source: vendor/current/source3/libsmb/libsmb_xattr.c@ 988

Last change on this file since 988 was 988, checked in by Silvan Scherrer, 9 years ago

Samba Server: update vendor to version 4.4.3
File size: 85.2 KB
Line 
1/*
2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23*/
24
25#include "includes.h"
26#include "libsmb/libsmb.h"
27#include "libsmbclient.h"
28#include "libsmb_internal.h"
29#include "../librpc/gen_ndr/ndr_lsa.h"
30#include "rpc_client/rpc_client.h"
31#include "rpc_client/cli_lsarpc.h"
32#include "../libcli/security/security.h"
33
34/*
35 * Find an lsa pipe handle associated with a cli struct.
36 */
37static struct rpc_pipe_client *
38find_lsa_pipe_hnd(struct cli_state *ipc_cli)
39{
40 struct rpc_pipe_client *pipe_hnd;
41
42 for (pipe_hnd = ipc_cli->pipe_list;
43 pipe_hnd;
44 pipe_hnd = pipe_hnd->next) {
45 if (ndr_syntax_id_equal(&pipe_hnd->abstract_syntax,
46 &ndr_table_lsarpc.syntax_id)) {
47 return pipe_hnd;
48 }
49 }
50 return NULL;
51}
52
53/*
54 * Sort ACEs according to the documentation at
55 * http://support.microsoft.com/kb/269175, at least as far as it defines the
56 * order.
57 */
58
59static int
60ace_compare(struct security_ace *ace1,
61 struct security_ace *ace2)
62{
63 bool b1;
64 bool b2;
65
66 /* If the ACEs are equal, we have nothing more to do. */
67 if (security_ace_equal(ace1, ace2)) {
68 return 0;
69 }
70
71 /* Inherited follow non-inherited */
72 b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
73 b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
74 if (b1 != b2) {
75 return (b1 ? 1 : -1);
76 }
77
78 /*
79 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
80 * sort them after DENY and ALLOW.
81 */
82 b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
83 ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
84 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
85 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
86 b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
87 ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
88 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
89 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
90 if (b1 != b2) {
91 return (b1 ? 1 : -1);
92 }
93
94 /* Allowed ACEs follow denied ACEs */
95 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
96 ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
97 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
98 ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
99 if (b1 != b2) {
100 return (b1 ? 1 : -1);
101 }
102
103 /*
104 * ACEs applying to an entity's object follow those applying to the
105 * entity itself
106 */
107 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
108 ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
109 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
110 ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
111 if (b1 != b2) {
112 return (b1 ? 1 : -1);
113 }
114
115 /*
116 * If we get this far, the ACEs are similar as far as the
117 * characteristics we typically care about (those defined by the
118 * referenced MS document). We'll now sort by characteristics that
119 * just seems reasonable.
120 */
121
122 if (ace1->type != ace2->type) {
123 return ace2->type - ace1->type;
124 }
125
126 if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
127 return dom_sid_compare(&ace1->trustee, &ace2->trustee);
128 }
129
130 if (ace1->flags != ace2->flags) {
131 return ace1->flags - ace2->flags;
132 }
133
134 if (ace1->access_mask != ace2->access_mask) {
135 return ace1->access_mask - ace2->access_mask;
136 }
137
138 if (ace1->size != ace2->size) {
139 return ace1->size - ace2->size;
140 }
141
142 return memcmp(ace1, ace2, sizeof(struct security_ace));
143}
144
145
146static void
147sort_acl(struct security_acl *the_acl)
148{
149 uint32_t i;
150 if (!the_acl) return;
151
152 TYPESAFE_QSORT(the_acl->aces, the_acl->num_aces, ace_compare);
153
154 for (i=1;i<the_acl->num_aces;) {
155 if (security_ace_equal(&the_acl->aces[i-1],
156 &the_acl->aces[i])) {
157 int j;
158 for (j=i; j<the_acl->num_aces-1; j++) {
159 the_acl->aces[j] = the_acl->aces[j+1];
160 }
161 the_acl->num_aces--;
162 } else {
163 i++;
164 }
165 }
166}
167
168/* convert a SID to a string, either numeric or username/group */
169static void
170convert_sid_to_string(struct cli_state *ipc_cli,
171 struct policy_handle *pol,
172 fstring str,
173 bool numeric,
174 struct dom_sid *sid)
175{
176 char **domains = NULL;
177 char **names = NULL;
178 enum lsa_SidType *types = NULL;
179 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
180 TALLOC_CTX *ctx;
181
182 sid_to_fstring(str, sid);
183
184 if (numeric) {
185 return; /* no lookup desired */
186 }
187
188 if (!pipe_hnd) {
189 return;
190 }
191
192 /* Ask LSA to convert the sid to a name */
193
194 ctx = talloc_stackframe();
195
196 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd, ctx,
197 pol, 1, sid, &domains,
198 &names, &types)) ||
199 !domains || !domains[0] || !names || !names[0]) {
200 TALLOC_FREE(ctx);
201 return;
202 }
203
204 /* Converted OK */
205
206 fstr_sprintf(str, "%s%s%s",
207 domains[0], lp_winbind_separator(), names[0]);
208
209 TALLOC_FREE(ctx);
210}
211
212/* convert a string to a SID, either numeric or username/group */
213static bool
214convert_string_to_sid(struct cli_state *ipc_cli,
215 struct policy_handle *pol,
216 bool numeric,
217 struct dom_sid *sid,
218 const char *str)
219{
220 enum lsa_SidType *types = NULL;
221 struct dom_sid *sids = NULL;
222 bool result = True;
223 TALLOC_CTX *ctx = NULL;
224 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
225
226 if (!pipe_hnd) {
227 return False;
228 }
229
230 if (numeric) {
231 if (strncmp(str, "S-", 2) == 0) {
232 return string_to_sid(sid, str);
233 }
234
235 result = False;
236 goto done;
237 }
238
239 ctx = talloc_stackframe();
240 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd, ctx,
241 pol, 1, &str,
242 NULL, 1, &sids,
243 &types))) {
244 result = False;
245 goto done;
246 }
247
248 sid_copy(sid, &sids[0]);
249done:
250 TALLOC_FREE(ctx);
251 return result;
252}
253
254
255/* parse an struct security_ace in the same format as print_ace() */
256static bool
257parse_ace(struct cli_state *ipc_cli,
258 struct policy_handle *pol,
259 struct security_ace *ace,
260 bool numeric,
261 char *str)
262{
263 char *p;
264 const char *cp;
265 char *tok;
266 unsigned int atype;
267 unsigned int aflags;
268 unsigned int amask;
269 struct dom_sid sid;
270 uint32_t mask;
271 const struct perm_value *v;
272 struct perm_value {
273 const char perm[7];
274 uint32_t mask;
275 };
276 TALLOC_CTX *frame = talloc_stackframe();
277
278 /* These values discovered by inspection */
279 static const struct perm_value special_values[] = {
280 { "R", 0x00120089 },
281 { "W", 0x00120116 },
282 { "X", 0x001200a0 },
283 { "D", 0x00010000 },
284 { "P", 0x00040000 },
285 { "O", 0x00080000 },
286 { "", 0 },
287 };
288
289 static const struct perm_value standard_values[] = {
290 { "READ", 0x001200a9 },
291 { "CHANGE", 0x001301bf },
292 { "FULL", 0x001f01ff },
293 { "", 0 },
294 };
295
296 ZERO_STRUCTP(ace);
297 p = strchr_m(str,':');
298 if (!p) {
299 TALLOC_FREE(frame);
300 return False;
301 }
302 *p = '\0';
303 p++;
304 /* Try to parse numeric form */
305
306 if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
307 convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
308 goto done;
309 }
310
311 /* Try to parse text form */
312
313 if (!convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
314 TALLOC_FREE(frame);
315 return false;
316 }
317
318 cp = p;
319 if (!next_token_talloc(frame, &cp, &tok, "/")) {
320 TALLOC_FREE(frame);
321 return false;
322 }
323
324 if (strncasecmp_m(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
325 atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
326 } else if (strncasecmp_m(tok, "DENIED", strlen("DENIED")) == 0) {
327 atype = SEC_ACE_TYPE_ACCESS_DENIED;
328 } else {
329 TALLOC_FREE(frame);
330 return false;
331 }
332
333 /* Only numeric form accepted for flags at present */
334
335 if (!(next_token_talloc(frame, &cp, &tok, "/") &&
336 sscanf(tok, "%u", &aflags))) {
337 TALLOC_FREE(frame);
338 return false;
339 }
340
341 if (!next_token_talloc(frame, &cp, &tok, "/")) {
342 TALLOC_FREE(frame);
343 return false;
344 }
345
346 if (strncmp(tok, "0x", 2) == 0) {
347 if (sscanf(tok, "%u", &amask) != 1) {
348 TALLOC_FREE(frame);
349 return false;
350 }
351 goto done;
352 }
353
354 for (v = standard_values; v != NULL; v++) {
