データ構造 | |
struct | perm_value |
列挙型 | |
enum | acl_mode { SMB_ACL_SET, SMB_ACL_DELETE, SMB_ACL_MODIFY, SMB_ACL_ADD } |
enum | chown_mode { REQUEST_NONE, REQUEST_CHOWN, REQUEST_CHGRP } |
enum | exit_values { EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR } |
関数 | |
static struct cli_state * | connect_one (const char *share) |
static BOOL | cacls_open_policy_hnd (void) |
static void | SidToString (fstring str, DOM_SID *sid) |
static BOOL | StringToSid (DOM_SID *sid, const char *str) |
static void | print_ace (FILE *f, SEC_ACE *ace) |
static BOOL | parse_ace (SEC_ACE *ace, const char *orig_str) |
static BOOL | add_ace (SEC_ACL **the_acl, SEC_ACE *ace) |
static SEC_DESC * | sec_desc_parse (char *str) |
static void | sec_desc_print (FILE *f, SEC_DESC *sd) |
static int | cacl_dump (struct cli_state *cli, char *filename) |
static int | owner_set (struct cli_state *cli, enum chown_mode change_mode, char *filename, char *new_username) |
static int | ace_compare (SEC_ACE *ace1, SEC_ACE *ace2) |
static void | sort_acl (SEC_ACL *the_acl) |
static int | cacl_set (struct cli_state *cli, char *filename, char *the_acl, enum acl_mode mode) |
int | main (int argc, const char *argv[]) |
変数 | |
static pstring | owner_username |
static fstring | server |
static int | test_args = False |
static TALLOC_CTX * | ctx |
static BOOL | numeric = False |
static struct perm_value | special_values [] |
static struct perm_value | standard_values [] |
static struct cli_state * | global_hack_cli |
static struct rpc_pipe_client * | global_pipe_hnd |
static POLICY_HND | pol |
static BOOL | got_policy_hnd |
enum acl_mode |
enum chown_mode |
enum exit_values |
static struct cli_state * connect_one | ( | const char * | share | ) | [static] |
smbcacls.c の 767 行で定義されています。
参照先 c・cli_full_connection()・cmdline_auth_info・global_myname・user_auth_info::got_pass・lp_workgroup()・nt_errstr()・user_auth_info::password・server・user_auth_info::signing_state・user_auth_info::use_kerberos・user_auth_info::username・zero_ip().
00768 { 00769 struct cli_state *c; 00770 struct in_addr ip; 00771 NTSTATUS nt_status; 00772 zero_ip(&ip); 00773 00774 if (!cmdline_auth_info.got_pass) { 00775 char *pass = getpass("Password: "); 00776 if (pass) { 00777 pstrcpy(cmdline_auth_info.password, pass); 00778 cmdline_auth_info.got_pass = True; 00779 } 00780 } 00781 00782 if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname(), server, 00783 &ip, 0, 00784 share, "?????", 00785 cmdline_auth_info.username, lp_workgroup(), 00786 cmdline_auth_info.password, 00787 cmdline_auth_info.use_kerberos ? CLI_FULL_CONNECTION_USE_KERBEROS : 0, 00788 cmdline_auth_info.signing_state, NULL))) { 00789 return c; 00790 } else { 00791 DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); 00792 return NULL; 00793 } 00794 }
static BOOL cacls_open_policy_hnd | ( | void | ) | [static] |
smbcacls.c の 75 行で定義されています。
参照先 cli_rpc_pipe_open_noauth()・connect_one()・global_hack_cli・global_pipe_hnd・got_policy_hnd・cli_state::mem_ctx・pol・rpccli_lsa_open_policy().
参照元 SidToString()・StringToSid().
00076 { 00077 /* Initialise cli LSA connection */ 00078 00079 if (!global_hack_cli) { 00080 NTSTATUS ret; 00081 global_hack_cli = connect_one("IPC$"); 00082 global_pipe_hnd = cli_rpc_pipe_open_noauth(global_hack_cli, PI_LSARPC, &ret); 00083 if (!global_pipe_hnd) { 00084 return False; 00085 } 00086 } 00087 00088 /* Open policy handle */ 00089 00090 if (!got_policy_hnd) { 00091 00092 /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED, 00093 but NT sends 0x2000000 so we might as well do it too. */ 00094 00095 if (!NT_STATUS_IS_OK(rpccli_lsa_open_policy(global_pipe_hnd, global_hack_cli->mem_ctx, True, 00096 GENERIC_EXECUTE_ACCESS, &pol))) { 00097 return False; 00098 } 00099 00100 got_policy_hnd = True; 00101 } 00102 00103 return True; 00104 }
smbcacls.c の 107 行で定義されています。
参照先 cacls_open_policy_hnd()・global_hack_cli・global_pipe_hnd・cli_state::mem_ctx・numeric・pol・rpccli_lsa_lookup_sids()・sid_to_string().
参照元 cacl_set()・parse_quota_set()・print_ace()・sec_desc_print().
