Line data Source code
1 : /*
2 : Unix SMB/Netbios implementation.
3 : SMB client library implementation
4 : Copyright (C) Andrew Tridgell 1998
5 : Copyright (C) Richard Sharpe 2000, 2002
6 : Copyright (C) John Terpstra 2000
7 : Copyright (C) Tom Jansen (Ninja ISD) 2002
8 : Copyright (C) Derrell Lipman 2003-2008
9 : Copyright (C) Jeremy Allison 2007, 2008
10 :
11 : This program is free software; you can redistribute it and/or modify
12 : it under the terms of the GNU General Public License as published by
13 : the Free Software Foundation; either version 3 of the License, or
14 : (at your option) any later version.
15 :
16 : This program is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 : GNU General Public License for more details.
20 :
21 : You should have received a copy of the GNU General Public License
22 : along with this program. If not, see <http://www.gnu.org/licenses/>.
23 : */
24 :
25 : #include "includes.h"
26 : #include "libsmb/libsmb.h"
27 : #include "libsmbclient.h"
28 : #include "libsmb_internal.h"
29 : #include "../librpc/gen_ndr/ndr_lsa.h"
30 : #include "rpc_client/rpc_client.h"
31 : #include "rpc_client/cli_lsarpc.h"
32 : #include "../libcli/security/security.h"
33 : #include "lib/util/string_wrappers.h"
34 :
35 : /*
36 : * Find an lsa pipe handle associated with a cli struct.
37 : */
38 : static struct rpc_pipe_client *
39 0 : find_lsa_pipe_hnd(struct cli_state *ipc_cli)
40 : {
41 : struct rpc_pipe_client *pipe_hnd;
42 :
43 0 : for (pipe_hnd = ipc_cli->pipe_list;
44 0 : pipe_hnd;
45 0 : pipe_hnd = pipe_hnd->next) {
46 0 : if (ndr_syntax_id_equal(&pipe_hnd->abstract_syntax,
47 : &ndr_table_lsarpc.syntax_id)) {
48 0 : return pipe_hnd;
49 : }
50 : }
51 0 : return NULL;
52 : }
53 :
54 : /*
55 : * Sort ACEs according to the documentation at
56 : * http://support.microsoft.com/kb/269175, at least as far as it defines the
57 : * order.
58 : */
59 :
60 : static int
61 0 : ace_compare(struct security_ace *ace1,
62 : struct security_ace *ace2)
63 : {
64 : bool b1;
65 : bool b2;
66 :
67 : /* If the ACEs are equal, we have nothing more to do. */
68 0 : if (security_ace_equal(ace1, ace2)) {
69 0 : return 0;
70 : }
71 :
72 : /* Inherited follow non-inherited */
73 0 : b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
74 0 : b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
75 0 : if (b1 != b2) {
76 0 : return (b1 ? 1 : -1);
77 : }
78 :
79 : /*
80 : * What shall we do with AUDITs and ALARMs? It's undefined. We'll
81 : * sort them after DENY and ALLOW.
82 : */
83 0 : b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
84 0 : ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
85 0 : ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
86 0 : ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
87 0 : b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
88 0 : ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
89 0 : ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
90 0 : ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
91 0 : if (b1 != b2) {
92 0 : return (b1 ? 1 : -1);
93 : }
94 :
95 : /* Allowed ACEs follow denied ACEs */
96 0 : b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
97 0 : ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
98 0 : b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
99 0 : ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
100 0 : if (b1 != b2) {
101 0 : return (b1 ? 1 : -1);
102 : }
103 :
104 : /*
105 : * ACEs applying to an entity's object follow those applying to the
106 : * entity itself
107 : */
108 0 : b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
109 0 : ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
110 0 : b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
111 0 : ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
112 0 : if (b1 != b2) {
113 0 : return (b1 ? 1 : -1);
114 : }
115 :
116 : /*
117 : * If we get this far, the ACEs are similar as far as the
118 : * characteristics we typically care about (those defined by the
119 : * referenced MS document). We'll now sort by characteristics that
120 : * just seems reasonable.
121 : */
122 :
123 0 : if (ace1->type != ace2->type) {
124 0 : return ace2->type - ace1->type;
125 : }
126 :
127 0 : if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
128 0 : return dom_sid_compare(&ace1->trustee, &ace2->trustee);
129 : }
130 :
131 0 : if (ace1->flags != ace2->flags) {
132 0 : return ace1->flags - ace2->flags;
133 : }
134 :
135 0 : if (ace1->access_mask != ace2->access_mask) {
136 0 : return ace1->access_mask - ace2->access_mask;
137 : }
138 :
139 0 : if (ace1->size != ace2->size) {
140 0 : return ace1->size - ace2->size;
141 : }
142 :
143 0 : return memcmp(ace1, ace2, sizeof(struct security_ace));
144 : }
145 :
146 :
147 : static void
148 0 : sort_acl(struct security_acl *the_acl)
149 : {
150 : uint32_t i;
151 0 : if (!the_acl) return;
152 :
153 0 : TYPESAFE_QSORT(the_acl->aces, the_acl->num_aces, ace_compare);
154 :
155 0 : for (i=1;i<the_acl->num_aces;) {
156 0 : if (security_ace_equal(&the_acl->aces[i-1],
157 0 : &the_acl->aces[i])) {
158 0 : ARRAY_DEL_ELEMENT(
159 : the_acl->aces, i, the_acl->num_aces);
160 0 : the_acl->num_aces--;
161 : } else {
162 0 : i++;
163 : }
164 : }
165 : }
166 :
167 : /* convert a SID to a string, either numeric or username/group */
168 : static void
169 0 : convert_sid_to_string(struct cli_state *ipc_cli,
170 : struct policy_handle *pol,
171 : fstring str,
172 : bool numeric,
173 : struct dom_sid *sid)
174 : {
175 0 : char **domains = NULL;
176 0 : char **names = NULL;
177 0 : enum lsa_SidType *types = NULL;
178 0 : struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
179 : TALLOC_CTX *ctx;
180 :
181 0 : sid_to_fstring(str, sid);
182 :
183 0 : if (numeric) {
184 0 : return; /* no lookup desired */
185 : }
186 :
187 0 : if (!pipe_hnd) {
188 0 : return;
189 : }
190 :
191 : /* Ask LSA to convert the sid to a name */
192 :
193 0 : ctx = talloc_stackframe();
194 :
195 0 : if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd, ctx,
196 : pol, 1, sid, &domains,
197 0 : &names, &types)) ||
198 0 : !domains || !domains[0] || !names || !names[0]) {
199 0 : TALLOC_FREE(ctx);
200 0 : return;
201 : }
202 :
203 : /* Converted OK */
204 :
205 0 : fstr_sprintf(str, "%s%s%s",
206 : domains[0], lp_winbind_separator(), names[0]);
207 :
208 0 : TALLOC_FREE(ctx);
209 : }
210 :
211 : /* convert a string to a SID, either numeric or username/group */
212 : static bool
213 0 : convert_string_to_sid(struct cli_state *ipc_cli,
214 : struct policy_handle *pol,
215 : bool numeric,
216 : struct dom_sid *sid,
217 : const char *str)
218 : {
219 0 : enum lsa_SidType *types = NULL;
220 0 : struct dom_sid *sids = NULL;
221 0 : bool result = True;
222 0 : TALLOC_CTX *ctx = NULL;
223 0 : struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
224 :
225 0 : if (!pipe_hnd) {
226 0 : return False;
227 : }
228 :
229 0 : if (numeric) {
230 0 : if (strncmp(str, "S-", 2) == 0) {
231 0 : return string_to_sid(sid, str);
232 : }
233 :
234 0 : result = False;
235 0 : goto done;
236 : }
237 :
238 0 : ctx = talloc_stackframe();
239 0 : if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd, ctx,
240 : pol, 1, &str,
241 : NULL, 1, &sids,
242 : &types))) {
243 0 : result = False;
244 0 : goto done;
245 : }
246 :
247 0 : sid_copy(sid, &sids[0]);
248 0 : done:
249 0 : TALLOC_FREE(ctx);
250 0 : return result;
251 : }
252 :
253 :
254 : /* parse an struct security_ace in the same format as print_ace() */
255 : static bool
256 0 : parse_ace(struct cli_state *ipc_cli,
257 : struct policy_handle *pol,
258 : struct security_ace *ace,
259 : bool numeric,
260 : char *str)
261 : {
262 : char *p;
263 : const char *cp;
264 : char *tok;
265 : unsigned int atype;
266 : unsigned int aflags;
267 : unsigned int amask;
268 : struct dom_sid sid;
269 : uint32_t mask;
270 : const struct perm_value *v;
271 : struct perm_value {
272 : const char perm[7];
273 : uint32_t mask;
274 : };
275 0 : TALLOC_CTX *frame = talloc_stackframe();
276 :
277 : /* These values discovered by inspection */
278 : static const struct perm_value special_values[] = {
279 : { "R", 0x00120089 },
280 : { "W", 0x00120116 },
281 : { "X", 0x001200a0 },
282 : { "D", 0x00010000 },
283 : { "P", 0x00040000 },
284 : { "O", 0x00080000 },
285 : { "", 0 },
286 : };
287 :
288 : static const struct perm_value standard_values[] = {
289 : { "READ", 0x001200a9 },
290 : { "CHANGE", 0x001301bf },
291 : { "FULL", 0x001f01ff },
292 : { "", 0 },
293 : };
294 :
295 0 : ZERO_STRUCTP(ace);
296 0 : p = strchr_m(str,':');
297 0 : if (!p) {
298 0 : TALLOC_FREE(frame);
299 0 : return False;
300 : }
301 0 : *p = '\0';
302 0 : p++;
303 : /* Try to parse numeric form */
304 :
305 0 : if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
306 0 : convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
307 0 : goto done;
308 : }
309 :
310 : /* Try to parse text form */
311 :
312 0 : if (!convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
313 0 : TALLOC_FREE(frame);
314 0 : return false;
315 : }
316 :
317 0 : cp = p;
318 0 : if (!next_token_talloc(frame, &cp, &tok, "/")) {
319 0 : TALLOC_FREE(frame);
320 0 : return false;
321 : }
322 :
323 0 : if (strncasecmp_m(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
324 0 : atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
325 0 : } else if (strncasecmp_m(tok, "DENIED", strlen("DENIED")) == 0) {
326 0 : atype = SEC_ACE_TYPE_ACCESS_DENIED;
327 : } else {
328 0 : TALLOC_FREE(frame);
329 0 : return false;
330 : }
