Merge branch 'master' of ssh://git.samba.org/data/git/samba into displaysec

diff --git a/lib/util/fault.m4 b/lib/util/fault.m4
index bac553a1583c3dd63522ee2a7658766073f61240..c22976998ed55b3a893c8c40ed3c34d786cfcea9 100644 (file)
--- a/lib/util/fault.m4
+++ b/lib/util/fault.m4
@@ -9,6 +9,8 @@ if test x"$ac_cv_header_execinfo_h" = x"yes" -a x"$ac_cv_func_ext_backtrace" = x
        EXECINFO_CPPFLAGS="$CPPFLAGS"
        EXECINFO_LDFLAGS="$LDFLAGS"
        LIB_REMOVE_USR_LIB(EXECINFO_LDFLAGS)
+       CFLAGS_REMOVE_USR_INCLUDE(EXECINFO_CFLAGS)
+       CFLAGS_REMOVE_USR_INCLUDE(EXECINFO_CPPFLAGS)
 else
        SMB_ENABLE(EXECINFO,NO)
 fi

diff --git a/libcli/security/config.mk b/libcli/security/config.mk
index 56d8e138ff1c15a4fb8bfc3150c01b2ba563d66e..7ade01510c4061e321cdd68bde15d6ca83a01e33 100644 (file)
--- a/libcli/security/config.mk
+++ b/libcli/security/config.mk
@@ -2,4 +2,4 @@
 PRIVATE_DEPENDENCIES = TALLOC
 
 LIBSECURITY_COMMON_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/security/, \
-                                       dom_sid.o)
+                                       dom_sid.o display_sec.o secace.o secacl.o)

diff --git a/source3/lib/display_sec.c b/libcli/security/display_sec.c
similarity index 80%
rename from source3/lib/display_sec.c
rename to libcli/security/display_sec.c
index fe1ae77eddfe111a1638c37cafa0cd4e66a44369..bec657da868756d393aaedeeb73b09d5070d0edb 100644 (file)
--- a/source3/lib/display_sec.c
+++ b/libcli/security/display_sec.c
@@ -19,12 +19,16 @@
 */
 
 #include "includes.h"
+#include "librpc/gen_ndr/security.h"
+#include "libcli/security/secace.h"
+#include "libcli/security/dom_sid.h"
+#include "librpc/ndr/libndr.h"
 
 /****************************************************************************
 convert a security permissions into a string
 ****************************************************************************/
 
-char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
+char *get_sec_mask_str(TALLOC_CTX *ctx, uint32_t type)
 {
        char *typestr = talloc_strdup(ctx, "");
 
@@ -32,77 +36,77 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
                return NULL;
        }
 
-       if (type & GENERIC_ALL_ACCESS) {
+       if (type & SEC_GENERIC_ALL) {
                typestr = talloc_asprintf_append(typestr,
                                "Generic all access ");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & GENERIC_EXECUTE_ACCESS) {
+       if (type & SEC_GENERIC_EXECUTE) {
                typestr = talloc_asprintf_append(typestr,
                                "Generic execute access");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & GENERIC_WRITE_ACCESS) {
+       if (type & SEC_GENERIC_WRITE) {
                typestr = talloc_asprintf_append(typestr,
                                "Generic write access ");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & GENERIC_READ_ACCESS) {
+       if (type & SEC_GENERIC_READ) {
                typestr = talloc_asprintf_append(typestr,
                                "Generic read access ");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & MAXIMUM_ALLOWED_ACCESS) {
+       if (type & SEC_FLAG_MAXIMUM_ALLOWED) {
                typestr = talloc_asprintf_append(typestr,
                                "MAXIMUM_ALLOWED_ACCESS ");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & SYSTEM_SECURITY_ACCESS) {
+       if (type & SEC_FLAG_SYSTEM_SECURITY) {
                typestr = talloc_asprintf_append(typestr,
                                "SYSTEM_SECURITY_ACCESS ");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & SYNCHRONIZE_ACCESS) {
+       if (type & SEC_STD_SYNCHRONIZE) {
                typestr = talloc_asprintf_append(typestr,
                                "SYNCHRONIZE_ACCESS ");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & WRITE_OWNER_ACCESS) {
+       if (type & SEC_STD_WRITE_OWNER) {
                typestr = talloc_asprintf_append(typestr,
                                "WRITE_OWNER_ACCESS ");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & WRITE_DAC_ACCESS) {
+       if (type & SEC_STD_WRITE_DAC) {
                typestr = talloc_asprintf_append(typestr,
                                "WRITE_DAC_ACCESS ");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & READ_CONTROL_ACCESS) {
+       if (type & SEC_STD_READ_CONTROL) {
                typestr = talloc_asprintf_append(typestr,
                                "READ_CONTROL_ACCESS ");
                if (!typestr) {
                        return NULL;
                }
        }
-       if (type & DELETE_ACCESS) {
+       if (type & SEC_STD_DELETE) {
                typestr = talloc_asprintf_append(typestr,
                                "DELETE_ACCESS ");
                if (!typestr) {
@@ -110,7 +114,7 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
                }
        }
 
