2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "libsmbclient.h"
27 #include "libsmb_internal.h"
31 * Find an lsa pipe handle associated with a cli struct.
33 static struct rpc_pipe_client *
34 find_lsa_pipe_hnd(struct cli_state *ipc_cli)
36 struct rpc_pipe_client *pipe_hnd;
38 for (pipe_hnd = ipc_cli->pipe_list;
40 pipe_hnd = pipe_hnd->next) {
42 if (ndr_syntax_id_equal(&pipe_hnd->abstract_syntax,
43 &ndr_table_lsarpc.syntax_id)) {
52 * Sort ACEs according to the documentation at
53 * http://support.microsoft.com/kb/269175, at least as far as it defines the
58 ace_compare(SEC_ACE *ace1,
64 /* If the ACEs are equal, we have nothing more to do. */
65 if (sec_ace_equal(ace1, ace2)) {
69 /* Inherited follow non-inherited */
70 b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
71 b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
77 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
78 * sort them after DENY and ALLOW.
80 b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
81 ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
82 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
83 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
84 b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
85 ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
86 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
87 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
92 /* Allowed ACEs follow denied ACEs */
93 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
94 ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
95 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
96 ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
102 * ACEs applying to an entity's object follow those applying to the
105 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
106 ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
107 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
108 ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
110 return (b1 ? 1 : -1);
114 * If we get this far, the ACEs are similar as far as the
115 * characteristics we typically care about (those defined by the
116 * referenced MS document). We'll now sort by characteristics that
117 * just seems reasonable.
120 if (ace1->type != ace2->type) {
121 return ace2->type - ace1->type;
124 if (sid_compare(&ace1->trustee, &ace2->trustee)) {
125 return sid_compare(&ace1->trustee, &ace2->trustee);
128 if (ace1->flags != ace2->flags) {
129 return ace1->flags - ace2->flags;
132 if (ace1->access_mask != ace2->access_mask) {
133 return ace1->access_mask - ace2->access_mask;
136 if (ace1->size != ace2->size) {
137 return ace1->size - ace2->size;
140 return memcmp(ace1, ace2, sizeof(SEC_ACE));
145 sort_acl(SEC_ACL *the_acl)
148 if (!the_acl) return;
150 qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]),
151 QSORT_CAST ace_compare);
153 for (i=1;i<the_acl->num_aces;) {
154 if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) {
156 for (j=i; j<the_acl->num_aces-1; j++) {
157 the_acl->aces[j] = the_acl->aces[j+1];
166 /* convert a SID to a string, either numeric or username/group */
168 convert_sid_to_string(struct cli_state *ipc_cli,
174 char **domains = NULL;
176 enum lsa_SidType *types = NULL;
177 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
180 sid_to_fstring(str, sid);
183 return; /* no lookup desired */
190 /* Ask LSA to convert the sid to a name */
192 ctx = talloc_stackframe();
194 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd, ctx,
195 pol, 1, sid, &domains,
197 !domains || !domains[0] || !names || !names[0]) {
205 slprintf(str, sizeof(fstring) - 1, "%s%s%s",
206 domains[0], lp_winbind_separator(),
210 /* convert a string to a SID, either numeric or username/group */
212 convert_string_to_sid(struct cli_state *ipc_cli,
218 enum lsa_SidType *types = NULL;
219 DOM_SID *sids = NULL;
221 TALLOC_CTX *ctx = NULL;
222 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
229 if (strncmp(str, "S-", 2) == 0) {
230 return string_to_sid(sid, str);
237 ctx = talloc_stackframe();
238 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd, ctx,
246 sid_copy(sid, &sids[0]);
254 /* parse an ACE in the same format as print_ace() */
256 parse_ace(struct cli_state *ipc_cli,
270 const struct perm_value *v;
275 TALLOC_CTX *frame = talloc_stackframe();
277 /* These values discovered by inspection */
278 static const struct perm_value special_values[] = {
288 static const struct perm_value standard_values[] = {
289 { "READ", 0x001200a9 },
290 { "CHANGE", 0x001301bf },
291 { "FULL", 0x001f01ff },
297 p = strchr_m(str,':');
304 /* Try to parse numeric form */
306 if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
307 convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
311 /* Try to parse text form */
313 if (!convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
319 if (!next_token_talloc(frame, &cp, &tok, "/")) {
324 if (StrnCaseCmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
325 atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
326 } else if (StrnCaseCmp(tok, "DENIED", strlen("DENIED")) == 0) {
327 atype = SEC_ACE_TYPE_ACCESS_DENIED;
333 /* Only numeric form accepted for flags at present */
335 if (!(next_token_talloc(frame, &cp, &tok, "/") &&
336 sscanf(tok, "%i", &aflags))) {
341 if (!next_token_talloc(frame, &cp, &tok, "/")) {
346 if (strncmp(tok, "0x", 2) == 0) {
347 if (sscanf(tok, "%i", &amask) != 1) {
354 for (v = standard_values; v->perm; v++) {
355 if (strcmp(tok, v->perm) == 0) {
366 for (v = special_values; v->perm; v++) {
