PROTECTED_DACL_SECURITY_INFORMATION)
/* SEC_ACCESS */
-typedef struct security_info_info
-{
- uint32 mask;
-
-} SEC_ACCESS;
+typedef uint32 SEC_ACCESS;
/* SEC_ACE */
-typedef struct security_ace_info
-{
- uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
- uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
- uint16 size;
-
- SEC_ACCESS info;
-
- /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
- uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
- struct GUID obj_guid; /* object GUID */
- struct GUID inh_guid; /* inherited object GUID */
- /* eof object stuff */
-
- DOM_SID trustee;
-
-} SEC_ACE;
+typedef struct security_ace SEC_ACE;
#define SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32))
#ifndef ACL_REVISION
#ifndef _SEC_ACL
/* SEC_ACL */
-typedef struct security_acl_info
-{
- uint16 revision; /* 0x0003 */
- uint16 size; /* size in bytes of the entire ACL structure */
- uint32 num_aces; /* number of Access Control Entries */
-
- SEC_ACE *ace;
-
-} SEC_ACL;
+typedef struct security_acl SEC_ACL;
#define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16) + sizeof(uint32))
#define _SEC_ACL
#endif
#ifndef _SEC_DESC
/* SEC_DESC */
-typedef struct security_descriptor_info
-{
- uint16 revision; /* 0x0001 */
- uint16 type; /* SEC_DESC_xxxx flags */
-
- uint32 off_owner_sid; /* offset to owner sid */
- uint32 off_grp_sid ; /* offset to group sid */
- uint32 off_sacl ; /* offset to system list of permissions */
- uint32 off_dacl ; /* offset to list of permissions */
-
- SEC_ACL *dacl; /* user ACL */
- SEC_ACL *sacl; /* system ACL */
- DOM_SID *owner_sid;
- DOM_SID *grp_sid;
-
-} SEC_DESC;
+typedef struct security_descriptor SEC_DESC;
#define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32))
#define _SEC_DESC
#endif
#ifndef _SEC_DESC_BUF
/* SEC_DESC_BUF */
-typedef struct sec_desc_buf_info
-{
- uint32 max_len;
- uint32 ptr;
- uint32 len;
-
- SEC_DESC *sec;
-
-} SEC_DESC_BUF;
+typedef struct sec_desc_buf SEC_DESC_BUF;
#define _SEC_DESC_BUF
#endif
struct vfs_handle_struct;
struct connection_struct;
struct files_struct;
-struct security_descriptor_info;
+struct security_descriptor;
struct vfs_statvfs_struct;
/*
/* NT ACL operations. */
- size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor_info **ppdesc);
- size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor_info **ppdesc);
- BOOL (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor_info *psd);
- BOOL (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd);
+ size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc);
+ size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc);
+ BOOL (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor *psd);
+ BOOL (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd);
/* POSIX ACL operations. */
****************************************************************************/
void display_sec_access(SEC_ACCESS *info)
{
- printf("\t\tPermissions: 0x%x: %s\n", info->mask, get_sec_mask_str(info->mask));
+ printf("\t\tPermissions: 0x%x: %s\n", *info, get_sec_mask_str(*info));
}
/****************************************************************************
break;
}
printf(" (%d) flags: %d\n", ace->type, ace->flags);
- display_sec_access(&ace->info);
+ display_sec_access(&ace->access_mask);
sid_to_string(sid_str, &ace->trustee);
printf("\t\tSID: %s\n\n", sid_str);
}
if (sec_acl->size != 0 && sec_acl->num_aces != 0)
for (i = 0; i < sec_acl->num_aces; i++)
- display_sec_ace(&sec_acl->ace[i]);
+ display_sec_ace(&sec_acl->aces[i]);
}
printf("\tOwner SID:\t%s\n", sid_str);
}
- if (sec->grp_sid) {
- sid_to_string(sid_str, sec->grp_sid);
+ if (sec->group_sid) {
+ sid_to_string(sid_str, sec->group_sid);
printf("\tParent SID:\t%s\n", sid_str);
}
}
ace_dest->type = ace_src->type;
ace_dest->flags = ace_src->flags;
ace_dest->size = ace_src->size;
- ace_dest->info.mask = ace_src->info.mask;
- ace_dest->obj_flags = ace_src->obj_flags;
- memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct GUID));
- memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct GUID));
+ ace_dest->access_mask = ace_src->access_mask;
+ ace_dest->object = ace_src->object;
sid_copy(&ace_dest->trustee, &ace_src->trustee);
}
Sets up a SEC_ACE structure.
********************************************************************/
-void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag)
+void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, uint32 mask, uint8 flag)
{
t->type = type;
t->flags = flag;
t->size = sid_size(sid) + 8;
- t->info = mask;
+ t->access_mask = mask;
ZERO_STRUCTP(&t->trustee);
sid_copy(&t->trustee, sid);
(*pp_new)[i].type = 0;
(*pp_new)[i].flags = 0;
(*pp_new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid);
- (*pp_new)[i].info.mask = mask;
+ (*pp_new)[i].access_mask = mask;
sid_copy(&(*pp_new)[i].trustee, sid);
return NT_STATUS_OK;
}
for (i = 0; i < num; i ++) {
if (sid_compare(&ace[i].trustee, sid) == 0) {
- ace[i].info.mask = mask;
+ ace[i].access_mask = mask;
return NT_STATUS_OK;
}
}
/* Check top level stuff */
if (s1->type != s2->type || s1->flags != s2->flags ||
- s1->info.mask != s2->info.mask) {
+ s1->access_mask != s2->access_mask) {
return False;
}
positive number. */
if ((num_aces) &&
- ((dst->ace = TALLOC_ARRAY(ctx, SEC_ACE, num_aces))
+ ((dst->aces = TALLOC_ARRAY(ctx, SEC_ACE, num_aces))
== NULL)) {
return NULL;
}
for (i = 0; i < num_aces; i++) {
- dst->ace[i] = ace_list[i]; /* Structure copy. */
+ dst->aces[i] = ace_list[i]; /* Structure copy. */
dst->size += ace_list[i].size;
}
if(src == NULL)
return NULL;
- return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
+ return make_sec_acl(ctx, src->revision, src->num_aces, src->aces);
}
/*******************************************************************
BOOL found = False;
for (j = 0; j < s2->num_aces; j++) {
- if (sec_ace_equal(&s1->ace[i], &s2->ace[j])) {
+ if (sec_ace_equal(&s1->aces[i], &s2->aces[j])) {
found = True;
break;
}
if (psd->owner_sid != NULL)
offset += sid_size(psd->owner_sid);
- if (psd->grp_sid != NULL)
- offset += sid_size(psd->grp_sid);
+ if (psd->group_sid != NULL)
+ offset += sid_size(psd->group_sid);
if (psd->sacl != NULL)
offset += psd->sacl->size;
return False;
}
- if (!sid_equal(s1->grp_sid, s2->grp_sid)) {
+ if (!sid_equal(s1->group_sid, s2->group_sid)) {
fstring str1, str2;
- sid_to_string(str1, s1->grp_sid);
- sid_to_string(str2, s2->grp_sid);
+ sid_to_string(str1, s1->group_sid);
+ sid_to_string(str2, s2->group_sid);
DEBUG(10, ("sec_desc_equal(): group differs (%s != %s)\n",
str1, str2));
/* Copy over owner and group sids. There seems to be no flag for
this so just check the pointer values. */
- owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid :
- old_sdb->sec->owner_sid;
+ owner_sid = new_sdb->sd->owner_sid ? new_sdb->sd->owner_sid :
+ old_sdb->sd->owner_sid;
- group_sid = new_sdb->sec->grp_sid ? new_sdb->sec->grp_sid :
- old_sdb->sec->grp_sid;
+ group_sid = new_sdb->sd->group_sid ? new_sdb->sd->group_sid :
+ old_sdb->sd->group_sid;
- secdesc_type = new_sdb->sec->type;
+ secdesc_type = new_sdb->sd->type;
/* Ignore changes to the system ACL. This has the effect of making
changes through the security tab audit button not sticking.
