2 Unix SMB/Netbios implementation.
3 SMB client library implementation
4 Copyright (C) Andrew Tridgell 1998
5 Copyright (C) Richard Sharpe 2000, 2002
6 Copyright (C) John Terpstra 2000
7 Copyright (C) Tom Jansen (Ninja ISD) 2002
8 Copyright (C) Derrell Lipman 2003-2008
9 Copyright (C) Jeremy Allison 2007, 2008
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "libsmbclient.h"
27 #include "libsmb_internal.h"
28 #include "../librpc/gen_ndr/ndr_lsa.h"
29 #include "rpc_client/cli_lsarpc.h"
30 #include "../libcli/security/dom_sid.h"
34 * Find an lsa pipe handle associated with a cli struct.
36 static struct rpc_pipe_client *
37 find_lsa_pipe_hnd(struct cli_state *ipc_cli)
39 struct rpc_pipe_client *pipe_hnd;
41 for (pipe_hnd = ipc_cli->pipe_list;
43 pipe_hnd = pipe_hnd->next) {
44 if (ndr_syntax_id_equal(&pipe_hnd->abstract_syntax,
45 &ndr_table_lsarpc.syntax_id)) {
53 * Sort ACEs according to the documentation at
54 * http://support.microsoft.com/kb/269175, at least as far as it defines the
59 ace_compare(struct security_ace *ace1,
60 struct security_ace *ace2)
65 /* If the ACEs are equal, we have nothing more to do. */
66 if (sec_ace_equal(ace1, ace2)) {
70 /* Inherited follow non-inherited */
71 b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
72 b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
78 * What shall we do with AUDITs and ALARMs? It's undefined. We'll
79 * sort them after DENY and ALLOW.
81 b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
82 ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
83 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
84 ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
85 b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
86 ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
87 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
88 ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
93 /* Allowed ACEs follow denied ACEs */
94 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
95 ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
96 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
97 ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
103 * ACEs applying to an entity's object follow those applying to the
106 b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
107 ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
108 b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
109 ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
111 return (b1 ? 1 : -1);
115 * If we get this far, the ACEs are similar as far as the
116 * characteristics we typically care about (those defined by the
117 * referenced MS document). We'll now sort by characteristics that
118 * just seems reasonable.
121 if (ace1->type != ace2->type) {
122 return ace2->type - ace1->type;
125 if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
126 return dom_sid_compare(&ace1->trustee, &ace2->trustee);
129 if (ace1->flags != ace2->flags) {
130 return ace1->flags - ace2->flags;
133 if (ace1->access_mask != ace2->access_mask) {
134 return ace1->access_mask - ace2->access_mask;
137 if (ace1->size != ace2->size) {
138 return ace1->size - ace2->size;
141 return memcmp(ace1, ace2, sizeof(struct security_ace));
146 sort_acl(struct security_acl *the_acl)
149 if (!the_acl) return;
151 TYPESAFE_QSORT(the_acl->aces, the_acl->num_aces, ace_compare);
153 for (i=1;i<the_acl->num_aces;) {
154 if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) {
156 for (j=i; j<the_acl->num_aces-1; j++) {
157 the_acl->aces[j] = the_acl->aces[j+1];
166 /* convert a SID to a string, either numeric or username/group */
168 convert_sid_to_string(struct cli_state *ipc_cli,
169 struct policy_handle *pol,
174 char **domains = NULL;
176 enum lsa_SidType *types = NULL;
177 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
180 sid_to_fstring(str, sid);
183 return; /* no lookup desired */
190 /* Ask LSA to convert the sid to a name */
192 ctx = talloc_stackframe();
194 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd, ctx,
195 pol, 1, sid, &domains,
197 !domains || !domains[0] || !names || !names[0]) {
204 slprintf(str, sizeof(fstring) - 1, "%s%s%s",
205 domains[0], lp_winbind_separator(),
211 /* convert a string to a SID, either numeric or username/group */
213 convert_string_to_sid(struct cli_state *ipc_cli,
214 struct policy_handle *pol,
219 enum lsa_SidType *types = NULL;
220 struct dom_sid *sids = NULL;
222 TALLOC_CTX *ctx = NULL;
223 struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
230 if (strncmp(str, "S-", 2) == 0) {
231 return string_to_sid(sid, str);
238 ctx = talloc_stackframe();
239 if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd, ctx,
247 sid_copy(sid, &sids[0]);
254 /* parse an struct security_ace in the same format as print_ace() */