367 if (v->perm[0] == *p) {
387 init_sec_ace(ace, &sid, atype, mask, aflags);
392 /* add an ACE to a list of ACEs in a SEC_ACL */
394 add_ace(SEC_ACL **the_acl,
402 (*the_acl) = make_sec_acl(ctx, 3, 1, ace);
406 if ((aces = SMB_CALLOC_ARRAY(SEC_ACE,
407 1+(*the_acl)->num_aces)) == NULL) {
410 memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE));
411 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
412 newacl = make_sec_acl(ctx, (*the_acl)->revision,
413 1+(*the_acl)->num_aces, aces);
420 /* parse a ascii version of a security descriptor */
422 sec_desc_parse(TALLOC_CTX *ctx,
423 struct cli_state *ipc_cli,
430 SEC_DESC *ret = NULL;
432 DOM_SID *group_sid=NULL;
433 DOM_SID *owner_sid=NULL;
437 while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
439 if (StrnCaseCmp(tok,"REVISION:", 9) == 0) {
440 revision = strtol(tok+9, NULL, 16);
444 if (StrnCaseCmp(tok,"OWNER:", 6) == 0) {
446 DEBUG(5,("OWNER specified more than once!\n"));
449 owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
451 !convert_string_to_sid(ipc_cli, pol,
454 DEBUG(5, ("Failed to parse owner sid\n"));
460 if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) {
462 DEBUG(5,("OWNER specified more than once!\n"));
465 owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
467 !convert_string_to_sid(ipc_cli, pol,
470 DEBUG(5, ("Failed to parse owner sid\n"));
476 if (StrnCaseCmp(tok,"GROUP:", 6) == 0) {
478 DEBUG(5,("GROUP specified more than once!\n"));
481 group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
483 !convert_string_to_sid(ipc_cli, pol,
486 DEBUG(5, ("Failed to parse group sid\n"));
492 if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) {
494 DEBUG(5,("GROUP specified more than once!\n"));
497 group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
499 !convert_string_to_sid(ipc_cli, pol,
502 DEBUG(5, ("Failed to parse group sid\n"));
508 if (StrnCaseCmp(tok,"ACL:", 4) == 0) {
510 if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
511 DEBUG(5, ("Failed to parse ACL %s\n", tok));
514 if(!add_ace(&dacl, &ace, ctx)) {
515 DEBUG(5, ("Failed to add ACL %s\n", tok));
521 if (StrnCaseCmp(tok,"ACL+:", 5) == 0) {
523 if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
524 DEBUG(5, ("Failed to parse ACL %s\n", tok));
527 if(!add_ace(&dacl, &ace, ctx)) {
528 DEBUG(5, ("Failed to add ACL %s\n", tok));
534 DEBUG(5, ("Failed to parse security descriptor\n"));
538 ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE,
539 owner_sid, group_sid, NULL, dacl, &sd_size);
542 SAFE_FREE(group_sid);
543 SAFE_FREE(owner_sid);
549 /* Obtain the current dos attributes */
550 static DOS_ATTR_DESC *
551 dos_attr_query(SMBCCTX *context,
553 const char *filename,
556 struct timespec create_time_ts;
557 struct timespec write_time_ts;
558 struct timespec access_time_ts;
559 struct timespec change_time_ts;
565 ret = TALLOC_P(ctx, DOS_ATTR_DESC);
571 /* Obtain the DOS attributes */
572 if (!SMBC_getatr(context, srv, CONST_DISCARD(char *, filename),
579 errno = SMBC_errno(context, srv->cli);
580 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
586 ret->create_time = convert_timespec_to_time_t(create_time_ts);
587 ret->access_time = convert_timespec_to_time_t(access_time_ts);
588 ret->write_time = convert_timespec_to_time_t(write_time_ts);
589 ret->change_time = convert_timespec_to_time_t(change_time_ts);
596 /* parse a ascii version of a security descriptor */
598 dos_attr_parse(SMBCCTX *context,
606 TALLOC_CTX *frame = NULL;
608 const char * create_time_attr;
609 const char * access_time_attr;
610 const char * write_time_attr;
611 const char * change_time_attr;
614 /* Determine whether to use old-style or new-style attribute names */
615 if (context->internal->full_time_names) {
616 /* new-style names */
617 attr_strings.create_time_attr = "CREATE_TIME";
618 attr_strings.access_time_attr = "ACCESS_TIME";
619 attr_strings.write_time_attr = "WRITE_TIME";
620 attr_strings.change_time_attr = "CHANGE_TIME";
622 /* old-style names */
623 attr_strings.create_time_attr = NULL;
624 attr_strings.access_time_attr = "A_TIME";
625 attr_strings.write_time_attr = "M_TIME";
626 attr_strings.change_time_attr = "C_TIME";
629 /* if this is to set the entire ACL... */
631 /* ... then increment past the first colon if there is one */
632 if ((p = strchr(str, ':')) != NULL) {
639 frame = talloc_stackframe();
640 while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
641 if (StrnCaseCmp(tok, "MODE:", 5) == 0) {
642 long request = strtol(tok+5, NULL, 16);
644 dad->mode = (request |
645 (IS_DOS_DIR(dad->mode)
646 ? FILE_ATTRIBUTE_DIRECTORY
647 : FILE_ATTRIBUTE_NORMAL));
654 if (StrnCaseCmp(tok, "SIZE:", 5) == 0) {
655 dad->size = (SMB_OFF_T)atof(tok+5);
659 n = strlen(attr_strings.access_time_attr);
660 if (StrnCaseCmp(tok, attr_strings.access_time_attr, n) == 0) {
661 dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
665 n = strlen(attr_strings.change_time_attr);
666 if (StrnCaseCmp(tok, attr_strings.change_time_attr, n) == 0) {
667 dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
671 n = strlen(attr_strings.write_time_attr);
672 if (StrnCaseCmp(tok, attr_strings.write_time_attr, n) == 0) {
673 dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
677 if (attr_strings.create_time_attr != NULL) {
678 n = strlen(attr_strings.create_time_attr);
679 if (StrnCaseCmp(tok, attr_strings.create_time_attr,
681 dad->create_time = (time_t)strtol(tok+n+1,
687 if (StrnCaseCmp(tok, "INODE:", 6) == 0) {
688 dad->inode = (SMB_INO_T)atof(tok+6);
