[PATCH] s4: utils recreate setntacl and improve setntacl

Matthieu Patou mat at matws.net
Sat Oct 24 05:34:31 MDT 2009


  setntacl is able to set NTACL attribute from command line
  getntacl now use getopt for parsing command line option and is also able to
  dump the acl in the SDDL format.
---
 source4/utils/config.mk  |   18 +++++--
 source4/utils/getntacl.c |   58 ++++++++++++++++----
 source4/utils/setntacl.c |  136 +++++++++++++++++++++++++++++++++++++++-------
 3 files changed, 176 insertions(+), 36 deletions(-)

diff --git a/source4/utils/config.mk b/source4/utils/config.mk
index 5fa7e20..25d8e91 100644
--- a/source4/utils/config.mk
+++ b/source4/utils/config.mk
@@ -30,6 +30,7 @@ INSTALLDIR = BINDIR
 PRIVATE_DEPENDENCIES = \
 		LIBSAMBA-HOSTCONFIG \
 		LIBSAMBA-UTIL \
+		POPT_SAMBA \
 		NDR_XATTR \
 		WRAP_XATTR \
 		LIBSAMBA-ERRORS
@@ -44,12 +45,19 @@ MANPAGES += $(utilssrcdir)/man/getntacl.1
 #################################
 # Start BINARY setntacl
 [BINARY::setntacl]
-# disabled until rewritten
-#INSTALLDIR = BINDIR
-# End BINARY setntacl
-#################################
+INSTALLDIR = BINDIR
+PRIVATE_DEPENDENCIES = \
+		LIBSAMBA-HOSTCONFIG \
+		LIBSAMBA-UTIL \
+		POPT_SAMBA \
+		NDR_XATTR \
+		WRAP_XATTR \
+		LIBSAMBA-ERRORS
 
-setntacl_OBJ_FILES = $(utilssrcdir)/setntacl.o
+setntacl_OBJ_FILES =  $(utilssrcdir)/setntacl.o
+
+# End BINARY getntacl
+#################################
 
 #################################
 # Start BINARY setnttoken
diff --git a/source4/utils/getntacl.c b/source4/utils/getntacl.c
index f26c87b..f75920c 100644
--- a/source4/utils/getntacl.c
+++ b/source4/utils/getntacl.c
@@ -20,10 +20,13 @@
 */
 
 #include "includes.h"
+#include "libcli/security/security.h"
 #include "system/filesys.h"
 #include "librpc/gen_ndr/ndr_xattr.h"
-#include "../lib/util/wrap_xattr.h"
+#include "lib/cmdline/popt_common.h"
 #include "param/param.h"
+#include "param/loadparm.h"
+
 
 static void ntacl_print_debug_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
 
@@ -82,6 +85,13 @@ static NTSTATUS get_ntacl(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }
 
+static void print_ntacl_sddl(TALLOC_CTX *mem_ctx,
+			struct xattr_NTACL *ntacl)
+{
+	const char *sddl;
+	sddl = sddl_encode(mem_ctx,ntacl->info.sd,NULL);
+	printf("%s\n",sddl);
+}
 static void print_ntacl(TALLOC_CTX *mem_ctx,
 			const char *fname,
 			struct xattr_NTACL *ntacl)
@@ -96,24 +106,52 @@ static void print_ntacl(TALLOC_CTX *mem_ctx,
 	talloc_free(pr);
 }
 
-int main(int argc, char *argv[])
+int main(int argc, const char *argv[])
 {
-	NTSTATUS status;
+	int ret = 0;
+ 	NTSTATUS status;
 	struct xattr_NTACL *ntacl;
 	ssize_t ntacl_len;
-
-	if (argc != 2) {
-		fprintf(stderr, "Usage: getntacl FILENAME\n");
-		return 1;
+	int print_as_sddl = 0;
+	char *readfile = NULL;
+	poptContext pc;
+	struct loadparm_context *lp_ctx;
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		{"as-sddl", '\0', POPT_ARG_NONE, &print_as_sddl, true, "Print NT ACL as SDDL"},
+		POPT_COMMON_SAMBA
+		POPT_COMMON_VERSION
+		{ NULL }
+	};
+
+	setup_logging(NULL, DEBUG_STDERR);
+
+	pc = poptGetContext(NULL, argc, argv, long_options, 
+			    POPT_CONTEXT_KEEP_FIRST);
+	poptSetOtherOptionHelp(pc, "[OPTION(S)...] file");
+
+	while(poptGetNextOpt(pc) != -1);
+	// Skip programe name
+	poptGetArg(pc); 
+	if(poptPeekArg(pc)) {
+		readfile = strdup(poptGetArg(pc)); 
 	}
 
