*/
#include "includes.h"
+#include "libsmb/libsmb.h"
#include "libsmbclient.h"
#include "libsmb_internal.h"
-
+#include "../librpc/gen_ndr/ndr_lsa.h"
+#include "rpc_client/rpc_client.h"
+#include "rpc_client/cli_lsarpc.h"
+#include "../libcli/security/security.h"
/*
* Find an lsa pipe handle associated with a cli struct.
*/
static int
-ace_compare(SEC_ACE *ace1,
- SEC_ACE *ace2)
+ace_compare(struct security_ace *ace1,
+ struct security_ace *ace2)
{
bool b1;
bool b2;
/* If the ACEs are equal, we have nothing more to do. */
- if (sec_ace_equal(ace1, ace2)) {
+ if (security_ace_equal(ace1, ace2)) {
return 0;
}
return ace2->type - ace1->type;
}
- if (sid_compare(&ace1->trustee, &ace2->trustee)) {
- return sid_compare(&ace1->trustee, &ace2->trustee);
+ if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
+ return dom_sid_compare(&ace1->trustee, &ace2->trustee);
}
if (ace1->flags != ace2->flags) {
return ace1->size - ace2->size;
}
- return memcmp(ace1, ace2, sizeof(SEC_ACE));
+ return memcmp(ace1, ace2, sizeof(struct security_ace));
}
static void
-sort_acl(SEC_ACL *the_acl)
+sort_acl(struct security_acl *the_acl)
{
uint32 i;
if (!the_acl) return;
- qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]),
- QSORT_CAST ace_compare);
+ TYPESAFE_QSORT(the_acl->aces, the_acl->num_aces, ace_compare);
for (i=1;i<the_acl->num_aces;) {
- if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) {
+ if (security_ace_equal(&the_acl->aces[i-1],
+ &the_acl->aces[i])) {
int j;
for (j=i; j<the_acl->num_aces-1; j++) {
the_acl->aces[j] = the_acl->aces[j+1];
struct policy_handle *pol,
fstring str,
bool numeric,
- DOM_SID *sid)
+ struct dom_sid *sid)
{
char **domains = NULL;
char **names = NULL;
convert_string_to_sid(struct cli_state *ipc_cli,
struct policy_handle *pol,
bool numeric,
- DOM_SID *sid,
+ struct dom_sid *sid,
const char *str)
{
enum lsa_SidType *types = NULL;
- DOM_SID *sids = NULL;
+ struct dom_sid *sids = NULL;
bool result = True;
TALLOC_CTX *ctx = NULL;
struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
}
-/* parse an ACE in the same format as print_ace() */
+/* parse an struct security_ace in the same format as print_ace() */
static bool
parse_ace(struct cli_state *ipc_cli,
struct policy_handle *pol,
- SEC_ACE *ace,
+ struct security_ace *ace,
bool numeric,
char *str)
{
unsigned int atype;
unsigned int aflags;
unsigned int amask;
- DOM_SID sid;
+ struct dom_sid sid;
uint32_t mask;
const struct perm_value *v;
struct perm_value {
p++;
/* Try to parse numeric form */
- if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
+ if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
goto done;
}
return false;
}
- if (StrnCaseCmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
+ if (strncasecmp_m(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
- } else if (StrnCaseCmp(tok, "DENIED", strlen("DENIED")) == 0) {
+ } else if (strncasecmp_m(tok, "DENIED", strlen("DENIED")) == 0) {
atype = SEC_ACE_TYPE_ACCESS_DENIED;
} else {
TALLOC_FREE(frame);
/* Only numeric form accepted for flags at present */
if (!(next_token_talloc(frame, &cp, &tok, "/") &&
- sscanf(tok, "%i", &aflags))) {
+ sscanf(tok, "%u", &aflags))) {
TALLOC_FREE(frame);
return false;
}
}
if (strncmp(tok, "0x", 2) == 0) {
- if (sscanf(tok, "%i", &amask) != 1) {
+ if (sscanf(tok, "%u", &amask) != 1) {
TALLOC_FREE(frame);
return false;
}
goto done;
}
- for (v = standard_values; v->perm; v++) {
+ for (v = standard_values; v != NULL; v++) {
if (strcmp(tok, v->perm) == 0) {
amask = v->mask;