695 /*****************************************************
696 Retrieve the acls for a file.
697 *******************************************************/
700 cacl_get(SMBCCTX *context,
703 struct cli_state *ipc_cli,
719 bool exclude_nt_revision = False;
720 bool exclude_nt_owner = False;
721 bool exclude_nt_group = False;
722 bool exclude_nt_acl = False;
723 bool exclude_dos_mode = False;
724 bool exclude_dos_size = False;
725 bool exclude_dos_create_time = False;
726 bool exclude_dos_access_time = False;
727 bool exclude_dos_write_time = False;
728 bool exclude_dos_change_time = False;
729 bool exclude_dos_inode = False;
731 bool determine_size = (bufsize == 0);
735 fstring name_sandbox;
739 struct timespec create_time_ts;
740 struct timespec write_time_ts;
741 struct timespec access_time_ts;
742 struct timespec change_time_ts;
743 time_t create_time = (time_t)0;
744 time_t write_time = (time_t)0;
745 time_t access_time = (time_t)0;
746 time_t change_time = (time_t)0;
750 struct cli_state *cli = srv->cli;
752 const char * create_time_attr;
753 const char * access_time_attr;
754 const char * write_time_attr;
755 const char * change_time_attr;
758 const char * create_time_attr;
759 const char * access_time_attr;
760 const char * write_time_attr;
761 const char * change_time_attr;
764 /* Determine whether to use old-style or new-style attribute names */
765 if (context->internal->full_time_names) {
766 /* new-style names */
767 attr_strings.create_time_attr = "CREATE_TIME";
768 attr_strings.access_time_attr = "ACCESS_TIME";
769 attr_strings.write_time_attr = "WRITE_TIME";
770 attr_strings.change_time_attr = "CHANGE_TIME";
772 excl_attr_strings.create_time_attr = "CREATE_TIME";
773 excl_attr_strings.access_time_attr = "ACCESS_TIME";
774 excl_attr_strings.write_time_attr = "WRITE_TIME";
775 excl_attr_strings.change_time_attr = "CHANGE_TIME";
777 /* old-style names */
778 attr_strings.create_time_attr = NULL;
779 attr_strings.access_time_attr = "A_TIME";
780 attr_strings.write_time_attr = "M_TIME";
781 attr_strings.change_time_attr = "C_TIME";
783 excl_attr_strings.create_time_attr = NULL;
784 excl_attr_strings.access_time_attr = "dos_attr.A_TIME";
785 excl_attr_strings.write_time_attr = "dos_attr.M_TIME";
786 excl_attr_strings.change_time_attr = "dos_attr.C_TIME";
789 /* Copy name so we can strip off exclusions (if any are specified) */
790 strncpy(name_sandbox, attr_name, sizeof(name_sandbox) - 1);
792 /* Ensure name is null terminated */
793 name_sandbox[sizeof(name_sandbox) - 1] = '\0';
795 /* Play in the sandbox */
798 /* If there are any exclusions, point to them and mask them from name */
799 if ((pExclude = strchr(name, '!')) != NULL)
804 all = (StrnCaseCmp(name, "system.*", 8) == 0);
805 all_nt = (StrnCaseCmp(name, "system.nt_sec_desc.*", 20) == 0);
806 all_nt_acls = (StrnCaseCmp(name, "system.nt_sec_desc.acl.*", 24) == 0);
807 all_dos = (StrnCaseCmp(name, "system.dos_attr.*", 17) == 0);
808 some_nt = (StrnCaseCmp(name, "system.nt_sec_desc.", 19) == 0);
809 some_dos = (StrnCaseCmp(name, "system.dos_attr.", 16) == 0);
810 numeric = (* (name + strlen(name) - 1) != '+');
812 /* Look for exclusions from "all" requests */
813 if (all || all_nt || all_dos) {
815 /* Exclusions are delimited by '!' */
818 pExclude = (p == NULL ? NULL : p + 1)) {
820 /* Find end of this exclusion name */
821 if ((p = strchr(pExclude, '!')) != NULL)
826 /* Which exclusion name is this? */
827 if (StrCaseCmp(pExclude,
828 "nt_sec_desc.revision") == 0) {
829 exclude_nt_revision = True;
831 else if (StrCaseCmp(pExclude,
832 "nt_sec_desc.owner") == 0) {
833 exclude_nt_owner = True;
835 else if (StrCaseCmp(pExclude,
836 "nt_sec_desc.group") == 0) {
837 exclude_nt_group = True;
839 else if (StrCaseCmp(pExclude,
840 "nt_sec_desc.acl") == 0) {
841 exclude_nt_acl = True;
843 else if (StrCaseCmp(pExclude,
844 "dos_attr.mode") == 0) {
845 exclude_dos_mode = True;
847 else if (StrCaseCmp(pExclude,
848 "dos_attr.size") == 0) {
849 exclude_dos_size = True;