/* Copy across discretionary ACL */
if (secdesc_type & SEC_DESC_DACL_PRESENT) {
- dacl = new_sdb->sec->dacl;
+ dacl = new_sdb->sd->dacl;
} else {
- dacl = old_sdb->sec->dacl;
+ dacl = old_sdb->sd->dacl;
}
/* Create new security descriptor from bits */
- psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type,
+ psd = make_sec_desc(ctx, new_sdb->sd->revision, secdesc_type,
owner_sid, group_sid, sacl, dacl, &secdesc_size);
return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd);
if (dacl)
dst->type |= SEC_DESC_DACL_PRESENT;
- dst->off_owner_sid = 0;
- dst->off_grp_sid = 0;
- dst->off_sacl = 0;
- dst->off_dacl = 0;
+ dst->owner_sid = NULL;
+ dst->group_sid = NULL;
+ dst->sacl = NULL;
+ dst->dacl = NULL;
if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
goto error_exit;
- if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
+ if(grp_sid && ((dst->group_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
goto error_exit;
if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
*/
if (dst->sacl != NULL) {
- dst->off_sacl = offset;
offset += dst->sacl->size;
}
if (dst->dacl != NULL) {
- dst->off_dacl = offset;
offset += dst->dacl->size;
}
if (dst->owner_sid != NULL) {
- dst->off_owner_sid = offset;
offset += sid_size(dst->owner_sid);
}
- if (dst->grp_sid != NULL) {
- dst->off_grp_sid = offset;
- offset += sid_size(dst->grp_sid);
+ if (dst->group_sid != NULL) {
+ offset += sid_size(dst->group_sid);
}
*sd_size = (size_t)offset;
return NULL;
return make_sec_desc( ctx, src->revision, src->type,
- src->owner_sid, src->grp_sid, src->sacl,
+ src->owner_sid, src->group_sid, src->sacl,
src->dacl, &dummy);
}
return NULL;
/* max buffer size (allocated size) */
- dst->max_len = (uint32)len;
- dst->len = (uint32)len;
+ dst->sd_size = (uint32)len;
- if(sec_desc && ((dst->sec = dup_sec_desc(ctx, sec_desc)) == NULL)) {
+ if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) {
return NULL;
}
- dst->ptr = 0x1;
-
return dst;
}
if(src == NULL)
return NULL;
- return make_sec_desc_buf( ctx, src->len, src->sec);
+ return make_sec_desc_buf( ctx, src->sd_size, src->sd);
}
/*******************************************************************
*sd_size = 0;
- status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask);
+ status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask);
if (!NT_STATUS_IS_OK(status))
return status;
return NT_STATUS_UNSUCCESSFUL;
if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
- psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
+ psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
return NT_STATUS_UNSUCCESSFUL;
*psd = sd;
if (!sd || !sid)
return NT_STATUS_INVALID_PARAMETER;
- status = sec_ace_mod_sid(sd->dacl->ace, sd->dacl->num_aces, sid, mask);
+ status = sec_ace_mod_sid(sd->dacl->aces, sd->dacl->num_aces, sid, mask);
if (!NT_STATUS_IS_OK(status))
return status;
*sd_size = 0;
- status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid);
+ status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid);
if (!NT_STATUS_IS_OK(status))
return status;
return NT_STATUS_UNSUCCESSFUL;
if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
- psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
+ psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
return NT_STATUS_UNSUCCESSFUL;
*psd = sd;
return NULL;
for (i = 0; i < the_acl->num_aces; i++) {
- SEC_ACE *ace = &the_acl->ace[i];
+ SEC_ACE *ace = &the_acl->aces[i];
SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx];
uint8 new_flags = 0;
BOOL inherit = False;
if (!inherit)
continue;
- init_sec_access(&new_ace->info, ace->info.mask);
+ init_sec_access(&new_ace->access_mask, ace->access_mask);
init_sec_ace(new_ace, &ace->trustee, ace->type,
- new_ace->info, new_flags);
+ new_ace->access_mask, new_flags);
sid_to_string(sid_str, &ace->trustee);
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n", sid_str,
- ace->type, ace->flags, ace->info.mask,
+ ace->type, ace->flags, ace->access_mask,
sid_str, new_ace->type, new_ace->flags,
- new_ace->info.mask));
+ new_ace->access_mask));
new_ace_list_ndx++;
}
sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
parent_ctr->owner_sid,
- parent_ctr->grp_sid,
+ parent_ctr->group_sid,
parent_ctr->sacl,
new_dacl, &size);
Sets up a SEC_ACCESS structure.
********************************************************************/
-void init_sec_access(SEC_ACCESS *t, uint32 mask)
+void init_sec_access(uint32 *t, uint32 mask)
{
- t->mask = mask;
+ *t = mask;
}
static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired,
NTSTATUS *status)
{
- uint32 mask = ace->info.mask;
+ uint32 mask = ace->access_mask;
/*
* Inherit only is ignored.
