workgroup
= NULL
;
1691 DOS_ATTR_DESC
*dad
= NULL
;
1693 const char * create_time_attr
;
1694 const char * access_time_attr
;
1695 const char * write_time_attr
;
1696 const char * change_time_attr
;
1698 TALLOC_CTX
*frame
= talloc_stackframe();
1700 if (!context
|| !context
->internal
->initialized
) {
1702 errno
= EINVAL
; /* Best I can think of ... */
1713 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1714 fname
, name
, (int) size
, (const char*)value
));
1716 if (SMBC_parse_path(frame
,
1731 if (!user
|| user
[0] == (char)0) {
1732 user
= talloc_strdup(frame
, smbc_getUser(context
));
1740 srv
= SMBC_server(frame
, context
, True
,
1741 server
, share
, &workgroup
, &user
, &password
);
1744 return -1; /* errno set by SMBC_server */
1747 if (! srv
->no_nt_session
) {
1748 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
1749 &workgroup
, &user
, &password
);
1751 srv
->no_nt_session
= True
;
1758 * Are they asking to set the entire set of known attributes?
1760 if (StrCaseCmp(name
, "system.*") == 0 ||
1761 StrCaseCmp(name
, "system.*+") == 0) {
1764 talloc_asprintf(talloc_tos(), "%s:%s",
1765 name
+7, (const char *) value
);
1774 ret
= cacl_set(talloc_tos(), srv
->cli
,
1775 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1778 ? SMBC_XATTR_MODE_SET
1779 : SMBC_XATTR_MODE_ADD
),
1785 /* get a DOS Attribute Descriptor with current attributes */
1786 dad
= dos_attr_query(context
, talloc_tos(), path
, srv
);
1788 /* Overwrite old with new, using what was provided */
1789 dos_attr_parse(context
, dad
, srv
, namevalue
);
1791 /* Set the new DOS attributes */
1792 if (! SMBC_setatr(context
, srv
, path
,
1799 /* cause failure if NT failed too */
1804 /* we only fail if both NT and DOS sets failed */
1805 if (ret
< 0 && ! dad
) {
1806 ret
= -1; /* in case dad was null */
1817 * Are they asking to set an access control element or to set
1818 * the entire access control list?
1820 if (StrCaseCmp(name
, "system.nt_sec_desc.*") == 0 ||
1821 StrCaseCmp(name
, "system.nt_sec_desc.*+") == 0 ||
1822 StrCaseCmp(name
, "system.nt_sec_desc.revision") == 0 ||
1823 StrnCaseCmp(name
, "system.nt_sec_desc.acl", 22) == 0 ||
1824 StrnCaseCmp(name
, "system.nt_sec_desc.acl+", 23) == 0) {
1828 talloc_asprintf(talloc_tos(), "%s:%s",
1829 name
+19, (const char *) value
);
1832 ret
= -1; /* errno set by SMBC_server() */
1834 else if (! namevalue
) {
1838 ret
= cacl_set(talloc_tos(), srv
->cli
,
1839 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1842 ? SMBC_XATTR_MODE_SET
1843 : SMBC_XATTR_MODE_ADD
),
1851 * Are they asking to set the owner?
1853 if (StrCaseCmp(name
, "system.nt_sec_desc.owner") == 0 ||
1854 StrCaseCmp(name
, "system.nt_sec_desc.owner+") == 0) {
1858 talloc_asprintf(talloc_tos(), "%s:%s",
1859 name
+19, (const char *) value
);
1862 ret
= -1; /* errno set by SMBC_server() */
1864 else if (! namevalue
) {
1868 ret
= cacl_set(talloc_tos(), srv
->cli
,
1869 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1870 namevalue
, SMBC_XATTR_MODE_CHOWN
, 0);
1877 * Are they asking to set the group?