331 :
332 : /* Only numeric form accepted for flags at present */
333 :
334 0 : if (!(next_token_talloc(frame, &cp, &tok, "/") &&
335 0 : sscanf(tok, "%u", &aflags))) {
336 0 : TALLOC_FREE(frame);
337 0 : return false;
338 : }
339 :
340 0 : if (!next_token_talloc(frame, &cp, &tok, "/")) {
341 0 : TALLOC_FREE(frame);
342 0 : return false;
343 : }
344 :
345 0 : if (strncmp(tok, "0x", 2) == 0) {
346 0 : if (sscanf(tok, "%u", &amask) != 1) {
347 0 : TALLOC_FREE(frame);
348 0 : return false;
349 : }
350 0 : goto done;
351 : }
352 :
353 0 : for (v = standard_values; v != NULL; v++) {
354 0 : if (strcmp(tok, v->perm) == 0) {
355 0 : amask = v->mask;
356 0 : goto done;
357 : }
358 : }
359 :
360 0 : p = tok;
361 :
362 0 : while(*p) {
363 0 : bool found = False;
364 :
365 0 : for (v = special_values; v != NULL; v++) {
366 0 : if (v->perm[0] == *p) {
367 0 : amask |= v->mask;
368 0 : found = True;
369 : }
370 : }
371 :
372 0 : if (!found) {
373 0 : TALLOC_FREE(frame);
374 0 : return false;
375 : }
376 0 : p++;
377 : }
378 :
379 0 : if (*p) {
380 0 : TALLOC_FREE(frame);
381 0 : return false;
382 : }
383 :
384 0 : done:
385 0 : mask = amask;
386 0 : init_sec_ace(ace, &sid, atype, mask, aflags);
387 0 : TALLOC_FREE(frame);
388 0 : return true;
389 : }
390 :
391 : /* add an struct security_ace to a list of struct security_aces in a struct security_acl */
392 : static bool
393 0 : add_ace(struct security_acl **the_acl,
394 : const struct security_ace *ace,
395 : TALLOC_CTX *ctx)
396 : {
397 0 : struct security_acl *acl = *the_acl;
398 :
399 0 : if (acl == NULL) {
400 0 : acl = make_sec_acl(ctx, 3, 0, NULL);
401 0 : if (acl == NULL) {
402 0 : return false;
403 : }
404 : }
405 :
406 0 : if (acl->num_aces == UINT32_MAX) {
407 0 : return false;
408 : }
409 0 : ADD_TO_ARRAY(
410 : acl, struct security_ace, *ace, &acl->aces, &acl->num_aces);
411 0 : *the_acl = acl;
412 0 : return True;
413 : }
414 :
415 :
416 : /* parse a ascii version of a security descriptor */
417 : static struct security_descriptor *
418 0 : sec_desc_parse(TALLOC_CTX *ctx,
419 : struct cli_state *ipc_cli,
420 : struct policy_handle *pol,
421 : bool numeric,
422 : const char *str)
423 : {
424 0 : const char *p = str;
425 : char *tok;
426 0 : struct security_descriptor *ret = NULL;
427 : size_t sd_size;
428 0 : struct dom_sid owner_sid = { .num_auths = 0 };
429 0 : struct dom_sid group_sid = { .num_auths = 0 };
430 0 : bool have_owner = false, have_group = false;
431 0 : struct security_acl *dacl=NULL;
432 0 : int revision=1;
433 :
434 0 : while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
435 :
436 0 : if (strncasecmp_m(tok,"REVISION:", 9) == 0) {
437 0 : revision = strtol(tok+9, NULL, 16);
438 0 : continue;
439 : }
440 :
441 0 : if (strncasecmp_m(tok,"OWNER:", 6) == 0) {
442 0 : if (have_owner) {
443 0 : DEBUG(5,("OWNER specified more than once!\n"));
444 0 : goto done;
445 : }
446 0 : if (!convert_string_to_sid(ipc_cli, pol,
447 : numeric,
448 0 : &owner_sid, tok+6)) {
449 0 : DEBUG(5, ("Failed to parse owner sid\n"));
450 0 : goto done;
451 : }
452 0 : have_owner = true;
453 0 : continue;
454 : }
455 :
456 0 : if (strncasecmp_m(tok,"OWNER+:", 7) == 0) {
457 0 : if (have_owner) {
458 0 : DEBUG(5,("OWNER specified more than once!\n"));
459 0 : goto done;
460 : }
461 0 : if (!convert_string_to_sid(ipc_cli, pol,
462 : False,
463 0 : &owner_sid, tok+7)) {
464 0 : DEBUG(5, ("Failed to parse owner sid\n"));
465 0 : goto done;
466 : }
467 0 : have_owner = true;
468 0 : continue;
469 : }
470 :
471 0 : if (strncasecmp_m(tok,"GROUP:", 6) == 0) {
472 0 : if (have_group) {
473 0 : DEBUG(5,("GROUP specified more than once!\n"));
474 0 : goto done;
475 : }
476 0 : if (!convert_string_to_sid(ipc_cli, pol,
477 : numeric,
478 0 : &group_sid, tok+6)) {
479 0 : DEBUG(5, ("Failed to parse group sid\n"));
480 0 : goto done;
481 : }
482 0 : have_group = true;
483 0 : continue;
484 : }
485 :
486 0 : if (strncasecmp_m(tok,"GROUP+:", 7) == 0) {
487 0 : if (have_group) {
488 0 : DEBUG(5,("GROUP specified more than once!\n"));
489 0 : goto done;
490 : }
491 0 : if (!convert_string_to_sid(ipc_cli, pol,
492 : False,
493 0 : &group_sid, tok+6)) {
494 0 : DEBUG(5, ("Failed to parse group sid\n"));
495 0 : goto done;
496 : }
497 0 : have_group = true;
498 0 : continue;
499 : }
500 :
501 0 : if (strncasecmp_m(tok,"ACL:", 4) == 0) {
502 : struct security_ace ace;
503 0 : if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
504 0 : DEBUG(5, ("Failed to parse ACL %s\n", tok));
505 0 : goto done;
506 : }
507 0 : if(!add_ace(&dacl, &ace, ctx)) {
508 0 : DEBUG(5, ("Failed to add ACL %s\n", tok));
509 0 : goto done;
510 : }
511 0 : continue;
512 : }
513 :
514 0 : if (strncasecmp_m(tok,"ACL+:", 5) == 0) {
515 : struct security_ace ace;
516 0 : if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
517 0 : DEBUG(5, ("Failed to parse ACL %s\n", tok));
518 0 : goto done;
519 : }
520 0 : if(!add_ace(&dacl, &ace, ctx)) {
521 0 : DEBUG(5, ("Failed to add ACL %s\n", tok));
522 0 : goto done;
523 : }
524 0 : continue;
525 : }
526 :
527 0 : DEBUG(5, ("Failed to parse security descriptor\n"));
528 0 : goto done;
529 : }
530 :
531 0 : ret = make_sec_desc(
532 : ctx,
533 : revision,
534 : SEC_DESC_SELF_RELATIVE,
535 : have_owner ? &owner_sid : NULL,
536 : have_group ? &group_sid : NULL,
537 : NULL,
538 : dacl,
539 : &sd_size);
540 :
541 0 : done:
542 0 : return ret;
543 : }
544 :
545 :
546 : /* Obtain the current dos attributes */
547 : static struct DOS_ATTR_DESC *
548 0 : dos_attr_query(SMBCCTX *context,
549 : TALLOC_CTX *ctx,
550 : const char *filename,
551 : SMBCSRV *srv)
552 : {
553 0 : struct stat sb = {0};
554 0 : struct DOS_ATTR_DESC *ret = NULL;
555 :
556 0 : ret = talloc(ctx, struct DOS_ATTR_DESC);
557 0 : if (!ret) {
558 0 : errno = ENOMEM;
559 0 : return NULL;
560 : }
561 :
562 : /* Obtain the DOS attributes */
563 0 : if (!SMBC_getatr(context, srv, filename, &sb)) {
564 0 : errno = SMBC_errno(context, srv->cli);
565 0 : DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
566 0 : TALLOC_FREE(ret);
567 0 : return NULL;
568 : }
569 :
570 0 : ret->mode = sb.st_mode;
571 0 : ret->size = sb.st_size;
572 0 : ret->create_time = sb.st_ctime;
573 0 : ret->access_time = sb.st_atime;
574 0 : ret->write_time = sb.st_mtime;
575 0 : ret->change_time = sb.st_mtime;
576 0 : ret->inode = sb.st_ino;
577 :
578 0 : return ret;
579 : }
580 :
581 :
582 : /* parse a ascii version of a security descriptor */
583 : static void
584 0 : dos_attr_parse(SMBCCTX *context,
585 : struct DOS_ATTR_DESC *dad,
586 : SMBCSRV *srv,
587 : char *str)
588 : {
589 : int n;
590 0 : const char *p = str;
591 0 : char *tok = NULL;
592 0 : TALLOC_CTX *frame = NULL;
593 : struct {
594 : const char * create_time_attr;
595 : const char * access_time_attr;
596 : const char * write_time_attr;
597 : const char * change_time_attr;
598 : } attr_strings;
599 :
600 : /* Determine whether to use old-style or new-style attribute names */
601 0 : if (context->internal->full_time_names) {
602 : /* new-style names */
603 0 : attr_strings.create_time_attr = "CREATE_TIME";
604 0 : attr_strings.access_time_attr = "ACCESS_TIME";
605 0 : attr_strings.write_time_attr = "WRITE_TIME";
606 0 : attr_strings.change_time_attr = "CHANGE_TIME";
607 : } else {
608 : /* old-style names */
609 0 : attr_strings.create_time_attr = NULL;
610 0 : attr_strings.access_time_attr = "A_TIME";
611 0 : attr_strings.write_time_attr = "M_TIME";
612 0 : attr_strings.change_time_attr = "C_TIME";
613 : }
614 :
615 : /* if this is to set the entire ACL... */
616 0 : if (*str == '*') {
617 : /* ... then increment past the first colon if there is one */
618 0 : if ((p = strchr(str, ':')) != NULL) {
619 0 : ++p;
620 : } else {
621 0 : p = str;
622 : }
623 : }
624 :
625 0 : frame = talloc_stackframe();
626 0 : while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
627 0 : if (strncasecmp_m(tok, "MODE:", 5) == 0) {
628 0 : long request = strtol(tok+5, NULL, 16);
629 0 : if (request == 0) {
630 0 : dad->mode = (request |
631 0 : (IS_DOS_DIR(dad->mode)
632 : ? FILE_ATTRIBUTE_DIRECTORY
633 : : FILE_ATTRIBUTE_NORMAL));
634 : } else {
635 0 : dad->mode = request;
636 : }
637 0 : continue;
638 : }
639 :
640 0 : if (strncasecmp_m(tok, "SIZE:", 5) == 0) {
641 0 : dad->size = (off_t)atof(tok+5);
642 0 : continue;
643 : }
644 :
645 0 : n = strlen(attr_strings.access_time_attr);
646 0 : if (strncasecmp_m(tok, attr_strings.access_time_attr, n) == 0) {
647 0 : dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
648 0 : continue;
649 : }
650 :
651 0 : n = strlen(attr_strings.change_time_attr);
652 0 : if (strncasecmp_m(tok, attr_strings.change_time_attr, n) == 0) {
653 0 : dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
654 0 : continue;
655 : }
656 :
657 0 : n = strlen(attr_strings.write_time_attr);
658 0 : if (strncasecmp_m(tok, attr_strings.write_time_attr, n) == 0) {
659 0 : dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
660 0 : continue;
661 : }
662 :
663 0 : if (attr_strings.create_time_attr != NULL) {
664 0 : n = strlen(attr_strings.create_time_attr);
665 0 : if (strncasecmp_m(tok, attr_strings.create_time_attr,
666 : n) == 0) {
667 0 : dad->create_time = (time_t)strtol(tok+n+1,
668 : NULL, 10);
669 0 : continue;
670 : }
671 : }
672 :
673 0 : if (strncasecmp_m(tok, "INODE:", 6) == 0) {
674 0 : dad->inode = (SMB_INO_T)atof(tok+6);
675 0 : continue;
676 : }
677 : }
678 0 : TALLOC_FREE(frame);
679 0 : }
680 :
681 : /*****************************************************
682 : Retrieve the acls for a file.
