afname,
cli_errstr( finfo->cli)));
} else {
- SEC_DESC *sd = NULL;
+ struct security_descriptor *sd = NULL;
sd = cli_query_secdesc(finfo->cli, fnum, ctx);
if (!sd) {
DEBUG( 0, ("display_finfo() failed to "
int ads_pull_sids(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
LDAPMessage *msg, const char *field, DOM_SID **sids);
bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
- LDAPMessage *msg, const char *field, SEC_DESC **sd);
+ LDAPMessage *msg, const char *field, struct security_descriptor **sd);
char *ads_pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
LDAPMessage *msg);
int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads,
void display_sec_ace(struct security_ace *ace);
void display_sec_acl(struct security_acl *sec_acl);
void display_acl_type(uint16 type);
-void display_sec_desc(SEC_DESC *sec);
+void display_sec_desc(struct security_descriptor *sec);
/* The following definitions come from lib/dmallocmsg.c */
/* The following definitions come from lib/secdesc.c */
-uint32_t get_sec_info(const SEC_DESC *sd);
-SEC_DESC *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC *new_sdb, SEC_DESC *old_sdb);
+uint32_t get_sec_info(const struct security_descriptor *sd);
+struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_descriptor *new_sdb, struct security_descriptor *old_sdb);
struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *new_sdb, struct sec_desc_buf *old_sdb);
-SEC_DESC *make_sec_desc(TALLOC_CTX *ctx,
+struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx,
enum security_descriptor_revision revision,
uint16 type,
const DOM_SID *owner_sid, const DOM_SID *grp_sid,
struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size);
-SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC *src);
+struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_descriptor *src);
NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx,
struct security_descriptor *secdesc,
uint8 **data, size_t *len);
struct security_descriptor **psecdesc);
NTSTATUS unmarshall_sec_desc_buf(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len,
struct sec_desc_buf **psecdesc_buf);
-SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *grp_sid,
+struct security_descriptor *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *grp_sid,
struct security_acl *dacl, size_t *sd_size);
-struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc);
+struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct security_descriptor *sec_desc);
struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src);
-NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 mask, size_t *sd_size);
-NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask);
-NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size);
-bool sd_has_inheritable_components(const SEC_DESC *parent_ctr, bool container);
+NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, DOM_SID *sid, uint32 mask, size_t *sd_size);
+NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, DOM_SID *sid, uint32 mask);
+NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, DOM_SID *sid, size_t *sd_size);
+bool sd_has_inheritable_components(const struct security_descriptor *parent_ctr, bool container);
NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
- SEC_DESC **ppsd,
+ struct security_descriptor **ppsd,
size_t *psize,
- const SEC_DESC *parent_ctr,
+ const struct security_descriptor *parent_ctr,
const DOM_SID *owner_sid,
const DOM_SID *group_sid,
bool container);
NTSTATUS se_create_child_secdesc_buf(TALLOC_CTX *ctx,
struct sec_desc_buf **ppsdb,
- const SEC_DESC *parent_ctr,
+ const struct security_descriptor *parent_ctr,
bool container);
/* The following definitions come from lib/select.c */
/* The following definitions come from lib/sharesec.c */
bool share_info_db_init(void);
-SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access);
-SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename,
+struct security_descriptor *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access);
+struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *servicename,
size_t *psize);
-bool set_share_security(const char *share_name, SEC_DESC *psd);
+bool set_share_security(const char *share_name, struct security_descriptor *psd);
bool delete_share_security(const char *servicename);
bool share_access_check(const NT_USER_TOKEN *token, const char *sharename,
uint32 desired_access);
-bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd);
+bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd);
/* The following definitions come from lib/smbldap.c */
void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping);
void security_acl_map_generic(struct security_acl *sa, const struct generic_mapping *mapping);
void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping);
-NTSTATUS se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token,
+NTSTATUS se_access_check(const struct security_descriptor *sd, const NT_USER_TOKEN *token,
uint32 acc_desired, uint32 *acc_granted);
/* The following definitions come from lib/util_sec.c */
/* The following definitions come from libads/disp_sec.c */
-void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd);
+void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd);
/* The following definitions come from libads/dns.c */
/* The following definitions come from libsmb/clisecdesc.c */
-SEC_DESC *cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
+struct security_descriptor *cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
TALLOC_CTX *mem_ctx);
-bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, SEC_DESC *sd);
+bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descriptor *sd);
/* The following definitions come from libsmb/clispnego.c */
char **pp_sharepath,
char **pp_comment,
char **pp_cp_share_name,
- SEC_DESC **ppsd,
+ struct security_descriptor **ppsd,
bool *pallow_guest);
int load_usershare_service(const char *servicename);
int load_usershare_shares(void);
uint32 version, bool delete_files );
WERROR nt_printing_setsec(const char *sharename, struct sec_desc_buf *secdesc_ctr);
bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, struct sec_desc_buf **secdesc_ctr);
-void map_printer_permissions(SEC_DESC *sd);
-void map_job_permissions(SEC_DESC *sd);
+void map_printer_permissions(struct security_descriptor *sd);
+void map_job_permissions(struct security_descriptor *sd);
bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
int access_type);
bool print_time_access_check(const char *servicename);
/* The following definitions come from services/services_db.c */
void svcctl_init_keys( void );
-SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
-bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, NT_USER_TOKEN *token );
+struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
+bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, NT_USER_TOKEN *token );
const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
struct regval_ctr *svcctl_fetch_regvalues( const char *name, NT_USER_TOKEN *token );
enum security_ace_type *pacl_type,
mode_t perms,
bool directory_ace);
-NTSTATUS unpack_nt_owners(connection_struct *conn, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd);
+NTSTATUS unpack_nt_owners(connection_struct *conn, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const struct security_descriptor *psd);
SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl);
NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
- SEC_DESC **ppdesc);
+ struct security_descriptor **ppdesc);
NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
- uint32_t security_info, SEC_DESC **ppdesc);
+ uint32_t security_info, struct security_descriptor **ppdesc);
int try_chown(connection_struct *conn, struct smb_filename *smb_fname,
uid_t uid, gid_t gid);
NTSTATUS append_parent_acl(files_struct *fsp,
- const SEC_DESC *pcsd,
- SEC_DESC **pp_new_sd);
-NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd);
+ const struct security_descriptor *pcsd,
+ struct security_descriptor **pp_new_sd);
+NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd);
int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode );
int chmod_acl(connection_struct *conn, const char *name, mode_t mode);
int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir,
const SMB_STRUCT_STAT *psbuf,
uint16 num_def_acls, const char *pdata);
bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata);
-SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname);
+struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname);
/* The following definitions come from smbd/process.c */
int fncall_recv(struct tevent_req *req, int *perr);
/* The following definitions come from rpc_server/srv_samr_nt.c */
-NTSTATUS access_check_object( SEC_DESC *psd, NT_USER_TOKEN *token,
+NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token,
SE_PRIV *rights, uint32 rights_mask,
uint32 des_access, uint32 *acc_granted,
const char *debug);
uint32 next_sk_off;
uint32 ref_count;
uint32 size;
- SEC_DESC *sec_desc;
+ struct security_descriptor *sec_desc;
} REGF_SK_REC;
/* Key Name */
REGF_NK_REC* regfio_fetch_subkey( REGF_FILE *file, REGF_NK_REC *nk );
REGF_NK_REC* regfio_write_key ( REGF_FILE *file, const char *name,
struct regval_ctr *values, struct regsubkey_ctr *subkeys,
- SEC_DESC *sec_desc, REGF_NK_REC *parent );
+ struct security_descriptor *sec_desc, REGF_NK_REC *parent );
#endif /* _REGFIO_H */
#define SEC_DESC_REVISION 0x1
#endif
-#ifndef _SEC_DESC
-/* SEC_DESC */
-typedef struct security_descriptor SEC_DESC;
#define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32))
-#define _SEC_DESC
-#endif
/* A type to describe the mapping of generic access rights to object
specific access rights. */
Given a security_descriptor return the sec_info.
********************************************************************/
-uint32_t get_sec_info(const SEC_DESC *sd)
+uint32_t get_sec_info(const struct security_descriptor *sd)
{
uint32_t sec_info = ALL_SECURITY_INFORMATION;
DOM_SID *owner_sid, *group_sid;
struct sec_desc_buf *return_sdb;
struct security_acl *dacl, *sacl;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
uint16 secdesc_type;
size_t secdesc_size;
return(return_sdb);
}
-SEC_DESC *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC *new_sdb, SEC_DESC *old_sdb)
+struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_descriptor *new_sdb, struct security_descriptor *old_sdb)
{
DOM_SID *owner_sid, *group_sid;
struct security_acl *dacl, *sacl;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
uint16 secdesc_type;
size_t secdesc_size;
}
/*******************************************************************
- Creates a SEC_DESC structure
+ Creates a struct security_descriptor structure
********************************************************************/
-SEC_DESC *make_sec_desc(TALLOC_CTX *ctx,
+struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx,
enum security_descriptor_revision revision,
uint16 type,
const DOM_SID *owner_sid, const DOM_SID *grp_sid,
struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size)
{
- SEC_DESC *dst;
+ struct security_descriptor *dst;
uint32 offset = 0;
*sd_size = 0;
- if(( dst = TALLOC_ZERO_P(ctx, SEC_DESC)) == NULL)
+ if(( dst = TALLOC_ZERO_P(ctx, struct security_descriptor)) == NULL)
return NULL;
dst->revision = revision;
}
/*******************************************************************
- Duplicate a SEC_DESC structure.
+ Duplicate a struct security_descriptor structure.
********************************************************************/
-SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC *src)
+struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_descriptor *src)
{
size_t dummy;
}
/*******************************************************************
- Creates a SEC_DESC structure with typical defaults.
+ Creates a struct security_descriptor structure with typical defaults.
********************************************************************/
-SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *grp_sid,
+struct security_descriptor *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *grp_sid,
struct security_acl *dacl, size_t *sd_size)
{
return make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
Creates a struct sec_desc_buf structure.
********************************************************************/
-struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc)
+struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct security_descriptor *sec_desc)
{
struct sec_desc_buf *dst;
}
/*******************************************************************
- Add a new SID with its permissions to SEC_DESC.
+ Add a new SID with its permissions to struct security_descriptor.
********************************************************************/
-NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 mask, size_t *sd_size)
+NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, DOM_SID *sid, uint32 mask, size_t *sd_size)
{
- SEC_DESC *sd = 0;
+ struct security_descriptor *sd = 0;
struct security_acl *dacl = 0;
struct security_ace *ace = 0;
NTSTATUS status;
}
/*******************************************************************
- Modify a SID's permissions in a SEC_DESC.