355 if (strcmp(tok, v->perm) == 0) {
356 amask = v->mask;
357 goto done;
358 }
359 }
360
361 p = tok;
362
363 while(*p) {
364 bool found = False;
365
366 for (v = special_values; v != NULL; v++) {
367 if (v->perm[0] == *p) {
368 amask |= v->mask;
369 found = True;
370 }
371 }
372
373 if (!found) {
374 TALLOC_FREE(frame);
375 return false;
376 }
377 p++;
378 }
379
380 if (*p) {
381 TALLOC_FREE(frame);
382 return false;
383 }
384
385done:
386 mask = amask;
387 init_sec_ace(ace, &sid, atype, mask, aflags);
388 TALLOC_FREE(frame);
389 return true;
390}
391
392/* add an struct security_ace to a list of struct security_aces in a struct security_acl */
393static bool
394add_ace(struct security_acl **the_acl,
395 struct security_ace *ace,
396 TALLOC_CTX *ctx)
397{
398 struct security_acl *newacl;
399 struct security_ace *aces;
400
401 if (! *the_acl) {
402 (*the_acl) = make_sec_acl(ctx, 3, 1, ace);
403 return True;
404 }
405
406 if ((aces = SMB_CALLOC_ARRAY(struct security_ace,
407 1+(*the_acl)->num_aces)) == NULL) {
408 return False;
409 }
410 memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(struct security_ace));
411 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(struct security_ace));
412 newacl = make_sec_acl(ctx, (*the_acl)->revision,
413 1+(*the_acl)->num_aces, aces);
414 SAFE_FREE(aces);
415 (*the_acl) = newacl;
416 return True;
417}
418
419
420/* parse a ascii version of a security descriptor */
421static struct security_descriptor *
422sec_desc_parse(TALLOC_CTX *ctx,
423 struct cli_state *ipc_cli,
424 struct policy_handle *pol,
425 bool numeric,
426 const char *str)
427{
428 const char *p = str;
429 char *tok;
430 struct security_descriptor *ret = NULL;
431 size_t sd_size;
432 struct dom_sid *group_sid=NULL;
433 struct dom_sid *owner_sid=NULL;
434 struct security_acl *dacl=NULL;
435 int revision=1;
436
437 while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
438
439 if (strncasecmp_m(tok,"REVISION:", 9) == 0) {
440 revision = strtol(tok+9, NULL, 16);
441 continue;
442 }
443
444 if (strncasecmp_m(tok,"OWNER:", 6) == 0) {
445 if (owner_sid) {
446 DEBUG(5,("OWNER specified more than once!\n"));
447 goto done;
448 }
449 owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
450 if (!owner_sid ||
451 !convert_string_to_sid(ipc_cli, pol,
452 numeric,
453 owner_sid, tok+6)) {
454 DEBUG(5, ("Failed to parse owner sid\n"));
455 goto done;
456 }
457 continue;
458 }
459
460 if (strncasecmp_m(tok,"OWNER+:", 7) == 0) {
461 if (owner_sid) {
462 DEBUG(5,("OWNER specified more than once!\n"));
463 goto done;
464 }
465 owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
466 if (!owner_sid ||
467 !convert_string_to_sid(ipc_cli, pol,
468 False,
469 owner_sid, tok+7)) {
470 DEBUG(5, ("Failed to parse owner sid\n"));
471 goto done;
472 }
473 continue;
474 }
475
476 if (strncasecmp_m(tok,"GROUP:", 6) == 0) {
477 if (group_sid) {
478 DEBUG(5,("GROUP specified more than once!\n"));
479 goto done;
480 }
481 group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
482 if (!group_sid ||
483 !convert_string_to_sid(ipc_cli, pol,
484 numeric,
485 group_sid, tok+6)) {
486 DEBUG(5, ("Failed to parse group sid\n"));
487 goto done;
488 }
489 continue;
490 }
491
492 if (strncasecmp_m(tok,"GROUP+:", 7) == 0) {
493 if (group_sid) {
494 DEBUG(5,("GROUP specified more than once!\n"));
495 goto done;
496 }
497 group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
498 if (!group_sid ||
499 !convert_string_to_sid(ipc_cli, pol,
500 False,
501 group_sid, tok+6)) {
502 DEBUG(5, ("Failed to parse group sid\n"));
503 goto done;
504 }
505 continue;
506 }
507
508 if (strncasecmp_m(tok,"ACL:", 4) == 0) {
509 struct security_ace ace;
510 if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
511 DEBUG(5, ("Failed to parse ACL %s\n", tok));
512 goto done;
513 }
514 if(!add_ace(&dacl, &ace, ctx)) {
515 DEBUG(5, ("Failed to add ACL %s\n", tok));
516 goto done;
517 }
518 continue;
519 }
520
521 if (strncasecmp_m(tok,"ACL+:", 5) == 0) {
522 struct security_ace ace;
523 if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
524 DEBUG(5, ("Failed to parse ACL %s\n", tok));
525 goto done;
526 }
527 if(!add_ace(&dacl, &ace, ctx)) {
528 DEBUG(5, ("Failed to add ACL %s\n", tok));
529 goto done;
530 }
531 continue;
532 }
533
534 DEBUG(5, ("Failed to parse security descriptor\n"));
535 goto done;
536 }
537
538 ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE,
539 owner_sid, group_sid, NULL, dacl, &sd_size);
540
541done:
542 SAFE_FREE(group_sid);
543 SAFE_FREE(owner_sid);
544 return ret;
545}
546
547
548/* Obtain the current dos attributes */
549static DOS_ATTR_DESC *
550dos_attr_query(SMBCCTX *context,
551 TALLOC_CTX *ctx,
552 const char *filename,
553 SMBCSRV *srv)
554{
555 struct timespec create_time_ts;
556 struct timespec write_time_ts;
557 struct timespec access_time_ts;
558 struct timespec change_time_ts;
559 off_t size = 0;
560 uint16_t mode = 0;
561 SMB_INO_T inode = 0;
562 DOS_ATTR_DESC *ret;
563
564 ret = talloc(ctx, DOS_ATTR_DESC);
565 if (!ret) {
566 errno = ENOMEM;
567 return NULL;
568 }
569
570 /* Obtain the DOS attributes */
571 if (!SMBC_getatr(context, srv, filename,
572 &mode, &size,
573 &create_time_ts,
574 &access_time_ts,
575 &write_time_ts,
576 &change_time_ts,
577 &inode)) {
578 errno = SMBC_errno(context, srv->cli);
579 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
580 TALLOC_FREE(ret);
581 return NULL;
582 }
583
584 ret->mode = mode;
585 ret->size = size;
586 ret->create_time = convert_timespec_to_time_t(create_time_ts);
587 ret->access_time = convert_timespec_to_time_t(access_time_ts);
588 ret->write_time = convert_timespec_to_time_t(write_time_ts);
589 ret->change_time = convert_timespec_to_time_t(change_time_ts);
590 ret->inode = inode;
591
592 return ret;
593}
594
595
596/* parse a ascii version of a security descriptor */
597static void
598dos_attr_parse(SMBCCTX *context,
599 DOS_ATTR_DESC *dad,
600 SMBCSRV *srv,
601 char *str)
602{
603 int n;
604 const char *p = str;
605 char *tok = NULL;
606 TALLOC_CTX *frame = NULL;
607 struct {
608 const char * create_time_attr;
609 const char * access_time_attr;
610 const char * write_time_attr;
611 const char * change_time_attr;
612 } attr_strings;
613
614 /* Determine whether to use old-style or new-style attribute names */
615 if (context->internal->full_time_names) {
616 /* new-style names */
617 attr_strings.create_time_attr = "CREATE_TIME";
618 attr_strings.access_time_attr = "ACCESS_TIME";
619 attr_strings.write_time_attr = "WRITE_TIME";
620 attr_strings.change_time_attr = "CHANGE_TIME";
621 } else {
622 /* old-style names */
623 attr_strings.create_time_attr = NULL;
624 attr_strings.access_time_attr = "A_TIME";
625 attr_strings.write_time_attr = "M_TIME";
626 attr_strings.change_time_attr = "C_TIME";
627 }
628
629 /* if this is to set the entire ACL... */
630 if (*str == '*') {
631 /* ... then increment past the first colon if there is one */
632 if ((p = strchr(str, ':')) != NULL) {
633 ++p;
634 } else {
635 p = str;
636 }
637 }
638
639 frame = talloc_stackframe();
640 while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
641 if (strncasecmp_m(tok, "MODE:", 5) == 0) {
642 long request = strtol(tok+5, NULL, 16);
643 if (request == 0) {
644 dad->mode = (request |
645 (IS_DOS_DIR(dad->mode)
646 ? FILE_ATTRIBUTE_DIRECTORY
647 : FILE_ATTRIBUTE_NORMAL));
648 } else {
649 dad->mode = request;
650 }
651 continue;
652 }
653
654 if (strncasecmp_m(tok, "SIZE:", 5) == 0) {
655 dad->size = (off_t)atof(tok+5);
656 continue;
657 }
658
659 n = strlen(attr_strings.access_time_attr);
660 if (strncasecmp_m(tok, attr_strings.access_time_attr, n) == 0) {
661 dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
662 continue;
663 }
664
665 n = strlen(attr_strings.change_time_attr);
666 if (strncasecmp_m(tok, attr_strings.change_time_attr, n) == 0) {
667 dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
668 continue;
669 }
670
671 n = strlen(attr_strings.write_time_attr);
672 if (strncasecmp_m(tok, attr_strings.write_time_attr, n) == 0) {
673 dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
674 continue;
675 }
676
677 if (attr_strings.create_time_attr != NULL) {
678 n = strlen(attr_strings.create_time_attr);
679 if (strncasecmp_m(tok, attr_strings.create_time_attr,
680 n) == 0) {
681 dad->create_time = (time_t)strtol(tok+n+1,
682 NULL, 10);
683 continue;
684 }
685 }
686
687 if (strncasecmp_m(tok, "INODE:", 6) == 0) {
688 dad->inode = (SMB_INO_T)atof(tok+6);
689 continue;