683 : *******************************************************/
684 :
685 : static int
686 0 : cacl_get(SMBCCTX *context,
687 : TALLOC_CTX *ctx,
688 : SMBCSRV *srv,
689 : struct cli_state *ipc_cli,
690 : struct policy_handle *pol,
691 : const char *filename,
692 : const char *attr_name,
693 : char *buf,
694 : int bufsize)
695 : {
696 : uint32_t i;
697 0 : int n = 0;
698 : int n_used;
699 : bool all;
700 : bool all_nt;
701 : bool all_nt_acls;
702 : bool all_dos;
703 : bool some_nt;
704 : bool some_dos;
705 0 : bool exclude_nt_revision = False;
706 0 : bool exclude_nt_owner = False;
707 0 : bool exclude_nt_group = False;
708 0 : bool exclude_nt_acl = False;
709 0 : bool exclude_dos_mode = False;
710 0 : bool exclude_dos_size = False;
711 0 : bool exclude_dos_create_time = False;
712 0 : bool exclude_dos_access_time = False;
713 0 : bool exclude_dos_write_time = False;
714 0 : bool exclude_dos_change_time = False;
715 0 : bool exclude_dos_inode = False;
716 0 : bool numeric = True;
717 0 : bool determine_size = (bufsize == 0);
718 : uint16_t fnum;
719 : struct security_descriptor *sd;
720 : fstring sidstr;
721 : fstring name_sandbox;
722 : char *name;
723 : char *pExclude;
724 : char *p;
725 0 : struct cli_state *cli = srv->cli;
726 : struct {
727 : const char * create_time_attr;
728 : const char * access_time_attr;
729 : const char * write_time_attr;
730 : const char * change_time_attr;
731 : } attr_strings;
732 : struct {
733 : const char * create_time_attr;
734 : const char * access_time_attr;
735 : const char * write_time_attr;
736 : const char * change_time_attr;
737 : } excl_attr_strings;
738 :
739 : /* Determine whether to use old-style or new-style attribute names */
740 0 : if (context->internal->full_time_names) {
741 : /* new-style names */
742 0 : attr_strings.create_time_attr = "CREATE_TIME";
743 0 : attr_strings.access_time_attr = "ACCESS_TIME";
744 0 : attr_strings.write_time_attr = "WRITE_TIME";
745 0 : attr_strings.change_time_attr = "CHANGE_TIME";
746 :
747 0 : excl_attr_strings.create_time_attr = "CREATE_TIME";
748 0 : excl_attr_strings.access_time_attr = "ACCESS_TIME";
749 0 : excl_attr_strings.write_time_attr = "WRITE_TIME";
750 0 : excl_attr_strings.change_time_attr = "CHANGE_TIME";
751 : } else {
752 : /* old-style names */
753 0 : attr_strings.create_time_attr = NULL;
754 0 : attr_strings.access_time_attr = "A_TIME";
755 0 : attr_strings.write_time_attr = "M_TIME";
756 0 : attr_strings.change_time_attr = "C_TIME";
757 :
758 0 : excl_attr_strings.create_time_attr = NULL;
759 0 : excl_attr_strings.access_time_attr = "dos_attr.A_TIME";
760 0 : excl_attr_strings.write_time_attr = "dos_attr.M_TIME";
761 0 : excl_attr_strings.change_time_attr = "dos_attr.C_TIME";
762 : }
763 :
764 : /* Copy name so we can strip off exclusions (if any are specified) */
765 0 : strncpy(name_sandbox, attr_name, sizeof(name_sandbox) - 1);
766 :
767 : /* Ensure name is null terminated */
768 0 : name_sandbox[sizeof(name_sandbox) - 1] = '\0';
769 :
770 : /* Play in the sandbox */
771 0 : name = name_sandbox;
772 :
773 : /* If there are any exclusions, point to them and mask them from name */
774 0 : if ((pExclude = strchr(name, '!')) != NULL)
775 : {
776 0 : *pExclude++ = '\0';
777 : }
778 :
779 0 : all = (strncasecmp_m(name, "system.*", 8) == 0);
780 0 : all_nt = (strncasecmp_m(name, "system.nt_sec_desc.*", 20) == 0);
781 0 : all_nt_acls = (strncasecmp_m(name, "system.nt_sec_desc.acl.*", 24) == 0);
782 0 : all_dos = (strncasecmp_m(name, "system.dos_attr.*", 17) == 0);
783 0 : some_nt = (strncasecmp_m(name, "system.nt_sec_desc.", 19) == 0);
784 0 : some_dos = (strncasecmp_m(name, "system.dos_attr.", 16) == 0);
785 0 : numeric = (* (name + strlen(name) - 1) != '+');
786 :
787 : /* Look for exclusions from "all" requests */
788 0 : if (all || all_nt || all_dos) {
789 : /* Exclusions are delimited by '!' */
790 0 : for (;
791 0 : pExclude != NULL;
792 0 : pExclude = (p == NULL ? NULL : p + 1)) {
793 :
794 : /* Find end of this exclusion name */
795 0 : if ((p = strchr(pExclude, '!')) != NULL)
796 : {
797 0 : *p = '\0';
798 : }
799 :
800 : /* Which exclusion name is this? */
801 0 : if (strcasecmp_m(pExclude,
802 : "nt_sec_desc.revision") == 0) {
803 0 : exclude_nt_revision = True;
804 : }
805 0 : else if (strcasecmp_m(pExclude,
806 : "nt_sec_desc.owner") == 0) {
807 0 : exclude_nt_owner = True;
808 : }
809 0 : else if (strcasecmp_m(pExclude,
810 : "nt_sec_desc.group") == 0) {
811 0 : exclude_nt_group = True;
812 : }
813 0 : else if (strcasecmp_m(pExclude,
814 : "nt_sec_desc.acl") == 0) {
815 0 : exclude_nt_acl = True;
816 : }
817 0 : else if (strcasecmp_m(pExclude,
818 : "dos_attr.mode") == 0) {
819 0 : exclude_dos_mode = True;
820 : }
821 0 : else if (strcasecmp_m(pExclude,
822 : "dos_attr.size") == 0) {
823 0 : exclude_dos_size = True;
824 : }
825 0 : else if (excl_attr_strings.create_time_attr != NULL &&
826 0 : strcasecmp_m(pExclude,
827 : excl_attr_strings.change_time_attr) == 0) {
828 0 : exclude_dos_create_time = True;
829 : }
830 0 : else if (strcasecmp_m(pExclude,
831 : excl_attr_strings.access_time_attr) == 0) {
832 0 : exclude_dos_access_time = True;
833 : }
834 0 : else if (strcasecmp_m(pExclude,
835 : excl_attr_strings.write_time_attr) == 0) {
836 0 : exclude_dos_write_time = True;
837 : }
838 0 : else if (strcasecmp_m(pExclude,
839 : excl_attr_strings.change_time_attr) == 0) {
840 0 : exclude_dos_change_time = True;
841 : }
842 0 : else if (strcasecmp_m(pExclude, "dos_attr.inode") == 0) {
843 0 : exclude_dos_inode = True;
844 : }
845 : else {
846 0 : DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
847 : pExclude));
848 0 : errno = ENOATTR;
849 0 : return -1;
850 : }
851 : }
852 : }
853 :
854 0 : n_used = 0;
855 :
856 : /*
857 : * If we are (possibly) talking to an NT or new system and some NT
858 : * attributes have been requested...
