2008-02-28 11:23:20 -05:00
/*
Unix SMB / Netbios implementation .
SMB client library implementation
Copyright ( C ) Andrew Tridgell 1998
Copyright ( C ) Richard Sharpe 2000 , 2002
Copyright ( C ) John Terpstra 2000
Copyright ( C ) Tom Jansen ( Ninja ISD ) 2002
Copyright ( C ) Derrell Lipman 2003 - 2008
Copyright ( C ) Jeremy Allison 2007 , 2008
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
2011-05-06 11:47:43 +02:00
# include "libsmb/libsmb.h"
2008-02-28 11:23:20 -05:00
# include "libsmbclient.h"
# include "libsmb_internal.h"
2010-05-05 01:39:16 +02:00
# include "../librpc/gen_ndr/ndr_lsa.h"
2011-04-13 14:32:16 +02:00
# include "rpc_client/rpc_client.h"
2010-05-18 18:26:16 +02:00
# include "rpc_client/cli_lsarpc.h"
2010-10-12 15:27:50 +11:00
# include "../libcli/security/security.h"
2020-08-07 11:17:34 -07:00
# include "lib/util/string_wrappers.h"
2008-02-28 11:23:20 -05:00
/*
* Find an lsa pipe handle associated with a cli struct .
*/
static struct rpc_pipe_client *
find_lsa_pipe_hnd ( struct cli_state * ipc_cli )
{
struct rpc_pipe_client * pipe_hnd ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
for ( pipe_hnd = ipc_cli - > pipe_list ;
pipe_hnd ;
pipe_hnd = pipe_hnd - > next ) {
2008-07-21 12:01:12 +02:00
if ( ndr_syntax_id_equal ( & pipe_hnd - > abstract_syntax ,
& ndr_table_lsarpc . syntax_id ) ) {
2008-02-28 11:23:20 -05:00
return pipe_hnd ;
}
}
return NULL ;
}
/*
* Sort ACEs according to the documentation at
* http : //support.microsoft.com/kb/269175, at least as far as it defines the
* order .
*/
static int
2010-05-18 03:25:38 +02:00
ace_compare ( struct security_ace * ace1 ,
struct security_ace * ace2 )
2008-02-28 11:23:20 -05:00
{
bool b1 ;
bool b2 ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* If the ACEs are equal, we have nothing more to do. */
2014-05-28 17:42:08 +02:00
if ( security_ace_equal ( ace1 , ace2 ) ) {
2008-02-28 11:23:20 -05:00
return 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Inherited follow non-inherited */
b1 = ( ( ace1 - > flags & SEC_ACE_FLAG_INHERITED_ACE ) ! = 0 ) ;
b2 = ( ( ace2 - > flags & SEC_ACE_FLAG_INHERITED_ACE ) ! = 0 ) ;
if ( b1 ! = b2 ) {
return ( b1 ? 1 : - 1 ) ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
* What shall we do with AUDITs and ALARMs ? It ' s undefined . We ' ll
* sort them after DENY and ALLOW .
*/
b1 = ( ace1 - > type ! = SEC_ACE_TYPE_ACCESS_ALLOWED & &
ace1 - > type ! = SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT & &
ace1 - > type ! = SEC_ACE_TYPE_ACCESS_DENIED & &
ace1 - > type ! = SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ) ;
b2 = ( ace2 - > type ! = SEC_ACE_TYPE_ACCESS_ALLOWED & &
ace2 - > type ! = SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT & &
ace2 - > type ! = SEC_ACE_TYPE_ACCESS_DENIED & &
ace2 - > type ! = SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ) ;
if ( b1 ! = b2 ) {
return ( b1 ? 1 : - 1 ) ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Allowed ACEs follow denied ACEs */
b1 = ( ace1 - > type = = SEC_ACE_TYPE_ACCESS_ALLOWED | |
ace1 - > type = = SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ) ;
b2 = ( ace2 - > type = = SEC_ACE_TYPE_ACCESS_ALLOWED | |
ace2 - > type = = SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ) ;
if ( b1 ! = b2 ) {
return ( b1 ? 1 : - 1 ) ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
* ACEs applying to an entity ' s object follow those applying to the
* entity itself
*/
b1 = ( ace1 - > type = = SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT | |
ace1 - > type = = SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ) ;
b2 = ( ace2 - > type = = SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT | |
ace2 - > type = = SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ) ;
if ( b1 ! = b2 ) {
return ( b1 ? 1 : - 1 ) ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
* If we get this far , the ACEs are similar as far as the
* characteristics we typically care about ( those defined by the
* referenced MS document ) . We ' ll now sort by characteristics that
* just seems reasonable .
*/
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ace1 - > type ! = ace2 - > type ) {
return ace2 - > type - ace1 - > type ;
}
2009-11-21 22:52:12 +01:00
2010-08-26 15:48:50 +02:00
if ( dom_sid_compare ( & ace1 - > trustee , & ace2 - > trustee ) ) {
return dom_sid_compare ( & ace1 - > trustee , & ace2 - > trustee ) ;
2008-02-28 11:23:20 -05:00
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ace1 - > flags ! = ace2 - > flags ) {
return ace1 - > flags - ace2 - > flags ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ace1 - > access_mask ! = ace2 - > access_mask ) {
return ace1 - > access_mask - ace2 - > access_mask ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ace1 - > size ! = ace2 - > size ) {
return ace1 - > size - ace2 - > size ;
}
2009-11-21 22:52:12 +01:00
2010-05-18 03:25:38 +02:00
return memcmp ( ace1 , ace2 , sizeof ( struct security_ace ) ) ;
2008-02-28 11:23:20 -05:00
}
static void
2010-05-18 03:30:40 +02:00
sort_acl ( struct security_acl * the_acl )
2008-02-28 11:23:20 -05:00
{
2015-05-09 16:59:45 -07:00
uint32_t i ;
2008-02-28 11:23:20 -05:00
if ( ! the_acl ) return ;
2009-11-21 22:52:12 +01:00
2010-02-14 10:00:49 +11:00
TYPESAFE_QSORT ( the_acl - > aces , the_acl - > num_aces , ace_compare ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
for ( i = 1 ; i < the_acl - > num_aces ; ) {
2014-05-28 17:42:08 +02:00
if ( security_ace_equal ( & the_acl - > aces [ i - 1 ] ,
& the_acl - > aces [ i ] ) ) {
2020-03-25 22:36:48 +01:00
ARRAY_DEL_ELEMENT (
the_acl - > aces , i , the_acl - > num_aces ) ;
2008-02-28 11:23:20 -05:00
the_acl - > num_aces - - ;
} else {
i + + ;
}
}
}
/* convert a SID to a string, either numeric or username/group */
static void
convert_sid_to_string ( struct cli_state * ipc_cli ,
2009-03-18 22:49:41 +01:00
struct policy_handle * pol ,
2008-02-28 11:23:20 -05:00
fstring str ,
bool numeric ,
2010-05-21 11:25:01 +10:00
struct dom_sid * sid )
2008-02-28 11:23:20 -05:00
{
char * * domains = NULL ;
char * * names = NULL ;
enum lsa_SidType * types = NULL ;
struct rpc_pipe_client * pipe_hnd = find_lsa_pipe_hnd ( ipc_cli ) ;
TALLOC_CTX * ctx ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
sid_to_fstring ( str , sid ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( numeric ) {
return ; /* no lookup desired */
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! pipe_hnd ) {
return ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Ask LSA to convert the sid to a name */
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
ctx = talloc_stackframe ( ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! NT_STATUS_IS_OK ( rpccli_lsa_lookup_sids ( pipe_hnd , ctx ,
2008-03-01 20:44:21 -05:00
pol , 1 , sid , & domains ,
& names , & types ) ) | |
2008-02-28 11:23:20 -05:00
! domains | | ! domains [ 0 ] | | ! names | | ! names [ 0 ] ) {
TALLOC_FREE ( ctx ) ;
return ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Converted OK */
2009-11-21 22:52:12 +01:00
2015-06-26 13:29:27 +02:00
fstr_sprintf ( str , " %s%s%s " ,
domains [ 0 ] , lp_winbind_separator ( ) , names [ 0 ] ) ;
2008-12-17 18:14:09 +01:00
TALLOC_FREE ( ctx ) ;
2008-02-28 11:23:20 -05:00
}
/* convert a string to a SID, either numeric or username/group */
static bool
convert_string_to_sid ( struct cli_state * ipc_cli ,
2009-03-18 22:49:41 +01:00
struct policy_handle * pol ,
2008-02-28 11:23:20 -05:00
bool numeric ,
2010-05-21 11:25:01 +10:00
struct dom_sid * sid ,
2008-02-28 11:23:20 -05:00
const char * str )
{
enum lsa_SidType * types = NULL ;
2010-05-21 11:25:01 +10:00
struct dom_sid * sids = NULL ;
2008-02-28 11:23:20 -05:00
bool result = True ;
TALLOC_CTX * ctx = NULL ;
struct rpc_pipe_client * pipe_hnd = find_lsa_pipe_hnd ( ipc_cli ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! pipe_hnd ) {
return False ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( numeric ) {
if ( strncmp ( str , " S- " , 2 ) = = 0 ) {
return string_to_sid ( sid , str ) ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
result = False ;
goto done ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
ctx = talloc_stackframe ( ) ;
if ( ! NT_STATUS_IS_OK ( rpccli_lsa_lookup_names ( pipe_hnd , ctx ,
2008-03-01 20:44:21 -05:00
pol , 1 , & str ,
NULL , 1 , & sids ,
& types ) ) ) {
2008-02-28 11:23:20 -05:00
result = False ;
goto done ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
sid_copy ( sid , & sids [ 0 ] ) ;
2008-03-01 20:44:21 -05:00
done :
2008-02-28 11:23:20 -05:00
TALLOC_FREE ( ctx ) ;
return result ;
}
2010-05-18 03:25:38 +02:00
/* parse an struct security_ace in the same format as print_ace() */
2008-02-28 11:23:20 -05:00
static bool
parse_ace ( struct cli_state * ipc_cli ,
2009-03-18 22:49:41 +01:00
struct policy_handle * pol ,
2010-05-18 03:25:38 +02:00
struct security_ace * ace ,
2008-02-28 11:23:20 -05:00
bool numeric ,
char * str )
{
char * p ;
const char * cp ;
char * tok ;
unsigned int atype ;
unsigned int aflags ;
unsigned int amask ;
2010-05-21 11:25:01 +10:00
struct dom_sid sid ;
2008-10-09 09:49:03 -07:00
uint32_t mask ;
2008-02-28 11:23:20 -05:00
const struct perm_value * v ;