690 }
691 }
692 TALLOC_FREE(frame);
693}
694
695/*****************************************************
696 Retrieve the acls for a file.
697*******************************************************/
698
699static int
700cacl_get(SMBCCTX *context,
701 TALLOC_CTX *ctx,
702 SMBCSRV *srv,
703 struct cli_state *ipc_cli,
704 struct policy_handle *pol,
705 const char *filename,
706 const char *attr_name,
707 char *buf,
708 int bufsize)
709{
710 uint32_t i;
711 int n = 0;
712 int n_used;
713 bool all;
714 bool all_nt;
715 bool all_nt_acls;
716 bool all_dos;
717 bool some_nt;
718 bool some_dos;
719 bool exclude_nt_revision = False;
720 bool exclude_nt_owner = False;
721 bool exclude_nt_group = False;
722 bool exclude_nt_acl = False;
723 bool exclude_dos_mode = False;
724 bool exclude_dos_size = False;
725 bool exclude_dos_create_time = False;
726 bool exclude_dos_access_time = False;
727 bool exclude_dos_write_time = False;
728 bool exclude_dos_change_time = False;
729 bool exclude_dos_inode = False;
730 bool numeric = True;
731 bool determine_size = (bufsize == 0);
732 uint16_t fnum;
733 struct security_descriptor *sd;
734 fstring sidstr;
735 fstring name_sandbox;
736 char *name;
737 char *pExclude;
738 char *p;
739 struct timespec create_time_ts;
740 struct timespec write_time_ts;
741 struct timespec access_time_ts;
742 struct timespec change_time_ts;
743 time_t create_time = (time_t)0;
744 time_t write_time = (time_t)0;
745 time_t access_time = (time_t)0;
746 time_t change_time = (time_t)0;
747 off_t size = 0;
748 uint16_t mode = 0;
749 SMB_INO_T ino = 0;
750 struct cli_state *cli = srv->cli;
751 struct {
752 const char * create_time_attr;
753 const char * access_time_attr;
754 const char * write_time_attr;
755 const char * change_time_attr;
756 } attr_strings;
757 struct {
758 const char * create_time_attr;
759 const char * access_time_attr;
760 const char * write_time_attr;
761 const char * change_time_attr;
762 } excl_attr_strings;
763
764 /* Determine whether to use old-style or new-style attribute names */
765 if (context->internal->full_time_names) {
766 /* new-style names */
767 attr_strings.create_time_attr = "CREATE_TIME";
768 attr_strings.access_time_attr = "ACCESS_TIME";
769 attr_strings.write_time_attr = "WRITE_TIME";
770 attr_strings.change_time_attr = "CHANGE_TIME";
771
772 excl_attr_strings.create_time_attr = "CREATE_TIME";
773 excl_attr_strings.access_time_attr = "ACCESS_TIME";
774 excl_attr_strings.write_time_attr = "WRITE_TIME";
775 excl_attr_strings.change_time_attr = "CHANGE_TIME";
776 } else {
777 /* old-style names */
778 attr_strings.create_time_attr = NULL;
779 attr_strings.access_time_attr = "A_TIME";
780 attr_strings.write_time_attr = "M_TIME";
781 attr_strings.change_time_attr = "C_TIME";
782
783 excl_attr_strings.create_time_attr = NULL;
784 excl_attr_strings.access_time_attr = "dos_attr.A_TIME";
785 excl_attr_strings.write_time_attr = "dos_attr.M_TIME";
786 excl_attr_strings.change_time_attr = "dos_attr.C_TIME";
787 }
788
789 /* Copy name so we can strip off exclusions (if any are specified) */
790 strncpy(name_sandbox, attr_name, sizeof(name_sandbox) - 1);
791
792 /* Ensure name is null terminated */
793 name_sandbox[sizeof(name_sandbox) - 1] = '\0';
794
795 /* Play in the sandbox */
796 name = name_sandbox;
797
798 /* If there are any exclusions, point to them and mask them from name */
799 if ((pExclude = strchr(name, '!')) != NULL)
800 {
801 *pExclude++ = '\0';
802 }
803
804 all = (strncasecmp_m(name, "system.*", 8) == 0);
805 all_nt = (strncasecmp_m(name, "system.nt_sec_desc.*", 20) == 0);
806 all_nt_acls = (strncasecmp_m(name, "system.nt_sec_desc.acl.*", 24) == 0);
807 all_dos = (strncasecmp_m(name, "system.dos_attr.*", 17) == 0);
808 some_nt = (strncasecmp_m(name, "system.nt_sec_desc.", 19) == 0);
809 some_dos = (strncasecmp_m(name, "system.dos_attr.", 16) == 0);
810 numeric = (* (name + strlen(name) - 1) != '+');
811
812 /* Look for exclusions from "all" requests */
813 if (all || all_nt || all_dos) {
814 /* Exclusions are delimited by '!' */
815 for (;
816 pExclude != NULL;
817 pExclude = (p == NULL ? NULL : p + 1)) {
818
819 /* Find end of this exclusion name */
820 if ((p = strchr(pExclude, '!')) != NULL)
821 {
822 *p = '\0';
823 }
824
825 /* Which exclusion name is this? */
826 if (strcasecmp_m(pExclude,
827 "nt_sec_desc.revision") == 0) {
828 exclude_nt_revision = True;
829 }
830 else if (strcasecmp_m(pExclude,
831 "nt_sec_desc.owner") == 0) {
832 exclude_nt_owner = True;
833 }
834 else if (strcasecmp_m(pExclude,
835 "nt_sec_desc.group") == 0) {
836 exclude_nt_group = True;
837 }
838 else if (strcasecmp_m(pExclude,
839 "nt_sec_desc.acl") == 0) {
840 exclude_nt_acl = True;
841 }
842 else if (strcasecmp_m(pExclude,
843 "dos_attr.mode") == 0) {
844 exclude_dos_mode = True;
845 }
846 else if (strcasecmp_m(pExclude,
847 "dos_attr.size") == 0) {
848 exclude_dos_size = True;
849 }
850 else if (excl_attr_strings.create_time_attr != NULL &&
851 strcasecmp_m(pExclude,
852 excl_attr_strings.change_time_attr) == 0) {
853 exclude_dos_create_time = True;
854 }
855 else if (strcasecmp_m(pExclude,
856 excl_attr_strings.access_time_attr) == 0) {
857 exclude_dos_access_time = True;
858 }
859 else if (strcasecmp_m(pExclude,
860 excl_attr_strings.write_time_attr) == 0) {
861 exclude_dos_write_time = True;
862 }
863 else if (strcasecmp_m(pExclude,
864 excl_attr_strings.change_time_attr) == 0) {
865 exclude_dos_change_time = True;
866 }
867 else if (strcasecmp_m(pExclude, "dos_attr.inode") == 0) {
868 exclude_dos_inode = True;
869 }
870 else {
871 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
872 pExclude));
873 errno = ENOATTR;
874 return -1;
875 }
876 }
877 }
878
879 n_used = 0;
880
881 /*
882 * If we are (possibly) talking to an NT or new system and some NT
883 * attributes have been requested...