859 : */
860 0 : if (ipc_cli && (all || some_nt || all_nt_acls)) {
861 0 : char *targetpath = NULL;
862 0 : struct cli_state *targetcli = NULL;
863 0 : struct cli_credentials *creds = NULL;
864 : NTSTATUS status;
865 :
866 : /* Point to the portion after "system.nt_sec_desc." */
867 0 : name += 19; /* if (all) this will be invalid but unused */
868 :
869 0 : creds = context->internal->creds;
870 :
871 0 : status = cli_resolve_path(
872 : ctx, "",
873 : creds,
874 : cli, filename, &targetcli, &targetpath);
875 0 : if (!NT_STATUS_IS_OK(status)) {
876 0 : DEBUG(5, ("cacl_get Could not resolve %s\n",
877 : filename));
878 0 : errno = ENOENT;
879 0 : return -1;
880 : }
881 :
882 : /* ... then obtain any NT attributes which were requested */
883 0 : status = cli_ntcreate(
884 : targetcli, /* cli */
885 : targetpath, /* fname */
886 : 0, /* CreatFlags */
887 : READ_CONTROL_ACCESS, /* DesiredAccess */
888 : 0, /* FileAttributes */
889 : FILE_SHARE_READ|
890 : FILE_SHARE_WRITE, /* ShareAccess */
891 : FILE_OPEN, /* CreateDisposition */
892 : 0x0, /* CreateOptions */
893 : 0x0, /* SecurityFlags */
894 : &fnum, /* pfid */
895 : NULL); /* cr */
896 0 : if (!NT_STATUS_IS_OK(status)) {
897 0 : DEBUG(5, ("cacl_get failed to open %s: %s\n",
898 : targetpath, nt_errstr(status)));
899 0 : errno = 0;
900 0 : return -1;
901 : }
902 :
903 0 : status = cli_query_secdesc(targetcli, fnum, ctx, &sd);
904 0 : if (!NT_STATUS_IS_OK(status)) {
905 0 : DEBUG(5,("cacl_get Failed to query old descriptor "
906 : "of %s: %s\n",
907 : targetpath, nt_errstr(status)));
908 0 : errno = 0;
909 0 : return -1;
910 : }
911 :
912 0 : cli_close(targetcli, fnum);
913 :
914 0 : if (! exclude_nt_revision) {
915 0 : if (all || all_nt) {
916 0 : if (determine_size) {
917 0 : p = talloc_asprintf(ctx,
918 : "REVISION:%d",
919 0 : sd->revision);
920 0 : if (!p) {
921 0 : errno = ENOMEM;
922 0 : return -1;
923 : }
924 0 : n = strlen(p);
925 : } else {
926 0 : n = snprintf(buf, bufsize,
927 : "REVISION:%d",
928 0 : sd->revision);
929 : }
930 0 : } else if (strcasecmp_m(name, "revision") == 0) {
931 0 : if (determine_size) {
932 0 : p = talloc_asprintf(ctx, "%d",
933 0 : sd->revision);
934 0 : if (!p) {
935 0 : errno = ENOMEM;
936 0 : return -1;
937 : }
938 0 : n = strlen(p);
939 : } else {
940 0 : n = snprintf(buf, bufsize, "%d",
941 0 : sd->revision);
942 : }
943 : }
944 :
945 0 : if (!determine_size && n > bufsize) {
946 0 : errno = ERANGE;
947 0 : return -1;
948 : }
949 0 : buf += n;
950 0 : n_used += n;
951 0 : bufsize -= n;
952 0 : n = 0;
953 : }
954 :
955 0 : if (! exclude_nt_owner) {
956 : /* Get owner and group sid */
957 0 : if (sd->owner_sid) {
958 0 : convert_sid_to_string(ipc_cli, pol,
959 : sidstr,
960 : numeric,
961 0 : sd->owner_sid);
962 : } else {
963 0 : fstrcpy(sidstr, "");
964 : }
965 :
966 0 : if (all || all_nt) {
967 0 : if (determine_size) {
968 0 : p = talloc_asprintf(ctx, ",OWNER:%s",
969 : sidstr);
970 0 : if (!p) {
971 0 : errno = ENOMEM;
972 0 : return -1;
973 : }
974 0 : n = strlen(p);
975 0 : } else if (sidstr[0] != '\0') {
976 0 : n = snprintf(buf, bufsize,
977 : ",OWNER:%s", sidstr);
978 : }
979 0 : } else if (strncasecmp_m(name, "owner", 5) == 0) {
980 0 : if (determine_size) {
981 0 : p = talloc_asprintf(ctx, "%s", sidstr);
982 0 : if (!p) {
983 0 : errno = ENOMEM;
984 0 : return -1;
985 : }
986 0 : n = strlen(p);
987 : } else {
988 0 : n = snprintf(buf, bufsize, "%s",
989 : sidstr);
990 : }
991 : }
992 :
993 0 : if (!determine_size && n > bufsize) {
994 0 : errno = ERANGE;
995 0 : return -1;
996 : }
997 0 : buf += n;
998 0 : n_used += n;
999 0 : bufsize -= n;
1000 0 : n = 0;
1001 : }
1002 :
1003 0 : if (! exclude_nt_group) {
1004 0 : if (sd->group_sid) {
1005 0 : convert_sid_to_string(ipc_cli, pol,
1006 : sidstr, numeric,
1007 0 : sd->group_sid);
1008 : } else {
1009 0 : fstrcpy(sidstr, "");
1010 : }
1011 :
1012 0 : if (all || all_nt) {
1013 0 : if (determine_size) {
1014 0 : p = talloc_asprintf(ctx, ",GROUP:%s",
1015 : sidstr);
1016 0 : if (!p) {
1017 0 : errno = ENOMEM;
1018 0 : return -1;
1019 : }
1020 0 : n = strlen(p);
1021 0 : } else if (sidstr[0] != '\0') {
1022 0 : n = snprintf(buf, bufsize,
1023 : ",GROUP:%s", sidstr);
1024 : }
1025 0 : } else if (strncasecmp_m(name, "group", 5) == 0) {
1026 0 : if (determine_size) {
1027 0 : p = talloc_asprintf(ctx, "%s", sidstr);
1028 0 : if (!p) {
1029 0 : errno = ENOMEM;
1030 0 : return -1;
1031 : }
1032 0 : n = strlen(p);
1033 : } else {
1034 0 : n = snprintf(buf, bufsize,
1035 : "%s", sidstr);
1036 : }
1037 : }
1038 :
1039 0 : if (!determine_size && n > bufsize) {
1040 0 : errno = ERANGE;
1041 0 : return -1;
1042 : }
1043 0 : buf += n;
1044 0 : n_used += n;
1045 0 : bufsize -= n;
1046 0 : n = 0;
1047 : }
1048 :
1049 0 : if (! exclude_nt_acl) {
1050 : /* Add aces to value buffer */
1051 0 : for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
1052 :
1053 0 : struct security_ace *ace = &sd->dacl->aces[i];
1054 0 : convert_sid_to_string(ipc_cli, pol,
1055 : sidstr, numeric,
1056 : &ace->trustee);
1057 :
1058 0 : if (all || all_nt) {
1059 0 : if (determine_size) {
1060 0 : p = talloc_asprintf(
1061 : ctx,
1062 : ",ACL:"
1063 : "%s:%d/%d/0x%08x",
1064 : sidstr,
1065 0 : ace->type,
1066 0 : ace->flags,
1067 : ace->access_mask);
1068 0 : if (!p) {
1069 0 : errno = ENOMEM;
1070 0 : return -1;
1071 : }
1072 0 : n = strlen(p);
1073 : } else {
1074 0 : n = snprintf(
1075 : buf, bufsize,
1076 : ",ACL:%s:%d/%d/0x%08x",
1077 : sidstr,
1078 0 : ace->type,
1079 0 : ace->flags,
1080 : ace->access_mask);
1081 : }
1082 0 : } else if ((strncasecmp_m(name, "acl", 3) == 0 &&
1083 0 : strcasecmp_m(name+3, sidstr) == 0) ||
1084 0 : (strncasecmp_m(name, "acl+", 4) == 0 &&
1085 0 : strcasecmp_m(name+4, sidstr) == 0)) {
1086 0 : if (determine_size) {
1087 0 : p = talloc_asprintf(
1088 : ctx,
1089 : "%d/%d/0x%08x",
1090 0 : ace->type,
1091 0 : ace->flags,
1092 : ace->access_mask);
1093 0 : if (!p) {
1094 0 : errno = ENOMEM;
1095 0 : return -1;
1096 : }
1097 0 : n = strlen(p);
1098 : } else {
1099 0 : n = snprintf(buf, bufsize,
1100 : "%d/%d/0x%08x",
1101 0 : ace->type,
1102 0 : ace->flags,
1103 : ace->access_mask);
1104 : }
1105 0 : } else if (all_nt_acls) {
1106 0 : if (determine_size) {
1107 0 : p = talloc_asprintf(
1108 : ctx,
1109 : "%s%s:%d/%d/0x%08x",
1110 : i ? "," : "",
1111 : sidstr,
1112 0 : ace->type,
1113 0 : ace->flags,
1114 : ace->access_mask);
1115 0 : if (!p) {
1116 0 : errno = ENOMEM;
1117 0 : return -1;
1118 : }
1119 0 : n = strlen(p);
1120 : } else {
1121 0 : n = snprintf(buf, bufsize,
1122 : "%s%s:%d/%d/0x%08x",
1123 : i ? "," : "",
1124 : sidstr,
1125 0 : ace->type,
1126 0 : ace->flags,
1127 : ace->access_mask);
1128 : }
1129 : }
1130 0 : if (!determine_size && n > bufsize) {
1131 0 : errno = ERANGE;
1132 0 : return -1;
1133 : }
1134 0 : buf += n;
1135 0 : n_used += n;
1136 0 : bufsize -= n;
1137 0 : n = 0;
1138 : }
1139 : }
1140 :
1141 : /* Restore name pointer to its original value */
1142 0 : name -= 19;
1143 : }
1144 :
1145 0 : if (all || some_dos) {
1146 0 : struct stat sb = {0};
1147 0 : time_t create_time = (time_t)0;
1148 0 : time_t write_time = (time_t)0;
1149 0 : time_t access_time = (time_t)0;
1150 0 : time_t change_time = (time_t)0;
1151 0 : off_t size = 0;
1152 0 : uint16_t mode = 0;
1153 0 : SMB_INO_T ino = 0;
1154 :
1155 : /* Point to the portion after "system.dos_attr." */
1156 0 : name += 16; /* if (all) this will be invalid but unused */
1157 :
1158 : /* Obtain the DOS attributes */
1159 0 : if (!SMBC_getatr(context, srv, filename, &sb)) {
1160 0 : errno = SMBC_errno(context, srv->cli);
1161 0 : return -1;
1162 : }
1163 :
1164 0 : create_time = sb.st_ctime;
1165 0 : access_time = sb.st_atime;
1166 0 : write_time = sb.st_mtime;
1167 0 : change_time = sb.st_mtime;
1168 0 : size = sb.st_size;
1169 0 : mode = sb.st_mode;
1170 0 : ino = sb.st_ino;
1171 :
1172 0 : if (! exclude_dos_mode) {
1173 0 : if (all || all_dos) {
1174 0 : if (determine_size) {
1175 0 : p = talloc_asprintf(ctx,
