2 Unix SMB/Netbios implementation.
6 Copyright (C) Andrew Tridgell 2000
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 static fstring password;
28 static fstring username;
31 /* numeric is set when the user wants numeric SIDs and ACEs rather
32 than going via LSA calls to resolve them */
35 enum acl_mode {ACL_SET, ACL_DELETE, ACL_MODIFY, ACL_ADD};
38 /* convert a SID to a string, either numeric or username/group */
39 static void SidToString(fstring str, DOM_SID *sid)
42 sid_to_string(str, sid);
44 printf("need to add LSA lookups\n");
45 sid_to_string(str, sid);
49 /* convert a string to a SID, either numeric or username/group */
50 static BOOL StringToSid(DOM_SID *sid, fstring str)
52 if (strncmp(str,"S-", 2) == 0) {
53 return string_to_sid(sid, str);
55 printf("need to add LSA lookups\n");
61 /* print an ACE on a FILE, using either numeric or ascii representation */
62 static void print_ace(FILE *f, SEC_ACE *ace)
67 SidToString(sidstr, &ace->sid);
69 fprintf(f, "%s:", sidstr);
72 fprintf(f, "%x/%x/%08x\n",
73 ace->type, ace->flags, ace->info.mask);
77 /* this interpretation is almost certainly wrong, Tim, please
78 have a look at these */
79 if (ace->info.mask == 0x001f01ff) {
81 } else if (ace->info.mask == 0x001301bf) {
83 } else if (ace->info.mask == 0x001200a9) {
85 } else if (ace->info.mask == 0x00080000) {
91 fprintf(f,"%s\n", perm);
95 /* parse an ACE in the same format as print_ace() */
96 static BOOL parse_ace(SEC_ACE *ace, char *str)
99 unsigned atype, aflags, amask;
104 if (!p) return False;
106 if (sscanf(p+1, "%x/%x/%08x",
107 &atype, &aflags, &amask) != 3 ||
108 !StringToSid(&sid, str)) {
112 init_sec_ace(ace, &sid, atype, mask, aflags);
118 /* add an ACE to a list of ACEs in a SEC_ACL */
119 static BOOL add_ace(SEC_ACL **acl, SEC_ACE *ace)
124 (*acl) = make_sec_acl(3, 1, ace);
128 aces = calloc(1+(*acl)->num_aces,sizeof(SEC_ACE));
129 memcpy(aces, (*acl)->ace, (*acl)->num_aces * sizeof(SEC_ACE));
130 memcpy(aces+(*acl)->num_aces, ace, sizeof(SEC_ACE));
131 new = make_sec_acl((*acl)->revision,1+(*acl)->num_aces, aces);
138 /* parse a ascii version of a security descriptor */
139 static SEC_DESC *sec_desc_parse(char *str)
145 DOM_SID *grp_sid=NULL, *owner_sid=NULL;
146 SEC_ACL *dacl=NULL, *sacl=NULL;
150 while (next_token(&p, tok, " \t,\r\n", sizeof(tok))) {
152 if (strncmp(tok,"REVISION:", 9) == 0) {
153 revision = strtol(tok+9, NULL, 16);
156 if (strncmp(tok,"TYPE:", 5) == 0) {
157 type = strtol(tok+5, NULL, 16);
160 if (strncmp(tok,"OWNER:", 6) == 0) {
161 owner_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
163 !StringToSid(owner_sid, tok+6)) {
164 printf("Failed to parse owner sid\n");
169 if (strncmp(tok,"GROUP:", 6) == 0) {
170 grp_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
172 !StringToSid(grp_sid, tok+6)) {
173 printf("Failed to parse group sid\n");
178 if (strncmp(tok,"DACL:", 5) == 0) {
180 if (!parse_ace(&ace, tok+5) ||
181 !add_ace(&dacl, &ace)) {
182 printf("Failed to parse DACL\n");
187 if (strncmp(tok,"SACL:", 5) == 0) {
189 if (!parse_ace(&ace, tok+5) ||
190 !add_ace(&sacl, &ace)) {
191 printf("Failed to parse SACL\n");
197 ret = make_sec_desc(revision, owner_sid, grp_sid,
198 sacl, dacl, &sd_size);
202 if (grp_sid) free(grp_sid);
203 if (owner_sid) free(owner_sid);
209 /* print a ascii version of a security descriptor on a FILE handle */
210 static void sec_desc_print(FILE *f, SEC_DESC *sd)
215 printf("REVISION:%x TYPE:%x\n", sd->revision, sd->type);
217 /* Print owner and group sid */
220 SidToString(sidstr, sd->owner_sid);
225 printf("OWNER:%s\n", sidstr);
228 SidToString(sidstr, sd->grp_sid);
233 fprintf(f, "GROUP:%s\n", sidstr);
236 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
237 SEC_ACE *ace = &sd->dacl->ace[i];
241 for (i = 0; sd->sacl && i < sd->sacl->num_aces; i++) {
242 SEC_ACE *ace = &sd->sacl->ace[i];
250 /*****************************************************
251 dump the acls for a file
252 *******************************************************/
253 static void cacl_dump(struct cli_state *cli, char *filename)
258 fnum = cli_open(cli, filename, O_RDONLY, 0);
260 printf("Failed to open %s\n", filename);
264 sd = cli_query_secdesc(cli, fnum);
267 printf("ERROR: secdesc query failed\n");
271 sec_desc_print(stdout, sd);
275 cli_close(cli, fnum);
278 /*****************************************************
279 set the ACLs on a file given an ascii description
280 *******************************************************/
281 static void cacl_set(struct cli_state *cli, char *filename,