00108 { 00109 char **domains = NULL; 00110 char **names = NULL; 00111 enum lsa_SidType *types = NULL; 00112 00113 sid_to_string(str, sid); 00114 00115 if (numeric) return; 00116 00117 /* Ask LSA to convert the sid to a name */ 00118 00119 if (!cacls_open_policy_hnd() || 00120 !NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(global_pipe_hnd, global_hack_cli->mem_ctx, 00121 &pol, 1, sid, &domains, 00122 &names, &types)) || 00123 !domains || !domains[0] || !names || !names[0]) { 00124 return; 00125 } 00126 00127 /* Converted OK */ 00128 00129 slprintf(str, sizeof(fstring) - 1, "%s%s%s", 00130 domains[0], lp_winbind_separator(), 00131 names[0]); 00132 00133 }
smbcacls.c の 136 行で定義されています。
参照先 cacls_open_policy_hnd()・global_hack_cli・global_pipe_hnd・cli_state::mem_ctx・pol・result・rpccli_lsa_lookup_names()・sid_copy()・string_to_sid().
参照元 owner_set()・parse_ace()・parse_quota_set()・sec_desc_parse().
00137 { 00138 enum lsa_SidType *types = NULL; 00139 DOM_SID *sids = NULL; 00140 BOOL result = True; 00141 00142 if (strncmp(str, "S-", 2) == 0) { 00143 return string_to_sid(sid, str); 00144 } 00145 00146 if (!cacls_open_policy_hnd() || 00147 !NT_STATUS_IS_OK(rpccli_lsa_lookup_names(global_pipe_hnd, global_hack_cli->mem_ctx, 00148 &pol, 1, &str, NULL, &sids, 00149 &types))) { 00150 result = False; 00151 goto done; 00152 } 00153 00154 sid_copy(sid, &sids[0]); 00155 done: 00156 00157 return result; 00158 }
static void print_ace | ( | FILE * | f, | |
SEC_ACE * | ace | |||
) | [static] |
smbcacls.c の 162 行で定義されています。
参照先 security_ace_info::access_mask・security_ace_info::flags・fprintf()・perm_value::mask・numeric・perm_value::perm・SEC_ACE_TYPE_ACCESS_ALLOWED・SEC_ACE_TYPE_ACCESS_DENIED・SidToString()・standard_values・security_ace_info::trustee・security_ace_info::type.
00163 { 00164 const struct perm_value *v; 00165 fstring sidstr; 00166 int do_print = 0; 00167 uint32 got_mask; 00168 00169 SidToString(sidstr, &ace->trustee); 00170 00171 fprintf(f, "%s:", sidstr); 00172 00173 if (numeric) { 00174 fprintf(f, "%d/%d/0x%08x", 00175 ace->type, ace->flags, ace->access_mask); 00176 return; 00177 } 00178 00179 /* Ace type */ 00180 00181 if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) { 00182 fprintf(f, "ALLOWED"); 00183 } else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) { 00184 fprintf(f, "DENIED"); 00185 } else { 00186 fprintf(f, "%d", ace->type); 00187 } 00188 00189 /* Not sure what flags can be set in a file ACL */ 00190 00191 fprintf(f, "/%d/", ace->flags); 00192 00193 /* Standard permissions */ 00194 00195 for (v = standard_values; v->perm; v++) { 00196 if (ace->access_mask == v->mask) { 00197 fprintf(f, "%s", v->perm); 00198 return; 00199 } 00200 } 00201 00202 /* Special permissions. Print out a hex value if we have 00203 leftover bits in the mask. */ 00204 00205 got_mask = ace->access_mask; 00206 00207 again: 00208 for (v = special_values; v->perm; v++) { 00209 if ((ace->access_mask & v->mask) == v->mask) { 00210 if (do_print) { 00211 fprintf(f, "%s", v->perm); 00212 } 00213 got_mask &= ~v->mask; 00214 } 00215 } 00216 00217 if (!do_print) { 00218 if (got_mask != 0) { 00219 fprintf(f, "0x%08x", ace->access_mask); 00220 } else { 00221 do_print = 1; 00222 goto again; 00223 } 00224 } 00225 }
smbcacls.c の 229 行で定義されています。
参照先 perm_value::mask・next_token()・perm_value::perm・printf()・SEC_ACE_TYPE_ACCESS_ALLOWED・SEC_ACE_TYPE_ACCESS_DENIED・standard_values・strchr_m()・StringToSid().