size_t i;
for ( i = 0 ; i < the_acl->num_aces; i++) {
- SEC_ACE *ace = &the_acl->ace[i];
- uint32 mask = ace->info.mask;
+ SEC_ACE *ace = &the_acl->aces[i];
+ uint32 mask = ace->access_mask;
if (!token_sid_in_ace( token, ace))
continue;
}
for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) {
- SEC_ACE *ace = &the_acl->ace[i];
+ SEC_ACE *ace = &the_acl->aces[i];
DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
(unsigned int)i, ace->type, ace->flags,
sid_to_string(sid_str, &ace->trustee),
- (unsigned int) ace->info.mask,
+ (unsigned int) ace->access_mask,
(unsigned int)tmp_acc_desired ));
tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status);
sec_ace->type,
sec_ace->flags,
sec_ace->size,
- sec_ace->info.mask);
+ sec_ace->access_mask);
} else {
printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n",
sec_ace->type,
sec_ace->flags,
sec_ace->size,
- sec_ace->info.mask,
- sec_ace->obj_flags);
+ sec_ace->access_mask,
+ sec_ace->object.object.flags);
}
if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
printf("access SID: %s\naccess type: %s\n",
sid_string_static(&sec_ace->trustee), access_type);
- ads_disp_perms(sec_ace->info.mask);
+ ads_disp_perms(sec_ace->access_mask);
}
/* display ACL */
sd->revision,
sd->type);
printf("owner SID: %s\n", sid_string_static(sd->owner_sid));
- printf("group SID: %s\n", sid_string_static(sd->grp_sid));
+ printf("group SID: %s\n", sid_string_static(sd->group_sid));
ads_disp_acl(sd->sacl, "system");
for (i = 0; i < sd->sacl->num_aces; i ++)
- ads_disp_ace(&sd->sacl->ace[i]);
+ ads_disp_ace(&sd->sacl->aces[i]);
ads_disp_acl(sd->dacl, "user");
for (i = 0; i < sd->dacl->num_aces; i ++)
- ads_disp_ace(&sd->dacl->ace[i]);
+ ads_disp_ace(&sd->dacl->aces[i]);
printf("-------------- End Of Security Descriptor\n");
}
return CAC_FAILURE;
}
- op->out.size = buf.len;
- op->out.descriptor = dup_sec_desc(mem_ctx, buf.sec);
+ op->out.size = buf.sd_size;
+ op->out.descriptor = dup_sec_desc(mem_ctx, buf.sd);
if (op->out.descriptor == NULL) {
return CAC_FAILURE;
SIVAL(param, 0, fnum);
- if (sd->off_dacl)
+ if (sd->dacl)
sec_info |= DACL_SECURITY_INFORMATION;
- if (sd->off_owner_sid)
+ if (sd->owner_sid)
sec_info |= OWNER_SECURITY_INFORMATION;
- if (sd->off_grp_sid)
+ if (sd->group_sid)
sec_info |= GROUP_SECURITY_INFORMATION;
SSVAL(param, 4, sec_info);
if (ace1->flags != ace2->flags)
return ace1->flags - ace2->flags;
- if (ace1->info.mask != ace2->info.mask)
- return ace1->info.mask - ace2->info.mask;
+ if (ace1->access_mask != ace2->access_mask)
+ return ace1->access_mask - ace2->access_mask;
if (ace1->size != ace2->size)
return ace1->size - ace2->size;
uint32 i;
if (!the_acl) return;
- qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]),
+ qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]),
QSORT_CAST ace_compare);
for (i=1;i<the_acl->num_aces;) {
- if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) {
+ if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) {
int j;
for (j=i; j<the_acl->num_aces-1; j++) {
- the_acl->ace[j] = the_acl->ace[j+1];
+ the_acl->aces[j] = the_acl->aces[j+1];
}
the_acl->num_aces--;
} else {
}
done:
- mask.mask = amask;
+ mask = amask;
init_sec_ace(ace, &sid, atype, mask, aflags);
return True;
}
if ((aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces)) == NULL) {
return False;
}
- memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
+ memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE));
memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
newacl = make_sec_acl(ctx, (*the_acl)->revision,
1+(*the_acl)->num_aces, aces);
}
if (! exclude_nt_group) {
- if (sd->grp_sid) {
+ if (sd->group_sid) {
convert_sid_to_string(ipc_cli, pol,
sidstr, numeric,
- sd->grp_sid);
+ sd->group_sid);
} else {
fstrcpy(sidstr, "");
}
/* Add aces to value buffer */
for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
- SEC_ACE *ace = &sd->dacl->ace[i];
+ SEC_ACE *ace = &sd->dacl->aces[i];
convert_sid_to_string(ipc_cli, pol,
sidstr, numeric,
&ace->trustee);
sidstr,
ace->type,
ace->flags,
- ace->info.mask);
+ ace->access_mask);
if (!p) {
errno = ENOMEM;
return -1;
sidstr,
ace->type,
ace->flags,
- ace->info.mask);
+ ace->access_mask);
}
} else if ((StrnCaseCmp(name, "acl", 3) == 0 &&
StrCaseCmp(name+3, sidstr) == 0) ||
"%d/%d/0x%08x",
ace->type,
ace->flags,
- ace->info.mask);
+ ace->access_mask);
if (!p) {
errno = ENOMEM;
return -1;
"%d/%d/0x%08x",
ace->type,
ace->flags,
- ace->info.mask);
+ ace->access_mask);
}
} else if (all_nt_acls) {
if (determine_size) {
sidstr,
ace->type,
ace->flags,
- ace->info.mask);
+ ace->access_mask);
if (!p) {
errno = ENOMEM;
return -1;
sidstr,
ace->type,
ace->flags,
- ace->info.mask);
+ ace->access_mask);
}
}
if (n > bufsize) {
switch (mode) {
case SMBC_XATTR_MODE_REMOVE_ALL:
old->dacl->num_aces = 0;
- SAFE_FREE(old->dacl->ace);
+ SAFE_FREE(old->dacl->aces);
SAFE_FREE(old->dacl);
- old->off_dacl = 0;
+ old->dacl = NULL;
dacl = old->dacl;
break;
BOOL found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sec_ace_equal(&sd->dacl->ace[i],
- &old->dacl->ace[j])) {
+ if (sec_ace_equal(&sd->dacl->aces[i],
+ &old->dacl->aces[j])) {
uint32 k;
for (k=j; k<old->dacl->num_aces-1;k++) {
- old->dacl->ace[k] =
- old->dacl->ace[k+1];
+ old->dacl->aces[k] =
+ old->dacl->aces[k+1];
}
old->dacl->num_aces--;
if (old->dacl->num_aces == 0) {
- SAFE_FREE(old->dacl->ace);
+ SAFE_FREE(old->dacl->aces);
SAFE_FREE(old->dacl);
- old->off_dacl = 0;
+ old->dacl = NULL;
}
found = True;
dacl = old->dacl;
BOOL found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->ace[i].trustee,
- &old->dacl->ace[j].trustee)) {
+ if (sid_equal(&sd->dacl->aces[i].trustee,
+ &old->dacl->aces[j].trustee)) {
if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
err = EEXIST;
ret = -1;
goto failed;
}
- old->dacl->ace[j] = sd->dacl->ace[i];
+ old->dacl->aces[j] = sd->dacl->aces[i];
ret = -1;
found = True;
}
}
for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
- add_ace(&old->dacl, &sd->dacl->ace[i], ctx);
+ add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
}
}
dacl = old->dacl;
case SMBC_XATTR_MODE_SET:
old = sd;
owner_sid = old->owner_sid;
- grp_sid = old->grp_sid;
+ grp_sid = old->group_sid;
dacl = old->dacl;
break;
break;
case SMBC_XATTR_MODE_CHGRP:
- grp_sid = sd->grp_sid;
+ grp_sid = sd->group_sid;
break;
}
static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