256 parse_ace(struct cli_state *ipc_cli,
257 struct policy_handle *pol,
258 struct security_ace *ace,
270 const struct perm_value *v;
275 TALLOC_CTX *frame = talloc_stackframe();
277 /* These values discovered by inspection */
278 static const struct perm_value special_values[] = {
288 static const struct perm_value standard_values[] = {
289 { "READ", 0x001200a9 },
290 { "CHANGE", 0x001301bf },
291 { "FULL", 0x001f01ff },
296 p = strchr_m(str,':');
303 /* Try to parse numeric form */
305 if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
306 convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
310 /* Try to parse text form */
312 if (!convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
318 if (!next_token_talloc(frame, &cp, &tok, "/")) {
323 if (StrnCaseCmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
324 atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
325 } else if (StrnCaseCmp(tok, "DENIED", strlen("DENIED")) == 0) {
326 atype = SEC_ACE_TYPE_ACCESS_DENIED;
332 /* Only numeric form accepted for flags at present */
334 if (!(next_token_talloc(frame, &cp, &tok, "/") &&
335 sscanf(tok, "%i", &aflags))) {
340 if (!next_token_talloc(frame, &cp, &tok, "/")) {
345 if (strncmp(tok, "0x", 2) == 0) {
346 if (sscanf(tok, "%i", &amask) != 1) {
353 for (v = standard_values; v->perm; v++) {
354 if (strcmp(tok, v->perm) == 0) {
365 for (v = special_values; v->perm; v++) {
366 if (v->perm[0] == *p) {
386 init_sec_ace(ace, &sid, atype, mask, aflags);
391 /* add an struct security_ace to a list of struct security_aces in a struct security_acl */
393 add_ace(struct security_acl **the_acl,
394 struct security_ace *ace,
397 struct security_acl *newacl;
398 struct security_ace *aces;
401 (*the_acl) = make_sec_acl(ctx, 3, 1, ace);
405 if ((aces = SMB_CALLOC_ARRAY(struct security_ace,
406 1+(*the_acl)->num_aces)) == NULL) {
409 memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(struct security_ace));
410 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(struct security_ace));
411 newacl = make_sec_acl(ctx, (*the_acl)->revision,
412 1+(*the_acl)->num_aces, aces);
419 /* parse a ascii version of a security descriptor */
420 static struct security_descriptor *
421 sec_desc_parse(TALLOC_CTX *ctx,
422 struct cli_state *ipc_cli,
423 struct policy_handle *pol,
429 struct security_descriptor *ret = NULL;
431 struct dom_sid *group_sid=NULL;
432 struct dom_sid *owner_sid=NULL;
433 struct security_acl *dacl=NULL;
436 while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
438 if (StrnCaseCmp(tok,"REVISION:", 9) == 0) {
439 revision = strtol(tok+9, NULL, 16);
443 if (StrnCaseCmp(tok,"OWNER:", 6) == 0) {
445 DEBUG(5,("OWNER specified more than once!\n"));
448 owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
450 !convert_string_to_sid(ipc_cli, pol,
453 DEBUG(5, ("Failed to parse owner sid\n"));
459 if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) {
461 DEBUG(5,("OWNER specified more than once!\n"));
464 owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
466 !convert_string_to_sid(ipc_cli, pol,
469 DEBUG(5, ("Failed to parse owner sid\n"));
475 if (StrnCaseCmp(tok,"GROUP:", 6) == 0) {
477 DEBUG(5,("GROUP specified more than once!\n"));
480 group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
482 !convert_string_to_sid(ipc_cli, pol,
485 DEBUG(5, ("Failed to parse group sid\n"));
491 if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) {
493 DEBUG(5,("GROUP specified more than once!\n"));
496 group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
498 !convert_string_to_sid(ipc_cli, pol,
501 DEBUG(5, ("Failed to parse group sid\n"));
507 if (StrnCaseCmp(tok,"ACL:", 4) == 0) {
508 struct security_ace ace;
509 if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
510 DEBUG(5, ("Failed to parse ACL %s\n", tok));
513 if(!add_ace(&dacl, &ace, ctx)) {
514 DEBUG(5, ("Failed to add ACL %s\n", tok));
520 if (StrnCaseCmp(tok,"ACL+:", 5) == 0) {
521 struct security_ace ace;
522 if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
523 DEBUG(5, ("Failed to parse ACL %s\n", tok));
526 if(!add_ace(&dacl, &ace, ctx)) {
527 DEBUG(5, ("Failed to add ACL %s\n", tok));
533 DEBUG(5, ("Failed to parse security descriptor\n"));
537 ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE,
538 owner_sid, group_sid, NULL, dacl, &sd_size);
541 SAFE_FREE(group_sid);
542 SAFE_FREE(owner_sid);
547 /* Obtain the current dos attributes */
548 static DOS_ATTR_DESC *
549 dos_attr_query(SMBCCTX *context,
551 const char *filename,
554 struct timespec create_time_ts;
555 struct timespec write_time_ts;
556 struct timespec access_time_ts;
557 struct timespec change_time_ts;
563 ret = TALLOC_P(ctx, DOS_ATTR_DESC);
569 /* Obtain the DOS attributes */
