2006-07-11 22:01:26 +04:00
/*
* Unix SMB / Netbios implementation .
* Utility for managing share permissions
*
* Copyright ( C ) Tim Potter 2000
* Copyright ( C ) Jeremy Allison 2000
* Copyright ( C ) Jelmer Vernooij 2003
* Copyright ( C ) Gerald ( Jerry ) Carter 2005.
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2006-07-11 22:01:26 +04:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2006-07-11 22:01:26 +04:00
*/
2015-04-24 19:51:28 +03:00
struct cli_state ;
2006-07-11 22:01:26 +04:00
# include "includes.h"
2021-01-13 15:40:26 +03:00
# include "lib/cmdline/cmdline.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2011-03-22 18:50:02 +03:00
# include "passdb/machine_sid.h"
2015-04-24 19:51:28 +03:00
# include "util_sd.h"
2018-08-21 02:15:02 +03:00
# include "cmdline_contexts.h"
2020-08-07 21:17:34 +03:00
# include "lib/util/string_wrappers.h"
2023-08-07 07:20:58 +03:00
# include "lib/param/param.h"
2006-07-11 22:01:26 +04:00
2007-02-18 04:31:50 +03:00
static TALLOC_CTX * ctx ;
2006-07-11 22:01:26 +04:00
2008-12-25 04:03:22 +03:00
enum acl_mode { SMB_ACL_DELETE ,
SMB_ACL_MODIFY ,
SMB_ACL_ADD ,
SMB_ACL_SET ,
2008-12-29 04:22:28 +03:00
SMB_SD_DELETE ,
2011-09-15 21:27:07 +04:00
SMB_SD_SETSDDL ,
SMB_SD_VIEWSDDL ,
2013-06-26 17:21:39 +04:00
SMB_ACL_VIEW ,
SMB_ACL_VIEW_ALL } ;
2006-07-11 22:01:26 +04:00
/********************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-05-18 12:29:34 +04:00
static struct security_descriptor * parse_acl_string ( TALLOC_CTX * mem_ctx , const char * szACL , size_t * sd_size )
2006-07-11 22:01:26 +04:00
{
2010-05-18 12:29:34 +04:00
struct security_descriptor * sd = NULL ;
2010-05-18 05:25:38 +04:00
struct security_ace * ace ;
2010-05-18 05:30:40 +04:00
struct security_acl * theacl ;
2006-07-11 22:01:26 +04:00
int num_ace ;
const char * pacl ;
int i ;
2008-12-25 04:03:22 +03:00
2006-07-11 22:01:26 +04:00
if ( ! szACL )
return NULL ;
pacl = szACL ;
num_ace = count_chars ( pacl , ' , ' ) + 1 ;
2008-12-25 04:03:22 +03:00
2011-06-07 05:58:39 +04:00
if ( ! ( ace = talloc_zero_array ( mem_ctx , struct security_ace , num_ace ) ) )
2006-07-11 22:01:26 +04:00
return NULL ;
2008-12-25 04:03:22 +03:00
2006-07-11 22:01:26 +04:00
for ( i = 0 ; i < num_ace ; i + + ) {
char * end_acl = strchr_m ( pacl , ' , ' ) ;
fstring acl_string ;
strncpy ( acl_string , pacl , MIN ( PTR_DIFF ( end_acl , pacl ) , sizeof ( fstring ) - 1 ) ) ;
acl_string [ MIN ( PTR_DIFF ( end_acl , pacl ) , sizeof ( fstring ) - 1 ) ] = ' \0 ' ;
2008-12-25 04:03:22 +03:00
2015-04-24 20:00:19 +03:00
if ( ! parse_ace ( NULL , & ace [ i ] , acl_string ) )
2006-07-11 22:01:26 +04:00
return NULL ;
pacl = end_acl ;
pacl + + ;
}
2008-12-25 04:03:22 +03:00
2009-02-24 02:44:34 +03:00
if ( ! ( theacl = make_sec_acl ( mem_ctx , NT4_ACL_REVISION , num_ace , ace ) ) )