884 */
885 if (ipc_cli && (all || some_nt || all_nt_acls)) {
886 char *targetpath = NULL;
887 struct cli_state *targetcli = NULL;
888 NTSTATUS status;
889
890 /* Point to the portion after "system.nt_sec_desc." */
891 name += 19; /* if (all) this will be invalid but unused */
892
893 status = cli_resolve_path(
894 ctx, "", context->internal->auth_info,
895 cli, filename, &targetcli, &targetpath);
896 if (!NT_STATUS_IS_OK(status)) {
897 DEBUG(5, ("cacl_get Could not resolve %s\n",
898 filename));
899 errno = ENOENT;
900 return -1;
901 }
902
903 /* ... then obtain any NT attributes which were requested */
904 status = cli_ntcreate(targetcli, targetpath, 0,
905 CREATE_ACCESS_READ, 0,
906 FILE_SHARE_READ|FILE_SHARE_WRITE,
907 FILE_OPEN, 0x0, 0x0, &fnum, NULL);
908 if (!NT_STATUS_IS_OK(status)) {
909 DEBUG(5, ("cacl_get failed to open %s: %s\n",
910 targetpath, nt_errstr(status)));
911 errno = 0;
912 return -1;
913 }
914
915 status = cli_query_secdesc(targetcli, fnum, ctx, &sd);
916 if (!NT_STATUS_IS_OK(status)) {
917 DEBUG(5,("cacl_get Failed to query old descriptor "
918 "of %s: %s\n",
919 targetpath, nt_errstr(status)));
920 errno = 0;
921 return -1;
922 }
923
924 cli_close(targetcli, fnum);
925
926 if (! exclude_nt_revision) {
927 if (all || all_nt) {
928 if (determine_size) {
929 p = talloc_asprintf(ctx,
930 "REVISION:%d",
931 sd->revision);
932 if (!p) {
933 errno = ENOMEM;
934 return -1;
935 }
936 n = strlen(p);
937 } else {
938 n = snprintf(buf, bufsize,
939 "REVISION:%d",
940 sd->revision);
941 }
942 } else if (strcasecmp_m(name, "revision") == 0) {
943 if (determine_size) {
944 p = talloc_asprintf(ctx, "%d",
945 sd->revision);
946 if (!p) {
947 errno = ENOMEM;
948 return -1;
949 }
950 n = strlen(p);
951 } else {
952 n = snprintf(buf, bufsize, "%d",
953 sd->revision);
954 }
955 }
956
957 if (!determine_size && n > bufsize) {
958 errno = ERANGE;
959 return -1;
960 }
961 buf += n;
962 n_used += n;
963 bufsize -= n;
964 n = 0;
965 }
966
967 if (! exclude_nt_owner) {
968 /* Get owner and group sid */
969 if (sd->owner_sid) {
970 convert_sid_to_string(ipc_cli, pol,
971 sidstr,
972 numeric,
973 sd->owner_sid);
974 } else {
975 fstrcpy(sidstr, "");
976 }
977
978 if (all || all_nt) {
979 if (determine_size) {
980 p = talloc_asprintf(ctx, ",OWNER:%s",
981 sidstr);
982 if (!p) {
983 errno = ENOMEM;
984 return -1;
985 }
986 n = strlen(p);
987 } else if (sidstr[0] != '\0') {
988 n = snprintf(buf, bufsize,
989 ",OWNER:%s", sidstr);
990 }
991 } else if (strncasecmp_m(name, "owner", 5) == 0) {
992 if (determine_size) {
993 p = talloc_asprintf(ctx, "%s", sidstr);
994 if (!p) {
995 errno = ENOMEM;
996 return -1;
997 }
998 n = strlen(p);
999 } else {
1000 n = snprintf(buf, bufsize, "%s",
1001 sidstr);
1002 }
1003 }
1004
1005 if (!determine_size && n > bufsize) {
1006 errno = ERANGE;
1007 return -1;
1008 }
1009 buf += n;
1010 n_used += n;
1011 bufsize -= n;
1012 n = 0;
1013 }
1014
1015 if (! exclude_nt_group) {
1016 if (sd->group_sid) {
1017 convert_sid_to_string(ipc_cli, pol,
1018 sidstr, numeric,
1019 sd->group_sid);
1020 } else {
1021 fstrcpy(sidstr, "");
1022 }
1023
1024 if (all || all_nt) {
1025 if (determine_size) {
1026 p = talloc_asprintf(ctx, ",GROUP:%s",
1027 sidstr);
1028 if (!p) {
1029 errno = ENOMEM;
1030 return -1;
1031 }
1032 n = strlen(p);
1033 } else if (sidstr[0] != '\0') {
1034 n = snprintf(buf, bufsize,
1035 ",GROUP:%s", sidstr);
1036 }
1037 } else if (strncasecmp_m(name, "group", 5) == 0) {
1038 if (determine_size) {
1039 p = talloc_asprintf(ctx, "%s", sidstr);
1040 if (!p) {
1041 errno = ENOMEM;
1042 return -1;
1043 }
1044 n = strlen(p);
1045 } else {
1046 n = snprintf(buf, bufsize,
1047 "%s", sidstr);
1048 }
1049 }
1050
1051 if (!determine_size && n > bufsize) {
1052 errno = ERANGE;
1053 return -1;
1054 }
1055 buf += n;
1056 n_used += n;
1057 bufsize -= n;
1058 n = 0;
1059 }
1060
1061 if (! exclude_nt_acl) {
1062 /* Add aces to value buffer */
1063 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1064
1065 struct security_ace *ace = &sd->dacl->aces[i];
1066 convert_sid_to_string(ipc_cli, pol,
1067 sidstr, numeric,
1068 &ace->trustee);
1069
1070 if (all || all_nt) {
1071 if (determine_size) {
1072 p = talloc_asprintf(
1073 ctx,
1074 ",ACL:"
1075 "%s:%d/%d/0x%08x",
1076 sidstr,
1077 ace->type,
1078 ace->flags,
1079 ace->access_mask);
1080 if (!p) {
1081 errno = ENOMEM;
1082 return -1;
1083 }
1084 n = strlen(p);
1085 } else {
1086 n = snprintf(
1087 buf, bufsize,
1088 ",ACL:%s:%d/%d/0x%08x",
1089 sidstr,
1090 ace->type,
1091 ace->flags,
1092 ace->access_mask);
1093 }
1094 } else if ((strncasecmp_m(name, "acl", 3) == 0 &&
1095 strcasecmp_m(name+3, sidstr) == 0) ||
1096 (strncasecmp_m(name, "acl+", 4) == 0 &&
1097 strcasecmp_m(name+4, sidstr) == 0)) {
1098 if (determine_size) {
1099 p = talloc_asprintf(
1100 ctx,
1101 "%d/%d/0x%08x",
1102 ace->type,
1103 ace->flags,
1104 ace->access_mask);
1105 if (!p) {
1106 errno = ENOMEM;
1107 return -1;
1108 }
1109 n = strlen(p);
1110 } else {
1111 n = snprintf(buf, bufsize,
1112 "%d/%d/0x%08x",
1113 ace->type,
1114 ace->flags,
1115 ace->access_mask);
1116 }
1117 } else if (all_nt_acls) {
1118 if (determine_size) {
1119 p = talloc_asprintf(
1120 ctx,
1121 "%s%s:%d/%d/0x%08x",
1122 i ? "," : "",
1123 sidstr,
1124 ace->type,
1125 ace->flags,
1126 ace->access_mask);
1127 if (!p) {
1128 errno = ENOMEM;
1129 return -1;
1130 }
1131 n = strlen(p);
1132 } else {
1133 n = snprintf(buf, bufsize,
1134 "%s%s:%d/%d/0x%08x",
1135 i ? "," : "",
1136 sidstr,
1137 ace->type,
1138 ace->flags,
1139 ace->access_mask);
1140 }
1141 }
1142 if (!determine_size && n > bufsize) {
1143 errno = ERANGE;
1144 return -1;
1145 }
1146 buf += n;
1147 n_used += n;
1148 bufsize -= n;
1149 n = 0;
1150 }
1151 }
1152
1153 /* Restore name pointer to its original value */
1154 name -= 19;
1155 }
1156
1157 if (all || some_dos) {
1158 /* Point to the portion after "system.dos_attr." */
1159 name += 16; /* if (all) this will be invalid but unused */
1160
1161 /* Obtain the DOS attributes */
1162 if (!SMBC_getatr(context, srv, filename, &mode, &size,
1163 &create_time_ts,
1164 &access_time_ts,
1165 &write_time_ts,
1166 &change_time_ts,
1167 &ino)) {
1168
1169 errno = SMBC_errno(context, srv->cli);
1170 return -1;
1171 }
1172
1173 create_time = convert_timespec_to_time_t(create_time_ts);
1174 access_time = convert_timespec_to_time_t(access_time_ts);
1175 write_time = convert_timespec_to_time_t(write_time_ts);
1176 change_time = convert_timespec_to_time_t(change_time_ts);
1177
1178 if (! exclude_dos_mode) {
1179 if (all || all_dos) {
1180 if (determine_size) {
1181 p = talloc_asprintf(ctx,
1182 "%sMODE:0x%x",
1183 (ipc_cli &&
1184 (all || some_nt)
1185 ? ","
1186 : ""),
1187 mode);
1188 if (!p) {
1189 errno = ENOMEM;
1190 return -1;
1191 }
1192 n = strlen(p);
