Get NT ACLs from UNIX files.
- Copyright (C) Tim Potter <tpot@samba.org> 2004
+ Copyright (C) Tim Potter <tpot@samba.org> 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_xattr.h"
+#include "../lib/util/wrap_xattr.h"
+#include "param/param.h"
-#if (defined(HAVE_NO_ACLS) || !defined(HAVE_XATTR_SUPPORT))
+static void ntacl_print_debug_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
-int main(int argc, char **argv)
+static void ntacl_print_debug_helper(struct ndr_print *ndr, const char *format, ...)
{
- printf("ACL support not compiled in.");
- return 1;
-}
+ va_list ap;
+ char *s = NULL;
+ int i;
-#else
+ va_start(ap, format);
+ vasprintf(&s, format, ap);
+ va_end(ap);
-/* Display a security descriptor in "psec" format which is as follows.
+ for (i=0;i<ndr->depth;i++) {
+ printf(" ");
+ }
- The first two lines describe the owner user and owner group of the
- object. If either of these lines are blank then the respective
- owner property is not set. The remaining lines list the individual
- permissions or ACE entries, one per line. Each column describes a
- different property of the ACE:
+ printf("%s\n", s);
+ free(s);
+}
- Column Description
- -------------------------------------------------------------------
- 1 ACE type (allow/deny etc)
- 2 ACE flags
- 3 ACE mask
- 4 SID the ACE applies to
+static NTSTATUS get_ntacl(TALLOC_CTX *mem_ctx,
+ char *filename,
+ struct xattr_NTACL **ntacl,
+ ssize_t *ntacl_len)
+{
+ DATA_BLOB blob;
+ ssize_t size;
+ enum ndr_err_code ndr_err;
+ struct ndr_pull *ndr;
- Example:
+ *ntacl = talloc(mem_ctx, struct xattr_NTACL);
- S-1-5-21-1067277791-1719175008-3000797951-500
+ size = wrap_getxattr(filename, XATTR_NTACL_NAME, NULL, 0);
- 1 9 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-501
- 1 2 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-501
- 0 9 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-500
- 0 2 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-500
- 0 9 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-513
- 0 2 0x00020000 S-1-5-21-1067277791-1719175008-3000797951-513
- 0 2 0xe0000000 S-1-1-0
-*/
+ if (size < 0) {
+ fprintf(stderr, "get_ntacl: %s\n", strerror(errno));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
-static void print_psec(TALLOC_CTX *mem_ctx, struct security_descriptor *sd)
-{
- if (sd->owner_sid)
- printf("%s\n", dom_sid_string(mem_ctx, sd->owner_sid));
- else
- printf("\n");
-
- if (sd->group_sid)
- printf("%s\n", dom_sid_string(mem_ctx, sd->owner_sid));
- else
- printf("\n");
-
- /* Note: SACL not displayed */
-
- if (sd->dacl) {
- int i;
-
- for (i = 0; i < sd->dacl->num_aces; i++) {
- struct security_ace *ace = &sd->dacl->aces[i];
-
- printf("%d %d 0x%08x %s\n", ace->type, ace->flags,
- ace->access_mask,
- dom_sid_string(mem_ctx, &ace->trustee));
- }
-
+ blob.data = talloc_array(*ntacl, uint8_t, size);
+ size = wrap_getxattr(filename, XATTR_NTACL_NAME, blob.data, size);
+ if (size < 0) {
+ fprintf(stderr, "get_ntacl: %s\n", strerror(errno));
+ return NT_STATUS_INTERNAL_ERROR;
}
-}
+ blob.length = size;
-int main(int argc, char **argv)
-{
- TALLOC_CTX *mem_ctx;
- ssize_t size;
- char *data;
- struct security_descriptor sd;
- DATA_BLOB blob;
- struct ndr_pull *ndr;
- NTSTATUS result;
+ ndr = ndr_pull_init_blob(&blob, NULL, NULL);
- static_init_getntacl;
+ ndr_err = ndr_pull_xattr_NTACL(ndr, NDR_SCALARS|NDR_BUFFERS, *ntacl);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
- mem_ctx = talloc_init("getntacl");
+ return NT_STATUS_OK;
+}
- /* Fetch ACL data */
+static void print_ntacl(TALLOC_CTX *mem_ctx,
+ const char *fname,
+ struct xattr_NTACL *ntacl)
+{
+ struct ndr_print *pr;
- size = getxattr(argv[1], "security.ntacl", NULL, 0);
+ pr = talloc_zero(mem_ctx, struct ndr_print);
+ if (!pr) return;
+ pr->print = ntacl_print_debug_helper;
- if (size == -1) {
- fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
- exit(1);
- }
+ ndr_print_xattr_NTACL(pr, fname, ntacl);
+ talloc_free(pr);
+}
- data = talloc(mem_ctx, size);
+int main(int argc, char *argv[])
+{
+ NTSTATUS status;
+ struct xattr_NTACL *ntacl;
+ ssize_t ntacl_len;
- size = getxattr(argv[1], "security.ntacl", data, size);
+ if (argc != 2) {
+ fprintf(stderr, "Usage: getntacl FILENAME\n");
+ return 1;
+ }
- blob = data_blob_talloc(mem_ctx, data, size);
+ status = get_ntacl(NULL, argv[1], &ntacl, &ntacl_len);
+ if (!NT_STATUS_IS_OK(status)) {
+ fprintf(stderr, "get_ntacl failed: %s\n", nt_errstr(status));
+ return 1;
+ }
- ndr = ndr_pull_init_blob(&blob, mem_ctx);
+ print_ntacl(ntacl, argv[1], ntacl);
- result = ndr_pull_security_descriptor(
- ndr, NDR_SCALARS|NDR_BUFFERS, &sd);
+ talloc_free(ntacl);
- print_psec(data, &sd);
return 0;
}
-
-#endif /* HAVE_NO_ACLS */
git.samba.org / gd / samba / .git / blobdiff