2000-12-03 05:19:27 +03:00
/*
2002-01-30 09:08:46 +03:00
Unix SMB / CIFS implementation .
2000-12-03 14:05:11 +03:00
ACL get / set utility
2000-12-03 05:19:27 +03:00
Copyright ( C ) Andrew Tridgell 2000
2000-12-14 06:27:53 +03:00
Copyright ( C ) Tim Potter 2000
2000-12-16 03:08:05 +03:00
Copyright ( C ) Jeremy Allison 2000
2003-04-14 07:59:04 +04:00
Copyright ( C ) Jelmer Vernooij 2003
2000-12-03 05:19:27 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2000-12-16 03:08:05 +03:00
static pstring owner_username ;
2000-12-13 15:53:42 +03:00
static fstring server ;
2003-04-14 07:59:04 +04:00
static int test_args = False ;
2002-08-17 18:45:04 +04:00
static TALLOC_CTX * ctx ;
2000-12-03 05:19:27 +03:00
2001-02-22 06:40:01 +03:00
# define CREATE_ACCESS_READ READ_CONTROL_ACCESS
2000-12-03 11:35:11 +03:00
/* numeric is set when the user wants numeric SIDs and ACEs rather
than going via LSA calls to resolve them */
2003-04-14 07:59:04 +04:00
static BOOL numeric = False ;
2000-12-03 05:19:27 +03:00
2001-04-11 05:34:37 +04:00
enum acl_mode { SMB_ACL_SET , SMB_ACL_DELETE , SMB_ACL_MODIFY , SMB_ACL_ADD } ;
2000-12-16 03:08:05 +03:00
enum chown_mode { REQUEST_NONE , REQUEST_CHOWN , REQUEST_CHGRP } ;
2000-12-22 02:36:25 +03:00
enum exit_values { EXIT_OK , EXIT_FAILED , EXIT_PARSE_ERROR } ;
2000-12-03 15:41:28 +03:00
2000-12-04 09:14:28 +03:00
struct perm_value {
2003-01-03 11:28:12 +03:00
const char * perm ;
2000-12-04 09:14:28 +03:00
uint32 mask ;
} ;
/* These values discovered by inspection */
2003-01-03 11:28:12 +03:00
static const struct perm_value special_values [ ] = {
2000-12-04 09:14:28 +03:00
{ " R " , 0x00120089 } ,
{ " W " , 0x00120116 } ,
{ " X " , 0x001200a0 } ,
{ " D " , 0x00010000 } ,
{ " P " , 0x00040000 } ,
{ " O " , 0x00080000 } ,
{ NULL , 0 } ,
} ;
2003-01-03 11:28:12 +03:00
static const struct perm_value standard_values [ ] = {
2000-12-04 09:14:28 +03:00
{ " READ " , 0x001200a9 } ,
{ " CHANGE " , 0x001301bf } ,
{ " FULL " , 0x001f01ff } ,
{ NULL , 0 } ,
} ;
2000-12-03 15:41:28 +03:00
2002-07-15 14:35:28 +04:00
static struct cli_state * global_hack_cli ;
2005-09-30 21:13:37 +04:00
static struct rpc_pipe_client * global_pipe_hnd ;
2002-07-15 14:35:28 +04:00
static POLICY_HND pol ;
static BOOL got_policy_hnd ;
2003-01-03 11:28:12 +03:00
static struct cli_state * connect_one ( const char * share ) ;
2000-12-14 06:27:53 +03:00
/* Open cli connection and policy handle */
2001-04-13 23:12:06 +04:00
static BOOL cacls_open_policy_hnd ( void )
2000-12-14 06:27:53 +03:00
{
/* Initialise cli LSA connection */
2002-07-15 14:35:28 +04:00
if ( ! global_hack_cli ) {
2005-09-30 21:13:37 +04:00
NTSTATUS ret ;
2002-07-15 14:35:28 +04:00
global_hack_cli = connect_one ( " IPC$ " ) ;
2005-09-30 21:13:37 +04:00
global_pipe_hnd = cli_rpc_pipe_open_noauth ( global_hack_cli , PI_LSARPC , & ret ) ;
if ( ! global_pipe_hnd ) {
2002-07-15 14:35:28 +04:00
return False ;
}
2000-12-14 06:27:53 +03:00
}
2002-07-15 14:35:28 +04:00
2000-12-14 06:27:53 +03:00
/* Open policy handle */
if ( ! got_policy_hnd ) {
2001-01-23 20:33:35 +03:00
/* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
but NT sends 0x2000000 so we might as well do it too . */
2005-09-30 21:13:37 +04:00
if ( ! NT_STATUS_IS_OK ( rpccli_lsa_open_policy ( global_pipe_hnd , global_hack_cli - > mem_ctx , True ,
2001-09-04 14:57:29 +04:00
GENERIC_EXECUTE_ACCESS , & pol ) ) ) {
2000-12-14 06:27:53 +03:00
return False ;
}
got_policy_hnd = True ;
}
return True ;
}
2000-12-03 11:35:11 +03:00
/* convert a SID to a string, either numeric or username/group */
static void SidToString ( fstring str , DOM_SID * sid )
2000-12-03 08:24:16 +03:00
{
2002-01-20 04:24:59 +03:00
char * * domains = NULL ;
2000-12-14 06:27:53 +03:00
char * * names = NULL ;
uint32 * types = NULL ;
2000-12-13 15:53:42 +03:00
2000-12-14 06:27:53 +03:00
sid_to_string ( str , sid ) ;
2000-12-13 15:53:42 +03:00
2000-12-14 06:27:53 +03:00
if ( numeric ) return ;
2000-12-13 15:53:42 +03:00
2000-12-14 06:27:53 +03:00
/* Ask LSA to convert the sid to a name */
2000-12-04 09:43:36 +03:00
2001-04-13 23:12:06 +04:00
if ( ! cacls_open_policy_hnd ( ) | |
2005-09-30 21:13:37 +04:00
! NT_STATUS_IS_OK ( rpccli_lsa_lookup_sids ( global_pipe_hnd , global_hack_cli - > mem_ctx ,
2002-04-15 09:02:22 +04:00
