2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "libsmb/libsmb.h"
27 #include "libsmbclient.h"
28 #include "libsmb_internal.h"
29 #include "../librpc/gen_ndr/ndr_lsa.h"
30 #include "rpc_client/rpc_client.h"
31 #include "rpc_client/cli_lsarpc.h"
32 #include "../libcli/security/security.h"
35 * Find an lsa pipe handle associated with a cli struct.
37 static struct rpc_pipe_client *
38 find_lsa_pipe_hnd(struct cli_state *ipc_cli)
40 struct rpc_pipe_client *pipe_hnd;
42 for (pipe_hnd = ipc_cli->pipe_list;
44 pipe_hnd = pipe_hnd->next) {
45 if (ndr_syntax_id_equal(&pipe_hnd->abstract_syntax,
46 &ndr_table_lsarpc.syntax_id)) {
54 * Sort ACEs according to the documentation at
55 * http://support.microsoft.com/kb/269175, at least as far as it defines the
60 ace_compare(struct security_ace *ace1,
61 struct security_ace *ace2)
66 /* If the ACEs are equal, we have nothing more to do. */
67 if (security_ace_equal(ace1, ace2)) {
71 /* Inherited follow non-inherited */
72 b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
73 b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
79 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
80 * sort them after DENY and ALLOW.
82 b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
83 ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
84 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
85 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
86 b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
87 ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
88 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
89 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
94 /* Allowed ACEs follow denied ACEs */
95 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
96 ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
97 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
98 ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
100 return (b1 ? 1 : -1);
104 * ACEs applying to an entity's object follow those applying to the
107 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
108 ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
109 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
110 ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
112 return (b1 ? 1 : -1);
116 * If we get this far, the ACEs are similar as far as the
117 * characteristics we typically care about (those defined by the
118 * referenced MS document). We'll now sort by characteristics that
119 * just seems reasonable.
122 if (ace1->type != ace2->type) {
123 return ace2->type - ace1->type;
126 if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
127 return dom_sid_compare(&ace1->trustee, &ace2->trustee);
130 if (ace1->flags != ace2->flags) {
131 return ace1->flags - ace2->flags;
134 if (ace1->access_mask != ace2->access_mask) {
135 return ace1->access_mask - ace2->access_mask;
138 if (ace1->size != ace2->size) {
139 return ace1->size - ace2->size;
142 return memcmp(ace1, ace2, sizeof(struct security_ace));
147 sort_acl(struct security_acl *the_acl)
150 if (!the_acl) return;
152 TYPESAFE_QSORT(the_acl->aces, the_acl->num_aces, ace_compare);
154 for (i=1;i<the_acl->num_aces;) {
155 if (security_ace_equal(&the_acl->aces[i-1],
156 &the_acl->aces[i])) {
158 the_acl->aces, i, the_acl->num_aces);
166 /* convert a SID to a string, either numeric or username/group */
168 convert_sid_to_string(struct cli_state *ipc_cli,
169 struct policy_handle *pol,
174 char **domains = NULL;
176 enum lsa_SidType *types = NULL;
177 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
180 sid_to_fstring(str, sid);
183 return; /* no lookup desired */
190 /* Ask LSA to convert the sid to a name */
192 ctx = talloc_stackframe();
194 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd, ctx,
195 pol, 1, sid, &domains,
197 !domains || !domains[0] || !names || !names[0]) {
204 fstr_sprintf(str, "%s%s%s",
205 domains[0], lp_winbind_separator(), names[0]);
210 /* convert a string to a SID, either numeric or username/group */
212 convert_string_to_sid(struct cli_state *ipc_cli,
213 struct policy_handle *pol,
218 enum lsa_SidType *types = NULL;
219 struct dom_sid *sids = NULL;
221 TALLOC_CTX *ctx = NULL;
222 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
229 if (strncmp(str, "S-", 2) == 0) {
230 return string_to_sid(sid, str);
237 ctx = talloc_stackframe();
238 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd, ctx,
246 sid_copy(sid, &sids[0]);
253 /* parse an struct security_ace in the same format as print_ace() */
255 parse_ace(struct cli_state *ipc_cli,
256 struct policy_handle *pol,
257 struct security_ace *ace,
269 const struct perm_value *v;
274 TALLOC_CTX *frame = talloc_stackframe();
276 /* These values discovered by inspection */
277 static const struct perm_value special_values[] = {
287 static const struct perm_value standard_values[] = {
288 { "READ", 0x001200a9 },
289 { "CHANGE", 0x001301bf },
290 { "FULL", 0x001f01ff },
295 p = strchr_m(str,':');
302 /* Try to parse numeric form */
304 if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
305 convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
309 /* Try to parse text form */
311 if (!convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
317 if (!next_token_talloc(frame, &cp, &tok, "/")) {
322 if (strncasecmp_m(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
323 atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
324 } else if (strncasecmp_m(tok, "DENIED", strlen("DENIED")) == 0) {
325 atype = SEC_ACE_TYPE_ACCESS_DENIED;
331 /* Only numeric form accepted for flags at present */
333 if (!(next_token_talloc(frame, &cp, &tok, "/") &&
334 sscanf(tok, "%u", &aflags))) {
339 if (!next_token_talloc(frame, &cp, &tok, "/")) {
344 if (strncmp(tok, "0x", 2) == 0) {
345 if (sscanf(tok, "%u", &amask) != 1) {
352 for (v = standard_values; v != NULL; v++) {
353 if (strcmp(tok, v->perm) == 0) {