1879 if (StrCaseCmp(name
, "system.nt_sec_desc.group") == 0 ||
1880 StrCaseCmp(name
, "system.nt_sec_desc.group+") == 0) {
1884 talloc_asprintf(talloc_tos(), "%s:%s",
1885 name
+19, (const char *) value
);
1888 /* errno set by SMBC_server() */
1891 else if (! namevalue
) {
1895 ret
= cacl_set(talloc_tos(), srv
->cli
,
1896 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
1897 namevalue
, SMBC_XATTR_MODE_CHGRP
, 0);
1903 /* Determine whether to use old-style or new-style attribute names */
1904 if (context
->internal
->full_time_names
) {
1905 /* new-style names */
1906 attr_strings
.create_time_attr
= "system.dos_attr.CREATE_TIME";
1907 attr_strings
.access_time_attr
= "system.dos_attr.ACCESS_TIME";
1908 attr_strings
.write_time_attr
= "system.dos_attr.WRITE_TIME";
1909 attr_strings
.change_time_attr
= "system.dos_attr.CHANGE_TIME";
1911 /* old-style names */
1912 attr_strings
.create_time_attr
= NULL
;
1913 attr_strings
.access_time_attr
= "system.dos_attr.A_TIME";
1914 attr_strings
.write_time_attr
= "system.dos_attr.M_TIME";
1915 attr_strings
.change_time_attr
= "system.dos_attr.C_TIME";
1919 * Are they asking to set a DOS attribute?
1921 if (StrCaseCmp(name
, "system.dos_attr.*") == 0 ||
1922 StrCaseCmp(name
, "system.dos_attr.mode") == 0 ||
1923 (attr_strings
.create_time_attr
!= NULL
&&
1924 StrCaseCmp(name
, attr_strings
.create_time_attr
) == 0) ||
1925 StrCaseCmp(name
, attr_strings
.access_time_attr
) == 0 ||
1926 StrCaseCmp(name
, attr_strings
.write_time_attr
) == 0 ||
1927 StrCaseCmp(name
, attr_strings
.change_time_attr
) == 0) {
1929 /* get a DOS Attribute Descriptor with current attributes */
1930 dad
= dos_attr_query(context
, talloc_tos(), path
, srv
);
1933 talloc_asprintf(talloc_tos(), "%s:%s",
1934 name
+16, (const char *) value
);
1939 /* Overwrite old with provided new params */
1940 dos_attr_parse(context
, dad
, srv
, namevalue
);
1942 /* Set the new DOS attributes */
1943 ret2
= SMBC_setatr(context
, srv
, path
,
1950 /* ret2 has True (success) / False (failure) */
1965 /* Unsupported attribute name */
1972 SMBC_getxattr_ctx(SMBCCTX
*context
,
1979 SMBCSRV
*srv
= NULL
;
1980 SMBCSRV
*ipc_srv
= NULL
;
1981 char *server
= NULL
;
1984 char *password
= NULL
;
1985 char *workgroup
= NULL
;
1988 const char * create_time_attr
;
1989 const char * access_time_attr
;
1990 const char * write_time_attr
;
1991 const char * change_time_attr
;
1993 TALLOC_CTX
*frame
= talloc_stackframe();
1995 if (!context
|| !context
->internal
->initialized
) {
1997 errno
= EINVAL
; /* Best I can think of ... */
2008 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname
, name
));
2010 if (SMBC_parse_path(frame
,
2025 if (!user
|| user
[0] == (char)0) {
2026 user
= talloc_strdup(frame
, smbc_getUser(context
));
2034 srv
= SMBC_server(frame
, context
, True
,
2035 server
, share
, &workgroup
, &user
, &password
);
2038 return -1; /* errno set by SMBC_server */
2041 if (! srv
->no_nt_session
) {
2042 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
2043 &workgroup
, &user
, &password
);
2045 srv
->no_nt_session