570 if (!SMBC_getatr(context, srv, CONST_DISCARD(char *, filename),
577 errno = SMBC_errno(context, srv->cli);
578 DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
584 ret->create_time = convert_timespec_to_time_t(create_time_ts);
585 ret->access_time = convert_timespec_to_time_t(access_time_ts);
586 ret->write_time = convert_timespec_to_time_t(write_time_ts);
587 ret->change_time = convert_timespec_to_time_t(change_time_ts);
594 /* parse a ascii version of a security descriptor */
596 dos_attr_parse(SMBCCTX *context,
604 TALLOC_CTX *frame = NULL;
606 const char * create_time_attr;
607 const char * access_time_attr;
608 const char * write_time_attr;
609 const char * change_time_attr;
612 /* Determine whether to use old-style or new-style attribute names */
613 if (context->internal->full_time_names) {
614 /* new-style names */
615 attr_strings.create_time_attr = "CREATE_TIME";
616 attr_strings.access_time_attr = "ACCESS_TIME";
617 attr_strings.write_time_attr = "WRITE_TIME";
618 attr_strings.change_time_attr = "CHANGE_TIME";
620 /* old-style names */
621 attr_strings.create_time_attr = NULL;
622 attr_strings.access_time_attr = "A_TIME";
623 attr_strings.write_time_attr = "M_TIME";
624 attr_strings.change_time_attr = "C_TIME";
627 /* if this is to set the entire ACL... */
629 /* ... then increment past the first colon if there is one */
630 if ((p = strchr(str, ':')) != NULL) {
637 frame = talloc_stackframe();
638 while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
639 if (StrnCaseCmp(tok, "MODE:", 5) == 0) {
640 long request = strtol(tok+5, NULL, 16);
642 dad->mode = (request |
643 (IS_DOS_DIR(dad->mode)
644 ? FILE_ATTRIBUTE_DIRECTORY
645 : FILE_ATTRIBUTE_NORMAL));
652 if (StrnCaseCmp(tok, "SIZE:", 5) == 0) {
653 dad->size = (SMB_OFF_T)atof(tok+5);
657 n = strlen(attr_strings.access_time_attr);
658 if (StrnCaseCmp(tok, attr_strings.access_time_attr, n) == 0) {
659 dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
663 n = strlen(attr_strings.change_time_attr);
664 if (StrnCaseCmp(tok, attr_strings.change_time_attr, n) == 0) {
665 dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
669 n = strlen(attr_strings.write_time_attr);
670 if (StrnCaseCmp(tok, attr_strings.write_time_attr, n) == 0) {
671 dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
675 if (attr_strings.create_time_attr != NULL) {
676 n = strlen(attr_strings.create_time_attr);
677 if (StrnCaseCmp(tok, attr_strings.create_time_attr,
679 dad->create_time = (time_t)strtol(tok+n+1,
685 if (StrnCaseCmp(tok, "INODE:", 6) == 0) {
686 dad->inode = (SMB_INO_T)atof(tok+6);
693 /*****************************************************
694 Retrieve the acls for a file.
695 *******************************************************/
698 cacl_get(SMBCCTX *context,
701 struct cli_state *ipc_cli,
702 struct policy_handle *pol,
717 bool exclude_nt_revision = False;
718 bool exclude_nt_owner = False;
719 bool exclude_nt_group = False;
720 bool exclude_nt_acl = False;
721 bool exclude_dos_mode = False;
722 bool exclude_dos_size = False;
723 bool exclude_dos_create_time = False;
724 bool exclude_dos_access_time = False;
725 bool exclude_dos_write_time = False;
726 bool exclude_dos_change_time = False;
727 bool exclude_dos_inode = False;
729 bool determine_size = (bufsize == 0);
731 struct security_descriptor *sd;
733 fstring name_sandbox;
737 struct timespec create_time_ts;
738 struct timespec write_time_ts;
739 struct timespec access_time_ts;
740 struct timespec change_time_ts;
741 time_t create_time = (time_t)0;
742 time_t write_time = (time_t)0;
743 time_t access_time = (time_t)0;
744 time_t change_time = (time_t)0;
748 struct cli_state *cli = srv->cli;
750 const char * create_time_attr;
751 const char * access_time_attr;
752 const char * write_time_attr;
753 const char * change_time_attr;
756 const char * create_time_attr;
757 const char * access_time_attr;
758 const char * write_time_attr;
759 const char * change_time_attr;
762 /* Determine whether to use old-style or new-style attribute names */
763 if (context->internal->full_time_names) {
764 /* new-style names */
765 attr_strings.create_time_attr = "CREATE_TIME";
766 attr_strings.access_time_attr = "ACCESS_TIME";
767 attr_strings.write_time_attr = "WRITE_TIME";
768 attr_strings.change_time_attr = "CHANGE_TIME";
770 excl_attr_strings.create_time_attr = "CREATE_TIME";
771 excl_attr_strings.access_time_attr = "ACCESS_TIME";
772 excl_attr_strings.write_time_attr = "WRITE_TIME";
773 excl_attr_strings.change_time_attr = "CHANGE_TIME";
775 /* old-style names */
776 attr_strings.create_time_attr = NULL;
777 attr_strings.access_time_attr = "A_TIME";
778 attr_strings.write_time_attr = "M_TIME";
779 attr_strings.change_time_attr = "C_TIME";
781 excl_attr_strings.create_time_attr = NULL;