364 for (v = special_values; v != NULL; v++) {
365 if (v->perm[0] == *p) {
385 init_sec_ace(ace, &sid, atype, mask, aflags);
390 /* add an struct security_ace to a list of struct security_aces in a struct security_acl */
392 add_ace(struct security_acl **the_acl,
393 struct security_ace *ace,
396 struct security_acl *newacl;
397 struct security_ace *aces;
400 (*the_acl) = make_sec_acl(ctx, 3, 1, ace);
404 if ((aces = SMB_CALLOC_ARRAY(struct security_ace,
405 1+(*the_acl)->num_aces)) == NULL) {
408 memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(struct security_ace));
409 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(struct security_ace));
410 newacl = make_sec_acl(ctx, (*the_acl)->revision,
411 1+(*the_acl)->num_aces, aces);
418 /* parse a ascii version of a security descriptor */
419 static struct security_descriptor *
420 sec_desc_parse(TALLOC_CTX *ctx,
421 struct cli_state *ipc_cli,
422 struct policy_handle *pol,
428 struct security_descriptor *ret = NULL;
430 struct dom_sid *group_sid=NULL;
431 struct dom_sid *owner_sid=NULL;
432 struct security_acl *dacl=NULL;
435 while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
437 if (strncasecmp_m(tok,"REVISION:", 9) == 0) {
438 revision = strtol(tok+9, NULL, 16);
442 if (strncasecmp_m(tok,"OWNER:", 6) == 0) {
444 DEBUG(5,("OWNER specified more than once!\n"));
447 owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
449 !convert_string_to_sid(ipc_cli, pol,
452 DEBUG(5, ("Failed to parse owner sid\n"));
458 if (strncasecmp_m(tok,"OWNER+:", 7) == 0) {
460 DEBUG(5,("OWNER specified more than once!\n"));
463 owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
465 !convert_string_to_sid(ipc_cli, pol,
468 DEBUG(5, ("Failed to parse owner sid\n"));
474 if (strncasecmp_m(tok,"GROUP:", 6) == 0) {
476 DEBUG(5,("GROUP specified more than once!\n"));
479 group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
481 !convert_string_to_sid(ipc_cli, pol,
484 DEBUG(5, ("Failed to parse group sid\n"));
490 if (strncasecmp_m(tok,"GROUP+:", 7) == 0) {
492 DEBUG(5,("GROUP specified more than once!\n"));
495 group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
497 !convert_string_to_sid(ipc_cli, pol,
500 DEBUG(5, ("Failed to parse group sid\n"));
506 if (strncasecmp_m(tok,"ACL:", 4) == 0) {
507 struct security_ace ace;
508 if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
509 DEBUG(5, ("Failed to parse ACL %s\n", tok));
512 if(!add_ace(&dacl, &ace, ctx)) {
513 DEBUG(5, ("Failed to add ACL %s\n", tok));
519 if (strncasecmp_m(tok,"ACL+:", 5) == 0) {
520 struct security_ace ace;
521 if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
522 DEBUG(5, ("Failed to parse ACL %s\n", tok));
525 if(!add_ace(&dacl, &ace, ctx)) {
526 DEBUG(5, ("Failed to add ACL %s\n", tok));
532 DEBUG(5, ("Failed to parse security descriptor\n"));
536 ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE,
537 owner_sid, group_sid, NULL, dacl, &sd_size);
540 SAFE_FREE(group_sid);
541 SAFE_FREE(owner_sid);
546 /* Obtain the current dos attributes */
547 static struct DOS_ATTR_DESC *
548 dos_attr_query(SMBCCTX *context,
550 const char *filename,
553 struct stat sb = {0};
554 struct DOS_ATTR_DESC *ret = NULL;
556 ret = talloc(ctx, struct DOS_ATTR_DESC);
562 /* Obtain the DOS attributes */
563 if (!SMBC_getatr(context, srv, filename, &sb)) {
564 errno = SMBC_errno(context, srv->cli);
565 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
570 ret->mode = sb.st_mode;
571 ret->size = sb.st_size;
572 ret->create_time = sb.st_ctime;
573 ret->access_time = sb.st_atime;
574 ret->write_time = sb.st_mtime;
575 ret->change_time = sb.st_mtime;
576 ret->inode = sb.st_ino;
582 /* parse a ascii version of a security descriptor */
584 dos_attr_parse(SMBCCTX *context,
585 struct DOS_ATTR_DESC *dad,
592 TALLOC_CTX *frame = NULL;
594 const char * create_time_attr;
595 const char * access_time_attr;
596 const char * write_time_attr;
597 const char * change_time_attr;
600 /* Determine whether to use old-style or new-style attribute names */
601 if (context->internal->full_time_names) {
602 /* new-style names */
603 attr_strings.create_time_attr = "CREATE_TIME";
604 attr_strings.access_time_attr = "ACCESS_TIME";
605 attr_strings.write_time_attr = "WRITE_TIME";
606 attr_strings.change_time_attr = "CHANGE_TIME";
608 /* old-style names */
609 attr_strings.create_time_attr = NULL;
610 attr_strings.access_time_attr = "A_TIME";
611 attr_strings.write_time_attr = "M_TIME";
612 attr_strings.change_time_attr = "C_TIME";
615 /* if this is to set the entire ACL... */
617 /* ... then increment past the first colon if there is one */
618 if ((p = strchr(str, ':')) != NULL) {
625 frame = talloc_stackframe();
626 while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
627 if (strncasecmp_m(tok, "MODE:", 5) == 0) {
628 long request = strtol(tok+5, NULL, 16);
630 dad->mode = (request |
631 (IS_DOS_DIR(dad->mode)
632 ? FILE_ATTRIBUTE_DIRECTORY
633 : FILE_ATTRIBUTE_NORMAL));
640 if (strncasecmp_m(tok, "SIZE:", 5) == 0) {
641 dad->size = (off_t)atof(tok+5);
645 n = strlen(attr_strings.access_time_attr);
646 if (strncasecmp_m(tok, attr_strings.access_time_attr, n) == 0) {
647 dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
651 n = strlen(attr_strings.change_time_attr);
652 if (strncasecmp_m(tok, attr_strings.change_time_attr, n) == 0) {
653 dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
657 n = strlen(attr_strings.write_time_attr);
658 if (strncasecmp_m(tok, attr_strings.write_time_attr, n) == 0) {
659 dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
663 if (attr_strings.create_time_attr != NULL) {
664 n = strlen(attr_strings.create_time_attr);
665 if (strncasecmp_m(tok, attr_strings.create_time_attr,
667 dad->create_time = (time_t)strtol(tok+n+1,
673 if (strncasecmp_m(tok, "INODE:", 6) == 0) {
674 dad->inode = (SMB_INO_T)atof(tok+6);
