s3-auth Rename NT_USER_TOKEN user_sids -> sids

[idra/samba.git] / source3 / modules / vfs_acl_common.c

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 9e356b933e91009385ab8f14d8b4c7c0141d2544..e759dc2df3f3b1e82d9b19229fe426c7733377b9 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -19,6 +19,8 @@
  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "../librpc/gen_ndr/ndr_security.h"
+
 static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
                        DATA_BLOB *pblob,
                        uint16_t hash_type,
@@ -34,10 +36,10 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
                        files_struct *fsp,
                        DATA_BLOB *pblob);
 
-#define HASH_SECURITY_INFO (OWNER_SECURITY_INFORMATION | \
-                               GROUP_SECURITY_INFORMATION | \
-                               DACL_SECURITY_INFORMATION | \
-                               SACL_SECURITY_INFORMATION)
+#define HASH_SECURITY_INFO (SECINFO_OWNER | \
+                               SECINFO_GROUP | \
+                               SECINFO_DACL | \
+                               SECINFO_SACL)
 
 /*******************************************************************
  Hash a security descriptor.
@@ -77,7 +79,7 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
        enum ndr_err_code ndr_err;
        size_t sd_size;
 
-       ndr_err = ndr_pull_struct_blob(pblob, ctx, NULL, &xacl,
+       ndr_err = ndr_pull_struct_blob(pblob, ctx, &xacl,
                        (ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL);
 
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -88,7 +90,7 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
 
        switch (xacl.version) {
                case 2:
-                       *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION,
+                       *ppdesc = make_sec_desc(ctx, SD_REVISION,
                                        xacl.info.sd_hs2->sd->type | SEC_DESC_SELF_RELATIVE,
                                        xacl.info.sd_hs2->sd->owner_sid,
                                        xacl.info.sd_hs2->sd->group_sid,
@@ -100,7 +102,7 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
                        memset(hash, '\0', XATTR_SD_HASH_SIZE);
                        break;
                case 3:
-                       *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION,
+                       *ppdesc = make_sec_desc(ctx, SD_REVISION,
                                        xacl.info.sd_hs3->sd->type | SEC_DESC_SELF_RELATIVE,
                                        xacl.info.sd_hs3->sd->owner_sid,
                                        xacl.info.sd_hs3->sd->group_sid,
@@ -144,7 +146,7 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
        memcpy(&xacl.info.sd_hs3->hash[0], hash, XATTR_SD_HASH_SIZE);
 
        ndr_err = ndr_push_struct_blob(
-                       pblob, ctx, NULL, &xacl,
+                       pblob, ctx, &xacl,
                        (ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
 
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -249,7 +251,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
 {
        DATA_BLOB blob;
        NTSTATUS status;
-       uint16_t hash_type;
+       uint16_t hash_type = XATTR_SD_HASH_TYPE_NONE;
        uint8_t hash[XATTR_SD_HASH_SIZE];
        uint8_t hash_tmp[XATTR_SD_HASH_SIZE];
        struct security_descriptor *psd = NULL;
@@ -369,16 +371,16 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
                }
        }
 
-       if (!(security_info & OWNER_SECURITY_INFORMATION)) {
+       if (!(security_info & SECINFO_OWNER)) {
                psd->owner_sid = NULL;
        }
-       if (!(security_info & GROUP_SECURITY_INFORMATION)) {
+       if (!(security_info & SECINFO_GROUP)) {
                psd->group_sid = NULL;
        }
-       if (!(security_info & DACL_SECURITY_INFORMATION)) {
+       if (!(security_info & SECINFO_DACL)) {
                psd->dacl = NULL;
        }
-       if (!(security_info & SACL_SECURITY_INFORMATION)) {
+       if (!(security_info & SECINFO_SACL)) {
                psd->sacl = NULL;
        }
 