& pol , 1 , sid , & domains ,
& names , & types ) ) | |
2002-01-20 04:24:59 +03:00
! domains | | ! domains [ 0 ] | | ! names | | ! names [ 0 ] ) {
2000-12-21 03:12:59 +03:00
return ;
2000-12-03 08:24:16 +03:00
}
2000-12-21 03:12:59 +03:00
/* Converted OK */
2002-01-20 04:24:59 +03:00
slprintf ( str , sizeof ( fstring ) - 1 , " %s%s%s " ,
domains [ 0 ] , lp_winbind_separator ( ) ,
names [ 0 ] ) ;
2000-12-21 03:12:59 +03:00
2000-12-03 11:35:11 +03:00
}
2000-12-03 08:24:16 +03:00
2000-12-03 11:35:11 +03:00
/* convert a string to a SID, either numeric or username/group */
2001-12-18 22:44:14 +03:00
static BOOL StringToSid ( DOM_SID * sid , const char * str )
2000-12-03 11:35:11 +03:00
{
2000-12-14 06:27:53 +03:00
uint32 * types = NULL ;
DOM_SID * sids = NULL ;
2000-12-15 04:02:11 +03:00
BOOL result = True ;
2002-01-26 14:48:42 +03:00
2000-12-13 15:53:42 +03:00
if ( strncmp ( str , " S- " , 2 ) = = 0 ) {
2000-12-21 03:12:59 +03:00
return string_to_sid ( sid , str ) ;
2000-12-13 15:53:42 +03:00
}
2000-12-04 09:43:36 +03:00
2001-04-13 23:12:06 +04:00
if ( ! cacls_open_policy_hnd ( ) | |
2005-09-30 21:13:37 +04:00
! NT_STATUS_IS_OK ( rpccli_lsa_lookup_names ( global_pipe_hnd , global_hack_cli - > mem_ctx ,
2002-04-15 09:02:22 +04:00
& pol , 1 , & str , & sids ,
& types ) ) ) {
2000-12-21 09:21:26 +03:00
result = False ;
2000-12-13 15:53:42 +03:00
goto done ;
}
sid_copy ( sid , & sids [ 0 ] ) ;
done :
2000-12-15 04:02:11 +03:00
2000-12-13 15:53:42 +03:00
return result ;
2000-12-03 11:35:11 +03:00
}
2000-12-03 08:24:16 +03:00
2000-12-03 11:35:11 +03:00
/* print an ACE on a FILE, using either numeric or ascii representation */
static void print_ace ( FILE * f , SEC_ACE * ace )
{
2003-01-03 11:28:12 +03:00
const struct perm_value * v ;
2000-12-03 11:35:11 +03:00
fstring sidstr ;
2000-12-07 09:05:57 +03:00
int do_print = 0 ;
uint32 got_mask ;
2000-12-03 08:24:16 +03:00
2001-11-30 04:04:15 +03:00
SidToString ( sidstr , & ace - > trustee ) ;
2000-12-03 10:36:15 +03:00
2000-12-03 11:35:11 +03:00
fprintf ( f , " %s: " , sidstr ) ;
if ( numeric ) {
2001-02-23 10:20:11 +03:00
fprintf ( f , " %d/%d/0x%08x " ,
2000-12-03 11:35:11 +03:00
ace - > type , ace - > flags , ace - > info . mask ) ;
return ;
2000-12-03 08:24:16 +03:00
}
2000-12-04 09:14:28 +03:00
/* Ace type */
if ( ace - > type = = SEC_ACE_TYPE_ACCESS_ALLOWED ) {
fprintf ( f , " ALLOWED " ) ;
} else if ( ace - > type = = SEC_ACE_TYPE_ACCESS_DENIED ) {
fprintf ( f , " DENIED " ) ;
2000-12-03 11:35:11 +03:00
} else {
2000-12-04 09:14:28 +03:00
fprintf ( f , " %d " , ace - > type ) ;
2000-12-03 11:35:11 +03:00
}
2000-12-03 08:24:16 +03:00
2000-12-04 09:14:28 +03:00
/* Not sure what flags can be set in a file ACL */
fprintf ( f , " /%d/ " , ace - > flags ) ;
/* Standard permissions */
for ( v = standard_values ; v - > perm ; v + + ) {
if ( ace - > info . mask = = v - > mask ) {
2001-02-23 10:20:11 +03:00
fprintf ( f , " %s " , v - > perm ) ;
2000-12-04 09:14:28 +03:00
return ;
}
}
2000-12-07 09:05:57 +03:00
/* Special permissions. Print out a hex value if we have
leftover bits in the mask . */
2000-12-04 09:14:28 +03:00
2000-12-07 09:05:57 +03:00
got_mask = ace - > info . mask ;
again :
2000-12-04 09:14:28 +03:00
for ( v = special_values ; v - > perm ; v + + ) {
if ( ( ace - > info . mask & v - > mask ) = = v - > mask ) {
2000-12-07 09:05:57 +03:00
if ( do_print ) {
fprintf ( f , " %s " , v - > perm ) ;
}
got_mask & = ~ v - > mask ;
}
}
if ( ! do_print ) {
if ( got_mask ! = 0 ) {
fprintf ( f , " 0x%08x " , ace - > info . mask ) ;
} else {
do_print = 1 ;
goto again ;
2000-12-04 09:14:28 +03:00
}
}
2000-12-03 11:35:11 +03:00
}
2000-12-03 08:24:16 +03:00
2000-12-03 11:35:11 +03:00
/* parse an ACE in the same format as print_ace() */
2005-11-02 05:13:08 +03:00
static BOOL parse_ace ( SEC_ACE * ace , const char * orig_str )
2000-12-03 11:35:11 +03:00
{
char * p ;
2002-11-13 02:20:50 +03:00
const char * cp ;
2000-12-07 09:05:57 +03:00
fstring tok ;
2005-11-02 23:32:11 +03:00
unsigned int atype = 0 ;
unsigned int aflags = 0 ;
unsigned int amask = 0 ;
2000-12-04 05:01:57 +03:00
DOM_SID sid ;
SEC_ACCESS mask ;
2003-01-03 11:28:12 +03:00
const struct perm_value * v ;
2005-11-02 05:13:08 +03:00
char * str = SMB_STRDUP ( orig_str ) ;
if ( ! str ) {
return False ;