+ Modify a SID's permissions in a struct security_descriptor.
********************************************************************/
-NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask)
+NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, DOM_SID *sid, uint32 mask)
{
NTSTATUS status;
}
/*******************************************************************
- Delete a SID from a SEC_DESC.
+ Delete a SID from a struct security_descriptor.
********************************************************************/
-NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size)
+NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, DOM_SID *sid, size_t *sd_size)
{
- SEC_DESC *sd = 0;
+ struct security_descriptor *sd = 0;
struct security_acl *dacl = 0;
struct security_ace *ace = 0;
NTSTATUS status;
* the newly created type ?
*/
-bool sd_has_inheritable_components(const SEC_DESC *parent_ctr, bool container)
+bool sd_has_inheritable_components(const struct security_descriptor *parent_ctr, bool container)
{
unsigned int i;
const struct security_acl *the_acl = parent_ctr->dacl;
non-container object. */
NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
- SEC_DESC **ppsd,
+ struct security_descriptor **ppsd,
size_t *psize,
- const SEC_DESC *parent_ctr,
+ const struct security_descriptor *parent_ctr,
const DOM_SID *owner_sid,
const DOM_SID *group_sid,
bool container)
NTSTATUS se_create_child_secdesc_buf(TALLOC_CTX *ctx,
struct sec_desc_buf **ppsdb,
- const SEC_DESC *parent_ctr,
+ const struct security_descriptor *parent_ctr,
bool container)
{
NTSTATUS status;
size_t size = 0;
- SEC_DESC *sd = NULL;
+ struct security_descriptor *sd = NULL;
*ppsdb = NULL;
status = se_create_child_secdesc(ctx,
def_access is a GENERIC_XXX access mode.
********************************************************************/
-SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
+struct security_descriptor *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
{
uint32_t sa;
struct security_ace ace;
struct security_acl *psa = NULL;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
uint32 spec_access = def_access;
se_map_generic(&spec_access, &file_generic_mapping);
Pull a security descriptor from the share tdb.
********************************************************************/
-SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename,
+struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *servicename,
size_t *psize)
{
char *key;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
TDB_DATA data;
char *c_servicename = canonicalize_servicename(talloc_tos(), servicename);
NTSTATUS status;
Store a security descriptor in the share db.
********************************************************************/
-bool set_share_security(const char *share_name, SEC_DESC *psd)
+bool set_share_security(const char *share_name, struct security_descriptor *psd)
{
TALLOC_CTX *frame = talloc_stackframe();
char *key;
{
uint32 granted;
NTSTATUS status;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size;
psd = get_share_security(talloc_tos(), sharename, &sd_size);
Parse the contents of an acl string from a usershare file.
***************************************************************************/
-bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
+bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd)
{
size_t s_size = 0;
const char *pacl = acl_str;
int num_aces = 0;
struct security_ace *ace_list = NULL;
struct security_acl *psa = NULL;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size = 0;
int i;
/* If the acl string is blank return "Everyone:R" */
if (!*acl_str) {
- SEC_DESC *default_psd = get_share_security_default(ctx, &s_size, GENERIC_READ_ACCESS);
+ struct security_descriptor *default_psd = get_share_security_default(ctx, &s_size, GENERIC_READ_ACCESS);
if (!default_psd) {
return False;
}
}
/* display SD */
-void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, SEC_DESC *sd)
+void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd)
{
int i;
char *tmp_path = NULL;
}
/**
- * pull a SEC_DESC from a ADS result
+ * pull a struct security_descriptor from a ADS result
* @param ads connection to ads server
* @param mem_ctx TALLOC_CTX for allocating sid array
* @param msg Results of search
* @param field Attribute to retrieve
- * @param sd Pointer to *SEC_DESC to store result (talloc()ed)
+ * @param sd Pointer to *struct security_descriptor to store result (talloc()ed)
* @return boolean inidicating success
*/
bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
- LDAPMessage *msg, const char *field, SEC_DESC **sd)
+ LDAPMessage *msg, const char *field,
+ struct security_descriptor **sd)
{
struct berval **values;
bool ret = true;
/****************************************************************************
query the security descriptor for a open file
****************************************************************************/
-SEC_DESC *cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
+struct security_descriptor *cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
TALLOC_CTX *mem_ctx)
{
uint8_t param[8];
uint8_t *rdata=NULL;
uint32_t rdata_count=0;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
NTSTATUS status;
SIVAL(param, 0, fnum);
/****************************************************************************
set the security descriptor for a open file
****************************************************************************/
-bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, SEC_DESC *sd)
+bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descriptor *sd)
{
char param[8];
char *rparam=NULL, *rdata=NULL;
/* parse a ascii version of a security descriptor */
-static SEC_DESC *
+static struct security_descriptor *
sec_desc_parse(TALLOC_CTX *ctx,
struct cli_state *ipc_cli,
struct policy_handle *pol,
{
const char *p = str;
char *tok;
- SEC_DESC *ret = NULL;
+ struct security_descriptor *ret = NULL;
size_t sd_size;
DOM_SID *group_sid=NULL;
DOM_SID *owner_sid=NULL;
bool numeric = True;
bool determine_size = (bufsize == 0);
uint16_t fnum;
- SEC_DESC *sd;
+ struct security_descriptor *sd;
fstring sidstr;
fstring name_sandbox;
char *name;
{
uint16_t fnum = (uint16_t)-1;