782 excl_attr_strings.access_time_attr = "dos_attr.A_TIME";
783 excl_attr_strings.write_time_attr = "dos_attr.M_TIME";
784 excl_attr_strings.change_time_attr = "dos_attr.C_TIME";
787 /* Copy name so we can strip off exclusions (if any are specified) */
788 strncpy(name_sandbox, attr_name, sizeof(name_sandbox) - 1);
790 /* Ensure name is null terminated */
791 name_sandbox[sizeof(name_sandbox) - 1] = '\0';
793 /* Play in the sandbox */
796 /* If there are any exclusions, point to them and mask them from name */
797 if ((pExclude = strchr(name, '!')) != NULL)
802 all = (StrnCaseCmp(name, "system.*", 8) == 0);
803 all_nt = (StrnCaseCmp(name, "system.nt_sec_desc.*", 20) == 0);
804 all_nt_acls = (StrnCaseCmp(name, "system.nt_sec_desc.acl.*", 24) == 0);
805 all_dos = (StrnCaseCmp(name, "system.dos_attr.*", 17) == 0);
806 some_nt = (StrnCaseCmp(name, "system.nt_sec_desc.", 19) == 0);
807 some_dos = (StrnCaseCmp(name, "system.dos_attr.", 16) == 0);
808 numeric = (* (name + strlen(name) - 1) != '+');
810 /* Look for exclusions from "all" requests */
811 if (all || all_nt || all_dos) {
812 /* Exclusions are delimited by '!' */
815 pExclude = (p == NULL ? NULL : p + 1)) {
817 /* Find end of this exclusion name */
818 if ((p = strchr(pExclude, '!')) != NULL)
823 /* Which exclusion name is this? */
824 if (StrCaseCmp(pExclude,
825 "nt_sec_desc.revision") == 0) {
826 exclude_nt_revision = True;
828 else if (StrCaseCmp(pExclude,
829 "nt_sec_desc.owner") == 0) {
830 exclude_nt_owner = True;
832 else if (StrCaseCmp(pExclude,
833 "nt_sec_desc.group") == 0) {
834 exclude_nt_group = True;
836 else if (StrCaseCmp(pExclude,
837 "nt_sec_desc.acl") == 0) {
838 exclude_nt_acl = True;
840 else if (StrCaseCmp(pExclude,
841 "dos_attr.mode") == 0) {
842 exclude_dos_mode = True;
844 else if (StrCaseCmp(pExclude,
845 "dos_attr.size") == 0) {
846 exclude_dos_size = True;
848 else if (excl_attr_strings.create_time_attr != NULL &&
850 excl_attr_strings.change_time_attr) == 0) {
851 exclude_dos_create_time = True;
853 else if (StrCaseCmp(pExclude,
854 excl_attr_strings.access_time_attr) == 0) {
855 exclude_dos_access_time = True;
857 else if (StrCaseCmp(pExclude,
858 excl_attr_strings.write_time_attr) == 0) {
859 exclude_dos_write_time = True;
861 else if (StrCaseCmp(pExclude,
862 excl_attr_strings.change_time_attr) == 0) {
863 exclude_dos_change_time = True;
865 else if (StrCaseCmp(pExclude, "dos_attr.inode") == 0) {
866 exclude_dos_inode = True;
869 DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
880 * If we are (possibly) talking to an NT or new system and some NT
881 * attributes have been requested...
883 if (ipc_cli && (all || some_nt || all_nt_acls)) {
884 char *targetpath = NULL;
885 struct cli_state *targetcli = NULL;
887 /* Point to the portion after "system.nt_sec_desc." */
888 name += 19; /* if (all) this will be invalid but unused */
890 if (!cli_resolve_path(ctx, "", context->internal->auth_info,
892 &targetcli, &targetpath)) {
893 DEBUG(5, ("cacl_get Could not resolve %s\n",
899 /* ... then obtain any NT attributes which were requested */
900 if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli, targetpath, 0, CREATE_ACCESS_READ, 0,
901 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
902 DEBUG(5, ("cacl_get failed to open %s: %s\n",
903 targetpath, cli_errstr(targetcli)));
908 sd = cli_query_secdesc(targetcli, fnum, ctx);
912 ("cacl_get Failed to query old descriptor\n"));
917 cli_close(targetcli, fnum);
919 if (! exclude_nt_revision) {
921 if (determine_size) {
922 p = talloc_asprintf(ctx,
931 n = snprintf(buf, bufsize,
935 } else if (StrCaseCmp(name, "revision") == 0) {
936 if (determine_size) {
937 p = talloc_asprintf(ctx, "%d",
945 n = snprintf(buf, bufsize, "%d",
950 if (!determine_size && n > bufsize) {
960 if (! exclude_nt_owner) {
961 /* Get owner and group sid */
963 convert_sid_to_string(ipc_cli, pol,
972 if (determine_size) {
973 p = talloc_asprintf(ctx, ",OWNER:%s",
980 } else if (sidstr[0] != '\0') {
981 n = snprintf(buf, bufsize,
982 ",OWNER:%s", sidstr);
984 } else if (StrnCaseCmp(name, "owner", 5) == 0) {
985 if (determine_size) {
986 p = talloc_asprintf(ctx, "%s", sidstr);
993 n = snprintf(buf, bufsize, "%s",
998 if (!determine_size && n > bufsize) {
1008 if (! exclude_nt_group) {
1009 if (sd->group_sid) {
1010 convert_sid_to_string(ipc_cli, pol,
1014 fstrcpy(sidstr, "");
1017 if (all || all_nt) {
1018 if (determine_size) {
1019 p = talloc_asprintf(ctx, ",GROUP:%s",
1026 } else if (sidstr[0] != '\0') {
1027 n = snprintf(buf, bufsize,
1028 ",GROUP:%s", sidstr);
1030 } else if (StrnCaseCmp(name, "group", 5) == 0) {
1031 if (determine_size) {
1032 p = talloc_asprintf(ctx, "%s", sidstr);
1039 n = snprintf(buf, bufsize,
1044 if (!determine_size && n > bufsize) {