00230 { 00231 char *p; 00232 const char *cp; 00233 fstring tok; 00234 unsigned int atype = 0; 00235 unsigned int aflags = 0; 00236 unsigned int amask = 0; 00237 DOM_SID sid; 00238 SEC_ACCESS mask; 00239 const struct perm_value *v; 00240 char *str = SMB_STRDUP(orig_str); 00241 00242 if (!str) { 00243 return False; 00244 } 00245 00246 ZERO_STRUCTP(ace); 00247 p = strchr_m(str,':'); 00248 if (!p) { 00249 printf("ACE '%s': missing ':'.\n", orig_str); 00250 SAFE_FREE(str); 00251 return False; 00252 } 00253 *p = '\0'; 00254 p++; 00255 /* Try to parse numeric form */ 00256 00257 if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 && 00258 StringToSid(&sid, str)) { 00259 goto done; 00260 } 00261 00262 /* Try to parse text form */ 00263 00264 if (!StringToSid(&sid, str)) { 00265 printf("ACE '%s': failed to convert '%s' to SID\n", 00266 orig_str, str); 00267 SAFE_FREE(str); 00268 return False; 00269 } 00270 00271 cp = p; 00272 if (!next_token(&cp, tok, "/", sizeof(fstring))) { 00273 printf("ACE '%s': failed to find '/' character.\n", 00274 orig_str); 00275 SAFE_FREE(str); 00276 return False; 00277 } 00278 00279 if (strncmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) { 00280 atype = SEC_ACE_TYPE_ACCESS_ALLOWED; 00281 } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) { 00282 atype = SEC_ACE_TYPE_ACCESS_DENIED; 00283 } else { 00284 printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s'\n", 00285 orig_str, tok); 00286 SAFE_FREE(str); 00287 return False; 00288 } 00289 00290 /* Only numeric form accepted for flags at present */ 00291 00292 if (!(next_token(&cp, tok, "/", sizeof(fstring)) && 00293 sscanf(tok, "%i", &aflags))) { 00294 printf("ACE '%s': bad integer flags entry at '%s'\n", 00295 orig_str, tok); 00296 SAFE_FREE(str); 00297 return False; 00298 } 00299 00300 if (!next_token(&cp, tok, "/", sizeof(fstring))) { 00301 printf("ACE '%s': missing / at '%s'\n", 00302 orig_str, tok); 00303 SAFE_FREE(str); 00304 return False; 00305 } 00306 00307 if (strncmp(tok, "0x", 2) == 0) { 00308 if (sscanf(tok, "%i", &amask) != 1) { 00309 printf("ACE '%s': bad hex number at '%s'\n", 00310 orig_str, tok); 00311 SAFE_FREE(str); 00312 return False; 00313 } 00314 goto done; 00315 } 00316 00317 for (v = standard_values; v->perm; v++) { 00318 if (strcmp(tok, v->perm) == 0) { 00319 amask = v->mask; 00320 goto done; 00321 } 00322 } 00323 00324 p = tok; 00325 00326 while(*p) { 00327 BOOL found = False; 00328 00329 for (v = special_values; v->perm; v++) { 00330 if (v->perm[0] == *p) { 00331 amask |= v->mask; 00332 found = True; 00333 } 00334 } 00335 00336 if (!found) { 00337 printf("ACE '%s': bad permission value at '%s'\n", 00338 orig_str, p); 00339 SAFE_FREE(str); 00340 return False; 00341 } 00342 p++; 00343 } 00344 00345 if (*p) { 00346 SAFE_FREE(str); 00347 return False; 00348 } 00349 00350 done: 00351 mask = amask; 00352 init_sec_ace(ace, &sid, atype, mask, aflags); 00353 SAFE_FREE(str); 00354 return True; 00355 }
smbcacls.c の 358 行で定義されています。
参照先 ctx・make_sec_acl().
00359 { 00360 SEC_ACL *new_ace; 00361 SEC_ACE *aces; 00362 if (! *the_acl) { 00363 return (((*the_acl) = make_sec_acl(ctx, 3, 1, ace)) != NULL); 00364 } 00365 00366 if (!(aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces))) { 00367 return False; 00368 } 00369 memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE)); 00370 memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); 00371 new_ace = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces); 00372 SAFE_FREE(aces); 00373 (*the_acl) = new_ace; 00374 return True; 00375 }
static SEC_DESC* sec_desc_parse | ( | char * | str | ) | [static] |
smbcacls.c の 378 行で定義されています。
参照先 add_ace()・ctx・make_sec_desc()・next_token()・parse_ace()・printf()・StringToSid().
00379 { 00380 const char *p = str; 00381 fstring tok; 00382 SEC_DESC *ret = NULL; 00383 size_t sd_size; 00384 DOM_SID *group_sid=NULL, *owner_sid=NULL; 00385 SEC_ACL *dacl=NULL; 00386 int revision=1; 00387 00388 while (next_token(&p, tok, "\t,\r\n", sizeof(tok))) { 00389 00390 if (strncmp(tok,"REVISION:", 9) == 0) { 00391 revision = strtol(tok+9, NULL, 16); 00392 continue; 00393 } 00394 00395 if (strncmp(tok,"OWNER:", 6) == 0) { 00396 if (owner_sid) { 00397 printf("Only specify owner once\n"); 00398 goto done; 00399 } 00400 owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); 00401 if (!owner_sid || 00402 !StringToSid(owner_sid, tok+6)) { 00403 printf("Failed to parse owner sid\n"); 00404 goto done; 00405 } 00406 continue; 00407 } 00408 00409 if (strncmp(tok,"GROUP:", 6) == 0) { 00410 if (group_sid) { 00411 printf("Only specify group once\n"); 00412 goto done; 00413 } 00414 group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); 00415 if (!group_sid || 00416 !StringToSid(group_sid, tok+6)) { 00417 printf("Failed to parse group sid\n"); 00418 goto done; 00419 } 00420 continue; 00421 } 00422 00423 if (strncmp(tok,"ACL:", 4) == 0) { 00424 SEC_ACE ace; 00425 if (!parse_ace(&ace, tok+4)) { 00426 goto done; 00427 } 00428 if(!add_ace(&dacl, &ace)) { 00429 printf("Failed to add ACL %s\n", tok); 00430 goto done; 00431 } 00432 continue; 00433 } 00434 00435 printf("Failed to parse token '%s' in security descriptor,\n", tok); 00436 goto done; 00437 } 00438 00439 ret = make_sec_desc(ctx,revision, SEC_DESC_SELF_RELATIVE, owner_sid, group_sid, 00440 NULL, dacl, &sd_size); 00441 00442 done: 00443 SAFE_FREE(group_sid); 00444 SAFE_FREE(owner_sid); 00445 00446 return ret; 00447 }
static void sec_desc_print | ( | FILE * | f, | |
SEC_DESC * | sd | |||
) | [static] |
smbcacls.c の 451 行で定義されています。
参照先 security_acl_info::aces・security_descriptor_info::dacl・fprintf()・security_descriptor_info::group_sid・security_acl_info::num_aces・security_descriptor_info::owner_sid・print_ace()・security_descriptor_info::revision・SidToString().