}
2000-12-07 09:05:57 +03:00
2000-12-03 11:35:11 +03:00
ZERO_STRUCTP ( ace ) ;
2001-07-04 11:36:09 +04:00
p = strchr_m ( str , ' : ' ) ;
2005-11-02 05:13:08 +03:00
if ( ! p ) {
printf ( " ACE '%s': missing ':'. \n " , orig_str ) ;
SAFE_FREE ( str ) ;
return False ;
}
2000-12-07 09:05:57 +03:00
* p = ' \0 ' ;
p + + ;
/* Try to parse numeric form */
if ( sscanf ( p , " %i/%i/%i " , & atype , & aflags , & amask ) = = 3 & &
StringToSid ( & sid , str ) ) {
goto done ;
}
/* Try to parse text form */
2000-12-13 15:53:42 +03:00
if ( ! StringToSid ( & sid , str ) ) {
2005-11-02 05:13:08 +03:00
printf ( " ACE '%s': failed to convert '%s' to SID \n " ,
orig_str , str ) ;
SAFE_FREE ( str ) ;
2000-12-07 09:05:57 +03:00
return False ;
}
2002-11-13 02:20:50 +03:00
cp = p ;
if ( ! next_token ( & cp , tok , " / " , sizeof ( fstring ) ) ) {
2005-11-02 05:13:08 +03:00
printf ( " ACE '%s': failed to find '/' character. \n " ,
orig_str ) ;
SAFE_FREE ( str ) ;
2000-12-07 09:05:57 +03:00
return False ;
}
if ( strncmp ( tok , " ALLOWED " , strlen ( " ALLOWED " ) ) = = 0 ) {
atype = SEC_ACE_TYPE_ACCESS_ALLOWED ;
} else if ( strncmp ( tok , " DENIED " , strlen ( " DENIED " ) ) = = 0 ) {
atype = SEC_ACE_TYPE_ACCESS_DENIED ;
} else {
2005-11-02 05:13:08 +03:00
printf ( " ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s' \n " ,
orig_str , tok ) ;
SAFE_FREE ( str ) ;
2000-12-07 09:05:57 +03:00
return False ;
}
/* Only numeric form accepted for flags at present */
2002-11-13 02:20:50 +03:00
if ( ! ( next_token ( & cp , tok , " / " , sizeof ( fstring ) ) & &
2000-12-07 09:05:57 +03:00
sscanf ( tok , " %i " , & aflags ) ) ) {
2005-11-02 05:13:08 +03:00
printf ( " ACE '%s': bad integer flags entry at '%s' \n " ,
orig_str , tok ) ;
SAFE_FREE ( str ) ;
2000-12-07 09:05:57 +03:00
return False ;
}
2002-11-13 02:20:50 +03:00
if ( ! next_token ( & cp , tok , " / " , sizeof ( fstring ) ) ) {
2005-11-02 05:13:08 +03:00
printf ( " ACE '%s': missing / at '%s' \n " ,
orig_str , tok ) ;
SAFE_FREE ( str ) ;
2000-12-03 11:35:11 +03:00
return False ;
2000-12-03 08:24:16 +03:00
}
2000-12-07 09:05:57 +03:00
if ( strncmp ( tok , " 0x " , 2 ) = = 0 ) {
if ( sscanf ( tok , " %i " , & amask ) ! = 1 ) {
2005-11-02 05:13:08 +03:00
printf ( " ACE '%s': bad hex number at '%s' \n " ,
orig_str , tok ) ;
SAFE_FREE ( str ) ;
2000-12-07 09:05:57 +03:00
return False ;
}
goto done ;
}
for ( v = standard_values ; v - > perm ; v + + ) {
if ( strcmp ( tok , v - > perm ) = = 0 ) {
amask = v - > mask ;
goto done ;
}
}
p = tok ;
while ( * p ) {
BOOL found = False ;
for ( v = special_values ; v - > perm ; v + + ) {
if ( v - > perm [ 0 ] = = * p ) {
amask | = v - > mask ;
found = True ;
}
}
2005-11-02 05:13:08 +03:00
if ( ! found ) {
printf ( " ACE '%s': bad permission value at '%s' \n " ,
orig_str , p ) ;
SAFE_FREE ( str ) ;
return False ;
}
2000-12-07 09:05:57 +03:00
p + + ;
}
if ( * p ) {
2005-11-02 05:13:08 +03:00
SAFE_FREE ( str ) ;
2000-12-07 09:05:57 +03:00
return False ;
}
done :
2000-12-04 05:01:57 +03:00
mask . mask = amask ;
init_sec_ace ( ace , & sid , atype , mask , aflags ) ;
2005-11-02 05:13:08 +03:00
SAFE_FREE ( str ) ;
2000-12-03 11:35:11 +03:00
return True ;
2000-12-03 08:24:16 +03:00
}
2000-12-03 10:36:15 +03:00
/* add an ACE to a list of ACEs in a SEC_ACL */
2000-12-14 08:38:05 +03:00
static BOOL add_ace ( SEC_ACL * * the_acl , SEC_ACE * ace )
2000-12-03 10:36:15 +03:00
{
2005-06-25 00:25:18 +04:00
SEC_ACL * new_ace ;
2000-12-04 05:01:57 +03:00
SEC_ACE * aces ;
2000-12-14 08:38:05 +03:00
if ( ! * the_acl ) {
2001-02-28 04:38:12 +03:00
( * the_acl ) = make_sec_acl ( ctx , 3 , 1 , ace ) ;
2000-12-04 05:01:57 +03:00
return True ;
2000-12-03 10:36:15 +03:00
}
2004-12-07 21:25:53 +03:00
aces = SMB_CALLOC_ARRAY ( SEC_ACE , 1 + ( * the_acl ) - > num_aces ) ;
2000-12-14 08:38:05 +03:00
memcpy ( aces , ( * the_acl ) - > ace , ( * the_acl ) - > num_aces * sizeof ( SEC_ACE ) ) ;
memcpy ( aces + ( * the_acl ) - > num_aces , ace , sizeof ( SEC_ACE ) ) ;
2005-06-25 00:25:18 +04:00
new_ace = make_sec_acl ( ctx , ( * the_acl ) - > revision , 1 + ( * the_acl ) - > num_aces , aces ) ;
2001-09-17 15:48:29 +04:00
SAFE_FREE ( aces ) ;
2005-06-25 00:25:18 +04:00
( * the_acl ) = new_ace ;
2000-12-03 10:36:15 +03:00
return True ;
}