681 /*****************************************************
682 Retrieve the acls for a file.
683 *******************************************************/
686 cacl_get(SMBCCTX *context,
689 struct cli_state *ipc_cli,
690 struct policy_handle *pol,
691 const char *filename,
692 const char *attr_name,
705 bool exclude_nt_revision = False;
706 bool exclude_nt_owner = False;
707 bool exclude_nt_group = False;
708 bool exclude_nt_acl = False;
709 bool exclude_dos_mode = False;
710 bool exclude_dos_size = False;
711 bool exclude_dos_create_time = False;
712 bool exclude_dos_access_time = False;
713 bool exclude_dos_write_time = False;
714 bool exclude_dos_change_time = False;
715 bool exclude_dos_inode = False;
717 bool determine_size = (bufsize == 0);
719 struct security_descriptor *sd;
721 fstring name_sandbox;
725 struct cli_state *cli = srv->cli;
727 const char * create_time_attr;
728 const char * access_time_attr;
729 const char * write_time_attr;
730 const char * change_time_attr;
733 const char * create_time_attr;
734 const char * access_time_attr;
735 const char * write_time_attr;
736 const char * change_time_attr;
739 /* Determine whether to use old-style or new-style attribute names */
740 if (context->internal->full_time_names) {
741 /* new-style names */
742 attr_strings.create_time_attr = "CREATE_TIME";
743 attr_strings.access_time_attr = "ACCESS_TIME";
744 attr_strings.write_time_attr = "WRITE_TIME";
745 attr_strings.change_time_attr = "CHANGE_TIME";
747 excl_attr_strings.create_time_attr = "CREATE_TIME";
748 excl_attr_strings.access_time_attr = "ACCESS_TIME";
749 excl_attr_strings.write_time_attr = "WRITE_TIME";
750 excl_attr_strings.change_time_attr = "CHANGE_TIME";
752 /* old-style names */
753 attr_strings.create_time_attr = NULL;
754 attr_strings.access_time_attr = "A_TIME";
755 attr_strings.write_time_attr = "M_TIME";
756 attr_strings.change_time_attr = "C_TIME";
758 excl_attr_strings.create_time_attr = NULL;
759 excl_attr_strings.access_time_attr = "dos_attr.A_TIME";
760 excl_attr_strings.write_time_attr = "dos_attr.M_TIME";
761 excl_attr_strings.change_time_attr = "dos_attr.C_TIME";
764 /* Copy name so we can strip off exclusions (if any are specified) */
765 strncpy(name_sandbox, attr_name, sizeof(name_sandbox) - 1);
767 /* Ensure name is null terminated */
768 name_sandbox[sizeof(name_sandbox) - 1] = '\0';
770 /* Play in the sandbox */
773 /* If there are any exclusions, point to them and mask them from name */
774 if ((pExclude = strchr(name, '!')) != NULL)
779 all = (strncasecmp_m(name, "system.*", 8) == 0);
780 all_nt = (strncasecmp_m(name, "system.nt_sec_desc.*", 20) == 0);
781 all_nt_acls = (strncasecmp_m(name, "system.nt_sec_desc.acl.*", 24) == 0);
782 all_dos = (strncasecmp_m(name, "system.dos_attr.*", 17) == 0);
783 some_nt = (strncasecmp_m(name, "system.nt_sec_desc.", 19) == 0);
784 some_dos = (strncasecmp_m(name, "system.dos_attr.", 16) == 0);
785 numeric = (* (name + strlen(name) - 1) != '+');
787 /* Look for exclusions from "all" requests */
788 if (all || all_nt || all_dos) {
789 /* Exclusions are delimited by '!' */
792 pExclude = (p == NULL ? NULL : p + 1)) {
794 /* Find end of this exclusion name */
795 if ((p = strchr(pExclude, '!')) != NULL)
800 /* Which exclusion name is this? */
801 if (strcasecmp_m(pExclude,
802 "nt_sec_desc.revision") == 0) {
803 exclude_nt_revision = True;
805 else if (strcasecmp_m(pExclude,
806 "nt_sec_desc.owner") == 0) {
807 exclude_nt_owner = True;
809 else if (strcasecmp_m(pExclude,
810 "nt_sec_desc.group") == 0) {
811 exclude_nt_group = True;
813 else if (strcasecmp_m(pExclude,
814 "nt_sec_desc.acl") == 0) {
815 exclude_nt_acl = True;
817 else if (strcasecmp_m(pExclude,
818 "dos_attr.mode") == 0) {
819 exclude_dos_mode = True;
821 else if (strcasecmp_m(pExclude,
822 "dos_attr.size") == 0) {
823 exclude_dos_size = True;
825 else if (excl_attr_strings.create_time_attr != NULL &&
826 strcasecmp_m(pExclude,
827 excl_attr_strings.change_time_attr) == 0) {
828 exclude_dos_create_time = True;
830 else if (strcasecmp_m(pExclude,
831 excl_attr_strings.access_time_attr) == 0) {
832 exclude_dos_access_time = True;
834 else if (strcasecmp_m(pExclude,
835 excl_attr_strings.write_time_attr) == 0) {
836 exclude_dos_write_time = True;
838 else if (strcasecmp_m(pExclude,
839 excl_attr_strings.change_time_attr) == 0) {
840 exclude_dos_change_time = True;
842 else if (strcasecmp_m(pExclude, "dos_attr.inode") == 0) {
843 exclude_dos_inode = True;
846 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
857 * If we are (possibly) talking to an NT or new system and some NT
858 * attributes have been requested...