1176 : "%sMODE:0x%x",
1177 0 : (ipc_cli &&
1178 0 : (all || some_nt)
1179 : ? ","
1180 : : ""),
1181 : mode);
1182 0 : if (!p) {
1183 0 : errno = ENOMEM;
1184 0 : return -1;
1185 : }
1186 0 : n = strlen(p);
1187 : } else {
1188 0 : n = snprintf(buf, bufsize,
1189 : "%sMODE:0x%x",
1190 0 : (ipc_cli &&
1191 0 : (all || some_nt)
1192 : ? ","
1193 : : ""),
1194 : mode);
1195 : }
1196 0 : } else if (strcasecmp_m(name, "mode") == 0) {
1197 0 : if (determine_size) {
1198 0 : p = talloc_asprintf(ctx, "0x%x", mode);
1199 0 : if (!p) {
1200 0 : errno = ENOMEM;
1201 0 : return -1;
1202 : }
1203 0 : n = strlen(p);
1204 : } else {
1205 0 : n = snprintf(buf, bufsize,
1206 : "0x%x", mode);
1207 : }
1208 : }
1209 :
1210 0 : if (!determine_size && n > bufsize) {
1211 0 : errno = ERANGE;
1212 0 : return -1;
1213 : }
1214 0 : buf += n;
1215 0 : n_used += n;
1216 0 : bufsize -= n;
1217 0 : n = 0;
1218 : }
1219 :
1220 0 : if (! exclude_dos_size) {
1221 0 : if (all || all_dos) {
1222 0 : if (determine_size) {
1223 0 : p = talloc_asprintf(
1224 : ctx,
1225 : ",SIZE:%.0f",
1226 : (double)size);
1227 0 : if (!p) {
1228 0 : errno = ENOMEM;
1229 0 : return -1;
1230 : }
1231 0 : n = strlen(p);
1232 : } else {
1233 0 : n = snprintf(buf, bufsize,
1234 : ",SIZE:%.0f",
1235 : (double)size);
1236 : }
1237 0 : } else if (strcasecmp_m(name, "size") == 0) {
1238 0 : if (determine_size) {
1239 0 : p = talloc_asprintf(
1240 : ctx,
1241 : "%.0f",
1242 : (double)size);
1243 0 : if (!p) {
1244 0 : errno = ENOMEM;
1245 0 : return -1;
1246 : }
1247 0 : n = strlen(p);
1248 : } else {
1249 0 : n = snprintf(buf, bufsize,
1250 : "%.0f",
1251 : (double)size);
1252 : }
1253 : }
1254 :
1255 0 : if (!determine_size && n > bufsize) {
1256 0 : errno = ERANGE;
1257 0 : return -1;
1258 : }
1259 0 : buf += n;
1260 0 : n_used += n;
1261 0 : bufsize -= n;
1262 0 : n = 0;
1263 : }
1264 :
1265 0 : if (! exclude_dos_create_time &&
1266 0 : attr_strings.create_time_attr != NULL) {
1267 0 : if (all || all_dos) {
1268 0 : if (determine_size) {
1269 0 : p = talloc_asprintf(ctx,
1270 : ",%s:%lu",
1271 : attr_strings.create_time_attr,
1272 : (unsigned long) create_time);
1273 0 : if (!p) {
1274 0 : errno = ENOMEM;
1275 0 : return -1;
1276 : }
1277 0 : n = strlen(p);
1278 : } else {
1279 0 : n = snprintf(buf, bufsize,
1280 : ",%s:%lu",
1281 : attr_strings.create_time_attr,
1282 : (unsigned long) create_time);
1283 : }
1284 0 : } else if (strcasecmp_m(name, attr_strings.create_time_attr) == 0) {
1285 0 : if (determine_size) {
1286 0 : p = talloc_asprintf(ctx, "%lu", (unsigned long) create_time);
1287 0 : if (!p) {
1288 0 : errno = ENOMEM;
1289 0 : return -1;
1290 : }
1291 0 : n = strlen(p);
1292 : } else {
1293 0 : n = snprintf(buf, bufsize,
1294 : "%lu", (unsigned long) create_time);
1295 : }
1296 : }
1297 :
1298 0 : if (!determine_size && n > bufsize) {
1299 0 : errno = ERANGE;
1300 0 : return -1;
1301 : }
1302 0 : buf += n;
1303 0 : n_used += n;
1304 0 : bufsize -= n;
1305 0 : n = 0;
1306 : }
1307 :
1308 0 : if (! exclude_dos_access_time) {
1309 0 : if (all || all_dos) {
1310 0 : if (determine_size) {
1311 0 : p = talloc_asprintf(ctx,
1312 : ",%s:%lu",
1313 : attr_strings.access_time_attr,
1314 : (unsigned long) access_time);
1315 0 : if (!p) {
1316 0 : errno = ENOMEM;
1317 0 : return -1;
1318 : }
1319 0 : n = strlen(p);
1320 : } else {
1321 0 : n = snprintf(buf, bufsize,
1322 : ",%s:%lu",
1323 : attr_strings.access_time_attr,
1324 : (unsigned long) access_time);
1325 : }
1326 0 : } else if (strcasecmp_m(name, attr_strings.access_time_attr) == 0) {
1327 0 : if (determine_size) {
1328 0 : p = talloc_asprintf(ctx, "%lu", (unsigned long) access_time);
1329 0 : if (!p) {
1330 0 : errno = ENOMEM;
1331 0 : return -1;
1332 : }
1333 0 : n = strlen(p);
1334 : } else {
1335 0 : n = snprintf(buf, bufsize,
1336 : "%lu", (unsigned long) access_time);
1337 : }
1338 : }
1339 :
1340 0 : if (!determine_size && n > bufsize) {
1341 0 : errno = ERANGE;
1342 0 : return -1;
1343 : }
1344 0 : buf += n;
1345 0 : n_used += n;
1346 0 : bufsize -= n;
1347 0 : n = 0;
1348 : }
1349 :
1350 0 : if (! exclude_dos_write_time) {
1351 0 : if (all || all_dos) {
1352 0 : if (determine_size) {
1353 0 : p = talloc_asprintf(ctx,
1354 : ",%s:%lu",
1355 : attr_strings.write_time_attr,
1356 : (unsigned long) write_time);
1357 0 : if (!p) {
1358 0 : errno = ENOMEM;
1359 0 : return -1;
1360 : }
1361 0 : n = strlen(p);
1362 : } else {
1363 0 : n = snprintf(buf, bufsize,
1364 : ",%s:%lu",
1365 : attr_strings.write_time_attr,
1366 : (unsigned long) write_time);
1367 : }
1368 0 : } else if (strcasecmp_m(name, attr_strings.write_time_attr) == 0) {
1369 0 : if (determine_size) {
1370 0 : p = talloc_asprintf(ctx, "%lu", (unsigned long) write_time);
1371 0 : if (!p) {
1372 0 : errno = ENOMEM;
1373 0 : return -1;
1374 : }
1375 0 : n = strlen(p);
1376 : } else {
1377 0 : n = snprintf(buf, bufsize,
1378 : "%lu", (unsigned long) write_time);
1379 : }
1380 : }
1381 :
1382 0 : if (!determine_size && n > bufsize) {
1383 0 : errno = ERANGE;
1384 0 : return -1;
1385 : }
1386 0 : buf += n;
1387 0 : n_used += n;
1388 0 : bufsize -= n;
1389 0 : n = 0;
1390 : }
1391 :
1392 0 : if (! exclude_dos_change_time) {
1393 0 : if (all || all_dos) {
1394 0 : if (determine_size) {
1395 0 : p = talloc_asprintf(ctx,
1396 : ",%s:%lu",
1397 : attr_strings.change_time_attr,
1398 : (unsigned long) change_time);
1399 0 : if (!p) {
1400 0 : errno = ENOMEM;
1401 0 : return -1;
1402 : }
1403 0 : n = strlen(p);
1404 : } else {
1405 0 : n = snprintf(buf, bufsize,
1406 : ",%s:%lu",
1407 : attr_strings.change_time_attr,
1408 : (unsigned long) change_time);
1409 : }
1410 0 : } else if (strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
1411 0 : if (determine_size) {
1412 0 : p = talloc_asprintf(ctx, "%lu", (unsigned long) change_time);
1413 0 : if (!p) {
1414 0 : errno = ENOMEM;
1415 0 : return -1;
1416 : }
1417 0 : n = strlen(p);
1418 : } else {
1419 0 : n = snprintf(buf, bufsize,
1420 : "%lu", (unsigned long) change_time);
1421 : }
1422 : }
1423 :
1424 0 : if (!determine_size && n > bufsize) {
1425 0 : errno = ERANGE;
1426 0 : return -1;
1427 : }
1428 0 : buf += n;
1429 0 : n_used += n;
1430 0 : bufsize -= n;
1431 0 : n = 0;
1432 : }
1433 :
1434 0 : if (! exclude_dos_inode) {
1435 0 : if (all || all_dos) {
1436 0 : if (determine_size) {
1437 0 : p = talloc_asprintf(
1438 : ctx,
1439 : ",INODE:%.0f",
1440 : (double)ino);
1441 0 : if (!p) {
1442 0 : errno = ENOMEM;
1443 0 : return -1;
1444 : }
1445 0 : n = strlen(p);
1446 : } else {
1447 0 : n = snprintf(buf, bufsize,
1448 : ",INODE:%.0f",
1449 : (double) ino);
1450 : }
1451 0 : } else if (strcasecmp_m(name, "inode") == 0) {
1452 0 : if (determine_size) {
1453 0 : p = talloc_asprintf(
1454 : ctx,
1455 : "%.0f",
1456 : (double) ino);
1457 0 : if (!p) {
1458 0 : errno = ENOMEM;
1459 0 : return -1;
1460 : }
1461 0 : n = strlen(p);
1462 : } else {
1463 0 : n = snprintf(buf, bufsize,
1464 : "%.0f",
1465 : (double) ino);
1466 : }
1467 : }
1468 :
1469 0 : if (!determine_size && n > bufsize) {
1470 0 : errno = ERANGE;
1471 0 : return -1;
1472 : }
1473 0 : buf += n;
1474 0 : n_used += n;
1475 0 : bufsize -= n;
1476 0 : n = 0;
1477 : }
1478 :
1479 : /* Restore name pointer to its original value */
1480 0 : name -= 16;
1481 : }
1482 :
1483 0 : if (n_used == 0) {
1484 0 : errno = ENOATTR;
1485 0 : return -1;
1486 : }
1487 :
1488 0 : return n_used;
1489 : }
1490 :
1491 : /*****************************************************
1492 : set the ACLs on a file given an ascii description
1493 : *******************************************************/
1494 : static int
1495 0 : cacl_set(SMBCCTX *context,
1496 : TALLOC_CTX *ctx,
1497 : struct cli_state *cli,
1498 : struct cli_state *ipc_cli,
1499 : struct policy_handle *pol,
1500 : const char *filename,
1501 : char *the_acl,
1502 : int mode,
1503 : int flags)
1504 : {
1505 0 : uint16_t fnum = (uint16_t)-1;
1506 0 : int err = 0;
1507 0 : struct security_descriptor *sd = NULL, *old;
1508 0 : struct security_acl *dacl = NULL;