1054 if (! exclude_nt_acl) {
1055 /* Add aces to value buffer */
1056 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1058 struct security_ace *ace = &sd->dacl->aces[i];
1059 convert_sid_to_string(ipc_cli, pol,
1063 if (all || all_nt) {
1064 if (determine_size) {
1065 p = talloc_asprintf(
1081 ",ACL:%s:%d/%d/0x%08x",
1087 } else if ((StrnCaseCmp(name, "acl", 3) == 0 &&
1088 StrCaseCmp(name+3, sidstr) == 0) ||
1089 (StrnCaseCmp(name, "acl+", 4) == 0 &&
1090 StrCaseCmp(name+4, sidstr) == 0)) {
1091 if (determine_size) {
1092 p = talloc_asprintf(
1104 n = snprintf(buf, bufsize,
1110 } else if (all_nt_acls) {
1111 if (determine_size) {
1112 p = talloc_asprintf(
1114 "%s%s:%d/%d/0x%08x",
1126 n = snprintf(buf, bufsize,
1127 "%s%s:%d/%d/0x%08x",
1135 if (!determine_size && n > bufsize) {
1146 /* Restore name pointer to its original value */
1150 if (all || some_dos) {
1151 /* Point to the portion after "system.dos_attr." */
1152 name += 16; /* if (all) this will be invalid but unused */
1154 /* Obtain the DOS attributes */
1155 if (!SMBC_getatr(context, srv, filename, &mode, &size,
1162 errno = SMBC_errno(context, srv->cli);
1166 create_time = convert_timespec_to_time_t(create_time_ts);
1167 access_time = convert_timespec_to_time_t(access_time_ts);
1168 write_time = convert_timespec_to_time_t(write_time_ts);
1169 change_time = convert_timespec_to_time_t(change_time_ts);
1171 if (! exclude_dos_mode) {
1172 if (all || all_dos) {
1173 if (determine_size) {
1174 p = talloc_asprintf(ctx,
1187 n = snprintf(buf, bufsize,
1195 } else if (StrCaseCmp(name, "mode") == 0) {
1196 if (determine_size) {
1197 p = talloc_asprintf(ctx, "0x%x", mode);
1204 n = snprintf(buf, bufsize,
1209 if (!determine_size && n > bufsize) {
1219 if (! exclude_dos_size) {
1220 if (all || all_dos) {
1221 if (determine_size) {
1222 p = talloc_asprintf(
1232 n = snprintf(buf, bufsize,
1236 } else if (StrCaseCmp(name, "size") == 0) {
1237 if (determine_size) {
1238 p = talloc_asprintf(
1248 n = snprintf(buf, bufsize,
1254 if (!determine_size && n > bufsize) {
1264 if (! exclude_dos_create_time &&
1265 attr_strings.create_time_attr != NULL) {
1266 if (all || all_dos) {
1267 if (determine_size) {
1268 p = talloc_asprintf(ctx,
1270 attr_strings.create_time_attr,
1271 (unsigned long) create_time);
1278 n = snprintf(buf, bufsize,
1280 attr_strings.create_time_attr,
1281 (unsigned long) create_time);
1283 } else if (StrCaseCmp(name, attr_strings.create_time_attr) == 0) {
1284 if (determine_size) {
1285 p = talloc_asprintf(ctx, "%lu", (unsigned long) create_time);
1292 n = snprintf(buf, bufsize,
1293 "%lu", (unsigned long) create_time);
1297 if (!determine_size && n > bufsize) {
1307 if (! exclude_dos_access_time) {
1308 if (all || all_dos) {
1309 if (determine_size) {
1310 p = talloc_asprintf(ctx,
1312 attr_strings.access_time_attr,
1313 (unsigned long) access_time);
1320 n = snprintf(buf, bufsize,
1322 attr_strings.access_time_attr,
1323 (unsigned long) access_time);
1325 } else if (StrCaseCmp(name, attr_strings.access_time_attr) == 0) {
1326 if (determine_size) {
1327 p = talloc_asprintf(ctx, "%lu", (unsigned long) access_time);
1334 n = snprintf(buf, bufsize,
1335 "%lu", (unsigned long) access_time);
1339 if (!determine_size && n > bufsize) {
1349 if (! exclude_dos_write_time) {
1350 if (all || all_dos) {
1351 if (determine_size) {
1352 p = talloc_asprintf(ctx,
1354 attr_strings.write_time_attr,
1355 (unsigned long) write_time);
1362 n = snprintf(buf, bufsize,
1364 attr_strings.write_time_attr,
1365 (unsigned long) write_time);
1367 } else if (StrCaseCmp(name, attr_strings.write_time_attr) == 0) {
1368 if (determine_size) {
1369 p = talloc_asprintf(ctx, "%lu", (unsigned long) write_time);
1376 n = snprintf(buf, bufsize,
1377 "%lu", (unsigned long) write_time);
1381 if (!determine_size && n > bufsize) {
1391 if (! exclude_dos_change_time) {
1392 if (all || all_dos) {
1393 if (determine_size) {
1394 p = talloc_asprintf(ctx,
1396 attr_strings.change_time_attr,
1397 (unsigned long) change_time);
1404 n = snprintf(buf, bufsize,
1406 attr_strings.change_time_attr,
1407 (unsigned long) change_time);
1409 } else if (StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
1410 if (determine_size) {
1411 p = talloc_asprintf(ctx, "%lu", (unsigned long) change_time);
1418 n = snprintf(buf, bufsize,
1419 "%lu", (unsigned long) change_time);
1423 if (!determine_size && n > bufsize) {
1433 if (! exclude_dos_inode) {
1434 if (all || all_dos) {
1435 if (determine_size) {
1436 p = talloc_asprintf(
1446 n = snprintf(buf, bufsize,
1450 } else if (StrCaseCmp(name, "inode") == 0) {
1451 if (determine_size) {
1452 p = talloc_asprintf(
1462 n = snprintf(buf, bufsize,
1468 if (!determine_size && n > bufsize) {
1478 /* Restore name pointer to its original value */