00452 { 00453 fstring sidstr; 00454 uint32 i; 00455 00456 fprintf(f, "REVISION:%d\n", sd->revision); 00457 00458 /* Print owner and group sid */ 00459 00460 if (sd->owner_sid) { 00461 SidToString(sidstr, sd->owner_sid); 00462 } else { 00463 fstrcpy(sidstr, ""); 00464 } 00465 00466 fprintf(f, "OWNER:%s\n", sidstr); 00467 00468 if (sd->group_sid) { 00469 SidToString(sidstr, sd->group_sid); 00470 } else { 00471 fstrcpy(sidstr, ""); 00472 } 00473 00474 fprintf(f, "GROUP:%s\n", sidstr); 00475 00476 /* Print aces */ 00477 for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { 00478 SEC_ACE *ace = &sd->dacl->aces[i]; 00479 fprintf(f, "ACL:"); 00480 print_ace(f, ace); 00481 fprintf(f, "\n"); 00482 } 00483 00484 }
static int cacl_dump | ( | struct cli_state * | cli, | |
char * | filename | |||
) | [static] |
smbcacls.c の 489 行で定義されています。
参照先 cli・cli_close()・cli_errstr()・cli_nt_create()・cli_query_secdesc()・ctx・EXIT_FAILED・EXIT_OK・printf()・result・sec_desc_print()・test_args.
参照元 main().
00490 { 00491 int result = EXIT_FAILED; 00492 int fnum = -1; 00493 SEC_DESC *sd; 00494 00495 if (test_args) 00496 return EXIT_OK; 00497 00498 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ); 00499 00500 if (fnum == -1) { 00501 printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); 00502 goto done; 00503 } 00504 00505 sd = cli_query_secdesc(cli, fnum, ctx); 00506 00507 if (!sd) { 00508 printf("ERROR: secdesc query failed: %s\n", cli_errstr(cli)); 00509 goto done; 00510 } 00511 00512 sec_desc_print(stdout, sd); 00513 00514 result = EXIT_OK; 00515 00516 done: 00517 if (fnum != -1) 00518 cli_close(cli, fnum); 00519 00520 return result; 00521 }
static int owner_set | ( | struct cli_state * | cli, | |
enum chown_mode | change_mode, | |||
char * | filename, | |||
char * | new_username | |||
) | [static] |
smbcacls.c の 528 行で定義されています。
参照先 cli・cli_close()・cli_errstr()・cli_nt_create()・cli_query_secdesc()・cli_set_secdesc()・ctx・EXIT_FAILED・EXIT_OK・EXIT_PARSE_ERROR・make_sec_desc()・printf()・REQUEST_CHGRP・REQUEST_CHOWN・security_descriptor_info::revision・StringToSid()・security_descriptor_info::type.
参照元 main().
00530 { 00531 int fnum; 00532 DOM_SID sid; 00533 SEC_DESC *sd, *old; 00534 size_t sd_size; 00535 00536 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ); 00537 00538 if (fnum == -1) { 00539 printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); 00540 return EXIT_FAILED; 00541 } 00542 00543 if (!StringToSid(&sid, new_username)) 00544 return EXIT_PARSE_ERROR; 00545 00546 old = cli_query_secdesc(cli, fnum, ctx); 00547 00548 cli_close(cli, fnum); 00549 00550 if (!old) { 00551 printf("owner_set: Failed to query old descriptor\n"); 00552 return EXIT_FAILED; 00553 } 00554 00555 sd = make_sec_desc(ctx,old->revision, old->type, 00556 (change_mode == REQUEST_CHOWN) ? &sid : NULL, 00557 (change_mode == REQUEST_CHGRP) ? &sid : NULL, 00558 NULL, NULL, &sd_size); 00559 00560 fnum = cli_nt_create(cli, filename, WRITE_OWNER_ACCESS); 00561 00562 if (fnum == -1) { 00563 printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); 00564 return EXIT_FAILED; 00565 } 00566 00567 if (!cli_set_secdesc(cli, fnum, sd)) { 00568 printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli)); 00569 } 00570 00571 cli_close(cli, fnum); 00572 00573 return EXIT_OK; 00574 }
smbcacls.c の 582 行で定義されています。
参照先 security_ace_info::access_mask・security_ace_info::flags・sec_ace_equal()・sid_compare()・security_ace_info::size・security_ace_info::trustee・security_ace_info::type.
