"ntSecurityDescriptor",
"versionNumber",
NULL};
- uint32_t sd_flags = DACL_SECURITY_INFORMATION;
+ uint32_t sd_flags = SECINFO_DACL;
ZERO_STRUCTP(gpo);
/* for ADS */
#define SEC_RIGHTS_FULL_CTRL 0xf01ff
-/* security information */
-#define DACL_SECURITY_INFORMATION 0x00000004
/* Extra W2K flags. */
#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
- DACL_SECURITY_INFORMATION|SECINFO_SACL|\
+ SECINFO_DACL|SECINFO_SACL|\
UNPROTECTED_SACL_SECURITY_INFORMATION|\
UNPROTECTED_DACL_SECURITY_INFORMATION|\
PROTECTED_SACL_SECURITY_INFORMATION|\
sec_info &= ~SECINFO_SACL;
}
if (sd->dacl == NULL) {
- sec_info &= ~DACL_SECURITY_INFORMATION;
+ sec_info &= ~SECINFO_DACL;
}
return sec_info;
SIVAL(param, 0, fnum);
if (sd->dacl)
- sec_info |= DACL_SECURITY_INFORMATION;
+ sec_info |= SECINFO_DACL;
if (sd->owner_sid)
sec_info |= SECINFO_OWNER;
if (sd->group_sid)
DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
- if ((security_info_sent & (DACL_SECURITY_INFORMATION |
+ if ((security_info_sent & (SECINFO_DACL |
SECINFO_GROUP | SECINFO_OWNER)) == 0)
{
DEBUG(9, ("security_info_sent (0x%x) ignored\n",
}
}
- if (!(security_info_sent & DACL_SECURITY_INFORMATION) || psd->dacl ==NULL) {
+ if (!(security_info_sent & SECINFO_DACL) || psd->dacl ==NULL) {
DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent));
return NT_STATUS_OK;
}
}
/* Copy DACL into ppdesc */
- if (security_info & DACL_SECURITY_INFORMATION) {
+ if (security_info & SECINFO_DACL) {
if (!onefs_acl_to_samba_acl(sd->dacl, &dacl)) {
status = NT_STATUS_INVALID_PARAMETER;
goto out;
}
/* Setup DACL */
- if ((security_info_sent & DACL_SECURITY_INFORMATION) && (psd->dacl)) {
+ if ((security_info_sent & SECINFO_DACL) && (psd->dacl)) {
if (!onefs_samba_acl_to_acl(psd->dacl, &daclp, &ignore_aces,
snum))
return NT_STATUS_ACCESS_DENIED;
if (ignore_aces == true)
- *security_info_effective &= ~DACL_SECURITY_INFORMATION;
+ *security_info_effective &= ~SECINFO_DACL;
}
/* Setup SACL */
#define HASH_SECURITY_INFO (SECINFO_OWNER | \
SECINFO_GROUP | \
- DACL_SECURITY_INFORMATION | \
+ SECINFO_DACL | \
SECINFO_SACL)
/*******************************************************************
if (!(security_info & SECINFO_GROUP)) {
psd->group_sid = NULL;
}
- if (!(security_info & DACL_SECURITY_INFORMATION)) {
+ if (!(security_info & SECINFO_DACL)) {
psd->dacl = NULL;
}
if (!(security_info & SECINFO_SACL)) {
return SMB_VFS_FSET_NT_ACL(fsp,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
psd);
}
parent_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
&parent_desc);
if (!NT_STATUS_IS_OK(status)) {
fname,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
if ((security_info_sent & (SECINFO_OWNER|
SECINFO_GROUP|
- DACL_SECURITY_INFORMATION)) !=
+ SECINFO_DACL)) !=
(SECINFO_OWNER|
SECINFO_GROUP|
- DACL_SECURITY_INFORMATION)) {
+ SECINFO_DACL)) {
/* No we don't - read from the existing SD. */
struct security_descriptor *nc_psd = NULL;
NULL,
(SECINFO_OWNER|
SECINFO_GROUP|
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
&nc_psd);
if (!NT_STATUS_IS_OK(status)) {
}
security_info_sent |= SECINFO_GROUP;
- if (security_info_sent & DACL_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_DACL) {
nc_psd->dacl = dup_sec_acl(talloc_tos(), psd->dacl);
if (nc_psd->dacl == NULL) {
return NT_STATUS_NO_MEMORY;
}
}
- security_info_sent |= DACL_SECURITY_INFORMATION;
+ security_info_sent |= SECINFO_DACL;
psd = nc_psd;
}
/* Currently we *only* look at the dacl */
- if (((security_info_sent & DACL_SECURITY_INFORMATION) == 0) ||
+ if (((security_info_sent & SECINFO_DACL) == 0) ||
(psd->dacl == NULL))
return True;
nt_status = SMB_VFS_FGET_NT_ACL(fsp,
(SECINFO_OWNER
|SECINFO_GROUP
- |DACL_SECURITY_INFORMATION), &psd);
+ |SECINFO_DACL), &psd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL "
security_info_sent &= ~SECINFO_SACL;
}
if (psd->dacl==0) {
- security_info_sent &= ~DACL_SECURITY_INFORMATION;
+ security_info_sent &= ~SECINFO_DACL;
}
/* Convert all the generic bits. */