goto done;
while(*p) {
bool found = False;
- for (v = special_values; v->perm; v++) {
+ for (v = special_values; v != NULL; v++) {
if (v->perm[0] == *p) {
amask |= v->mask;
found = True;
return true;
}
-/* add an ACE to a list of ACEs in a SEC_ACL */
+/* add an struct security_ace to a list of struct security_aces in a struct security_acl */
static bool
-add_ace(SEC_ACL **the_acl,
- SEC_ACE *ace,
+add_ace(struct security_acl **the_acl,
+ struct security_ace *ace,
TALLOC_CTX *ctx)
{
- SEC_ACL *newacl;
- SEC_ACE *aces;
+ struct security_acl *newacl;
+ struct security_ace *aces;
if (! *the_acl) {
(*the_acl) = make_sec_acl(ctx, 3, 1, ace);
return True;
}
- if ((aces = SMB_CALLOC_ARRAY(SEC_ACE,
+ if ((aces = SMB_CALLOC_ARRAY(struct security_ace,
1+(*the_acl)->num_aces)) == NULL) {
return False;
}
- memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE));
- memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
+ memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(struct security_ace));
+ memcpy(aces+(*the_acl)->num_aces, ace, sizeof(struct security_ace));
newacl = make_sec_acl(ctx, (*the_acl)->revision,
1+(*the_acl)->num_aces, aces);
SAFE_FREE(aces);
/* parse a ascii version of a security descriptor */
-static SEC_DESC *
+static struct security_descriptor *
sec_desc_parse(TALLOC_CTX *ctx,
struct cli_state *ipc_cli,
struct policy_handle *pol,
{
const char *p = str;
char *tok;
- SEC_DESC *ret = NULL;
+ struct security_descriptor *ret = NULL;
size_t sd_size;
- DOM_SID *group_sid=NULL;
- DOM_SID *owner_sid=NULL;
- SEC_ACL *dacl=NULL;
+ struct dom_sid *group_sid=NULL;
+ struct dom_sid *owner_sid=NULL;
+ struct security_acl *dacl=NULL;
int revision=1;
while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
- if (StrnCaseCmp(tok,"REVISION:", 9) == 0) {
+ if (strncasecmp_m(tok,"REVISION:", 9) == 0) {
revision = strtol(tok+9, NULL, 16);
continue;
}
- if (StrnCaseCmp(tok,"OWNER:", 6) == 0) {
+ if (strncasecmp_m(tok,"OWNER:", 6) == 0) {
if (owner_sid) {
DEBUG(5,("OWNER specified more than once!\n"));
goto done;
}
- owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
+ owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
if (!owner_sid ||
!convert_string_to_sid(ipc_cli, pol,
numeric,
continue;
}
- if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) {
+ if (strncasecmp_m(tok,"OWNER+:", 7) == 0) {
if (owner_sid) {
DEBUG(5,("OWNER specified more than once!\n"));
goto done;
}
- owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
+ owner_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
if (!owner_sid ||
!convert_string_to_sid(ipc_cli, pol,
False,
continue;
}
- if (StrnCaseCmp(tok,"GROUP:", 6) == 0) {
+ if (strncasecmp_m(tok,"GROUP:", 6) == 0) {
if (group_sid) {
DEBUG(5,("GROUP specified more than once!\n"));
goto done;
}
- group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
+ group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
if (!group_sid ||
!convert_string_to_sid(ipc_cli, pol,
numeric,
continue;
}
- if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) {
+ if (strncasecmp_m(tok,"GROUP+:", 7) == 0) {
if (group_sid) {
DEBUG(5,("GROUP specified more than once!\n"));
goto done;
}
- group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
+ group_sid = SMB_CALLOC_ARRAY(struct dom_sid, 1);
if (!group_sid ||
!convert_string_to_sid(ipc_cli, pol,
False,
continue;
}
- if (StrnCaseCmp(tok,"ACL:", 4) == 0) {
- SEC_ACE ace;
+ if (strncasecmp_m(tok,"ACL:", 4) == 0) {
+ struct security_ace ace;