1490 /*****************************************************
1491 set the ACLs on a file given an ascii description
1492 *******************************************************/
1494 cacl_set(SMBCCTX *context,
1496 struct cli_state *cli,
1497 struct cli_state *ipc_cli,
1498 struct policy_handle *pol,
1499 const char *filename,
1504 uint16_t fnum = (uint16_t)-1;
1506 struct security_descriptor *sd = NULL, *old;
1507 struct security_acl *dacl = NULL;
1508 struct dom_sid *owner_sid = NULL;
1509 struct dom_sid *group_sid = NULL;
1514 bool numeric = True;
1515 char *targetpath = NULL;
1516 struct cli_state *targetcli = NULL;
1518 /* the_acl will be null for REMOVE_ALL operations */
1520 numeric = ((p = strchr(the_acl, ':')) != NULL &&
1524 /* if this is to set the entire ACL... */
1525 if (*the_acl == '*') {
1526 /* ... then increment past the first colon */
1530 sd = sec_desc_parse(ctx, ipc_cli, pol, numeric, the_acl);
1537 /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1538 that doesn't deref sd */
1540 if (!sd && (mode != SMBC_XATTR_MODE_REMOVE_ALL)) {
1545 if (!cli_resolve_path(ctx, "", context->internal->auth_info,
1547 &targetcli, &targetpath)) {
1548 DEBUG(5,("cacl_set: Could not resolve %s\n", filename));
1553 /* The desired access below is the only one I could find that works
1554 with NT4, W2KP and Samba */
1556 if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli, targetpath, 0, CREATE_ACCESS_READ, 0,
1557 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
1558 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1559 targetpath, cli_errstr(targetcli)));
1564 old = cli_query_secdesc(targetcli, fnum, ctx);
1567 DEBUG(5, ("cacl_set Failed to query old descriptor\n"));
1572 cli_close(targetcli, fnum);
1575 case SMBC_XATTR_MODE_REMOVE_ALL:
1576 old->dacl->num_aces = 0;
1580 case SMBC_XATTR_MODE_REMOVE:
1581 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1584 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1585 if (sec_ace_equal(&sd->dacl->aces[i],
1586 &old->dacl->aces[j])) {
1588 for (k=j; k<old->dacl->num_aces-1;k++) {
1589 old->dacl->aces[k] =
1590 old->dacl->aces[k+1];
1592 old->dacl->num_aces--;
1607 case SMBC_XATTR_MODE_ADD:
1608 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1611 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1612 if (dom_sid_equal(&sd->dacl->aces[i].trustee,
1613 &old->dacl->aces[j].trustee)) {
1614 if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
1619 old->dacl->aces[j] = sd->dacl->aces[i];
1625 if (!found && (flags & SMBC_XATTR_FLAG_REPLACE)) {
1631 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1632 add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
1638 case SMBC_XATTR_MODE_SET:
1640 owner_sid = old->owner_sid;
1641 group_sid = old->group_sid;
1645 case SMBC_XATTR_MODE_CHOWN:
1646 owner_sid = sd->owner_sid;
1649 case SMBC_XATTR_MODE_CHGRP:
1650 group_sid = sd->group_sid;
1654 /* Denied ACE entries must come before allowed ones */
1655 sort_acl(old->dacl);
1657 /* Create new security descriptor and set it */
1658 sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
1659 owner_sid, group_sid, NULL, dacl, &sd_size);
1661 if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli, targetpath, 0,
1662 WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS, 0,
1663 FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
1664 DEBUG(5, ("cacl_set failed to open %s: %s\n",
1665 targetpath, cli_errstr(targetcli)));
1670 if (!cli_set_secdesc(targetcli, fnum, sd)) {
1671 DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1672 cli_errstr(targetcli)));
1679 cli_close(targetcli, fnum);
1690 SMBC_setxattr_ctx(SMBCCTX *context,
1699 SMBCSRV *srv = NULL;
1700 SMBCSRV *ipc_srv = NULL;
1701 char *server = NULL;
1704 char *password = NULL;
1705 char *workgroup = NULL;
1707 DOS_ATTR_DESC *dad = NULL;
1709 const char * create_time_attr;
1710 const char * access_time_attr;
1711 const char * write_time_attr;
1712 const char * change_time_attr;
1714 TALLOC_CTX *frame = talloc_stackframe();
1716 if (!context || !context->internal->initialized) {
1717 errno = EINVAL; /* Best I can think of ... */
1728 DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1729 fname, name, (int) size, (const char*)value));
1731 if (SMBC_parse_path(frame,
1746 if (!user || user[0] == (char)0) {
1747 user = talloc_strdup(frame, smbc_getUser(context));
1755 srv = SMBC_server(frame, context, True,
1756 server, share, &workgroup, &user, &password);
1759 return -1; /* errno set by SMBC_server */
1762 if (! srv->no_nt_session) {
1763 ipc_srv = SMBC_attr_server(frame, context, server, share,
1764 &workgroup, &user, &password);
1766 srv->no_nt_session = True;
1773 * Are they asking to set the entire set of known attributes?