int err = 0;
- SEC_DESC *sd = NULL, *old;
+ struct security_descriptor *sd = NULL, *old;
struct security_acl *dacl = NULL;
DOM_SID *owner_sid = NULL;
DOM_SID *group_sid = NULL;
static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf,
uint32 security_info,
- SEC_DESC **ppdesc, SMB4ACL_T *theacl)
+ struct security_descriptor **ppdesc, SMB4ACL_T *theacl)
{
int good_aces = 0;
DOM_SID sid_owner, sid_group;
NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
uint32 security_info,
- SEC_DESC **ppdesc, SMB4ACL_T *theacl)
+ struct security_descriptor **ppdesc, SMB4ACL_T *theacl)
{
SMB_STRUCT_STAT sbuf;
NTSTATUS smb_get_nt_acl_nfs4(struct connection_struct *conn,
const char *name,
uint32 security_info,
- SEC_DESC **ppdesc, SMB4ACL_T *theacl)
+ struct security_descriptor **ppdesc, SMB4ACL_T *theacl)
{
SMB_STRUCT_STAT sbuf;
NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
uint32 security_info_sent,
- const SEC_DESC *psd,
+ const struct security_descriptor *psd,
set_nfs4acl_native_fn_t set_nfs4_native)
{
smbacl4_vfs_params params;
NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
uint32 security_info,
- SEC_DESC **ppdesc, SMB4ACL_T *theacl);
+ struct security_descriptor **ppdesc, SMB4ACL_T *theacl);
NTSTATUS smb_get_nt_acl_nfs4(connection_struct *conn,
const char *name,
uint32 security_info,
- SEC_DESC **ppdesc, SMB4ACL_T *theacl);
+ struct security_descriptor **ppdesc, SMB4ACL_T *theacl);
/* Callback function needed to set the native acl
* when applicable */
NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
uint32 security_info_sent,
- const SEC_DESC *psd,
+ const struct security_descriptor *psd,
set_nfs4acl_native_fn_t set_nfs4_native);
#endif /* __NFS4_ACLS_H__ */
void *handle_p);
NTSTATUS onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info, SEC_DESC **ppdesc);
+ uint32 security_info, struct security_descriptor **ppdesc);
NTSTATUS onefs_get_nt_acl(vfs_handle_struct *handle, const char* name,
- uint32 security_info, SEC_DESC **ppdesc);
+ uint32 security_info, struct security_descriptor **ppdesc);
NTSTATUS onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info_sent, const SEC_DESC *psd);
+ uint32 security_info_sent,
+ const struct security_descriptor *psd);
/*
* Utility functions
*/
struct ifs_security_descriptor;
-NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent, const SEC_DESC *psd,
+NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent,
+ const struct security_descriptor *psd,
struct ifs_security_descriptor *sd, int snum,
uint32_t *security_info_effective);
*/
NTSTATUS
onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info, SEC_DESC **ppdesc)
+ uint32 security_info, struct security_descriptor **ppdesc)
{
int error;
uint32_t sd_size = 0;
DOM_SID owner_sid, group_sid;
DOM_SID *ownerp, *groupp;
struct security_acl *dacl, *sacl;
- SEC_DESC *pdesc;
+ struct security_descriptor *pdesc;
bool alloced = false;
bool new_aces_alloced = false;
bool fopened = false;
*/
NTSTATUS
onefs_get_nt_acl(vfs_handle_struct *handle, const char* name,
- uint32 security_info, SEC_DESC **ppdesc)
+ uint32 security_info, struct security_descriptor **ppdesc)
{
files_struct finfo;
struct fd_handle fh;
/**
* Isilon-specific function for setting up an ifs_security_descriptor, given a
- * samba SEC_DESC.
+ * samba struct security_descriptor
*
* @param[out] sd ifs_security_descriptor to fill in
*
* @return NTSTATUS_OK if successful
*/
-NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent, const SEC_DESC *psd,
+NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent,
+ const struct security_descriptor *psd,
struct ifs_security_descriptor *sd, int snum,
uint32_t *security_info_effective)
{
*/
NTSTATUS
onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32_t sec_info_sent, const SEC_DESC *psd)
+ uint32_t sec_info_sent, const struct security_descriptor *psd)
{
struct ifs_security_descriptor sd = {};
int fd = -1;
NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32 security_info_sent,
- const SEC_DESC *psd)
+ const struct security_descriptor *psd)
{
return afs_set_nt_acl(handle, fsp, security_info_sent, psd);
}
static NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, uint32 security_info,
- SEC_DESC **ppdesc)
+ struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl = NULL;
bool result;
static NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
const char *name,
- uint32 security_info, SEC_DESC **ppdesc)
+ uint32 security_info, struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl = NULL;
bool result;
return True;
}
-static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
+static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd)
{
acl_type_t acl_type_info;
NTSTATUS result = NT_STATUS_ACCESS_DENIED;
return result;
}
-NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
+NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd)
{
return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
}
static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
- uint32 security_info, SEC_DESC **ppdesc)
+ uint32 security_info,
+ struct security_descriptor **ppdesc)
{
NTSTATUS result;
static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
const char *name,
- uint32 security_info, SEC_DESC **ppdesc)
+ uint32 security_info,
+ struct security_descriptor **ppdesc)
{
NTSTATUS result;
return result;
}
-static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
+static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd)
{
NTSTATUS result;
static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info,
- SEC_DESC **ppdesc)
+ struct security_descriptor **ppdesc)
{
NTSTATUS result;
static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
const char *name,
uint32 security_info,
- SEC_DESC **ppdesc)
+ struct security_descriptor **ppdesc)
{
NTSTATUS result;
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
- const SEC_DESC *psd)
+ const struct security_descriptor *psd)
{
NTSTATUS result;
static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, uint32 security_info,
- SEC_DESC **ppdesc)
+ struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl = NULL;
int result;
static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
