mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Add -D option to sharesec util to delete the entire security descriptor.
* also modified --usage descriptions to be more accurate
This commit is contained in:
parent
fd84ef938b
commit
9a90e4cecb
@ -30,6 +30,7 @@ enum acl_mode { SMB_ACL_DELETE,
|
|||||||
SMB_ACL_MODIFY,
|
SMB_ACL_MODIFY,
|
||||||
SMB_ACL_ADD,
|
SMB_ACL_ADD,
|
||||||
SMB_ACL_SET,
|
SMB_ACL_SET,
|
||||||
|
SMB_SD_DELETE,
|
||||||
SMB_ACL_VIEW };
|
SMB_ACL_VIEW };
|
||||||
|
|
||||||
struct perm_value {
|
struct perm_value {
|
||||||
@ -410,14 +411,16 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
|
|||||||
size_t sd_size = 0;
|
size_t sd_size = 0;
|
||||||
uint32 i, j;
|
uint32 i, j;
|
||||||
|
|
||||||
if (mode != SMB_ACL_SET) {
|
if (mode != SMB_ACL_SET && mode != SMB_SD_DELETE) {
|
||||||
if (!(old = get_share_security( mem_ctx, sharename, &sd_size )) ) {
|
if (!(old = get_share_security( mem_ctx, sharename, &sd_size )) ) {
|
||||||
fprintf(stderr, "Unable to retrieve permissions for share [%s]\n", sharename);
|
fprintf(stderr, "Unable to retrieve permissions for share "
|
||||||
|
"[%s]\n", sharename);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( (mode != SMB_ACL_VIEW) && !(sd = parse_acl_string(mem_ctx, the_acl, &sd_size )) ) {
|
if ( (mode != SMB_ACL_VIEW && mode != SMB_SD_DELETE) &&
|
||||||
|
!(sd = parse_acl_string(mem_ctx, the_acl, &sd_size )) ) {
|
||||||
fprintf( stderr, "Failed to parse acl\n");
|
fprintf( stderr, "Failed to parse acl\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -448,7 +451,6 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
|
|||||||
printf(" not found\n");
|
printf(" not found\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case SMB_ACL_MODIFY:
|
case SMB_ACL_MODIFY:
|
||||||
for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
|
for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
|
||||||
@ -484,6 +486,13 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
|
|||||||
case SMB_ACL_SET:
|
case SMB_ACL_SET:
|
||||||
old = sd;
|
old = sd;
|
||||||
break;
|
break;
|
||||||
|
case SMB_SD_DELETE:
|
||||||
|
if (!delete_share_security(sharename)) {
|
||||||
|
fprintf( stderr, "Failed to delete security descriptor for "
|
||||||
|
"share [%s]\n", sharename );
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Denied ACE entries must come before allowed ones */
|
/* Denied ACE entries must come before allowed ones */
|
||||||
@ -513,10 +522,11 @@ int main(int argc, const char *argv[])
|
|||||||
bool initialize_sid = False;
|
bool initialize_sid = False;
|
||||||
struct poptOption long_options[] = {
|
struct poptOption long_options[] = {
|
||||||
POPT_AUTOHELP
|
POPT_AUTOHELP
|
||||||
{ "remove", 'r', POPT_ARG_STRING, &the_acl, 'r', "Delete an ACE", "ACL" },
|
{ "remove", 'r', POPT_ARG_STRING, &the_acl, 'r', "Remove ACEs", "ACL" },
|
||||||
{ "modify", 'm', POPT_ARG_STRING, &the_acl, 'm', "Modify an acl", "ACL" },
|
{ "modify", 'm', POPT_ARG_STRING, &the_acl, 'm', "Modify existing ACEs", "ACL" },
|
||||||
{ "add", 'a', POPT_ARG_STRING, &the_acl, 'a', "Add an ACE", "ACL" },
|
{ "add", 'a', POPT_ARG_STRING, &the_acl, 'a', "Add ACEs", "ACL" },
|
||||||
{ "replace", 'R', POPT_ARG_STRING, &the_acl, 'R', "Set share mission ACL", "ACLS" },
|
{ "replace", 'R', POPT_ARG_STRING, &the_acl, 'R', "Overwrite share permission ACL", "ACLS" },
|
||||||
|
{ "delete", 'D', POPT_ARG_NONE, NULL, 'D', "Delete the entire security descriptor" },
|
||||||
{ "view", 'v', POPT_ARG_NONE, NULL, 'v', "View current share permissions" },
|
{ "view", 'v', POPT_ARG_NONE, NULL, 'v', "View current share permissions" },
|
||||||
{ "machine-sid", 'M', POPT_ARG_NONE, NULL, 'M', "Initialize the machine SID" },
|
{ "machine-sid", 'M', POPT_ARG_NONE, NULL, 'M', "Initialize the machine SID" },
|
||||||
{ "force", 'F', POPT_ARG_NONE, NULL, 'F', "Force storing the ACL", "ACLS" },
|
{ "force", 'F', POPT_ARG_NONE, NULL, 'F', "Force storing the ACL", "ACLS" },
|
||||||
@ -555,11 +565,16 @@ int main(int argc, const char *argv[])
|
|||||||
the_acl = smb_xstrdup(poptGetOptArg(pc));
|
the_acl = smb_xstrdup(poptGetOptArg(pc));
|
||||||
mode = SMB_ACL_ADD;
|
mode = SMB_ACL_ADD;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'R':
|
case 'R':
|
||||||
the_acl = smb_xstrdup(poptGetOptArg(pc));
|
the_acl = smb_xstrdup(poptGetOptArg(pc));
|
||||||
mode = SMB_ACL_SET;
|
mode = SMB_ACL_SET;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 'D':
|
||||||
|
mode = SMB_SD_DELETE;
|
||||||
|
break;
|
||||||
|
|
||||||
case 'v':
|
case 'v':
|
||||||
mode = SMB_ACL_VIEW;
|
mode = SMB_ACL_VIEW;
|
||||||
break;
|
break;
|
||||||
|
Loading…
Reference in New Issue
Block a user