static void
parse_dacl(struct cifs_ctrl_acl *pdacl, char *end_of_acl, int raw)
{
int i;
int num_aces = 0;
int acl_size;
char *acl_base;
struct cifs_ace *pace;
if (!pdacl)
return;
if (end_of_acl < (char *)pdacl + le16toh(pdacl->size))
return;
acl_base = (char *)pdacl;
acl_size = sizeof(struct cifs_ctrl_acl);
num_aces = le32toh(pdacl->num_aces);
if (num_aces > 0) {
for (i = 0; i < num_aces; ++i) {
pace = (struct cifs_ace *) (acl_base + acl_size);
print_ace(pace, end_of_acl, raw);
acl_base = (char *)pace;
acl_size = le16toh(pace->size);
}
}
return;
}
static void sec_desc_print(FILE *f, SEC_DESC *sd)
{
uint32 i;
fprintf(f, "REVISION:%d\n", sd->revision);
/* Print owner and group sid */
fprintf(f, "OWNER:%s\n", sid_string_tos(sd->owner_sid));
fprintf(f, "GROUP:%s\n", sid_string_tos(sd->group_sid));
/* Print aces */
for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
SEC_ACE *ace = &sd->dacl->aces[i];
fprintf(f, "ACL:");
print_ace(f, ace);
fprintf(f, "\n");
}
}
static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *the_acl, enum acl_mode mode)
{
SEC_DESC *sd = NULL;
SEC_DESC *old = NULL;
size_t sd_size = 0;
uint32 i, j;
if (mode != SMB_ACL_SET) {
if (!(old = get_share_security( mem_ctx, sharename, &sd_size )) ) {
fprintf(stderr, "Unable to retrieve permissions for share [%s]\n", sharename);
return -1;
}
}
if ( (mode != SMB_ACL_VIEW) && !(sd = parse_acl_string(mem_ctx, the_acl, &sd_size )) ) {
fprintf( stderr, "Failed to parse acl\n");
return -1;
}
switch (mode) {
case SMB_ACL_VIEW:
sec_desc_print( stdout, old);
return 0;
case SMB_ACL_DELETE:
for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
if (sec_ace_equal(&sd->dacl->aces[i], &old->dacl->aces[j])) {
uint32 k;
for (k=j; k<old->dacl->num_aces-1;k++) {
old->dacl->aces[k] = old->dacl->aces[k+1];
}
old->dacl->num_aces--;
found = True;
break;
}
}
if (!found) {
printf("ACL for ACE:");
print_ace(stdout, &sd->dacl->aces[i]);
printf(" not found\n");
}
}
break;
case SMB_ACL_MODIFY:
for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
bool found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
if (sid_equal(&sd->dacl->aces[i].trustee,
&old->dacl->aces[j].trustee)) {
old->dacl->aces[j] = sd->dacl->aces[i];
found = True;
}
}
if (!found) {
printf("ACL for SID %s not found\n",
sid_string_tos(&sd->dacl->aces[i].trustee));
}
}
if (sd->owner_sid) {
old->owner_sid = sd->owner_sid;
}
if (sd->group_sid) {
old->group_sid = sd->group_sid;
}
break;
case SMB_ACL_ADD:
for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
add_ace(mem_ctx, &old->dacl, &sd->dacl->aces[i]);
}
break;
case SMB_ACL_SET:
old = sd;
break;
}
/* Denied ACE entries must come before allowed ones */
sort_acl(old->dacl);
if ( !set_share_security( sharename, old ) ) {
fprintf( stderr, "Failed to store acl for share [%s]\n", sharename );
return 2;
}
return 0;
}