860 if (ipc_cli && (all || some_nt || all_nt_acls)) {
861 char *targetpath = NULL;
862 struct cli_state *targetcli = NULL;
865 /* Point to the portion after "system.nt_sec_desc." */
866 name += 19; /* if (all) this will be invalid but unused */
868 status = cli_resolve_path(
869 ctx, "", context->internal->auth_info,
870 cli, filename, &targetcli, &targetpath);
871 if (!NT_STATUS_IS_OK(status)) {
872 DEBUG(5, ("cacl_get Could not resolve %s\n",
878 /* ... then obtain any NT attributes which were requested */
879 status = cli_ntcreate(
881 targetpath, /* fname */
883 READ_CONTROL_ACCESS, /* DesiredAccess */
884 0, /* FileAttributes */
886 FILE_SHARE_WRITE, /* ShareAccess */
887 FILE_OPEN, /* CreateDisposition */
888 0x0, /* CreateOptions */
889 0x0, /* SecurityFlags */
892 if (!NT_STATUS_IS_OK(status)) {
893 DEBUG(5, ("cacl_get failed to open %s: %s\n",
894 targetpath, nt_errstr(status)));
899 status = cli_query_secdesc(targetcli, fnum, ctx, &sd);
900 if (!NT_STATUS_IS_OK(status)) {
901 DEBUG(5,("cacl_get Failed to query old descriptor "
903 targetpath, nt_errstr(status)));
908 cli_close(targetcli, fnum);
910 if (! exclude_nt_revision) {
912 if (determine_size) {
913 p = talloc_asprintf(ctx,
922 n = snprintf(buf, bufsize,
926 } else if (strcasecmp_m(name, "revision") == 0) {
927 if (determine_size) {
928 p = talloc_asprintf(ctx, "%d",
936 n = snprintf(buf, bufsize, "%d",
941 if (!determine_size && n > bufsize) {
951 if (! exclude_nt_owner) {
952 /* Get owner and group sid */
954 convert_sid_to_string(ipc_cli, pol,
963 if (determine_size) {
964 p = talloc_asprintf(ctx, ",OWNER:%s",
971 } else if (sidstr[0] != '\0') {
972 n = snprintf(buf, bufsize,
973 ",OWNER:%s", sidstr);
975 } else if (strncasecmp_m(name, "owner", 5) == 0) {
976 if (determine_size) {
977 p = talloc_asprintf(ctx, "%s", sidstr);
984 n = snprintf(buf, bufsize, "%s",
989 if (!determine_size && n > bufsize) {
999 if (! exclude_nt_group) {
1000 if (sd->group_sid) {
1001 convert_sid_to_string(ipc_cli, pol,
1005 fstrcpy(sidstr, "");
1008 if (all || all_nt) {
1009 if (determine_size) {
1010 p = talloc_asprintf(ctx, ",GROUP:%s",
1017 } else if (sidstr[0] != '\0') {
1018 n = snprintf(buf, bufsize,
1019 ",GROUP:%s", sidstr);
1021 } else if (strncasecmp_m(name, "group", 5) == 0) {
1022 if (determine_size) {
1023 p = talloc_asprintf(ctx, "%s", sidstr);
1030 n = snprintf(buf, bufsize,
1035 if (!determine_size && n > bufsize) {
1045 if (! exclude_nt_acl) {
1046 /* Add aces to value buffer */
1047 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1049 struct security_ace *ace = &sd->dacl->aces[i];
1050 convert_sid_to_string(ipc_cli, pol,
1054 if (all || all_nt) {
1055 if (determine_size) {
1056 p = talloc_asprintf(
1072 ",ACL:%s:%d/%d/0x%08x",
1078 } else if ((strncasecmp_m(name, "acl", 3) == 0 &&
1079 strcasecmp_m(name+3, sidstr) == 0) ||
1080 (strncasecmp_m(name, "acl+", 4) == 0 &&
1081 strcasecmp_m(name+4, sidstr) == 0)) {
1082 if (determine_size) {
1083 p = talloc_asprintf(
1095 n = snprintf(buf, bufsize,
1101 } else if (all_nt_acls) {
1102 if (determine_size) {
1103 p = talloc_asprintf(
1105 "%s%s:%d/%d/0x%08x",
1117 n = snprintf(buf, bufsize,
1118 "%s%s:%d/%d/0x%08x",
1126 if (!determine_size && n > bufsize) {
1137 /* Restore name pointer to its original value */
1141 if (all || some_dos) {
1142 struct stat sb = {0};
1143 time_t create_time = (time_t)0;
1144 time_t write_time = (time_t)0;
1145 time_t access_time = (time_t)0;
1146 time_t change_time = (time_t)0;
1151 /* Point to the portion after "system.dos_attr." */
1152 name += 16; /* if (all) this will be invalid but unused */
1154 /* Obtain the DOS attributes */
1155 if (!SMBC_getatr(context, srv, filename, &sb)) {
1156 errno = SMBC_errno(context, srv->cli);
1160 create_time = sb.st_ctime;
1161 access_time = sb.st_atime;
1162 write_time = sb.st_mtime;
1163 change_time = sb.st_mtime;
1168 if (! exclude_dos_mode) {
1169 if (all || all_dos) {
1170 if (determine_size) {
1171 p = talloc_asprintf(ctx,
1184 n = snprintf(buf, bufsize,
1192 } else if (strcasecmp_m(name, "mode") == 0) {
1193 if (determine_size) {
1194 p = talloc_asprintf(ctx, "0x%x", mode);
1201 n = snprintf(buf, bufsize,
1206 if (!determine_size && n > bufsize) {
1216 if (! exclude_dos_size) {
1217 if (all || all_dos) {
1218 if (determine_size) {
1219 p = talloc_asprintf(
1229 n = snprintf(buf, bufsize,
1233 } else if (strcasecmp_m(name, "size") == 0) {
1234 if (determine_size) {
1235 p = talloc_asprintf(
1245 n = snprintf(buf, bufsize,
