smbcacls: add -x argument, prints maximum access

Signed-off-by: Ralph Boehme <slow@samba.org>

diff --git a/docs-xml/manpages/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml
index 6071047682d9f52fcbb271b199e4e12c7ad20667..7f87da80329c44aaa77af5776db0cb7170531c3e 100644 (file)
--- a/docs-xml/manpages/smbcacls.1.xml
+++ b/docs-xml/manpages/smbcacls.1.xml
@@ -38,6 +38,7 @@
                <arg choice="opt">--set-security-info FLAGS</arg>
                <arg choice="opt">--sddl</arg>
                <arg choice="opt">--domain-sid SID</arg>
+               <arg choice="opt">-x|--maximum-access</arg>
        </cmdsynopsis>
 </refsynopsisdiv>
 
@@ -189,6 +190,14 @@
                </para></listitem>
                </varlistentry>
 
+               <varlistentry>
+               <term>-x|--maximum-access</term>
+               <listitem><para>When displaying an ACL additionally query
+               the server for effective maximum permissions. Note that this
+               is only supported with SMB protocol version 2 or higher.
+               </para></listitem>
+               </varlistentry>
+
                &stdarg.server.debug;
                &popt.common.samba;
                &popt.common.credentials;

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index a3a40e9eeb97023b9a5138a495cbd3b95e948933..b61d11df860f783a58125cc3196b3c1a55f2f413 100644 (file)
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -40,6 +40,7 @@ static int test_args;
 static int sddl;
 static int query_sec_info = -1;
 static int set_sec_info = -1;
+static bool want_mxac;
 
 static const char *domain_sid = NULL;
 
@@ -359,12 +360,33 @@ static bool set_secdesc(struct cli_state *cli, const char *filename,
        return result;
 }
 
+/*****************************************************
+get maximum access for a file
+*******************************************************/
+static int cacl_mxac(struct cli_state *cli, const char *filename)
+{
+       NTSTATUS status;
+       uint32_t mxac;
+
+       status = cli_query_mxac(cli, filename, &mxac);
+       if (!NT_STATUS_IS_OK(status)) {
+               printf("Failed to get mxac: %s\n", nt_errstr(status));
+               return EXIT_FAILED;
+       }
+
+       printf("Maximum access: 0x%x\n", mxac);
+
+       return EXIT_OK;
+}
+
+
 /*****************************************************
 dump the acls for a file
 *******************************************************/
 static int cacl_dump(struct cli_state *cli, const char *filename, bool numeric)
 {
        struct security_descriptor *sd;
+       int ret;
 
        if (test_args) {
                return EXIT_OK;
@@ -386,6 +408,13 @@ static int cacl_dump(struct cli_state *cli, const char *filename, bool numeric)
                sec_desc_print(cli, stdout, sd, numeric);
        }
 
+       if (want_mxac) {
+               ret = cacl_mxac(cli, filename);
+               if (ret != EXIT_OK) {
+                       return ret;
+               }
+       }
+
        return EXIT_OK;
 }
 
@@ -910,6 +939,14 @@ int main(int argc, char *argv[])
                        .descrip    = "Set the max protocol level",
                        .argDescrip = "LEVEL",
                },
+               {
+                       .longName   = "maximum-access",
+                       .shortName  = 'x',
+                       .argInfo    = POPT_ARG_NONE,
+                       .arg        = NULL,
+                       .val        = 'x',
+                       .descrip    = "Query maximum persmissions",
+               },
                POPT_COMMON_SAMBA
                POPT_COMMON_CONNECTION
                POPT_COMMON_CREDENTIALS
@@ -975,6 +1012,9 @@ int main(int argc, char *argv[])
                case 'm':
                        lp_set_cmdline("client max protocol", poptGetOptArg(pc));
                        break;
+               case 'x':
+                       want_mxac = true;
+                       break;
                }
        }