2006-07-11 22:01:26 +04:00
return NULL ;
2008-12-25 04:03:22 +03:00
2010-05-18 14:52:18 +04:00
sd = make_sec_desc ( mem_ctx , SD_REVISION , SEC_DESC_SELF_RELATIVE ,
2009-02-24 02:44:34 +03:00
NULL , NULL , NULL , theacl , sd_size ) ;
2006-07-11 22:01:26 +04:00
return sd ;
}
2010-05-18 05:30:40 +04:00
/* add an ACE to a list of ACEs in a struct security_acl */
static bool add_ace ( TALLOC_CTX * mem_ctx , struct security_acl * * the_acl , struct security_ace * ace )
2007-02-18 04:31:50 +03:00
{
2021-01-14 23:52:51 +03:00
struct security_acl * acl = * the_acl ;
if ( acl = = NULL ) {
acl = make_sec_acl ( mem_ctx , 3 , 1 , ace ) ;
if ( acl = = NULL ) {
return false ;
}
2007-02-18 04:31:50 +03:00
}
2021-01-14 23:52:51 +03:00
if ( acl - > num_aces = = UINT32_MAX ) {
return false ;
2007-02-18 04:31:50 +03:00
}
2021-01-14 23:52:51 +03:00
ADD_TO_ARRAY (
acl , struct security_ace , * ace , & acl - > aces , & acl - > num_aces ) ;
* the_acl = acl ;
2007-02-18 04:31:50 +03:00
return True ;
}
/* The MSDN is contradictory over the ordering of ACE entries in an ACL.
However NT4 gives a " The information may have been modified by a
computer running Windows NT 5.0 " if denied ACEs do not appear before
allowed ACEs . */
2010-05-18 05:25:38 +04:00
static int ace_compare ( struct security_ace * ace1 , struct security_ace * ace2 )
2007-02-18 04:31:50 +03:00
{
2014-05-28 19:44:08 +04:00
if ( security_ace_equal ( ace1 , ace2 ) )
2007-02-18 04:31:50 +03:00
return 0 ;
2008-12-25 04:03:22 +03:00
if ( ace1 - > type ! = ace2 - > type )
2024-04-04 04:08:02 +03:00
return NUMERIC_CMP ( ace2 - > type , ace1 - > type ) ;
2007-02-18 04:31:50 +03:00
2010-08-26 17:48:50 +04:00
if ( dom_sid_compare ( & ace1 - > trustee , & ace2 - > trustee ) )
return dom_sid_compare ( & ace1 - > trustee , & ace2 - > trustee ) ;
2007-02-18 04:31:50 +03:00
2008-12-25 04:03:22 +03:00
if ( ace1 - > flags ! = ace2 - > flags )
2024-04-04 04:08:02 +03:00
return NUMERIC_CMP ( ace1 - > flags , ace2 - > flags ) ;
2007-02-18 04:31:50 +03:00
2008-12-25 04:03:22 +03:00
if ( ace1 - > access_mask ! = ace2 - > access_mask )
2024-04-04 04:08:02 +03:00
return NUMERIC_CMP ( ace1 - > access_mask , ace2 - > access_mask ) ;
2007-02-18 04:31:50 +03:00
2008-12-25 04:03:22 +03:00
if ( ace1 - > size ! = ace2 - > size )
2024-04-04 04:08:02 +03:00
return NUMERIC_CMP ( ace1 - > size , ace2 - > size ) ;
2007-02-18 04:31:50 +03:00
2010-05-18 05:25:38 +04:00
return memcmp ( ace1 , ace2 , sizeof ( struct security_ace ) ) ;
2007-02-18 04:31:50 +03:00
}
2010-05-18 05:30:40 +04:00
static void sort_acl ( struct security_acl * the_acl )
2007-02-18 04:31:50 +03:00
{
2015-05-07 03:00:06 +03:00
uint32_t i ;
2007-02-18 04:31:50 +03:00
if ( ! the_acl ) return ;
2010-02-14 02:03:55 +03:00
TYPESAFE_QSORT ( the_acl - > aces , the_acl - > num_aces , ace_compare ) ;