@@ -420,8 +422,8 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
                        &psd,
                        &size,
                        parent_desc,
-                       &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX],
-                       &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX],
+                       &handle->conn->server_info->ptok->sids[PRIMARY_USER_SID_INDEX],
+                       &handle->conn->server_info->ptok->sids[PRIMARY_GROUP_SID_INDEX],
                        is_directory);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
@@ -434,9 +436,9 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
        }
 
        return SMB_VFS_FSET_NT_ACL(fsp,
-                               (OWNER_SECURITY_INFORMATION |
-                                GROUP_SECURITY_INFORMATION |
-                                DACL_SECURITY_INFORMATION),
+                               (SECINFO_OWNER |
+                                SECINFO_GROUP |
+                                SECINFO_DACL),
                                psd);
 }
 
@@ -457,9 +459,9 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle,
        status = get_nt_acl_internal(handle,
                                        NULL,
                                        parent_name,
-                                       (OWNER_SECURITY_INFORMATION |
-                                        GROUP_SECURITY_INFORMATION |
-                                        DACL_SECURITY_INFORMATION),
+                                       (SECINFO_OWNER |
+                                        SECINFO_GROUP |
+                                        SECINFO_DACL),
                                        &parent_desc);
 
        if (!NT_STATUS_IS_OK(status)) {
@@ -530,9 +532,9 @@ static int open_acl_common(vfs_handle_struct *handle,
        status = get_nt_acl_internal(handle,
                                NULL,
                                fname,
-                               (OWNER_SECURITY_INFORMATION |
-                                GROUP_SECURITY_INFORMATION |
-                                DACL_SECURITY_INFORMATION),
+                               (SECINFO_OWNER |
+                                SECINFO_GROUP |
+                                SECINFO_DACL),
                                &pdesc);
         if (NT_STATUS_IS_OK(status)) {
                /* See if we can access it. */
@@ -676,20 +678,20 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 
         /* Ensure we have OWNER/GROUP/DACL set. */
 
-       if ((security_info_sent & (OWNER_SECURITY_INFORMATION|
-                               GROUP_SECURITY_INFORMATION|
-                               DACL_SECURITY_INFORMATION)) !=
-                               (OWNER_SECURITY_INFORMATION|
-                                GROUP_SECURITY_INFORMATION|
-                                DACL_SECURITY_INFORMATION)) {
+       if ((security_info_sent & (SECINFO_OWNER|
+                               SECINFO_GROUP|
+                               SECINFO_DACL)) !=
+                               (SECINFO_OWNER|
+                                SECINFO_GROUP|
+                                SECINFO_DACL)) {
                /* No we don't - read from the existing SD. */
                struct security_descriptor *nc_psd = NULL;
 
                status = get_nt_acl_internal(handle, fsp,
                                NULL,
-                               (OWNER_SECURITY_INFORMATION|
-                                GROUP_SECURITY_INFORMATION|
-                                DACL_SECURITY_INFORMATION),
+                               (SECINFO_OWNER|
+                                SECINFO_GROUP|
+                                SECINFO_DACL),
                                &nc_psd);
 
                if (!NT_STATUS_IS_OK(status)) {
@@ -697,23 +699,23 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
                }
 
                /* This is safe as nc_psd is discarded at fn exit. */
-               if (security_info_sent & OWNER_SECURITY_INFORMATION) {
+               if (security_info_sent & SECINFO_OWNER) {
                        nc_psd->owner_sid = psd->owner_sid;
                }
-               security_info_sent |= OWNER_SECURITY_INFORMATION;
+               security_info_sent |= SECINFO_OWNER;
 
-               if (security_info_sent & GROUP_SECURITY_INFORMATION) {
+               if (security_info_sent & SECINFO_GROUP) {
                        nc_psd->group_sid = psd->group_sid;
                }
-               security_info_sent |= GROUP_SECURITY_INFORMATION;
+               security_info_sent |= SECINFO_GROUP;
 
-               if (security_info_sent & DACL_SECURITY_INFORMATION) {
+               if (security_info_sent & SECINFO_DACL) {
                        nc_psd->dacl = dup_sec_acl(talloc_tos(), psd->dacl);
                        if (nc_psd->dacl == NULL) {
                                return NT_STATUS_NO_MEMORY;
                        }
                }
-               security_info_sent |= DACL_SECURITY_INFORMATION;
+               security_info_sent |= SECINFO_DACL;
                psd = nc_psd;
        }