-       printf("\t\tSpecific bits: 0x%lx\n", (unsigned long)type&SPECIFIC_RIGHTS_MASK);
+       printf("\t\tSpecific bits: 0x%lx\n", (unsigned long)type&SEC_MASK_SPECIFIC);
 
        return typestr;
 }
@@ -122,7 +126,7 @@ void display_sec_access(uint32_t *info)
 {
        char *mask_str = get_sec_mask_str(NULL, *info);
        printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
-       TALLOC_FREE(mask_str);
+       talloc_free(mask_str);
 }
 
 /****************************************************************************
@@ -170,9 +174,9 @@ static void disp_sec_ace_object(struct security_ace_object *object)
 /****************************************************************************
  display sec_ace structure
  ****************************************************************************/
-void display_sec_ace(SEC_ACE *ace)
+void display_sec_ace(struct security_ace *ace)
 {
-       fstring sid_str;
+       char *sid_str;
 
        printf("\tACE\n\t\ttype: ");
        switch (ace->type) {
@@ -211,8 +215,9 @@ void display_sec_ace(SEC_ACE *ace)
        printf(" (%d) flags: 0x%02x ", ace->type, ace->flags);
        display_sec_ace_flags(ace->flags);
        display_sec_access(&ace->access_mask);
-       sid_to_fstring(sid_str, &ace->trustee);
+       sid_str = dom_sid_string(NULL, &ace->trustee);
        printf("\t\tSID: %s\n\n", sid_str);
+       talloc_free(sid_str);
 
        if (sec_ace_object(ace->type)) {
                disp_sec_ace_object(&ace->object.object);
@@ -223,7 +228,7 @@ void display_sec_ace(SEC_ACE *ace)
 /****************************************************************************
  display sec_acl structure
  ****************************************************************************/
-void display_sec_acl(SEC_ACL *sec_acl)
+void display_sec_acl(struct security_acl *sec_acl)
 {
        int i;
 
@@ -238,54 +243,52 @@ void display_sec_acl(SEC_ACL *sec_acl)
        }
 }
 
-void display_acl_type(uint16 type)
+void display_acl_type(uint16_t type)
 {
-       fstring typestr="";
-
-       typestr[0] = 0;
+       printf("type: 0x%04x: ", type);
 