2007-02-18 04:31:50 +03:00
for ( i = 1 ; i < the_acl - > num_aces ; ) {
2014-05-28 19:44:08 +04:00
if ( security_ace_equal ( & the_acl - > aces [ i - 1 ] ,
& the_acl - > aces [ i ] ) ) {
2020-03-26 13:39:08 +03:00
ARRAY_DEL_ELEMENT (
the_acl - > aces , i , the_acl - > num_aces ) ;
2007-02-18 04:31:50 +03:00
the_acl - > num_aces - - ;
} else {
i + + ;
}
}
}
static int change_share_sec ( TALLOC_CTX * mem_ctx , const char * sharename , char * the_acl , enum acl_mode mode )
{
2010-05-18 12:29:34 +04:00
struct security_descriptor * sd = NULL ;
struct security_descriptor * old = NULL ;
2007-02-18 04:31:50 +03:00
size_t sd_size = 0 ;
2015-05-07 03:00:06 +03:00
uint32_t i , j ;
2019-09-18 23:20:35 +03:00
NTSTATUS status ;
2008-12-25 04:03:22 +03:00
2008-12-29 04:22:28 +03:00
if ( mode ! = SMB_ACL_SET & & mode ! = SMB_SD_DELETE ) {
2007-02-18 04:31:50 +03:00
if ( ! ( old = get_share_security ( mem_ctx , sharename , & sd_size ) ) ) {
2008-12-29 04:22:28 +03:00
fprintf ( stderr , " Unable to retrieve permissions for share "
" [%s] \n " , sharename ) ;
2007-02-18 04:31:50 +03:00
return - 1 ;
}
}
2008-12-29 04:22:28 +03:00
if ( ( mode ! = SMB_ACL_VIEW & & mode ! = SMB_SD_DELETE ) & &
! ( sd = parse_acl_string ( mem_ctx , the_acl , & sd_size ) ) ) {
2007-02-18 04:31:50 +03:00
fprintf ( stderr , " Failed to parse acl \n " ) ;
return - 1 ;
}
2008-12-25 04:03:22 +03:00
2007-02-18 04:31:50 +03:00
switch ( mode ) {
2013-06-26 17:21:39 +04:00
case SMB_ACL_VIEW_ALL :
/* should not happen */
return 0 ;
2007-02-18 04:31:50 +03:00
case SMB_ACL_VIEW :
2015-06-09 19:50:18 +03:00
sec_desc_print ( NULL , stdout , old , false ) ;
2007-02-18 04:31:50 +03:00
return 0 ;
case SMB_ACL_DELETE :
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
2007-10-19 04:40:25 +04:00
bool found = False ;
2007-02-18 04:31:50 +03:00
for ( j = 0 ; old - > dacl & & j < old - > dacl - > num_aces ; j + + ) {
2014-05-28 19:44:08 +04:00
if ( security_ace_equal ( & sd - > dacl - > aces [ i ] ,
& old - > dacl - > aces [ j ] ) ) {
2015-05-07 03:00:06 +03:00
uint32_t k ;
2007-02-18 04:31:50 +03:00
for ( k = j ; k < old - > dacl - > num_aces - 1 ; k + + ) {
old - > dacl - > aces [ k ] = old - > dacl - > aces [ k + 1 ] ;
}
old - > dacl - > num_aces - - ;
found = True ;
break ;
}
}
if ( ! found ) {
2015-04-24 19:51:28 +03:00
printf ( " ACL for ACE: " ) ;
2015-06-09 19:50:18 +03:00
print_ace ( NULL , stdout , & sd - > dacl - > aces [ i ] , false ) ;
2015-04-24 19:51:28 +03:00
printf ( " not found \n " ) ;
2007-02-18 04:31:50 +03:00
}
}
break ;
case SMB_ACL_MODIFY :
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
2007-10-19 04:40:25 +04:00
bool found = False ;
2007-02-18 04:31:50 +03:00
for ( j = 0 ; old - > dacl & & j < old - > dacl - > num_aces ; j + + ) {
2010-08-26 17:48:50 +04:00
if ( dom_sid_equal ( & sd - > dacl - > aces [ i ] . trustee ,
