From 1cf7a3420e501f023b0289a47adf0d89e2d12d17 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 24 Sep 2004 01:20:30 +0000 Subject: r2576: Some userspace tools for getting and setting ntacls via the 'security.ntacl' extended attribute. (This used to be commit 5b88226f9002711baac73e66d04ecf92b7765809) --- source4/utils/setntacl.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 source4/utils/setntacl.c (limited to 'source4/utils/setntacl.c') diff --git a/source4/utils/setntacl.c b/source4/utils/setntacl.c new file mode 100644 index 0000000000..492c3ba9fe --- /dev/null +++ b/source4/utils/setntacl.c @@ -0,0 +1,105 @@ +/* + Unix SMB/CIFS implementation. + + Set NT ACLs on UNIX files. + + Copyright (C) Tim Potter 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include + +static void setntacl(char *filename, struct security_descriptor *sd) +{ + NTSTATUS status; + struct ndr_push *ndr; + ssize_t result; + + ndr = ndr_push_init(); + + status = ndr_push_security_descriptor( + ndr, NDR_SCALARS|NDR_BUFFERS, sd); + + result = setxattr( + filename, "security.ntacl", ndr->data, ndr->offset, 0); + + if (result == -1) { + fprintf(stderr, "%s: %s\n", filename, strerror(errno)); + exit(1); + } + +} + + int main(int argc, char **argv) +{ + char line[255]; + struct security_descriptor *sd; + TALLOC_CTX *mem_ctx; + struct security_acl *acl; + + setup_logging("setntacl", DEBUG_STDOUT); + + mem_ctx = talloc_init("setntacl"); + + sd = sd_initialise(mem_ctx); + + fgets(line, sizeof(line), stdin); + sd->owner_sid = dom_sid_parse_talloc(mem_ctx, line); + + fgets(line, sizeof(line), stdin); + sd->group_sid = dom_sid_parse_talloc(mem_ctx, line); + + acl = talloc(mem_ctx, sizeof(struct security_acl)); + + acl->revision = 2; + acl->size = 0; + acl->num_aces = 0; + acl->aces = NULL; + + while(fgets(line, sizeof(line), stdin)) { + int ace_type, ace_flags; + uint32 ace_mask; + char sidstr[255]; + struct dom_sid *sid; + + if (sscanf(line, "%d %d 0x%x %s", &ace_type, &ace_flags, + &ace_mask, sidstr) != 4) { + fprintf(stderr, "invalid ACL line\ndr"); + return 1; + } + + acl->aces = talloc_realloc( + acl->aces, + (acl->num_aces + 1) * sizeof(struct security_ace)); + + acl->aces[acl->num_aces].type = ace_type; + acl->aces[acl->num_aces].flags = ace_flags; + acl->aces[acl->num_aces].access_mask = ace_mask; + + sid = dom_sid_parse_talloc(mem_ctx, sidstr); + + acl->aces[acl->num_aces].trustee = *sid; + + acl->num_aces++; + } + + sd->dacl = acl; + + setntacl(argv[1], sd); + + return 0; +} -- cgit