diff --git a/include/ntux/ntux.h b/include/ntux/ntux.h index 3e9782e..817b5c8 100644 --- a/include/ntux/ntux.h +++ b/include/ntux/ntux.h @@ -54,6 +54,7 @@ enum ntux_custom_error { NTUX_ERR_FLOW_ERROR, NTUX_ERR_FLEE_ERROR, NTUX_ERR_LDSO_INIT, + NTUX_ERR_NOT_IMPLEMENTED, }; enum ntux_cmd { diff --git a/src/cmds/ntux_cmd_chmod.c b/src/cmds/ntux_cmd_chmod.c index 416d756..b90acfe 100644 --- a/src/cmds/ntux_cmd_chmod.c +++ b/src/cmds/ntux_cmd_chmod.c @@ -14,6 +14,7 @@ #include #include +#include #include #include @@ -22,6 +23,12 @@ #include "ntux_nolibc_impl.h" #include "ntux_errinfo_impl.h" +#define __SID_SYSTEM {1,1,{{0,0,0,0,0,5}},{18}} +#define __SID_ADMINISTRATORS {1,2,{{0,0,0,0,0,5}},{32,544}} + +static const nt_sid sid_system = __SID_SYSTEM; +static const nt_sid_os sid_admins = __SID_ADMINISTRATORS; + static int ntux_cmd_chmod_ret(int fd, struct __ofd * ofd, void * hasync, int ret) { if (hasync) @@ -36,6 +43,18 @@ static int ntux_cmd_chmod_ret(int fd, struct __ofd * ofd, void * hasync, int ret return ret; } +static nt_sid * ntux_cmd_chmod_sid_from_name(const char * name) +{ + if (!strcmp(name,"Administrators")) + return (nt_sid *)&sid_admins; + + else if (!strcmp(name,"SYSTEM")) + return (nt_sid *)&sid_system; + + else + return 0; +} + int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) { intptr_t ret; @@ -46,11 +65,14 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) nt_sd * srcsd; nt_sd_common_buffer dstsd; nt_sd_common_meta meta; + nt_sid * owner; + nt_sid * group; uint32_t access_owner; uint32_t access_group; uint32_t access_other; uint32_t access_admin; uint32_t ace_flags; + uint32_t sec_mask; size_t size; int fd = -1; struct __ofd * ofd = 0; @@ -74,6 +96,26 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) dctx, NTUX_ERR_FLEE_ERROR)); + /* initial --owner and --group support: Administrators, SYSTEM */ + owner = 0; + group = 0; + + if (dctx->cctx->owner) + if (!(owner = ntux_cmd_chmod_sid_from_name(dctx->cctx->owner))) + return ntux_cmd_chmod_ret( + 0,0,0, + NTUX_CUSTOM_ERROR( + dctx, + NTUX_ERR_NOT_IMPLEMENTED)); + + if (dctx->cctx->group) + if (!(group = ntux_cmd_chmod_sid_from_name(dctx->cctx->group))) + return ntux_cmd_chmod_ret( + 0,0,0, + NTUX_CUSTOM_ERROR( + dctx, + NTUX_ERR_NOT_IMPLEMENTED)); + /* init */ ntux_driver_set_ectx( dctx,0,dunit); @@ -102,11 +144,14 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) NTUX_ERR_FLOW_ERROR)); /* hasync */ + sec_mask = NT_SEC_READ_CONTROL; + sec_mask |= NT_SEC_WRITE_DAC; + sec_mask |= owner ? NT_SEC_WRITE_OWNER : 0; + if ((status = __xfi_fs_open_async( &hasync, ofd->info.hfile,0, - NT_SEC_READ_CONTROL - | NT_SEC_WRITE_DAC, + sec_mask, NT_FILE_SHARE_READ | NT_FILE_SHARE_WRITE | NT_FILE_SHARE_DELETE))) @@ -151,15 +196,18 @@ int ntux_cmd_chmod(const struct ntux_driver_ctx * dctx, const char * dunit) /* updated dacl */ __xfi_acl_init_common_descriptor( &dstsd, - meta.owner,meta.group,0,0, + owner ? owner : meta.owner, + group ? group : meta.group, + 0,0, access_owner,access_group,access_other, access_admin,meta.system_acc, ace_flags); + sec_mask = NT_DACL_SECURITY_INFORMATION; + sec_mask |= owner ? NT_OWNER_SECURITY_INFORMATION : 0; + if ((status = __xfi_set_security_object( - hasync, - NT_DACL_SECURITY_INFORMATION, - &dstsd.sd))) + hasync,sec_mask,&dstsd.sd))) return ntux_cmd_chmod_ret( fd,ofd,hasync, NTUX_SYSTEM_ERROR(dctx)); diff --git a/src/output/ntux_output_error.c b/src/output/ntux_output_error.c index b500eb5..be58ba1 100644 --- a/src/output/ntux_output_error.c +++ b/src/output/ntux_output_error.c @@ -58,7 +58,10 @@ static const char * ntux_output_strerror( return ictx->errsbuf; } - if (erri->eflags & NTUX_ERROR_CUSTOM) + if ((erri->eflags & NTUX_ERROR_CUSTOM) && (erri->elibcode == NTUX_ERR_NOT_IMPLEMENTED)) + return "status: support for one or more option values is not yet implemented"; + + else if (erri->eflags & NTUX_ERROR_CUSTOM) return "flow error: unexpected condition or other"; else if (erri->eflags & NTUX_ERROR_NESTED)