2007-02-18 04:31:50 +03:00
& old - > dacl - > aces [ j ] . trustee ) ) {
old - > dacl - > aces [ j ] = sd - > dacl - > aces [ i ] ;
found = True ;
}
}
if ( ! found ) {
2018-12-08 17:20:36 +03:00
struct dom_sid_buf buf ;
2007-12-15 23:53:26 +03:00
printf ( " ACL for SID %s not found \n " ,
2018-12-08 17:20:36 +03:00
dom_sid_str_buf ( & sd - > dacl - > aces [ i ] . trustee , & buf ) ) ;
2007-02-18 04:31:50 +03:00
}
}
if ( sd - > owner_sid ) {
old - > owner_sid = sd - > owner_sid ;
}
if ( sd - > group_sid ) {
old - > group_sid = sd - > group_sid ;
}
break ;
case SMB_ACL_ADD :
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
add_ace ( mem_ctx , & old - > dacl , & sd - > dacl - > aces [ i ] ) ;
}
break ;
case SMB_ACL_SET :
old = sd ;
break ;
2008-12-29 04:22:28 +03:00
case SMB_SD_DELETE :
2019-09-18 23:37:32 +03:00
status = delete_share_security ( sharename ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-12-29 04:22:28 +03:00
fprintf ( stderr , " Failed to delete security descriptor for "
" share [%s] \n " , sharename ) ;
return - 1 ;
}
return 0 ;
2011-09-15 21:27:07 +04:00
default :
fprintf ( stderr , " invalid command \n " ) ;
return - 1 ;
2007-02-18 04:31:50 +03:00
}
/* Denied ACE entries must come before allowed ones */
sort_acl ( old - > dacl ) ;
2019-09-18 23:20:35 +03:00
status = set_share_security ( sharename , old ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2007-02-18 04:31:50 +03:00
fprintf ( stderr , " Failed to store acl for share [%s] \n " , sharename ) ;
return 2 ;
}
return 0 ;
}
2011-09-15 21:27:07 +04:00
static int set_sharesec_sddl ( const char * sharename , const char * sddl )
{
struct security_descriptor * sd ;
2019-09-18 23:20:35 +03:00
NTSTATUS status ;
2011-09-15 21:27:07 +04:00
sd = sddl_decode ( talloc_tos ( ) , sddl , get_global_sam_sid ( ) ) ;
if ( sd = = NULL ) {
fprintf ( stderr , " Failed to parse acl \n " ) ;
return - 1 ;
}
2019-09-18 23:20:35 +03:00
status = set_share_security ( sharename , sd ) ;
2011-09-15 21:27:07 +04:00
TALLOC_FREE ( sd ) ;
2019-09-18 23:20:35 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2011-09-15 21:27:07 +04:00
fprintf ( stderr , " Failed to store acl for share [%s] \n " ,
sharename ) ;
return - 1 ;
}
return 0 ;
}
static int view_sharesec_sddl ( const char * sharename )
{
struct security_descriptor * sd ;
size_t sd_size ;
char * acl ;
sd = get_share_security ( talloc_tos ( ) , sharename , & sd_size ) ;
if ( sd = = NULL ) {
fprintf ( stderr , " Unable to retrieve permissions for share "
" [%s] \n " , sharename ) ;
return - 1 ;
}
acl = sddl_encode ( talloc_tos ( ) , sd , get_global_sam_sid ( ) ) ;
TALLOC_FREE ( sd ) ;
if ( acl = = NULL ) {
fprintf ( stderr , " Unable to sddl-encode permissions for share "
" [%s] \n " , sharename ) ;
return - 1 ;
}
printf ( " %s \n " , acl ) ;