= True
;
2051 /* Determine whether to use old-style or new-style attribute names */
2052 if (context
->internal
->full_time_names
) {
2053 /* new-style names */
2054 attr_strings
.create_time_attr
= "system.dos_attr.CREATE_TIME";
2055 attr_strings
.access_time_attr
= "system.dos_attr.ACCESS_TIME";
2056 attr_strings
.write_time_attr
= "system.dos_attr.WRITE_TIME";
2057 attr_strings
.change_time_attr
= "system.dos_attr.CHANGE_TIME";
2059 /* old-style names */
2060 attr_strings
.create_time_attr
= NULL
;
2061 attr_strings
.access_time_attr
= "system.dos_attr.A_TIME";
2062 attr_strings
.write_time_attr
= "system.dos_attr.M_TIME";
2063 attr_strings
.change_time_attr
= "system.dos_attr.C_TIME";
2066 /* Are they requesting a supported attribute? */
2067 if (StrCaseCmp(name
, "system.*") == 0 ||
2068 StrnCaseCmp(name
, "system.*!", 9) == 0 ||
2069 StrCaseCmp(name
, "system.*+") == 0 ||
2070 StrnCaseCmp(name
, "system.*+!", 10) == 0 ||
2071 StrCaseCmp(name
, "system.nt_sec_desc.*") == 0 ||
2072 StrnCaseCmp(name
, "system.nt_sec_desc.*!", 21) == 0 ||
2073 StrCaseCmp(name
, "system.nt_sec_desc.*+") == 0 ||
2074 StrnCaseCmp(name
, "system.nt_sec_desc.*+!", 22) == 0 ||
2075 StrCaseCmp(name
, "system.nt_sec_desc.revision") == 0 ||
2076 StrCaseCmp(name
, "system.nt_sec_desc.owner") == 0 ||
2077 StrCaseCmp(name
, "system.nt_sec_desc.owner+") == 0 ||
2078 StrCaseCmp(name
, "system.nt_sec_desc.group") == 0 ||
2079 StrCaseCmp(name
, "system.nt_sec_desc.group+") == 0 ||
2080 StrnCaseCmp(name
, "system.nt_sec_desc.acl", 22) == 0 ||
2081 StrnCaseCmp(name
, "system.nt_sec_desc.acl+", 23) == 0 ||
2082 StrCaseCmp(name
, "system.dos_attr.*") == 0 ||
2083 StrnCaseCmp(name
, "system.dos_attr.*!", 18) == 0 ||
2084 StrCaseCmp(name
, "system.dos_attr.mode") == 0 ||
2085 StrCaseCmp(name
, "system.dos_attr.size") == 0 ||
2086 (attr_strings
.create_time_attr
!= NULL
&&
2087 StrCaseCmp(name
, attr_strings
.create_time_attr
) == 0) ||
2088 StrCaseCmp(name
, attr_strings
.access_time_attr
) == 0 ||
2089 StrCaseCmp(name
, attr_strings
.write_time_attr
) == 0 ||
2090 StrCaseCmp(name
, attr_strings
.change_time_attr
) == 0 ||
2091 StrCaseCmp(name
, "system.dos_attr.inode") == 0) {
2094 ret
= cacl_get(context
, talloc_tos(), srv
,
2095 ipc_srv
== NULL
? NULL
: ipc_srv
->cli
,
2096 &ipc_srv
->pol
, path
,
2097 CONST_DISCARD(char *, name
),
2098 CONST_DISCARD(char *, value
), size
);
2099 if (ret
< 0 && errno
== 0) {
2100 errno
= SMBC_errno(context
, srv
->cli
);
2106 /* Unsupported attribute name */
2114 SMBC_removexattr_ctx(SMBCCTX
*context
,
2119 SMBCSRV
*srv
= NULL
;
2120 SMBCSRV
*ipc_srv
= NULL
;
2121 char *server
= NULL
;
2124 char *password
= NULL
;
2125 char *workgroup
= NULL
;
2127 TALLOC_CTX
*frame
= talloc_stackframe();
2129 if (!context
|| !context
->internal
->initialized
) {
2131 errno
= EINVAL
; /* Best I can think of ... */
2142 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname
, name
));
2144 if (SMBC_parse_path(frame
,
2159 if (!user
|| user
[0] == (char)0) {
2160 user
= talloc_strdup(frame
, smbc_getUser(context
));
2168 srv