        if (type & SEC_DESC_OWNER_DEFAULTED)    /* 0x0001 */
-               fstrcat(typestr, "SEC_DESC_OWNER_DEFAULTED ");
+               printf("SEC_DESC_OWNER_DEFAULTED ");
        if (type & SEC_DESC_GROUP_DEFAULTED)    /* 0x0002 */
-               fstrcat(typestr, "SEC_DESC_GROUP_DEFAULTED ");
+               printf("SEC_DESC_GROUP_DEFAULTED ");
        if (type & SEC_DESC_DACL_PRESENT)       /* 0x0004 */
-               fstrcat(typestr, "SEC_DESC_DACL_PRESENT ");
+               printf("SEC_DESC_DACL_PRESENT ");
        if (type & SEC_DESC_DACL_DEFAULTED)     /* 0x0008 */
-               fstrcat(typestr, "SEC_DESC_DACL_DEFAULTED ");
+               printf("SEC_DESC_DACL_DEFAULTED ");
        if (type & SEC_DESC_SACL_PRESENT)       /* 0x0010 */
-               fstrcat(typestr, "SEC_DESC_SACL_PRESENT ");
+               printf("SEC_DESC_SACL_PRESENT ");
        if (type & SEC_DESC_SACL_DEFAULTED)     /* 0x0020 */
-               fstrcat(typestr, "SEC_DESC_SACL_DEFAULTED ");
+               printf("SEC_DESC_SACL_DEFAULTED ");
        if (type & SEC_DESC_DACL_TRUSTED)       /* 0x0040 */
-               fstrcat(typestr, "SEC_DESC_DACL_TRUSTED ");
+               printf("SEC_DESC_DACL_TRUSTED ");
        if (type & SEC_DESC_SERVER_SECURITY)    /* 0x0080 */
-               fstrcat(typestr, "SEC_DESC_SERVER_SECURITY ");
+               printf("SEC_DESC_SERVER_SECURITY ");
        if (type & SEC_DESC_DACL_AUTO_INHERIT_REQ) /* 0x0100 */
-               fstrcat(typestr, "SEC_DESC_DACL_AUTO_INHERIT_REQ ");
+               printf("SEC_DESC_DACL_AUTO_INHERIT_REQ ");
        if (type & SEC_DESC_SACL_AUTO_INHERIT_REQ) /* 0x0200 */
-               fstrcat(typestr, "SEC_DESC_SACL_AUTO_INHERIT_REQ ");
+               printf("SEC_DESC_SACL_AUTO_INHERIT_REQ ");
        if (type & SEC_DESC_DACL_AUTO_INHERITED) /* 0x0400 */
-               fstrcat(typestr, "SEC_DESC_DACL_AUTO_INHERITED ");
+               printf("SEC_DESC_DACL_AUTO_INHERITED ");
        if (type & SEC_DESC_SACL_AUTO_INHERITED) /* 0x0800 */
-               fstrcat(typestr, "SEC_DESC_SACL_AUTO_INHERITED ");
+               printf("SEC_DESC_SACL_AUTO_INHERITED ");
        if (type & SEC_DESC_DACL_PROTECTED)     /* 0x1000 */
-               fstrcat(typestr, "SEC_DESC_DACL_PROTECTED ");
+               printf("SEC_DESC_DACL_PROTECTED ");
        if (type & SEC_DESC_SACL_PROTECTED)     /* 0x2000 */
-               fstrcat(typestr, "SEC_DESC_SACL_PROTECTED ");
+               printf("SEC_DESC_SACL_PROTECTED ");
        if (type & SEC_DESC_RM_CONTROL_VALID)   /* 0x4000 */
-               fstrcat(typestr, "SEC_DESC_RM_CONTROL_VALID ");
+               printf("SEC_DESC_RM_CONTROL_VALID ");
        if (type & SEC_DESC_SELF_RELATIVE)      /* 0x8000 */
-               fstrcat(typestr, "SEC_DESC_SELF_RELATIVE ");
+               printf("SEC_DESC_SELF_RELATIVE ");
        
-       printf("type: 0x%04x: %s\n", type, typestr);
+       printf("\n");
 }
 
 /****************************************************************************
  display sec_desc structure
  ****************************************************************************/
-void display_sec_desc(SEC_DESC *sec)
+void display_sec_desc(struct security_descriptor *sec)
 {
-       fstring sid_str;
+       char *sid_str;
 
        if (!sec) {
                printf("NULL\n");
@@ -306,12 +309,14 @@ void display_sec_desc(SEC_DESC *sec)
        }
 
        if (sec->owner_sid) {
-               sid_to_fstring(sid_str, sec->owner_sid);
+               sid_str = dom_sid_string(NULL, sec->owner_sid);
                printf("\tOwner SID:\t%s\n", sid_str);
+               talloc_free(sid_str);
        }
 