if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
DEBUG(5, ("Failed to parse ACL %s\n", tok));
goto done;
continue;
}
- if (StrnCaseCmp(tok,"ACL+:", 5) == 0) {
- SEC_ACE ace;
+ if (strncasecmp_m(tok,"ACL+:", 5) == 0) {
+ struct security_ace ace;
if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
DEBUG(5, ("Failed to parse ACL %s\n", tok));
goto done;
struct timespec write_time_ts;
struct timespec access_time_ts;
struct timespec change_time_ts;
- SMB_OFF_T size = 0;
+ off_t size = 0;
uint16 mode = 0;
SMB_INO_T inode = 0;
DOS_ATTR_DESC *ret;
- ret = TALLOC_P(ctx, DOS_ATTR_DESC);
+ ret = talloc(ctx, DOS_ATTR_DESC);
if (!ret) {
errno = ENOMEM;
return NULL;
}
/* Obtain the DOS attributes */
- if (!SMBC_getatr(context, srv, CONST_DISCARD(char *, filename),
+ if (!SMBC_getatr(context, srv, filename,
&mode, &size,
&create_time_ts,
&access_time_ts,
&inode)) {
errno = SMBC_errno(context, srv->cli);
DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
+ TALLOC_FREE(ret);
return NULL;
}
frame = talloc_stackframe();
while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
- if (StrnCaseCmp(tok, "MODE:", 5) == 0) {
+ if (strncasecmp_m(tok, "MODE:", 5) == 0) {
long request = strtol(tok+5, NULL, 16);
if (request == 0) {
dad->mode = (request |
continue;
}
- if (StrnCaseCmp(tok, "SIZE:", 5) == 0) {
- dad->size = (SMB_OFF_T)atof(tok+5);
+ if (strncasecmp_m(tok, "SIZE:", 5) == 0) {
+ dad->size = (off_t)atof(tok+5);
continue;
}
n = strlen(attr_strings.access_time_attr);
- if (StrnCaseCmp(tok, attr_strings.access_time_attr, n) == 0) {
+ if (strncasecmp_m(tok, attr_strings.access_time_attr, n) == 0) {
dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
continue;
}
n = strlen(attr_strings.change_time_attr);
- if (StrnCaseCmp(tok, attr_strings.change_time_attr, n) == 0) {
+ if (strncasecmp_m(tok, attr_strings.change_time_attr, n) == 0) {
dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
continue;
}
n = strlen(attr_strings.write_time_attr);
- if (StrnCaseCmp(tok, attr_strings.write_time_attr, n) == 0) {
+ if (strncasecmp_m(tok, attr_strings.write_time_attr, n) == 0) {
dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
continue;
}
if (attr_strings.create_time_attr != NULL) {
n = strlen(attr_strings.create_time_attr);
- if (StrnCaseCmp(tok, attr_strings.create_time_attr,
+ if (strncasecmp_m(tok, attr_strings.create_time_attr,
n) == 0) {
dad->create_time = (time_t)strtol(tok+n+1,
NULL, 10);
}
}
- if (StrnCaseCmp(tok, "INODE:", 6) == 0) {
+ if (strncasecmp_m(tok, "INODE:", 6) == 0) {
dad->inode = (SMB_INO_T)atof(tok+6);
continue;
}
SMBCSRV *srv,
struct cli_state *ipc_cli,
struct policy_handle *pol,
- char *filename,
- char *attr_name,
+ const char *filename,
+ const char *attr_name,
char *buf,
int bufsize)
{
bool numeric = True;
bool determine_size = (bufsize == 0);
uint16_t fnum;
- SEC_DESC *sd;
+ struct security_descriptor *sd;
fstring sidstr;
fstring name_sandbox;
char *name;
time_t write_time = (time_t)0;
time_t access_time = (time_t)0;
time_t change_time = (time_t)0;
- SMB_OFF_T size = 0;
+ off_t size = 0;
uint16 mode = 0;
SMB_INO_T ino = 0;
struct cli_state *cli = srv->cli;
*pExclude++ = '\0';
}
- all = (StrnCaseCmp(name, "system.*", 8) == 0);
- all_nt = (StrnCaseCmp(name, "system.nt_sec_desc.*", 20) == 0);
- all_nt_acls = (StrnCaseCmp(name, "system.nt_sec_desc.acl.*", 24) == 0);
- all_dos = (StrnCaseCmp(name, "system.dos_attr.*", 17) == 0);
- some_nt = (StrnCaseCmp(name, "system.nt_sec_desc.", 19) == 0);
- some_dos = (StrnCaseCmp(name, "system.dos_attr.", 16) == 0);