struct perm_value {
2009-07-23 20:28:58 -04:00
const char perm [ 7 ] ;
2015-05-09 16:59:45 -07:00
uint32_t mask ;
2008-02-28 11:23:20 -05:00
} ;
TALLOC_CTX * frame = talloc_stackframe ( ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* These values discovered by inspection */
static const struct perm_value special_values [ ] = {
{ " R " , 0x00120089 } ,
{ " W " , 0x00120116 } ,
{ " X " , 0x001200a0 } ,
{ " D " , 0x00010000 } ,
{ " P " , 0x00040000 } ,
{ " O " , 0x00080000 } ,
2009-07-23 20:28:58 -04:00
{ " " , 0 } ,
2008-02-28 11:23:20 -05:00
} ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
static const struct perm_value standard_values [ ] = {
{ " READ " , 0x001200a9 } ,
{ " CHANGE " , 0x001301bf } ,
{ " FULL " , 0x001f01ff } ,
2009-07-23 20:28:58 -04:00
{ " " , 0 } ,
2008-02-28 11:23:20 -05:00
} ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
ZERO_STRUCTP ( ace ) ;
p = strchr_m ( str , ' : ' ) ;
if ( ! p ) {
TALLOC_FREE ( frame ) ;
return False ;
}
* p = ' \0 ' ;
p + + ;
/* Try to parse numeric form */
2009-11-21 22:52:12 +01:00
2013-11-15 17:02:16 +01:00
if ( sscanf ( p , " %u/%u/%u " , & atype , & aflags , & amask ) = = 3 & &
2008-02-28 11:23:20 -05:00
convert_string_to_sid ( ipc_cli , pol , numeric , & sid , str ) ) {
goto done ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Try to parse text form */
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! convert_string_to_sid ( ipc_cli , pol , numeric , & sid , str ) ) {
TALLOC_FREE ( frame ) ;
return false ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
cp = p ;
if ( ! next_token_talloc ( frame , & cp , & tok , " / " ) ) {
TALLOC_FREE ( frame ) ;
return false ;
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " ALLOWED " , strlen ( " ALLOWED " ) ) = = 0 ) {
2008-02-28 11:23:20 -05:00
atype = SEC_ACE_TYPE_ACCESS_ALLOWED ;
2011-05-13 20:23:36 +02:00
} else if ( strncasecmp_m ( tok , " DENIED " , strlen ( " DENIED " ) ) = = 0 ) {
2008-02-28 11:23:20 -05:00
atype = SEC_ACE_TYPE_ACCESS_DENIED ;
} else {
TALLOC_FREE ( frame ) ;
return false ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Only numeric form accepted for flags at present */
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! ( next_token_talloc ( frame , & cp , & tok , " / " ) & &
2013-11-15 17:02:16 +01:00
sscanf ( tok , " %u " , & aflags ) ) ) {
2008-02-28 11:23:20 -05:00
TALLOC_FREE ( frame ) ;
return false ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! next_token_talloc ( frame , & cp , & tok , " / " ) ) {
TALLOC_FREE ( frame ) ;
return false ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( strncmp ( tok , " 0x " , 2 ) = = 0 ) {
2013-11-15 17:02:16 +01:00
if ( sscanf ( tok , " %u " , & amask ) ! = 1 ) {
2008-02-28 11:23:20 -05:00
TALLOC_FREE ( frame ) ;
return false ;
}
goto done ;
}
2009-11-21 22:52:12 +01:00
2013-02-18 17:11:15 +01:00
for ( v = standard_values ; v ! = NULL ; v + + ) {
2008-02-28 11:23:20 -05:00
if ( strcmp ( tok , v - > perm ) = = 0 ) {
amask = v - > mask ;
goto done ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
p = tok ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
while ( * p ) {
bool found = False ;
2009-11-21 22:52:12 +01:00
2013-02-18 17:11:15 +01:00
for ( v = special_values ; v ! = NULL ; v + + ) {
2008-02-28 11:23:20 -05:00
if ( v - > perm [ 0 ] = = * p ) {
amask | = v - > mask ;
found = True ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! found ) {
TALLOC_FREE ( frame ) ;
return false ;
}
p + + ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( * p ) {
TALLOC_FREE ( frame ) ;
return false ;
}
2009-11-21 22:52:12 +01:00
2008-03-01 20:44:21 -05:00
done :
2008-02-28 11:23:20 -05:00
mask = amask ;
init_sec_ace ( ace , & sid , atype , mask , aflags ) ;
TALLOC_FREE ( frame ) ;
return true ;
}
2010-05-18 03:30:40 +02:00
/* add an struct security_ace to a list of struct security_aces in a struct security_acl */
2008-02-28 11:23:20 -05:00
static bool
2010-05-18 03:30:40 +02:00
add_ace ( struct security_acl * * the_acl ,
2021-01-14 21:33:13 +01:00
const struct security_ace * ace ,
2008-02-28 11:23:20 -05:00
TALLOC_CTX * ctx )
{
2021-01-14 21:33:13 +01:00
struct security_acl * acl = * the_acl ;
2009-11-21 22:52:12 +01:00
2021-01-14 21:33:13 +01:00
if ( acl = = NULL ) {
acl = make_sec_acl ( ctx , 3 , 0 , NULL ) ;
if ( acl = = NULL ) {
return false ;
}
2008-02-28 11:23:20 -05:00
}
2009-11-21 22:52:12 +01:00
2021-01-14 21:33:13 +01:00
if ( acl - > num_aces = = UINT32_MAX ) {
return false ;
2008-02-28 11:23:20 -05:00
}
2021-01-14 21:33:13 +01:00
ADD_TO_ARRAY (
acl , struct security_ace , * ace , & acl - > aces , & acl - > num_aces ) ;
* the_acl = acl ;
2008-02-28 11:23:20 -05:00
return True ;
}
/* parse a ascii version of a security descriptor */
2010-05-18 10:29:34 +02:00
static struct security_descriptor *
2008-02-28 11:23:20 -05:00
sec_desc_parse ( TALLOC_CTX * ctx ,
struct cli_state * ipc_cli ,
2009-03-18 22:49:41 +01:00
struct policy_handle * pol ,
2008-02-28 11:23:20 -05:00
bool numeric ,
2008-12-25 14:26:17 +01:00
const char * str )
2008-02-28 11:23:20 -05:00
{
const char * p = str ;
char * tok ;
2010-05-18 10:29:34 +02:00
struct security_descriptor * ret = NULL ;
2008-02-28 11:23:20 -05:00
size_t sd_size ;
2021-01-14 21:32:21 +01:00
struct dom_sid owner_sid = { . num_auths = 0 } ;
struct dom_sid group_sid = { . num_auths = 0 } ;
bool have_owner = false , have_group = false ;
2010-05-18 03:30:40 +02:00
struct security_acl * dacl = NULL ;
2008-02-28 11:23:20 -05:00
int revision = 1 ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
while ( next_token_talloc ( ctx , & p , & tok , " \t , \r \n " ) ) {
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " REVISION: " , 9 ) = = 0 ) {
2008-02-28 11:23:20 -05:00
revision = strtol ( tok + 9 , NULL , 16 ) ;
continue ;
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " OWNER: " , 6 ) = = 0 ) {
2021-01-14 21:32:21 +01:00
if ( have_owner ) {
2008-03-01 20:44:21 -05:00
DEBUG ( 5 , ( " OWNER specified more than once! \n " ) ) ;
2008-02-28 11:23:20 -05:00
goto done ;
}
2021-01-14 21:32:21 +01:00
if ( ! convert_string_to_sid ( ipc_cli , pol ,
2008-02-28 11:23:20 -05:00
numeric ,
2021-01-14 21:32:21 +01:00
& owner_sid , tok + 6 ) ) {
2008-02-28 11:23:20 -05:00
DEBUG ( 5 , ( " Failed to parse owner sid \n " ) ) ;
goto done ;
}
2021-01-14 21:32:21 +01:00
have_owner = true ;
2008-02-28 11:23:20 -05:00
continue ;
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " OWNER+: " , 7 ) = = 0 ) {
2021-01-14 21:32:21 +01:00
if ( have_owner ) {
2008-03-01 20:44:21 -05:00
DEBUG ( 5 , ( " OWNER specified more than once! \n " ) ) ;
2008-02-28 11:23:20 -05:00
goto done ;
}
2021-01-14 21:32:21 +01:00
if ( ! convert_string_to_sid ( ipc_cli , pol ,
2008-02-28 11:23:20 -05:00
False ,
2021-01-14 21:32:21 +01:00
& owner_sid , tok + 7 ) ) {
2008-02-28 11:23:20 -05:00
DEBUG ( 5 , ( " Failed to parse owner sid \n " ) ) ;
goto done ;
}
2021-01-14 21:32:21 +01:00
have_owner = true ;
2008-02-28 11:23:20 -05:00
continue ;
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " GROUP: " , 6 ) = = 0 ) {
2021-01-14 21:32:21 +01:00
if ( have_group ) {
2008-03-01 20:44:21 -05:00
DEBUG ( 5 , ( " GROUP specified more than once! \n " ) ) ;
2008-02-28 11:23:20 -05:00
goto done ;
}
2021-01-14 21:32:21 +01:00
if ( ! convert_string_to_sid ( ipc_cli , pol ,
2008-02-28 11:23:20 -05:00
numeric ,
2021-01-14 21:32:21 +01:00
& group_sid , tok + 6 ) ) {
2008-02-28 11:23:20 -05:00
DEBUG ( 5 , ( " Failed to parse group sid \n " ) ) ;
goto done ;
}
2021-01-14 21:32:21 +01:00
have_group = true ;
2008-02-28 11:23:20 -05:00
continue ;
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " GROUP+: " , 7 ) = = 0 ) {
2021-01-14 21:32:21 +01:00
if ( have_group ) {
2008-03-01 20:44:21 -05:00
DEBUG ( 5 , ( " GROUP specified more than once! \n " ) ) ;
2008-02-28 11:23:20 -05:00
goto done ;
}
2021-01-14 21:32:21 +01:00
if ( ! convert_string_to_sid ( ipc_cli , pol ,
2008-02-28 11:23:20 -05:00
False ,
2021-01-14 21:32:21 +01:00
& group_sid , tok + 6 ) ) {
2008-02-28 11:23:20 -05:00
DEBUG ( 5 , ( " Failed to parse group sid \n " ) ) ;
goto done ;
}
2021-01-14 21:32:21 +01:00
have_group = true ;
2008-02-28 11:23:20 -05:00
continue ;
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " ACL: " , 4 ) = = 0 ) {
2010-05-18 03:25:38 +02:00
struct security_ace ace ;
2008-02-28 11:23:20 -05:00
if ( ! parse_ace ( ipc_cli , pol , & ace , numeric , tok + 4 ) ) {
DEBUG ( 5 , ( " Failed to parse ACL %s \n " , tok ) ) ;
goto done ;
}
if ( ! add_ace ( & dacl , & ace , ctx ) ) {
DEBUG ( 5 , ( " Failed to add ACL %s \n " , tok ) ) ;
goto done ;
}
continue ;
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " ACL+: " , 5 ) = = 0 ) {
2010-05-18 03:25:38 +02:00
struct security_ace ace ;
2008-02-28 11:23:20 -05:00
if ( ! parse_ace ( ipc_cli , pol , & ace , False , tok + 5 ) ) {
DEBUG ( 5 , ( " Failed to parse ACL %s \n " , tok ) ) ;
goto done ;
}
if ( ! add_ace ( & dacl , & ace , ctx ) ) {
DEBUG ( 5 , ( " Failed to add ACL %s \n " , tok ) ) ;
goto done ;
}
continue ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
DEBUG ( 5 , ( " Failed to parse security descriptor \n " ) ) ;
goto done ;
}
2009-11-21 22:52:12 +01:00