const char *name,
- uint32 security_info, SEC_DESC **ppdesc)
+ uint32 security_info, struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl = NULL;
int result;
return True;
}
-static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
+static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd)
{
struct gpfs_acl *acl;
NTSTATUS result = NT_STATUS_ACCESS_DENIED;
return result;
}
-static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
+static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd)
{
return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd);
}
static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32 security_info_sent,
- const SEC_DESC *psd)
+ const struct security_descriptor *psd)
{
return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
}
char **pp_sharepath,
char **pp_comment,
char **pp_cp_servicename,
- SEC_DESC **ppsd,
+ struct security_descriptor **ppsd,
bool *pallow_guest)
{
const char **prefixallowlist = lp_usershare_prefix_allow_list();
int fd = -1;
int iService = -1;
TALLOC_CTX *ctx = talloc_stackframe();
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
bool guest_ok = False;
char *canon_name = NULL;
bool added_service = false;
NTSTATUS status;
struct sec_desc_buf *sd_orig = NULL;
struct sec_desc_buf *sd_new, *sd_store;
- SEC_DESC *sec, *new_sec;
+ struct security_descriptor *sec, *new_sec;
TALLOC_CTX *ctx = state;
int result, i;
uint32 sd_size;
}
}
- /* create a new SEC_DESC with the appropriate owner and group SIDs */
+ /* create a new struct security_descriptor with the appropriate owner and group SIDs */
new_sec = make_sec_desc( ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
&global_sid_Builtin_Administrators,
int i = 0;
uint32_t sa;
struct security_acl *psa = NULL;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
DOM_SID adm_sid;
size_t sd_size;
if (!secdesc_ctr->sd->owner_sid || !secdesc_ctr->sd->group_sid) {
DOM_SID *owner_sid, *group_sid;
struct security_acl *dacl, *sacl;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t size;
if (!nt_printing_getsec(mem_ctx, sharename, &old_secdesc_ctr)) {
uint32_t sa;
struct security_acl *psa = NULL;
struct sec_desc_buf *sdb = NULL;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
DOM_SID adm_sid;
size_t sd_size;
if (secrets_fetch_domain_sid(lp_workgroup(), &owner_sid)) {
struct sec_desc_buf *new_secdesc_ctr = NULL;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t size;
/* Create new sd */
It turns out that NT4 security descriptors use generic access rights and
NT5 the object specific ones. */
-void map_printer_permissions(SEC_DESC *sd)
+void map_printer_permissions(struct security_descriptor *sd)
{
int i;
}
}
-void map_job_permissions(SEC_DESC *sd)
+void map_job_permissions(struct security_descriptor *sd)
{
int i;
char *subkeyname;
struct registry_key_handle registry_key;
WERROR result = WERR_OK;
- SEC_DESC *sec_desc = NULL;
+ struct security_descriptor *sec_desc = NULL;
if (!regfile) {
return WERR_GENERAL_FAILURE;
/********************************************************************
********************************************************************/
-static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
+static WERROR construct_registry_sd(TALLOC_CTX *ctx, struct security_descriptor **psd)
{
struct security_ace ace[3];
size_t i = 0;
- SEC_DESC *sd;
+ struct security_descriptor *sd;
struct security_acl *theacl;
size_t sd_size;
uint32 *granted,
const struct nt_user_token *token )
{
- SEC_DESC *sec_desc;
+ struct security_descriptor *sec_desc;
NTSTATUS status;
WERROR err;
/*******************************************************************
*******************************************************************/
-static REGF_SK_REC* find_sk_record_by_sec_desc( REGF_FILE *file, SEC_DESC *sd )
+static REGF_SK_REC* find_sk_record_by_sec_desc( REGF_FILE *file, struct security_descriptor *sd )
{
REGF_SK_REC *p;
/*******************************************************************
*******************************************************************/
-static uint32 sk_record_data_size( SEC_DESC * sd )
+static uint32 sk_record_data_size( struct security_descriptor * sd )
{
uint32 size, size_mod8;
REGF_NK_REC* regfio_write_key( REGF_FILE *file, const char *name,
struct regval_ctr *values, struct regsubkey_ctr *subkeys,
- SEC_DESC *sec_desc, REGF_NK_REC *parent )
+ struct security_descriptor *sec_desc, REGF_NK_REC *parent )
{
REGF_NK_REC *nk;
REGF_HBIN *vlist_hbin = NULL;
static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
{
char *tdbname = elog_tdbname(talloc_tos(), info->logname );
- SEC_DESC *sec_desc;
+ struct security_descriptor *sec_desc;
NTSTATUS status;
if ( !tdbname )
return NT_STATUS_OK;
}
-static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *sd_size,
+static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, struct security_descriptor **sd, size_t *sd_size,
const struct generic_mapping *map,
DOM_SID *sid, uint32_t sid_access)
{
struct lsa_OpenPolicy2 *r)
{
struct lsa_info *info;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size;
uint32 des_access = r->in.access_mask;
uint32 acc_granted;
{
struct lsa_info *handle;
struct lsa_info *info;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size;
uint32_t des_access = r->in.access_mask;
uint32_t acc_granted;
struct lsa_QuerySecurity *r)
{
struct lsa_info *handle=NULL;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size;
NTSTATUS status;
struct lsa_info *info = NULL;
int i = 0;
uint32_t acc_granted = 0;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size;
DOM_SID sid;
NTSTATUS status;
{
struct lsa_info *info = NULL;
int i = 0;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size;
DOM_SID sid;
const char *privname = NULL;
/*******************************************************************
*******************************************************************/
-static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size,
+static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, struct security_descriptor **psd, size_t *sd_size,
const struct generic_mapping *map,
DOM_SID *sid, uint32 sid_access )
{
level of access for further checks.