1193 } else {
1194 n = snprintf(buf, bufsize,
1195 "%sMODE:0x%x",
1196 (ipc_cli &&
1197 (all || some_nt)
1198 ? ","
1199 : ""),
1200 mode);
1201 }
1202 } else if (strcasecmp_m(name, "mode") == 0) {
1203 if (determine_size) {
1204 p = talloc_asprintf(ctx, "0x%x", mode);
1205 if (!p) {
1206 errno = ENOMEM;
1207 return -1;
1208 }
1209 n = strlen(p);
1210 } else {
1211 n = snprintf(buf, bufsize,
1212 "0x%x", mode);
1213 }
1214 }
1215
1216 if (!determine_size && n > bufsize) {
1217 errno = ERANGE;
1218 return -1;
1219 }
1220 buf += n;
1221 n_used += n;
1222 bufsize -= n;
1223 n = 0;
1224 }
1225
1226 if (! exclude_dos_size) {
1227 if (all || all_dos) {
1228 if (determine_size) {
1229 p = talloc_asprintf(
1230 ctx,
1231 ",SIZE:%.0f",
1232 (double)size);
1233 if (!p) {
1234 errno = ENOMEM;
1235 return -1;
1236 }
1237 n = strlen(p);
1238 } else {
1239 n = snprintf(buf, bufsize,
1240 ",SIZE:%.0f",
1241 (double)size);
1242 }
1243 } else if (strcasecmp_m(name, "size") == 0) {
1244 if (determine_size) {
1245 p = talloc_asprintf(
1246 ctx,
1247 "%.0f",
1248 (double)size);
1249 if (!p) {
1250 errno = ENOMEM;
1251 return -1;
1252 }
1253 n = strlen(p);
1254 } else {
1255 n = snprintf(buf, bufsize,
1256 "%.0f",
1257 (double)size);
1258 }
1259 }
1260
1261 if (!determine_size && n > bufsize) {
1262 errno = ERANGE;
1263 return -1;
1264 }
1265 buf += n;
1266 n_used += n;
1267 bufsize -= n;
1268 n = 0;
1269 }
1270
1271 if (! exclude_dos_create_time &&
1272 attr_strings.create_time_attr != NULL) {
1273 if (all || all_dos) {
1274 if (determine_size) {
1275 p = talloc_asprintf(ctx,
1276 ",%s:%lu",
1277 attr_strings.create_time_attr,
1278 (unsigned long) create_time);
1279 if (!p) {
1280 errno = ENOMEM;
1281 return -1;
1282 }
1283 n = strlen(p);
1284 } else {
1285 n = snprintf(buf, bufsize,
1286 ",%s:%lu",
1287 attr_strings.create_time_attr,
1288 (unsigned long) create_time);
1289 }
1290 } else if (strcasecmp_m(name, attr_strings.create_time_attr) == 0) {
1291 if (determine_size) {
1292 p = talloc_asprintf(ctx, "%lu", (unsigned long) create_time);
1293 if (!p) {
1294 errno = ENOMEM;
1295 return -1;
1296 }
1297 n = strlen(p);
1298 } else {
1299 n = snprintf(buf, bufsize,
1300 "%lu", (unsigned long) create_time);
1301 }
1302 }
1303
1304 if (!determine_size && n > bufsize) {
1305 errno = ERANGE;
1306 return -1;
1307 }
1308 buf += n;
1309 n_used += n;
1310 bufsize -= n;
1311 n = 0;
1312 }
1313
1314 if (! exclude_dos_access_time) {
1315 if (all || all_dos) {
1316 if (determine_size) {
1317 p = talloc_asprintf(ctx,
1318 ",%s:%lu",
1319 attr_strings.access_time_attr,
1320 (unsigned long) access_time);
1321 if (!p) {
1322 errno = ENOMEM;
1323 return -1;
1324 }
1325 n = strlen(p);
1326 } else {
1327 n = snprintf(buf, bufsize,
1328 ",%s:%lu",
1329 attr_strings.access_time_attr,
1330 (unsigned long) access_time);
1331 }
1332 } else if (strcasecmp_m(name, attr_strings.access_time_attr) == 0) {
1333 if (determine_size) {
1334 p = talloc_asprintf(ctx, "%lu", (unsigned long) access_time);
1335 if (!p) {
1336 errno = ENOMEM;
1337 return -1;
1338 }
1339 n = strlen(p);
1340 } else {
1341 n = snprintf(buf, bufsize,
1342 "%lu", (unsigned long) access_time);
1343 }
1344 }
1345
1346 if (!determine_size && n > bufsize) {
1347 errno = ERANGE;
1348 return -1;
1349 }
1350 buf += n;
1351 n_used += n;
1352 bufsize -= n;
1353 n = 0;
1354 }
1355
1356 if (! exclude_dos_write_time) {
1357 if (all || all_dos) {
1358 if (determine_size) {
1359 p = talloc_asprintf(ctx,
1360 ",%s:%lu",
1361 attr_strings.write_time_attr,
1362 (unsigned long) write_time);
1363 if (!p) {
1364 errno = ENOMEM;
1365 return -1;
1366 }
1367 n = strlen(p);
1368 } else {
1369 n = snprintf(buf, bufsize,
1370 ",%s:%lu",
1371 attr_strings.write_time_attr,
1372 (unsigned long) write_time);
1373 }
1374 } else if (strcasecmp_m(name, attr_strings.write_time_attr) == 0) {
1375 if (determine_size) {
1376 p = talloc_asprintf(ctx, "%lu", (unsigned long) write_time);
1377 if (!p) {
1378 errno = ENOMEM;
1379 return -1;
1380 }
1381 n = strlen(p);
1382 } else {
1383 n = snprintf(buf, bufsize,
1384 "%lu", (unsigned long) write_time);
1385 }
1386 }
1387
1388 if (!determine_size && n > bufsize) {
1389 errno = ERANGE;
1390 return -1;
1391 }
1392 buf += n;
1393 n_used += n;
1394 bufsize -= n;
1395 n = 0;
1396 }
1397
1398 if (! exclude_dos_change_time) {
1399 if (all || all_dos) {
1400 if (determine_size) {
1401 p = talloc_asprintf(ctx,
1402 ",%s:%lu",
1403 attr_strings.change_time_attr,
1404 (unsigned long) change_time);
1405 if (!p) {
1406 errno = ENOMEM;
1407 return -1;
1408 }
1409 n = strlen(p);
1410 } else {
1411 n = snprintf(buf, bufsize,
1412 ",%s:%lu",
1413 attr_strings.change_time_attr,
1414 (unsigned long) change_time);
1415 }
1416 } else if (strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
1417 if (determine_size) {
1418 p = talloc_asprintf(ctx, "%lu", (unsigned long) change_time);
1419 if (!p) {
1420 errno = ENOMEM;
1421 return -1;
1422 }
1423 n = strlen(p);
1424 } else {
1425 n = snprintf(buf, bufsize,
1426 "%lu", (unsigned long) change_time);
1427 }
1428 }
1429
1430 if (!determine_size && n > bufsize) {
1431 errno = ERANGE;
1432 return -1;
1433 }
1434 buf += n;
1435 n_used += n;
1436 bufsize -= n;
1437 n = 0;
1438 }
1439
1440 if (! exclude_dos_inode) {
1441 if (all || all_dos) {
1442 if (determine_size) {
1443 p = talloc_asprintf(
1444 ctx,
1445 ",INODE:%.0f",
1446 (double)ino);
1447 if (!p) {
1448 errno = ENOMEM;
1449 return -1;
1450 }
1451 n = strlen(p);
1452 } else {
1453 n = snprintf(buf, bufsize,
1454 ",INODE:%.0f",
1455 (double) ino);
1456 }
1457 } else if (strcasecmp_m(name, "inode") == 0) {
1458 if (determine_size) {
1459 p = talloc_asprintf(
1460 ctx,
1461 "%.0f",
1462 (double) ino);
1463 if (!p) {
1464 errno = ENOMEM;
1465 return -1;
1466 }
1467 n = strlen(p);
1468 } else {
1469 n = snprintf(buf, bufsize,
1470 "%.0f",
1471 (double) ino);
1472 }
1473 }
1474
1475 if (!determine_size && n > bufsize) {
1476 errno = ERANGE;
1477 return -1;
1478 }
1479 buf += n;
1480 n_used += n;
1481 bufsize -= n;
1482 n = 0;
1483 }
1484
1485 /* Restore name pointer to its original value */
1486 name -= 16;
1487 }
1488
1489 if (n_used == 0) {
1490 errno = ENOATTR;
1491 return -1;
1492 }
1493
1494 return n_used;
1495}
1496
1497/*****************************************************
1498set the ACLs on a file given an ascii description
1499*******************************************************/
1500static int
1501cacl_set(SMBCCTX *context,
1502 TALLOC_CTX *ctx,
1503 struct cli_state *cli,
1504 struct cli_state *ipc_cli,
1505 struct policy_handle *pol,
1506 const char *filename,
1507 char *the_acl,
1508 int mode,
1509 int flags)
1510{
1511 uint16_t fnum = (uint16_t)-1;
1512 int err = 0;
1513 struct security_descriptor *sd = NULL, *old;
1514 struct security_acl *dacl = NULL;