struct files_struct *fsp,
uint32 security_info,
- struct security_descriptor_info **ppdesc)
+ struct security_descriptor **ppdesc)
{
SEC_ACE *nt_ace_list;
DOM_SID owner_sid, group_sid;
static BOOL nt_to_afs_acl(const char *filename,
uint32 security_info_sent,
- struct security_descriptor_info *psd,
+ struct security_descriptor *psd,
uint32 (*nt_to_afs_rights)(const char *filename,
const SEC_ACE *ace),
struct afs_acl *afs_acl)
}
static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
- struct security_descriptor_info **ppdesc)
+ struct security_descriptor **ppdesc)
{
struct afs_acl acl;
size_t sd_size;
static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
- struct security_descriptor_info *psd)
+ struct security_descriptor *psd)
{
struct afs_acl old_afs_acl, new_afs_acl;
struct afs_acl dir_acl, file_acl;
static size_t afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
int fd, uint32 security_info,
- struct security_descriptor_info **ppdesc)
+ struct security_descriptor **ppdesc)
{
return afs_get_nt_acl(fsp, security_info, ppdesc);
}
static size_t afsacl_get_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
const char *name, uint32 security_info,
- struct security_descriptor_info **ppdesc)
+ struct security_descriptor **ppdesc)
{
return afs_get_nt_acl(fsp, security_info, ppdesc);
}
return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
}
-static BOOL cap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd)
+static BOOL cap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd)
{
pstring capname;
capencode(capname, name);
static size_t catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
const char *name, uint32 security_info,
- struct security_descriptor_info **ppdesc)
+ struct security_descriptor **ppdesc)
{
return SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
ppdesc);
static BOOL catia_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
const char *name, uint32 security_info_sent,
- struct security_descriptor_info *psd)
+ struct security_descriptor *psd)
{
return SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
psd);
prs_mem_free( &ps );
return 0;
}
- sec = sd_orig->sec;
+ sec = sd_orig->sd;
/* is this even valid? */
/* update access masks */
for ( i=0; i<sec->dacl->num_aces; i++ ) {
- switch ( sec->dacl->ace[i].info.mask ) {
+ switch ( sec->dacl->aces[i].access_mask ) {
case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS):
- sec->dacl->ace[i].info.mask = PRINTER_ACE_PRINT;
+ sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT;
break;
case GENERIC_ALL_ACCESS:
- sec->dacl->ace[i].info.mask = PRINTER_ACE_FULL_CONTROL;
+ sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL;
break;
case READ_CONTROL_ACCESS:
- sec->dacl->ace[i].info.mask = PRINTER_ACE_MANAGE_DOCUMENTS;
+ sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS;
default: /* no change */
break;
/* store it back */
- sd_size = sec_desc_size(sd_store->sec) + sizeof(SEC_DESC_BUF);
+ sd_size = sec_desc_size(sd_store->sd) + sizeof(SEC_DESC_BUF);
prs_init(&ps, sd_size, ctx, MARSHALL);
if ( !sec_io_desc_buf( "sec_desc_upg_fn", &sd_store, &ps, 1 ) ) {
permissions through NT. If they are NULL in the new security
descriptor then copy them over from the old one. */
- if (!secdesc_ctr->sec->owner_sid || !secdesc_ctr->sec->grp_sid) {
+ if (!secdesc_ctr->sd->owner_sid || !secdesc_ctr->sd->group_sid) {
DOM_SID *owner_sid, *group_sid;
SEC_ACL *dacl, *sacl;
SEC_DESC *psd = NULL;
/* Pick out correct owner and group sids */
- owner_sid = secdesc_ctr->sec->owner_sid ?
- secdesc_ctr->sec->owner_sid :
- old_secdesc_ctr->sec->owner_sid;
+ owner_sid = secdesc_ctr->sd->owner_sid ?
+ secdesc_ctr->sd->owner_sid :
+ old_secdesc_ctr->sd->owner_sid;
- group_sid = secdesc_ctr->sec->grp_sid ?
- secdesc_ctr->sec->grp_sid :
- old_secdesc_ctr->sec->grp_sid;
+ group_sid = secdesc_ctr->sd->group_sid ?
+ secdesc_ctr->sd->group_sid :
+ old_secdesc_ctr->sd->group_sid;
- dacl = secdesc_ctr->sec->dacl ?
- secdesc_ctr->sec->dacl :
- old_secdesc_ctr->sec->dacl;
+ dacl = secdesc_ctr->sd->dacl ?
+ secdesc_ctr->sd->dacl :
+ old_secdesc_ctr->sd->dacl;
- sacl = secdesc_ctr->sec->sacl ?
- secdesc_ctr->sec->sacl :
- old_secdesc_ctr->sec->sacl;
+ sacl = secdesc_ctr->sd->sacl ?
+ secdesc_ctr->sd->sacl :
+ old_secdesc_ctr->sd->sacl;
/* Make a deep copy of the security descriptor */
- psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision, secdesc_ctr->sec->type,
+ psd = make_sec_desc(mem_ctx, secdesc_ctr->sd->revision, secdesc_ctr->sd->type,
owner_sid, group_sid,
sacl,
dacl,
/* Store the security descriptor in a tdb */
- prs_init(&ps, (uint32)sec_desc_size(new_secdesc_ctr->sec) +
+ prs_init(&ps, (uint32)sec_desc_size(new_secdesc_ctr->sd) +
sizeof(SEC_DESC_BUF), mem_ctx, MARSHALL);
if (!sec_io_desc_buf("nt_printing_setsec", &new_secdesc_ctr,
/* Save default security descriptor for later */
- prs_init(&ps, (uint32)sec_desc_size((*secdesc_ctr)->sec) +
+ prs_init(&ps, (uint32)sec_desc_size((*secdesc_ctr)->sd) +
sizeof(SEC_DESC_BUF), ctx, MARSHALL);
if (sec_io_desc_buf("nt_printing_getsec", secdesc_ctr, &ps, 1)) {
this security descriptor has been created when winbindd was
down. Take ownership of security descriptor. */
- if (sid_equal((*secdesc_ctr)->sec->owner_sid, &global_sid_World)) {
+ if (sid_equal((*secdesc_ctr)->sd->owner_sid, &global_sid_World)) {
DOM_SID owner_sid;
/* Change sd owner to workgroup administrator */
sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
- psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision, (*secdesc_ctr)->sec->type,
+ psd = make_sec_desc(ctx, (*secdesc_ctr)->sd->revision, (*secdesc_ctr)->sd->type,
&owner_sid,
- (*secdesc_ctr)->sec->grp_sid,
- (*secdesc_ctr)->sec->sacl,
- (*secdesc_ctr)->sec->dacl,
+ (*secdesc_ctr)->sd->group_sid,
+ (*secdesc_ctr)->sd->sacl,
+ (*secdesc_ctr)->sd->dacl,
&size);
if (!psd) {
}
if (DEBUGLEVEL >= 10) {
- SEC_ACL *the_acl = (*secdesc_ctr)->sec->dacl;
+ SEC_ACL *the_acl = (*secdesc_ctr)->sd->dacl;
int i;
DEBUG(10, ("secdesc_ctr for %s has %d aces:\n",
for (i = 0; i < the_acl->num_aces; i++) {
fstring sid_str;
- sid_to_string(sid_str, &the_acl->ace[i].trustee);
+ sid_to_string(sid_str, &the_acl->aces[i].trustee);
DEBUG(10, ("%s %d %d 0x%08x\n", sid_str,
- the_acl->ace[i].type, the_acl->ace[i].flags,
- the_acl->ace[i].info.mask));
+ the_acl->aces[i].type, the_acl->aces[i].flags,