/* parse a ascii version of a security descriptor */
static SEC_DESC * sec_desc_parse ( char * str )
{
2002-11-13 02:20:50 +03:00
const char * p = str ;
2000-12-03 10:36:15 +03:00
fstring tok ;
2000-12-03 14:05:11 +03:00
SEC_DESC * ret ;
2001-06-20 21:49:38 +04:00
size_t sd_size ;
2000-12-03 14:05:11 +03:00
DOM_SID * grp_sid = NULL , * owner_sid = NULL ;
2000-12-04 07:58:40 +03:00
SEC_ACL * dacl = NULL ;
2000-12-03 14:05:11 +03:00
int revision = 1 ;
2000-12-03 10:36:15 +03:00
2000-12-21 09:21:26 +03:00
while ( next_token ( & p , tok , " \t , \r \n " , sizeof ( tok ) ) ) {
2000-12-03 10:36:15 +03:00
if ( strncmp ( tok , " REVISION: " , 9 ) = = 0 ) {
2000-12-03 14:05:11 +03:00
revision = strtol ( tok + 9 , NULL , 16 ) ;
2000-12-12 09:06:10 +03:00
continue ;
2000-12-03 10:36:15 +03:00
}
if ( strncmp ( tok , " OWNER: " , 6 ) = = 0 ) {
2004-12-07 21:25:53 +03:00
owner_sid = SMB_CALLOC_ARRAY ( DOM_SID , 1 ) ;
2000-12-03 14:05:11 +03:00
if ( ! owner_sid | |
! StringToSid ( owner_sid , tok + 6 ) ) {
2000-12-03 10:36:15 +03:00
printf ( " Failed to parse owner sid \n " ) ;
return NULL ;
}
2000-12-12 09:06:10 +03:00
continue ;
2000-12-03 10:36:15 +03:00
}
if ( strncmp ( tok , " GROUP: " , 6 ) = = 0 ) {
2004-12-07 21:25:53 +03:00
grp_sid = SMB_CALLOC_ARRAY ( DOM_SID , 1 ) ;
2000-12-03 14:05:11 +03:00
if ( ! grp_sid | |
! StringToSid ( grp_sid , tok + 6 ) ) {
2000-12-03 10:36:15 +03:00
printf ( " Failed to parse group sid \n " ) ;
return NULL ;
}
2000-12-12 09:06:10 +03:00
continue ;
2000-12-03 10:36:15 +03:00
}
2000-12-04 07:58:40 +03:00
if ( strncmp ( tok , " ACL: " , 4 ) = = 0 ) {
2000-12-03 10:36:15 +03:00
SEC_ACE ace ;
2000-12-15 04:02:11 +03:00
if ( ! parse_ace ( & ace , tok + 4 ) ) {
return NULL ;
}
if ( ! add_ace ( & dacl , & ace ) ) {
printf ( " Failed to add ACL %s \n " , tok ) ;
2000-12-03 10:36:15 +03:00
return NULL ;
}
2000-12-12 09:06:10 +03:00
continue ;
2000-12-03 10:36:15 +03:00
}
2000-12-12 09:06:10 +03:00
2005-11-02 05:13:08 +03:00
printf ( " Failed to parse token '%s' in security descriptor, \n " , tok ) ;
2000-12-12 09:06:10 +03:00
return NULL ;
2000-12-03 10:36:15 +03:00
}
2003-09-20 01:57:43 +04:00
ret = make_sec_desc ( ctx , revision , SEC_DESC_SELF_RELATIVE , owner_sid , grp_sid ,
2000-12-04 07:58:40 +03:00
NULL , dacl , & sd_size ) ;
2000-12-03 10:36:15 +03:00
2001-09-17 15:48:29 +04:00
SAFE_FREE ( grp_sid ) ;
SAFE_FREE ( owner_sid ) ;
2000-12-03 10:36:15 +03:00
return ret ;
}
2000-12-03 11:35:11 +03:00
/* print a ascii version of a security descriptor on a FILE handle */
static void sec_desc_print ( FILE * f , SEC_DESC * sd )
{
fstring sidstr ;
2002-02-16 22:46:42 +03:00
uint32 i ;
2000-12-03 11:35:11 +03:00
2003-04-09 18:34:53 +04:00
fprintf ( f , " REVISION:%d \n " , sd - > revision ) ;
2000-12-03 11:35:11 +03:00
/* Print owner and group sid */
if ( sd - > owner_sid ) {
SidToString ( sidstr , sd - > owner_sid ) ;
} else {
fstrcpy ( sidstr , " " ) ;
}
2003-04-09 18:34:53 +04:00
fprintf ( f , " OWNER:%s \n " , sidstr ) ;
2000-12-03 11:35:11 +03:00
if ( sd - > grp_sid ) {
SidToString ( sidstr , sd - > grp_sid ) ;
} else {
fstrcpy ( sidstr , " " ) ;
}
fprintf ( f , " GROUP:%s \n " , sidstr ) ;
/* Print aces */
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
SEC_ACE * ace = & sd - > dacl - > ace [ i ] ;
2000-12-04 07:58:40 +03:00
fprintf ( f , " ACL: " ) ;
2000-12-04 03:35:31 +03:00
print_ace ( f , ace ) ;
2001-02-23 10:20:11 +03:00
fprintf ( f , " \n " ) ;
2000-12-03 11:35:11 +03:00
}
2000-12-04 03:35:31 +03:00
2000-12-03 11:35:11 +03:00
}
2000-12-03 05:19:27 +03:00
/*****************************************************
dump the acls for a file
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-12-22 02:36:25 +03:00
static int cacl_dump ( struct cli_state * cli , char * filename )
2000-12-03 05:19:27 +03:00
{
2002-12-20 04:35:21 +03:00
int result = EXIT_FAILED ;
int fnum = - 1 ;
2000-12-03 08:24:16 +03:00
SEC_DESC * sd ;
2000-12-03 05:19:27 +03:00
2002-12-20 04:35:21 +03:00
if ( test_args )
return EXIT_OK ;
2000-12-07 09:05:57 +03:00
2001-02-22 06:40:01 +03:00
fnum = cli_nt_create ( cli , filename , CREATE_ACCESS_READ ) ;
2002-12-20 04:35:21 +03:00
2000-12-03 05:19:27 +03:00
if ( fnum = = - 1 ) {
2000-12-04 09:46:52 +03:00
printf ( " Failed to open %s: %s \n " , filename , cli_errstr ( cli ) ) ;