if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
return WERR_ACCESS_DENIED;
- /* TODO: handle something besides DACL_SECURITY_INFORMATION */
+ /* TODO: handle something besides SECINFO_DACL */
- if ( (r->in.security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
+ if ( (r->in.security_flags & SECINFO_DACL) != SECINFO_DACL )
return WERR_INVALID_PARAM;
/* lookup the security descriptor and marshall it up for a reply */
/* check the access on the open handle */
switch ( r->in.security_flags ) {
- case DACL_SECURITY_INFORMATION:
+ case SECINFO_DACL:
required_access = STD_RIGHT_WRITE_DAC_ACCESS;
break;
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct sec_desc_buf *sdb;
- uint32 sec_info = DACL_SECURITY_INFORMATION;
+ uint32 sec_info = SECINFO_DACL;
if (argc < 1 || argc > 2) {
printf("Usage: %s [sec_info]\n", argv[0]);
{
struct policy_handle connect_pol, domain_pol, user_pol, *pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 sec_info = DACL_SECURITY_INFORMATION;
+ uint32 sec_info = SECINFO_DACL;
uint32 user_rid = 0;
TALLOC_CTX *ctx = NULL;
struct sec_desc_buf *sec_desc_buf=NULL;
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
&secdesc);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Could not get acl: %s\n", nt_errstr(status)));
struct security_descriptor *secdesc = NULL;
unsigned int i;
NTSTATUS status = SMB_VFS_GET_NT_ACL(conn, fname,
- DACL_SECURITY_INFORMATION, &secdesc);
+ SECINFO_DACL, &secdesc);
if (!NT_STATUS_IS_OK(status) || secdesc == NULL) {
return false;
security_info_wanted & SECINFO_SACL)
psd->type |= SEC_DESC_SACL_PRESENT;
if (psd->dacl == NULL &&
- security_info_wanted & DACL_SECURITY_INFORMATION)
+ security_info_wanted & SECINFO_DACL)
psd->type |= SEC_DESC_DACL_PRESENT;
*psd_size = ndr_size_security_descriptor(psd, 0);
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),&sd);
+ SECINFO_DACL),&sd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("smbd_check_open_rights: Could not get acl "
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),&sd);
+ SECINFO_DACL),&sd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("calculate_access_mask: Could not get acl "
if (sec_info_sent & (SECINFO_OWNER|
SECINFO_GROUP|
- DACL_SECURITY_INFORMATION|
+ SECINFO_DACL|
SECINFO_SACL)) {
status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
}
* If no DACL then this is a chown only security descriptor.
*/
- if(!(security_info_sent & DACL_SECURITY_INFORMATION) || !psd->dacl)
+ if(!(security_info_sent & SECINFO_DACL) || !psd->dacl)
return True;
/*
num_profile_acls = 3;
}
- if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
+ if ((security_info & SECINFO_DACL) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
/*
* In the optimum case Creator Owner and Creator Group would be used for
goto done;
}
}
- } /* security_info & DACL_SECURITY_INFORMATION */
+ } /* security_info & SECINFO_DACL */
psd = make_standard_sec_desc( talloc_tos(),
(security_info & SECINFO_OWNER) ? &owner_sid : NULL,
}
status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, smb_dname->base_name,
- DACL_SECURITY_INFORMATION, &parent_sd );
+ SECINFO_DACL, &parent_sd );
close_file(NULL, parent_fsp, NORMAL_CLOSE);
TALLOC_FREE(smb_dname);
* Only change security if we got a DACL.
*/
- if(!(security_info_sent & DACL_SECURITY_INFORMATION) || (psd->dacl == NULL)) {
+ if(!(security_info_sent & SECINFO_DACL) || (psd->dacl == NULL)) {
free_canon_ace_list(file_ace_list);
free_canon_ace_list(dir_ace_list);
return NT_STATUS_OK;
return NULL;
}
- if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, DACL_SECURITY_INFORMATION, &psd))) {
+ if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, SECINFO_DACL, &psd))) {
DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
TALLOC_FREE(finfo.fsp_name);
conn_free(conn);
LDAP_SCOPE_SUBTREE,
"(objectclass=groupPolicyContainer)",
attrs,
- DACL_SECURITY_INFORMATION,
+ SECINFO_DACL,
&res);
if (!ADS_ERR_OK(status)) {