1251 if (!determine_size && n > bufsize) {
1261 if (! exclude_dos_create_time &&
1262 attr_strings.create_time_attr != NULL) {
1263 if (all || all_dos) {
1264 if (determine_size) {
1265 p = talloc_asprintf(ctx,
1267 attr_strings.create_time_attr,
1268 (unsigned long) create_time);
1275 n = snprintf(buf, bufsize,
1277 attr_strings.create_time_attr,
1278 (unsigned long) create_time);
1280 } else if (strcasecmp_m(name, attr_strings.create_time_attr) == 0) {
1281 if (determine_size) {
1282 p = talloc_asprintf(ctx, "%lu", (unsigned long) create_time);
1289 n = snprintf(buf, bufsize,
1290 "%lu", (unsigned long) create_time);
1294 if (!determine_size && n > bufsize) {
1304 if (! exclude_dos_access_time) {
1305 if (all || all_dos) {
1306 if (determine_size) {
1307 p = talloc_asprintf(ctx,
1309 attr_strings.access_time_attr,
1310 (unsigned long) access_time);
1317 n = snprintf(buf, bufsize,
1319 attr_strings.access_time_attr,
1320 (unsigned long) access_time);
1322 } else if (strcasecmp_m(name, attr_strings.access_time_attr) == 0) {
1323 if (determine_size) {
1324 p = talloc_asprintf(ctx, "%lu", (unsigned long) access_time);
1331 n = snprintf(buf, bufsize,
1332 "%lu", (unsigned long) access_time);
1336 if (!determine_size && n > bufsize) {
1346 if (! exclude_dos_write_time) {
1347 if (all || all_dos) {
1348 if (determine_size) {
1349 p = talloc_asprintf(ctx,
1351 attr_strings.write_time_attr,
1352 (unsigned long) write_time);
1359 n = snprintf(buf, bufsize,
1361 attr_strings.write_time_attr,
1362 (unsigned long) write_time);
1364 } else if (strcasecmp_m(name, attr_strings.write_time_attr) == 0) {
1365 if (determine_size) {
1366 p = talloc_asprintf(ctx, "%lu", (unsigned long) write_time);
1373 n = snprintf(buf, bufsize,
1374 "%lu", (unsigned long) write_time);
1378 if (!determine_size && n > bufsize) {
1388 if (! exclude_dos_change_time) {
1389 if (all || all_dos) {
1390 if (determine_size) {
1391 p = talloc_asprintf(ctx,
1393 attr_strings.change_time_attr,
1394 (unsigned long) change_time);
1401 n = snprintf(buf, bufsize,
1403 attr_strings.change_time_attr,
1404 (unsigned long) change_time);
1406 } else if (strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
1407 if (determine_size) {
1408 p = talloc_asprintf(ctx, "%lu", (unsigned long) change_time);
1415 n = snprintf(buf, bufsize,
1416 "%lu", (unsigned long) change_time);
1420 if (!determine_size && n > bufsize) {
1430 if (! exclude_dos_inode) {
1431 if (all || all_dos) {
1432 if (determine_size) {
1433 p = talloc_asprintf(
1443 n = snprintf(buf, bufsize,
1447 } else if (strcasecmp_m(name, "inode") == 0) {
1448 if (determine_size) {
1449 p = talloc_asprintf(
1459 n = snprintf(buf, bufsize,
1465 if (!determine_size && n > bufsize) {
1475 /* Restore name pointer to its original value */
1487 /*****************************************************
1488 set the ACLs on a file given an ascii description
1489 *******************************************************/
1491 cacl_set(SMBCCTX *context,
1493 struct cli_state *cli,
1494 struct cli_state *ipc_cli,
1495 struct policy_handle *pol,
1496 const char *filename,
1501 uint16_t fnum = (uint16_t)-1;
1503 struct security_descriptor *sd = NULL, *old;
1504 struct security_acl *dacl = NULL;
1505 struct dom_sid *owner_sid = NULL;
1506 struct dom_sid *group_sid = NULL;
1511 bool numeric = True;
1512 char *targetpath = NULL;
1513 struct cli_state *targetcli = NULL;
1516 /* the_acl will be null for REMOVE_ALL operations */
1518 numeric = ((p = strchr(the_acl, ':')) != NULL &&
1522 /* if this is to set the entire ACL... */
1523 if (*the_acl == '*') {
1524 /* ... then increment past the first colon */
1528 sd = sec_desc_parse(ctx, ipc_cli, pol, numeric, the_acl);
1535 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1536 that doesn't deref sd */
1538 if (!sd && (mode != SMBC_XATTR_MODE_REMOVE_ALL)) {
1543 status = cli_resolve_path(ctx, "", context->internal->auth_info,
1544 cli, filename, &targetcli, &targetpath);
1545 if (!NT_STATUS_IS_OK(status)) {
1546 DEBUG(5,("cacl_set: Could not resolve %s\n", filename));
1551 /* The desired access below is the only one I could find that works
1552 with NT4, W2KP and Samba */
1554 status = cli_ntcreate(
1555 targetcli, /* cli */
1556 targetpath, /* fname */
1558 READ_CONTROL_ACCESS, /* DesiredAccess */
1559 0, /* FileAttributes */
1561 FILE_SHARE_WRITE, /* ShareAccess */
1562 FILE_OPEN, /* CreateDisposition */
1563 0x0, /* CreateOptions */
1564 0x0, /* SecurityFlags */
