r2576: Some userspace tools for getting and setting ntacls via the 'security.ntacl'

extended attribute.
(This used to be commit 5b88226f9002711baac73e66d04ecf92b7765809)

1 files changed, 116 insertions, 0 deletions

diff --git a/source4/utils/getntacl.c b/source4/utils/getntacl.c
new file mode 100644
index 0000000000..b17200aeb5
--- /dev/null
+++ b/source4/utils/getntacl.c
@@ -0,0 +1,116 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Get NT ACLs from UNIX files.
+
+   Copyright (C) Tim Potter <tpot@samba.org> 2004
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include <attr/xattr.h>
+
+/* Display a security descriptor in "psec" format which is as follows.
+
+   The first two lines describe the owner user and owner group of the
+   object.  If either of these lines are blank then the respective
+   owner property is not set.  The remaining lines list the individual
+   permissions or ACE entries, one per line.  Each column describes a
+   different property of the ACE:
+
+       Column    Description
+       -------------------------------------------------------------------
+         1       ACE type (allow/deny etc)
+         2       ACE flags
+         3       ACE mask
+         4       SID the ACE applies to
+
+   Example:
+
+       S-1-5-21-1067277791-1719175008-3000797951-500
+
+       1 9 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-501
+       1 2 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-501
+       0 9 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-500
+       0 2 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-500
+       0 9 0x10000000 S-1-5-21-1067277791-1719175008-3000797951-513
+       0 2 0x00020000 S-1-5-21-1067277791-1719175008-3000797951-513
+       0 2 0xe0000000 S-1-1-0
+*/
+
+static void print_psec(TALLOC_CTX *mem_ctx, struct security_descriptor *sd)
+{
+	if (sd->owner_sid)
+		printf("%s\n", dom_sid_string(mem_ctx, sd->owner_sid));
+	else
+		printf("\n");
+
+	if (sd->group_sid)
+		printf("%s\n", dom_sid_string(mem_ctx, sd->owner_sid));
+	else
+		printf("\n");
+
+	/* Note: SACL not displayed */
+
+	if (sd->dacl) {
+		int i;
+
+		for (i = 0; i < sd->dacl->num_aces; i++) {
+			struct security_ace *ace = &sd->dacl->aces[i];
+			
+			printf("%d %d 0x%08x %s\n", ace->type, ace->flags,
+			       ace->access_mask, 
+			       dom_sid_string(mem_ctx, &ace->trustee));
+		}
+			
+	}
+}
+
+int main(int argc, char **argv)
+{
+	TALLOC_CTX *mem_ctx;
+	ssize_t size;
+	char *data;
+	struct security_descriptor sd;
+	DATA_BLOB blob;
+	struct ndr_pull *ndr;
+	NTSTATUS result;
+
+	mem_ctx = talloc_init("getntacl");
+
+	/* Fetch ACL data */
+
+	size = getxattr(argv[1], "security.ntacl", NULL, 0);
+
+	if (size == -1) {
+		fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
+		exit(1);
+	}
+
+	data = talloc(mem_ctx, size);
+
+	size = getxattr(argv[1], "security.ntacl", data, size);
+
+	blob = data_blob_talloc(mem_ctx, data, size);
+
+	ndr = ndr_pull_init_blob(&blob, mem_ctx);
+
+	result = ndr_pull_security_descriptor(
+		ndr, NDR_SCALARS|NDR_BUFFERS, &sd);
+
+	print_psec(data, &sd);
+	return 0;
+}