2021-01-14 21:32:21 +01:00
ret = make_sec_desc (
ctx ,
revision ,
SEC_DESC_SELF_RELATIVE ,
have_owner ? & owner_sid : NULL ,
have_group ? & group_sid : NULL ,
NULL ,
dacl ,
& sd_size ) ;
2009-11-21 22:52:12 +01:00
2008-03-01 20:44:21 -05:00
done :
2008-02-28 11:23:20 -05:00
return ret ;
}
/* Obtain the current dos attributes */
2020-03-25 22:06:37 +01:00
static struct DOS_ATTR_DESC *
2008-02-28 11:23:20 -05:00
dos_attr_query ( SMBCCTX * context ,
TALLOC_CTX * ctx ,
const char * filename ,
SMBCSRV * srv )
{
2019-11-25 11:09:52 +01:00
struct stat sb = { 0 } ;
2020-03-25 22:06:37 +01:00
struct DOS_ATTR_DESC * ret = NULL ;
2022-01-21 21:15:06 +01:00
NTSTATUS status ;
2009-11-21 22:52:12 +01:00
2020-03-25 22:06:37 +01:00
ret = talloc ( ctx , struct DOS_ATTR_DESC ) ;
2008-02-28 11:23:20 -05:00
if ( ! ret ) {
errno = ENOMEM ;
return NULL ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Obtain the DOS attributes */
2022-01-21 21:15:06 +01:00
status = SMBC_getatr ( context , srv , filename , & sb ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-02-28 11:23:20 -05:00
DEBUG ( 5 , ( " dos_attr_query Failed to query old attributes \n " ) ) ;
2012-07-30 14:50:52 +02:00
TALLOC_FREE ( ret ) ;
2022-01-21 21:15:06 +01:00
errno = cli_status_to_errno ( status ) ;
2008-02-28 11:23:20 -05:00
return NULL ;
}
2009-11-21 22:52:12 +01:00
2019-11-25 11:09:52 +01:00
ret - > mode = sb . st_mode ;
ret - > size = sb . st_size ;
ret - > create_time = sb . st_ctime ;
ret - > access_time = sb . st_atime ;
ret - > write_time = sb . st_mtime ;
ret - > change_time = sb . st_mtime ;
ret - > inode = sb . st_ino ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
return ret ;
}
/* parse a ascii version of a security descriptor */
static void
dos_attr_parse ( SMBCCTX * context ,
2020-03-25 22:06:37 +01:00
struct DOS_ATTR_DESC * dad ,
2008-02-28 11:23:20 -05:00
SMBCSRV * srv ,
char * str )
{
int n ;
const char * p = str ;
char * tok = NULL ;
TALLOC_CTX * frame = NULL ;
struct {
const char * create_time_attr ;
const char * access_time_attr ;
const char * write_time_attr ;
const char * change_time_attr ;
} attr_strings ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Determine whether to use old-style or new-style attribute names */
2008-02-29 13:34:35 -05:00
if ( context - > internal - > full_time_names ) {
2008-02-28 11:23:20 -05:00
/* new-style names */
attr_strings . create_time_attr = " CREATE_TIME " ;
attr_strings . access_time_attr = " ACCESS_TIME " ;
attr_strings . write_time_attr = " WRITE_TIME " ;
attr_strings . change_time_attr = " CHANGE_TIME " ;
} else {
/* old-style names */
attr_strings . create_time_attr = NULL ;
attr_strings . access_time_attr = " A_TIME " ;
attr_strings . write_time_attr = " M_TIME " ;
attr_strings . change_time_attr = " C_TIME " ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* if this is to set the entire ACL... */
if ( * str = = ' * ' ) {
/* ... then increment past the first colon if there is one */
if ( ( p = strchr ( str , ' : ' ) ) ! = NULL ) {
+ + p ;
} else {
p = str ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
frame = talloc_stackframe ( ) ;
while ( next_token_talloc ( frame , & p , & tok , " \t , \r \n " ) ) {
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " MODE: " , 5 ) = = 0 ) {
2008-02-28 11:23:20 -05:00
long request = strtol ( tok + 5 , NULL , 16 ) ;
if ( request = = 0 ) {
dad - > mode = ( request |
( IS_DOS_DIR ( dad - > mode )
? FILE_ATTRIBUTE_DIRECTORY
: FILE_ATTRIBUTE_NORMAL ) ) ;
} else {
dad - > mode = request ;
}
continue ;
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " SIZE: " , 5 ) = = 0 ) {
2012-04-05 14:53:08 +10:00
dad - > size = ( off_t ) atof ( tok + 5 ) ;
2008-02-28 11:23:20 -05:00
continue ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
n = strlen ( attr_strings . access_time_attr ) ;
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , attr_strings . access_time_attr , n ) = = 0 ) {
2008-02-28 11:23:20 -05:00
dad - > access_time = ( time_t ) strtol ( tok + n + 1 , NULL , 10 ) ;
continue ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
n = strlen ( attr_strings . change_time_attr ) ;
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , attr_strings . change_time_attr , n ) = = 0 ) {
2008-02-28 11:23:20 -05:00
dad - > change_time = ( time_t ) strtol ( tok + n + 1 , NULL , 10 ) ;
continue ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
n = strlen ( attr_strings . write_time_attr ) ;
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , attr_strings . write_time_attr , n ) = = 0 ) {
2008-02-28 11:23:20 -05:00
dad - > write_time = ( time_t ) strtol ( tok + n + 1 , NULL , 10 ) ;
continue ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( attr_strings . create_time_attr ! = NULL ) {
n = strlen ( attr_strings . create_time_attr ) ;
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , attr_strings . create_time_attr ,
2008-02-28 11:23:20 -05:00
n ) = = 0 ) {
dad - > create_time = ( time_t ) strtol ( tok + n + 1 ,
NULL , 10 ) ;
continue ;
}
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
if ( strncasecmp_m ( tok , " INODE: " , 6 ) = = 0 ) {
2008-02-28 11:23:20 -05:00
dad - > inode = ( SMB_INO_T ) atof ( tok + 6 ) ;
continue ;
}
}
TALLOC_FREE ( frame ) ;
}
/*****************************************************
Retrieve the acls for a file .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int
cacl_get ( SMBCCTX * context ,
TALLOC_CTX * ctx ,
SMBCSRV * srv ,
struct cli_state * ipc_cli ,
2009-03-18 22:49:41 +01:00
struct policy_handle * pol ,
2011-05-05 13:42:05 -07:00
const char * filename ,
const char * attr_name ,
2008-02-28 11:23:20 -05:00
char * buf ,
int bufsize )
{
2015-05-09 16:59:45 -07:00
uint32_t i ;
2008-02-28 11:23:20 -05:00
int n = 0 ;
int n_used ;
bool all ;
bool all_nt ;
bool all_nt_acls ;
bool all_dos ;
bool some_nt ;
bool some_dos ;
bool exclude_nt_revision = False ;
bool exclude_nt_owner = False ;
bool exclude_nt_group = False ;
bool exclude_nt_acl = False ;
bool exclude_dos_mode = False ;
bool exclude_dos_size = False ;
bool exclude_dos_create_time = False ;
bool exclude_dos_access_time = False ;
bool exclude_dos_write_time = False ;
bool exclude_dos_change_time = False ;
bool exclude_dos_inode = False ;
bool numeric = True ;
bool determine_size = ( bufsize = = 0 ) ;
2009-04-30 15:26:43 -07:00
uint16_t fnum ;
2010-05-18 10:29:34 +02:00
struct security_descriptor * sd ;
2008-02-28 11:23:20 -05:00
fstring sidstr ;
fstring name_sandbox ;
char * name ;
char * pExclude ;
char * p ;
2008-09-11 16:20:59 -07:00
struct cli_state * cli = srv - > cli ;
2008-02-28 11:23:20 -05:00
struct {
const char * create_time_attr ;
const char * access_time_attr ;
const char * write_time_attr ;
const char * change_time_attr ;
} attr_strings ;
struct {
const char * create_time_attr ;
const char * access_time_attr ;
const char * write_time_attr ;
const char * change_time_attr ;
} excl_attr_strings ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Determine whether to use old-style or new-style attribute names */
2008-02-29 13:34:35 -05:00
if ( context - > internal - > full_time_names ) {
2008-02-28 11:23:20 -05:00
/* new-style names */
attr_strings . create_time_attr = " CREATE_TIME " ;
attr_strings . access_time_attr = " ACCESS_TIME " ;
attr_strings . write_time_attr = " WRITE_TIME " ;
attr_strings . change_time_attr = " CHANGE_TIME " ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
excl_attr_strings . create_time_attr = " CREATE_TIME " ;
excl_attr_strings . access_time_attr = " ACCESS_TIME " ;
excl_attr_strings . write_time_attr = " WRITE_TIME " ;
excl_attr_strings . change_time_attr = " CHANGE_TIME " ;
} else {
/* old-style names */
attr_strings . create_time_attr = NULL ;
attr_strings . access_time_attr = " A_TIME " ;
attr_strings . write_time_attr = " M_TIME " ;
attr_strings . change_time_attr = " C_TIME " ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
excl_attr_strings . create_time_attr = NULL ;
excl_attr_strings . access_time_attr = " dos_attr.A_TIME " ;
excl_attr_strings . write_time_attr = " dos_attr.M_TIME " ;
excl_attr_strings . change_time_attr = " dos_attr.C_TIME " ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Copy name so we can strip off exclusions (if any are specified) */
2022-02-06 21:59:05 +01:00
fstrcpy ( name_sandbox , attr_name ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Ensure name is null terminated */
name_sandbox [ sizeof ( name_sandbox ) - 1 ] = ' \0 ' ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Play in the sandbox */
name = name_sandbox ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* If there are any exclusions, point to them and mask them from name */
if ( ( pExclude = strchr ( name , ' ! ' ) ) ! = NULL )
{
* pExclude + + = ' \0 ' ;
}
2009-11-21 22:52:12 +01:00
2011-05-13 20:23:36 +02:00
all = ( strncasecmp_m ( name , " system.* " , 8 ) = = 0 ) ;
all_nt = ( strncasecmp_m ( name , " system.nt_sec_desc.* " , 20 ) = = 0 ) ;
all_nt_acls = ( strncasecmp_m ( name , " system.nt_sec_desc.acl.* " , 24 ) = = 0 ) ;
all_dos = ( strncasecmp_m ( name , " system.dos_attr.* " , 17 ) = = 0 ) ;
some_nt = ( strncasecmp_m ( name , " system.nt_sec_desc. " , 19 ) = = 0 ) ;