+ all = (strncasecmp_m(name, "system.*", 8) == 0);
+ all_nt = (strncasecmp_m(name, "system.nt_sec_desc.*", 20) == 0);
+ all_nt_acls = (strncasecmp_m(name, "system.nt_sec_desc.acl.*", 24) == 0);
+ all_dos = (strncasecmp_m(name, "system.dos_attr.*", 17) == 0);
+ some_nt = (strncasecmp_m(name, "system.nt_sec_desc.", 19) == 0);
+ some_dos = (strncasecmp_m(name, "system.dos_attr.", 16) == 0);
numeric = (* (name + strlen(name) - 1) != '+');
/* Look for exclusions from "all" requests */
}
/* Which exclusion name is this? */
- if (StrCaseCmp(pExclude,
+ if (strcasecmp_m(pExclude,
"nt_sec_desc.revision") == 0) {
exclude_nt_revision = True;
}
- else if (StrCaseCmp(pExclude,
+ else if (strcasecmp_m(pExclude,
"nt_sec_desc.owner") == 0) {
exclude_nt_owner = True;
}
- else if (StrCaseCmp(pExclude,
+ else if (strcasecmp_m(pExclude,
"nt_sec_desc.group") == 0) {
exclude_nt_group = True;
}
- else if (StrCaseCmp(pExclude,
+ else if (strcasecmp_m(pExclude,
"nt_sec_desc.acl") == 0) {
exclude_nt_acl = True;
}
- else if (StrCaseCmp(pExclude,
+ else if (strcasecmp_m(pExclude,
"dos_attr.mode") == 0) {
exclude_dos_mode = True;
}
- else if (StrCaseCmp(pExclude,
+ else if (strcasecmp_m(pExclude,
"dos_attr.size") == 0) {
exclude_dos_size = True;
}
else if (excl_attr_strings.create_time_attr != NULL &&
- StrCaseCmp(pExclude,
+ strcasecmp_m(pExclude,
excl_attr_strings.change_time_attr) == 0) {
exclude_dos_create_time = True;
}
- else if (StrCaseCmp(pExclude,
+ else if (strcasecmp_m(pExclude,
excl_attr_strings.access_time_attr) == 0) {
exclude_dos_access_time = True;
}
- else if (StrCaseCmp(pExclude,
+ else if (strcasecmp_m(pExclude,
excl_attr_strings.write_time_attr) == 0) {
exclude_dos_write_time = True;
}
- else if (StrCaseCmp(pExclude,
+ else if (strcasecmp_m(pExclude,
excl_attr_strings.change_time_attr) == 0) {
exclude_dos_change_time = True;
}
- else if (StrCaseCmp(pExclude, "dos_attr.inode") == 0) {
+ else if (strcasecmp_m(pExclude, "dos_attr.inode") == 0) {
exclude_dos_inode = True;
}
else {
if (ipc_cli && (all || some_nt || all_nt_acls)) {
char *targetpath = NULL;
struct cli_state *targetcli = NULL;
+ NTSTATUS status;
/* Point to the portion after "system.nt_sec_desc." */
name += 19; /* if (all) this will be invalid but unused */
- if (!cli_resolve_path(ctx, "", context->internal->auth_info,
- cli, filename,
- &targetcli, &targetpath)) {
+ status = cli_resolve_path(
+ ctx, "", context->internal->auth_info,
+ cli, filename, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("cacl_get Could not resolve %s\n",
filename));
errno = ENOENT;
}
/* ... then obtain any NT attributes which were requested */
- if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli, targetpath, 0, CREATE_ACCESS_READ, 0,
- FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
+ status = cli_ntcreate(targetcli, targetpath, 0,
+ CREATE_ACCESS_READ, 0,
+ FILE_SHARE_READ|FILE_SHARE_WRITE,
+ FILE_OPEN, 0x0, 0x0, &fnum, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("cacl_get failed to open %s: %s\n",
- targetpath, cli_errstr(targetcli)));
+ targetpath, nt_errstr(status)));
errno = 0;
return -1;
}
- sd = cli_query_secdesc(targetcli, fnum, ctx);
-
- if (!sd) {
- DEBUG(5,
- ("cacl_get Failed to query old descriptor\n"));
- errno = 0;
- return -1;
- }
+ status = cli_query_secdesc(targetcli, fnum, ctx, &sd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5,("cacl_get Failed to query old descriptor "
+ "of %s: %s\n",
+ targetpath, nt_errstr(status)));
+ errno = 0;
+ return -1;
+ }