********************************************************************/
-NTSTATUS access_check_object( SEC_DESC *psd, NT_USER_TOKEN *token,
+NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token,
SE_PRIV *rights, uint32 rights_mask,
uint32 des_access, uint32 *acc_granted,
const char *debug )
{
struct samr_connect_info *cinfo;
struct samr_domain_info *dinfo;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
uint32 acc_granted;
uint32 des_access = r->in.access_mask;
NTSTATUS status;
struct samr_group_info *ginfo;
struct samr_alias_info *ainfo;
NTSTATUS status;
- SEC_DESC * psd = NULL;
+ struct security_descriptor * psd = NULL;
size_t sd_size = 0;
cinfo = policy_handle_find(p, r->in.handle,
DOM_SID sid;
struct samr_domain_info *dinfo;
struct samr_user_info *uinfo;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
uint32 acc_granted;
uint32 des_access = r->in.access_mask;
uint32_t extra_access = 0;
struct samr_user_info *uinfo;
NTSTATUS nt_status;
uint32 acc_granted;
- SEC_DESC *psd;
+ struct security_descriptor *psd;
size_t sd_size;
/* check this, when giving away 'add computer to domain' privs */
uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
{
struct samr_connect_info *info = NULL;
struct policy_handle hnd;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
uint32 acc_granted;
uint32 des_access = r->in.access_mask;
NTSTATUS nt_status;
uint32 alias_rid = r->in.rid;
struct samr_alias_info *ainfo;
struct samr_domain_info *dinfo;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
uint32 acc_granted;
uint32 des_access = r->in.access_mask;
size_t sd_size;
GROUP_MAP map;
struct samr_domain_info *dinfo;
struct samr_group_info *ginfo;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
uint32 acc_granted;
uint32 des_access = r->in.access_mask;
size_t sd_size;
Map any generic bits to file specific bits.
********************************************************************/
-static void map_generic_share_sd_bits(SEC_DESC *psd)
+static void map_generic_share_sd_bits(struct security_descriptor *psd)
{
int i;
struct security_acl *ps_dacl = NULL;
{
const char *net_name = lp_servicename(snum);
char *path = NULL;
- SEC_DESC *sd = NULL;
+ struct security_descriptor *sd = NULL;
struct sec_desc_buf *sd_buf = NULL;
size_t sd_size = 0;
TALLOC_CTX *ctx = p->mem_ctx;
static void init_srv_share_info_1501(pipes_struct *p, struct sec_desc_buf *r, int snum)
{
- SEC_DESC *sd;
+ struct security_descriptor *sd;
size_t sd_size;
TALLOC_CTX *ctx = p->mem_ctx;
int snum;
int ret;
char *path = NULL;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
bool is_disk_op = False;
int max_connections = 0;
/* Replace SD if changed. */
if (psd) {
- SEC_DESC *old_sd;
+ struct security_descriptor *old_sd;
size_t sd_size;
old_sd = get_share_security(p->mem_ctx, lp_servicename(snum), &sd_size);
int snum;
int ret;
char *path;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
bool is_disk_op;
int max_connections = 0;
struct srvsvc_NetGetFileSecurity *r)
{
struct smb_filename *smb_fname = NULL;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
size_t sd_size;
fstring servicename;
SMB_STRUCT_STAT st;
/********************************************************************
********************************************************************/
-static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
+static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, NT_USER_TOKEN *token,
uint32 access_desired, uint32 *access_granted )
{
if ( geteuid() == sec_initial_uid() ) {
/********************************************************************
********************************************************************/
-static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
+static struct security_descriptor* construct_scm_sd( TALLOC_CTX *ctx )
{
struct security_ace ace[2];
size_t i = 0;
- SEC_DESC *sd;
+ struct security_descriptor *sd;
struct security_acl *theacl;
size_t sd_size;
WERROR _svcctl_OpenSCManagerW(pipes_struct *p,
struct svcctl_OpenSCManagerW *r)
{
- SEC_DESC *sec_desc;
+ struct security_descriptor *sec_desc;
uint32 access_granted = 0;
NTSTATUS status;
WERROR _svcctl_OpenServiceW(pipes_struct *p,
struct svcctl_OpenServiceW *r)
{
- SEC_DESC *sec_desc;
+ struct security_descriptor *sec_desc;
uint32 access_granted = 0;
NTSTATUS status;
const char *service = NULL;
struct svcctl_QueryServiceObjectSecurity *r)
{
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
- SEC_DESC *sec_desc;
+ struct security_descriptor *sec_desc;
NTSTATUS status;
uint8_t *buffer = NULL;
size_t len = 0;
struct svcctl_SetServiceObjectSecurity *r)
{
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
- SEC_DESC *sec_desc = NULL;
+ struct security_descriptor *sec_desc = NULL;
uint32 required_access;
NTSTATUS status;
union spoolss_PrinterInfo info1, info2;
WERROR werror;
TALLOC_CTX *mem_ctx = talloc_init("compare_printer_secdesc");
- SEC_DESC *sd1, *sd2;
+ struct security_descriptor *sd1, *sd2;
bool result = true;
/********************************************************************
********************************************************************/
-static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx )
+static struct security_descriptor* construct_service_sd( TALLOC_CTX *ctx )
{
struct security_ace ace[4];
size_t i = 0;
- SEC_DESC *sd = NULL;
+ struct security_descriptor *sd = NULL;
struct security_acl *theacl = NULL;
size_t sd_size;
char *path = NULL;
struct regval_ctr *values = NULL;
struct regsubkey_ctr *svc_subkeys = NULL;
- SEC_DESC *sd = NULL;
+ struct security_descriptor *sd = NULL;
DATA_BLOB sd_blob;
NTSTATUS status;
in case of any failure.