851 else if (excl_attr_strings.create_time_attr != NULL &&
853 excl_attr_strings.change_time_attr) == 0) {
854 exclude_dos_create_time = True;
856 else if (StrCaseCmp(pExclude,
857 excl_attr_strings.access_time_attr) == 0) {
858 exclude_dos_access_time = True;
860 else if (StrCaseCmp(pExclude,
861 excl_attr_strings.write_time_attr) == 0) {
862 exclude_dos_write_time = True;
864 else if (StrCaseCmp(pExclude,
865 excl_attr_strings.change_time_attr) == 0) {
866 exclude_dos_change_time = True;
868 else if (StrCaseCmp(pExclude, "dos_attr.inode") == 0) {
869 exclude_dos_inode = True;
872 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
883 * If we are (possibly) talking to an NT or new system and some NT
884 * attributes have been requested...
886 if (ipc_cli && (all || some_nt || all_nt_acls)) {
887 /* Point to the portion after "system.nt_sec_desc." */
888 name += 19; /* if (all) this will be invalid but unused */
890 /* ... then obtain any NT attributes which were requested */
891 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
894 DEBUG(5, ("cacl_get failed to open %s: %s\n",
895 filename, cli_errstr(cli)));
900 sd = cli_query_secdesc(cli, fnum, ctx);
904 ("cacl_get Failed to query old descriptor\n"));
909 cli_close(cli, fnum);
911 if (! exclude_nt_revision) {
913 if (determine_size) {
914 p = talloc_asprintf(ctx,
923 n = snprintf(buf, bufsize,
927 } else if (StrCaseCmp(name, "revision") == 0) {
928 if (determine_size) {
929 p = talloc_asprintf(ctx, "%d",
937 n = snprintf(buf, bufsize, "%d",
942 if (!determine_size && n > bufsize) {
952 if (! exclude_nt_owner) {
953 /* Get owner and group sid */
955 convert_sid_to_string(ipc_cli, pol,
964 if (determine_size) {
965 p = talloc_asprintf(ctx, ",OWNER:%s",
972 } else if (sidstr[0] != '\0') {
973 n = snprintf(buf, bufsize,
974 ",OWNER:%s", sidstr);
976 } else if (StrnCaseCmp(name, "owner", 5) == 0) {
977 if (determine_size) {
978 p = talloc_asprintf(ctx, "%s", sidstr);
985 n = snprintf(buf, bufsize, "%s",
990 if (!determine_size && n > bufsize) {
1000 if (! exclude_nt_group) {
1001 if (sd->group_sid) {
1002 convert_sid_to_string(ipc_cli, pol,
1006 fstrcpy(sidstr, "");
1009 if (all || all_nt) {
1010 if (determine_size) {
1011 p = talloc_asprintf(ctx, ",GROUP:%s",
1018 } else if (sidstr[0] != '\0') {
1019 n = snprintf(buf, bufsize,
1020 ",GROUP:%s", sidstr);
1022 } else if (StrnCaseCmp(name, "group", 5) == 0) {
1023 if (determine_size) {
1024 p = talloc_asprintf(ctx, "%s", sidstr);
1031 n = snprintf(buf, bufsize,
1036 if (!determine_size && n > bufsize) {
1046 if (! exclude_nt_acl) {
1047 /* Add aces to value buffer */
1048 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1050 SEC_ACE *ace = &sd->dacl->aces[i];
1051 convert_sid_to_string(ipc_cli, pol,
1055 if (all || all_nt) {
1056 if (determine_size) {
1057 p = talloc_asprintf(
1073 ",ACL:%s:%d/%d/0x%08x",
1079 } else if ((StrnCaseCmp(name, "acl", 3) == 0 &&
1080 StrCaseCmp(name+3, sidstr) == 0) ||
1081 (StrnCaseCmp(name, "acl+", 4) == 0 &&
1082 StrCaseCmp(name+4, sidstr) == 0)) {
1083 if (determine_size) {
1084 p = talloc_asprintf(
1096 n = snprintf(buf, bufsize,
1102 } else if (all_nt_acls) {
1103 if (determine_size) {
1104 p = talloc_asprintf(
1106 "%s%s:%d/%d/0x%08x",
1118 n = snprintf(buf, bufsize,
1119 "%s%s:%d/%d/0x%08x",
1127 if (!determine_size && n > bufsize) {
1138 /* Restore name pointer to its original value */
1142 if (all || some_dos) {
1143 /* Point to the portion after "system.dos_attr." */
1144 name += 16; /* if (all) this will be invalid but unused */
1146 /* Obtain the DOS attributes */
1147 if (!SMBC_getatr(context, srv, filename, &mode, &size,
1154 errno = SMBC_errno(context, srv->cli);
1159 create_time = convert_timespec_to_time_t(create_time_ts);
1160 access_time = convert_timespec_to_time_t(access_time_ts);
1161 write_time = convert_timespec_to_time_t(write_time_ts);
1162 change_time = convert_timespec_to_time_t(change_time_ts);
1164 if (! exclude_dos_mode) {
1165 if (all || all_dos) {