cli_close(targetcli, fnum);
"REVISION:%d",
sd->revision);
}
- } else if (StrCaseCmp(name, "revision") == 0) {
+ } else if (strcasecmp_m(name, "revision") == 0) {
if (determine_size) {
p = talloc_asprintf(ctx, "%d",
sd->revision);
n = snprintf(buf, bufsize,
",OWNER:%s", sidstr);
}
- } else if (StrnCaseCmp(name, "owner", 5) == 0) {
+ } else if (strncasecmp_m(name, "owner", 5) == 0) {
if (determine_size) {
p = talloc_asprintf(ctx, "%s", sidstr);
if (!p) {
n = snprintf(buf, bufsize,
",GROUP:%s", sidstr);
}
- } else if (StrnCaseCmp(name, "group", 5) == 0) {
+ } else if (strncasecmp_m(name, "group", 5) == 0) {
if (determine_size) {
p = talloc_asprintf(ctx, "%s", sidstr);
if (!p) {
/* Add aces to value buffer */
for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
- SEC_ACE *ace = &sd->dacl->aces[i];
+ struct security_ace *ace = &sd->dacl->aces[i];
convert_sid_to_string(ipc_cli, pol,
sidstr, numeric,
&ace->trustee);
ace->flags,
ace->access_mask);
}
- } else if ((StrnCaseCmp(name, "acl", 3) == 0 &&
- StrCaseCmp(name+3, sidstr) == 0) ||
- (StrnCaseCmp(name, "acl+", 4) == 0 &&
- StrCaseCmp(name+4, sidstr) == 0)) {
+ } else if ((strncasecmp_m(name, "acl", 3) == 0 &&
+ strcasecmp_m(name+3, sidstr) == 0) ||
+ (strncasecmp_m(name, "acl+", 4) == 0 &&
+ strcasecmp_m(name+4, sidstr) == 0)) {
if (determine_size) {
p = talloc_asprintf(
ctx,
: ""),
mode);
}
- } else if (StrCaseCmp(name, "mode") == 0) {
+ } else if (strcasecmp_m(name, "mode") == 0) {
if (determine_size) {
p = talloc_asprintf(ctx, "0x%x", mode);
if (!p) {
",SIZE:%.0f",
(double)size);
}
- } else if (StrCaseCmp(name, "size") == 0) {
+ } else if (strcasecmp_m(name, "size") == 0) {
if (determine_size) {
p = talloc_asprintf(
ctx,
attr_strings.create_time_attr,
(unsigned long) create_time);
}
- } else if (StrCaseCmp(name, attr_strings.create_time_attr) == 0) {
+ } else if (strcasecmp_m(name, attr_strings.create_time_attr) == 0) {
if (determine_size) {
p = talloc_asprintf(ctx, "%lu", (unsigned long) create_time);
if (!p) {
attr_strings.access_time_attr,
(unsigned long) access_time);
}
- } else if (StrCaseCmp(name, attr_strings.access_time_attr) == 0) {
+ } else if (strcasecmp_m(name, attr_strings.access_time_attr) == 0) {
if (determine_size) {
p = talloc_asprintf(ctx, "%lu", (unsigned long) access_time);
if (!p) {
attr_strings.write_time_attr,
(unsigned long) write_time);
}
- } else if (StrCaseCmp(name, attr_strings.write_time_attr) == 0) {
+ } else if (strcasecmp_m(name, attr_strings.write_time_attr) == 0) {
if (determine_size) {
p = talloc_asprintf(ctx, "%lu", (unsigned long) write_time);
if (!p) {
attr_strings.change_time_attr,
(unsigned long) change_time);
}
- } else if (StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
+ } else if (strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
if (determine_size) {
p = talloc_asprintf(ctx, "%lu", (unsigned long) change_time);
if (!p) {
",INODE:%.0f",
(double) ino);
}
- } else if (StrCaseCmp(name, "inode") == 0) {
+ } else if (strcasecmp_m(name, "inode") == 0) {
if (determine_size) {
p = talloc_asprintf(
ctx,
{
uint16_t fnum = (uint16_t)-1;
int err = 0;
- SEC_DESC *sd = NULL, *old;
- SEC_ACL *dacl = NULL;
- DOM_SID *owner_sid = NULL;
- DOM_SID *group_sid = NULL;
+ struct security_descriptor *sd = NULL, *old;
+ struct security_acl *dacl = NULL;
+ struct dom_sid *owner_sid = NULL;
+ struct dom_sid *group_sid = NULL;
uint32 i, j;
size_t sd_size;
int ret = 0;
bool numeric = True;
char *targetpath = NULL;
struct cli_state *targetcli = NULL;
+ NTSTATUS status;