1567 if (!NT_STATUS_IS_OK(status)) {
1568 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1569 targetpath, nt_errstr(status)));
1574 status = cli_query_secdesc(targetcli, fnum, ctx, &old);
1575 if (!NT_STATUS_IS_OK(status)) {
1576 DEBUG(5,("cacl_set Failed to query old descriptor of %s: %s\n",
1577 targetpath, nt_errstr(status)));
1582 cli_close(targetcli, fnum);
1585 case SMBC_XATTR_MODE_REMOVE_ALL:
1586 old->dacl->num_aces = 0;
1590 case SMBC_XATTR_MODE_REMOVE:
1591 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1594 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1595 if (security_ace_equal(&sd->dacl->aces[i],
1596 &old->dacl->aces[j])) {
1598 for (k=j; k<old->dacl->num_aces-1;k++) {
1599 old->dacl->aces[k] =
1600 old->dacl->aces[k+1];
1602 old->dacl->num_aces--;
1617 case SMBC_XATTR_MODE_ADD:
1618 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1621 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1622 if (dom_sid_equal(&sd->dacl->aces[i].trustee,
1623 &old->dacl->aces[j].trustee)) {
1624 if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
1629 old->dacl->aces[j] = sd->dacl->aces[i];
1635 if (!found && (flags & SMBC_XATTR_FLAG_REPLACE)) {
1641 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1642 add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
1648 case SMBC_XATTR_MODE_SET:
1650 owner_sid = old->owner_sid;
1651 group_sid = old->group_sid;
1655 case SMBC_XATTR_MODE_CHOWN:
1656 owner_sid = sd->owner_sid;
1659 case SMBC_XATTR_MODE_CHGRP:
1660 group_sid = sd->group_sid;
1664 /* Denied ACE entries must come before allowed ones */
1665 sort_acl(old->dacl);
1667 /* Create new security descriptor and set it */
1668 sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
1669 owner_sid, group_sid, NULL, dacl, &sd_size);
1671 status = cli_ntcreate(targetcli, targetpath, 0,
1672 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS, 0,
1673 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN,
1674 0x0, 0x0, &fnum, NULL);
1675 if (!NT_STATUS_IS_OK(status)) {
1676 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1677 targetpath, nt_errstr(status)));
1682 status = cli_set_secdesc(targetcli, fnum, sd);
1683 if (!NT_STATUS_IS_OK(status)) {
1684 DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1685 nt_errstr(status)));
1692 cli_close(targetcli, fnum);
1703 SMBC_setxattr_ctx(SMBCCTX *context,
1712 SMBCSRV *srv = NULL;
1713 SMBCSRV *ipc_srv = NULL;
1714 char *server = NULL;
1717 char *password = NULL;
1718 char *workgroup = NULL;
1720 struct DOS_ATTR_DESC *dad = NULL;
1722 const char * create_time_attr;
1723 const char * access_time_attr;
1724 const char * write_time_attr;
1725 const char * change_time_attr;
1728 TALLOC_CTX *frame = talloc_stackframe();
1730 if (!context || !context->internal->initialized) {
1731 errno = EINVAL; /* Best I can think of ... */
1742 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1743 fname, name, (int) size, (const char*)value));
1745 if (SMBC_parse_path(frame,
1761 if (!user || user[0] == (char)0) {
1762 user = talloc_strdup(frame, smbc_getUser(context));
1770 srv = SMBC_server(frame, context, True,
1771 server, port, share, &workgroup, &user, &password);
1774 return -1; /* errno set by SMBC_server */
1777 if (! srv->no_nt_session) {
1778 ipc_srv = SMBC_attr_server(frame, context, server, port, share,
1779 &workgroup, &user, &password);
1781 srv->no_nt_session = True;
1788 * Are they asking to set the entire set of known attributes?
1790 if (strcasecmp_m(name, "system.*") == 0 ||
1791 strcasecmp_m(name, "system.*+") == 0) {
1794 talloc_asprintf(talloc_tos(), "%s:%s",
1795 name+7, (const char *) value);
1804 ret = cacl_set(context, talloc_tos(), srv->cli,
1805 ipc_srv->cli, &ipc_srv->pol, path,
1808 ? SMBC_XATTR_MODE_SET
1809 : SMBC_XATTR_MODE_ADD),
1815 /* get a DOS Attribute Descriptor with current attributes */
1816 dad = dos_attr_query(context, talloc_tos(), path, srv);
1820 /* Overwrite old with new, using what was provided */
1821 dos_attr_parse(context, dad, srv, namevalue);
1823 /* Set the new DOS attributes */
1829 .tv_sec = dad->create_time },
1831 .tv_sec = dad->access_time },
1833 .tv_sec = dad->write_time },
1835 .tv_sec = dad->change_time },
1838 /* cause failure if NT failed too */
1843 /* we only fail if both NT and DOS sets failed */
1844 if (ret < 0 && ! dad) {
1845 ret = -1; /* in case dad was null */
1856 * Are they asking to set an access control element or to set
1857 * the entire access control list?