1166 if (determine_size) {
1167 p = talloc_asprintf(ctx,
1180 n = snprintf(buf, bufsize,
1188 } else if (StrCaseCmp(name, "mode") == 0) {
1189 if (determine_size) {
1190 p = talloc_asprintf(ctx, "0x%x", mode);
1197 n = snprintf(buf, bufsize,
1202 if (!determine_size && n > bufsize) {
1212 if (! exclude_dos_size) {
1213 if (all || all_dos) {
1214 if (determine_size) {
1215 p = talloc_asprintf(
1225 n = snprintf(buf, bufsize,
1229 } else if (StrCaseCmp(name, "size") == 0) {
1230 if (determine_size) {
1231 p = talloc_asprintf(
1241 n = snprintf(buf, bufsize,
1247 if (!determine_size && n > bufsize) {
1257 if (! exclude_dos_create_time &&
1258 attr_strings.create_time_attr != NULL) {
1259 if (all || all_dos) {
1260 if (determine_size) {
1261 p = talloc_asprintf(ctx,
1263 attr_strings.create_time_attr,
1271 n = snprintf(buf, bufsize,
1273 attr_strings.create_time_attr,
1276 } else if (StrCaseCmp(name, attr_strings.create_time_attr) == 0) {
1277 if (determine_size) {
1278 p = talloc_asprintf(ctx, "%lu", create_time);
1285 n = snprintf(buf, bufsize,
1286 "%lu", create_time);
1290 if (!determine_size && n > bufsize) {
1300 if (! exclude_dos_access_time) {
1301 if (all || all_dos) {
1302 if (determine_size) {
1303 p = talloc_asprintf(ctx,
1305 attr_strings.access_time_attr,
1313 n = snprintf(buf, bufsize,
1315 attr_strings.access_time_attr,
1318 } else if (StrCaseCmp(name, attr_strings.access_time_attr) == 0) {
1319 if (determine_size) {
1320 p = talloc_asprintf(ctx, "%lu", access_time);
1327 n = snprintf(buf, bufsize,
1328 "%lu", access_time);
1332 if (!determine_size && n > bufsize) {
1342 if (! exclude_dos_write_time) {
1343 if (all || all_dos) {
1344 if (determine_size) {
1345 p = talloc_asprintf(ctx,
1347 attr_strings.write_time_attr,
1355 n = snprintf(buf, bufsize,
1357 attr_strings.write_time_attr,
1360 } else if (StrCaseCmp(name, attr_strings.write_time_attr) == 0) {
1361 if (determine_size) {
1362 p = talloc_asprintf(ctx, "%lu", write_time);
1369 n = snprintf(buf, bufsize,
1374 if (!determine_size && n > bufsize) {
1384 if (! exclude_dos_change_time) {
1385 if (all || all_dos) {
1386 if (determine_size) {
1387 p = talloc_asprintf(ctx,
1389 attr_strings.change_time_attr,
1397 n = snprintf(buf, bufsize,
1399 attr_strings.change_time_attr,
1402 } else if (StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
1403 if (determine_size) {
1404 p = talloc_asprintf(ctx, "%lu", change_time);
1411 n = snprintf(buf, bufsize,
1412 "%lu", change_time);
1416 if (!determine_size && n > bufsize) {
1426 if (! exclude_dos_inode) {
1427 if (all || all_dos) {
1428 if (determine_size) {
1429 p = talloc_asprintf(
1439 n = snprintf(buf, bufsize,
1443 } else if (StrCaseCmp(name, "inode") == 0) {
1444 if (determine_size) {
1445 p = talloc_asprintf(
1455 n = snprintf(buf, bufsize,
1461 if (!determine_size && n > bufsize) {
1471 /* Restore name pointer to its original value */
1483 /*****************************************************
1484 set the ACLs on a file given an ascii description
1485 *******************************************************/
1487 cacl_set(TALLOC_CTX *ctx,
1488 struct cli_state *cli,
1489 struct cli_state *ipc_cli,
1491 const char *filename,
1492 const char *the_acl,
1498 SEC_DESC *sd = NULL, *old;
1499 SEC_ACL *dacl = NULL;
1500 DOM_SID *owner_sid = NULL;
1501 DOM_SID *group_sid = NULL;
1506 bool numeric = True;
1508 /* the_acl will be null for REMOVE_ALL operations */
1510 numeric = ((p = strchr(the_acl, ':')) != NULL &&
1514 /* if this is to set the entire ACL... */
1515 if (*the_acl == '*') {
1516 /* ... then increment past the first colon */
1520 sd = sec_desc_parse(ctx, ipc_cli, pol, numeric,
1521 CONST_DISCARD(char *, the_acl));
1529 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1530 that doesn't deref sd */
1532 if (!sd && (mode != SMBC_XATTR_MODE_REMOVE_ALL)) {
1537 /* The desired access below is the only one I could find that works
1538 with NT4, W2KP and Samba */
1540 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