/* the_acl will be null for REMOVE_ALL operations */
if (the_acl) {
return -1;
}
- if (!cli_resolve_path(ctx, "", context->internal->auth_info,
- cli, filename,
- &targetcli, &targetpath)) {
+ status = cli_resolve_path(ctx, "", context->internal->auth_info,
+ cli, filename, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(5,("cacl_set: Could not resolve %s\n", filename));
errno = ENOENT;
return -1;
/* The desired access below is the only one I could find that works
with NT4, W2KP and Samba */
- if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli, targetpath, 0, CREATE_ACCESS_READ, 0,
- FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
+ status = cli_ntcreate(targetcli, targetpath, 0, CREATE_ACCESS_READ, 0,
+ FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN,
+ 0x0, 0x0, &fnum, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("cacl_set failed to open %s: %s\n",
- targetpath, cli_errstr(targetcli)));
+ targetpath, nt_errstr(status)));
errno = 0;
return -1;
}
- old = cli_query_secdesc(targetcli, fnum, ctx);
-
- if (!old) {
- DEBUG(5, ("cacl_set Failed to query old descriptor\n"));
- errno = 0;
+ status = cli_query_secdesc(targetcli, fnum, ctx, &old);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5,("cacl_set Failed to query old descriptor of %s: %s\n",
+ targetpath, nt_errstr(status)));
+ errno = 0;
return -1;
}
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sec_ace_equal(&sd->dacl->aces[i],
- &old->dacl->aces[j])) {
+ if (security_ace_equal(&sd->dacl->aces[i],
+ &old->dacl->aces[j])) {
uint32 k;
for (k=j; k<old->dacl->num_aces-1;k++) {
old->dacl->aces[k] =
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->aces[i].trustee,
+ if (dom_sid_equal(&sd->dacl->aces[i].trustee,
&old->dacl->aces[j].trustee)) {
if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
err = EEXIST;
sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
owner_sid, group_sid, NULL, dacl, &sd_size);
- if (!NT_STATUS_IS_OK(cli_ntcreate(targetcli, targetpath, 0,
- WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS, 0,
- FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) {
+ status = cli_ntcreate(targetcli, targetpath, 0,
+ WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS, 0,
+ FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN,
+ 0x0, 0x0, &fnum, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("cacl_set failed to open %s: %s\n",
- targetpath, cli_errstr(targetcli)));
+ targetpath, nt_errstr(status)));
errno = 0;
return -1;
}
- if (!cli_set_secdesc(targetcli, fnum, sd)) {
+ status = cli_set_secdesc(targetcli, fnum, sd);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("ERROR: secdesc set failed: %s\n",
- cli_errstr(targetcli)));
+ nt_errstr(status)));
ret = -1;
}
const char * write_time_attr;
const char * change_time_attr;
} attr_strings;
+ uint16_t port = 0;
TALLOC_CTX *frame = talloc_stackframe();
if (!context || !context->internal->initialized) {
fname,
&workgroup,
&server,
+ &port,
&share,
&path,
&user,
}
srv = SMBC_server(frame, context, True,
- server, share, &workgroup, &user, &password);
+ server, port, share, &workgroup, &user, &password);
if (!srv) {
TALLOC_FREE(frame);
return -1; /* errno set by SMBC_server */
}
if (! srv->no_nt_session) {
- ipc_srv = SMBC_attr_server(frame, context, server, share,
+ ipc_srv = SMBC_attr_server(frame, context, server, port, share,
&workgroup, &user, &password);
if (! ipc_srv) {
srv->no_nt_session = True;
/*
* Are they asking to set the entire set of known attributes?