1859 if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
1860 strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
1861 strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
1862 strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
1863 strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
1867 talloc_asprintf(talloc_tos(), "%s:%s",
1868 name+19, (const char *) value);
1871 ret = -1; /* errno set by SMBC_server() */
1873 else if (! namevalue) {
1877 ret = cacl_set(context, talloc_tos(), srv->cli,
1878 ipc_srv->cli, &ipc_srv->pol, path,
1881 ? SMBC_XATTR_MODE_SET
1882 : SMBC_XATTR_MODE_ADD),
1890 * Are they asking to set the owner?
1892 if (strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
1893 strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0) {
1897 talloc_asprintf(talloc_tos(), "%s:%s",
1898 name+19, (const char *) value);
1901 ret = -1; /* errno set by SMBC_server() */
1903 else if (! namevalue) {
1907 ret = cacl_set(context, talloc_tos(), srv->cli,
1908 ipc_srv->cli, &ipc_srv->pol, path,
1909 namevalue, SMBC_XATTR_MODE_CHOWN, 0);
1916 * Are they asking to set the group?
1918 if (strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
1919 strcasecmp_m(name, "system.nt_sec_desc.group+") == 0) {
1923 talloc_asprintf(talloc_tos(), "%s:%s",
1924 name+19, (const char *) value);
1927 /* errno set by SMBC_server() */
1930 else if (! namevalue) {
1934 ret = cacl_set(context, talloc_tos(), srv->cli,
1935 ipc_srv->cli, &ipc_srv->pol, path,
1936 namevalue, SMBC_XATTR_MODE_CHGRP, 0);
1942 /* Determine whether to use old-style or new-style attribute names */
1943 if (context->internal->full_time_names) {
1944 /* new-style names */
1945 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
1946 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
1947 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
1948 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
1950 /* old-style names */
1951 attr_strings.create_time_attr = NULL;
1952 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
1953 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
1954 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
1958 * Are they asking to set a DOS attribute?
1960 if (strcasecmp_m(name, "system.dos_attr.*") == 0 ||
1961 strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
1962 (attr_strings.create_time_attr != NULL &&
1963 strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
1964 strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
1965 strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
1966 strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
1968 /* get a DOS Attribute Descriptor with current attributes */
1969 dad = dos_attr_query(context, talloc_tos(), path, srv);
1972 talloc_asprintf(talloc_tos(), "%s:%s",
1973 name+16, (const char *) value);
1978 /* Overwrite old with provided new params */
1979 dos_attr_parse(context, dad, srv, namevalue);
1981 /* Set the new DOS attributes */
1987 .tv_sec = dad->create_time },
1989 .tv_sec = dad->access_time },
1991 .tv_sec = dad->write_time },
1993 .tv_sec = dad->change_time },
1996 /* ret2 has True (success) / False (failure) */
2011 /* Unsupported attribute name */
2018 SMBC_getxattr_ctx(SMBCCTX *context,
2025 SMBCSRV *srv = NULL;
2026 SMBCSRV *ipc_srv = NULL;
2027 char *server = NULL;
2030 char *password = NULL;
2031 char *workgroup = NULL;
2034 const char * create_time_attr;
2035 const char * access_time_attr;
2036 const char * write_time_attr;
2037 const char * change_time_attr;
2040 TALLOC_CTX *frame = talloc_stackframe();
2042 if (!context || !context->internal->initialized) {
2043 errno = EINVAL; /* Best I can think of ... */
2054 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname, name));
2056 if (SMBC_parse_path(frame,
2072 if (!user || user[0] == (char)0) {
2073 user = talloc_strdup(frame, smbc_getUser(context));
2081 srv = SMBC_server(frame, context, True,
2082 server, port, share, &workgroup, &user, &password);
2085 return -1; /* errno set by SMBC_server */
2088 if (! srv->no_nt_session) {
2089 ipc_srv = SMBC_attr_server(frame, context, server, port, share,
2090 &workgroup, &user, &password);
2092 * SMBC_attr_server() can cause the original
2093 * server to be removed from the cache.
2094 * If so we must error out here as the srv
2095 * pointer has been freed.
