diff options
-rw-r--r-- | source3/utils/smbcacls.c | 81 |
1 files changed, 37 insertions, 44 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index ac68adc021..8dd2a36da4 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -658,43 +658,57 @@ static void sec_desc_print(struct cli_state *cli, FILE *f, SEC_DESC *sd) } -/***************************************************** -dump the acls for a file +/***************************************************** +get sec desc for filename *******************************************************/ -static int cacl_dump(struct cli_state *cli, const char *filename) +static SEC_DESC *get_secdesc(struct cli_state *cli, const char *filename) { - int result = EXIT_FAILED; uint16_t fnum = (uint16_t)-1; SEC_DESC *sd; - if (test_args) - return EXIT_OK; + /* The desired access below is the only one I could find that works + with NT4, W2KP and Samba */ - if (!NT_STATUS_IS_OK(cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ, 0, - FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) { + if (!NT_STATUS_IS_OK(cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ, + 0, FILE_SHARE_READ|FILE_SHARE_WRITE, + FILE_OPEN, 0x0, 0x0, &fnum))) { printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); - goto done; + return NULL; } sd = cli_query_secdesc(cli, fnum, talloc_tos()); + cli_close(cli, fnum); + if (!sd) { - printf("ERROR: secdesc query failed: %s\n", cli_errstr(cli)); - goto done; + printf("Failed to get security descriptor\n"); + return NULL; } + return sd; +} - if (sddl) { - printf("%s\n", sddl_encode(talloc_tos(), sd, - get_global_sam_sid())); - } else { - sec_desc_print(cli, stdout, sd); - } +/***************************************************** +dump the acls for a file +*******************************************************/ +static int cacl_dump(struct cli_state *cli, const char *filename) +{ + int result = EXIT_FAILED; + SEC_DESC *sd; + + if (test_args) + return EXIT_OK; - result = EXIT_OK; + sd = get_secdesc(cli, filename); -done: - if (fnum != (uint16_t)-1) - cli_close(cli, fnum); + if (sd) { + if (sddl) { + printf("%s\n", sddl_encode(talloc_tos(), sd, + get_global_sam_sid())); + } else { + sec_desc_print(cli, stdout, sd); + } + result = EXIT_OK; + } return result; } @@ -712,21 +726,12 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode, SEC_DESC *sd, *old; size_t sd_size; - if (!NT_STATUS_IS_OK(cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ, 0, - FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) { - printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); - return EXIT_FAILED; - } - if (!StringToSid(cli, &sid, new_username)) return EXIT_PARSE_ERROR; - old = cli_query_secdesc(cli, fnum, talloc_tos()); - - cli_close(cli, fnum); + old = get_secdesc(cli, filename); if (!old) { - printf("owner_set: Failed to query old descriptor\n"); return EXIT_FAILED; } @@ -836,24 +841,12 @@ static int cacl_set(struct cli_state *cli, const char *filename, if (!sd) return EXIT_PARSE_ERROR; if (test_args) return EXIT_OK; - /* The desired access below is the only one I could find that works - with NT4, W2KP and Samba */ - - if (!NT_STATUS_IS_OK(cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ, 0, - FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) { - printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli)); - return EXIT_FAILED; - } - - old = cli_query_secdesc(cli, fnum, talloc_tos()); + old = get_secdesc(cli, filename); if (!old) { - printf("calc_set: Failed to query old descriptor\n"); return EXIT_FAILED; } - cli_close(cli, fnum); - /* the logic here is rather more complex than I would like */ switch (mode) { case SMB_ACL_DELETE: |