*/
- if (StrCaseCmp(name, "system.*") == 0 ||
- StrCaseCmp(name, "system.*+") == 0) {
+ if (strcasecmp_m(name, "system.*") == 0 ||
+ strcasecmp_m(name, "system.*+") == 0) {
/* Yup. */
char *namevalue =
talloc_asprintf(talloc_tos(), "%s:%s",
* Are they asking to set an access control element or to set
* the entire access control list?
*/
- if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
- StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
- StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
+ if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
/* Yup. */
char *namevalue =
/*
* Are they asking to set the owner?
*/
- if (StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0) {
+ if (strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0) {
/* Yup. */
char *namevalue =
/*
* Are they asking to set the group?
*/
- if (StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.group+") == 0) {
+ if (strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group+") == 0) {
/* Yup. */
char *namevalue =
/*
* Are they asking to set a DOS attribute?
*/
- if (StrCaseCmp(name, "system.dos_attr.*") == 0 ||
- StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
+ if (strcasecmp_m(name, "system.dos_attr.*") == 0 ||
+ strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
(attr_strings.create_time_attr != NULL &&
- StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
- StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
- StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
- StrCaseCmp(name, attr_strings.change_time_attr) == 0) {
+ strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
+ strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
+ strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
+ strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
/* get a DOS Attribute Descriptor with current attributes */
dad = dos_attr_query(context, talloc_tos(), path, srv);
const char * write_time_attr;
const char * change_time_attr;
} attr_strings;
+ uint16_t port = 0;
TALLOC_CTX *frame = talloc_stackframe();
if (!context || !context->internal->initialized) {
fname,
&workgroup,
&server,
+ &port,
&share,
&path,
&user,
}
srv = SMBC_server(frame, context, True,
- server, share, &workgroup, &user, &password);
+ server, port, share, &workgroup, &user, &password);
if (!srv) {
TALLOC_FREE(frame);
return -1; /* errno set by SMBC_server */
}
if (! srv->no_nt_session) {
- ipc_srv = SMBC_attr_server(frame, context, server, share,
+ ipc_srv = SMBC_attr_server(frame, context, server, port, share,
&workgroup, &user, &password);
+ /*
+ * SMBC_attr_server() can cause the original
+ * server to be removed from the cache.
+ * If so we must error out here as the srv
+ * pointer has been freed.
+ */
+ if (smbc_getFunctionGetCachedServer(context)(context,
+ server,
+ share,
+ workgroup,
+ user) != srv) {
+#if defined(ECONNRESET)
+ errno = ECONNRESET;
+#else
+ errno = ETIMEDOUT;
+#endif
+ TALLOC_FREE(frame);
+ return -1;
+ }
if (! ipc_srv) {
srv->no_nt_session = True;
}
}
/* Are they requesting a supported attribute? */
- if (StrCaseCmp(name, "system.*") == 0 ||
- StrnCaseCmp(name, "system.*!", 9) == 0 ||
- StrCaseCmp(name, "system.*+") == 0 ||
- StrnCaseCmp(name, "system.*+!", 10) == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
- StrnCaseCmp(name, "system.nt_sec_desc.*!", 21) == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.*+") == 0 ||
- StrnCaseCmp(name, "system.nt_sec_desc.*+!", 22) == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
- StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
- StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0 ||
- StrCaseCmp(name, "system.dos_attr.*") == 0 ||
- StrnCaseCmp(name, "system.dos_attr.*!", 18) == 0 ||
- StrCaseCmp(name, "system.dos_attr.mode") == 0 ||