00583 { 00584 if (sec_ace_equal(ace1, ace2)) 00585 return 0; 00586 00587 if (ace1->type != ace2->type) 00588 return ace2->type - ace1->type; 00589 00590 if (sid_compare(&ace1->trustee, &ace2->trustee)) 00591 return sid_compare(&ace1->trustee, &ace2->trustee); 00592 00593 if (ace1->flags != ace2->flags) 00594 return ace1->flags - ace2->flags; 00595 00596 if (ace1->access_mask != ace2->access_mask) 00597 return ace1->access_mask - ace2->access_mask; 00598 00599 if (ace1->size != ace2->size) 00600 return ace1->size - ace2->size; 00601 00602 return memcmp(ace1, ace2, sizeof(SEC_ACE)); 00603 }
static void sort_acl | ( | SEC_ACL * | the_acl | ) | [static] |
smbcacls.c の 605 行で定義されています。
参照先 ace_compare()・security_acl_info::aces・security_acl_info::num_aces・sec_ace_equal().
00606 { 00607 uint32 i; 00608 if (!the_acl) return; 00609 00610 qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]), QSORT_CAST ace_compare); 00611 00612 for (i=1;i<the_acl->num_aces;) { 00613 if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) { 00614 int j; 00615 for (j=i; j<the_acl->num_aces-1; j++) { 00616 the_acl->aces[j] = the_acl->aces[j+1]; 00617 } 00618 the_acl->num_aces--; 00619 } else { 00620 i++; 00621 } 00622 } 00623 }
static int cacl_set | ( | struct cli_state * | cli, | |
char * | filename, | |||
char * | the_acl, | |||
enum acl_mode | mode | |||
) | [static] |
smbcacls.c の 628 行で定義されています。
参照先 security_acl_info::aces・cli・cli_close()・cli_errstr()・cli_nt_create()・cli_query_secdesc()・ctx・security_descriptor_info::dacl・EXIT_FAILED・EXIT_OK・EXIT_PARSE_ERROR・security_acl_info::num_aces・print_ace()・printf()・result・sec_ace_equal()・sec_desc_parse()・sid_equal()・SidToString()・SMB_ACL_DELETE・SMB_ACL_MODIFY・test_args・security_ace_info::trustee.
00630 { 00631 int fnum; 00632 SEC_DESC *sd, *old; 00633 uint32 i, j; 00634 size_t sd_size; 00635 int result = EXIT_OK; 00636 00637 sd = sec_desc_parse(the_acl); 00638 00639 if (!sd) return EXIT_PARSE_ERROR; 00640 if (test_args) return EXIT_OK; 00641 00642 /* The desired access below is the only one I could find that works 00643 with NT4, W2KP and Samba */ 00644 00645 fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ); 00646 00647 if (fnum == -1) { 00648 printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli)); 00649 return EXIT_FAILED; 00650 } 00651 00652 old = cli_query_secdesc(cli, fnum, ctx); 00653 00654 if (!old) { 00655 printf("calc_set: Failed to query old descriptor\n"); 00656 return EXIT_FAILED; 00657 } 00658 00659 cli_close(cli, fnum); 00660 00661 /* the logic here is rather more complex than I would like */ 00662 switch (mode) { 00663 case SMB_ACL_DELETE: 00664 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { 00665 BOOL found = False; 00666 00667 for (j=0;old->dacl && j<old->dacl->num_aces;j++) { 00668 if (sec_ace_equal(&sd->dacl->aces[i], 00669 &old->dacl->aces[j])) { 00670 uint32 k; 00671 for (k=j; k<old->dacl->num_aces-1;k++) { 00672 old->dacl->aces[k] = old->dacl->aces[k+1]; 00673 } 00674 old->dacl->num_aces--; 00675 found = True; 00676 break; 00677 } 00678 } 00679 00680 if (!found) { 00681 printf("ACL for ACE:"); 00682 print_ace(stdout, &sd->dacl->aces[i]); 00683 printf(" not found\n"); 00684 } 00685 } 00686 break; 00687 00688 case SMB_ACL_MODIFY: 00689 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { 00690 BOOL found = False; 00691 00692 for (j=0;old->dacl && j<old->dacl->num_aces;j++) { 00693 if (sid_equal(&sd->dacl->aces[i].trustee, 00694 &old->dacl->aces[j].trustee)) { 00695 old->dacl->aces[j] = sd->dacl->aces[i]; 00696 found = True; 00697 } 00698 } 00699 00700 if (!found) { 00701 fstring str; 00702 00703 SidToString(str, &sd->dacl->aces[i].trustee); 00704 printf("ACL for SID %s not found\n", str); 00705 } 00706 } 00707 00708 if (sd->owner_sid) { 00709 old->owner_sid = sd->owner_sid; 00710 } 00711 00712 if (sd->group_sid) { 00713 old->group_sid = sd->group_sid; 00714 } 00715 00716 break; 00717 00718 case SMB_ACL_ADD: 00719 for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { 00720 add_ace(&old->dacl, &sd->dacl->aces[i]); 00721 } 00722 break; 00723 00724 case SMB_ACL_SET: 00725 old = sd; 00726 break; 00727 } 00728 00729 /* Denied ACE entries must come before allowed ones */ 00730 sort_acl(old->dacl); 00731 00732 /* Create new security descriptor and set it */ 00733 00734 /* We used to just have "WRITE_DAC_ACCESS" without WRITE_OWNER. 00735 But if we're sending an owner, even if it's the same as the one 00736 that already exists then W2K3 insists we open with WRITE_OWNER access. 00737 I need to check that setting a SD with no owner set works against WNT 00738 and W2K. JRA. 00739 */ 00740 00741 sd = make_sec_desc(ctx,old->revision, old->type, old->owner_sid, old->group_sid, 00742 NULL, old->dacl, &sd_size); 00743 00744 fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS); 00745 00746 if (fnum == -1) { 00747 printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli)); 00748 return EXIT_FAILED; 00749 } 00750 00751 if (!cli_set_secdesc(cli, fnum, sd)) { 00752 printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli)); 00753 result = EXIT_FAILED; 00754 } 00755 00756 /* Clean up */ 00757 00758 cli_close(cli, fnum); 00759 00760 return result; 00761 }
int main | ( | int | argc, | |
const char * | argv[] | |||
) |
smbcacls.c の 799 行で定義されています。
参照先 all_string_sub()・cacl_dump()・cacl_set()・cli・connect_one()・ctx・dbf・DEBUGLEVEL_CLASS・dyn_CONFIGFILE・EXIT_FAILED・load_case_tables()・load_interfaces()・mode・numeric・owner_set()・owner_username・poptGetArg()・poptGetContext()・poptGetNextOpt()・poptGetOptArg()・poptPeekArg()・poptPrintUsage()・poptSetOtherOptionHelp()・printf()・REQUEST_CHGRP・REQUEST_CHOWN・REQUEST_NONE・result・server・setup_logging()・share・SMB_ACL_ADD・SMB_ACL_DELETE・SMB_ACL_MODIFY・SMB_ACL_SET・smb_xstrdup()・strchr_m()・talloc_init()・test_args・x_setbuf()・x_stderr.