TALLOC_FREE ( acl ) ;
return 0 ;
}
2006-07-11 22:01:26 +04:00
/********************************************************************
main program
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2013-06-26 17:21:39 +04:00
enum {
OPT_VIEW_ALL = 1000 ,
2021-01-18 11:02:22 +03:00
OPT_VIEW_SDDL ,
2013-06-26 17:21:39 +04:00
} ;
2006-07-11 22:01:26 +04:00
int main ( int argc , const char * argv [ ] )
{
int opt ;
2007-02-18 04:31:50 +03:00
int retval = 0 ;
enum acl_mode mode = SMB_ACL_SET ;
2006-07-11 22:01:26 +04:00
static char * the_acl = NULL ;
fstring sharename ;
2007-10-19 04:40:25 +04:00
bool force_acl = False ;
2006-07-11 22:01:26 +04:00
int snum ;
poptContext pc ;
2007-10-19 04:40:25 +04:00
bool initialize_sid = False ;
2021-01-13 15:40:26 +03:00
bool ok ;
2023-08-07 07:20:58 +03:00
struct loadparm_context * lp_ctx = NULL ;
2006-07-11 22:01:26 +04:00
struct poptOption long_options [ ] = {
POPT_AUTOHELP
2019-01-14 11:56:22 +03:00
{
. longName = " remove " ,
. shortName = ' r ' ,
. argInfo = POPT_ARG_STRING ,
. arg = & the_acl ,
. val = ' r ' ,
. descrip = " Remove ACEs " ,
. argDescrip = " ACL " ,
} ,
{
. longName = " modify " ,
. shortName = ' m ' ,
. argInfo = POPT_ARG_STRING ,
. arg = & the_acl ,
. val = ' m ' ,
. descrip = " Modify existing ACEs " ,
. argDescrip = " ACL " ,
} ,
{
. longName = " add " ,
. shortName = ' a ' ,
. argInfo = POPT_ARG_STRING ,
. arg = & the_acl ,
. val = ' a ' ,
. descrip = " Add ACEs " ,
. argDescrip = " ACL " ,
} ,
{
. longName = " replace " ,
. shortName = ' R ' ,
. argInfo = POPT_ARG_STRING ,
. arg = & the_acl ,
. val = ' R ' ,
. descrip = " Overwrite share permission ACL " ,
. argDescrip = " ACLS " ,
} ,
{
. longName = " delete " ,
. shortName = ' D ' ,
. argInfo = POPT_ARG_NONE ,
. arg = NULL ,
. val = ' D ' ,
. descrip = " Delete the entire security descriptor " ,
} ,
{
. longName = " setsddl " ,
. shortName = ' S ' ,
. argInfo = POPT_ARG_STRING ,
. arg = the_acl ,
. val = ' S ' ,
. descrip = " Set the SD in sddl format " ,
} ,
{
. longName = " viewsddl " ,
. argInfo = POPT_ARG_NONE ,
. arg = the_acl ,
2021-01-18 11:02:22 +03:00
. val = OPT_VIEW_SDDL ,
2019-01-14 11:56:22 +03:00
. descrip = " View the SD in sddl format " ,
} ,
{
. longName = " view " ,
. shortName = ' v ' ,
. argInfo = POPT_ARG_NONE ,
. arg = NULL ,
. val = ' v ' ,
. descrip = " View current share permissions " ,
} ,
{
. longName = " view-all " ,
. shortName = 0 ,
. argInfo = POPT_ARG_NONE ,
. arg = NULL ,
. val = OPT_VIEW_ALL ,
. descrip = " View all current share permissions " ,
} ,
{
. longName = " machine-sid " ,
. shortName = ' M ' ,
. argInfo = POPT_ARG_NONE ,
. arg = NULL ,
. val = ' M ' ,
. descrip = " Initialize the machine SID " ,
} ,
{
. longName = " force " ,
. shortName = ' F ' ,
. argInfo = POPT_ARG_NONE ,
. arg = NULL ,
