struct canon_ace *next, *prev;
SMB_ACL_TAG_T type;
mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
- DOM_SID trustee;
+ struct dom_sid trustee;
enum ace_owner owner_type;
enum ace_attribute attr;
posix_id unix_ug;
Function to create owner and group SIDs from a SMB_STRUCT_STAT.
****************************************************************************/
-void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid)
+void create_file_sids(const SMB_STRUCT_STAT *psbuf, struct dom_sid *powner_sid, struct dom_sid *pgroup_sid)
{
uid_to_sid( powner_sid, psbuf->st_ex_uid );
gid_to_sid( pgroup_sid, psbuf->st_ex_gid );
}
/****************************************************************************
- Unpack a SEC_DESC into a UNIX owner and group.
+ Unpack a struct security_descriptor into a UNIX owner and group.
****************************************************************************/
NTSTATUS unpack_nt_owners(struct connection_struct *conn,
uid_t *puser, gid_t *pgrp,
- uint32 security_info_sent, const SEC_DESC *psd)
+ uint32 security_info_sent, const struct
+ security_descriptor *psd)
{
- DOM_SID owner_sid;
- DOM_SID grp_sid;
+ struct dom_sid owner_sid;
+ struct dom_sid grp_sid;
*puser = (uid_t)-1;
*pgrp = (gid_t)-1;
static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace,
const struct share_params *params,
const bool is_directory,
- const DOM_SID *pfile_owner_sid,
- const DOM_SID *pfile_grp_sid,
+ const struct dom_sid *pfile_owner_sid,
+ const struct dom_sid *pfile_grp_sid,
const SMB_STRUCT_STAT *pst,
bool setting_acl)
{
file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ.
****************************************************************************/
-static void check_owning_objs(canon_ace *ace, DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid)
+static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, struct dom_sid *pfile_grp_sid)
{
bool got_user_obj, got_group_obj;
canon_ace *current_ace;
}
/****************************************************************************
- Unpack a SEC_DESC into two canonical ace lists.
+ Unpack a struct security_descriptor into two canonical ace lists.
****************************************************************************/
static bool create_canon_ace_lists(files_struct *fsp,
const SMB_STRUCT_STAT *pst,
- DOM_SID *pfile_owner_sid,
- DOM_SID *pfile_grp_sid,
+ struct dom_sid *pfile_owner_sid,
+ struct dom_sid *pfile_grp_sid,
canon_ace **ppfile_ace,
canon_ace **ppdir_ace,
- const SEC_ACL *dacl)
+ const struct security_acl *dacl)
{
bool all_aces_are_inherit_only = (fsp->is_directory ? True : False);
canon_ace *file_ace = NULL;
*/
for(i = 0; i < dacl->num_aces; i++) {
- SEC_ACE *psa = &dacl->aces[i];
+ struct security_ace *psa = &dacl->aces[i];
if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
*/
for(i = 0; i < dacl->num_aces; i++) {
- SEC_ACE *psa1 = &dacl->aces[i];
+ struct security_ace *psa1 = &dacl->aces[i];
for (j = i + 1; j < dacl->num_aces; j++) {
- SEC_ACE *psa2 = &dacl->aces[j];
+ struct security_ace *psa2 = &dacl->aces[j];
if (psa1->access_mask != psa2->access_mask)
continue;
}
for(i = 0; i < dacl->num_aces; i++) {
- SEC_ACE *psa = &dacl->aces[i];
+ struct security_ace *psa = &dacl->aces[i];
/*
* Create a cannon_ace entry representing this NT DACL ACE.
}
/****************************************************************************
- Unpack a SEC_DESC into two canonical ace lists. We don't depend on this
+ Unpack a struct security_descriptor into two canonical ace lists. We don't depend on this
succeeding.
****************************************************************************/
static bool unpack_canon_ace(files_struct *fsp,
const SMB_STRUCT_STAT *pst,
- DOM_SID *pfile_owner_sid,
- DOM_SID *pfile_grp_sid,
+ struct dom_sid *pfile_owner_sid,
+ struct dom_sid *pfile_grp_sid,
canon_ace **ppfile_ace,
canon_ace **ppdir_ace,
uint32 security_info_sent,
- const SEC_DESC *psd)
+ const struct security_descriptor *psd)
{
SMB_STRUCT_STAT st;
canon_ace *file_ace = NULL;
static canon_ace *canonicalise_acl(struct connection_struct *conn,
const char *fname, SMB_ACL_T posix_acl,
const SMB_STRUCT_STAT *psbuf,
- const DOM_SID *powner, const DOM_SID *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type)
+ const struct dom_sid *powner, const struct dom_sid *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type)
{
mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR);
canon_ace *l_head = NULL;
while ( posix_acl && (SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1)) {
SMB_ACL_TAG_T tagtype;
SMB_ACL_PERMSET_T permset;
- DOM_SID sid;
+ struct dom_sid sid;
posix_id unix_ug;
enum ace_owner owner_type;
Based on code from "Jim McDonough" <jmcd@us.ibm.com>.