+ the_acl->aces[i].access_mask));
}
}
int i;
for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
- se_map_generic(&sd->dacl->ace[i].info.mask,
+ se_map_generic(&sd->dacl->aces[i].access_mask,
&printer_generic_mapping);
}
}
against. This is because print jobs are child objects
objects of a printer. */
- secdesc = se_create_child_secdesc(mem_ctx, parent_secdesc->sec, False);
+ secdesc = se_create_child_secdesc(mem_ctx, parent_secdesc->sd, False);
if (!secdesc) {
talloc_destroy(mem_ctx);
/* Check access */
- map_printer_permissions(secdesc->sec);
+ map_printer_permissions(secdesc->sd);
- result = se_access_check(secdesc->sec, user->nt_user_token, access_type,
+ result = se_access_check(secdesc->sd, user->nt_user_token, access_type,
&access_granted, &status);
DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE"));
/* stream the printer security descriptor */
- if ( info2->secdesc_buf && info2->secdesc_buf->len ) {
- if ( sec_io_desc("sec_desc", &info2->secdesc_buf->sec, &prs, 0 ) ) {
+ if ( info2->secdesc_buf && info2->secdesc_buf->sd ) {
+ if ( sec_io_desc("sec_desc", &info2->secdesc_buf->sd, &prs, 0 ) ) {
offset = prs_offset( &prs );
regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&prs), offset );
}
return out.status;
sec_buf = out.data;
- *sec_buf_size = out.data->len;
+ *sec_buf_size = out.data->sd_size;
return out.status;
}
}
if(!smb_io_hdrbuf_post("hdr_sec", hdr_sec, ps, depth,
- hdr_offset, data->max_len, data->len))
+ hdr_offset, data->sd_size, data->sd_size))
return False;
- if(!prs_set_offset(ps, old_offset + data->len +
+ if(!prs_set_offset(ps, old_offset + data->sd_size +
sizeof(uint32) * ((ptr3 != NULL) ? 5 : 3)))
return False;
q_c->data = sec_buf;
q_c->ptr2 = 1;
- init_buf_hdr(&q_c->hdr_sec, sec_buf->len, sec_buf->len);
+ init_buf_hdr(&q_c->hdr_sec, sec_buf->sd_size, sec_buf->sd_size);
q_c->ptr3 = 1;
q_c->disposition = TALLOC_P( get_talloc_ctx(), uint32 );
if (!q_c->disposition) {
q_u->sec_info = sec_info;
q_u->ptr = 1;
- init_buf_hdr(&q_u->hdr_sec, sec_desc_buf->len, sec_desc_buf->len);
+ init_buf_hdr(&q_u->hdr_sec, sec_desc_buf->sd_size, sec_desc_buf->sd_size);
q_u->data = sec_desc_buf;
}
prs_debug(ps, depth, desc, "sec_io_access");
depth++;
- if(!prs_uint32("mask", ps, depth, &t->mask))
+ if(!prs_uint32("mask", ps, depth, t))
return False;
return True;
old_offset = prs_offset(ps);
- if(!prs_uint8("type ", ps, depth, &psa->type))
+ if(!prs_uint8("type ", ps, depth, (uint8*)&psa->type))
return False;
if(!prs_uint8("flags", ps, depth, &psa->flags))
if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size))
return False;
- if(!sec_io_access("info ", &psa->info, ps, depth))
+ if(!prs_uint32("access_mask", ps, depth, &psa->access_mask))
return False;
/* check whether object access is present */
if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
return False;
} else {
- if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags))
+ if (!prs_uint32("obj_flags", ps, depth, &psa->object.object.flags))
return False;
- if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT)
- if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth))
+ if (psa->object.object.flags & SEC_ACE_OBJECT_PRESENT)
+ if (!smb_io_uuid("obj_guid", &psa->object.object.type.type, ps,depth))
return False;
- if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT)
- if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth))
+ if (psa->object.object.flags & SEC_ACE_OBJECT_INHERITED_PRESENT)
+ if (!smb_io_uuid("inh_guid", &psa->object.object.inherited_type.inherited_type, ps,depth))
return False;
if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
old_offset = prs_offset(ps);
- if(!prs_uint16("revision", ps, depth, &psa->revision))
+ if(!prs_uint16("revision", ps, depth, (uint16 *)&psa->revision))
return False;
if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size))
* between a non-present DACL (allow all access) and a DACL with no ACE's
* (allow no access).
*/
- if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL)
+ if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL)
return False;
}
for (i = 0; i < psa->num_aces; i++) {
fstring tmp;
slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i);
- if(!sec_io_ace(tmp, &psa->ace[i], ps, depth))
+ if(!sec_io_ace(tmp, &psa->aces[i], ps, depth))
return False;
}
uint32 old_offset;
uint32 max_offset = 0; /* after we're done, move offset to end */
uint32 tmp_offset = 0;
+ uint32 off_sacl, off_dacl, off_owner_sid, off_grp_sid;
SEC_DESC *psd;
/* start of security descriptor stored for back-calc offset purposes */
old_offset = prs_offset(ps);
- if(!prs_uint16("revision ", ps, depth, &psd->revision))
+ if(!prs_uint16("revision ", ps, depth, (uint16*)&psd->revision))
return False;
if(!prs_uint16("type ", ps, depth, &psd->type))
*/
if (psd->sacl != NULL) {
- psd->off_sacl = offset;
+ off_sacl = offset;
offset += psd->sacl->size;
} else {
- psd->off_sacl = 0;
+ off_sacl = 0;
}
if (psd->dacl != NULL) {
- psd->off_dacl = offset;
+ off_dacl = offset;
offset += psd->dacl->size;
} else {
- psd->off_dacl = 0;
+ off_dacl = 0;
}
if (psd->owner_sid != NULL) {
- psd->off_owner_sid = offset;
+ off_owner_sid = offset;
offset += sid_size(psd->owner_sid);
} else {
- psd->off_owner_sid = 0;
+ off_owner_sid = 0;
}
- if (psd->grp_sid != NULL) {
- psd->off_grp_sid = offset;
- offset += sid_size(psd->grp_sid);
+ if (psd->group_sid != NULL) {
+ off_grp_sid = offset;
+ offset += sid_size(psd->group_sid);
} else {
- psd->off_grp_sid = 0;
+ off_grp_sid = 0;
}
}
- if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid))
+ if(!prs_uint32("off_owner_sid", ps, depth, &off_owner_sid))
return False;
- if(!prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid))
+ if(!prs_uint32("off_grp_sid ", ps, depth, &off_grp_sid))
return False;
- if(!prs_uint32("off_sacl ", ps, depth, &psd->off_sacl))
+ if(!prs_uint32("off_sacl ", ps, depth, &off_sacl))
return False;
- if(!prs_uint32("off_dacl ", ps, depth, &psd->off_dacl))
+ if(!prs_uint32("off_dacl ", ps, depth, &off_dacl))
return False;
max_offset = MAX(max_offset, prs_offset(ps));
- if (psd->off_owner_sid != 0) {
+ if (off_owner_sid != 0) {
tmp_offset = prs_offset(ps);
- if(!prs_set_offset(ps, old_offset + psd->off_owner_sid))
+ if(!prs_set_offset(ps, old_offset + off_owner_sid))
return False;
if (UNMARSHALLING(ps)) {
return False;
}
- if (psd->off_grp_sid != 0) {