1775 if (StrCaseCmp(name, "system.*") == 0 ||
1776 StrCaseCmp(name, "system.*+") == 0) {
1779 talloc_asprintf(talloc_tos(), "%s:%s",
1780 name+7, (const char *) value);
1789 ret = cacl_set(context, talloc_tos(), srv->cli,
1790 ipc_srv->cli, &ipc_srv->pol, path,
1793 ? SMBC_XATTR_MODE_SET
1794 : SMBC_XATTR_MODE_ADD),
1800 /* get a DOS Attribute Descriptor with current attributes */
1801 dad = dos_attr_query(context, talloc_tos(), path, srv);
1803 /* Overwrite old with new, using what was provided */
1804 dos_attr_parse(context, dad, srv, namevalue);
1806 /* Set the new DOS attributes */
1807 if (! SMBC_setatr(context, srv, path,
1814 /* cause failure if NT failed too */
1819 /* we only fail if both NT and DOS sets failed */
1820 if (ret < 0 && ! dad) {
1821 ret = -1; /* in case dad was null */
1832 * Are they asking to set an access control element or to set
1833 * the entire access control list?
1835 if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
1836 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
1837 StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
1838 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
1839 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
1843 talloc_asprintf(talloc_tos(), "%s:%s",
1844 name+19, (const char *) value);
1847 ret = -1; /* errno set by SMBC_server() */
1849 else if (! namevalue) {
1853 ret = cacl_set(context, talloc_tos(), srv->cli,
1854 ipc_srv->cli, &ipc_srv->pol, path,
1857 ? SMBC_XATTR_MODE_SET
1858 : SMBC_XATTR_MODE_ADD),
1866 * Are they asking to set the owner?
1868 if (StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
1869 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0) {
1873 talloc_asprintf(talloc_tos(), "%s:%s",
1874 name+19, (const char *) value);
1877 ret = -1; /* errno set by SMBC_server() */
1879 else if (! namevalue) {
1883 ret = cacl_set(context, talloc_tos(), srv->cli,
1884 ipc_srv->cli, &ipc_srv->pol, path,
1885 namevalue, SMBC_XATTR_MODE_CHOWN, 0);
1892 * Are they asking to set the group?
1894 if (StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
1895 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0) {
1899 talloc_asprintf(talloc_tos(), "%s:%s",
1900 name+19, (const char *) value);
1903 /* errno set by SMBC_server() */
1906 else if (! namevalue) {
1910 ret = cacl_set(context, talloc_tos(), srv->cli,
1911 ipc_srv->cli, &ipc_srv->pol, path,
1912 namevalue, SMBC_XATTR_MODE_CHGRP, 0);
1918 /* Determine whether to use old-style or new-style attribute names */
1919 if (context->internal->full_time_names) {
1920 /* new-style names */
1921 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
1922 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
1923 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
1924 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
1926 /* old-style names */
1927 attr_strings.create_time_attr = NULL;
1928 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
1929 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
1930 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
1934 * Are they asking to set a DOS attribute?
1936 if (StrCaseCmp(name, "system.dos_attr.*") == 0 ||
1937 StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
1938 (attr_strings.create_time_attr != NULL &&
1939 StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
1940 StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
1941 StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
1942 StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
1944 /* get a DOS Attribute Descriptor with current attributes */
1945 dad = dos_attr_query(context, talloc_tos(), path, srv);
1948 talloc_asprintf(talloc_tos(), "%s:%s",
1949 name+16, (const char *) value);
1954 /* Overwrite old with provided new params */
1955 dos_attr_parse(context, dad, srv, namevalue);
1957 /* Set the new DOS attributes */
1958 ret2 = SMBC_setatr(context, srv, path,
1965 /* ret2 has True (success) / False (failure) */
1980 /* Unsupported attribute name */
1987 SMBC_getxattr_ctx(SMBCCTX *context,
1994 SMBCSRV *srv = NULL;
1995 SMBCSRV *ipc_srv = NULL;
1996 char *server = NULL;
1999 char *password = NULL;
2000 char *workgroup = NULL;
2003 const char * create_time_attr;
2004 const char * access_time_attr;
2005 const char * write_time_attr;
2006 const char * change_time_attr;
2008 TALLOC_CTX *frame = talloc_stackframe();
2010 if (!context || !context->internal->initialized) {
2011 errno = EINVAL; /* Best I can think of ... */
2022 DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname, name));
2024 if (SMBC_parse_path(frame,
2039 if (!user || user[0] == (char)0) {
2040 user = talloc_strdup(frame, smbc_getUser(context));
2048 srv = SMBC_server(frame, context, True,
2049 server, share, &workgroup, &user, &password);
2052 return -1; /* errno set by SMBC_server */
2055 if (! srv->no_nt_session) {
2056 ipc_srv = SMBC_attr_server(frame, context, server, share,
2057 &workgroup, &user, &password);
2059 srv->no_nt_session = True;
2065 /* Determine whether to use old-style or new-style attribute names */
2066 if (context->internal->full_time_names) {
2067 /* new-style names */
2068 attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
2069 attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
2070 attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
2071 attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
2073 /* old-style names */
2074 attr_strings.create_time_attr = NULL;
2075 attr_strings.access_time_attr = "system.dos_attr.A_TIME";