1543 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1544 filename, cli_errstr(cli)));
1549 old = cli_query_secdesc(cli, fnum, ctx);
1552 DEBUG(5, ("cacl_set Failed to query old descriptor\n"));
1557 cli_close(cli, fnum);
1560 case SMBC_XATTR_MODE_REMOVE_ALL:
1561 old->dacl->num_aces = 0;
1565 case SMBC_XATTR_MODE_REMOVE:
1566 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1569 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1570 if (sec_ace_equal(&sd->dacl->aces[i],
1571 &old->dacl->aces[j])) {
1573 for (k=j; k<old->dacl->num_aces-1;k++) {
1574 old->dacl->aces[k] =
1575 old->dacl->aces[k+1];
1577 old->dacl->num_aces--;
1592 case SMBC_XATTR_MODE_ADD:
1593 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1596 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1597 if (sid_equal(&sd->dacl->aces[i].trustee,
1598 &old->dacl->aces[j].trustee)) {
1599 if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
1604 old->dacl->aces[j] = sd->dacl->aces[i];
1610 if (!found && (flags & SMBC_XATTR_FLAG_REPLACE)) {
1616 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1617 add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
1623 case SMBC_XATTR_MODE_SET:
1625 owner_sid = old->owner_sid;
1626 group_sid = old->group_sid;
1630 case SMBC_XATTR_MODE_CHOWN:
1631 owner_sid = sd->owner_sid;
1634 case SMBC_XATTR_MODE_CHGRP:
1635 group_sid = sd->group_sid;
1639 /* Denied ACE entries must come before allowed ones */
1640 sort_acl(old->dacl);
1642 /* Create new security descriptor and set it */
1643 sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
1644 owner_sid, group_sid, NULL, dacl, &sd_size);
1646 fnum = cli_nt_create(cli, filename,
1647 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS);
1650 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1651 filename, cli_errstr(cli)));
1656 if (!cli_set_secdesc(cli, fnum, sd)) {
1657 DEBUG(5, ("ERROR: secdesc set failed: %s\n", cli_errstr(cli)));
1664 cli_close(cli, fnum);
1675 SMBC_setxattr_ctx(SMBCCTX *context,
1684 SMBCSRV *srv = NULL;
1685 SMBCSRV *ipc_srv = NULL;
1686 char *server = NULL;
1689 char *password = NULL;
1690 char *workgroup = NULL;
1692 DOS_ATTR_DESC *dad = NULL;
1694 const char * create_time_attr;
1695 const char * access_time_attr;
1696 const char * write_time_attr;
1697 const char * change_time_attr;
1699 TALLOC_CTX *frame = talloc_stackframe();
1701 if (!context || !context->internal->initialized) {
1703 errno = EINVAL; /* Best I can think of ... */
1714 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1715 fname, name, (int) size, (const char*)value));
1717 if (SMBC_parse_path(frame,
1732 if (!user || user[0] == (char)0) {
1733 user = talloc_strdup(frame, smbc_getUser(context));
1741 srv = SMBC_server(frame, context, True,
1742 server, share, &workgroup, &user, &password);
1745 return -1; /* errno set by SMBC_server */
1748 if (! srv->no_nt_session) {
1749 ipc_srv = SMBC_attr_server(frame, context, server, share,
1750 &workgroup, &user, &password);
1752 srv->no_nt_session = True;
1759 * Are they asking to set the entire set of known attributes?
1761 if (StrCaseCmp(name, "system.*") == 0 ||
1762 StrCaseCmp(name, "system.*+") == 0) {
1765 talloc_asprintf(talloc_tos(), "%s:%s",
1766 name+7, (const char *) value);
1775 ret = cacl_set(talloc_tos(), srv->cli,
1776 ipc_srv->cli, &ipc_srv->pol, path,
1779 ? SMBC_XATTR_MODE_SET
1780 : SMBC_XATTR_MODE_ADD),
1786 /* get a DOS Attribute Descriptor with current attributes */
1787 dad = dos_attr_query(context, talloc_tos(), path, srv);
1789 /* Overwrite old with new, using what was provided */
1790 dos_attr_parse(context, dad, srv, namevalue);
1792 /* Set the new DOS attributes */
1793 if (! SMBC_setatr(context, srv, path,
1800 /* cause failure if NT failed too */
1805 /* we only fail if both NT and DOS sets failed */
1806 if (ret < 0 && ! dad) {
1807 ret = -1; /* in case dad was null */
1818 * Are they asking to set an access control element or to set
1819 * the entire access control list?