= SMBC_server(frame
, context
, True
,
2169 server
, share
, &workgroup
, &user
, &password
);
2172 return -1; /* errno set by SMBC_server */
2175 if (! srv
->no_nt_session
) {
2176 ipc_srv
= SMBC_attr_server(frame
, context
, server
, share
,
2177 &workgroup
, &user
, &password
);
2179 srv
->no_nt_session
= True
;
2187 return -1; /* errno set by SMBC_attr_server */
2190 /* Are they asking to set the entire ACL? */
2191 if (StrCaseCmp(name
, "system.nt_sec_desc.*") == 0 ||
2192 StrCaseCmp(name
, "system.nt_sec_desc.*+") == 0) {
2195 ret
= cacl_set(talloc_tos(), srv
->cli
,
2196 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
2197 NULL
, SMBC_XATTR_MODE_REMOVE_ALL
, 0);
2203 * Are they asking to remove one or more spceific security descriptor
2206 if (StrCaseCmp(name
, "system.nt_sec_desc.revision") == 0 ||
2207 StrCaseCmp(name
, "system.nt_sec_desc.owner") == 0 ||
2208 StrCaseCmp(name
, "system.nt_sec_desc.owner+") == 0 ||
2209 StrCaseCmp(name
, "system.nt_sec_desc.group") == 0 ||
2210 StrCaseCmp(name
, "system.nt_sec_desc.group+") == 0 ||
2211 StrnCaseCmp(name
, "system.nt_sec_desc.acl", 22) == 0 ||
2212 StrnCaseCmp(name
, "system.nt_sec_desc.acl+", 23) == 0) {
2215 ret
= cacl_set(talloc_tos(), srv
->cli
,
2216 ipc_srv
->cli
, &ipc_srv
->pol
, path
,
2217 name
+ 19, SMBC_XATTR_MODE_REMOVE
, 0);
2222 /* Unsupported attribute name */
2229 SMBC_listxattr_ctx(SMBCCTX
*context
,
2235 * This isn't quite what listxattr() is supposed to do. This returns
2236 * the complete set of attribute names, always, rather than only those
2237 * attribute names which actually exist for a file. Hmmm...
2240 const char supported_old
[] =
2243 "system.nt_sec_desc.revision\0"
2244 "system.nt_sec_desc.owner\0"
2245 "system.nt_sec_desc.owner+\0"
2246 "system.nt_sec_desc.group\0"
2247 "system.nt_sec_desc.group+\0"
2248 "system.nt_sec_desc.acl.*\0"
2249 "system.nt_sec_desc.acl\0"
2250 "system.nt_sec_desc.acl+\0"
2251 "system.nt_sec_desc.*\0"
2252 "system.nt_sec_desc.*+\0"
2253 "system.dos_attr.*\0"
2254 "system.dos_attr.mode\0"
2255 "system.dos_attr.c_time\0"
2256 "system.dos_attr.a_time\0"
2257 "system.dos_attr.m_time\0"
2259 const char supported_new
[] =
2262 "system.nt_sec_desc.revision\0"
2263 "system.nt_sec_desc.owner\0"
2264 "system.nt_sec_desc.owner+\0"
2265 "system.nt_sec_desc.group\0"
2266 "system.nt_sec_desc.group+\0"
2267 "system.nt_sec_desc.acl.*\0"
2268 "system.nt_sec_desc.acl\0"
2269 "system.nt_sec_desc.acl+\0"
2270 "system.nt_sec_desc.*\0"
2271 "system.nt_sec_desc.*+\0"
2272 "system.dos_attr.*\0"
2273 "system.dos_attr.mode\0"
2274 "system.dos_attr.create_time\0"
2275 "system.dos_attr.access_time\0"
2276 "system.dos_attr.write_time\0"
2277 "system.dos_attr.change_time\0"
2279 const char * supported
;
2281 if (context
->internal
->full_time_names
) {
2282 supported
= supported_new
;
2283 retsize
= sizeof(supported_new
);
2285 supported
= supported_old
;
2286 retsize
= sizeof(supported_old
);
2293 if (retsize
> size
) {
2298 /* this can't be strcpy() because there are embedded null characters */
2299 memcpy(list
, supported
, retsize
);