diff options
| author | Andrew Tridgell <tridge@samba.org> | 2001-02-22 03:40:01 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2001-02-22 03:40:01 +0000 |
| commit | 9ccbc1de06fa240db716c5e497853b7f31f1225f (patch) | |
| tree | 9b03e1edec7b84e4730ac8f2bb70b59b9e9e1e20 /source3/utils/smbcacls.c | |
| parent | 1239b92c73a803c5cb517925523a2936df51a232 (diff) | |
| download | samba-9ccbc1de06fa240db716c5e497853b7f31f1225f.tar.gz samba-9ccbc1de06fa240db716c5e497853b7f31f1225f.tar.bz2 samba-9ccbc1de06fa240db716c5e497853b7f31f1225f.zip | |
cope with filer/NT/samba all in one binary. yeah.
we now don't open rw for acls
(This used to be commit c0f57c3fe636c5a5885c6b2ed4723252597533eb)
Diffstat (limited to 'source3/utils/smbcacls.c')
| -rw-r--r-- | source3/utils/smbcacls.c | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index f68a2c2c6b..0aa2c4399d 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -31,6 +31,9 @@ static fstring server; static int got_pass; static int test_args; +#define CREATE_ACCESS_READ READ_CONTROL_ACCESS +#define CREATE_ACCESS_WRITE (WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS) + /* numeric is set when the user wants numeric SIDs and ACEs rather than going via LSA calls to resolve them */ static int numeric; @@ -451,7 +454,7 @@ static int cacl_dump(struct cli_state *cli, char *filename) if (test_args) return EXIT_OK; - fnum = cli_nt_create(cli, filename, 0x20000); + fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ); if (fnum == -1) { printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); return EXIT_FAILED; @@ -486,9 +489,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode, SEC_DESC *sd, *old; size_t sd_size; - fnum = cli_nt_create(cli, filename, - READ_CONTROL_ACCESS | WRITE_DAC_ACCESS - | WRITE_OWNER_ACCESS); + fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ); if (fnum == -1) { printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); @@ -500,11 +501,25 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode, old = cli_query_secdesc(cli, fnum); + cli_close(cli, fnum); + + if (!old) { + printf("owner_set: Failed to query old descriptor\n"); + return EXIT_FAILED; + } + sd = make_sec_desc(old->revision, (change_mode == REQUEST_CHOWN) ? &sid : old->owner_sid, (change_mode == REQUEST_CHGRP) ? &sid : old->grp_sid, NULL, old->dacl, &sd_size); + fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE); + + if (fnum == -1) { + printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); + return EXIT_FAILED; + } + if (!cli_set_secdesc(cli, fnum, sd)) { printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli)); } @@ -582,16 +597,22 @@ static int cacl_set(struct cli_state *cli, char *filename, /* The desired access below is the only one I could find that works with NT4, W2KP and Samba */ - fnum = cli_nt_create(cli, filename, - MAXIMUM_ALLOWED_ACCESS | 0x60000); + fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ); if (fnum == -1) { - printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); + printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli)); return EXIT_FAILED; } old = cli_query_secdesc(cli, fnum); + if (!old) { + printf("calc_set: Failed to query old descriptor\n"); + return EXIT_FAILED; + } + + cli_close(cli, fnum); + /* the logic here is rather more complex than I would like */ switch (mode) { case ACL_DELETE: @@ -673,6 +694,13 @@ static int cacl_set(struct cli_state *cli, char *filename, sd = make_sec_desc(old->revision, old->owner_sid, old->grp_sid, NULL, old->dacl, &sd_size); + fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE); + + if (fnum == -1) { + printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli)); + return EXIT_FAILED; + } + if (!cli_set_secdesc(cli, fnum, sd)) { printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli)); result = EXIT_FAILED; |