1515 struct dom_sid *owner_sid = NULL;
1516 struct dom_sid *group_sid = NULL;
1517 uint32_t i, j;
1518 size_t sd_size;
1519 int ret = 0;
1520 char *p;
1521 bool numeric = True;
1522 char *targetpath = NULL;
1523 struct cli_state *targetcli = NULL;
1524 NTSTATUS status;
1525
1526 /* the_acl will be null for REMOVE_ALL operations */
1527 if (the_acl) {
1528 numeric = ((p = strchr(the_acl, ':')) != NULL &&
1529 p > the_acl &&
1530 p[-1] != '+');
1531
1532 /* if this is to set the entire ACL... */
1533 if (*the_acl == '*') {
1534 /* ... then increment past the first colon */
1535 the_acl = p + 1;
1536 }
1537
1538 sd = sec_desc_parse(ctx, ipc_cli, pol, numeric, the_acl);
1539 if (!sd) {
1540 errno = EINVAL;
1541 return -1;
1542 }
1543 }
1544
1545 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1546 that doesn't deref sd */
1547
1548 if (!sd && (mode != SMBC_XATTR_MODE_REMOVE_ALL)) {
1549 errno = EINVAL;
1550 return -1;
1551 }
1552
1553 status = cli_resolve_path(ctx, "", context->internal->auth_info,
1554 cli, filename, &targetcli, &targetpath);
1555 if (!NT_STATUS_IS_OK(status)) {
1556 DEBUG(5,("cacl_set: Could not resolve %s\n", filename));
1557 errno = ENOENT;
1558 return -1;
1559 }
1560
1561 /* The desired access below is the only one I could find that works
1562 with NT4, W2KP and Samba */
1563
1564 status = cli_ntcreate(targetcli, targetpath, 0, CREATE_ACCESS_READ, 0,
1565 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN,
1566 0x0, 0x0, &fnum, NULL);
1567 if (!NT_STATUS_IS_OK(status)) {
1568 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1569 targetpath, nt_errstr(status)));
1570 errno = 0;
1571 return -1;
1572 }
1573
1574 status = cli_query_secdesc(targetcli, fnum, ctx, &old);
1575 if (!NT_STATUS_IS_OK(status)) {
1576 DEBUG(5,("cacl_set Failed to query old descriptor of %s: %s\n",
1577 targetpath, nt_errstr(status)));
1578 errno = 0;
1579 return -1;
1580 }
1581
1582 cli_close(targetcli, fnum);
1583
1584 switch (mode) {
1585 case SMBC_XATTR_MODE_REMOVE_ALL:
1586 old->dacl->num_aces = 0;
1587 dacl = old->dacl;
1588 break;
1589
1590 case SMBC_XATTR_MODE_REMOVE:
1591 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1592 bool found = False;
1593
1594 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1595 if (security_ace_equal(&sd->dacl->aces[i],
1596 &old->dacl->aces[j])) {
1597 uint32_t k;
1598 for (k=j; k<old->dacl->num_aces-1;k++) {
1599 old->dacl->aces[k] =
1600 old->dacl->aces[k+1];
1601 }
1602 old->dacl->num_aces--;
1603 found = True;
1604 dacl = old->dacl;
1605 break;
1606 }
1607 }
1608
1609 if (!found) {
1610 err = ENOATTR;
1611 ret = -1;
1612 goto failed;
1613 }
1614 }
1615 break;
1616
1617 case SMBC_XATTR_MODE_ADD:
1618 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1619 bool found = False;
1620
1621 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1622 if (dom_sid_equal(&sd->dacl->aces[i].trustee,
1623 &old->dacl->aces[j].trustee)) {
1624 if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
1625 err = EEXIST;
1626 ret = -1;
1627 goto failed;
1628 }
1629 old->dacl->aces[j] = sd->dacl->aces[i];
1630 ret = -1;
1631 found = True;
1632 }
1633 }
1634
1635 if (!found && (flags & SMBC_XATTR_FLAG_REPLACE)) {
1636 err = ENOATTR;
1637 ret = -1;
1638 goto failed;
1639 }
1640
1641 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1642 add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
1643 }
1644 }
1645 dacl = old->dacl;
1646 break;
1647
1648 case SMBC_XATTR_MODE_SET:
1649 old = sd;
1650 owner_sid = old->owner_sid;
1651 group_sid = old->group_sid;
1652 dacl = old->dacl;
1653 break;
1654
1655 case SMBC_XATTR_MODE_CHOWN:
1656 owner_sid = sd->owner_sid;
1657 break;
1658
1659 case SMBC_XATTR_MODE_CHGRP:
1660 group_sid = sd->group_sid;
1661 break;
1662 }
1663
1664 /* Denied ACE entries must come before allowed ones */
1665 sort_acl(old->dacl);
1666
1667 /* Create new security descriptor and set it */
1668 sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
1669 owner_sid, group_sid, NULL, dacl, &sd_size);
1670
1671 status = cli_ntcreate(targetcli, targetpath, 0,
1672 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS, 0,
1673 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN,
1674 0x0, 0x0, &fnum, NULL);
1675 if (!NT_STATUS_IS_OK(status)) {
1676 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1677 targetpath, nt_errstr(status)));
1678 errno = 0;
1679 return -1;
1680 }
1681
1682 status = cli_set_secdesc(targetcli, fnum, sd);
1683 if (!NT_STATUS_IS_OK(status)) {
1684 DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1685 nt_errstr(status)));
1686 ret = -1;
1687 }
1688
1689 /* Clean up */
1690
1691failed:
1692 cli_close(targetcli, fnum);
1693
1694 if (err != 0) {
1695 errno = err;
1696 }
1697
1698 return ret;
1699}
1700
1701
1702int
1703SMBC_setxattr_ctx(SMBCCTX *context,
1704 const char *fname,
1705 const char *name,
1706 const void *value,
1707 size_t size,
1708 int flags)
1709{
1710 int ret;
1711 int ret2;
1712 SMBCSRV *srv = NULL;
1713 SMBCSRV *ipc_srv = NULL;
1714 char *server = NULL;
1715 char *share = NULL;
1716 char *user = NULL;
1717 char *password = NULL;
1718 char *workgroup = NULL;
1719 char *path = NULL;
1720 DOS_ATTR_DESC *dad = NULL;
1721 struct {
1722 const char * create_time_attr;
1723 const char * access_time_attr;
1724 const char * write_time_attr;
1725 const char * change_time_attr;
1726 } attr_strings;
1727 uint16_t port = 0;
1728 TALLOC_CTX *frame = talloc_stackframe();
1729
1730 if (!context || !context->internal->initialized) {
1731 errno = EINVAL; /* Best I can think of ... */
1732 TALLOC_FREE(frame);
1733 return -1;
1734 }
1735
1736 if (!fname) {
1737 errno = EINVAL;
1738 TALLOC_FREE(frame);
1739 return -1;
1740 }
1741
1742 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1743 fname, name, (int) size, (const char*)value));
1744
1745 if (SMBC_parse_path(frame,
1746 context,
1747 fname,
1748 &workgroup,
1749 &server,
1750 &port,
1751 &share,
1752 &path,
1753 &user,
1754 &password,
1755 NULL)) {
1756 errno = EINVAL;
1757 TALLOC_FREE(frame);
1758 return -1;
1759 }
1760
1761 if (!user || user[0] == (char)0) {
1762 user = talloc_strdup(frame, smbc_getUser(context));
1763 if (!user) {
1764 errno = ENOMEM;
1765 TALLOC_FREE(frame);
1766 return -1;
1767 }
1768 }
1769
1770 srv = SMBC_server(frame, context, True,
1771 server, port, share, &workgroup, &user, &password);
1772 if (!srv) {
1773 TALLOC_FREE(frame);
1774 return -1; /* errno set by SMBC_server */
1775 }
1776
1777 if (! srv->no_nt_session) {
1778 ipc_srv = SMBC_attr_server(frame, context, server, port, share,
1779 &workgroup, &user, &password);
1780 if (! ipc_srv) {
1781 srv->no_nt_session = True;
1782 }
1783 } else {
1784 ipc_srv = NULL;
1785 }
1786
1787 /*
1788 * Are they asking to set the entire set of known attributes?