********************************************************************/
-SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
+struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
{
struct registry_key_handle *key = NULL;
struct regval_ctr *values = NULL;
struct regval_blob *val = NULL;
- SEC_DESC *ret_sd = NULL;
+ struct security_descriptor *ret_sd = NULL;
char *path= NULL;
WERROR wresult;
NTSTATUS status;
Wrapper to make storing a Service sd easier
********************************************************************/
-bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, NT_USER_TOKEN *token )
+bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, NT_USER_TOKEN *token )
{
struct registry_key_handle *key = NULL;
WERROR wresult;
NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len,
uint32_t security_info_sent)
{
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
NTSTATUS status;
if (sd_len == 0 || !lp_nt_acl_support(SNUM(fsp->conn))) {
Fake up a completely empty SD.
*******************************************************************************/
-static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
+static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, struct security_descriptor **ppsd)
{
size_t sd_size;
size_t *psd_size)
{
NTSTATUS status;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
/*
* Get the permissions to return.
}
/****************************************************************************
- Unpack a SEC_DESC into a UNIX owner and group.
+ Unpack a struct security_descriptor into a UNIX owner and group.
****************************************************************************/
NTSTATUS unpack_nt_owners(struct connection_struct *conn,
uid_t *puser, gid_t *pgrp,
- uint32 security_info_sent, const SEC_DESC *psd)
+ uint32 security_info_sent, const struct
+ security_descriptor *psd)
{
DOM_SID owner_sid;
DOM_SID grp_sid;
}
/****************************************************************************
- Unpack a SEC_DESC into two canonical ace lists.
+ Unpack a struct security_descriptor into two canonical ace lists.
****************************************************************************/
static bool create_canon_ace_lists(files_struct *fsp,
}
/****************************************************************************
- Unpack a SEC_DESC into two canonical ace lists. We don't depend on this
+ Unpack a struct security_descriptor into two canonical ace lists. We don't depend on this
succeeding.
****************************************************************************/
canon_ace **ppfile_ace,
canon_ace **ppdir_ace,
uint32 security_info_sent,
- const SEC_DESC *psd)
+ const struct security_descriptor *psd)
{
SMB_STRUCT_STAT st;
canon_ace *file_ace = NULL;
SMB_ACL_T posix_acl,
SMB_ACL_T def_acl,
uint32_t security_info,
- SEC_DESC **ppdesc)
+ struct security_descriptor **ppdesc)
{
DOM_SID owner_sid;
DOM_SID group_sid;
struct security_ace *nt_ace_list = NULL;
size_t num_profile_acls = 0;
DOM_SID orig_owner_sid;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
int i;
/*
}
NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
- SEC_DESC **ppdesc)
+ struct security_descriptor **ppdesc)
{
SMB_STRUCT_STAT sbuf;
SMB_ACL_T posix_acl = NULL;
}
NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
- uint32_t security_info, SEC_DESC **ppdesc)
+ uint32_t security_info, struct security_descriptor **ppdesc)
{
SMB_ACL_T posix_acl = NULL;
SMB_ACL_T def_acl = NULL;
****************************************************************************/
NTSTATUS append_parent_acl(files_struct *fsp,
- const SEC_DESC *pcsd,
- SEC_DESC **pp_new_sd)
+ const struct security_descriptor *pcsd,
+ struct security_descriptor **pp_new_sd)
{
struct smb_filename *smb_dname = NULL;
- SEC_DESC *parent_sd = NULL;
+ struct security_descriptor *parent_sd = NULL;
files_struct *parent_fsp = NULL;
TALLOC_CTX *mem_ctx = talloc_tos();
char *parent_name = NULL;
NTSTATUS status;
int info;
unsigned int i, j;
- SEC_DESC *psd = dup_sec_desc(talloc_tos(), pcsd);
+ struct security_descriptor *psd = dup_sec_desc(talloc_tos(), pcsd);
bool is_dacl_protected = (pcsd->type & SEC_DESC_DACL_PROTECTED);
if (psd == NULL) {
This should be the only external function needed for the UNIX style set ACL.