some_dos = ( strncasecmp_m ( name , " system.dos_attr. " , 16 ) = = 0 ) ;
2008-02-28 11:23:20 -05:00
numeric = ( * ( name + strlen ( name ) - 1 ) ! = ' + ' ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Look for exclusions from "all" requests */
if ( all | | all_nt | | all_dos ) {
/* Exclusions are delimited by '!' */
for ( ;
pExclude ! = NULL ;
pExclude = ( p = = NULL ? NULL : p + 1 ) ) {
2009-11-21 22:52:12 +01:00
2008-03-01 20:44:21 -05:00
/* Find end of this exclusion name */
if ( ( p = strchr ( pExclude , ' ! ' ) ) ! = NULL )
{
* p = ' \0 ' ;
}
2009-11-21 22:52:12 +01:00
2008-03-01 20:44:21 -05:00
/* Which exclusion name is this? */
2011-05-13 20:21:30 +02:00
if ( strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
" nt_sec_desc.revision " ) = = 0 ) {
exclude_nt_revision = True ;
}
2011-05-13 20:21:30 +02:00
else if ( strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
" nt_sec_desc.owner " ) = = 0 ) {
exclude_nt_owner = True ;
}
2011-05-13 20:21:30 +02:00
else if ( strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
" nt_sec_desc.group " ) = = 0 ) {
exclude_nt_group = True ;
}
2011-05-13 20:21:30 +02:00
else if ( strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
" nt_sec_desc.acl " ) = = 0 ) {
exclude_nt_acl = True ;
}
2011-05-13 20:21:30 +02:00
else if ( strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
" dos_attr.mode " ) = = 0 ) {
exclude_dos_mode = True ;
}
2011-05-13 20:21:30 +02:00
else if ( strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
" dos_attr.size " ) = = 0 ) {
exclude_dos_size = True ;
}
else if ( excl_attr_strings . create_time_attr ! = NULL & &
2011-05-13 20:21:30 +02:00
strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
excl_attr_strings . change_time_attr ) = = 0 ) {
exclude_dos_create_time = True ;
}
2011-05-13 20:21:30 +02:00
else if ( strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
excl_attr_strings . access_time_attr ) = = 0 ) {
exclude_dos_access_time = True ;
}
2011-05-13 20:21:30 +02:00
else if ( strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
excl_attr_strings . write_time_attr ) = = 0 ) {
exclude_dos_write_time = True ;
}
2011-05-13 20:21:30 +02:00
else if ( strcasecmp_m ( pExclude ,
2008-03-01 20:44:21 -05:00
excl_attr_strings . change_time_attr ) = = 0 ) {
exclude_dos_change_time = True ;
}
2011-05-13 20:21:30 +02:00
else if ( strcasecmp_m ( pExclude , " dos_attr.inode " ) = = 0 ) {
2008-03-01 20:44:21 -05:00
exclude_dos_inode = True ;
}
else {
DEBUG ( 5 , ( " cacl_get received unknown exclusion: %s \n " ,
pExclude ) ) ;
errno = ENOATTR ;
return - 1 ;
}
2008-02-28 11:23:20 -05:00
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
n_used = 0 ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
* If we are ( possibly ) talking to an NT or new system and some NT
* attributes have been requested . . .
*/
if ( ipc_cli & & ( all | | some_nt | | all_nt_acls ) ) {
2008-09-11 16:20:59 -07:00
char * targetpath = NULL ;
struct cli_state * targetcli = NULL ;
2020-08-18 17:42:25 +02:00
struct cli_credentials * creds = NULL ;
2011-07-03 11:46:50 +02:00
NTSTATUS status ;
2008-09-11 16:20:59 -07:00
2008-02-28 11:23:20 -05:00
/* Point to the portion after "system.nt_sec_desc." */
name + = 19 ; /* if (all) this will be invalid but unused */
2008-09-11 16:20:59 -07:00
2021-01-13 16:11:17 +01:00
creds = context - > internal - > creds ;
2020-08-18 17:42:25 +02:00
2011-07-03 20:53:55 +02:00
status = cli_resolve_path (
2020-08-18 17:42:25 +02:00
ctx , " " ,
creds ,
2011-07-03 20:53:55 +02:00
cli , filename , & targetcli , & targetpath ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-09-11 16:20:59 -07:00
DEBUG ( 5 , ( " cacl_get Could not resolve %s \n " ,
filename ) ) ;
errno = ENOENT ;
return - 1 ;
}
2008-02-28 11:23:20 -05:00
/* ... then obtain any NT attributes which were requested */
2020-05-26 08:07:41 +02:00
status = cli_ntcreate (
targetcli , /* cli */
targetpath , /* fname */
0 , /* CreatFlags */
2020-05-26 08:04:52 +02:00
READ_CONTROL_ACCESS , /* DesiredAccess */
2020-05-26 08:07:41 +02:00
0 , /* FileAttributes */
FILE_SHARE_READ |
FILE_SHARE_WRITE , /* ShareAccess */
FILE_OPEN , /* CreateDisposition */
0x0 , /* CreateOptions */
0x0 , /* SecurityFlags */
& fnum , /* pfid */
NULL ) ; /* cr */
2011-07-03 11:46:50 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-09-11 16:20:59 -07:00
DEBUG ( 5 , ( " cacl_get failed to open %s: %s \n " ,
2011-07-03 11:46:50 +02:00
targetpath , nt_errstr ( status ) ) ) ;
2008-09-11 16:20:59 -07:00
errno = 0 ;
return - 1 ;
}
2011-07-23 09:43:32 +02:00
status = cli_query_secdesc ( targetcli , fnum , ctx , & sd ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 5 , ( " cacl_get Failed to query old descriptor "
" of %s: %s \n " ,
targetpath , nt_errstr ( status ) ) ) ;
errno = 0 ;
return - 1 ;
}
2008-09-11 16:20:59 -07:00
cli_close ( targetcli , fnum ) ;
2008-02-28 11:23:20 -05:00
if ( ! exclude_nt_revision ) {
if ( all | | all_nt ) {
if ( determine_size ) {
p = talloc_asprintf ( ctx ,
" REVISION:%d " ,
sd - > revision ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" REVISION:%d " ,
sd - > revision ) ;
}
2011-05-13 20:21:30 +02:00
} else if ( strcasecmp_m ( name , " revision " ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
p = talloc_asprintf ( ctx , " %d " ,
sd - > revision ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize , " %d " ,
sd - > revision ) ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_nt_owner ) {
/* Get owner and group sid */
if ( sd - > owner_sid ) {
convert_sid_to_string ( ipc_cli , pol ,
sidstr ,
numeric ,
sd - > owner_sid ) ;
} else {
fstrcpy ( sidstr , " " ) ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( all | | all_nt ) {
if ( determine_size ) {
p = talloc_asprintf ( ctx , " ,OWNER:%s " ,
sidstr ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else if ( sidstr [ 0 ] ! = ' \0 ' ) {
n = snprintf ( buf , bufsize ,
" ,OWNER:%s " , sidstr ) ;
}
2011-05-13 20:23:36 +02:00
} else if ( strncasecmp_m ( name , " owner " , 5 ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
p = talloc_asprintf ( ctx , " %s " , sidstr ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize , " %s " ,
sidstr ) ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_nt_group ) {
if ( sd - > group_sid ) {
convert_sid_to_string ( ipc_cli , pol ,
sidstr , numeric ,
sd - > group_sid ) ;
} else {
fstrcpy ( sidstr , " " ) ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( all | | all_nt ) {
if ( determine_size ) {
p = talloc_asprintf ( ctx , " ,GROUP:%s " ,
sidstr ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else if ( sidstr [ 0 ] ! = ' \0 ' ) {
n = snprintf ( buf , bufsize ,
" ,GROUP:%s " , sidstr ) ;
}
2011-05-13 20:23:36 +02:00
} else if ( strncasecmp_m ( name , " group " , 5 ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
p = talloc_asprintf ( ctx , " %s " , sidstr ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" %s " , sidstr ) ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_nt_acl ) {
/* Add aces to value buffer */
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
2009-11-21 22:52:12 +01:00
2010-05-18 03:25:38 +02:00
struct security_ace * ace = & sd - > dacl - > aces [ i ] ;
2008-02-28 11:23:20 -05:00
convert_sid_to_string ( ipc_cli , pol ,
sidstr , numeric ,
& ace - > trustee ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( all | | all_nt ) {
if ( determine_size ) {
p = talloc_asprintf (
ctx ,
" ,ACL: "
" %s:%d/%d/0x%08x " ,
sidstr ,
ace - > type ,
ace - > flags ,
ace - > access_mask ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf (
buf , bufsize ,
" ,ACL:%s:%d/%d/0x%08x " ,
sidstr ,
ace - > type ,
ace - > flags ,
ace - > access_mask ) ;
}
2011-05-13 20:23:36 +02:00
} else if ( ( strncasecmp_m ( name , " acl " , 3 ) = = 0 & &
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name + 3 , sidstr ) = = 0 ) | |
2011-05-13 20:23:36 +02:00
( strncasecmp_m ( name , " acl+ " , 4 ) = = 0 & &
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name + 4 , sidstr ) = = 0 ) ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
p = talloc_asprintf (
ctx ,
" %d/%d/0x%08x " ,
ace - > type ,
ace - > flags ,
ace - > access_mask ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" %d/%d/0x%08x " ,
ace - > type ,
ace - > flags ,
ace - > access_mask ) ;
}
} else if ( all_nt_acls ) {
if ( determine_size ) {
p = talloc_asprintf (
ctx ,
" %s%s:%d/%d/0x%08x " ,
i ? " , " : " " ,
sidstr ,
ace - > type ,
ace - > flags ,
ace - > access_mask ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" %s%s:%d/%d/0x%08x " ,
i ? " , " : " " ,
sidstr ,
ace - > type ,
ace - > flags ,
ace - > access_mask ) ;
}
}
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Restore name pointer to its original value */
name - = 19 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( all | | some_dos ) {
2019-11-25 11:09:52 +01:00
struct stat sb = { 0 } ;
time_t create_time = ( time_t ) 0 ;
time_t write_time = ( time_t ) 0 ;
time_t access_time = ( time_t ) 0 ;
time_t change_time = ( time_t ) 0 ;
off_t size = 0 ;
uint16_t mode = 0 ;
SMB_INO_T ino = 0 ;
2022-01-21 21:15:06 +01:00
NTSTATUS status ;
2019-11-25 11:09:52 +01:00