1509 0 : struct dom_sid *owner_sid = NULL;
1510 0 : struct dom_sid *group_sid = NULL;
1511 : uint32_t i, j;
1512 : size_t sd_size;
1513 0 : int ret = 0;
1514 : char *p;
1515 0 : bool numeric = True;
1516 0 : char *targetpath = NULL;
1517 0 : struct cli_state *targetcli = NULL;
1518 0 : struct cli_credentials *creds = NULL;
1519 : NTSTATUS status;
1520 :
1521 : /* the_acl will be null for REMOVE_ALL operations */
1522 0 : if (the_acl) {
1523 0 : numeric = ((p = strchr(the_acl, ':')) != NULL &&
1524 0 : p > the_acl &&
1525 0 : p[-1] != '+');
1526 :
1527 : /* if this is to set the entire ACL... */
1528 0 : if (*the_acl == '*') {
1529 : /* ... then increment past the first colon */
1530 0 : the_acl = p + 1;
1531 : }
1532 :
1533 0 : sd = sec_desc_parse(ctx, ipc_cli, pol, numeric, the_acl);
1534 0 : if (!sd) {
1535 0 : errno = EINVAL;
1536 0 : return -1;
1537 : }
1538 : }
1539 :
1540 : /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
1541 : that doesn't deref sd */
1542 :
1543 0 : if (!sd && (mode != SMBC_XATTR_MODE_REMOVE_ALL)) {
1544 0 : errno = EINVAL;
1545 0 : return -1;
1546 : }
1547 :
1548 0 : creds = context->internal->creds;
1549 :
1550 0 : status = cli_resolve_path(ctx, "",
1551 : creds,
1552 : cli, filename, &targetcli, &targetpath);
1553 0 : if (!NT_STATUS_IS_OK(status)) {
1554 0 : DEBUG(5,("cacl_set: Could not resolve %s\n", filename));
1555 0 : errno = ENOENT;
1556 0 : return -1;
1557 : }
1558 :
1559 : /* The desired access below is the only one I could find that works
1560 : with NT4, W2KP and Samba */
1561 :
1562 0 : status = cli_ntcreate(
1563 : targetcli, /* cli */
1564 : targetpath, /* fname */
1565 : 0, /* CreatFlags */
1566 : READ_CONTROL_ACCESS, /* DesiredAccess */
1567 : 0, /* FileAttributes */
1568 : FILE_SHARE_READ|
1569 : FILE_SHARE_WRITE, /* ShareAccess */
1570 : FILE_OPEN, /* CreateDisposition */
1571 : 0x0, /* CreateOptions */
1572 : 0x0, /* SecurityFlags */
1573 : &fnum, /* pfid */
1574 : NULL); /* cr */
1575 0 : if (!NT_STATUS_IS_OK(status)) {
1576 0 : DEBUG(5, ("cacl_set failed to open %s: %s\n",
1577 : targetpath, nt_errstr(status)));
1578 0 : errno = 0;
1579 0 : return -1;
1580 : }
1581 :
1582 0 : status = cli_query_secdesc(targetcli, fnum, ctx, &old);
1583 0 : if (!NT_STATUS_IS_OK(status)) {
1584 0 : DEBUG(5,("cacl_set Failed to query old descriptor of %s: %s\n",
1585 : targetpath, nt_errstr(status)));
1586 0 : errno = 0;
1587 0 : return -1;
1588 : }
1589 :
1590 0 : cli_close(targetcli, fnum);
1591 :
1592 0 : switch (mode) {
1593 0 : case SMBC_XATTR_MODE_REMOVE_ALL:
1594 0 : old->dacl->num_aces = 0;
1595 0 : dacl = old->dacl;
1596 0 : break;
1597 :
1598 0 : case SMBC_XATTR_MODE_REMOVE:
1599 0 : for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1600 0 : bool found = False;
1601 :
1602 0 : for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1603 0 : if (security_ace_equal(&sd->dacl->aces[i],
1604 0 : &old->dacl->aces[j])) {
1605 : uint32_t k;
1606 0 : for (k=j; k<old->dacl->num_aces-1;k++) {
1607 0 : old->dacl->aces[k] =
1608 0 : old->dacl->aces[k+1];
1609 : }
1610 0 : old->dacl->num_aces--;
1611 0 : found = True;
1612 0 : dacl = old->dacl;
1613 0 : break;
1614 : }
1615 : }
1616 :
1617 0 : if (!found) {
1618 0 : err = ENOATTR;
1619 0 : ret = -1;
1620 0 : goto failed;
1621 : }
1622 : }
1623 0 : break;
1624 :
1625 0 : case SMBC_XATTR_MODE_ADD:
1626 0 : for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1627 0 : bool found = False;
1628 :
1629 0 : for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
1630 0 : if (dom_sid_equal(&sd->dacl->aces[i].trustee,
1631 0 : &old->dacl->aces[j].trustee)) {
1632 0 : if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
1633 0 : err = EEXIST;
1634 0 : ret = -1;
1635 0 : goto failed;
1636 : }
1637 0 : old->dacl->aces[j] = sd->dacl->aces[i];
1638 0 : ret = -1;
1639 0 : found = True;
1640 : }
1641 : }
1642 :
1643 0 : if (!found && (flags & SMBC_XATTR_FLAG_REPLACE)) {
1644 0 : err = ENOATTR;
1645 0 : ret = -1;
1646 0 : goto failed;
1647 : }
1648 :
1649 0 : for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
1650 0 : add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
1651 : }
1652 : }
1653 0 : dacl = old->dacl;
1654 0 : break;
1655 :
1656 0 : case SMBC_XATTR_MODE_SET:
1657 0 : old = sd;
1658 0 : owner_sid = old->owner_sid;
1659 0 : group_sid = old->group_sid;
1660 0 : dacl = old->dacl;
1661 0 : break;
1662 :
1663 0 : case SMBC_XATTR_MODE_CHOWN:
1664 0 : owner_sid = sd->owner_sid;
1665 0 : break;
1666 :
1667 0 : case SMBC_XATTR_MODE_CHGRP:
1668 0 : group_sid = sd->group_sid;
1669 0 : break;
1670 : }
1671 :
1672 : /* Denied ACE entries must come before allowed ones */
1673 0 : sort_acl(old->dacl);
1674 :
1675 : /* Create new security descriptor and set it */
1676 0 : sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
1677 : owner_sid, group_sid, NULL, dacl, &sd_size);
1678 :
1679 0 : status = cli_ntcreate(targetcli, targetpath, 0,
1680 : WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS, 0,
1681 : FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN,
1682 : 0x0, 0x0, &fnum, NULL);
1683 0 : if (!NT_STATUS_IS_OK(status)) {
1684 0 : DEBUG(5, ("cacl_set failed to open %s: %s\n",
1685 : targetpath, nt_errstr(status)));
1686 0 : errno = 0;
1687 0 : return -1;
1688 : }
1689 :
1690 0 : status = cli_set_secdesc(targetcli, fnum, sd);
1691 0 : if (!NT_STATUS_IS_OK(status)) {
1692 0 : DEBUG(5, ("ERROR: secdesc set failed: %s\n",
1693 : nt_errstr(status)));
1694 0 : ret = -1;
1695 : }
1696 :
1697 : /* Clean up */
1698 :
1699 0 : failed:
1700 0 : cli_close(targetcli, fnum);
1701 :
1702 0 : if (err != 0) {
1703 0 : errno = err;
1704 : }
1705 :
1706 0 : return ret;
1707 : }
1708 :
1709 :
1710 : int
1711 0 : SMBC_setxattr_ctx(SMBCCTX *context,
1712 : const char *fname,
1713 : const char *name,
1714 : const void *value,
1715 : size_t size,
1716 : int flags)
1717 : {
1718 : int ret;
1719 : int ret2;
1720 0 : SMBCSRV *srv = NULL;
1721 0 : SMBCSRV *ipc_srv = NULL;
1722 0 : char *server = NULL;
1723 0 : char *share = NULL;
1724 0 : char *user = NULL;
1725 0 : char *password = NULL;
1726 0 : char *workgroup = NULL;
1727 0 : char *path = NULL;
1728 0 : struct DOS_ATTR_DESC *dad = NULL;
1729 : struct {
1730 : const char * create_time_attr;
1731 : const char * access_time_attr;
1732 : const char * write_time_attr;
1733 : const char * change_time_attr;
1734 : } attr_strings;
1735 0 : uint16_t port = 0;
1736 0 : TALLOC_CTX *frame = talloc_stackframe();
1737 :
1738 0 : if (!context || !context->internal->initialized) {
1739 0 : errno = EINVAL; /* Best I can think of ... */
1740 0 : TALLOC_FREE(frame);
1741 0 : return -1;
1742 : }
1743 :
1744 0 : if (!fname) {
1745 0 : errno = EINVAL;
1746 0 : TALLOC_FREE(frame);
1747 0 : return -1;
1748 : }
1749 :
1750 0 : DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
1751 : fname, name, (int) size, (const char*)value));
1752 :
1753 0 : if (SMBC_parse_path(frame,
1754 : context,
1755 : fname,
1756 : &workgroup,
1757 : &server,
1758 : &port,
1759 : &share,
1760 : &path,
1761 : &user,
1762 : &password,
1763 : NULL)) {
1764 0 : errno = EINVAL;
1765 0 : TALLOC_FREE(frame);
1766 0 : return -1;
1767 : }
1768 :
1769 0 : if (!user || user[0] == (char)0) {
1770 0 : user = talloc_strdup(frame, smbc_getUser(context));
1771 0 : if (!user) {
1772 0 : errno = ENOMEM;
1773 0 : TALLOC_FREE(frame);
1774 0 : return -1;
1775 : }
1776 : }
1777 :
1778 0 : srv = SMBC_server(frame, context, True,
1779 : server, port, share, &workgroup, &user, &password);
1780 0 : if (!srv) {
1781 0 : TALLOC_FREE(frame);
1782 0 : return -1; /* errno set by SMBC_server */
1783 : }
1784 :
1785 0 : if (! srv->no_nt_session) {
1786 0 : ipc_srv = SMBC_attr_server(frame, context, server, port, share,
1787 : &workgroup, &user, &password);
1788 0 : if (! ipc_srv) {
1789 0 : srv->no_nt_session = True;
1790 : }
1791 : } else {
1792 0 : ipc_srv = NULL;
1793 : }
1794 :
1795 : /*
1796 : * Are they asking to set the entire set of known attributes?