1821 if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
1822 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
1823 StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
1824 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
1825 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
1829 talloc_asprintf(talloc_tos(), "%s:%s",
1830 name+19, (const char *) value);
1833 ret = -1; /* errno set by SMBC_server() */
1835 else if (! namevalue) {
1839 ret = cacl_set(talloc_tos(), srv->cli,
1840 ipc_srv->cli, &ipc_srv->pol, path,
1843 ? SMBC_XATTR_MODE_SET
1844 : SMBC_XATTR_MODE_ADD),
1852 * Are they asking to set the owner?
1854 if (StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
1855 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0) {
1859 talloc_asprintf(talloc_tos(), "%s:%s",
1860 name+19, (const char *) value);
1863 ret = -1; /* errno set by SMBC_server() */
1865 else if (! namevalue) {
1869 ret = cacl_set(talloc_tos(), srv->cli,
1870 ipc_srv->cli, &ipc_srv->pol, path,
1871 namevalue, SMBC_XATTR_MODE_CHOWN, 0);
1878 * Are they asking to set the group?
1880 if (StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
1881 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0) {
1885 talloc_asprintf(talloc_tos(), "%s:%s",
1886 name+19, (const char *) value);
1889 /* errno set by SMBC_server() */
1892 else if (! namevalue) {
1896 ret = cacl_set(talloc_tos(), srv->cli,
1897 ipc_srv->cli, &ipc_srv->pol, path,
1898 namevalue, SMBC_XATTR_MODE_CHGRP, 0);
1904 /* Determine whether to use old-style or new-style attribute names */
1905 if (context->internal->full_time_names) {
1906 /* new-style names */
1907 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
1908 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
1909 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
1910 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
1912 /* old-style names */
1913 attr_strings.create_time_attr = NULL;
1914 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
1915 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
1916 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
1920 * Are they asking to set a DOS attribute?
1922 if (StrCaseCmp(name, "system.dos_attr.*") == 0 ||
1923 StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
1924 (attr_strings.create_time_attr != NULL &&
1925 StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
1926 StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
1927 StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
1928 StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
1930 /* get a DOS Attribute Descriptor with current attributes */
1931 dad = dos_attr_query(context, talloc_tos(), path, srv);
1934 talloc_asprintf(talloc_tos(), "%s:%s",
1935 name+16, (const char *) value);
1940 /* Overwrite old with provided new params */
1941 dos_attr_parse(context, dad, srv, namevalue);
1943 /* Set the new DOS attributes */
1944 ret2 = SMBC_setatr(context, srv, path,
1951 /* ret2 has True (success) / False (failure) */
1966 /* Unsupported attribute name */
1973 SMBC_getxattr_ctx(SMBCCTX *context,
1980 SMBCSRV *srv = NULL;
1981 SMBCSRV *ipc_srv = NULL;
1982 char *server = NULL;
1985 char *password = NULL;
1986 char *workgroup = NULL;
1989 const char * create_time_attr;
1990 const char * access_time_attr;
1991 const char * write_time_attr;
1992 const char * change_time_attr;
1994 TALLOC_CTX *frame = talloc_stackframe();
1996 if (!context || !context->internal->initialized) {
1998 errno = EINVAL; /* Best I can think of ... */
2009 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname, name));
2011 if (SMBC_parse_path(frame,
2026 if (!user || user[0] == (char)0) {
2027 user = talloc_strdup(frame, smbc_getUser(context));
2035 srv = SMBC_server(frame, context, True,
2036 server, share, &workgroup, &user, &password);
2039 return -1; /* errno set by SMBC_server */
2042 if (! srv->no_nt_session) {
2043 ipc_srv = SMBC_attr_server(frame, context, server, share,
2044 &workgroup, &user, &password);
2046 srv->no_nt_session = True;
2052 /* Determine whether to use old-style or new-style attribute names */
2053 if (context->internal->full_time_names) {
2054 /* new-style names */
2055 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
2056 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
2057 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
2058 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
2060 /* old-style names */
2061 attr_strings.create_time_attr = NULL;
2062 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
2063 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
2064 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
2067 /* Are they requesting a supported attribute? */
2068 if (StrCaseCmp(name, "system.*") == 0 ||
2069 StrnCaseCmp(name, "system.*!", 9) == 0 ||
2070 StrCaseCmp(name, "system.*+") == 0 ||
2071 StrnCaseCmp(name, "system.*+!", 10) == 0 ||
2072 StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
2073 StrnCaseCmp(name, "system.nt_sec_desc.*!", 21) == 0 ||
