static void parse_dacl(struct cifs_ctrl_acl *pdacl, char *end_of_acl, int raw) { int i; int num_aces = 0; int acl_size; char *acl_base; struct cifs_ace *pace; if (!pdacl) return; if (end_of_acl < (char *)pdacl + le16toh(pdacl->size)) return; acl_base = (char *)pdacl; acl_size = sizeof(struct cifs_ctrl_acl); num_aces = le32toh(pdacl->num_aces); if (num_aces > 0) { for (i = 0; i < num_aces; ++i) { pace = (struct cifs_ace *) (acl_base + acl_size); print_ace(pace, end_of_acl, raw); acl_base = (char *)pace; acl_size = le16toh(pace->size); } } return; }
static void sec_desc_print(FILE *f, SEC_DESC *sd) { uint32 i; fprintf(f, "REVISION:%d\n", sd->revision); /* Print owner and group sid */ fprintf(f, "OWNER:%s\n", sid_string_tos(sd->owner_sid)); fprintf(f, "GROUP:%s\n", sid_string_tos(sd->group_sid)); /* Print aces */ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { SEC_ACE *ace = &sd->dacl->aces[i]; fprintf(f, "ACL:"); print_ace(f, ace); fprintf(f, "\n"); } }
static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *the_acl, enum acl_mode mode) { SEC_DESC *sd = NULL; SEC_DESC *old = NULL; size_t sd_size = 0; uint32 i, j; if (mode != SMB_ACL_SET) { if (!(old = get_share_security( mem_ctx, sharename, &sd_size )) ) { fprintf(stderr, "Unable to retrieve permissions for share [%s]\n", sharename); return -1; } } if ( (mode != SMB_ACL_VIEW) && !(sd = parse_acl_string(mem_ctx, the_acl, &sd_size )) ) { fprintf( stderr, "Failed to parse acl\n"); return -1; } switch (mode) { case SMB_ACL_VIEW: sec_desc_print( stdout, old); return 0; case SMB_ACL_DELETE: for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { bool found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { if (sec_ace_equal(&sd->dacl->aces[i], &old->dacl->aces[j])) { uint32 k; for (k=j; k<old->dacl->num_aces-1;k++) { old->dacl->aces[k] = old->dacl->aces[k+1]; } old->dacl->num_aces--; found = True; break; } } if (!found) { printf("ACL for ACE:"); print_ace(stdout, &sd->dacl->aces[i]); printf(" not found\n"); } } break; case SMB_ACL_MODIFY: for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { bool found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { if (sid_equal(&sd->dacl->aces[i].trustee, &old->dacl->aces[j].trustee)) { old->dacl->aces[j] = sd->dacl->aces[i]; found = True; } } if (!found) { printf("ACL for SID %s not found\n", sid_string_tos(&sd->dacl->aces[i].trustee)); } } if (sd->owner_sid) { old->owner_sid = sd->owner_sid; } if (sd->group_sid) { old->group_sid = sd->group_sid; } break; case SMB_ACL_ADD: for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { add_ace(mem_ctx, &old->dacl, &sd->dacl->aces[i]); } break; case SMB_ACL_SET: old = sd; break; } /* Denied ACE entries must come before allowed ones */ sort_acl(old->dacl); if ( !set_share_security( sharename, old ) ) { fprintf( stderr, "Failed to store acl for share [%s]\n", sharename ); return 2; } return 0; }