2097 if (smbc_getFunctionGetCachedServer(context)(context,
2102 #if defined(ECONNRESET)
2111 srv->no_nt_session = True;
2117 /* Determine whether to use old-style or new-style attribute names */
2118 if (context->internal->full_time_names) {
2119 /* new-style names */
2120 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
2121 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
2122 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
2123 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
2125 /* old-style names */
2126 attr_strings.create_time_attr = NULL;
2127 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
2128 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
2129 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
2132 /* Are they requesting a supported attribute? */
2133 if (strcasecmp_m(name, "system.*") == 0 ||
2134 strncasecmp_m(name, "system.*!", 9) == 0 ||
2135 strcasecmp_m(name, "system.*+") == 0 ||
2136 strncasecmp_m(name, "system.*+!", 10) == 0 ||
2137 strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
2138 strncasecmp_m(name, "system.nt_sec_desc.*!", 21) == 0 ||
2139 strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
2140 strncasecmp_m(name, "system.nt_sec_desc.*+!", 22) == 0 ||
2141 strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
2142 strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
2143 strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
2144 strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
2145 strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
2146 strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
2147 strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0 ||
2148 strcasecmp_m(name, "system.dos_attr.*") == 0 ||
2149 strncasecmp_m(name, "system.dos_attr.*!", 18) == 0 ||
2150 strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
2151 strcasecmp_m(name, "system.dos_attr.size") == 0 ||
2152 (attr_strings.create_time_attr != NULL &&
2153 strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
2154 strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
2155 strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
2156 strcasecmp_m(name, attr_strings.change_time_attr) == 0 ||
2157 strcasecmp_m(name, "system.dos_attr.inode") == 0) {
2160 const char *filename = name;
2161 ret = cacl_get(context, talloc_tos(), srv,
2162 ipc_srv == NULL ? NULL : ipc_srv->cli,
2163 &ipc_srv->pol, path,
2165 discard_const_p(char, value),
2167 if (ret < 0 && errno == 0) {
2168 errno = SMBC_errno(context, srv->cli);
2174 /* Unsupported attribute name */
2182 SMBC_removexattr_ctx(SMBCCTX *context,
2187 SMBCSRV *srv = NULL;
2188 SMBCSRV *ipc_srv = NULL;
2189 char *server = NULL;
2192 char *password = NULL;
2193 char *workgroup = NULL;
2196 TALLOC_CTX *frame = talloc_stackframe();
2198 if (!context || !context->internal->initialized) {
2199 errno = EINVAL; /* Best I can think of ... */
2210 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname, name));
2212 if (SMBC_parse_path(frame,
2228 if (!user || user[0] == (char)0) {
2229 user = talloc_strdup(frame, smbc_getUser(context));
2237 srv = SMBC_server(frame, context, True,
2238 server, port, share, &workgroup, &user, &password);
2241 return -1; /* errno set by SMBC_server */
2244 if (! srv->no_nt_session) {
2246 ipc_srv = SMBC_attr_server(frame, context, server, port, share,
2247 &workgroup, &user, &password);
2248 saved_errno = errno;
2250 * SMBC_attr_server() can cause the original
2251 * server to be removed from the cache.
2252 * If so we must error out here as the srv
2253 * pointer has been freed.
2255 if (smbc_getFunctionGetCachedServer(context)(context,
2260 #if defined(ECONNRESET)
2269 errno = saved_errno;
2270 srv->no_nt_session = True;
2278 return -1; /* errno set by SMBC_attr_server */
2281 /* Are they asking to set the entire ACL? */
2282 if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
2283 strcasecmp_m(name, "system.nt_sec_desc.*+") == 0) {
2286 ret = cacl_set(context, talloc_tos(), srv->cli,
2287 ipc_srv->cli, &ipc_srv->pol, path,
2288 NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
2294 * Are they asking to remove one or more spceific security descriptor
2297 if (strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
2298 strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
2299 strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
2300 strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
2301 strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
2302 strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
2303 strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
2306 ret = cacl_set(context, talloc_tos(), srv->cli,
2307 ipc_srv->cli, &ipc_srv->pol, path,
2308 discard_const_p(char, name) + 19,
2309 SMBC_XATTR_MODE_REMOVE, 0);
2314 /* Unsupported attribute name */
2321 SMBC_listxattr_ctx(SMBCCTX *context,
2327 * This isn't quite what listxattr() is supposed to do. This returns
2328 * the complete set of attribute names, always, rather than only those
2329 * attribute names which actually exist for a file. Hmmm...
2332 const char supported_old[] =
2335 "system.nt_sec_desc.revision\0"
2336 "system.nt_sec_desc.owner\0"
2337 "system.nt_sec_desc.owner+\0"
2338 "system.nt_sec_desc.group\0"
2339 "system.nt_sec_desc.group+\0"
2340 "system.nt_sec_desc.acl.*\0"
2341 "system.nt_sec_desc.acl\0"
2342 "system.nt_sec_desc.acl+\0"
2343 "system.nt_sec_desc.*\0"
2344 "system.nt_sec_desc.*+\0"
2345 "system.dos_attr.*\0"
2346 "system.dos_attr.mode\0"
2347 "system.dos_attr.c_time\0"
2348 "system.dos_attr.a_time\0"
2349 "system.dos_attr.m_time\0"
2351 const char supported_new[] =
2354 "system.nt_sec_desc.revision\0"
2355 "system.nt_sec_desc.owner\0"
2356 "system.nt_sec_desc.owner+\0"
2357 "system.nt_sec_desc.group\0"
2358 "system.nt_sec_desc.group+\0"
2359 "system.nt_sec_desc.acl.*\0"
2360 "system.nt_sec_desc.acl\0"
2361 "system.nt_sec_desc.acl+\0"
2362 "system.nt_sec_desc.*\0"
2363 "system.nt_sec_desc.*+\0"
2364 "system.dos_attr.*\0"
2365 "system.dos_attr.mode\0"
2366 "system.dos_attr.create_time\0"
2367 "system.dos_attr.access_time\0"
2368 "system.dos_attr.write_time\0"
2369 "system.dos_attr.change_time\0"
2371 const char * supported;
2373 if (context->internal->full_time_names) {
2374 supported = supported_new;
2375 retsize = sizeof(supported_new);
2377 supported = supported_old;
2378 retsize = sizeof(supported_old);
2385 if (retsize > size) {
2390 /* this can't be strcpy() because there are embedded null characters */
2391 memcpy(list, supported, retsize);