2002-12-20 04:35:21 +03:00
goto done ;
2000-12-03 05:19:27 +03:00
}
2001-05-02 03:07:30 +04:00
sd = cli_query_secdesc ( cli , fnum , ctx ) ;
2000-12-03 08:24:16 +03:00
if ( ! sd ) {
2000-12-04 09:46:52 +03:00
printf ( " ERROR: secdesc query failed: %s \n " , cli_errstr ( cli ) ) ;
2002-12-20 04:35:21 +03:00
goto done ;
2000-12-03 08:24:16 +03:00
}
sec_desc_print ( stdout , sd ) ;
2000-12-03 05:19:27 +03:00
2002-12-20 04:35:21 +03:00
result = EXIT_OK ;
2000-12-22 02:36:25 +03:00
2002-12-20 04:35:21 +03:00
done :
if ( fnum ! = - 1 )
cli_close ( cli , fnum ) ;
return result ;
2000-12-03 05:19:27 +03:00
}
2000-12-16 03:08:05 +03:00
/*****************************************************
Change the ownership or group ownership of a file . Just
because the NT docs say this can ' t be done : - ) . JRA .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-12-22 02:36:25 +03:00
static int owner_set ( struct cli_state * cli , enum chown_mode change_mode ,
char * filename , char * new_username )
2000-12-16 03:08:05 +03:00
{
int fnum ;
DOM_SID sid ;
SEC_DESC * sd , * old ;
size_t sd_size ;
2001-02-22 06:40:01 +03:00
fnum = cli_nt_create ( cli , filename , CREATE_ACCESS_READ ) ;
2000-12-21 08:28:39 +03:00
2000-12-16 03:08:05 +03:00
if ( fnum = = - 1 ) {
printf ( " Failed to open %s: %s \n " , filename , cli_errstr ( cli ) ) ;
2000-12-22 02:36:25 +03:00
return EXIT_FAILED ;
2000-12-16 03:08:05 +03:00
}
if ( ! StringToSid ( & sid , new_username ) )
2000-12-22 02:36:25 +03:00
return EXIT_PARSE_ERROR ;
2000-12-16 03:08:05 +03:00
2001-05-02 03:07:30 +04:00
old = cli_query_secdesc ( cli , fnum , ctx ) ;
2000-12-16 03:08:05 +03:00
2001-02-22 06:40:01 +03:00
cli_close ( cli , fnum ) ;
if ( ! old ) {
printf ( " owner_set: Failed to query old descriptor \n " ) ;
return EXIT_FAILED ;
}
2003-09-20 01:57:43 +04:00
sd = make_sec_desc ( ctx , old - > revision , old - > type ,
2003-06-24 05:09:36 +04:00
( change_mode = = REQUEST_CHOWN ) ? & sid : NULL ,
( change_mode = = REQUEST_CHGRP ) ? & sid : NULL ,
NULL , NULL , & sd_size ) ;
2000-12-16 03:08:05 +03:00
2003-06-24 05:09:36 +04:00
fnum = cli_nt_create ( cli , filename , WRITE_OWNER_ACCESS ) ;
2001-02-22 06:40:01 +03:00
if ( fnum = = - 1 ) {
printf ( " Failed to open %s: %s \n " , filename , cli_errstr ( cli ) ) ;
return EXIT_FAILED ;
}
2000-12-16 03:08:05 +03:00
if ( ! cli_set_secdesc ( cli , fnum , sd ) ) {
printf ( " ERROR: secdesc set failed: %s \n " , cli_errstr ( cli ) ) ;
}
cli_close ( cli , fnum ) ;
2000-12-22 02:36:25 +03:00
return EXIT_OK ;
2000-12-16 03:08:05 +03:00
}
2001-02-23 10:20:11 +03:00
2000-12-21 09:21:26 +03:00
/* The MSDN is contradictory over the ordering of ACE entries in an ACL.
However NT4 gives a " The information may have been modified by a
computer running Windows NT 5.0 " if denied ACEs do not appear before
allowed ACEs . */
2001-02-23 10:20:11 +03:00
static int ace_compare ( SEC_ACE * ace1 , SEC_ACE * ace2 )
2000-12-21 09:21:26 +03:00
{
2001-11-30 04:04:15 +03:00
if ( sec_ace_equal ( ace1 , ace2 ) )
return 0 ;
if ( ace1 - > type ! = ace2 - > type )
return ace2 - > type - ace1 - > type ;
if ( sid_compare ( & ace1 - > trustee , & ace2 - > trustee ) )
return sid_compare ( & ace1 - > trustee , & ace2 - > trustee ) ;
if ( ace1 - > flags ! = ace2 - > flags )
return ace1 - > flags - ace2 - > flags ;
if ( ace1 - > info . mask ! = ace2 - > info . mask )
return ace1 - > info . mask - ace2 - > info . mask ;
if ( ace1 - > size ! = ace2 - > size )
return ace1 - > size - ace2 - > size ;
2001-02-23 10:20:11 +03:00
return memcmp ( ace1 , ace2 , sizeof ( SEC_ACE ) ) ;
}
2000-12-21 09:21:26 +03:00
2001-02-23 10:20:11 +03:00
static void sort_acl ( SEC_ACL * the_acl )
{
2002-02-16 22:46:42 +03:00
uint32 i ;
2001-02-22 09:35:54 +03:00
if ( ! the_acl ) return ;
2001-02-23 10:21:50 +03:00
qsort ( the_acl - > ace , the_acl - > num_aces , sizeof ( the_acl - > ace [ 0 ] ) , QSORT_CAST ace_compare ) ;
2000-12-21 09:21:26 +03:00
2001-02-23 10:20:11 +03:00
for ( i = 1 ; i < the_acl - > num_aces ; ) {
if ( sec_ace_equal ( & the_acl - > ace [ i - 1 ] , & the_acl - > ace [ i ] ) ) {
int j ;
for ( j = i ; j < the_acl - > num_aces - 1 ; j + + ) {
the_acl - > ace [ j ] = the_acl - > ace [ j + 1 ] ;
}
the_acl - > num_aces - - ;
} else {
i + + ;