2008-02-28 11:23:20 -05:00
/* Point to the portion after "system.dos_attr." */
name + = 16 ; /* if (all) this will be invalid but unused */
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Obtain the DOS attributes */
2022-01-21 21:15:06 +01:00
status = SMBC_getatr ( context , srv , filename , & sb ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
errno = cli_status_to_errno ( status ) ;
2008-02-28 11:23:20 -05:00
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2019-11-25 11:09:52 +01:00
create_time = sb . st_ctime ;
access_time = sb . st_atime ;
write_time = sb . st_mtime ;
change_time = sb . st_mtime ;
size = sb . st_size ;
mode = sb . st_mode ;
ino = sb . st_ino ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_dos_mode ) {
if ( all | | all_dos ) {
if ( determine_size ) {
p = talloc_asprintf ( ctx ,
" %sMODE:0x%x " ,
( ipc_cli & &
( all | | some_nt )
? " , "
: " " ) ,
mode ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" %sMODE:0x%x " ,
( ipc_cli & &
( all | | some_nt )
? " , "
: " " ) ,
mode ) ;
}
2011-05-13 20:21:30 +02:00
} else if ( strcasecmp_m ( name , " mode " ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
p = talloc_asprintf ( ctx , " 0x%x " , mode ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" 0x%x " , mode ) ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_dos_size ) {
if ( all | | all_dos ) {
if ( determine_size ) {
p = talloc_asprintf (
ctx ,
" ,SIZE:%.0f " ,
( double ) size ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" ,SIZE:%.0f " ,
( double ) size ) ;
}
2011-05-13 20:21:30 +02:00
} else if ( strcasecmp_m ( name , " size " ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
p = talloc_asprintf (
ctx ,
" %.0f " ,
( double ) size ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" %.0f " ,
( double ) size ) ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_dos_create_time & &
attr_strings . create_time_attr ! = NULL ) {
if ( all | | all_dos ) {
if ( determine_size ) {
p = talloc_asprintf ( ctx ,
" ,%s:%lu " ,
attr_strings . create_time_attr ,
2009-02-14 10:08:10 -05:00
( unsigned long ) create_time ) ;
2008-02-28 11:23:20 -05:00
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" ,%s:%lu " ,
attr_strings . create_time_attr ,
2009-02-14 10:08:10 -05:00
( unsigned long ) create_time ) ;
2008-02-28 11:23:20 -05:00
}
2011-05-13 20:21:30 +02:00
} else if ( strcasecmp_m ( name , attr_strings . create_time_attr ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
2009-02-14 10:08:10 -05:00
p = talloc_asprintf ( ctx , " %lu " , ( unsigned long ) create_time ) ;
2008-02-28 11:23:20 -05:00
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
2009-02-14 10:08:10 -05:00
" %lu " , ( unsigned long ) create_time ) ;
2008-02-28 11:23:20 -05:00
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_dos_access_time ) {
if ( all | | all_dos ) {
if ( determine_size ) {
p = talloc_asprintf ( ctx ,
" ,%s:%lu " ,
attr_strings . access_time_attr ,
2009-02-14 10:08:10 -05:00
( unsigned long ) access_time ) ;
2008-02-28 11:23:20 -05:00
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" ,%s:%lu " ,
attr_strings . access_time_attr ,
2009-02-14 10:08:10 -05:00
( unsigned long ) access_time ) ;
2008-02-28 11:23:20 -05:00
}
2011-05-13 20:21:30 +02:00
} else if ( strcasecmp_m ( name , attr_strings . access_time_attr ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
2009-02-14 10:08:10 -05:00
p = talloc_asprintf ( ctx , " %lu " , ( unsigned long ) access_time ) ;
2008-02-28 11:23:20 -05:00
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
2009-02-14 10:08:10 -05:00
" %lu " , ( unsigned long ) access_time ) ;
2008-02-28 11:23:20 -05:00
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_dos_write_time ) {
if ( all | | all_dos ) {
if ( determine_size ) {
p = talloc_asprintf ( ctx ,
" ,%s:%lu " ,
attr_strings . write_time_attr ,
2009-02-14 10:08:10 -05:00
( unsigned long ) write_time ) ;
2008-02-28 11:23:20 -05:00
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" ,%s:%lu " ,
attr_strings . write_time_attr ,
2009-02-14 10:08:10 -05:00
( unsigned long ) write_time ) ;
2008-02-28 11:23:20 -05:00
}
2011-05-13 20:21:30 +02:00
} else if ( strcasecmp_m ( name , attr_strings . write_time_attr ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
2009-02-14 10:08:10 -05:00
p = talloc_asprintf ( ctx , " %lu " , ( unsigned long ) write_time ) ;
2008-02-28 11:23:20 -05:00
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
2009-02-14 10:08:10 -05:00
" %lu " , ( unsigned long ) write_time ) ;
2008-02-28 11:23:20 -05:00
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_dos_change_time ) {
if ( all | | all_dos ) {
if ( determine_size ) {
p = talloc_asprintf ( ctx ,
" ,%s:%lu " ,
attr_strings . change_time_attr ,
2009-02-14 10:08:10 -05:00
( unsigned long ) change_time ) ;
2008-02-28 11:23:20 -05:00
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" ,%s:%lu " ,
attr_strings . change_time_attr ,
2009-02-14 10:08:10 -05:00
( unsigned long ) change_time ) ;
2008-02-28 11:23:20 -05:00
}
2011-05-13 20:21:30 +02:00
} else if ( strcasecmp_m ( name , attr_strings . change_time_attr ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
2009-02-14 10:08:10 -05:00
p = talloc_asprintf ( ctx , " %lu " , ( unsigned long ) change_time ) ;
2008-02-28 11:23:20 -05:00
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
2009-02-14 10:08:10 -05:00
" %lu " , ( unsigned long ) change_time ) ;
2008-02-28 11:23:20 -05:00
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! exclude_dos_inode ) {
if ( all | | all_dos ) {
if ( determine_size ) {
p = talloc_asprintf (
ctx ,
" ,INODE:%.0f " ,
( double ) ino ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" ,INODE:%.0f " ,
( double ) ino ) ;
}
2011-05-13 20:21:30 +02:00
} else if ( strcasecmp_m ( name , " inode " ) = = 0 ) {
2008-02-28 11:23:20 -05:00
if ( determine_size ) {
p = talloc_asprintf (
ctx ,
" %.0f " ,
( double ) ino ) ;
if ( ! p ) {
errno = ENOMEM ;
return - 1 ;
}
n = strlen ( p ) ;
} else {
n = snprintf ( buf , bufsize ,
" %.0f " ,
( double ) ino ) ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! determine_size & & n > bufsize ) {
errno = ERANGE ;
return - 1 ;
}
buf + = n ;
n_used + = n ;
bufsize - = n ;
n = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Restore name pointer to its original value */
name - = 16 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( n_used = = 0 ) {
errno = ENOATTR ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
return n_used ;
}
/*****************************************************
set the ACLs on a file given an ascii description
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int
2009-03-17 14:53:06 -07:00
cacl_set ( SMBCCTX * context ,
TALLOC_CTX * ctx ,
struct cli_state * cli ,
struct cli_state * ipc_cli ,
2009-03-18 22:49:41 +01:00
struct policy_handle * pol ,
2009-03-17 14:53:06 -07:00
const char * filename ,
char * the_acl ,
int mode ,
int flags )
2008-02-28 11:23:20 -05:00
{
2009-04-30 15:26:43 -07:00
uint16_t fnum = ( uint16_t ) - 1 ;
2008-02-28 11:23:20 -05:00
int err = 0 ;
2010-05-18 10:29:34 +02:00
struct security_descriptor * sd = NULL , * old ;
2010-05-18 03:30:40 +02:00
struct security_acl * dacl = NULL ;
2010-05-21 11:25:01 +10:00
struct dom_sid * owner_sid = NULL ;
struct dom_sid * group_sid = NULL ;
2015-05-09 16:59:45 -07:00
uint32_t i , j ;
2008-02-28 11:23:20 -05:00
size_t sd_size ;
int ret = 0 ;
char * p ;
bool numeric = True ;
2008-09-11 16:20:59 -07:00
char * targetpath = NULL ;
struct cli_state * targetcli = NULL ;
2020-08-18 17:42:25 +02:00
struct cli_credentials * creds = NULL ;
2011-01-15 16:20:37 +01:00
NTSTATUS status ;
2008-09-11 16:20:59 -07:00
2008-02-28 11:23:20 -05:00
/* the_acl will be null for REMOVE_ALL operations */
if ( the_acl ) {
numeric = ( ( p = strchr ( the_acl , ' : ' ) ) ! = NULL & &
p > the_acl & &
p [ - 1 ] ! = ' + ' ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* if this is to set the entire ACL... */
if ( * the_acl = = ' * ' ) {
/* ... then increment past the first colon */
the_acl = p + 1 ;
}
2009-11-21 22:52:12 +01:00
2008-12-25 14:26:17 +01:00
sd = sec_desc_parse ( ctx , ipc_cli , pol , numeric , the_acl ) ;
2008-02-28 11:23:20 -05:00
if ( ! sd ) {
errno = EINVAL ;
return - 1 ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
that doesn ' t deref sd */
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! sd & & ( mode ! = SMBC_XATTR_MODE_REMOVE_ALL ) ) {
errno = EINVAL ;
return - 1 ;
}
2008-09-11 16:20:59 -07:00
2021-01-13 16:11:17 +01:00
creds = context - > internal - > creds ;
2020-08-18 17:42:25 +02:00
status = cli_resolve_path ( ctx , " " ,
creds ,
2011-07-03 20:53:55 +02:00
cli , filename , & targetcli , & targetpath ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-09-11 16:20:59 -07:00
DEBUG ( 5 , ( " cacl_set: Could not resolve %s \n " , filename ) ) ;
errno = ENOENT ;
return - 1 ;
}
2008-02-28 11:23:20 -05:00
/* The desired access below is the only one I could find that works
with NT4 , W2KP and Samba */
2008-09-11 16:20:59 -07:00
2020-05-26 08:07:41 +02:00
status = cli_ntcreate (
targetcli , /* cli */
targetpath , /* fname */
0 , /* CreatFlags */
2020-05-26 08:04:52 +02:00
