search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r4549: got rid of a lot more uses of plain talloc(), instead using
[Samba/gebeck_regimport.git] / source4 / utils / getntacl.c
blob762167a93ae56f96fa312debb01e7b23556cace0
1 /*
2 Unix SMB/CIFS implementation.
3
4 Get NT ACLs from UNIX files.
5
6 Copyright (C) Tim Potter <tpot@samba.org> 2004
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24 #include "system/filesys.h"
25
26 #if (defined(HAVE_NO_ACLS) || !defined(HAVE_XATTR_SUPPORT))
27
28 int main(int argc, char **argv)
29 {
30 printf("ACL support not compiled in.");
31 return 1;
32 }
33
34 #else
35
36 /* Display a security descriptor in "psec" format which is as follows.
37
38 The first two lines describe the owner user and owner group of the
39 object. If either of these lines are blank then the respective
40 owner property is not set. The remaining lines list the individual
41 permissions or ACE entries, one per line. Each column describes a
42 different property of the ACE:
43
44 Column Description
45 -------------------------------------------------------------------
46 1 ACE type (allow/deny etc)
47 2 ACE flags
48 3 ACE mask
49 4 SID the ACE applies to
50
51 Example:
52
53 S-1-5-21-1067277791-1719175008-3000797951-500
54
55 1 9 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-501
56 1 2 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-501
57 0 9 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-500
58 0 2 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-500
59 0 9 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-513
60 0 2 0x00020000 S-1-5-21-1067277791-1719175008-3000797951-513
61 0 2 0xe0000000 S-1-1-0
62 */
63
64 static void print_psec(TALLOC_CTX *mem_ctx, struct security_descriptor *sd)
65 {
66 if (sd->owner_sid)
67 printf("%s\n", dom_sid_string(mem_ctx, sd->owner_sid));
68 else
69 printf("\n");
70
71 if (sd->group_sid)
72 printf("%s\n", dom_sid_string(mem_ctx, sd->owner_sid));
73 else
74 printf("\n");
75
76 /* Note: SACL not displayed */
77
78 if (sd->dacl) {
79 int i;
80
81 for (i = 0; i < sd->dacl->num_aces; i++) {
82 struct security_ace *ace = &sd->dacl->aces[i];
83
84 printf("%d %d 0x%08x %s\n", ace->type, ace->flags,
85 ace->access_mask,
86 dom_sid_string(mem_ctx, &ace->trustee));
87 }
88
89 }
90 }
91
92 int main(int argc, char **argv)
93 {
94 TALLOC_CTX *mem_ctx;
95 ssize_t size;
96 char *data;
97 struct security_descriptor sd;
98 DATA_BLOB blob;
99 struct ndr_pull *ndr;
100 NTSTATUS result;
101
102 static_init_getntacl;
103
104 mem_ctx = talloc_init("getntacl");
105
106 /* Fetch ACL data */
107
108 size = getxattr(argv[1], "security.ntacl", NULL, 0);
109
110 if (size == -1) {
111 fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
112 exit(1);
113 }
114
115 data = talloc_size(mem_ctx, size);
116
117 size = getxattr(argv[1], "security.ntacl", data, size);
118
119 blob = data_blob_talloc(mem_ctx, data, size);
120
121 ndr = ndr_pull_init_blob(&blob, mem_ctx);
122
123 result = ndr_pull_security_descriptor(
124 ndr, NDR_SCALARS|NDR_BUFFERS, &sd);
125
126 print_psec(data, &sd);
127 return 0;
128 }
129
130 #endif /* HAVE_NO_ACLS */
reg import