2000-12-21 09:21:26 +03:00
}
}
}
2000-12-03 10:36:15 +03:00
/*****************************************************
set the ACLs on a file given an ascii description
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2000-12-22 02:36:25 +03:00
static int cacl_set ( struct cli_state * cli , char * filename ,
char * the_acl , enum acl_mode mode )
2000-12-03 10:36:15 +03:00
{
int fnum ;
2000-12-03 15:41:28 +03:00
SEC_DESC * sd , * old ;
2002-02-16 22:46:42 +03:00
uint32 i , j ;
2000-12-16 03:08:05 +03:00
size_t sd_size ;
2000-12-22 02:36:25 +03:00
int result = EXIT_OK ;
2000-12-03 10:36:15 +03:00
2000-12-14 08:38:05 +03:00
sd = sec_desc_parse ( the_acl ) ;
2000-12-03 10:36:15 +03:00
2000-12-22 02:36:25 +03:00
if ( ! sd ) return EXIT_PARSE_ERROR ;
if ( test_args ) return EXIT_OK ;
2000-12-07 09:05:57 +03:00
2000-12-21 08:28:39 +03:00
/* The desired access below is the only one I could find that works
with NT4 , W2KP and Samba */
2001-02-22 06:40:01 +03:00
fnum = cli_nt_create ( cli , filename , CREATE_ACCESS_READ ) ;
2000-12-21 08:28:39 +03:00
2000-12-03 10:36:15 +03:00
if ( fnum = = - 1 ) {
2001-02-22 06:40:01 +03:00
printf ( " cacl_set failed to open %s: %s \n " , filename , cli_errstr ( cli ) ) ;
2000-12-22 02:36:25 +03:00
return EXIT_FAILED ;
2000-12-03 10:36:15 +03:00
}
2001-05-02 03:07:30 +04:00
old = cli_query_secdesc ( cli , fnum , ctx ) ;
2000-12-03 15:41:28 +03:00
2001-02-22 06:40:01 +03:00
if ( ! old ) {
printf ( " calc_set: Failed to query old descriptor \n " ) ;
return EXIT_FAILED ;
}
cli_close ( cli , fnum ) ;
2000-12-03 15:41:28 +03:00
/* the logic here is rather more complex than I would like */
switch ( mode ) {
2001-04-11 05:34:37 +04:00
case SMB_ACL_DELETE :
2000-12-03 15:41:28 +03:00
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
2000-12-12 09:06:10 +03:00
BOOL found = False ;
2000-12-03 15:41:28 +03:00
for ( j = 0 ; old - > dacl & & j < old - > dacl - > num_aces ; j + + ) {
if ( sec_ace_equal ( & sd - > dacl - > ace [ i ] ,
& old - > dacl - > ace [ j ] ) ) {
2002-02-16 22:46:42 +03:00
uint32 k ;
2001-02-23 10:20:11 +03:00
for ( k = j ; k < old - > dacl - > num_aces - 1 ; k + + ) {
old - > dacl - > ace [ k ] = old - > dacl - > ace [ k + 1 ] ;
2000-12-04 03:33:08 +03:00
}
old - > dacl - > num_aces - - ;
2000-12-12 09:06:10 +03:00
found = True ;
2000-12-04 03:33:08 +03:00
break ;
2000-12-03 15:41:28 +03:00
}
}
2000-12-12 09:06:10 +03:00
if ( ! found ) {
2001-02-23 10:20:11 +03:00
printf ( " ACL for ACE: " ) ;
print_ace ( stdout , & sd - > dacl - > ace [ i ] ) ;
printf ( " not found \n " ) ;
2000-12-12 09:06:10 +03:00
}
2000-12-03 15:41:28 +03:00
}
break ;
2001-04-11 05:34:37 +04:00
case SMB_ACL_MODIFY :
2000-12-03 15:41:28 +03:00
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
2000-12-04 09:43:36 +03:00
BOOL found = False ;
2000-12-03 15:41:28 +03:00
for ( j = 0 ; old - > dacl & & j < old - > dacl - > num_aces ; j + + ) {
2001-11-30 04:04:15 +03:00
if ( sid_equal ( & sd - > dacl - > ace [ i ] . trustee ,
& old - > dacl - > ace [ j ] . trustee ) ) {
2000-12-03 15:41:28 +03:00
old - > dacl - > ace [ j ] = sd - > dacl - > ace [ i ] ;
2000-12-04 09:43:36 +03:00
found = True ;
2000-12-03 15:41:28 +03:00
}
}
2000-12-04 09:43:36 +03:00
if ( ! found ) {
fstring str ;
2001-11-30 04:04:15 +03:00
SidToString ( str , & sd - > dacl - > ace [ i ] . trustee ) ;
2000-12-04 09:43:36 +03:00
printf ( " ACL for SID %s not found \n " , str ) ;
}
2000-12-03 15:41:28 +03:00
}
2000-12-04 09:43:36 +03:00
2004-11-23 04:05:31 +03:00
if ( sd - > owner_sid ) {
old - > owner_sid = sd - > owner_sid ;
}
if ( sd - > grp_sid ) {
old - > grp_sid = sd - > grp_sid ;
}
2000-12-03 15:41:28 +03:00
break ;
2001-04-11 05:34:37 +04:00
case SMB_ACL_ADD :
2000-12-03 15:41:28 +03:00
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
add_ace ( & old - > dacl , & sd - > dacl - > ace [ i ] ) ;
}
break ;
2001-04-11 05:34:37 +04:00
case SMB_ACL_SET :
2000-12-12 09:06:10 +03:00
old = sd ;
2000-12-03 15:41:28 +03:00
break ;
}
2000-12-03 10:36:15 +03:00
2000-12-21 09:21:26 +03:00
/* Denied ACE entries must come before allowed ones */
sort_acl ( old - > dacl ) ;
/* Create new security descriptor and set it */
2005-11-02 05:35:48 +03:00
#if 0
/* We used to just have "WRITE_DAC_ACCESS" without WRITE_OWNER.