00800 { 00801 char *share; 00802 int opt; 00803 enum acl_mode mode = SMB_ACL_SET; 00804 static char *the_acl = NULL; 00805 enum chown_mode change_mode = REQUEST_NONE; 00806 int result; 00807 fstring path; 00808 pstring filename; 00809 poptContext pc; 00810 struct poptOption long_options[] = { 00811 POPT_AUTOHELP 00812 { "delete", 'D', POPT_ARG_STRING, NULL, 'D', "Delete an acl", "ACL" }, 00813 { "modify", 'M', POPT_ARG_STRING, NULL, 'M', "Modify an acl", "ACL" }, 00814 { "add", 'a', POPT_ARG_STRING, NULL, 'a', "Add an acl", "ACL" }, 00815 { "set", 'S', POPT_ARG_STRING, NULL, 'S', "Set acls", "ACLS" }, 00816 { "chown", 'C', POPT_ARG_STRING, NULL, 'C', "Change ownership of a file", "USERNAME" }, 00817 { "chgrp", 'G', POPT_ARG_STRING, NULL, 'G', "Change group ownership of a file", "GROUPNAME" }, 00818 { "numeric", 0, POPT_ARG_NONE, &numeric, True, "Don't resolve sids or masks to names" }, 00819 { "test-args", 't', POPT_ARG_NONE, &test_args, True, "Test arguments"}, 00820 POPT_COMMON_SAMBA 00821 POPT_COMMON_CREDENTIALS 00822 { NULL } 00823 }; 00824 00825 struct cli_state *cli; 00826 00827 load_case_tables(); 00828 00829 ctx=talloc_init("main"); 00830 00831 /* set default debug level to 1 regardless of what smb.conf sets */ 00832 setup_logging( "smbcacls", True ); 00833 DEBUGLEVEL_CLASS[DBGC_ALL] = 1; 00834 dbf = x_stderr; 00835 x_setbuf( x_stderr, NULL ); 00836 00837 setlinebuf(stdout); 00838 00839 lp_load(dyn_CONFIGFILE,True,False,False,True); 00840 load_interfaces(); 00841 00842 pc = poptGetContext("smbcacls", argc, argv, long_options, 0); 00843 00844 poptSetOtherOptionHelp(pc, "//server1/share1 filename\nACLs look like: " 00845 "'ACL:user:[ALLOWED|DENIED]/flags/permissions'"); 00846 00847 while ((opt = poptGetNextOpt(pc)) != -1) { 00848 switch (opt) { 00849 case 'S': 00850 the_acl = smb_xstrdup(poptGetOptArg(pc)); 00851 mode = SMB_ACL_SET; 00852 break; 00853 00854 case 'D': 00855 the_acl = smb_xstrdup(poptGetOptArg(pc)); 00856 mode = SMB_ACL_DELETE; 00857 break; 00858 00859 case 'M': 00860 the_acl = smb_xstrdup(poptGetOptArg(pc)); 00861 mode = SMB_ACL_MODIFY; 00862 break; 00863 00864 case 'a': 00865 the_acl = smb_xstrdup(poptGetOptArg(pc)); 00866 mode = SMB_ACL_ADD; 00867 break; 00868 00869 case 'C': 00870 pstrcpy(owner_username,poptGetOptArg(pc)); 00871 change_mode = REQUEST_CHOWN; 00872 break; 00873 00874 case 'G': 00875 pstrcpy(owner_username,poptGetOptArg(pc)); 00876 change_mode = REQUEST_CHGRP; 00877 break; 00878 } 00879 } 00880 00881 /* Make connection to server */ 00882 if(!poptPeekArg(pc)) { 00883 poptPrintUsage(pc, stderr, 0); 00884 return -1; 00885 } 00886 00887 fstrcpy(path, poptGetArg(pc)); 00888 00889 if(!poptPeekArg(pc)) { 00890 poptPrintUsage(pc, stderr, 0); 00891 return -1; 00892 } 00893 00894 pstrcpy(filename, poptGetArg(pc)); 00895 00896 all_string_sub(path,"/","\\",0); 00897 00898 fstrcpy(server,path+2); 00899 share = strchr_m(server,'\\'); 00900 if (!share) { 00901 share = strchr_m(server,'/'); 00902 if (!share) { 00903 printf("Invalid argument: %s\n", share); 00904 return -1; 00905 } 00906 } 00907 00908 *share = 0; 00909 share++; 00910 00911 if (!test_args) { 00912 cli = connect_one(share); 00913 if (!cli) { 00914 talloc_destroy(ctx); 00915 exit(EXIT_FAILED); 00916 } 00917 } else { 00918 exit(0); 00919 } 00920 00921 all_string_sub(filename, "/", "\\", 0); 00922 if (filename[0] != '\\') { 00923 pstring s; 00924 s[0] = '\\'; 00925 safe_strcpy(&s[1], filename, sizeof(pstring)-2); 00926 pstrcpy(filename, s); 00927 } 00928 00929 /* Perform requested action */ 00930 00931 if (change_mode != REQUEST_NONE) { 00932 result = owner_set(cli, change_mode, filename, owner_username); 00933 } else if (the_acl) { 00934 result = cacl_set(cli, filename, the_acl, mode); 00935 } else { 00936 result = cacl_dump(cli, filename); 00937 } 00938 00939 talloc_destroy(ctx); 00940 00941 return result; 00942 }
pstring owner_username [static] |
smbcacls.c の 28 行で定義されています。
参照元 ads_fetch_gpo_files()・ads_find_dc()・ads_guess_service_principal()・ads_krb5_mk_req()・cb_itemsignal()・check_refresh_gpo()・cli_resolve_path()・close_files()・cmd_samr_query_group()・cmd_samr_query_groupmem()・cmd_samr_query_sec_obj()・cmd_samr_query_user()・cmd_samr_query_useraliases()・cmd_samr_query_usergroups()・complete_sync()・connect_one()・cups_connect()・do_connection()・lsa_open_policy()・main()・messaging_send()・net_ads_gpo_refresh()・notify_init()・notify_remove_all()・notify_trigger()・open_files()・parse_quota_set()・py_smb_connect()・reconnect()・rpccli_netlogon_logon_ctrl2()・rpccli_spoolss_addprinterdriver()・rpccli_spoolss_addprinterex()・rpccli_spoolss_deleteprinterdriver()・rpccli_spoolss_deleteprinterdriverex()・rpccli_spoolss_enum_ports()・rpccli_spoolss_enumprinterdrivers()・rpccli_spoolss_getprinterdriver()・rpccli_spoolss_getprinterdriverdir()・rpccli_srvsvc_net_file_close()・rpccli_srvsvc_net_file_enum()・rpccli_srvsvc_net_share_add()・rpccli_srvsvc_net_share_del()・rpccli_srvsvc_net_share_enum()・rpccli_srvsvc_net_share_get_info()・rpccli_srvsvc_net_share_set_info()・rpccli_srvsvc_net_srv_get_info()・rpccli_svcctl_open_scm()・saf_fetch()・samr_connect()・smbc_check_server()・smbc_chmod_ctx()・smbc_close_ctx()・smbc_fstat_ctx()・smbc_getxattr_ctx()・smbc_list_print_jobs_ctx()・smbc_lseek_ctx()・smbc_mkdir_ctx()・smbc_open_ctx()・smbc_open_print_job_ctx()・smbc_opendir_ctx()・smbc_read_ctx()・smbc_remove_cached_server()・smbc_removexattr_ctx()・smbc_rmdir_ctx()・smbc_setxattr_ctx()・smbc_stat_ctx()・smbc_unlink_ctx()・smbc_unlink_print_job_ctx()・smbc_utimes_ctx()・smbc_write_ctx()・spoolss_addprinterdriver()・spoolss_addprinterex()・spoolss_enumports()・spoolss_enumprinterdrivers()・spoolss_enumprinters()・spoolss_getprinterdriverdir()・spoolss_openprinter()・srvsvc_netservergetinfo()・test_one().
int test_args = False [static] |
TALLOC_CTX* ctx [static] |
smbcacls.c の 30 行で定義されています。
smbcacls.c の 36 行で定義されています。
参照元 cacl_get()・cacl_set()・main()・parse_quota_set()・print_ace()・SidToString().
struct perm_value special_values[] [static] |
初期値:
{ { "R", 0x00120089 }, { "W", 0x00120116 }, { "X", 0x001200a0 }, { "D", 0x00010000 }, { "P", 0x00040000 }, { "O", 0x00080000 }, { NULL, 0 }, }
smbcacls.c の 49 行で定義されています。
struct perm_value standard_values[] [static] |
初期値:
{ { "READ", 0x001200a9 }, { "CHANGE", 0x001301bf }, { "FULL", 0x001f01ff }, { NULL, 0 }, }
smbcacls.c の 59 行で定義されています。
struct cli_state* global_hack_cli [static] |
struct rpc_pipe_client* global_pipe_hnd [static] |
smbcacls.c の 67 行で定義されています。
参照元 cacls_open_policy_hnd()・cli_open_policy_hnd()・SidToString()・StringToSid().