+ if (psd->group_sid != 0) {
tmp_offset = prs_offset(ps);
- if(!prs_set_offset(ps, old_offset + psd->off_grp_sid))
+ if(!prs_set_offset(ps, old_offset + off_grp_sid))
return False;
if (UNMARSHALLING(ps)) {
/* reading */
- if((psd->grp_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL)
+ if((psd->group_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL)
return False;
}
- if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth))
+ if(!smb_io_dom_sid("grp_sid", psd->group_sid, ps, depth))
return False;
max_offset = MAX(max_offset, prs_offset(ps));
return False;
}
- if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) {
+ if ((psd->type & SEC_DESC_SACL_PRESENT) && off_sacl) {
tmp_offset = prs_offset(ps);
- if(!prs_set_offset(ps, old_offset + psd->off_sacl))
+ if(!prs_set_offset(ps, old_offset + off_sacl))
return False;
if(!sec_io_acl("sacl", &psd->sacl, ps, depth))
return False;
return False;
}
- if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) {
+ if ((psd->type & SEC_DESC_DACL_PRESENT) && off_dacl != 0) {
tmp_offset = prs_offset(ps);
- if(!prs_set_offset(ps, old_offset + psd->off_dacl))
+ if(!prs_set_offset(ps, old_offset + off_dacl))
return False;
if(!sec_io_acl("dacl", &psd->dacl, ps, depth))
return False;
uint32 off_max_len;
uint32 old_offset;
uint32 size;
+ uint32 len;
SEC_DESC_BUF *psdb;
+ uint32 ptr;
if (ppsdb == NULL)
return False;
if(!prs_align(ps))
return False;
- if(!prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len))
+ if(!prs_uint32_pre("max_len", ps, depth, &psdb->sd_size, &off_max_len))
return False;
- if(!prs_uint32 ("ptr ", ps, depth, &psdb->ptr))
+ ptr = 1;
+ if(!prs_uint32 ("ptr ", ps, depth, &ptr))
return False;
- if(!prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len))
+ len = sec_desc_size(psdb->sd);
+ if(!prs_uint32_pre("len ", ps, depth, &len, &off_len))
return False;
old_offset = prs_offset(ps);
/* reading, length is non-zero; writing, descriptor is non-NULL */
- if ((UNMARSHALLING(ps) && psdb->len != 0) || (MARSHALLING(ps) && psdb->sec != NULL)) {
- if(!sec_io_desc("sec ", &psdb->sec, ps, depth))
+ if ((UNMARSHALLING(ps) && psdb->sd_size != 0) || (MARSHALLING(ps) && psdb->sd != NULL)) {
+ if(!sec_io_desc("sec ", &psdb->sd, ps, depth))
return False;
}
return False;
size = prs_offset(ps) - old_offset;
- if(!prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size))
+ if(!prs_uint32_post("max_len", ps, depth, &psdb->sd_size, off_max_len, size == 0 ? psdb->sd_size : size))
return False;
- if(!prs_uint32_post("len ", ps, depth, &psdb->len, off_len, size))
+ if(!prs_uint32_post("len ", ps, depth, &len, off_len, size))
return False;
return True;
q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF);
if (!q_u->secdesc_ctr)
return False;
- q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;
- q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
- q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
- q_u->secdesc_ctr->sec = secdesc;
+ q_u->secdesc_ctr->sd = secdesc;
+ q_u->secdesc_ctr->sd_size = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
q_u->devmode_ctr.devmode_ptr = (devmode != NULL) ? 1 : 0;
q_u->devmode_ctr.size = (devmode != NULL) ? sizeof(DEVICEMODE) + (3*sizeof(uint32)) : 0;
q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF);
if (!q_u->secdesc_ctr)
return False;
- q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;
- q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
- q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
- q_u->secdesc_ctr->sec = secdesc;
+ q_u->secdesc_ctr->sd_size = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
+ q_u->secdesc_ctr->sd = secdesc;
break;
case 7:
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- data->notify_data.sd.size = printer->info_2->secdesc_buf->len;
- data->notify_data.sd.desc = dup_sec_desc( mem_ctx, printer->info_2->secdesc_buf->sec ) ;
+ data->notify_data.sd.size = printer->info_2->secdesc_buf->sd_size;
+ data->notify_data.sd.desc = dup_sec_desc( mem_ctx, printer->info_2->secdesc_buf->sd ) ;
}
/*******************************************************************
printer->secdesc = NULL;
if ( ntprinter->info_2->secdesc_buf
- && ntprinter->info_2->secdesc_buf->len != 0 )
+ && ntprinter->info_2->secdesc_buf->sd_size != 0 )
{
/* don't use talloc_steal() here unless you do a deep steal of all
the SEC_DESC members */
printer->secdesc = dup_sec_desc( get_talloc_ctx(),
- ntprinter->info_2->secdesc_buf->sec );
+ ntprinter->info_2->secdesc_buf->sd );
}
free_a_printer(&ntprinter, 2);
printer->flags = 0x4;
- if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->len != 0) {
+ if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->sd_size != 0) {
/* don't use talloc_steal() here unless you do a deep steal of all
the SEC_DESC members */
printer->secdesc = dup_sec_desc( get_talloc_ctx(),
- ntprinter->info_2->secdesc_buf->sec );
+ ntprinter->info_2->secdesc_buf->sd );
}
free_a_printer(&ntprinter, 2);
SEC_ACL *the_acl;
int i;
- the_acl = old_secdesc_ctr->sec->dacl;
+ the_acl = old_secdesc_ctr->sd->dacl;
DEBUG(10, ("old_secdesc_ctr for %s has %d aces:\n",
PRINTERNAME(snum), the_acl->num_aces));
for (i = 0; i < the_acl->num_aces; i++) {
fstring sid_str;
- sid_to_string(sid_str, &the_acl->ace[i].trustee);
+ sid_to_string(sid_str, &the_acl->aces[i].trustee);
DEBUG(10, ("%s 0x%08x\n", sid_str,
- the_acl->ace[i].info.mask));
+ the_acl->aces[i].access_mask));
}
- the_acl = secdesc_ctr->sec->dacl;
+ the_acl = secdesc_ctr->sd->dacl;
if (the_acl) {
DEBUG(10, ("secdesc_ctr for %s has %d aces:\n",
for (i = 0; i < the_acl->num_aces; i++) {
fstring sid_str;
- sid_to_string(sid_str, &the_acl->ace[i].trustee);
+ sid_to_string(sid_str, &the_acl->aces[i].trustee);
DEBUG(10, ("%s 0x%08x\n", sid_str,
- the_acl->ace[i].info.mask));
+ the_acl->aces[i].access_mask));
}
} else {
DEBUG(10, ("dacl for secdesc_ctr is NULL\n"));
goto done;
}
- if (sec_desc_equal(new_secdesc_ctr->sec, old_secdesc_ctr->sec)) {
+ if (sec_desc_equal(new_secdesc_ctr->sd, old_secdesc_ctr->sd)) {
result = WERR_OK;
goto done;
}
return;
for (i = 0; i < ps_dacl->num_aces; i++) {
- SEC_ACE *psa = &ps_dacl->ace[i];
- uint32 orig_mask = psa->info.mask;
+ SEC_ACE *psa = &ps_dacl->aces[i];
+ uint32 orig_mask = psa->access_mask;
- se_map_generic(&psa->info.mask, &file_generic_mapping);
- psa->info.mask |= orig_mask;
+ se_map_generic(&psa->access_mask, &file_generic_mapping);