282 char *acl, enum acl_mode mode)
289 sd = sec_desc_parse(acl);
291 printf("Failed to parse security descriptor\n");
295 fnum = cli_open(cli, filename, O_RDONLY, 0);
297 printf("Failed to open %s\n", filename);
301 old = cli_query_secdesc(cli, fnum);
303 /* the logic here is rather more complex than I would like */
306 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
307 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
308 if (sec_ace_equal(&sd->dacl->ace[i],
309 &old->dacl->ace[j])) {
310 if (j != old->dacl->num_aces-1) {
311 old->dacl->ace[j] = old->dacl->ace[j+1];
313 old->dacl->num_aces--;
314 if (old->dacl->num_aces == 0) {
315 free(old->dacl->ace);
325 for (i=0;sd->sacl && i<sd->sacl->num_aces;i++) {
326 for (j=0;old->sacl && j<old->sacl->num_aces;j++) {
327 if (sec_ace_equal(&sd->sacl->ace[i],
328 &old->sacl->ace[j])) {
329 if (j != old->sacl->num_aces-1) {
330 old->sacl->ace[j] = old->sacl->ace[j+1];
332 old->sacl->num_aces--;
333 if (old->sacl->num_aces == 0) {
334 free(old->sacl->ace);
347 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
348 for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
349 if (sid_equal(&sd->dacl->ace[i].sid,
350 &old->dacl->ace[j].sid)) {
351 old->dacl->ace[j] = sd->dacl->ace[i];
355 for (i=0;sd->sacl && i<sd->sacl->num_aces;i++) {
356 for (j=0;old->sacl && j<old->sacl->num_aces;j++) {
357 if (sid_equal(&sd->sacl->ace[i].sid,
358 &old->sacl->ace[j].sid)) {
359 old->sacl->ace[j] = sd->sacl->ace[i];
366 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
367 add_ace(&old->dacl, &sd->dacl->ace[i]);
369 for (i=0;sd->sacl && i<sd->sacl->num_aces;i++) {
370 add_ace(&old->sacl, &sd->sacl->ace[i]);
385 sd = make_sec_desc(old->revision, old->owner_sid, old->grp_sid,
386 old->sacl, old->dacl, &sd_size);
388 if (!cli_set_secdesc(cli, fnum, sd)) {
389 printf("ERROR: secdesc set failed\n");
396 cli_close(cli, fnum);
400 /*****************************************************
401 return a connection to a server
402 *******************************************************/
403 struct cli_state *connect_one(char *share)
406 struct nmb_name called, calling;
410 extern struct in_addr ipzero;
411 extern pstring global_myname;
413 fstrcpy(server,share+2);
414 share = strchr(server,'\\');
415 if (!share) return NULL;
423 make_nmb_name(&calling, global_myname, 0x0);
424 make_nmb_name(&called , server, 0x20);
429 /* have to open a new connection */
430 if (!(c=cli_initialise(NULL)) || (cli_set_port(c, 139) == 0) ||
431 !cli_connect(c, server_n, &ip)) {
432 DEBUG(0,("Connection to %s failed\n", server_n));
436 if (!cli_session_request(c, &calling, &called)) {
437 DEBUG(0,("session request to %s failed\n", called.name));
439 if (strcmp(called.name, "*SMBSERVER")) {
440 make_nmb_name(&called , "*SMBSERVER", 0x20);
446 DEBUG(4,(" session request ok\n"));
448 if (!cli_negprot(c)) {
449 DEBUG(0,("protocol negotiation failed\n"));
455 char *pass = getpass("Password: ");
457 pstrcpy(password, pass);
461 if (!cli_session_setup(c, username,
462 password, strlen(password),
463 password, strlen(password),
465 DEBUG(0,("session setup failed: %s\n", cli_errstr(c)));
469 DEBUG(4,(" session setup ok\n"));
471 if (!cli_send_tconX(c, share, "?????",
472 password, strlen(password)+1)) {
473 DEBUG(0,("tree connect failed: %s\n", cli_errstr(c)));
478 DEBUG(4,(" tconx ok\n"));
484 static void usage(void)
488 smbcacls //server1/share1 filename [options]\n\n\
490 -D <acls> delete an acl\n\
491 -M <acls> modify an acl\n\
492 -A <acls> add an acl\n\
493 -S <acls> set acls\n\
495 an acl is of the form SID:type/flags/mask\n\
496 you can string acls together with spaces, commas or newlines\n\
500 /****************************************************************************
502 ****************************************************************************/
503 int main(int argc,char *argv[])
513 static pstring servicesf = CONFIGFILE;
514 struct cli_state *cli;
522 if (argc < 4 || argv[1][0] == '-') {
527 setup_logging(argv[0],True);
531 all_string_sub(share,"/","\\",0);
537 charset_initialise();
539 lp_load(servicesf,True,False,False);
540 codepage_initialise(lp_client_code_page());
543 if (getenv("USER")) {
544 pstrcpy(username,getenv("USER"));
549 while ((opt = getopt(argc, argv, "U:nhS:D:A:M:")) != EOF) {
552 pstrcpy(username,optarg);
553 p = strchr(username,'%');
556 pstrcpy(password, p+1);
589 printf("Unknown option %c (%d)\n", (char)opt, opt);
597 cli = connect_one(share);
601 cacl_set(cli, filename, acl, mode);
603 cacl_dump(cli, filename);
git.samba.org / kai / samba.git / blob