* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
+#include "../librpc/gen_ndr/ndr_security.h"
+
static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
DATA_BLOB *pblob,
uint16_t hash_type,
files_struct *fsp,
DATA_BLOB *pblob);
-#define HASH_SECURITY_INFO (OWNER_SECURITY_INFORMATION | \
- GROUP_SECURITY_INFORMATION | \
- DACL_SECURITY_INFORMATION | \
- SACL_SECURITY_INFORMATION)
+#define HASH_SECURITY_INFO (SECINFO_OWNER | \
+ SECINFO_GROUP | \
+ SECINFO_DACL | \
+ SECINFO_SACL)
/*******************************************************************
Hash a security descriptor.
enum ndr_err_code ndr_err;
size_t sd_size;
- ndr_err = ndr_pull_struct_blob(pblob, ctx, NULL, &xacl,
+ ndr_err = ndr_pull_struct_blob(pblob, ctx, &xacl,
(ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
switch (xacl.version) {
case 2:
- *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION,
+ *ppdesc = make_sec_desc(ctx, SD_REVISION,
xacl.info.sd_hs2->sd->type | SEC_DESC_SELF_RELATIVE,
xacl.info.sd_hs2->sd->owner_sid,
xacl.info.sd_hs2->sd->group_sid,
memset(hash, '\0', XATTR_SD_HASH_SIZE);
break;
case 3:
- *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION,
+ *ppdesc = make_sec_desc(ctx, SD_REVISION,
xacl.info.sd_hs3->sd->type | SEC_DESC_SELF_RELATIVE,
xacl.info.sd_hs3->sd->owner_sid,
xacl.info.sd_hs3->sd->group_sid,
memcpy(&xacl.info.sd_hs3->hash[0], hash, XATTR_SD_HASH_SIZE);
ndr_err = ndr_push_struct_blob(
- pblob, ctx, NULL, &xacl,
+ pblob, ctx, &xacl,
(ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
{
DATA_BLOB blob;
NTSTATUS status;
- uint16_t hash_type;
+ uint16_t hash_type = XATTR_SD_HASH_TYPE_NONE;
uint8_t hash[XATTR_SD_HASH_SIZE];
uint8_t hash_tmp[XATTR_SD_HASH_SIZE];
struct security_descriptor *psd = NULL;
}
}
- if (!(security_info & OWNER_SECURITY_INFORMATION)) {
+ if (!(security_info & SECINFO_OWNER)) {
psd->owner_sid = NULL;
}
- if (!(security_info & GROUP_SECURITY_INFORMATION)) {
+ if (!(security_info & SECINFO_GROUP)) {
psd->group_sid = NULL;
}
- if (!(security_info & DACL_SECURITY_INFORMATION)) {
+ if (!(security_info & SECINFO_DACL)) {
psd->dacl = NULL;
}
- if (!(security_info & SACL_SECURITY_INFORMATION)) {
+ if (!(security_info & SECINFO_SACL)) {
psd->sacl = NULL;
}
&psd,
&size,
parent_desc,
- &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX],
- &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX],
+ &handle->conn->server_info->ptok->sids[PRIMARY_USER_SID_INDEX],
+ &handle->conn->server_info->ptok->sids[PRIMARY_GROUP_SID_INDEX],
is_directory);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return SMB_VFS_FSET_NT_ACL(fsp,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL),
psd);
}
status = get_nt_acl_internal(handle,
NULL,
parent_name,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL),
&parent_desc);
if (!NT_STATUS_IS_OK(status)) {
status = get_nt_acl_internal(handle,
NULL,
fname,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL),
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
/* Ensure we have OWNER/GROUP/DACL set. */
- if ((security_info_sent & (OWNER_SECURITY_INFORMATION|
- GROUP_SECURITY_INFORMATION|
- DACL_SECURITY_INFORMATION)) !=
- (OWNER_SECURITY_INFORMATION|
- GROUP_SECURITY_INFORMATION|
- DACL_SECURITY_INFORMATION)) {
+ if ((security_info_sent & (SECINFO_OWNER|
+ SECINFO_GROUP|
+ SECINFO_DACL)) !=
+ (SECINFO_OWNER|
+ SECINFO_GROUP|
+ SECINFO_DACL)) {
/* No we don't - read from the existing SD. */
struct security_descriptor *nc_psd = NULL;
status = get_nt_acl_internal(handle, fsp,
NULL,
- (OWNER_SECURITY_INFORMATION|
- GROUP_SECURITY_INFORMATION|
- DACL_SECURITY_INFORMATION),
+ (SECINFO_OWNER|
+ SECINFO_GROUP|
+ SECINFO_DACL),
&nc_psd);
if (!NT_STATUS_IS_OK(status)) {
}
/* This is safe as nc_psd is discarded at fn exit. */
- if (security_info_sent & OWNER_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_OWNER) {
nc_psd->owner_sid = psd->owner_sid;
}
- security_info_sent |= OWNER_SECURITY_INFORMATION;
+ security_info_sent |= SECINFO_OWNER;
- if (security_info_sent & GROUP_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_GROUP) {
nc_psd->group_sid = psd->group_sid;
}
- security_info_sent |= GROUP_SECURITY_INFORMATION;
+ security_info_sent |= SECINFO_GROUP;
- if (security_info_sent & DACL_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_DACL) {
nc_psd->dacl = dup_sec_acl(talloc_tos(), psd->dacl);
if (nc_psd->dacl == NULL) {
return NT_STATUS_NO_MEMORY;
}
}
- security_info_sent |= DACL_SECURITY_INFORMATION;
+ security_info_sent |= SECINFO_DACL;
psd = nc_psd;
}