****************************************************************************/
-static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
+static size_t merge_default_aces( struct security_ace *nt_ace_list, size_t num_aces)
{
size_t i, j;
(i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
if (num_aces - i - 1 > 0)
memmove(&nt_ace_list[i], &nt_ace_list[i+1], (num_aces-i-1) *
- sizeof(SEC_ACE));
+ sizeof(struct security_ace));
DEBUG(10,("merge_default_aces: Merging zero access ACE %u onto ACE %u.\n",
(unsigned int)i, (unsigned int)j ));
(i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
if (num_aces - j - 1 > 0)
memmove(&nt_ace_list[j], &nt_ace_list[j+1], (num_aces-j-1) *
- sizeof(SEC_ACE));
+ sizeof(struct security_ace));
DEBUG(10,("merge_default_aces: Merging ACE %u onto ACE %u.\n",
(unsigned int)j, (unsigned int)i ));
* any reallocation of memory.
*/
-static void add_or_replace_ace(SEC_ACE *nt_ace_list, size_t *num_aces,
- const DOM_SID *sid, enum security_ace_type type,
+static void add_or_replace_ace(struct security_ace *nt_ace_list, size_t *num_aces,
+ const struct dom_sid *sid, enum security_ace_type type,
uint32_t mask, uint8_t flags)
{
int i;
SMB_ACL_T posix_acl,
SMB_ACL_T def_acl,
uint32_t security_info,
- SEC_DESC **ppdesc)
+ struct security_descriptor **ppdesc)
{
- DOM_SID owner_sid;
- DOM_SID group_sid;
+ struct dom_sid owner_sid;
+ struct dom_sid group_sid;
size_t sd_size = 0;
- SEC_ACL *psa = NULL;
+ struct security_acl *psa = NULL;
size_t num_acls = 0;
size_t num_def_acls = 0;
size_t num_aces = 0;
canon_ace *file_ace = NULL;
canon_ace *dir_ace = NULL;
- SEC_ACE *nt_ace_list = NULL;
+ struct security_ace *nt_ace_list = NULL;
size_t num_profile_acls = 0;
- DOM_SID orig_owner_sid;
- SEC_DESC *psd = NULL;
+ struct dom_sid orig_owner_sid;
+ struct security_descriptor *psd = NULL;
int i;
/*
num_def_acls = count_canon_ace_list(dir_ace);
/* Allocate the ace list. */
- if ((nt_ace_list = SMB_MALLOC_ARRAY(SEC_ACE,num_acls + num_profile_acls + num_def_acls)) == NULL) {
+ if ((nt_ace_list = SMB_MALLOC_ARRAY(struct security_ace,num_acls + num_profile_acls + num_def_acls)) == NULL) {
DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
goto done;
}
- memset(nt_ace_list, '\0', (num_acls + num_def_acls) * sizeof(SEC_ACE) );
+ memset(nt_ace_list, '\0', (num_acls + num_def_acls) * sizeof(struct security_ace) );
/*
* Create the NT ACE list from the canonical ace lists.
}
NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
- SEC_DESC **ppdesc)
+ struct security_descriptor **ppdesc)
{
SMB_STRUCT_STAT sbuf;
SMB_ACL_T posix_acl = NULL;
}
NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
- uint32_t security_info, SEC_DESC **ppdesc)
+ uint32_t security_info, struct security_descriptor **ppdesc)
{
SMB_ACL_T posix_acl = NULL;
SMB_ACL_T def_acl = NULL;
****************************************************************************/
NTSTATUS append_parent_acl(files_struct *fsp,
- const SEC_DESC *pcsd,
- SEC_DESC **pp_new_sd)
+ const struct security_descriptor *pcsd,
+ struct security_descriptor **pp_new_sd)
{
struct smb_filename *smb_dname = NULL;
- SEC_DESC *parent_sd = NULL;
+ struct security_descriptor *parent_sd = NULL;
files_struct *parent_fsp = NULL;
TALLOC_CTX *mem_ctx = talloc_tos();
char *parent_name = NULL;
- SEC_ACE *new_ace = NULL;
+ struct security_ace *new_ace = NULL;
unsigned int num_aces = pcsd->dacl->num_aces;
NTSTATUS status;
int info;
unsigned int i, j;
- SEC_DESC *psd = dup_sec_desc(talloc_tos(), pcsd);
+ struct security_descriptor *psd = dup_sec_desc(talloc_tos(), pcsd);
bool is_dacl_protected = (pcsd->type & SEC_DESC_DACL_PROTECTED);
if (psd == NULL) {
num_aces += parent_sd->dacl->num_aces;
- if((new_ace = TALLOC_ZERO_ARRAY(mem_ctx, SEC_ACE,
+ if((new_ace = TALLOC_ZERO_ARRAY(mem_ctx, struct security_ace,
num_aces)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
/* Finally append any inherited ACEs. */
for (j = 0; j < parent_sd->dacl->num_aces; j++) {
- SEC_ACE *se = &parent_sd->dacl->aces[j];
+ struct security_ace *se = &parent_sd->dacl->aces[j];
if (fsp->is_directory) {
if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
This should be the only external function needed for the UNIX style set ACL.
****************************************************************************/
-NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
+NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd)
{
connection_struct *conn = fsp->conn;
uid_t user = (uid_t)-1;
gid_t grp = (gid_t)-1;
- DOM_SID file_owner_sid;
- DOM_SID file_grp_sid;
+ struct dom_sid file_owner_sid;
+ struct dom_sid file_grp_sid;
canon_ace *file_ace_list = NULL;
canon_ace *dir_ace_list = NULL;
bool acl_perms = False;
Assume we are dealing with files (for now)
********************************************************************/
-SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
+struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
{
- SEC_DESC *psd, *ret_sd;
+ struct security_descriptor *psd, *ret_sd;
connection_struct *conn;
files_struct finfo;
struct fd_handle fh;