POLICY_HND pol [static] |
smbcacls.c の 68 行で定義されています。
参照元 _samr_connect5()・_samr_set_userinfo()・_samr_set_userinfo2()・cac_LsaClosePolicy()・cac_LsaQueryTrustedDomainInfo()・cacl_get()・cacl_set()・cacls_open_policy_hnd()・check_privilege_for_user()・cli_lsa_query_domain_info_policy()・cli_open_policy_hnd()・close_policy_hnd()・cmd_lsa_enum_privilege()・cmd_lsa_enum_sids()・cmd_lsa_enum_trust_dom()・cmd_lsa_get_dispname()・cmd_lsa_lookup_names()・cmd_lsa_lookup_priv_value()・cmd_lsa_lookup_sids()・cmd_lsa_query_info_policy()・cmd_lsa_query_secobj()・cmd_lsa_query_trustdominfo()・cmd_lsa_query_trustdominfobyname()・cmd_lsa_query_trustdominfobysid()・cmd_samr_query_sec_obj()・cmd_spoolss_getdriver()・cmd_spoolss_getprinter()・cmd_spoolss_getprinterdata()・cmd_spoolss_getprinterdataex()・cmd_spoolss_setdriver()・cmd_spoolss_setprinter()・cmd_spoolss_setprinterdata()・cmd_spoolss_setprintername()・cmd_testme()・convert_sid_to_string()・convert_string_to_sid()・create_policy_hnd()・enum_accounts_for_privilege()・enum_privileges()・enum_privileges_for_accounts()・enum_privileges_for_user()・enumerate_domain_trusts()・fetch_machine_sid()・find_policy_by_hnd_internal()・get_lsa_policy_samr_sid()・get_remote_printer_publishing_data()・init_ldap_from_sam()・init_q_enum_trust_dom()・init_reg_q_enum_key()・init_reg_q_enum_val()・init_reg_q_flush_key()・init_reg_q_get_key_sec()・init_reg_q_open_entry()・init_reg_q_query_value()・init_reg_q_set_key_sec()・init_reg_q_set_val()・init_samr_q_add_groupmem()・init_samr_q_create_dom_group()・init_samr_q_create_user()・init_samr_q_del_groupmem()・init_samr_q_enum_dom_aliases()・init_samr_q_enum_dom_groups()・init_samr_q_enum_dom_users()・init_samr_q_enum_domains()・init_samr_q_get_dispenum_index()・init_samr_q_lookup_domain()・init_samr_q_lookup_names()・init_samr_q_lookup_rids()・init_samr_q_open_alias()・init_samr_q_open_domain()・init_samr_q_open_user()・init_samr_q_query_aliasinfo()・init_samr_q_query_dispinfo()・init_samr_q_query_groupinfo()・init_samr_q_set_groupinfo()・init_samr_q_set_sec_obj()・init_samr_r_connect5()・name_to_sid()・net_get_remote_domain_sid()・net_rpc_lookup_name()・new_lsa_policy_hnd_object()・new_samr_alias_hnd_object()・new_samr_connect_hnd_object()・new_samr_domain_hnd_object()・new_samr_group_hnd_object()・new_samr_user_hnd_object()・new_spoolss_policy_hnd_object()・parse_ace()・rpc_audit_enable_internal_ext()・rpc_audit_get_internal()・rpc_audit_list_internal()・rpc_audit_set_internal()・rpc_rights_list_internal()・rpccli_lsa_add_account_rights()・rpccli_lsa_close()・rpccli_lsa_enum_account_rights()・rpccli_lsa_enum_privilege()・rpccli_lsa_enum_privsaccount()・rpccli_lsa_enum_sids()・rpccli_lsa_enum_trust_dom()・rpccli_lsa_get_dispname()・rpccli_lsa_lookup_names()・rpccli_lsa_lookup_priv_value()・rpccli_lsa_lookup_sids()・rpccli_lsa_open_policy()・rpccli_lsa_open_policy2()・rpccli_lsa_open_trusted_domain()・rpccli_lsa_open_trusted_domain_by_name()・rpccli_lsa_query_info_policy()・rpccli_lsa_query_info_policy2()・rpccli_lsa_query_info_policy2_new()・rpccli_lsa_query_info_policy_new()・rpccli_lsa_query_secobj()・rpccli_lsa_query_trusted_domain_info()・rpccli_lsa_query_trusted_domain_info_by_name()・rpccli_lsa_query_trusted_domain_info_by_sid()・rpccli_lsa_remove_account_rights()・rpccli_lsa_set_info_policy()・rpccli_samr_enum_als_groups()・rpccli_samr_enum_dom_groups()・rpccli_samr_enum_dom_users()・rpccli_samr_get_usrdom_pwinfo()・rpccli_spoolss_close_printer()・rpccli_spoolss_getprinter()・rpccli_spoolss_getprinterdriver()・rpccli_spoolss_open_printer_ex()・rpccli_spoolss_rffpcnex()・rpccli_spoolss_routerreplyprinter()・rpccli_spoolss_rrpcn()・rpccli_spoolss_setprinter()・sec_desc_parse()・set_dc_type_and_flags()・sid_to_name()・SidToString()・smb_io_pol_hnd()・smbc_attr_server()・smbc_getxattr_ctx()・smbc_removexattr_ctx()・smbc_setxattr_ctx()・StringToSid()・vampire_trusted_domain().
BOOL got_policy_hnd [static] |