2 Samba Unix/Linux SMB client utility profiles.c
4 Copyright (C) Richard Sharpe, <rsharpe@richardsharpe.com> 2002
5 Copyright (C) Jelmer Vernooij (conversion to popt) 2003
6 Copyright (C) Gerald (Jerry) Carter 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
24 #include "lib/cmdline/cmdline.h"
25 #include "registry/reg_objects.h"
26 #include "registry/regfio.h"
27 #include "../libcli/security/security.h"
29 /* GLOBAL VARIABLES */
31 struct dom_sid old_sid, new_sid;
32 int change = 0, new_val = 0;
33 int opt_verbose = False;
35 /********************************************************************
36 ********************************************************************/
38 static void verbose_output(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
39 static void verbose_output(const char *format, ...)
48 va_start(args, format);
49 if ((vasprintf(&var, format, args)) == -1) {
54 fprintf(stdout, "%s", var);
59 /********************************************************************
60 ********************************************************************/
62 static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, struct dom_sid *s2 )
64 struct security_acl *theacl;
67 struct dom_sid_buf buf;
69 verbose_output(" Owner SID: %s\n",
70 dom_sid_str_buf(sd->owner_sid, &buf));
71 if ( dom_sid_equal( sd->owner_sid, s1 ) ) {
72 sid_copy( sd->owner_sid, s2 );
74 verbose_output(" New Owner SID: %s\n",
75 dom_sid_str_buf(sd->owner_sid, &buf));
79 verbose_output(" Group SID: %s\n",
80 dom_sid_str_buf(sd->group_sid, &buf));
81 if ( dom_sid_equal( sd->group_sid, s1 ) ) {
82 sid_copy( sd->group_sid, s2 );
84 verbose_output(" New Group SID: %s\n",
85 dom_sid_str_buf(sd->group_sid, &buf));
89 verbose_output(" DACL: %d entries:\n", theacl->num_aces);
90 for ( i=0; i<theacl->num_aces; i++ ) {
91 verbose_output(" Trustee SID: %s\n",
92 dom_sid_str_buf(&theacl->aces[i].trustee,
94 if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
95 sid_copy( &theacl->aces[i].trustee, s2 );
98 " New Trustee SID: %s\n",
99 dom_sid_str_buf(&theacl->aces[i].trustee,
106 verbose_output(" SACL: %d entries: \n", theacl->num_aces);
107 for ( i=0; i<theacl->num_aces; i++ ) {
108 verbose_output(" Trustee SID: %s\n",
109 dom_sid_str_buf(&theacl->aces[i].trustee,
111 if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
112 sid_copy( &theacl->aces[i].trustee, s2 );
115 " New Trustee SID: %s\n",
116 dom_sid_str_buf(&theacl->aces[i].trustee,
124 /********************************************************************
125 ********************************************************************/
127 static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
128 REGF_NK_REC *parent, REGF_FILE *outfile,
129 const char *parentpath )
131 REGF_NK_REC *key, *subkey;
132 struct security_descriptor *new_sd;
133 struct regval_ctr *values;
134 struct regsubkey_ctr *subkeys;
139 /* swap out the SIDs in the security descriptor */
141 if (nk->sec_desc->sec_desc == NULL) {
142 fprintf(stderr, "Invalid (NULL) security descriptor!\n");
146 new_sd = security_descriptor_copy(outfile->mem_ctx,
147 nk->sec_desc->sec_desc);
148 if (new_sd == NULL) {
149 fprintf(stderr, "Failed to copy security descriptor!\n");
153 verbose_output("ACL for %s%s%s\n", parentpath, parent ? "\\" : "", nk->keyname);
154 swap_sid_in_acl( new_sd, &old_sid, &new_sid );
156 werr = regsubkey_ctr_init(NULL, &subkeys);
157 if (!W_ERROR_IS_OK(werr)) {
158 DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
162 werr = regval_ctr_init(subkeys, &values);
163 if (!W_ERROR_IS_OK(werr)) {
164 TALLOC_FREE( subkeys );
165 DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