. val = ' F ' ,
. descrip = " Force storing the ACL " ,
. argDescrip = " ACLS " ,
} ,
2006-07-11 22:01:26 +04:00
POPT_COMMON_SAMBA
2021-01-13 15:40:26 +03:00
POPT_COMMON_VERSION
2019-01-14 11:56:22 +03:00
POPT_TABLEEND
2006-07-11 22:01:26 +04:00
} ;
2007-09-04 09:39:06 +04:00
if ( ! ( ctx = talloc_stackframe ( ) ) ) {
2006-07-11 22:01:26 +04:00
fprintf ( stderr , " Failed to initialize talloc context! \n " ) ;
return - 1 ;
}
2015-03-21 22:00:06 +03:00
smb_init_locale ( ) ;
2010-10-29 14:10:31 +04:00
2021-01-13 15:40:26 +03:00
ok = samba_cmdline_init ( ctx ,
SAMBA_CMDLINE_CONFIG_NONE ,
false /* require_smbconf */ ) ;
if ( ! ok ) {
DBG_ERR ( " Failed to init cmdline parser! \n " ) ;
TALLOC_FREE ( ctx ) ;
exit ( 1 ) ;
}
2023-08-07 07:20:58 +03:00
lp_ctx = samba_cmdline_get_lp_ctx ( ) ;
2021-01-13 15:40:26 +03:00
/* set default debug level to 1 regardless of what smb.conf sets */
2023-08-07 07:20:58 +03:00
lpcfg_set_cmdline ( lp_ctx , " log level " , " 1 " ) ;
2006-07-11 22:01:26 +04:00
2021-01-13 15:40:26 +03:00
pc = samba_popt_get_context ( getprogname ( ) ,
argc ,
argv ,
long_options ,
0 ) ;
if ( pc = = NULL ) {
DBG_ERR ( " Failed to setup popt context! \n " ) ;
TALLOC_FREE ( ctx ) ;
exit ( 1 ) ;
}
2008-12-25 04:03:22 +03:00
2006-07-11 22:01:26 +04:00
poptSetOtherOptionHelp ( pc , " sharename \n " ) ;
while ( ( opt = poptGetNextOpt ( pc ) ) ! = - 1 ) {
switch ( opt ) {
case ' r ' :
the_acl = smb_xstrdup ( poptGetOptArg ( pc ) ) ;
2007-02-18 04:31:50 +03:00
mode = SMB_ACL_DELETE ;
2006-07-11 22:01:26 +04:00
break ;
case ' m ' :
the_acl = smb_xstrdup ( poptGetOptArg ( pc ) ) ;
mode = SMB_ACL_MODIFY ;
break ;
case ' a ' :
the_acl = smb_xstrdup ( poptGetOptArg ( pc ) ) ;
mode = SMB_ACL_ADD ;
break ;
2008-12-29 04:22:28 +03:00
2006-07-11 22:01:26 +04:00
case ' R ' :
the_acl = smb_xstrdup ( poptGetOptArg ( pc ) ) ;
2007-02-18 04:31:50 +03:00
mode = SMB_ACL_SET ;
2006-07-11 22:01:26 +04:00
break ;
2008-12-29 04:22:28 +03:00
case ' D ' :
mode = SMB_SD_DELETE ;
break ;
2011-09-15 21:27:07 +04:00
case ' S ' :
mode = SMB_SD_SETSDDL ;
the_acl = smb_xstrdup ( poptGetOptArg ( pc ) ) ;
break ;
2021-01-18 11:02:22 +03:00
case OPT_VIEW_SDDL :
2011-09-15 21:27:07 +04:00
mode = SMB_SD_VIEWSDDL ;
break ;
2006-07-11 22:01:26 +04:00
case ' v ' :
mode = SMB_ACL_VIEW ;
break ;
case ' F ' :
force_acl = True ;
break ;
2008-12-25 04:03:22 +03:00
2006-07-11 22:01:26 +04:00
case ' M ' :
initialize_sid = True ;
break ;
2013-06-26 17:21:39 +04:00
case OPT_VIEW_ALL :
mode = SMB_ACL_VIEW_ALL ;
break ;
2021-09-10 08:11:07 +03:00
case POPT_ERROR_BADOPT :
fprintf ( stderr , " \n Invalid option %s: %s \n \n " ,
poptBadOption ( pc , 0 ) , poptStrerror ( opt ) ) ;
poptPrintUsage ( pc , stderr , 0 ) ;
exit ( 1 ) ;
2006-07-11 22:01:26 +04:00
}
}
2008-12-25 04:03:22 +03:00
2007-02-18 04:31:50 +03:00