+ psa->access_mask |= orig_mask;
}
}
case 1501:
pstrcpy(pathname, lp_pathname(snum));
fstrcpy(comment, lp_comment(snum));
- psd = q_u->info.share.info1501.sdb->sec;
+ psd = q_u->info.share.info1501.sdb->sd;
map_generic_share_sd_bits(psd);
type = STYPE_DISKTREE;
break;
/* Print results */
- display_sec_desc(sdb->sec);
+ display_sec_desc(sdb->sd);
rpccli_lsa_close(cli, mem_ctx, &pol);
done:
if (!NT_STATUS_IS_OK(result))
goto done;
- display_sec_desc(sec_desc_buf->sec);
+ display_sec_desc(sec_desc_buf->sd);
rpccli_samr_close(cli, mem_ctx, &user_pol);
rpccli_samr_close(cli, mem_ctx, &domain_pol);
return NT_STATUS_NO_MEMORY;
}
- if (psd->off_owner_sid==0) {
+ if (psd->owner_sid==0) {
security_info_sent &= ~OWNER_SECURITY_INFORMATION;
}
- if (psd->off_grp_sid==0) {
+ if (psd->group_sid==0) {
security_info_sent &= ~GROUP_SECURITY_INFORMATION;
}
- if (psd->off_sacl==0) {
+ if (psd->sacl==0) {
security_info_sent &= ~SACL_SECURITY_INFORMATION;
}
- if (psd->off_dacl==0) {
+ if (psd->dacl==0) {
security_info_sent &= ~DACL_SECURITY_INFORMATION;
}
#define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES)
#define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
-static mode_t map_nt_perms( SEC_ACCESS sec_access, int type)
+static mode_t map_nt_perms( uint32 *mask, int type)
{
mode_t mode = 0;
switch(type) {
case S_IRUSR:
- if(sec_access.mask & GENERIC_ALL_ACCESS)
+ if((*mask) & GENERIC_ALL_ACCESS)
mode = S_IRUSR|S_IWUSR|S_IXUSR;
else {
- mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
- mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
- mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
+ mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
+ mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
+ mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
}
break;
case S_IRGRP:
- if(sec_access.mask & GENERIC_ALL_ACCESS)
+ if((*mask) & GENERIC_ALL_ACCESS)
mode = S_IRGRP|S_IWGRP|S_IXGRP;
else {
- mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
- mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
- mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
+ mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
+ mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
+ mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
}
break;
case S_IROTH:
- if(sec_access.mask & GENERIC_ALL_ACCESS)
+ if((*mask) & GENERIC_ALL_ACCESS)
mode = S_IROTH|S_IWOTH|S_IXOTH;
else {
- mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
- mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
- mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
+ mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
+ mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
+ mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
}
break;
}
*/
if (security_info_sent & GROUP_SECURITY_INFORMATION) {
- sid_copy(&grp_sid, psd->grp_sid);
+ sid_copy(&grp_sid, psd->group_sid);
if (!sid_to_gid( &grp_sid, pgrp)) {
if (lp_force_unknown_acl_user(snum)) {
/* this allows take group ownership to work
*/
for(i = 0; i < dacl->num_aces; i++) {
- SEC_ACE *psa = &dacl->ace[i];
+ SEC_ACE *psa = &dacl->aces[i];
if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
* Convert GENERIC bits to specific bits.
*/
- se_map_generic(&psa->info.mask, &file_generic_mapping);
+ se_map_generic(&psa->access_mask, &file_generic_mapping);
- psa->info.mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
+ psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
- if(psa->info.mask != UNIX_ACCESS_NONE)
- psa->info.mask &= ~UNIX_ACCESS_NONE;
+ if(psa->access_mask != UNIX_ACCESS_NONE)
+ psa->access_mask &= ~UNIX_ACCESS_NONE;
}
}
*/
for(i = 0; i < dacl->num_aces; i++) {
- SEC_ACE *psa1 = &dacl->ace[i];
+ SEC_ACE *psa1 = &dacl->aces[i];
for (j = i + 1; j < dacl->num_aces; j++) {
- SEC_ACE *psa2 = &dacl->ace[j];
+ SEC_ACE *psa2 = &dacl->aces[j];
- if (psa1->info.mask != psa2->info.mask)
+ if (psa1->access_mask != psa2->access_mask)
continue;
if (!sid_equal(&psa1->trustee, &psa2->trustee))
}
for(i = 0; i < dacl->num_aces; i++) {
- SEC_ACE *psa = &dacl->ace[i];
+ SEC_ACE *psa = &dacl->aces[i];
/*
* Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
* S_I(R|W|X)USR bits.
*/
- current_ace->perms |= map_nt_perms( psa->info, S_IRUSR);
+ current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR);
current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
current_ace->inherited = ((psa->flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False);
/* We know the lower number ACE's are file entries. */
if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
(nt_ace_list[i].size == nt_ace_list[j].size) &&
- (nt_ace_list[i].info.mask == nt_ace_list[j].info.mask) &&
+ (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
(i_inh == j_inh) &&
(i_flags_ni == 0) &&
* the non-inherited ACE onto the inherited ACE.
*/
- if (nt_ace_list[i].info.mask == 0) {
+ if (nt_ace_list[i].access_mask == 0) {
nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
(i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
if (num_aces - i - 1 > 0)
}
if (psd->dacl) {
- dacl_sort_into_canonical_order(psd->dacl->ace, (unsigned int)psd->dacl->num_aces);
+ dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces);
}
*ppdesc = psd;
unsigned int timeout);
void tdb_read_unlock_bystring(TDB_CONTEXT *tdb, const char *keyval);
int32_t tdb_fetch_int32(struct tdb_context *tdb, const char *keystr);
-BOOL tdb_store_uint32(struct tdb_context *tdb, const char *keystr, uint32_t value);
+int tdb_store_uint32(struct tdb_context *tdb, const char *keystr, uint32_t value);
int tdb_store_int32(struct tdb_context *tdb, const char *keystr, int32_t v);
-BOOL tdb_fetch_uint32(struct tdb_context *tdb, const char *keystr, uint32_t *value);
+int tdb_fetch_uint32(struct tdb_context *tdb, const char *keystr, uint32_t *value);
int tdb_traverse_delete_fn(struct tdb_context *the_tdb, TDB_DATA key, TDB_DATA dbuf,
void *state);
int tdb_store_bystring(struct tdb_context *tdb, const char *keystr, TDB_DATA data, int flags);
TDB_DATA string_tdb_data(const char *string);
int tdb_trans_store(struct tdb_context *tdb, TDB_DATA key, TDB_DATA dbuf,
int flag);
-BOOL tdb_change_uint32_atomic(TDB_CONTEXT *tdb, const char *keystr,
+int tdb_change_uint32_atomic(TDB_CONTEXT *tdb, const char *keystr,
uint32 *oldval, uint32 change_val);