READ_CONTROL_ACCESS , /* DesiredAccess */
2020-05-26 08:07:41 +02:00
0 , /* FileAttributes */
FILE_SHARE_READ |
FILE_SHARE_WRITE , /* ShareAccess */
FILE_OPEN , /* CreateDisposition */
0x0 , /* CreateOptions */
0x0 , /* SecurityFlags */
& fnum , /* pfid */
NULL ) ; /* cr */
2011-07-03 11:47:44 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-02-28 11:23:20 -05:00
DEBUG ( 5 , ( " cacl_set failed to open %s: %s \n " ,
2011-07-03 11:47:44 +02:00
targetpath , nt_errstr ( status ) ) ) ;
2008-02-28 11:23:20 -05:00
errno = 0 ;
return - 1 ;
}
2008-09-11 16:20:59 -07:00
2011-07-23 09:43:32 +02:00
status = cli_query_secdesc ( targetcli , fnum , ctx , & old ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 5 , ( " cacl_set Failed to query old descriptor of %s: %s \n " ,
targetpath , nt_errstr ( status ) ) ) ;
errno = 0 ;
2008-02-28 11:23:20 -05:00
return - 1 ;
}
2008-09-11 16:20:59 -07:00
cli_close ( targetcli , fnum ) ;
2008-02-28 11:23:20 -05:00
switch ( mode ) {
case SMBC_XATTR_MODE_REMOVE_ALL :
old - > dacl - > num_aces = 0 ;
dacl = old - > dacl ;
break ;
2008-09-11 16:20:59 -07:00
2008-02-28 11:23:20 -05:00
case SMBC_XATTR_MODE_REMOVE :
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
bool found = False ;
2008-09-11 16:20:59 -07:00
2008-02-28 11:23:20 -05:00
for ( j = 0 ; old - > dacl & & j < old - > dacl - > num_aces ; j + + ) {
2014-05-28 17:42:08 +02:00
if ( security_ace_equal ( & sd - > dacl - > aces [ i ] ,
& old - > dacl - > aces [ j ] ) ) {
2015-05-09 16:59:45 -07:00
uint32_t k ;
2008-02-28 11:23:20 -05:00
for ( k = j ; k < old - > dacl - > num_aces - 1 ; k + + ) {
old - > dacl - > aces [ k ] =
old - > dacl - > aces [ k + 1 ] ;
}
old - > dacl - > num_aces - - ;
found = True ;
dacl = old - > dacl ;
break ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! found ) {
err = ENOATTR ;
ret = - 1 ;
goto failed ;
}
}
break ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
case SMBC_XATTR_MODE_ADD :
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
bool found = False ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
for ( j = 0 ; old - > dacl & & j < old - > dacl - > num_aces ; j + + ) {
2010-08-26 15:48:50 +02:00
if ( dom_sid_equal ( & sd - > dacl - > aces [ i ] . trustee ,
2008-02-28 11:23:20 -05:00
& old - > dacl - > aces [ j ] . trustee ) ) {
if ( ! ( flags & SMBC_XATTR_FLAG_CREATE ) ) {
err = EEXIST ;
ret = - 1 ;
goto failed ;
}
old - > dacl - > aces [ j ] = sd - > dacl - > aces [ i ] ;
ret = - 1 ;
found = True ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! found & & ( flags & SMBC_XATTR_FLAG_REPLACE ) ) {
err = ENOATTR ;
ret = - 1 ;
goto failed ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
for ( i = 0 ; sd - > dacl & & i < sd - > dacl - > num_aces ; i + + ) {
add_ace ( & old - > dacl , & sd - > dacl - > aces [ i ] , ctx ) ;
}
}
dacl = old - > dacl ;
break ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
case SMBC_XATTR_MODE_SET :
old = sd ;
owner_sid = old - > owner_sid ;
group_sid = old - > group_sid ;
dacl = old - > dacl ;
break ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
case SMBC_XATTR_MODE_CHOWN :
owner_sid = sd - > owner_sid ;
break ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
case SMBC_XATTR_MODE_CHGRP :
group_sid = sd - > group_sid ;
break ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Denied ACE entries must come before allowed ones */
sort_acl ( old - > dacl ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Create new security descriptor and set it */
sd = make_sec_desc ( ctx , old - > revision , SEC_DESC_SELF_RELATIVE ,
owner_sid , group_sid , NULL , dacl , & sd_size ) ;
2009-11-21 22:52:12 +01:00
2011-07-03 11:49:07 +02:00
status = cli_ntcreate ( targetcli , targetpath , 0 ,
WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS , 0 ,
FILE_SHARE_READ | FILE_SHARE_WRITE , FILE_OPEN ,
2014-05-08 20:55:57 -07:00
0x0 , 0x0 , & fnum , NULL ) ;
2011-07-03 11:49:07 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-02-28 11:23:20 -05:00
DEBUG ( 5 , ( " cacl_set failed to open %s: %s \n " ,
2011-07-03 11:49:07 +02:00
targetpath , nt_errstr ( status ) ) ) ;
2008-02-28 11:23:20 -05:00
errno = 0 ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2011-01-15 16:20:37 +01:00
status = cli_set_secdesc ( targetcli , fnum , sd ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-09-11 16:20:59 -07:00
DEBUG ( 5 , ( " ERROR: secdesc set failed: %s \n " ,
2011-01-15 16:20:37 +01:00
nt_errstr ( status ) ) ) ;
2008-02-28 11:23:20 -05:00
ret = - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Clean up */
2009-11-21 22:52:12 +01:00
2008-03-01 20:44:21 -05:00
failed :
2008-09-11 16:20:59 -07:00
cli_close ( targetcli , fnum ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( err ! = 0 ) {
errno = err ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
return ret ;
}
int
SMBC_setxattr_ctx ( SMBCCTX * context ,
const char * fname ,
const char * name ,
const void * value ,
size_t size ,
int flags )
{
int ret ;
int ret2 ;
SMBCSRV * srv = NULL ;
SMBCSRV * ipc_srv = NULL ;
char * server = NULL ;
char * share = NULL ;
char * user = NULL ;
char * password = NULL ;
char * workgroup = NULL ;
char * path = NULL ;
2020-03-25 22:06:37 +01:00
struct DOS_ATTR_DESC * dad = NULL ;
2008-02-28 11:23:20 -05:00
struct {
const char * create_time_attr ;
const char * access_time_attr ;
const char * write_time_attr ;
const char * change_time_attr ;
} attr_strings ;
2013-04-16 12:09:41 -07:00
uint16_t port = 0 ;
2008-02-28 11:23:20 -05:00
TALLOC_CTX * frame = talloc_stackframe ( ) ;
2009-11-21 22:52:12 +01:00
2008-02-29 13:34:35 -05:00
if ( ! context | | ! context - > internal - > initialized ) {
2008-02-28 11:23:20 -05:00
errno = EINVAL ; /* Best I can think of ... */
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! fname ) {
errno = EINVAL ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
DEBUG ( 4 , ( " smbc_setxattr(%s, %s, %.*s) \n " ,
fname , name , ( int ) size , ( const char * ) value ) ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( SMBC_parse_path ( frame ,
2008-03-01 20:44:21 -05:00
context ,
fname ,
& workgroup ,
& server ,
2013-04-16 12:09:41 -07:00
& port ,
2008-03-01 20:44:21 -05:00
& share ,
& path ,
& user ,
& password ,
NULL ) ) {
2008-02-28 11:23:20 -05:00
errno = EINVAL ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! user | | user [ 0 ] = = ( char ) 0 ) {
2008-03-03 18:13:33 -05:00
user = talloc_strdup ( frame , smbc_getUser ( context ) ) ;
2008-02-28 11:23:20 -05:00
if ( ! user ) {
errno = ENOMEM ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
srv = SMBC_server ( frame , context , True ,
2013-04-16 14:11:08 -07:00
server , port , share , & workgroup , & user , & password ) ;
2008-02-28 11:23:20 -05:00
if ( ! srv ) {
TALLOC_FREE ( frame ) ;
return - 1 ; /* errno set by SMBC_server */
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! srv - > no_nt_session ) {
2013-04-16 12:22:11 -07:00
ipc_srv = SMBC_attr_server ( frame , context , server , port , share ,
2008-02-28 11:23:20 -05:00
& workgroup , & user , & password ) ;
if ( ! ipc_srv ) {
srv - > no_nt_session = True ;
}
} else {
ipc_srv = NULL ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
* Are they asking to set the entire set of known attributes ?
*/
2011-05-13 20:21:30 +02:00
if ( strcasecmp_m ( name , " system.* " ) = = 0 | |
strcasecmp_m ( name , " system.*+ " ) = = 0 ) {
2008-02-28 11:23:20 -05:00
/* Yup. */
char * namevalue =
talloc_asprintf ( talloc_tos ( ) , " %s:%s " ,
name + 7 , ( const char * ) value ) ;
if ( ! namevalue ) {
errno = ENOMEM ;
ret = - 1 ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ipc_srv ) {
2009-03-17 14:53:06 -07:00
ret = cacl_set ( context , talloc_tos ( ) , srv - > cli ,
2008-02-28 11:23:20 -05:00
ipc_srv - > cli , & ipc_srv - > pol , path ,
namevalue ,
( * namevalue = = ' * '
? SMBC_XATTR_MODE_SET
: SMBC_XATTR_MODE_ADD ) ,
flags ) ;
} else {
ret = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* get a DOS Attribute Descriptor with current attributes */
dad = dos_attr_query ( context , talloc_tos ( ) , path , srv ) ;
if ( dad ) {
2020-03-26 12:29:13 +01:00
bool ok ;
2008-02-28 11:23:20 -05:00
/* Overwrite old with new, using what was provided */
dos_attr_parse ( context , dad , srv , namevalue ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Set the new DOS attributes */
2020-03-26 12:29:13 +01:00
ok = SMBC_setatr (
context ,
srv ,
path ,
( struct timespec ) {
. tv_sec = dad - > create_time } ,
( struct timespec ) {
. tv_sec = dad - > access_time } ,
( struct timespec ) {
. tv_sec = dad - > write_time } ,
( struct timespec ) {
. tv_sec = dad - > change_time } ,
dad - > mode ) ;
if ( ! ok ) {
2008-02-28 11:23:20 -05:00
/* cause failure if NT failed too */
dad = NULL ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* we only fail if both NT and DOS sets failed */
if ( ret < 0 & & ! dad ) {
ret = - 1 ; /* in case dad was null */
}
else {
ret = 0 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
TALLOC_FREE ( frame ) ;
return ret ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
* Are they asking to set an access control element or to set
* the entire access control list ?
