diff options
Diffstat (limited to 'source3/utils/smbcacls.c')
| -rw-r--r-- | source3/utils/smbcacls.c | 126 |
1 files changed, 78 insertions, 48 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index b6a13180a3..017f4035b0 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -42,9 +42,6 @@ enum acl_mode {SMB_ACL_SET, SMB_ACL_DELETE, SMB_ACL_MODIFY, SMB_ACL_ADD }; enum chown_mode {REQUEST_NONE, REQUEST_CHOWN, REQUEST_CHGRP}; enum exit_values {EXIT_OK, EXIT_FAILED, EXIT_PARSE_ERROR}; -extern pstring global_myname; -extern fstring global_myworkgroup; - struct perm_value { char *perm; uint32 mask; @@ -69,25 +66,24 @@ static struct perm_value standard_values[] = { { NULL, 0 }, }; -static struct cli_state *global_hack_cli; -static POLICY_HND pol; -static BOOL got_policy_hnd; - -static struct cli_state *connect_one(char *share); +struct cli_state lsa_cli; +POLICY_HND pol; +struct ntuser_creds creds; +BOOL got_policy_hnd; /* Open cli connection and policy handle */ static BOOL cacls_open_policy_hnd(void) { + creds.pwd.null_pwd = 1; + /* Initialise cli LSA connection */ - if (!global_hack_cli) { - global_hack_cli = connect_one("IPC$"); - if (!cli_nt_session_open (global_hack_cli, PIPE_LSARPC)) { - return False; - } + if (!lsa_cli.initialised && + !cli_lsa_initialise(&lsa_cli, server, &creds)) { + return False; } - + /* Open policy handle */ if (!got_policy_hnd) { @@ -95,7 +91,7 @@ static BOOL cacls_open_policy_hnd(void) /* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000 so we might as well do it too. */ - if (!NT_STATUS_IS_OK(cli_lsa_open_policy(global_hack_cli, global_hack_cli->mem_ctx, True, + if (!NT_STATUS_IS_OK(cli_lsa_open_policy(&lsa_cli, lsa_cli.mem_ctx, True, GENERIC_EXECUTE_ACCESS, &pol))) { return False; } @@ -120,7 +116,7 @@ static void SidToString(fstring str, DOM_SID *sid) /* Ask LSA to convert the sid to a name */ if (!cacls_open_policy_hnd() || - !NT_STATUS_IS_OK(cli_lsa_lookup_sids(global_hack_cli, global_hack_cli->mem_ctx, + !NT_STATUS_IS_OK(cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, sid, &domains, &names, &types)) || !domains || !domains[0] || !names || !names[0]) { @@ -147,7 +143,7 @@ static BOOL StringToSid(DOM_SID *sid, const char *str) } if (!cacls_open_policy_hnd() || - !NT_STATUS_IS_OK(cli_lsa_lookup_names(global_hack_cli, global_hack_cli->mem_ctx, + !NT_STATUS_IS_OK(cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, &str, &sids, &types))) { result = False; @@ -155,6 +151,7 @@ static BOOL StringToSid(DOM_SID *sid, const char *str) } sid_copy(sid, &sids[0]); + done: return result; @@ -703,31 +700,80 @@ static int cacl_set(struct cli_state *cli, char *filename, /***************************************************** return a connection to a server *******************************************************/ -static struct cli_state *connect_one(char *share) +struct cli_state *connect_one(char *share) { struct cli_state *c; + struct nmb_name called, calling; struct in_addr ip; - NTSTATUS nt_status; - zero_ip(&ip); - + extern pstring global_myname; + + fstrcpy(server,share+2); + share = strchr_m(server,'\\'); + if (!share) return NULL; + *share = 0; + share++; + + zero_ip(&ip); + + make_nmb_name(&calling, global_myname, 0x0); + make_nmb_name(&called , server, 0x20); + + again: + zero_ip(&ip); + + /* have to open a new connection */ + if (!(c=cli_initialise(NULL)) || !cli_connect(c, server, &ip)) { + DEBUG(0,("Connection to %s failed\n", server)); + cli_shutdown(c); + return NULL; + } + + if (!cli_session_request(c, &calling, &called)) { + DEBUG(0,("session request to %s failed\n", called.name)); + cli_shutdown(c); + if (strcmp(called.name, "*SMBSERVER")) { + make_nmb_name(&called , "*SMBSERVER", 0x20); + goto again; + } + return NULL; + } + + DEBUG(4,(" session request ok\n")); + + if (!cli_negprot(c)) { + DEBUG(0,("protocol negotiation failed\n")); + cli_shutdown(c); + return NULL; + } + if (!got_pass) { char *pass = getpass("Password: "); if (pass) { pstrcpy(password, pass); - got_pass = True; } } - if (NT_STATUS_IS_OK(nt_status = cli_full_connection(&c, global_myname, server, - &ip, 0, - share, "?????", - username, global_myworkgroup, - password, 0))) { - return c; - } else { - DEBUG(0,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); + if (!cli_session_setup(c, username, + password, strlen(password), + password, strlen(password), + lp_workgroup())) { + DEBUG(0,("session setup failed: %s\n", cli_errstr(c))); + cli_shutdown(c); return NULL; } + + DEBUG(4,(" session setup ok\n")); + + if (!cli_send_tconX(c, share, "?????", + password, strlen(password)+1)) { + DEBUG(0,("tree connect failed: %s\n", cli_errstr(c))); + cli_shutdown(c); + return NULL; + } + + DEBUG(4,(" tconx ok\n")); + + return c; } @@ -765,13 +811,12 @@ You can string acls together with spaces, commas or newlines\n\ extern int optind; int opt; char *p; + struct cli_state *cli=NULL; enum acl_mode mode = SMB_ACL_SET; char *the_acl = NULL; enum chown_mode change_mode = REQUEST_NONE; int result; - struct cli_state *cli; - ctx=talloc_init(); setlinebuf(stdout); @@ -876,7 +921,7 @@ You can string acls together with spaces, commas or newlines\n\ argc -= optind; argv += optind; - + if (argc > 0) { usage(); talloc_destroy(ctx); @@ -885,26 +930,12 @@ You can string acls together with spaces, commas or newlines\n\ /* Make connection to server */ - fstrcpy(server,share+2); - share = strchr_m(server,'\\'); - if (!share) { - share = strchr_m(server,'/'); - if (!share) { - return -1; - } - } - - *share = 0; - share++; - if (!test_args) { cli = connect_one(share); if (!cli) { talloc_destroy(ctx); exit(EXIT_FAILED); } - } else { - exit(0); } all_string_sub(filename, "/", "\\", 0); @@ -929,4 +960,3 @@ You can string acls together with spaces, commas or newlines\n\ return result; } - |