2074 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
2075 StrnCaseCmp(name, "system.nt_sec_desc.*+!", 22) == 0 ||
2076 StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
2077 StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
2078 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
2079 StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
2080 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
2081 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
2082 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0 ||
2083 StrCaseCmp(name, "system.dos_attr.*") == 0 ||
2084 StrnCaseCmp(name, "system.dos_attr.*!", 18) == 0 ||
2085 StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
2086 StrCaseCmp(name, "system.dos_attr.size") == 0 ||
2087 (attr_strings.create_time_attr != NULL &&
2088 StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
2089 StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
2090 StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
2091 StrCaseCmp(name, attr_strings.change_time_attr) == 0 ||
2092 StrCaseCmp(name, "system.dos_attr.inode") == 0) {
2095 ret = cacl_get(context, talloc_tos(), srv,
2096 ipc_srv == NULL ? NULL : ipc_srv->cli,
2097 &ipc_srv->pol, path,
2098 CONST_DISCARD(char *, name),
2099 CONST_DISCARD(char *, value), size);
2100 if (ret < 0 && errno == 0) {
2101 errno = SMBC_errno(context, srv->cli);
2107 /* Unsupported attribute name */
2115 SMBC_removexattr_ctx(SMBCCTX *context,
2120 SMBCSRV *srv = NULL;
2121 SMBCSRV *ipc_srv = NULL;
2122 char *server = NULL;
2125 char *password = NULL;
2126 char *workgroup = NULL;
2128 TALLOC_CTX *frame = talloc_stackframe();
2130 if (!context || !context->internal->initialized) {
2132 errno = EINVAL; /* Best I can think of ... */
2143 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname, name));
2145 if (SMBC_parse_path(frame,
2160 if (!user || user[0] == (char)0) {
2161 user = talloc_strdup(frame, smbc_getUser(context));
2169 srv = SMBC_server(frame, context, True,
2170 server, share, &workgroup, &user, &password);
2173 return -1; /* errno set by SMBC_server */
2176 if (! srv->no_nt_session) {
2177 ipc_srv = SMBC_attr_server(frame, context, server, share,
2178 &workgroup, &user, &password);
2180 srv->no_nt_session = True;
2188 return -1; /* errno set by SMBC_attr_server */
2191 /* Are they asking to set the entire ACL? */
2192 if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
2193 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0) {
2196 ret = cacl_set(talloc_tos(), srv->cli,
2197 ipc_srv->cli, &ipc_srv->pol, path,
2198 NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
2204 * Are they asking to remove one or more spceific security descriptor
2207 if (StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
2208 StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
2209 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
2210 StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
2211 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
2212 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
2213 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
2216 ret = cacl_set(talloc_tos(), srv->cli,
2217 ipc_srv->cli, &ipc_srv->pol, path,
2218 name + 19, SMBC_XATTR_MODE_REMOVE, 0);
2223 /* Unsupported attribute name */
2230 SMBC_listxattr_ctx(SMBCCTX *context,
2236 * This isn't quite what listxattr() is supposed to do. This returns
2237 * the complete set of attribute names, always, rather than only those
2238 * attribute names which actually exist for a file. Hmmm...
2241 const char supported_old[] =
2244 "system.nt_sec_desc.revision\0"
2245 "system.nt_sec_desc.owner\0"
2246 "system.nt_sec_desc.owner+\0"
2247 "system.nt_sec_desc.group\0"
2248 "system.nt_sec_desc.group+\0"
2249 "system.nt_sec_desc.acl.*\0"
2250 "system.nt_sec_desc.acl\0"
2251 "system.nt_sec_desc.acl+\0"
2252 "system.nt_sec_desc.*\0"
2253 "system.nt_sec_desc.*+\0"
2254 "system.dos_attr.*\0"
2255 "system.dos_attr.mode\0"
2256 "system.dos_attr.c_time\0"
2257 "system.dos_attr.a_time\0"
2258 "system.dos_attr.m_time\0"
2260 const char supported_new[] =
2263 "system.nt_sec_desc.revision\0"
2264 "system.nt_sec_desc.owner\0"
2265 "system.nt_sec_desc.owner+\0"
2266 "system.nt_sec_desc.group\0"
2267 "system.nt_sec_desc.group+\0"
2268 "system.nt_sec_desc.acl.*\0"
2269 "system.nt_sec_desc.acl\0"
2270 "system.nt_sec_desc.acl+\0"
2271 "system.nt_sec_desc.*\0"
2272 "system.nt_sec_desc.*+\0"
2273 "system.dos_attr.*\0"
2274 "system.dos_attr.mode\0"
2275 "system.dos_attr.create_time\0"
2276 "system.dos_attr.access_time\0"
2277 "system.dos_attr.write_time\0"
2278 "system.dos_attr.change_time\0"
2280 const char * supported;
2282 if (context->internal->full_time_names) {
2283 supported = supported_new;
2284 retsize = sizeof(supported_new);
2286 supported = supported_old;
2287 retsize = sizeof(supported_old);
2294 if (retsize > size) {
2299 /* this can't be strcpy() because there are embedded null characters */
2300 memcpy(list, supported, retsize);