*/
2011-05-13 20:21:30 +02:00
if ( strcasecmp_m ( name , " system.nt_sec_desc.* " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.*+ " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.revision " ) = = 0 | |
2011-05-13 20:23:36 +02:00
strncasecmp_m ( name , " system.nt_sec_desc.acl " , 22 ) = = 0 | |
strncasecmp_m ( name , " system.nt_sec_desc.acl+ " , 23 ) = = 0 ) {
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Yup. */
char * namevalue =
talloc_asprintf ( talloc_tos ( ) , " %s:%s " ,
name + 19 , ( const char * ) value ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! ipc_srv ) {
ret = - 1 ; /* errno set by SMBC_server() */
}
else if ( ! namevalue ) {
errno = ENOMEM ;
ret = - 1 ;
} else {
2009-03-17 14:53:06 -07:00
ret = cacl_set ( context , talloc_tos ( ) , srv - > cli ,
2008-02-28 11:23:20 -05:00
ipc_srv - > cli , & ipc_srv - > pol , path ,
namevalue ,
( * namevalue = = ' * '
? SMBC_XATTR_MODE_SET
: SMBC_XATTR_MODE_ADD ) ,
flags ) ;
}
TALLOC_FREE ( frame ) ;
return ret ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
* Are they asking to set the owner ?
*/
2011-05-13 20:21:30 +02:00
if ( strcasecmp_m ( name , " system.nt_sec_desc.owner " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.owner+ " ) = = 0 ) {
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Yup. */
char * namevalue =
talloc_asprintf ( talloc_tos ( ) , " %s:%s " ,
name + 19 , ( const char * ) value ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! ipc_srv ) {
ret = - 1 ; /* errno set by SMBC_server() */
}
else if ( ! namevalue ) {
errno = ENOMEM ;
ret = - 1 ;
} else {
2009-03-17 14:53:06 -07:00
ret = cacl_set ( context , talloc_tos ( ) , srv - > cli ,
2008-02-28 11:23:20 -05:00
ipc_srv - > cli , & ipc_srv - > pol , path ,
namevalue , SMBC_XATTR_MODE_CHOWN , 0 ) ;
}
TALLOC_FREE ( frame ) ;
return ret ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
* Are they asking to set the group ?
*/
2011-05-13 20:21:30 +02:00
if ( strcasecmp_m ( name , " system.nt_sec_desc.group " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.group+ " ) = = 0 ) {
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Yup. */
char * namevalue =
talloc_asprintf ( talloc_tos ( ) , " %s:%s " ,
name + 19 , ( const char * ) value ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! ipc_srv ) {
/* errno set by SMBC_server() */
ret = - 1 ;
}
else if ( ! namevalue ) {
errno = ENOMEM ;
ret = - 1 ;
} else {
2009-03-17 14:53:06 -07:00
ret = cacl_set ( context , talloc_tos ( ) , srv - > cli ,
2008-02-28 11:23:20 -05:00
ipc_srv - > cli , & ipc_srv - > pol , path ,
namevalue , SMBC_XATTR_MODE_CHGRP , 0 ) ;
}
TALLOC_FREE ( frame ) ;
return ret ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Determine whether to use old-style or new-style attribute names */
2008-02-29 13:34:35 -05:00
if ( context - > internal - > full_time_names ) {
2008-02-28 11:23:20 -05:00
/* new-style names */
attr_strings . create_time_attr = " system.dos_attr.CREATE_TIME " ;
attr_strings . access_time_attr = " system.dos_attr.ACCESS_TIME " ;
attr_strings . write_time_attr = " system.dos_attr.WRITE_TIME " ;
attr_strings . change_time_attr = " system.dos_attr.CHANGE_TIME " ;
} else {
/* old-style names */
attr_strings . create_time_attr = NULL ;
attr_strings . access_time_attr = " system.dos_attr.A_TIME " ;
attr_strings . write_time_attr = " system.dos_attr.M_TIME " ;
attr_strings . change_time_attr = " system.dos_attr.C_TIME " ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
* Are they asking to set a DOS attribute ?
*/
2011-05-13 20:21:30 +02:00
if ( strcasecmp_m ( name , " system.dos_attr.* " ) = = 0 | |
strcasecmp_m ( name , " system.dos_attr.mode " ) = = 0 | |
2008-02-28 11:23:20 -05:00
( attr_strings . create_time_attr ! = NULL & &
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name , attr_strings . create_time_attr ) = = 0 ) | |
strcasecmp_m ( name , attr_strings . access_time_attr ) = = 0 | |
strcasecmp_m ( name , attr_strings . write_time_attr ) = = 0 | |
strcasecmp_m ( name , attr_strings . change_time_attr ) = = 0 ) {
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* get a DOS Attribute Descriptor with current attributes */
dad = dos_attr_query ( context , talloc_tos ( ) , path , srv ) ;
if ( dad ) {
char * namevalue =
talloc_asprintf ( talloc_tos ( ) , " %s:%s " ,
name + 16 , ( const char * ) value ) ;
if ( ! namevalue ) {
errno = ENOMEM ;
ret = - 1 ;
} else {
/* Overwrite old with provided new params */
dos_attr_parse ( context , dad , srv , namevalue ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Set the new DOS attributes */
2020-03-26 12:29:13 +01:00
ret2 = SMBC_setatr (
context ,
srv ,
path ,
( struct timespec ) {
. tv_sec = dad - > create_time } ,
( struct timespec ) {
. tv_sec = dad - > access_time } ,
( struct timespec ) {
. tv_sec = dad - > write_time } ,
( struct timespec ) {
. tv_sec = dad - > change_time } ,
dad - > mode ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* ret2 has True (success) / False (failure) */
if ( ret2 ) {
ret = 0 ;
} else {
ret = - 1 ;
}
}
} else {
ret = - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
TALLOC_FREE ( frame ) ;
return ret ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Unsupported attribute name */
errno = EINVAL ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
int
SMBC_getxattr_ctx ( SMBCCTX * context ,
const char * fname ,
const char * name ,
const void * value ,
size_t size )
{
int ret ;
SMBCSRV * srv = NULL ;
SMBCSRV * ipc_srv = NULL ;
char * server = NULL ;
char * share = NULL ;
char * user = NULL ;
char * password = NULL ;
char * workgroup = NULL ;
char * path = NULL ;
struct {
const char * create_time_attr ;
const char * access_time_attr ;
const char * write_time_attr ;
const char * change_time_attr ;
} attr_strings ;
2013-04-16 12:09:41 -07:00
uint16_t port = 0 ;
2008-02-28 11:23:20 -05:00
TALLOC_CTX * frame = talloc_stackframe ( ) ;
2009-11-21 22:52:12 +01:00
2008-02-29 13:34:35 -05:00
if ( ! context | | ! context - > internal - > initialized ) {
2008-02-28 11:23:20 -05:00
errno = EINVAL ; /* Best I can think of ... */
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! fname ) {
errno = EINVAL ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
DEBUG ( 4 , ( " smbc_getxattr(%s, %s) \n " , fname , name ) ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( SMBC_parse_path ( frame ,
2008-03-01 20:44:21 -05:00
context ,
fname ,
& workgroup ,
& server ,
2013-04-16 12:09:41 -07:00
& port ,
2008-03-01 20:44:21 -05:00
& share ,
& path ,
& user ,
& password ,
NULL ) ) {
2008-02-28 11:23:20 -05:00
errno = EINVAL ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2022-01-16 20:14:56 +01:00
if ( ! user | | user [ 0 ] = = ' \0 ' ) {
2008-03-03 18:13:33 -05:00
user = talloc_strdup ( frame , smbc_getUser ( context ) ) ;
2008-02-28 11:23:20 -05:00
if ( ! user ) {
errno = ENOMEM ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
srv = SMBC_server ( frame , context , True ,
2013-04-16 14:11:08 -07:00
server , port , share , & workgroup , & user , & password ) ;
2008-02-28 11:23:20 -05:00
if ( ! srv ) {
TALLOC_FREE ( frame ) ;
return - 1 ; /* errno set by SMBC_server */
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! srv - > no_nt_session ) {
2013-04-16 12:22:11 -07:00
ipc_srv = SMBC_attr_server ( frame , context , server , port , share ,
2008-02-28 11:23:20 -05:00
& workgroup , & user , & password ) ;
2015-03-31 14:40:23 -07:00
/*
* SMBC_attr_server ( ) can cause the original
* server to be removed from the cache .
* If so we must error out here as the srv
* pointer has been freed .