****************************************************************************/
-NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
+NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd)
{
connection_struct *conn = fsp->conn;
uid_t user = (uid_t)-1;
Assume we are dealing with files (for now)
********************************************************************/
-SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
+struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
{
- SEC_DESC *psd, *ret_sd;
+ struct security_descriptor *psd, *ret_sd;
connection_struct *conn;
files_struct finfo;
struct fd_handle fh;
struct user_token *tokens)
{
uint16_t fnum;
- SEC_DESC *share_sd = NULL;
- SEC_DESC *root_sd = NULL;
+ struct security_descriptor *share_sd = NULL;
+ struct security_descriptor *root_sd = NULL;
struct cli_state *cli = rpc_pipe_np_smb_conn(pipe_hnd);
int i;
union srvsvc_NetShareInfo info;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
uint16_t fnum_src = 0;
uint16_t fnum_dst = 0;
- SEC_DESC *sd = NULL;
+ struct security_descriptor *sd = NULL;
uint16_t attr;
time_t f_atime, f_ctime, f_mtime;
struct net_context *c = pi->c;
int fd = -1;
int numlines = 0;
- SEC_DESC *psd = NULL;
+ struct security_descriptor *psd = NULL;
char *basepath;
char *sharepath = NULL;
char *comment = NULL;
/********************************************************************
********************************************************************/
-static bool swap_sid_in_acl( SEC_DESC *sd, DOM_SID *s1, DOM_SID *s2 )
+static bool swap_sid_in_acl( struct security_descriptor *sd, DOM_SID *s1, DOM_SID *s2 )
{
struct security_acl *theacl;
int i;
const char *parentpath )
{
REGF_NK_REC *key, *subkey;
- SEC_DESC *new_sd;
+ struct security_descriptor *new_sd;
struct regval_ctr *values;
struct regsubkey_ctr *subkeys;
int i;
print an ascii version of a security descriptor on a FILE handle
********************************************************************/
-static void sec_desc_print(FILE *f, SEC_DESC *sd)
+static void sec_desc_print(FILE *f, struct security_descriptor *sd)
{
uint32 i;
/********************************************************************
********************************************************************/
-static SEC_DESC* parse_acl_string(TALLOC_CTX *mem_ctx, const char *szACL, size_t *sd_size )
+static struct security_descriptor* parse_acl_string(TALLOC_CTX *mem_ctx, const char *szACL, size_t *sd_size )
{
- SEC_DESC *sd = NULL;
+ struct security_descriptor *sd = NULL;
struct security_ace *ace;
struct security_acl *theacl;
int num_ace;
static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *the_acl, enum acl_mode mode)
{
- SEC_DESC *sd = NULL;
- SEC_DESC *old = NULL;
+ struct security_descriptor *sd = NULL;
+ struct security_descriptor *old = NULL;
size_t sd_size = 0;
uint32 i, j;
}
/* parse a ascii version of a security descriptor */
-static SEC_DESC *sec_desc_parse(TALLOC_CTX *ctx, struct cli_state *cli, char *str)
+static struct security_descriptor *sec_desc_parse(TALLOC_CTX *ctx, struct cli_state *cli, char *str)
{
const char *p = str;
char *tok;
- SEC_DESC *ret = NULL;
+ struct security_descriptor *ret = NULL;
size_t sd_size;
DOM_SID *grp_sid=NULL, *owner_sid=NULL;
struct security_acl *dacl=NULL;
/* print a ascii version of a security descriptor on a FILE handle */
-static void sec_desc_print(struct cli_state *cli, FILE *f, SEC_DESC *sd)
+static void sec_desc_print(struct cli_state *cli, FILE *f, struct security_descriptor *sd)
{
fstring sidstr;
uint32 i;
/*****************************************************
get sec desc for filename
*******************************************************/
-static SEC_DESC *get_secdesc(struct cli_state *cli, const char *filename)
+static struct security_descriptor *get_secdesc(struct cli_state *cli, const char *filename)
{
uint16_t fnum = (uint16_t)-1;
- SEC_DESC *sd;
+ struct security_descriptor *sd;
/* The desired access below is the only one I could find that works
with NT4, W2KP and Samba */
set sec desc for filename
*******************************************************/
static bool set_secdesc(struct cli_state *cli, const char *filename,
- SEC_DESC *sd)
+ struct security_descriptor *sd)
{
uint16_t fnum = (uint16_t)-1;
bool result=true;
static int cacl_dump(struct cli_state *cli, const char *filename)
{
int result = EXIT_FAILED;
- SEC_DESC *sd;
+ struct security_descriptor *sd;
if (test_args)
return EXIT_OK;
const char *filename, const char *new_username)
{
DOM_SID sid;
- SEC_DESC *sd, *old;
+ struct security_descriptor *sd, *old;
size_t sd_size;
if (!StringToSid(cli, &sid, new_username))
static int cacl_set(struct cli_state *cli, const char *filename,
char *the_acl, enum acl_mode mode)
{
- SEC_DESC *sd, *old;
+ struct security_descriptor *sd, *old;
uint32 i, j;
size_t sd_size;
int result = EXIT_OK;
static int inherit(struct cli_state *cli, const char *filename,
const char *type)
{
- SEC_DESC *old,*sd;
+ struct security_descriptor *old,*sd;
uint32 oldattr;
size_t sd_size;
int result = EXIT_OK;
SEC_DESC_DACL_PROTECTED) {
int i;
char *parentname,*temp;
- SEC_DESC *parent;
+ struct security_descriptor *parent;
temp = talloc_strdup(talloc_tos(), filename);
old->type=old->type & (~SEC_DESC_DACL_PROTECTED);