1789 */
1790 if (strcasecmp_m(name, "system.*") == 0 ||
1791 strcasecmp_m(name, "system.*+") == 0) {
1792 /* Yup. */
1793 char *namevalue =
1794 talloc_asprintf(talloc_tos(), "%s:%s",
1795 name+7, (const char *) value);
1796 if (! namevalue) {
1797 errno = ENOMEM;
1798 ret = -1;
1799 TALLOC_FREE(frame);
1800 return -1;
1801 }
1802
1803 if (ipc_srv) {
1804 ret = cacl_set(context, talloc_tos(), srv->cli,
1805 ipc_srv->cli, &ipc_srv->pol, path,
1806 namevalue,
1807 (*namevalue == '*'
1808 ? SMBC_XATTR_MODE_SET
1809 : SMBC_XATTR_MODE_ADD),
1810 flags);
1811 } else {
1812 ret = 0;
1813 }
1814
1815 /* get a DOS Attribute Descriptor with current attributes */
1816 dad = dos_attr_query(context, talloc_tos(), path, srv);
1817 if (dad) {
1818 /* Overwrite old with new, using what was provided */
1819 dos_attr_parse(context, dad, srv, namevalue);
1820
1821 /* Set the new DOS attributes */
1822 if (! SMBC_setatr(context, srv, path,
1823 dad->create_time,
1824 dad->access_time,
1825 dad->write_time,
1826 dad->change_time,
1827 dad->mode)) {
1828
1829 /* cause failure if NT failed too */
1830 dad = NULL;
1831 }
1832 }
1833
1834 /* we only fail if both NT and DOS sets failed */
1835 if (ret < 0 && ! dad) {
1836 ret = -1; /* in case dad was null */
1837 }
1838 else {
1839 ret = 0;
1840 }
1841
1842 TALLOC_FREE(frame);
1843 return ret;
1844 }
1845
1846 /*
1847 * Are they asking to set an access control element or to set
1848 * the entire access control list?
1849 */
1850 if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
1851 strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
1852 strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
1853 strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
1854 strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
1855
1856 /* Yup. */
1857 char *namevalue =
1858 talloc_asprintf(talloc_tos(), "%s:%s",
1859 name+19, (const char *) value);
1860
1861 if (! ipc_srv) {
1862 ret = -1; /* errno set by SMBC_server() */
1863 }
1864 else if (! namevalue) {
1865 errno = ENOMEM;
1866 ret = -1;
1867 } else {
1868 ret = cacl_set(context, talloc_tos(), srv->cli,
1869 ipc_srv->cli, &ipc_srv->pol, path,
1870 namevalue,
1871 (*namevalue == '*'
1872 ? SMBC_XATTR_MODE_SET
1873 : SMBC_XATTR_MODE_ADD),
1874 flags);
1875 }
1876 TALLOC_FREE(frame);
1877 return ret;
1878 }
1879
1880 /*
1881 * Are they asking to set the owner?
1882 */
1883 if (strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
1884 strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0) {
1885
1886 /* Yup. */
1887 char *namevalue =
1888 talloc_asprintf(talloc_tos(), "%s:%s",
1889 name+19, (const char *) value);
1890
1891 if (! ipc_srv) {
1892 ret = -1; /* errno set by SMBC_server() */
1893 }
1894 else if (! namevalue) {
1895 errno = ENOMEM;
1896 ret = -1;
1897 } else {
1898 ret = cacl_set(context, talloc_tos(), srv->cli,
1899 ipc_srv->cli, &ipc_srv->pol, path,
1900 namevalue, SMBC_XATTR_MODE_CHOWN, 0);
1901 }
1902 TALLOC_FREE(frame);
1903 return ret;
1904 }
1905
1906 /*
1907 * Are they asking to set the group?
1908 */
1909 if (strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
1910 strcasecmp_m(name, "system.nt_sec_desc.group+") == 0) {
1911
1912 /* Yup. */
1913 char *namevalue =
1914 talloc_asprintf(talloc_tos(), "%s:%s",
1915 name+19, (const char *) value);
1916
1917 if (! ipc_srv) {
1918 /* errno set by SMBC_server() */
1919 ret = -1;
1920 }
1921 else if (! namevalue) {
1922 errno = ENOMEM;
1923 ret = -1;
1924 } else {
1925 ret = cacl_set(context, talloc_tos(), srv->cli,
1926 ipc_srv->cli, &ipc_srv->pol, path,
1927 namevalue, SMBC_XATTR_MODE_CHGRP, 0);
1928 }
1929 TALLOC_FREE(frame);
1930 return ret;
1931 }
1932
1933 /* Determine whether to use old-style or new-style attribute names */
1934 if (context->internal->full_time_names) {
1935 /* new-style names */
1936 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
1937 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
1938 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
1939 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
1940 } else {
1941 /* old-style names */
1942 attr_strings.create_time_attr = NULL;
1943 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
1944 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
1945 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
1946 }
1947
1948 /*
1949 * Are they asking to set a DOS attribute?
1950 */
1951 if (strcasecmp_m(name, "system.dos_attr.*") == 0 ||
1952 strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
1953 (attr_strings.create_time_attr != NULL &&
1954 strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
1955 strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
1956 strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
1957 strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
1958
1959 /* get a DOS Attribute Descriptor with current attributes */
1960 dad = dos_attr_query(context, talloc_tos(), path, srv);
1961 if (dad) {
1962 char *namevalue =
1963 talloc_asprintf(talloc_tos(), "%s:%s",
1964 name+16, (const char *) value);
1965 if (! namevalue) {
1966 errno = ENOMEM;
1967 ret = -1;
1968 } else {
1969 /* Overwrite old with provided new params */
1970 dos_attr_parse(context, dad, srv, namevalue);
1971
1972 /* Set the new DOS attributes */
1973 ret2 = SMBC_setatr(context, srv, path,
1974 dad->create_time,
1975 dad->access_time,
1976 dad->write_time,
1977 dad->change_time,
1978 dad->mode);
1979
1980 /* ret2 has True (success) / False (failure) */
1981 if (ret2) {
1982 ret = 0;
1983 } else {
1984 ret = -1;
1985 }
1986 }
1987 } else {
1988 ret = -1;
1989 }
1990
1991 TALLOC_FREE(frame);
1992 return ret;
1993 }
1994
1995 /* Unsupported attribute name */
1996 errno = EINVAL;
1997 TALLOC_FREE(frame);
1998 return -1;
1999}
2000
2001int
2002SMBC_getxattr_ctx(SMBCCTX *context,
2003 const char *fname,
2004 const char *name,
2005 const void *value,
2006 size_t size)
2007{
2008 int ret;
2009 SMBCSRV *srv = NULL;
2010 SMBCSRV *ipc_srv = NULL;
2011 char *server = NULL;
2012 char *share = NULL;
2013 char *user = NULL;
2014 char *password = NULL;
2015 char *workgroup = NULL;
2016 char *path = NULL;
2017 struct {
2018 const char * create_time_attr;
2019 const char * access_time_attr;
2020 const char * write_time_attr;
2021 const char * change_time_attr;
2022 } attr_strings;
2023 uint16_t port = 0;
2024 TALLOC_CTX *frame = talloc_stackframe();
2025
2026 if (!context || !context->internal->initialized) {
2027 errno = EINVAL; /* Best I can think of ... */
2028 TALLOC_FREE(frame);
2029 return -1;
2030 }
2031
2032 if (!fname) {
2033 errno = EINVAL;
2034 TALLOC_FREE(frame);
2035 return -1;
2036 }
2037
2038 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname, name));
2039
2040 if (SMBC_parse_path(frame,
2041 context,
2042 fname,
2043 &workgroup,
2044 &server,
2045 &port,
2046 &share,
2047 &path,
2048 &user,
2049 &password,
2050 NULL)) {
2051 errno = EINVAL;
2052 TALLOC_FREE(frame);
2053 return -1;
2054 }
2055
2056 if (!user || user[0] == (char)0) {
2057 user = talloc_strdup(frame, smbc_getUser(context));
2058 if (!user) {
2059 errno = ENOMEM;
2060 TALLOC_FREE(frame);
2061 return -1;
2062 }
2063 }
2064
2065 srv = SMBC_server(frame, context, True,
2066 server, port, share, &workgroup, &user, &password);
2067 if (!srv) {
2068 TALLOC_FREE(frame);
2069 return -1; /* errno set by SMBC_server */
2070 }
2071
2072 if (! srv->no_nt_session) {
2073 ipc_srv = SMBC_attr_server(frame, context, server, port, share,
2074 &workgroup, &user, &password);
2075 /*
2076 * SMBC_attr_server() can cause the original
2077 * server to be removed from the cache.
2078 * If so we must error out here as the srv
2079 * pointer has been freed.