*/
if ( smbc_getFunctionGetCachedServer ( context ) ( context ,
server ,
share ,
workgroup ,
user ) ! = srv ) {
# if defined(ECONNRESET)
errno = ECONNRESET ;
# else
errno = ETIMEDOUT ;
# endif
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2008-02-28 11:23:20 -05:00
if ( ! ipc_srv ) {
srv - > no_nt_session = True ;
}
} else {
ipc_srv = NULL ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Determine whether to use old-style or new-style attribute names */
2008-02-29 13:34:35 -05:00
if ( context - > internal - > full_time_names ) {
2008-02-28 11:23:20 -05:00
/* new-style names */
attr_strings . create_time_attr = " system.dos_attr.CREATE_TIME " ;
attr_strings . access_time_attr = " system.dos_attr.ACCESS_TIME " ;
attr_strings . write_time_attr = " system.dos_attr.WRITE_TIME " ;
attr_strings . change_time_attr = " system.dos_attr.CHANGE_TIME " ;
} else {
/* old-style names */
attr_strings . create_time_attr = NULL ;
attr_strings . access_time_attr = " system.dos_attr.A_TIME " ;
attr_strings . write_time_attr = " system.dos_attr.M_TIME " ;
attr_strings . change_time_attr = " system.dos_attr.C_TIME " ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Are they requesting a supported attribute? */
2011-05-13 20:21:30 +02:00
if ( strcasecmp_m ( name , " system.* " ) = = 0 | |
2011-05-13 20:23:36 +02:00
strncasecmp_m ( name , " system.*! " , 9 ) = = 0 | |
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name , " system.*+ " ) = = 0 | |
2011-05-13 20:23:36 +02:00
strncasecmp_m ( name , " system.*+! " , 10 ) = = 0 | |
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name , " system.nt_sec_desc.* " ) = = 0 | |
2011-05-13 20:23:36 +02:00
strncasecmp_m ( name , " system.nt_sec_desc.*! " , 21 ) = = 0 | |
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name , " system.nt_sec_desc.*+ " ) = = 0 | |
2011-05-13 20:23:36 +02:00
strncasecmp_m ( name , " system.nt_sec_desc.*+! " , 22 ) = = 0 | |
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name , " system.nt_sec_desc.revision " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.owner " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.owner+ " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.group " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.group+ " ) = = 0 | |
2011-05-13 20:23:36 +02:00
strncasecmp_m ( name , " system.nt_sec_desc.acl " , 22 ) = = 0 | |
strncasecmp_m ( name , " system.nt_sec_desc.acl+ " , 23 ) = = 0 | |
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name , " system.dos_attr.* " ) = = 0 | |
2011-05-13 20:23:36 +02:00
strncasecmp_m ( name , " system.dos_attr.*! " , 18 ) = = 0 | |
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name , " system.dos_attr.mode " ) = = 0 | |
strcasecmp_m ( name , " system.dos_attr.size " ) = = 0 | |
2008-02-28 11:23:20 -05:00
( attr_strings . create_time_attr ! = NULL & &
2011-05-13 20:21:30 +02:00
strcasecmp_m ( name , attr_strings . create_time_attr ) = = 0 ) | |
strcasecmp_m ( name , attr_strings . access_time_attr ) = = 0 | |
strcasecmp_m ( name , attr_strings . write_time_attr ) = = 0 | |
strcasecmp_m ( name , attr_strings . change_time_attr ) = = 0 | |
strcasecmp_m ( name , " system.dos_attr.inode " ) = = 0 ) {
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Yup. */
2011-05-05 13:42:05 -07:00
const char * filename = name ;
2008-02-28 11:23:20 -05:00
ret = cacl_get ( context , talloc_tos ( ) , srv ,
ipc_srv = = NULL ? NULL : ipc_srv - > cli ,
& ipc_srv - > pol , path ,
2009-02-09 09:53:44 -05:00
filename ,
2011-05-05 13:42:05 -07:00
discard_const_p ( char , value ) ,
2009-02-09 09:53:44 -05:00
size ) ;
2008-02-28 11:23:20 -05:00
if ( ret < 0 & & errno = = 0 ) {
errno = SMBC_errno ( context , srv - > cli ) ;
}
TALLOC_FREE ( frame ) ;
2022-10-28 15:31:39 -07:00
/*
* static function cacl_get returns a value greater than zero
* on success . Map this to zero meaning success .
*/
return ret < 0 ? - 1 : 0 ;
2008-02-28 11:23:20 -05:00
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Unsupported attribute name */
errno = EINVAL ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
int
SMBC_removexattr_ctx ( SMBCCTX * context ,
const char * fname ,
const char * name )
{
int ret ;
SMBCSRV * srv = NULL ;
SMBCSRV * ipc_srv = NULL ;
char * server = NULL ;
char * share = NULL ;
char * user = NULL ;
char * password = NULL ;
char * workgroup = NULL ;
char * path = NULL ;
2013-04-16 12:09:41 -07:00
uint16_t port = 0 ;
2008-02-28 11:23:20 -05:00
TALLOC_CTX * frame = talloc_stackframe ( ) ;
2009-11-21 22:52:12 +01:00
2008-02-29 13:34:35 -05:00
if ( ! context | | ! context - > internal - > initialized ) {
2008-02-28 11:23:20 -05:00
errno = EINVAL ; /* Best I can think of ... */
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! fname ) {
errno = EINVAL ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
DEBUG ( 4 , ( " smbc_removexattr(%s, %s) \n " , fname , name ) ) ;
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( SMBC_parse_path ( frame ,
2008-03-01 20:44:21 -05:00
context ,
fname ,
& workgroup ,
& server ,
2013-04-16 12:09:41 -07:00
& port ,
2008-03-01 20:44:21 -05:00
& share ,
& path ,
& user ,
& password ,
NULL ) ) {
2008-02-28 11:23:20 -05:00
errno = EINVAL ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! user | | user [ 0 ] = = ( char ) 0 ) {
2008-03-03 18:13:33 -05:00
user = talloc_strdup ( frame , smbc_getUser ( context ) ) ;
2008-02-28 11:23:20 -05:00
if ( ! user ) {
errno = ENOMEM ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
srv = SMBC_server ( frame , context , True ,
2013-04-16 14:11:08 -07:00
server , port , share , & workgroup , & user , & password ) ;
2008-02-28 11:23:20 -05:00
if ( ! srv ) {
TALLOC_FREE ( frame ) ;
return - 1 ; /* errno set by SMBC_server */
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! srv - > no_nt_session ) {
2015-03-31 14:40:23 -07:00
int saved_errno ;
2013-04-16 12:22:11 -07:00
ipc_srv = SMBC_attr_server ( frame , context , server , port , share ,
2008-02-28 11:23:20 -05:00
& workgroup , & user , & password ) ;
2015-03-31 14:40:23 -07:00
saved_errno = errno ;
/*
* SMBC_attr_server ( ) can cause the original
* server to be removed from the cache .
* If so we must error out here as the srv
* pointer has been freed .
*/
if ( smbc_getFunctionGetCachedServer ( context ) ( context ,
server ,
share ,
workgroup ,
user ) ! = srv ) {
# if defined(ECONNRESET)
errno = ECONNRESET ;
# else
errno = ETIMEDOUT ;
# endif
TALLOC_FREE ( frame ) ;
return - 1 ;
}
2008-02-28 11:23:20 -05:00
if ( ! ipc_srv ) {
2015-03-31 14:40:23 -07:00
errno = saved_errno ;
2008-02-28 11:23:20 -05:00
srv - > no_nt_session = True ;
}
} else {
ipc_srv = NULL ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( ! ipc_srv ) {
TALLOC_FREE ( frame ) ;
return - 1 ; /* errno set by SMBC_attr_server */
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Are they asking to set the entire ACL? */
2011-05-13 20:21:30 +02:00
if ( strcasecmp_m ( name , " system.nt_sec_desc.* " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.*+ " ) = = 0 ) {
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Yup. */
2009-03-17 14:53:06 -07:00
ret = cacl_set ( context , talloc_tos ( ) , srv - > cli ,
2008-02-28 11:23:20 -05:00
ipc_srv - > cli , & ipc_srv - > pol , path ,
NULL , SMBC_XATTR_MODE_REMOVE_ALL , 0 ) ;
TALLOC_FREE ( frame ) ;
return ret ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/*
2020-11-21 21:17:39 +01:00
* Are they asking to remove one or more specific security descriptor
2008-02-28 11:23:20 -05:00
* attributes ?
*/
2011-05-13 20:21:30 +02:00
if ( strcasecmp_m ( name , " system.nt_sec_desc.revision " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.owner " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.owner+ " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.group " ) = = 0 | |
strcasecmp_m ( name , " system.nt_sec_desc.group+ " ) = = 0 | |
2011-05-13 20:23:36 +02:00
strncasecmp_m ( name , " system.nt_sec_desc.acl " , 22 ) = = 0 | |
strncasecmp_m ( name , " system.nt_sec_desc.acl+ " , 23 ) = = 0 ) {
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Yup. */
2009-03-17 14:53:06 -07:00
ret = cacl_set ( context , talloc_tos ( ) , srv - > cli ,
2008-02-28 11:23:20 -05:00
ipc_srv - > cli , & ipc_srv - > pol , path ,
2011-05-05 13:42:05 -07:00
discard_const_p ( char , name ) + 19 ,
2009-02-09 09:53:44 -05:00
SMBC_XATTR_MODE_REMOVE , 0 ) ;
2008-02-28 11:23:20 -05:00
TALLOC_FREE ( frame ) ;
return ret ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* Unsupported attribute name */
errno = EINVAL ;
TALLOC_FREE ( frame ) ;
return - 1 ;
}
int
SMBC_listxattr_ctx ( SMBCCTX * context ,
const char * fname ,
char * list ,
size_t size )
{
/*
* This isn ' t quite what listxattr ( ) is supposed to do . This returns
* the complete set of attribute names , always , rather than only those
* attribute names which actually exist for a file . Hmmm . . .
*/
size_t retsize ;
2022-08-17 07:56:18 +02:00
static const char supported_old [ ] =
2008-02-28 11:23:20 -05:00
" system.* \0 "
" system.*+ \0 "
" system.nt_sec_desc.revision \0 "
" system.nt_sec_desc.owner \0 "
" system.nt_sec_desc.owner+ \0 "
" system.nt_sec_desc.group \0 "
" system.nt_sec_desc.group+ \0 "
" system.nt_sec_desc.acl.* \0 "
" system.nt_sec_desc.acl \0 "
" system.nt_sec_desc.acl+ \0 "
" system.nt_sec_desc.* \0 "
" system.nt_sec_desc.*+ \0 "
" system.dos_attr.* \0 "
" system.dos_attr.mode \0 "
" system.dos_attr.c_time \0 "
" system.dos_attr.a_time \0 "
" system.dos_attr.m_time \0 "
;
2022-08-17 07:56:18 +02:00
static const char supported_new [ ] =
2008-02-28 11:23:20 -05:00
" system.* \0 "
" system.*+ \0 "
" system.nt_sec_desc.revision \0 "
" system.nt_sec_desc.owner \0 "
" system.nt_sec_desc.owner+ \0 "
" system.nt_sec_desc.group \0 "
" system.nt_sec_desc.group+ \0 "
" system.nt_sec_desc.acl.* \0 "
" system.nt_sec_desc.acl \0 "
" system.nt_sec_desc.acl+ \0 "
" system.nt_sec_desc.* \0 "
" system.nt_sec_desc.*+ \0 "
" system.dos_attr.* \0 "
" system.dos_attr.mode \0 "
" system.dos_attr.create_time \0 "
" system.dos_attr.access_time \0 "
" system.dos_attr.write_time \0 "
" system.dos_attr.change_time \0 "
;
const char * supported ;
2009-11-21 22:52:12 +01:00
2008-02-29 13:34:35 -05:00
if ( context - > internal - > full_time_names ) {
2008-02-28 11:23:20 -05:00
supported = supported_new ;
retsize = sizeof ( supported_new ) ;
} else {
supported = supported_old ;
retsize = sizeof ( supported_old ) ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( size = = 0 ) {
return retsize ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
if ( retsize > size ) {
errno = ERANGE ;
return - 1 ;
}
2009-11-21 22:52:12 +01:00
2008-02-28 11:23:20 -05:00
/* this can't be strcpy() because there are embedded null characters */
memcpy ( list , supported , retsize ) ;
return retsize ;
}