But if we ' re sending an owner , even if it ' s the same as the one
that already exists then W2K3 insists we open with WRITE_OWNER access .
I need to check that setting a SD with no owner set works against WNT
and W2K . JRA .
*/
2004-11-23 04:05:31 +03:00
sd = make_sec_desc ( ctx , old - > revision , old - > type , old - > owner_sid , old - > grp_sid ,
2000-12-04 07:58:40 +03:00
NULL , old - > dacl , & sd_size ) ;
2000-12-04 03:33:08 +03:00
2005-11-02 05:35:48 +03:00
fnum = cli_nt_create ( cli , filename , WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS ) ;
# else
sd = make_sec_desc ( ctx , old - > revision , old - > type , NULL , NULL ,
NULL , old - > dacl , & sd_size ) ;
2001-02-22 06:40:01 +03:00
2005-11-02 05:35:48 +03:00
fnum = cli_nt_create ( cli , filename , WRITE_DAC_ACCESS ) ;
# endif
2001-02-22 06:40:01 +03:00
if ( fnum = = - 1 ) {
printf ( " cacl_set failed to open %s: %s \n " , filename , cli_errstr ( cli ) ) ;
return EXIT_FAILED ;
}
2000-12-04 03:33:08 +03:00
if ( ! cli_set_secdesc ( cli , fnum , sd ) ) {
2000-12-04 09:46:52 +03:00
printf ( " ERROR: secdesc set failed: %s \n " , cli_errstr ( cli ) ) ;
2000-12-22 02:36:25 +03:00
result = EXIT_FAILED ;
2000-12-03 10:36:15 +03:00
}
2000-12-21 09:21:26 +03:00
/* Clean up */
2000-12-03 10:36:15 +03:00
cli_close ( cli , fnum ) ;
2000-12-22 02:36:25 +03:00
return result ;
2000-12-03 10:36:15 +03:00
}
2000-12-03 05:19:27 +03:00
/*****************************************************
return a connection to a server
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2003-01-03 11:28:12 +03:00
static struct cli_state * connect_one ( const char * share )
2000-12-03 05:19:27 +03:00
{
struct cli_state * c ;
struct in_addr ip ;
2002-07-15 14:35:28 +04:00
NTSTATUS nt_status ;
zero_ip ( & ip ) ;
2003-04-14 07:59:04 +04:00
if ( ! cmdline_auth_info . got_pass ) {
2000-12-03 05:19:27 +03:00
char * pass = getpass ( " Password: " ) ;
if ( pass ) {
2003-04-14 07:59:04 +04:00
pstrcpy ( cmdline_auth_info . password , pass ) ;
cmdline_auth_info . got_pass = True ;
2000-12-03 05:19:27 +03:00
}
}
2002-11-13 02:20:50 +03:00
if ( NT_STATUS_IS_OK ( nt_status = cli_full_connection ( & c , global_myname ( ) , server ,
2002-07-15 14:35:28 +04:00
& ip , 0 ,
share , " ????? " ,
2003-04-14 07:59:04 +04:00
cmdline_auth_info . username , lp_workgroup ( ) ,
2003-07-31 03:49:29 +04:00
cmdline_auth_info . password , 0 ,
cmdline_auth_info . signing_state , NULL ) ) ) {
2002-07-15 14:35:28 +04:00
return c ;
} else {
DEBUG ( 0 , ( " cli_full_connection failed! (%s) \n " , nt_errstr ( nt_status ) ) ) ;
2000-12-03 05:19:27 +03:00
return NULL ;
}
}
/****************************************************************************
main program
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2003-04-14 07:59:04 +04:00
int main ( int argc , const char * argv [ ] )
2000-12-03 05:19:27 +03:00
{
char * share ;
int opt ;
2001-06-19 04:44:23 +04:00
enum acl_mode mode = SMB_ACL_SET ;
2003-04-14 07:59:04 +04:00
static char * the_acl = NULL ;
2000-12-16 03:08:05 +03:00
enum chown_mode change_mode = REQUEST_NONE ;
2000-12-22 02:36:25 +03:00
int result ;
2003-04-14 07:59:04 +04:00
fstring path ;
pstring filename ;
poptContext pc ;
struct poptOption long_options [ ] = {
POPT_AUTOHELP
{ " delete " , ' D ' , POPT_ARG_STRING , NULL , ' D ' , " Delete an acl " , " ACL " } ,
{ " modify " , ' M ' , POPT_ARG_STRING , NULL , ' M ' , " Modify an acl " , " ACL " } ,
2003-09-01 14:43:21 +04:00
{ " add " , ' a ' , POPT_ARG_STRING , NULL , ' a ' , " Add an acl " , " ACL " } ,
2003-04-14 07:59:04 +04:00
{ " set " , ' S ' , POPT_ARG_STRING , NULL , ' S ' , " Set acls " , " ACLS " } ,
{ " chown " , ' C ' , POPT_ARG_STRING , NULL , ' C ' , " Change ownership of a file " , " USERNAME " } ,
{ " chgrp " , ' G ' , POPT_ARG_STRING , NULL , ' G ' , " Change group ownership of a file " , " GROUPNAME " } ,
{ " numeric " , 0 , POPT_ARG_NONE , & numeric , True , " Don't resolve sids or masks to names " } ,
{ " test-args " , ' t ' , POPT_ARG_NONE , & test_args , True , " Test arguments " } ,
POPT_COMMON_SAMBA
POPT_COMMON_CREDENTIALS
{ NULL }
} ;
2000-12-03 05:19:27 +03:00
2002-07-15 14:35:28 +04:00
struct cli_state * cli ;
2005-12-29 01:48:54 +03:00
load_case_tables ( ) ;