1797 : */
1798 0 : if (strcasecmp_m(name, "system.*") == 0 ||
1799 0 : strcasecmp_m(name, "system.*+") == 0) {
1800 : /* Yup. */
1801 0 : char *namevalue =
1802 0 : talloc_asprintf(talloc_tos(), "%s:%s",
1803 : name+7, (const char *) value);
1804 0 : if (! namevalue) {
1805 0 : errno = ENOMEM;
1806 0 : ret = -1;
1807 0 : TALLOC_FREE(frame);
1808 0 : return -1;
1809 : }
1810 :
1811 0 : if (ipc_srv) {
1812 0 : ret = cacl_set(context, talloc_tos(), srv->cli,
1813 : ipc_srv->cli, &ipc_srv->pol, path,
1814 : namevalue,
1815 0 : (*namevalue == '*'
1816 : ? SMBC_XATTR_MODE_SET
1817 : : SMBC_XATTR_MODE_ADD),
1818 : flags);
1819 : } else {
1820 0 : ret = 0;
1821 : }
1822 :
1823 : /* get a DOS Attribute Descriptor with current attributes */
1824 0 : dad = dos_attr_query(context, talloc_tos(), path, srv);
1825 0 : if (dad) {
1826 : bool ok;
1827 :
1828 : /* Overwrite old with new, using what was provided */
1829 0 : dos_attr_parse(context, dad, srv, namevalue);
1830 :
1831 : /* Set the new DOS attributes */
1832 0 : ok = SMBC_setatr(
1833 : context,
1834 : srv,
1835 : path,
1836 0 : (struct timespec) {
1837 0 : .tv_sec = dad->create_time },
1838 0 : (struct timespec) {
1839 0 : .tv_sec = dad->access_time },
1840 0 : (struct timespec) {
1841 0 : .tv_sec = dad->write_time },
1842 0 : (struct timespec) {
1843 0 : .tv_sec = dad->change_time },
1844 0 : dad->mode);
1845 0 : if (!ok) {
1846 : /* cause failure if NT failed too */
1847 0 : dad = NULL;
1848 : }
1849 : }
1850 :
1851 : /* we only fail if both NT and DOS sets failed */
1852 0 : if (ret < 0 && ! dad) {
1853 0 : ret = -1; /* in case dad was null */
1854 : }
1855 : else {
1856 0 : ret = 0;
1857 : }
1858 :
1859 0 : TALLOC_FREE(frame);
1860 0 : return ret;
1861 : }
1862 :
1863 : /*
1864 : * Are they asking to set an access control element or to set
1865 : * the entire access control list?
1866 : */
1867 0 : if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
1868 0 : strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
1869 0 : strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
1870 0 : strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
1871 0 : strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
1872 :
1873 : /* Yup. */
1874 0 : char *namevalue =
1875 0 : talloc_asprintf(talloc_tos(), "%s:%s",
1876 : name+19, (const char *) value);
1877 :
1878 0 : if (! ipc_srv) {
1879 0 : ret = -1; /* errno set by SMBC_server() */
1880 : }
1881 0 : else if (! namevalue) {
1882 0 : errno = ENOMEM;
1883 0 : ret = -1;
1884 : } else {
1885 0 : ret = cacl_set(context, talloc_tos(), srv->cli,
1886 : ipc_srv->cli, &ipc_srv->pol, path,
1887 : namevalue,
1888 0 : (*namevalue == '*'
1889 : ? SMBC_XATTR_MODE_SET
1890 : : SMBC_XATTR_MODE_ADD),
1891 : flags);
1892 : }
1893 0 : TALLOC_FREE(frame);
1894 0 : return ret;
1895 : }
1896 :
1897 : /*
1898 : * Are they asking to set the owner?
1899 : */
1900 0 : if (strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
1901 0 : strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0) {
1902 :
1903 : /* Yup. */
1904 0 : char *namevalue =
1905 0 : talloc_asprintf(talloc_tos(), "%s:%s",
1906 : name+19, (const char *) value);
1907 :
1908 0 : if (! ipc_srv) {
1909 0 : ret = -1; /* errno set by SMBC_server() */
1910 : }
1911 0 : else if (! namevalue) {
1912 0 : errno = ENOMEM;
1913 0 : ret = -1;
1914 : } else {
1915 0 : ret = cacl_set(context, talloc_tos(), srv->cli,
1916 : ipc_srv->cli, &ipc_srv->pol, path,
1917 : namevalue, SMBC_XATTR_MODE_CHOWN, 0);
1918 : }
1919 0 : TALLOC_FREE(frame);
1920 0 : return ret;
1921 : }
1922 :
1923 : /*
1924 : * Are they asking to set the group?
1925 : */
1926 0 : if (strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
1927 0 : strcasecmp_m(name, "system.nt_sec_desc.group+") == 0) {
1928 :
1929 : /* Yup. */
1930 0 : char *namevalue =
1931 0 : talloc_asprintf(talloc_tos(), "%s:%s",
1932 : name+19, (const char *) value);
1933 :
1934 0 : if (! ipc_srv) {
1935 : /* errno set by SMBC_server() */
1936 0 : ret = -1;
1937 : }
1938 0 : else if (! namevalue) {
1939 0 : errno = ENOMEM;
1940 0 : ret = -1;
1941 : } else {
1942 0 : ret = cacl_set(context, talloc_tos(), srv->cli,
1943 : ipc_srv->cli, &ipc_srv->pol, path,
1944 : namevalue, SMBC_XATTR_MODE_CHGRP, 0);
1945 : }
1946 0 : TALLOC_FREE(frame);
1947 0 : return ret;
1948 : }
1949 :
1950 : /* Determine whether to use old-style or new-style attribute names */
1951 0 : if (context->internal->full_time_names) {
1952 : /* new-style names */
1953 0 : attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
1954 0 : attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
1955 0 : attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
1956 0 : attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
1957 : } else {
1958 : /* old-style names */
1959 0 : attr_strings.create_time_attr = NULL;
1960 0 : attr_strings.access_time_attr = "system.dos_attr.A_TIME";
1961 0 : attr_strings.write_time_attr = "system.dos_attr.M_TIME";
1962 0 : attr_strings.change_time_attr = "system.dos_attr.C_TIME";
1963 : }
1964 :
1965 : /*
1966 : * Are they asking to set a DOS attribute?
1967 : */
1968 0 : if (strcasecmp_m(name, "system.dos_attr.*") == 0 ||
1969 0 : strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
1970 0 : (attr_strings.create_time_attr != NULL &&
1971 0 : strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
1972 0 : strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
1973 0 : strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
1974 0 : strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
1975 :
1976 : /* get a DOS Attribute Descriptor with current attributes */
1977 0 : dad = dos_attr_query(context, talloc_tos(), path, srv);
1978 0 : if (dad) {
1979 0 : char *namevalue =
1980 0 : talloc_asprintf(talloc_tos(), "%s:%s",
1981 : name+16, (const char *) value);
1982 0 : if (! namevalue) {
1983 0 : errno = ENOMEM;
1984 0 : ret = -1;
1985 : } else {
1986 : /* Overwrite old with provided new params */
1987 0 : dos_attr_parse(context, dad, srv, namevalue);
1988 :
1989 : /* Set the new DOS attributes */
1990 0 : ret2 = SMBC_setatr(
1991 : context,
1992 : srv,
1993 : path,
1994 0 : (struct timespec) {
1995 0 : .tv_sec = dad->create_time },
1996 0 : (struct timespec) {
1997 0 : .tv_sec = dad->access_time },
1998 0 : (struct timespec) {
1999 0 : .tv_sec = dad->write_time },
2000 0 : (struct timespec) {
2001 0 : .tv_sec = dad->change_time },
2002 0 : dad->mode);
2003 :
2004 : /* ret2 has True (success) / False (failure) */
2005 0 : if (ret2) {
2006 0 : ret = 0;
2007 : } else {
2008 0 : ret = -1;
2009 : }
2010 : }
2011 : } else {
2012 0 : ret = -1;
2013 : }
2014 :
2015 0 : TALLOC_FREE(frame);
2016 0 : return ret;
2017 : }
2018 :
2019 : /* Unsupported attribute name */
2020 0 : errno = EINVAL;
2021 0 : TALLOC_FREE(frame);
2022 0 : return -1;
2023 : }
2024 :
2025 : int
2026 0 : SMBC_getxattr_ctx(SMBCCTX *context,
2027 : const char *fname,
2028 : const char *name,
2029 : const void *value,
2030 : size_t size)
2031 : {
2032 : int ret;
2033 0 : SMBCSRV *srv = NULL;
2034 0 : SMBCSRV *ipc_srv = NULL;
2035 0 : char *server = NULL;
2036 0 : char *share = NULL;
2037 0 : char *user = NULL;
2038 0 : char *password = NULL;
2039 0 : char *workgroup = NULL;
2040 0 : char *path = NULL;
2041 : struct {
2042 : const char * create_time_attr;
2043 : const char * access_time_attr;
2044 : const char * write_time_attr;
2045 : const char * change_time_attr;
2046 : } attr_strings;
2047 0 : uint16_t port = 0;
2048 0 : TALLOC_CTX *frame = talloc_stackframe();
2049 :
2050 0 : if (!context || !context->internal->initialized) {
2051 0 : errno = EINVAL; /* Best I can think of ... */
2052 0 : TALLOC_FREE(frame);
2053 0 : return -1;
2054 : }
2055 :
2056 0 : if (!fname) {
2057 0 : errno = EINVAL;
2058 0 : TALLOC_FREE(frame);
2059 0 : return -1;
2060 : }
2061 :
2062 0 : DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname, name));
2063 :
2064 0 : if (SMBC_parse_path(frame,
2065 : context,
2066 : fname,
2067 : &workgroup,
2068 : &server,
2069 : &port,
2070 : &share,
2071 : &path,
2072 : &user,
2073 : &password,
2074 : NULL)) {
2075 0 : errno = EINVAL;
2076 0 : TALLOC_FREE(frame);
2077 0 : return -1;
2078 : }
2079 :
2080 0 : if (!user || user[0] == (char)0) {
2081 0 : user = talloc_strdup(frame, smbc_getUser(context));
2082 0 : if (!user) {
2083 0 : errno = ENOMEM;
2084 0 : TALLOC_FREE(frame);
2085 0 : return -1;
2086 : }
2087 : }
2088 :
2089 0 : srv = SMBC_server(frame, context, True,
2090 : server, port, share, &workgroup, &user, &password);
2091 0 : if (!srv) {
2092 0 : TALLOC_FREE(frame);
2093 0 : return -1; /* errno set by SMBC_server */
2094 : }
2095 :
2096 0 : if (! srv->no_nt_session) {
2097 0 : ipc_srv = SMBC_attr_server(frame, context, server, port, share,
2098 : &workgroup, &user, &password);
2099 : /*
2100 : * SMBC_attr_server() can cause the original
2101 : * server to be removed from the cache.
2102 : * If so we must error out here as the srv
2103 : * pointer has been freed.