- StrCaseCmp(name, "system.dos_attr.size") == 0 ||
+ if (strcasecmp_m(name, "system.*") == 0 ||
+ strncasecmp_m(name, "system.*!", 9) == 0 ||
+ strcasecmp_m(name, "system.*+") == 0 ||
+ strncasecmp_m(name, "system.*+!", 10) == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.*!", 21) == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.*+!", 22) == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0 ||
+ strcasecmp_m(name, "system.dos_attr.*") == 0 ||
+ strncasecmp_m(name, "system.dos_attr.*!", 18) == 0 ||
+ strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
+ strcasecmp_m(name, "system.dos_attr.size") == 0 ||
(attr_strings.create_time_attr != NULL &&
- StrCaseCmp(name, attr_strings.create_time_attr) == 0) ||
- StrCaseCmp(name, attr_strings.access_time_attr) == 0 ||
- StrCaseCmp(name, attr_strings.write_time_attr) == 0 ||
- StrCaseCmp(name, attr_strings.change_time_attr) == 0 ||
- StrCaseCmp(name, "system.dos_attr.inode") == 0) {
+ strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
+ strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
+ strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
+ strcasecmp_m(name, attr_strings.change_time_attr) == 0 ||
+ strcasecmp_m(name, "system.dos_attr.inode") == 0) {
/* Yup. */
- char *filename = (char *) name;
+ const char *filename = name;
ret = cacl_get(context, talloc_tos(), srv,
ipc_srv == NULL ? NULL : ipc_srv->cli,
&ipc_srv->pol, path,
filename,
- CONST_DISCARD(char *, value),
+ discard_const_p(char, value),
size);
if (ret < 0 && errno == 0) {
errno = SMBC_errno(context, srv->cli);
char *password = NULL;
char *workgroup = NULL;
char *path = NULL;
+ uint16_t port = 0;
TALLOC_CTX *frame = talloc_stackframe();
if (!context || !context->internal->initialized) {
fname,
&workgroup,
&server,
+ &port,
&share,
&path,
&user,
}
srv = SMBC_server(frame, context, True,
- server, share, &workgroup, &user, &password);
+ server, port, share, &workgroup, &user, &password);
if (!srv) {
TALLOC_FREE(frame);
return -1; /* errno set by SMBC_server */
}
if (! srv->no_nt_session) {
- ipc_srv = SMBC_attr_server(frame, context, server, share,
+ int saved_errno;
+ ipc_srv = SMBC_attr_server(frame, context, server, port, share,
&workgroup, &user, &password);
+ saved_errno = errno;
+ /*
+ * SMBC_attr_server() can cause the original
+ * server to be removed from the cache.
+ * If so we must error out here as the srv
+ * pointer has been freed.
+ */
+ if (smbc_getFunctionGetCachedServer(context)(context,
+ server,
+ share,
+ workgroup,
+ user) != srv) {
+#if defined(ECONNRESET)
+ errno = ECONNRESET;
+#else
+ errno = ETIMEDOUT;
+#endif
+ TALLOC_FREE(frame);
+ return -1;
+ }
if (! ipc_srv) {
+ errno = saved_errno;
srv->no_nt_session = True;
}
} else {
}
/* Are they asking to set the entire ACL? */
- if (StrCaseCmp(name, "system.nt_sec_desc.*") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.*+") == 0) {
+ if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.*+") == 0) {
/* Yup. */
ret = cacl_set(context, talloc_tos(), srv->cli,
* Are they asking to remove one or more spceific security descriptor
* attributes?
*/
- if (StrCaseCmp(name, "system.nt_sec_desc.revision") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.owner") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.owner+") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.group") == 0 ||
- StrCaseCmp(name, "system.nt_sec_desc.group+") == 0 ||
- StrnCaseCmp(name, "system.nt_sec_desc.acl", 22) == 0 ||
- StrnCaseCmp(name, "system.nt_sec_desc.acl+", 23) == 0) {
+ if (strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
/* Yup. */
ret = cacl_set(context, talloc_tos(), srv->cli,
ipc_srv->cli, &ipc_srv->pol, path,
- CONST_DISCARD(char *, name) + 19,
+ discard_const_p(char, name) + 19,
SMBC_XATTR_MODE_REMOVE, 0);
TALLOC_FREE(frame);
return ret;