2002-12-20 23:21:31 +03:00
ctx = talloc_init ( " main " ) ;
2001-02-28 04:38:12 +03:00
2004-11-18 16:29:10 +03:00
/* set default debug level to 1 regardless of what smb.conf sets */
2004-09-15 17:57:33 +04:00
setup_logging ( " smbcacls " , True ) ;
DEBUGLEVEL_CLASS [ DBGC_ALL ] = 1 ;
2001-09-10 15:08:57 +04:00
dbf = x_stderr ;
2004-09-15 17:57:33 +04:00
x_setbuf ( x_stderr , NULL ) ;
2000-12-03 05:19:27 +03:00
2004-09-15 17:57:33 +04:00
setlinebuf ( stdout ) ;
2000-12-03 05:19:27 +03:00
2006-01-29 01:53:04 +03:00
lp_load ( dyn_CONFIGFILE , True , False , False , True ) ;
2000-12-03 05:19:27 +03:00
load_interfaces ( ) ;
2003-04-14 07:59:04 +04:00
pc = poptGetContext ( " smbcacls " , argc , argv , long_options , 0 ) ;
2005-11-04 20:40:35 +03:00
poptSetOtherOptionHelp ( pc , " //server1/share1 filename \n ACLs look like: "
" 'ACL:user:[ALLOWED|DENIED]/flags/permissions' " ) ;
2000-12-03 05:19:27 +03:00
2003-04-14 07:59:04 +04:00
while ( ( opt = poptGetNextOpt ( pc ) ) ! = - 1 ) {
2000-12-03 05:19:27 +03:00
switch ( opt ) {
2000-12-03 11:35:11 +03:00
case ' S ' :
2003-04-14 07:59:04 +04:00
the_acl = smb_xstrdup ( poptGetOptArg ( pc ) ) ;
2001-04-11 05:34:37 +04:00
mode = SMB_ACL_SET ;
2000-12-03 15:41:28 +03:00
break ;
case ' D ' :
2003-04-14 07:59:04 +04:00
the_acl = smb_xstrdup ( poptGetOptArg ( pc ) ) ;
2001-04-11 05:34:37 +04:00
mode = SMB_ACL_DELETE ;
2000-12-03 15:41:28 +03:00
break ;
case ' M ' :
2003-04-14 07:59:04 +04:00
the_acl = smb_xstrdup ( poptGetOptArg ( pc ) ) ;
2001-04-11 05:34:37 +04:00
mode = SMB_ACL_MODIFY ;
2000-12-03 15:41:28 +03:00
break ;
2003-09-01 14:43:21 +04:00
case ' a ' :
2003-04-14 07:59:04 +04:00
the_acl = smb_xstrdup ( poptGetOptArg ( pc ) ) ;
2001-04-11 05:34:37 +04:00
mode = SMB_ACL_ADD ;
2000-12-03 10:36:15 +03:00
break ;
2000-12-03 11:35:11 +03:00
2000-12-16 03:08:05 +03:00
case ' C ' :
2003-04-14 07:59:04 +04:00
pstrcpy ( owner_username , poptGetOptArg ( pc ) ) ;
2000-12-16 03:08:05 +03:00
change_mode = REQUEST_CHOWN ;
break ;
case ' G ' :
2003-04-14 07:59:04 +04:00
pstrcpy ( owner_username , poptGetOptArg ( pc ) ) ;
2000-12-16 03:08:05 +03:00
change_mode = REQUEST_CHGRP ;
break ;
2000-12-03 05:19:27 +03:00
}
}
2003-04-14 07:59:04 +04:00
/* Make connection to server */
if ( ! poptPeekArg ( pc ) ) {
poptPrintUsage ( pc , stderr , 0 ) ;
return - 1 ;
2000-12-07 09:05:57 +03:00
}
2003-04-14 07:59:04 +04:00
fstrcpy ( path , poptGetArg ( pc ) ) ;
if ( ! poptPeekArg ( pc ) ) {
poptPrintUsage ( pc , stderr , 0 ) ;
return - 1 ;
}
pstrcpy ( filename , poptGetArg ( pc ) ) ;
2000-12-03 05:19:27 +03:00
2003-04-14 07:59:04 +04:00
all_string_sub ( path , " / " , " \\ " , 0 ) ;
2000-12-21 03:12:59 +03:00
2003-04-14 07:59:04 +04:00
fstrcpy ( server , path + 2 ) ;
2002-07-15 14:35:28 +04:00
share = strchr_m ( server , ' \\ ' ) ;
if ( ! share ) {
share = strchr_m ( server , ' / ' ) ;
if ( ! share ) {
2003-04-14 07:59:04 +04:00
printf ( " Invalid argument: %s \n " , share ) ;
2002-07-15 14:35:28 +04:00
return - 1 ;
}
}
* share = 0 ;
share + + ;
2000-12-07 09:05:57 +03:00
if ( ! test_args ) {
cli = connect_one ( share ) ;
2001-02-28 04:38:12 +03:00
if ( ! cli ) {
talloc_destroy ( ctx ) ;
exit ( EXIT_FAILED ) ;
}
2002-07-15 14:35:28 +04:00
} else {
exit ( 0 ) ;
2000-12-07 09:05:57 +03:00
}
2000-12-03 05:19:27 +03:00
2001-02-22 09:22:20 +03:00
all_string_sub ( filename , " / " , " \\ " , 0 ) ;
if ( filename [ 0 ] ! = ' \\ ' ) {
pstring s ;
s [ 0 ] = ' \\ ' ;
2003-03-18 14:22:52 +03:00
safe_strcpy ( & s [ 1 ] , filename , sizeof ( pstring ) - 2 ) ;
2001-02-22 09:22:20 +03:00
pstrcpy ( filename , s ) ;
2000-12-21 08:28:39 +03:00
}
2000-12-21 03:12:59 +03:00
/* Perform requested action */
2000-12-16 03:08:05 +03:00
if ( change_mode ! = REQUEST_NONE ) {
2000-12-22 02:36:25 +03:00
result = owner_set ( cli , change_mode , filename , owner_username ) ;
2000-12-16 03:08:05 +03:00
} else if ( the_acl ) {
2000-12-22 02:36:25 +03:00
result = cacl_set ( cli , filename , the_acl , mode ) ;
2000-12-03 10:36:15 +03:00
} else {
2000-12-22 02:36:25 +03:00
result = cacl_dump ( cli , filename ) ;
2000-12-03 10:36:15 +03:00
}
2000-12-03 05:19:27 +03:00
2001-02-28 04:38:12 +03:00
talloc_destroy ( ctx ) ;
2000-12-22 02:36:25 +03:00
return result ;
2000-12-03 05:19:27 +03:00
}