diff options
author | Matthew McGillis <matthew@mcgillis.org> | 2010-05-05 22:26:15 -0700 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2010-05-17 10:21:50 +0200 |
commit | 4fee40e2c0700d563386cfab686c0e6e3cb3e8f2 (patch) | |
tree | 3ae23cb6b712269716d32157c60ededb20927a6b /source3/utils | |
parent | 2cc612cb6bb72e5dc52d12783aee04d2ef102198 (diff) | |
download | samba-4fee40e2c0700d563386cfab686c0e6e3cb3e8f2.tar.gz samba-4fee40e2c0700d563386cfab686c0e6e3cb3e8f2.tar.xz samba-4fee40e2c0700d563386cfab686c0e6e3cb3e8f2.zip |
Consolidate all set SEC_DESC into single procedure set_secdesc
Diffstat (limited to 'source3/utils')
-rw-r--r-- | source3/utils/smbcacls.c | 57 |
1 files changed, 32 insertions, 25 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 7db1f17b228..621105eaee9 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -689,6 +689,36 @@ static SEC_DESC *get_secdesc(struct cli_state *cli, const char *filename) } /***************************************************** +set sec desc for filename +*******************************************************/ +static bool set_secdesc(struct cli_state *cli, const char *filename, + SEC_DESC *sd) +{ + uint16_t fnum = (uint16_t)-1; + bool result=true; + + /* The desired access below is the only one I could find that works + with NT4, W2KP and Samba */ + + if (!NT_STATUS_IS_OK(cli_ntcreate(cli, filename, 0, + WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS, + 0, FILE_SHARE_READ|FILE_SHARE_WRITE, + FILE_OPEN, 0x0, 0x0, &fnum))) { + printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); + return false; + } + + if (!cli_set_secdesc(cli, fnum, sd)) { + printf("ERROR: security description set failed: %s\n", + cli_errstr(cli)); + result=false; + } + + cli_close(cli, fnum); + return result; +} + +/***************************************************** dump the acls for a file *******************************************************/ static int cacl_dump(struct cli_state *cli, const char *filename) @@ -722,7 +752,6 @@ because the NT docs say this can't be done :-). JRA. static int owner_set(struct cli_state *cli, enum chown_mode change_mode, const char *filename, const char *new_username) { - uint16_t fnum; DOM_SID sid; SEC_DESC *sd, *old; size_t sd_size; @@ -741,20 +770,10 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode, (change_mode == REQUEST_CHGRP) ? &sid : NULL, NULL, NULL, &sd_size); - if (!NT_STATUS_IS_OK(cli_ntcreate(cli, filename, 0, WRITE_OWNER_ACCESS, 0, - FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) { - printf("Failed to open %s: %s\n", filename, cli_errstr(cli)); + if (!set_secdesc(cli, filename, sd)) { return EXIT_FAILED; } - if (!cli_set_secdesc(cli, fnum, sd)) { - printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli)); - cli_close(cli, fnum); - return EXIT_FAILED; - } - - cli_close(cli, fnum); - return EXIT_OK; } @@ -827,7 +846,6 @@ set the ACLs on a file given an ascii description static int cacl_set(struct cli_state *cli, const char *filename, char *the_acl, enum acl_mode mode) { - uint16_t fnum; SEC_DESC *sd, *old; uint32 i, j; size_t sd_size; @@ -933,21 +951,10 @@ static int cacl_set(struct cli_state *cli, const char *filename, old->owner_sid, old->group_sid, NULL, old->dacl, &sd_size); - if (!NT_STATUS_IS_OK(cli_ntcreate(cli, filename, 0, WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS, 0, - FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x0, 0x0, &fnum))) { - printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli)); - return EXIT_FAILED; - } - - if (!cli_set_secdesc(cli, fnum, sd)) { - printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli)); + if (!set_secdesc(cli, filename, sd)) { result = EXIT_FAILED; } - /* Clean up */ - - cli_close(cli, fnum); - return result; } |