        if (sec->group_sid) {
-               sid_to_fstring(sid_str, sec->group_sid);
+               sid_str = dom_sid_string(NULL, sec->group_sid);
                printf("\tGroup SID:\t%s\n", sid_str);
+               talloc_free(sid_str);
        }
 }

diff --git a/source3/Makefile.in b/source3/Makefile.in
index 1c9c0c120484533cf22abf9e16370fecf41fd45a..fd753128d4c31070053ad820b2d1ed6f853e0459 100644 (file)
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -831,7 +831,7 @@ PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) @LIB
 
 SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ1) @LIBWBCLIENT_STATIC@
 
-DISPLAY_SEC_OBJ= lib/display_sec.o
+DISPLAY_SEC_OBJ= ../libcli/security/display_sec.o
 
 RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
                 rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \

diff --git a/source4/auth/config.m4 b/source4/auth/config.m4
index fb9ee58c60faeef47b527fb2b4374c826150deb4..9735b17caca07a0190edea5134f00aba736de7db 100644 (file)
--- a/source4/auth/config.m4
+++ b/source4/auth/config.m4
@@ -28,6 +28,8 @@ if test x"$ac_cv_header_sasl_sasl_h" = x"yes" -a x"$ac_cv_lib_ext_sasl2_sasl_cli
        SASL_CPPFLAGS="$CPPFLAGS"
        SASL_LDFLAGS="$LDFLAGS"
        LIB_REMOVE_USR_LIB(SASL_LDFLAGS)
+       CFLAGS_REMOVE_USR_INCLUDE(SASL_CPPFLAGS)
+       CFLAGS_REMOVE_USR_INCLUDE(SASL_CFLAGS)
 else
        SMB_ENABLE(cyrus_sasl,NO)
 fi

diff --git a/source4/build/m4/public.m4 b/source4/build/m4/public.m4
index bd98a400be488e4af6ac5c0c86bd9c24126e0f9b..2bf63f0ca691ca5714825955e8972d4610f24735 100644 (file)
--- a/source4/build/m4/public.m4
+++ b/source4/build/m4/public.m4
@@ -102,10 +102,12 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG],
 
                                ac_cv_$1_libs_only_other="`$PKG_CONFIG --libs-only-other '$2'` `$PKG_CONFIG --libs-only-L '$2'`"
                                LIB_REMOVE_USR_LIB(ac_cv_$1_libs_only_other)
+                               ac_cv_$1_includedir_only="`$PKG_CONFIG --cflags-only-I '$2'`"
+                               CFLAGS_REMOVE_USR_INCLUDE(ac_cv_$1_includedir_only)
                                SMB_EXT_LIB($1, 
                                        [`$PKG_CONFIG --libs-only-l '$2'`], 
                                        [`$PKG_CONFIG --cflags-only-other '$2'`],
-                                       [`$PKG_CONFIG --cflags-only-I '$2'`],
+                                       [$ac_cv_$1_includedir_only],
                                        [$ac_cv_$1_libs_only_other])
                                ac_cv_$1_found=yes
 

diff --git a/source4/libcli/security/config.mk b/source4/libcli/security/config.mk
index d6d9ad5545e19764e7f5b3c9c2e45682794dceb2..9d23fe95885a95ec3b611501a02e6c231d61bd8f 100644 (file)
--- a/source4/libcli/security/config.mk
+++ b/source4/libcli/security/config.mk
@@ -4,7 +4,5 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY_COMMON
 LIBSECURITY_OBJ_FILES = $(addprefix $(libclisrcdir)/security/, \
                                           security_token.o security_descriptor.o \
                                           access_check.o privilege.o sddl.o) \
-                                          ../libcli/security/secace.o \
-                                          ../libcli/security/secacl.o
 
 $(eval $(call proto_header_template,$(libclisrcdir)/security/proto.h,$(LIBSECURITY_OBJ_FILES:.o=.c)))