setlinebuf ( stdout ) ;
2015-04-21 16:24:42 +03:00
lp_load_with_registry_shares ( get_dyn_CONFIGFILE ( ) ) ;
2007-02-18 04:31:50 +03:00
2006-07-11 22:01:26 +04:00
/* check for initializing secrets.tdb first */
2008-12-25 04:03:22 +03:00
2006-07-11 22:01:26 +04:00
if ( initialize_sid ) {
2010-05-21 05:25:01 +04:00
struct dom_sid * sid = get_global_sam_sid ( ) ;
2018-12-08 17:20:36 +03:00
struct dom_sid_buf buf ;
2008-12-25 04:03:22 +03:00
2006-07-11 22:01:26 +04:00
if ( ! sid ) {
fprintf ( stderr , " Failed to retrieve Machine SID! \n " ) ;
2019-08-19 14:29:03 +03:00
retval = 3 ;
goto done ;
2006-07-11 22:01:26 +04:00
}
2008-12-25 04:03:22 +03:00
2018-12-08 17:20:36 +03:00
printf ( " %s \n " , dom_sid_str_buf ( sid , & buf ) ) ;
2019-08-19 14:29:03 +03:00
retval = 0 ;
goto done ;
2006-07-11 22:01:26 +04:00
}
if ( mode = = SMB_ACL_VIEW & & force_acl ) {
fprintf ( stderr , " Invalid combination of -F and -v \n " ) ;
2019-08-19 14:29:03 +03:00
retval = - 1 ;
goto done ;
2006-07-11 22:01:26 +04:00
}
2013-06-26 17:21:39 +04:00
if ( mode = = SMB_ACL_VIEW_ALL ) {
int i ;
for ( i = 0 ; i < lp_numservices ( ) ; i + + ) {
TALLOC_CTX * frame = talloc_stackframe ( ) ;
2019-11-07 13:01:05 +03:00
const struct loadparm_substitution * lp_sub =
loadparm_s3_global_substitution ( ) ;
const char * service = lp_servicename ( frame , lp_sub , i ) ;
2013-06-26 17:21:39 +04:00
if ( service = = NULL ) {
continue ;
}
printf ( " [%s] \n " , service ) ;
change_share_sec ( frame , service , NULL , SMB_ACL_VIEW ) ;
printf ( " \n " ) ;
TALLOC_FREE ( frame ) ;
}
goto done ;
}
2006-07-11 22:01:26 +04:00
/* get the sharename */
2008-12-25 04:03:22 +03:00
if ( ! poptPeekArg ( pc ) ) {
poptPrintUsage ( pc , stderr , 0 ) ;
2019-08-19 14:29:03 +03:00
retval = - 1 ;
goto done ;
2006-07-11 22:01:26 +04:00
}
2008-12-25 04:03:22 +03:00
2006-07-11 22:01:26 +04:00
fstrcpy ( sharename , poptGetArg ( pc ) ) ;
2008-12-25 04:03:22 +03:00
2006-07-11 22:01:26 +04:00
snum = lp_servicenumber ( sharename ) ;
2008-12-25 04:03:22 +03:00
2006-07-11 22:01:26 +04:00
if ( snum = = - 1 & & ! force_acl ) {
fprintf ( stderr , " Invalid sharename: %s \n " , sharename ) ;
2019-08-19 14:29:03 +03:00
retval = - 1 ;
goto done ;
2006-07-11 22:01:26 +04:00
}
2008-12-25 04:03:22 +03:00
2011-09-15 21:27:07 +04:00
switch ( mode ) {
case SMB_SD_SETSDDL :
retval = set_sharesec_sddl ( sharename , the_acl ) ;
break ;
case SMB_SD_VIEWSDDL :
retval = view_sharesec_sddl ( sharename ) ;
break ;
default :
retval = change_share_sec ( ctx , sharename , the_acl , mode ) ;
break ;
}
2008-12-25 04:03:22 +03:00
2013-06-26 17:21:39 +04:00
done :
2023-10-24 13:00:16 +03:00
gfree_all ( ) ;
2019-08-19 14:29:03 +03:00
poptFreeContext ( pc ) ;
2006-07-11 22:01:26 +04:00
talloc_destroy ( ctx ) ;
2007-02-18 04:31:50 +03:00
return retval ;
2006-07-11 22:01:26 +04:00
}