-	status = get_ntacl(NULL, argv[1], &ntacl, &ntacl_len);
+
+	lp_ctx = cmdline_lp_ctx;
+
+	status = get_ntacl(NULL, readfile, &ntacl, &ntacl_len);
+	
 	if (!NT_STATUS_IS_OK(status)) {
 		fprintf(stderr, "get_ntacl failed: %s\n", nt_errstr(status));
 		return 1;
 	}
-
-	print_ntacl(ntacl, argv[1], ntacl);
+	
+	if( print_as_sddl ) {
+		print_ntacl_sddl(ntacl,  ntacl);
+	} else {
+		print_ntacl(ntacl, readfile, ntacl);
+	}
 
 	talloc_free(ntacl);
 
diff --git a/source4/utils/setntacl.c b/source4/utils/setntacl.c
index 3a008a4..4db608c 100644
--- a/source4/utils/setntacl.c
+++ b/source4/utils/setntacl.c
@@ -1,28 +1,122 @@
 /* 
-   Unix SMB/CIFS implementation.
-
-   Set NT ACLs on UNIX files.
-
-   Copyright (C) Tim Potter <tpot at samba.org> 2004
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+	 Unix SMB/CIFS implementation.
+
+	 Get NT ACLs from UNIX files.
+
+	 Copyright (C) Tim Potter <tpot at samba.org> 2005
+	 
+	 This program is free software; you can redistribute it and/or modify
+	 it under the terms of the GNU General Public License as published by
+	 the Free Software Foundation; either version 3 of the License, or
+	 (at your option) any later version.
+	 
+	 This program is distributed in the hope that it will be useful,
+	 but WITHOUT ANY WARRANTY; without even the implied warranty of
+	 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the
+	 GNU General Public License for more details.
+	 
+	 You should have received a copy of the GNU General Public License
+	 along with this program.	If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_xattr.h"
+#include "param/param.h"
+#include "lib/cmdline/popt_common.h"
+#include "param/param.h"
+#include "param/loadparm.h"
+
+static NTSTATUS build_acl(TALLOC_CTX *mem_ctx, char* acls,  struct xattr_NTACL **ntacl)
+{
+	struct xattr_NTACL *acl = talloc(mem_ctx, struct xattr_NTACL);
+	struct security_descriptor *sd;
+	NTSTATUS status;
+	sd = sddl_decode(mem_ctx,acls,NULL);
+	if( !sd ) 
+	{
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	acl->version = 1;
+	acl->info.sd = sd;
+	
+	*ntacl = acl;
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS set_ntacl(TALLOC_CTX *mem_ctx,
+				char *filename,
+				void *ntacl)
+{
+	enum ndr_err_code ndr_err;
+	int ret;
+	DATA_BLOB blob;
+
+	ndr_err = ndr_push_struct_blob(&blob, mem_ctx, lp_iconv_convenience(NULL), ntacl ,(ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+	ret = wrap_setxattr(filename, XATTR_NTACL_NAME, blob.data,blob.length, 0);
+
+	if (ret !=	0) {
+		fprintf(stderr, "set_ntacl: %s\n", strerror(errno));
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+	return NT_STATUS_OK;
+}
 
-int main(int argc, char **argv)
+int main(int argc, const char *argv[])
 {
-	printf("This utility disabled until rewritten\n");
-	return 1;
+	NTSTATUS status;
+	char *acl = NULL;
+	char *writtenfile = NULL;
+	struct xattr_NTACL *ntacl;
+	poptContext pc;
+	struct loadparm_context *lp_ctx;
+	struct poptOption long_options[] = {
+		POPT_AUTOHELP
+		POPT_COMMON_SAMBA
+		POPT_COMMON_VERSION
+		{ NULL }
+	};
+
+	setup_logging(NULL, DEBUG_STDERR);
+
+	pc = poptGetContext(NULL, argc, argv, long_options, 
+			    POPT_CONTEXT_KEEP_FIRST);
+	poptSetOtherOptionHelp(pc, "[OPTION(S)...] acl file\nacl must be in SDDL format check documentation for more information");
+
+	while(poptGetNextOpt(pc) != -1);
+	// Skip program name
+	poptGetArg(pc);
+	if(poptPeekArg(pc)) {
+		acl = strdup(poptGetArg(pc)); 
+	}
+
+	if(poptPeekArg(pc)) {
+		writtenfile = strdup(poptGetArg(pc)); 
+	}
+
+	if ( !acl || !writtenfile ) {
+	  fprintf(stderr,"ACL and/or file to be written are missing !\nThese parameters are mandatory\n");
+	  exit(1);
+	}
+
+	lp_ctx = cmdline_lp_ctx;
+
+	status = build_acl(NULL, acl, &ntacl);
+	if (!NT_STATUS_IS_OK(status)) {
+		fprintf(stderr, "build_acl failed: %s\n", nt_errstr(status));
+		return 1;
+	}
+	status = set_ntacl(NULL, writtenfile, ntacl);
+	if (!NT_STATUS_IS_OK(status)) {
+		fprintf(stderr, "set_ntacl failed: %s\n", nt_errstr(status));
+		return 1;
+	}
+
+	talloc_free(ntacl);
+
+	return 0;
 }
-- 
1.6.0.4


--------------020004030705000601050707
Content-Type: text/x-patch;
 name="0002-s4-regroup-gpo-modification-in-one-function-set-ac.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename*0="0002-s4-regroup-gpo-modification-in-one-function-set-ac.patc";
 filename*1="h"



More information about the samba-technical mailing list