2076 attr_strings.write_time_attr = "system.dos_attr.M_TIME";
2077 attr_strings.change_time_attr = "system.dos_attr.C_TIME";
2080 /* Are they requesting a supported attribute? */
2081 if (StrCaseCmp(name, "system.*") == 0 ||
2082 StrnCaseCmp(name, "system.*!", 9) == 0 ||
2083 StrCaseCmp(name, "system.*+") == 0 ||
2084 StrnCaseCmp(name, "system.*+!", 10) == 0 ||
2085 StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
2086 StrnCaseCmp(name, "system.nt_sec_desc.*!", 21) == 0 ||
2087 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
2088 StrnCaseCmp(name, "system.nt_sec_desc.*+!", 22) == 0 ||
2089 StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
2090 StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
2091 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
2092 StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
2093 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
2094 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
2095 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0 ||
2096 StrCaseCmp(name, "system.dos_attr.*") == 0 ||
2097 StrnCaseCmp(name, "system.dos_attr.*!", 18) == 0 ||
2098 StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
2099 StrCaseCmp(name, "system.dos_attr.size") == 0 ||
2100 (attr_strings.create_time_attr != NULL &&
2101 StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
2102 StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
2103 StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
2104 StrCaseCmp(name, attr_strings.change_time_attr) == 0 ||
2105 StrCaseCmp(name, "system.dos_attr.inode") == 0) {
2108 char *filename = (char *) name;
2109 ret = cacl_get(context, talloc_tos(), srv,
2110 ipc_srv == NULL ? NULL : ipc_srv->cli,
2111 &ipc_srv->pol, path,
2113 CONST_DISCARD(char *, value),
2115 if (ret < 0 && errno == 0) {
2116 errno = SMBC_errno(context, srv->cli);
2122 /* Unsupported attribute name */
2130 SMBC_removexattr_ctx(SMBCCTX *context,
2135 SMBCSRV *srv = NULL;
2136 SMBCSRV *ipc_srv = NULL;
2137 char *server = NULL;
2140 char *password = NULL;
2141 char *workgroup = NULL;
2143 TALLOC_CTX *frame = talloc_stackframe();
2145 if (!context || !context->internal->initialized) {
2146 errno = EINVAL; /* Best I can think of ... */
2157 DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname, name));
2159 if (SMBC_parse_path(frame,
2174 if (!user || user[0] == (char)0) {
2175 user = talloc_strdup(frame, smbc_getUser(context));
2183 srv = SMBC_server(frame, context, True,
2184 server, share, &workgroup, &user, &password);
2187 return -1; /* errno set by SMBC_server */
2190 if (! srv->no_nt_session) {
2191 ipc_srv = SMBC_attr_server(frame, context, server, share,
2192 &workgroup, &user, &password);
2194 srv->no_nt_session = True;
2202 return -1; /* errno set by SMBC_attr_server */
2205 /* Are they asking to set the entire ACL? */
2206 if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
2207 StrCaseCmp(name, "system.nt_sec_desc.*+") == 0) {
2210 ret = cacl_set(context, talloc_tos(), srv->cli,
2211 ipc_srv->cli, &ipc_srv->pol, path,
2212 NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
2218 * Are they asking to remove one or more spceific security descriptor
2221 if (StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
2222 StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
2223 StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
2224 StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
2225 StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
2226 StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
2227 StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
2230 ret = cacl_set(context, talloc_tos(), srv->cli,
2231 ipc_srv->cli, &ipc_srv->pol, path,
2232 CONST_DISCARD(char *, name) + 19,
2233 SMBC_XATTR_MODE_REMOVE, 0);
2238 /* Unsupported attribute name */
2245 SMBC_listxattr_ctx(SMBCCTX *context,
2251 * This isn't quite what listxattr() is supposed to do. This returns
2252 * the complete set of attribute names, always, rather than only those
2253 * attribute names which actually exist for a file. Hmmm...
2256 const char supported_old[] =
2259 "system.nt_sec_desc.revision\0"
2260 "system.nt_sec_desc.owner\0"
2261 "system.nt_sec_desc.owner+\0"
2262 "system.nt_sec_desc.group\0"
2263 "system.nt_sec_desc.group+\0"
2264 "system.nt_sec_desc.acl.*\0"
2265 "system.nt_sec_desc.acl\0"
2266 "system.nt_sec_desc.acl+\0"
2267 "system.nt_sec_desc.*\0"
2268 "system.nt_sec_desc.*+\0"
2269 "system.dos_attr.*\0"
2270 "system.dos_attr.mode\0"
2271 "system.dos_attr.c_time\0"
2272 "system.dos_attr.a_time\0"
2273 "system.dos_attr.m_time\0"
2275 const char supported_new[] =
2278 "system.nt_sec_desc.revision\0"
2279 "system.nt_sec_desc.owner\0"
2280 "system.nt_sec_desc.owner+\0"
2281 "system.nt_sec_desc.group\0"
2282 "system.nt_sec_desc.group+\0"
2283 "system.nt_sec_desc.acl.*\0"
2284 "system.nt_sec_desc.acl\0"
2285 "system.nt_sec_desc.acl+\0"
2286 "system.nt_sec_desc.*\0"
2287 "system.nt_sec_desc.*+\0"
2288 "system.dos_attr.*\0"
2289 "system.dos_attr.mode\0"
2290 "system.dos_attr.create_time\0"
2291 "system.dos_attr.access_time\0"
2292 "system.dos_attr.write_time\0"
2293 "system.dos_attr.change_time\0"
2295 const char * supported;
2297 if (context->internal->full_time_names) {
2298 supported = supported_new;
2299 retsize = sizeof(supported_new);
2301 supported = supported_old;
2302 retsize = sizeof(supported_old);
2309 if (retsize > size) {
2314 /* this can't be strcpy() because there are embedded null characters */
2315 memcpy(list, supported, retsize);