2080 */
2081 if (smbc_getFunctionGetCachedServer(context)(context,
2082 server,
2083 share,
2084 workgroup,
2085 user) != srv) {
2086#if defined(ECONNRESET)
2087 errno = ECONNRESET;
2088#else
2089 errno = ETIMEDOUT;
2090#endif
2091 TALLOC_FREE(frame);
2092 return -1;
2093 }
2094 if (! ipc_srv) {
2095 srv->no_nt_session = True;
2096 }
2097 } else {
2098 ipc_srv = NULL;
2099 }
2100
2101 /* Determine whether to use old-style or new-style attribute names */
2102 if (context->internal->full_time_names) {
2103 /* new-style names */
2104 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
2105 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
2106 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
2107 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
2108 } else {
2109 /* old-style names */
2110 attr_strings.create_time_attr = NULL;
2111 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
2112 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
2113 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
2114 }
2115
2116 /* Are they requesting a supported attribute? */
2117 if (strcasecmp_m(name, "system.*") == 0 ||
2118 strncasecmp_m(name, "system.*!", 9) == 0 ||
2119 strcasecmp_m(name, "system.*+") == 0 ||
2120 strncasecmp_m(name, "system.*+!", 10) == 0 ||
2121 strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
2122 strncasecmp_m(name, "system.nt_sec_desc.*!", 21) == 0 ||
2123 strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
2124 strncasecmp_m(name, "system.nt_sec_desc.*+!", 22) == 0 ||
2125 strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
2126 strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
2127 strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
2128 strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
2129 strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
2130 strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
2131 strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0 ||
2132 strcasecmp_m(name, "system.dos_attr.*") == 0 ||
2133 strncasecmp_m(name, "system.dos_attr.*!", 18) == 0 ||
2134 strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
2135 strcasecmp_m(name, "system.dos_attr.size") == 0 ||
2136 (attr_strings.create_time_attr != NULL &&
2137 strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
2138 strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
2139 strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
2140 strcasecmp_m(name, attr_strings.change_time_attr) == 0 ||
2141 strcasecmp_m(name, "system.dos_attr.inode") == 0) {
2142
2143 /* Yup. */
2144 const char *filename = name;
2145 ret = cacl_get(context, talloc_tos(), srv,
2146 ipc_srv == NULL ? NULL : ipc_srv->cli,
2147 &ipc_srv->pol, path,
2148 filename,
2149 discard_const_p(char, value),
2150 size);
2151 if (ret < 0 && errno == 0) {
2152 errno = SMBC_errno(context, srv->cli);
2153 }
2154 TALLOC_FREE(frame);
2155 return ret;
2156 }
2157
2158 /* Unsupported attribute name */
2159 errno = EINVAL;
2160 TALLOC_FREE(frame);
2161 return -1;
2162}
2163
2164
2165int
2166SMBC_removexattr_ctx(SMBCCTX *context,
2167 const char *fname,
2168 const char *name)
2169{
2170 int ret;
2171 SMBCSRV *srv = NULL;
2172 SMBCSRV *ipc_srv = NULL;
2173 char *server = NULL;
2174 char *share = NULL;
2175 char *user = NULL;
2176 char *password = NULL;
2177 char *workgroup = NULL;
2178 char *path = NULL;
2179 uint16_t port = 0;
2180 TALLOC_CTX *frame = talloc_stackframe();
2181
2182 if (!context || !context->internal->initialized) {
2183 errno = EINVAL; /* Best I can think of ... */
2184 TALLOC_FREE(frame);
2185 return -1;
2186 }
2187
2188 if (!fname) {
2189 errno = EINVAL;
2190 TALLOC_FREE(frame);
2191 return -1;
2192 }
2193
2194 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname, name));
2195
2196 if (SMBC_parse_path(frame,
2197 context,
2198 fname,
2199 &workgroup,
2200 &server,
2201 &port,
2202 &share,
2203 &path,
2204 &user,
2205 &password,
2206 NULL)) {
2207 errno = EINVAL;
2208 TALLOC_FREE(frame);
2209 return -1;
2210 }
2211
2212 if (!user || user[0] == (char)0) {
2213 user = talloc_strdup(frame, smbc_getUser(context));
2214 if (!user) {
2215 errno = ENOMEM;
2216 TALLOC_FREE(frame);
2217 return -1;
2218 }
2219 }
2220
2221 srv = SMBC_server(frame, context, True,
2222 server, port, share, &workgroup, &user, &password);
2223 if (!srv) {
2224 TALLOC_FREE(frame);
2225 return -1; /* errno set by SMBC_server */
2226 }
2227
2228 if (! srv->no_nt_session) {
2229 int saved_errno;
2230 ipc_srv = SMBC_attr_server(frame, context, server, port, share,
2231 &workgroup, &user, &password);
2232 saved_errno = errno;
2233 /*
2234 * SMBC_attr_server() can cause the original
2235 * server to be removed from the cache.
2236 * If so we must error out here as the srv
2237 * pointer has been freed.
2238 */
2239 if (smbc_getFunctionGetCachedServer(context)(context,
2240 server,
2241 share,
2242 workgroup,
2243 user) != srv) {
2244#if defined(ECONNRESET)
2245 errno = ECONNRESET;
2246#else
2247 errno = ETIMEDOUT;
2248#endif
2249 TALLOC_FREE(frame);
2250 return -1;
2251 }
2252 if (! ipc_srv) {
2253 errno = saved_errno;
2254 srv->no_nt_session = True;
2255 }
2256 } else {
2257 ipc_srv = NULL;
2258 }
2259
2260 if (! ipc_srv) {
2261 TALLOC_FREE(frame);
2262 return -1; /* errno set by SMBC_attr_server */
2263 }
2264
2265 /* Are they asking to set the entire ACL? */
2266 if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
2267 strcasecmp_m(name, "system.nt_sec_desc.*+") == 0) {
2268
2269 /* Yup. */
2270 ret = cacl_set(context, talloc_tos(), srv->cli,
2271 ipc_srv->cli, &ipc_srv->pol, path,
2272 NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
2273 TALLOC_FREE(frame);
2274 return ret;
2275 }
2276
2277 /*
2278 * Are they asking to remove one or more spceific security descriptor
2279 * attributes?
2280 */
2281 if (strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
2282 strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
2283 strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
2284 strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
2285 strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
2286 strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
2287 strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
2288
2289 /* Yup. */
2290 ret = cacl_set(context, talloc_tos(), srv->cli,
2291 ipc_srv->cli, &ipc_srv->pol, path,
2292 discard_const_p(char, name) + 19,
2293 SMBC_XATTR_MODE_REMOVE, 0);
2294 TALLOC_FREE(frame);
2295 return ret;
2296 }
2297
2298 /* Unsupported attribute name */
2299 errno = EINVAL;
2300 TALLOC_FREE(frame);
2301 return -1;
2302}
2303
2304int
2305SMBC_listxattr_ctx(SMBCCTX *context,
2306 const char *fname,
2307 char *list,
2308 size_t size)
2309{
2310 /*
2311 * This isn't quite what listxattr() is supposed to do. This returns
2312 * the complete set of attribute names, always, rather than only those
2313 * attribute names which actually exist for a file. Hmmm...
2314 */
2315 size_t retsize;
2316 const char supported_old[] =
2317 "system.*\0"
2318 "system.*+\0"
2319 "system.nt_sec_desc.revision\0"
2320 "system.nt_sec_desc.owner\0"
2321 "system.nt_sec_desc.owner+\0"
2322 "system.nt_sec_desc.group\0"
2323 "system.nt_sec_desc.group+\0"
2324 "system.nt_sec_desc.acl.*\0"
2325 "system.nt_sec_desc.acl\0"
2326 "system.nt_sec_desc.acl+\0"
2327 "system.nt_sec_desc.*\0"
2328 "system.nt_sec_desc.*+\0"
2329 "system.dos_attr.*\0"
2330 "system.dos_attr.mode\0"
2331 "system.dos_attr.c_time\0"
2332 "system.dos_attr.a_time\0"
2333 "system.dos_attr.m_time\0"
2334 ;
2335 const char supported_new[] =
2336 "system.*\0"
2337 "system.*+\0"
2338 "system.nt_sec_desc.revision\0"
2339 "system.nt_sec_desc.owner\0"
2340 "system.nt_sec_desc.owner+\0"
2341 "system.nt_sec_desc.group\0"
2342 "system.nt_sec_desc.group+\0"
2343 "system.nt_sec_desc.acl.*\0"
2344 "system.nt_sec_desc.acl\0"
2345 "system.nt_sec_desc.acl+\0"
2346 "system.nt_sec_desc.*\0"
2347 "system.nt_sec_desc.*+\0"
2348 "system.dos_attr.*\0"
2349 "system.dos_attr.mode\0"
2350 "system.dos_attr.create_time\0"
2351 "system.dos_attr.access_time\0"
2352 "system.dos_attr.write_time\0"
2353 "system.dos_attr.change_time\0"
2354 ;
2355 const char * supported;
2356
2357 if (context->internal->full_time_names) {
2358 supported = supported_new;
2359 retsize = sizeof(supported_new);
2360 } else {
2361 supported = supported_old;
2362 retsize = sizeof(supported_old);
2363 }
2364
2365 if (size == 0) {
2366 return retsize;
2367 }
2368
2369 if (retsize > size) {
2370 errno = ERANGE;
2371 return -1;
2372 }
2373
2374 /* this can't be strcpy() because there are embedded null characters */
2375 memcpy(list, supported, retsize);
2376 return retsize;
2377}
Note: See TracBrowser for help on using the repository browser.