summaryrefslogtreecommitdiff
path: root/source4/utils/setntacl.c
blob: 0535c3037ebc126bf47d907193cf435758375ee4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/* 
   Unix SMB/CIFS implementation.

   Set NT ACLs on UNIX files.

   Copyright (C) Tim Potter <tpot@samba.org> 2004
   
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#include "includes.h"
#include "system/filesys.h"

#if (defined(HAVE_NO_ACLS) || !defined(HAVE_XATTR_SUPPORT))

int main(int argc, char **argv)
{
	printf("ACL support not compiled in.");
	return 1;
}

#else

static void setntacl(char *filename, struct security_descriptor *sd)
{
	NTSTATUS status;
	struct ndr_push *ndr;
	ssize_t result;

	ndr = ndr_push_init();

	status = ndr_push_security_descriptor(
		ndr, NDR_SCALARS|NDR_BUFFERS, sd);

	result = setxattr(
		filename, "security.ntacl", ndr->data, ndr->offset, 0);

	if (result == -1) {
		fprintf(stderr, "%s: %s\n", filename, strerror(errno));
		exit(1);
	}

}

 int main(int argc, char **argv)
{
	char line[255];
	struct security_descriptor *sd;
	TALLOC_CTX *mem_ctx;
	struct security_acl *acl;

	static_init_ntacl;

	setup_logging("setntacl", DEBUG_STDOUT);

	mem_ctx = talloc_init("setntacl");

	sd = sd_initialise(mem_ctx);

	fgets(line, sizeof(line), stdin);
	sd->owner_sid = dom_sid_parse_talloc(mem_ctx, line);

	fgets(line, sizeof(line), stdin);
	sd->group_sid = dom_sid_parse_talloc(mem_ctx, line);

	acl = talloc_p(mem_ctx, struct security_acl);

	acl->revision = 2;
	acl->size = 0;
	acl->num_aces = 0;
	acl->aces = NULL;

	while(fgets(line, sizeof(line), stdin)) {
		int ace_type, ace_flags;
		uint32 ace_mask;
		char sidstr[255];
		struct dom_sid *sid;
		
		if (sscanf(line, "%d %d 0x%x %s", &ace_type, &ace_flags,
			   &ace_mask, sidstr) != 4) {
			fprintf(stderr, "invalid ACL line\ndr");
			return 1;
		}
		
		acl->aces = talloc_realloc(mem_ctx, acl->aces,
				(acl->num_aces + 1) * sizeof(struct security_ace));

		acl->aces[acl->num_aces].type = ace_type;
		acl->aces[acl->num_aces].flags = ace_flags;
		acl->aces[acl->num_aces].access_mask = ace_mask;

		sid = dom_sid_parse_talloc(mem_ctx, sidstr);

		acl->aces[acl->num_aces].trustee = *sid;

		acl->num_aces++;		
	}

	sd->dacl = acl;

	setntacl(argv[1], sd);

	return 0;
}

#endif /* HAVE_NO_ACLS */