169 /* copy values into the struct regval_ctr */
171 for ( i=0; i<nk->num_values; i++ ) {
172 regval_ctr_addvalue( values, nk->values[i].valuename, nk->values[i].type,
173 nk->values[i].data, (nk->values[i].data_size & ~VK_DATA_IN_OFFSET) );
176 /* copy subkeys into the struct regsubkey_ctr */
178 while ( (subkey = regfio_fetch_subkey( infile, nk )) ) {
179 regsubkey_ctr_addkey( subkeys, subkey->keyname );
182 key = regfio_write_key( outfile, nk->keyname, values, subkeys, new_sd, parent );
184 /* write each one of the subkeys out */
186 path = talloc_asprintf(subkeys, "%s%s%s",
187 parentpath, parent ? "\\" : "",nk->keyname);
189 TALLOC_FREE( subkeys );
193 nk->subkey_index = 0;
194 while ((subkey = regfio_fetch_subkey(infile, nk))) {
195 if (!copy_registry_tree( infile, subkey, key, outfile, path)) {
196 TALLOC_FREE(subkeys);
202 verbose_output("[%s]\n", path);
204 /* values is a talloc()'d child of subkeys here so just throw it all away */
205 TALLOC_FREE(subkeys);
210 /*********************************************************************
211 *********************************************************************/
213 int main( int argc, const char *argv[] )
215 TALLOC_CTX *frame = talloc_stackframe();
217 REGF_FILE *infile, *outfile;
219 char *orig_filename, *new_filename;
220 struct poptOption long_options[] = {
223 .longName = "change-sid",
225 .argInfo = POPT_ARG_STRING,
228 .descrip = "Provides SID to change",
231 .longName = "new-sid",
233 .argInfo = POPT_ARG_STRING,
236 .descrip = "Provides SID to change to",
239 .longName = "verbose",
241 .argInfo = POPT_ARG_NONE,
244 .descrip = "Verbose output",
255 ok = samba_cmdline_init(frame,
256 SAMBA_CMDLINE_CONFIG_CLIENT,
257 false /* require_smbconf */);
259 DBG_ERR("Failed to init cmdline parser!\n");
264 pc = samba_popt_get_context(getprogname(),
268 POPT_CONTEXT_KEEP_FIRST);
270 DBG_ERR("Failed to setup popt context!\n");
275 poptSetOtherOptionHelp(pc, "<profilefile>");
277 /* Now, process the arguments */
279 while ((opt = poptGetNextOpt(pc)) != -1) {
283 if (!string_to_sid(&old_sid, poptGetOptArg(pc))) {
284 fprintf(stderr, "Argument to -c should be a SID in form of S-1-5-...\n");
285 poptPrintUsage(pc, stderr, 0);
292 if (!string_to_sid(&new_sid, poptGetOptArg(pc))) {
293 fprintf(stderr, "Argument to -n should be a SID in form of S-1-5-...\n");
294 poptPrintUsage(pc, stderr, 0);
299 case POPT_ERROR_BADOPT:
300 fprintf(stderr, "\nInvalid option %s: %s\n\n",
301 poptBadOption(pc, 0), poptStrerror(opt));
302 poptPrintUsage(pc, stderr, 0);
309 if (!poptPeekArg(pc)) {
310 poptPrintUsage(pc, stderr, 0);
314 if ((!change && new_val) || (change && !new_val)) {
315 fprintf(stderr, "You must specify both -c and -n if one or the other is set!\n");
316 poptPrintUsage(pc, stderr, 0);
320 orig_filename = talloc_strdup(frame, poptPeekArg(pc));
321 if (!orig_filename) {
324 new_filename = talloc_asprintf(frame,
331 if (!(infile = regfio_open( orig_filename, O_RDONLY, 0))) {
332 fprintf( stderr, "Failed to open %s!\n", orig_filename );
333 fprintf( stderr, "Error was (%s)\n", strerror(errno) );
337 if ( !(outfile = regfio_open( new_filename, (O_RDWR|O_CREAT|O_TRUNC),
338 (S_IRUSR|S_IWUSR) )) ) {
339 fprintf( stderr, "Failed to open new file %s!\n", new_filename );
340 fprintf( stderr, "Error was (%s)\n", strerror(errno) );
344 /* actually do the update now */
346 if ((nk = regfio_rootkey( infile )) == NULL) {
347 fprintf(stderr, "Could not get rootkey\n");
351 if (!copy_registry_tree( infile, nk, NULL, outfile, "")) {
352 fprintf(stderr, "Failed to write updated registry file!\n");
358 regfio_close(infile);
359 regfio_close(outfile);