| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Extend getcifsacl/setcifsacl utilities to handle System ACLs (SACLs)
in addition to Discretionary ACLs (DACLs). The SACL extensions depend
on CIFS client support for system.cifs_ntsd_full extended attribute.
Signed-off-by: Boris Protopopov <pboris@amazon.com>
|
|
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
|
|
Add support for -R option so we can list the ACLs of all files and
directories recursively.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
|
|
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
|
|
Accept more than one path on the getcifsacl command line.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
|
|
Call getcifsacl_usage only for -h and default case.
For others error out with appropriate message.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
|
|
Add more to the error message by printing the filename and error.
Signed-off-by: Kenneth D'souza <kdsouza@redhat.com>
Reviewed-by: Steve French <stfrench@microsoft.com>
|
|
Coverity says:
Error: DEADCODE (CWE-561): [#def5]
cifs-utils-6.2/getcifsacl.c:101: assignment: Assigning: "mflags" = "false".
cifs-utils-6.2/getcifsacl.c:109: const: At condition "mflags", the value of "mflags" must be equal to 0.
cifs-utils-6.2/getcifsacl.c:109: dead_error_condition: The condition "mflags" cannot be true.
cifs-utils-6.2/getcifsacl.c:110: dead_error_line: Execution cannot reach this statement "printf("|");".
Acked-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
A Coverity scan turned up this warning:
1. cifs-utils-6.2/setcifsacl.c:578:result_independent_of_operands – "(x & 0xff0000000000ULL) >> 48" is 0 regardless of the values of its operands. This occurs as the operand of assignment.
...which is entirely true. That shift should be 40 bits, not 48. Also
fix a similar bug in getcifsacl.c.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Currently, the ACL-related tools in cifs-utils call into the wbclient
libs directly in order to do their bidding. The wbclient developers want
to get away from needing to configure winbind on the clients and instead
allow sssd to handle the mapping in most cases.
This patch represents an initial step in that direction. It adds a
plugin architecture for cifs-utils, adds wrappers around the calls into
libwbclient that find an idmap plugin library to use and then has it
call into that plugin to do the actual ID mapping.
The application will call into a set of routines that find the correct
plugin and dlopen() it. Currently the plugin is located in a well-known
location that is settable via autoconf. That location is intended to be
a symlink that points to the real plugin (generally under $pkglibdir).
The plugin will export a number of functions with well-known names. The
wrappers find those by using dlsym() and then call them.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
getcifsacl doesn't log to syslog, so there's no need to open a channel
to it. Also, remove the unneeded "prog" global variable since only
the usage() function needs it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
If we get a SID that contains more than 15 subauthorities, we'll end up
overrunning the struct wbcDomainSid. Just ignore any past 15.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
While they are very similar, the cifs_sid is "packed" and the
wbcDomainSid isn't. There are also aliasing problems with gcc in
some cases. Instead of trying to cast and fix endianness in place,
make a separate copy instead.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
They need endianness conversion too...
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
getcifsacl must convert the access_req field from little endian. Also,
we should ensure that the "size" field in the ACE is reachable before
trying to access it.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
The current routine prints multiple authority values as different
numbers instead of combining them, which is wrong.
Print the SID according to the rules in MS-DTYP.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Use our own cifs_sid instead and cast it to a wbcDomainSid before
handing it off to winbind.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
winbind expects SIDs to be expressed in host-endian. Convert them
from little-endian before asking winbind to convert them to names.
Also use the WBC_ERROR_IS_OK() macro to check the return code.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
This saves a tiny bit of memory, and doesn't make the program assume
that the binary is named something in particular.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
When I moved the manpages for this to section 1, I missed some references
to them. Also, get rid of the unneeded clean-local-aclprogs makefile target.
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
Parse the blob that contains a security descriptor obtained by
calling getxattr API using attribute system.cifs_acl .
Start parsing and printing security descriptor including
the a DACL within the security descriptor, printing each ACE of
the DACL by printing SID, type, flags, and mask.
Winbind apis are used to translate raw SID to a name.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