2104 : */
2105 0 : if (smbc_getFunctionGetCachedServer(context)(context,
2106 : server,
2107 : share,
2108 : workgroup,
2109 : user) != srv) {
2110 : #if defined(ECONNRESET)
2111 0 : errno = ECONNRESET;
2112 : #else
2113 : errno = ETIMEDOUT;
2114 : #endif
2115 0 : TALLOC_FREE(frame);
2116 0 : return -1;
2117 : }
2118 0 : if (! ipc_srv) {
2119 0 : srv->no_nt_session = True;
2120 : }
2121 : } else {
2122 0 : ipc_srv = NULL;
2123 : }
2124 :
2125 : /* Determine whether to use old-style or new-style attribute names */
2126 0 : if (context->internal->full_time_names) {
2127 : /* new-style names */
2128 0 : attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
2129 0 : attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
2130 0 : attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
2131 0 : attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
2132 : } else {
2133 : /* old-style names */
2134 0 : attr_strings.create_time_attr = NULL;
2135 0 : attr_strings.access_time_attr = "system.dos_attr.A_TIME";
2136 0 : attr_strings.write_time_attr = "system.dos_attr.M_TIME";
2137 0 : attr_strings.change_time_attr = "system.dos_attr.C_TIME";
2138 : }
2139 :
2140 : /* Are they requesting a supported attribute? */
2141 0 : if (strcasecmp_m(name, "system.*") == 0 ||
2142 0 : strncasecmp_m(name, "system.*!", 9) == 0 ||
2143 0 : strcasecmp_m(name, "system.*+") == 0 ||
2144 0 : strncasecmp_m(name, "system.*+!", 10) == 0 ||
2145 0 : strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
2146 0 : strncasecmp_m(name, "system.nt_sec_desc.*!", 21) == 0 ||
2147 0 : strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
2148 0 : strncasecmp_m(name, "system.nt_sec_desc.*+!", 22) == 0 ||
2149 0 : strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
2150 0 : strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
2151 0 : strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
2152 0 : strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
2153 0 : strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
2154 0 : strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
2155 0 : strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0 ||
2156 0 : strcasecmp_m(name, "system.dos_attr.*") == 0 ||
2157 0 : strncasecmp_m(name, "system.dos_attr.*!", 18) == 0 ||
2158 0 : strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
2159 0 : strcasecmp_m(name, "system.dos_attr.size") == 0 ||
2160 0 : (attr_strings.create_time_attr != NULL &&
2161 0 : strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
2162 0 : strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
2163 0 : strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
2164 0 : strcasecmp_m(name, attr_strings.change_time_attr) == 0 ||
2165 0 : strcasecmp_m(name, "system.dos_attr.inode") == 0) {
2166 :
2167 : /* Yup. */
2168 0 : const char *filename = name;
2169 0 : ret = cacl_get(context, talloc_tos(), srv,
2170 : ipc_srv == NULL ? NULL : ipc_srv->cli,
2171 : &ipc_srv->pol, path,
2172 : filename,
2173 : discard_const_p(char, value),
2174 : size);
2175 0 : if (ret < 0 && errno == 0) {
2176 0 : errno = SMBC_errno(context, srv->cli);
2177 : }
2178 0 : TALLOC_FREE(frame);
2179 0 : return ret;
2180 : }
2181 :
2182 : /* Unsupported attribute name */
2183 0 : errno = EINVAL;
2184 0 : TALLOC_FREE(frame);
2185 0 : return -1;
2186 : }
2187 :
2188 :
2189 : int
2190 0 : SMBC_removexattr_ctx(SMBCCTX *context,
2191 : const char *fname,
2192 : const char *name)
2193 : {
2194 : int ret;
2195 0 : SMBCSRV *srv = NULL;
2196 0 : SMBCSRV *ipc_srv = NULL;
2197 0 : char *server = NULL;
2198 0 : char *share = NULL;
2199 0 : char *user = NULL;
2200 0 : char *password = NULL;
2201 0 : char *workgroup = NULL;
2202 0 : char *path = NULL;
2203 0 : uint16_t port = 0;
2204 0 : TALLOC_CTX *frame = talloc_stackframe();
2205 :
2206 0 : if (!context || !context->internal->initialized) {
2207 0 : errno = EINVAL; /* Best I can think of ... */
2208 0 : TALLOC_FREE(frame);
2209 0 : return -1;
2210 : }
2211 :
2212 0 : if (!fname) {
2213 0 : errno = EINVAL;
2214 0 : TALLOC_FREE(frame);
2215 0 : return -1;
2216 : }
2217 :
2218 0 : DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname, name));
2219 :
2220 0 : if (SMBC_parse_path(frame,
2221 : context,
2222 : fname,
2223 : &workgroup,
2224 : &server,
2225 : &port,
2226 : &share,
2227 : &path,
2228 : &user,
2229 : &password,
2230 : NULL)) {
2231 0 : errno = EINVAL;
2232 0 : TALLOC_FREE(frame);
2233 0 : return -1;
2234 : }
2235 :
2236 0 : if (!user || user[0] == (char)0) {
2237 0 : user = talloc_strdup(frame, smbc_getUser(context));
2238 0 : if (!user) {
2239 0 : errno = ENOMEM;
2240 0 : TALLOC_FREE(frame);
2241 0 : return -1;
2242 : }
2243 : }
2244 :
2245 0 : srv = SMBC_server(frame, context, True,
2246 : server, port, share, &workgroup, &user, &password);
2247 0 : if (!srv) {
2248 0 : TALLOC_FREE(frame);
2249 0 : return -1; /* errno set by SMBC_server */
2250 : }
2251 :
2252 0 : if (! srv->no_nt_session) {
2253 : int saved_errno;
2254 0 : ipc_srv = SMBC_attr_server(frame, context, server, port, share,
2255 : &workgroup, &user, &password);
2256 0 : saved_errno = errno;
2257 : /*
2258 : * SMBC_attr_server() can cause the original
2259 : * server to be removed from the cache.
2260 : * If so we must error out here as the srv
2261 : * pointer has been freed.
2262 : */
2263 0 : if (smbc_getFunctionGetCachedServer(context)(context,
2264 : server,
2265 : share,
2266 : workgroup,
2267 : user) != srv) {
2268 : #if defined(ECONNRESET)
2269 0 : errno = ECONNRESET;
2270 : #else
2271 : errno = ETIMEDOUT;
2272 : #endif
2273 0 : TALLOC_FREE(frame);
2274 0 : return -1;
2275 : }
2276 0 : if (! ipc_srv) {
2277 0 : errno = saved_errno;
2278 0 : srv->no_nt_session = True;
2279 : }
2280 : } else {
2281 0 : ipc_srv = NULL;
2282 : }
2283 :
2284 0 : if (! ipc_srv) {
2285 0 : TALLOC_FREE(frame);
2286 0 : return -1; /* errno set by SMBC_attr_server */
2287 : }
2288 :
2289 : /* Are they asking to set the entire ACL? */
2290 0 : if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
2291 0 : strcasecmp_m(name, "system.nt_sec_desc.*+") == 0) {
2292 :
2293 : /* Yup. */
2294 0 : ret = cacl_set(context, talloc_tos(), srv->cli,
2295 : ipc_srv->cli, &ipc_srv->pol, path,
2296 : NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
2297 0 : TALLOC_FREE(frame);
2298 0 : return ret;
2299 : }
2300 :
2301 : /*
2302 : * Are they asking to remove one or more specific security descriptor
2303 : * attributes?
2304 : */
2305 0 : if (strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
2306 0 : strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
2307 0 : strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
2308 0 : strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
2309 0 : strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
2310 0 : strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
2311 0 : strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
2312 :
2313 : /* Yup. */
2314 0 : ret = cacl_set(context, talloc_tos(), srv->cli,
2315 : ipc_srv->cli, &ipc_srv->pol, path,
2316 : discard_const_p(char, name) + 19,
2317 : SMBC_XATTR_MODE_REMOVE, 0);
2318 0 : TALLOC_FREE(frame);
2319 0 : return ret;
2320 : }
2321 :
2322 : /* Unsupported attribute name */
2323 0 : errno = EINVAL;
2324 0 : TALLOC_FREE(frame);
2325 0 : return -1;
2326 : }
2327 :
2328 : int
2329 0 : SMBC_listxattr_ctx(SMBCCTX *context,
2330 : const char *fname,
2331 : char *list,
2332 : size_t size)
2333 : {
2334 : /*
2335 : * This isn't quite what listxattr() is supposed to do. This returns
2336 : * the complete set of attribute names, always, rather than only those
2337 : * attribute names which actually exist for a file. Hmmm...
2338 : */
2339 : size_t retsize;
2340 0 : const char supported_old[] =
2341 : "system.*\0"
2342 : "system.*+\0"
2343 : "system.nt_sec_desc.revision\0"
2344 : "system.nt_sec_desc.owner\0"
2345 : "system.nt_sec_desc.owner+\0"
2346 : "system.nt_sec_desc.group\0"
2347 : "system.nt_sec_desc.group+\0"
2348 : "system.nt_sec_desc.acl.*\0"
2349 : "system.nt_sec_desc.acl\0"
2350 : "system.nt_sec_desc.acl+\0"
2351 : "system.nt_sec_desc.*\0"
2352 : "system.nt_sec_desc.*+\0"
2353 : "system.dos_attr.*\0"
2354 : "system.dos_attr.mode\0"
2355 : "system.dos_attr.c_time\0"
2356 : "system.dos_attr.a_time\0"
2357 : "system.dos_attr.m_time\0"
2358 : ;
2359 0 : const char supported_new[] =
2360 : "system.*\0"
2361 : "system.*+\0"
2362 : "system.nt_sec_desc.revision\0"
2363 : "system.nt_sec_desc.owner\0"
2364 : "system.nt_sec_desc.owner+\0"
2365 : "system.nt_sec_desc.group\0"
2366 : "system.nt_sec_desc.group+\0"
2367 : "system.nt_sec_desc.acl.*\0"
2368 : "system.nt_sec_desc.acl\0"
2369 : "system.nt_sec_desc.acl+\0"
2370 : "system.nt_sec_desc.*\0"
2371 : "system.nt_sec_desc.*+\0"
2372 : "system.dos_attr.*\0"
2373 : "system.dos_attr.mode\0"
2374 : "system.dos_attr.create_time\0"
2375 : "system.dos_attr.access_time\0"
2376 : "system.dos_attr.write_time\0"
2377 : "system.dos_attr.change_time\0"
2378 : ;
2379 : const char * supported;
2380 :
2381 0 : if (context->internal->full_time_names) {
2382 0 : supported = supported_new;
2383 0 : retsize = sizeof(supported_new);
2384 : } else {
2385 0 : supported = supported_old;
2386 0 : retsize = sizeof(supported_old);
2387 : }
2388 :
2389 0 : if (size == 0) {
2390 0 : return retsize;
2391 : }
2392 :
2393 0 : if (retsize > size) {
2394 0 : errno = ERANGE;
2395 0 : return -1;
2396 : }
2397 :
2398 : /* this can't be strcpy() because there are embedded null characters */
2399 0 : memcpy(list, supported, retsize);
2400 0 : return retsize;
2401 : }
|