int tdb_chainlock_with_timeout( TDB_CONTEXT *tdb, TDB_DATA key,
unsigned int timeout);
const char *name;
NTSTATUS ntstatus;
- ntstatus = net_lookup_name_from_sid(ctx, &psd->dacl->ace[num_aces].trustee, &domain, &name);
+ ntstatus = net_lookup_name_from_sid(ctx, &psd->dacl->aces[num_aces].trustee, &domain, &name);
if (NT_STATUS_IS_OK(ntstatus)) {
if (domain && *domain) {
pstrcat(acl_str,name);
} else {
fstring sidstr;
- sid_to_string(sidstr, &psd->dacl->ace[num_aces].trustee);
+ sid_to_string(sidstr, &psd->dacl->aces[num_aces].trustee);
pstrcat(acl_str,sidstr);
}
pstrcat(acl_str, ":");
- if (psd->dacl->ace[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) {
+ if (psd->dacl->aces[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) {
pstrcat(acl_str, "D,");
} else {
- if (psd->dacl->ace[num_aces].info.mask & GENERIC_ALL_ACCESS) {
+ if (psd->dacl->aces[num_aces].access_mask & GENERIC_ALL_ACCESS) {
pstrcat(acl_str, "F,");
} else {
pstrcat(acl_str, "R,");
update = True;
}
- if ( sid_equal( sd->grp_sid, s1 ) ) {
- sid_copy( sd->grp_sid, s2 );
+ if ( sid_equal( sd->group_sid, s1 ) ) {
+ sid_copy( sd->group_sid, s2 );
update = True;
}
for ( i=0; i<acl->num_aces; i++ ) {
- if ( sid_equal( &acl->ace[i].trustee, s1 ) ) {
- sid_copy( &acl->ace[i].trustee, s2 );
+ if ( sid_equal( &acl->aces[i].trustee, s1 ) ) {
+ sid_copy( &acl->aces[i].trustee, s2 );
update = True;
}
}
if (numeric) {
fprintf(f, "%d/%d/0x%08x",
- ace->type, ace->flags, ace->info.mask);
+ ace->type, ace->flags, ace->access_mask);
return;
}
/* Standard permissions */
for (v = standard_values; v->perm; v++) {
- if (ace->info.mask == v->mask) {
+ if (ace->access_mask == v->mask) {
fprintf(f, "%s", v->perm);
return;
}
/* Special permissions. Print out a hex value if we have
leftover bits in the mask. */
- got_mask = ace->info.mask;
+ got_mask = ace->access_mask;
again:
for (v = special_values; v->perm; v++) {
- if ((ace->info.mask & v->mask) == v->mask) {
+ if ((ace->access_mask & v->mask) == v->mask) {
if (do_print) {
fprintf(f, "%s", v->perm);
}
if (!do_print) {
if (got_mask != 0) {
- fprintf(f, "0x%08x", ace->info.mask);
+ fprintf(f, "0x%08x", ace->access_mask);
} else {
do_print = 1;
goto again;
fprintf(f, "OWNER:%s\n", sidstr);
- if (sd->grp_sid) {
- sid_to_string(sidstr, sd->grp_sid);
+ if (sd->group_sid) {
+ sid_to_string(sidstr, sd->group_sid);
} else {
fstrcpy(sidstr, "");
}
/* Print aces */
for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
- SEC_ACE *ace = &sd->dacl->ace[i];
+ SEC_ACE *ace = &sd->dacl->aces[i];
fprintf(f, "ACL:");
print_ace(f, ace);
fprintf(f, "\n");
if (numeric) {
fprintf(f, "%d/%d/0x%08x",
- ace->type, ace->flags, ace->info.mask);
+ ace->type, ace->flags, ace->access_mask);
return;
}
/* Standard permissions */
for (v = standard_values; v->perm; v++) {
- if (ace->info.mask == v->mask) {
+ if (ace->access_mask == v->mask) {
fprintf(f, "%s", v->perm);
return;
}
/* Special permissions. Print out a hex value if we have
leftover bits in the mask. */
- got_mask = ace->info.mask;
+ got_mask = ace->access_mask;
again:
for (v = special_values; v->perm; v++) {
- if ((ace->info.mask & v->mask) == v->mask) {
+ if ((ace->access_mask & v->mask) == v->mask) {
if (do_print) {
fprintf(f, "%s", v->perm);
}
if (!do_print) {
if (got_mask != 0) {
- fprintf(f, "0x%08x", ace->info.mask);
+ fprintf(f, "0x%08x", ace->access_mask);
} else {
do_print = 1;
goto again;
}
done:
- mask.mask = amask;
+ mask = amask;
init_sec_ace(ace, &sid, atype, mask, aflags);
SAFE_FREE(str);
return True;
if (!(aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces))) {
return False;
}
- memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
+ memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE));
memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
new_ace = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces);
SAFE_FREE(aces);
fprintf(f, "OWNER:%s\n", sidstr);
- if (sd->grp_sid) {
- SidToString(sidstr, sd->grp_sid);
+ if (sd->group_sid) {
+ SidToString(sidstr, sd->group_sid);
} else {
fstrcpy(sidstr, "");
}
/* Print aces */
for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
- SEC_ACE *ace = &sd->dacl->ace[i];
+ SEC_ACE *ace = &sd->dacl->aces[i];
fprintf(f, "ACL:");
print_ace(f, ace);
fprintf(f, "\n");
if (ace1->flags != ace2->flags)
return ace1->flags - ace2->flags;
- if (ace1->info.mask != ace2->info.mask)
- return ace1->info.mask - ace2->info.mask;
+ if (ace1->access_mask != ace2->access_mask)
+ return ace1->access_mask - ace2->access_mask;
if (ace1->size != ace2->size)
return ace1->size - ace2->size;
uint32 i;
if (!the_acl) return;
- qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]), QSORT_CAST ace_compare);
+ qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]), QSORT_CAST ace_compare);
for (i=1;i<the_acl->num_aces;) {
- if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) {
+ if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) {
int j;
for (j=i; j<the_acl->num_aces-1; j++) {
- the_acl->ace[j] = the_acl->ace[j+1];
+ the_acl->aces[j] = the_acl->aces[j+1];
}
the_acl->num_aces--;
} else {
BOOL found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sec_ace_equal(&sd->dacl->ace[i],
- &old->dacl->ace[j])) {
+ if (sec_ace_equal(&sd->dacl->aces[i],
+ &old->dacl->aces[j])) {
uint32 k;
for (k=j; k<old->dacl->num_aces-1;k++) {
- old->dacl->ace[k] = old->dacl->ace[k+1];
+ old->dacl->aces[k] = old->dacl->aces[k+1];
}
old->dacl->num_aces--;
found = True;
if (!found) {
printf("ACL for ACE:");
- print_ace(stdout, &sd->dacl->ace[i]);
+ print_ace(stdout, &sd->dacl->aces[i]);
printf(" not found\n");
}
}
BOOL found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->ace[i].trustee,
- &old->dacl->ace[j].trustee)) {
- old->dacl->ace[j] = sd->dacl->ace[i];
+ if (sid_equal(&sd->dacl->aces[i].trustee,
+ &old->dacl->aces[j].trustee)) {
+ old->dacl->aces[j] = sd->dacl->aces[i];
found = True;
}
}
if (!found) {
fstring str;
- SidToString(str, &sd->dacl->ace[i].trustee);
+ SidToString(str, &sd->dacl->aces[i].trustee);
printf("ACL for SID %s not found\n", str);
}
}
old->owner_sid = sd->owner_sid;
}
- if (sd->grp_sid) {
- old->grp_sid = sd->grp_sid;
+ if (sd->group_sid) {
+ old->group_sid = sd->group_sid;
}
break;
case SMB_ACL_ADD:
for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
- add_ace(&old->dacl, &sd->dacl->ace[i]);
+ add_ace(&old->dacl, &sd->dacl->aces[i]);
}
break;