From 980d09f40635f74a994fd1a7df20a9a86ec50d58 Mon Sep 17 00:00:00 2001 From: midipix Date: Nov 07 2022 00:06:56 +0000 Subject: ntux_cmd_chmod(): added --refobj support. --- diff --git a/include/ntux/ntux.h b/include/ntux/ntux.h index 1a6cdea..6b00476 100644 --- a/include/ntux/ntux.h +++ b/include/ntux/ntux.h @@ -62,6 +62,8 @@ enum ntux_custom_error { NTUX_ERR_FLEE_ERROR, NTUX_ERR_LDSO_INIT, NTUX_ERR_NOT_IMPLEMENTED, + NTUX_ERR_CONFLICTING_ARGUMENTS, + NTUX_ERR_NON_POSIX_DESCRIPTOR, }; enum ntux_cmd { diff --git a/src/cmds/ntux_cmd_chmod.c b/src/cmds/ntux_cmd_chmod.c index a0fec1d..ab06dab 100644 --- a/src/cmds/ntux_cmd_chmod.c +++ b/src/cmds/ntux_cmd_chmod.c @@ -86,6 +86,7 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) int optmode; const char * strmode; const char * chmode; + const unsigned char * refobj; const unsigned char * unit; char * ch; struct ntux_sd_buffer sdbuf; @@ -115,8 +116,10 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) int exacecount; int idx; int fd = -1; + int reffd = -1; int cntfd = -1; struct __ofd * ofd = 0; + struct __ofd * refofd = 0; struct __ofd * cntofd = 0; void * cntbuf = 0; void * hasync = 0; @@ -195,6 +198,15 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) } } + /* conflicting arguments? */ + if (finherit && dctx->cctx->refobj) + return ntux_cmd_chmod_ret( + 0,0,0, + NTUX_CUSTOM_ERROR( + dctx, + NTUX_ERR_CONFLICTING_ARGUMENTS)); + + /* initial --owner and --group support: Administrators, SYSTEM */ owner = 0; group = 0; @@ -242,6 +254,7 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) dctx, NTUX_ERR_FLOW_ERROR)); + /* hasync */ sec_mask = NT_SEC_READ_CONTROL; sec_mask |= NT_SEC_WRITE_DAC; @@ -259,21 +272,86 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) fd,ofd,0, NTUX_SYSTEM_ERROR(dctx)); + /* refofd */ + if ((refobj = (const unsigned char *)dctx->cctx->refobj)) { + ntux_driver_set_ectx( + dctx,0,dctx->cctx->refobj); + + if ((ret = __sys_openat(fdcwd,refobj,0,0)) < 0) + if (ntux_errno_set(dctx,ret)) + return ntux_cmd_chmod_ret( + 0,0,0, + NTUX_SYSTEM_ERROR(dctx)); + + reffd = ret; + + if (!(refofd = __xfi_ofd_ref_inc(reffd))) { + __sys_close(reffd); + + return ntux_cmd_chmod_ret( + fd,0,0, + NTUX_CUSTOM_ERROR( + dctx, + NTUX_ERR_FLOW_ERROR)); + } + + ntux_driver_set_ectx( + dctx,0,dunit); + } + /* srcsd */ - if ((status = __xfi_query_security_object( - hasync, - NT_OWNER_SECURITY_INFORMATION - | NT_GROUP_SECURITY_INFORMATION - | NT_DACL_SECURITY_INFORMATION, - &srcsd.sd.sd,sizeof(srcsd),&size))) + status = __xfi_query_security_object( + refobj ? refofd->info.hfile : hasync, + NT_OWNER_SECURITY_INFORMATION + | NT_GROUP_SECURITY_INFORMATION + | NT_DACL_SECURITY_INFORMATION, + &srcsd.sd.sd,sizeof(srcsd),&size); + + if (refofd) { + __xfi_ofd_ref_dec(refofd); + __sys_close(reffd); + } + + if (status) if (ntux_errno_set(dctx,ENXIO)) return ntux_cmd_chmod_ret( fd,ofd,hasync, NTUX_SYSTEM_ERROR(dctx)); - if ((status = __xfi_acl_init_common_descriptor_meta( - &meta,&srcsd.sd.sd, - NT_ACL_INIT_COMMON_DESCRIPTION_META_STRICT_MODE))) + status = __xfi_acl_init_common_descriptor_meta( + &meta,&srcsd.sd.sd, + NT_ACL_INIT_COMMON_DESCRIPTION_META_STRICT_MODE); + + /* sd copy based on a non-posix object? */ + if (status && refobj) { + ntux_driver_set_ectx( + dctx,0,dctx->cctx->refobj); + + if (dctx->cctx->strmode + || dctx->cctx->owner + || dctx->cctx->group) + return ntux_cmd_chmod_ret( + 0,0,0, + NTUX_CUSTOM_ERROR( + dctx, + NTUX_ERR_NON_POSIX_DESCRIPTOR)); + + ntux_driver_set_ectx( + dctx,0,dunit); + + sec_mask = NT_DACL_SECURITY_INFORMATION; + + if ((status = __xfi_set_security_object( + hasync,sec_mask,&srcsd.sd.sd))) + if (ntux_errno_set(dctx,EPERM)) + return ntux_cmd_chmod_ret( + fd,ofd,hasync, + NTUX_SYSTEM_ERROR(dctx)); + + return ntux_cmd_chmod_ret(fd,ofd,hasync,0); + } + + if (status) if (ntux_errno_set(dctx,EBADF)) return ntux_cmd_chmod_ret( fd,ofd,hasync, diff --git a/src/output/ntux_output_error.c b/src/output/ntux_output_error.c index b1a3a96..3324a71 100644 --- a/src/output/ntux_output_error.c +++ b/src/output/ntux_output_error.c @@ -46,6 +46,22 @@ static const char * ntux_output_unit_header(const struct ntux_error_info * erri) return "while querying"; } +static const char * ntux_output_chmod_strerror( + const struct ntux_driver_ctx * dctx, + const struct ntux_error_info * erri) +{ + (void)dctx; + + if (erri->elibcode == NTUX_ERR_CONFLICTING_ARGUMENTS) + return "chmod conflicting arguments: +P cannot be used together with --refobj"; + + else if (erri->elibcode == NTUX_ERR_NON_POSIX_DESCRIPTOR) + return "chmod: cannot amend a referenced non-posix security descriptor"; + + else + return "ntux_output_chmod_strerror(): unhandled custom error"; +} + static const char * ntux_output_strerror( const struct ntux_driver_ctx * dctx, const struct ntux_error_info * erri) @@ -61,6 +77,12 @@ static const char * ntux_output_strerror( if ((erri->eflags & NTUX_ERROR_CUSTOM) && (erri->elibcode == NTUX_ERR_NOT_IMPLEMENTED)) return "status: support for one or more option values is not yet implemented"; + else if ((erri->eflags & NTUX_ERROR_CUSTOM) && (erri->elibcode == NTUX_ERR_CONFLICTING_ARGUMENTS)) + return ntux_output_chmod_strerror(dctx,erri); + + else if ((erri->eflags & NTUX_ERROR_CUSTOM) && (erri->elibcode == NTUX_ERR_NON_POSIX_DESCRIPTOR)) + return ntux_output_chmod_strerror(dctx,erri); + else if (erri->eflags & NTUX_ERROR_CUSTOM) return "flow error: unexpected condition or other";