git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 50bf951)
r25607: Allow to set security descriptor type flags at creation time with
authorGünther Deschner <gd@samba.org>
Wed, 10 Oct 2007 11:12:53 +0000 (13:12 +0200)
committerStefan Metzmacher <metze@samba.org>
Fri, 21 Dec 2007 04:42:51 +0000 (05:42 +0100)
security_descriptor_create().

Guenther
(This used to be commit 7dd0d28d254f78891b0807492baafa188b42df16)

source4/lib/registry/tests/registry.c patch | blob | history
source4/libcli/security/security_descriptor.c patch | blob | history
source4/libnet/libnet_become_dc.c patch | blob | history
source4/torture/raw/acls.c patch | blob | history
source4/torture/rpc/samba3rpc.c patch | blob | history
source4/torture/rpc/winreg.c patch | blob | history

diff --git a/source4/lib/registry/tests/registry.c b/source4/lib/registry/tests/registry.c
index 9b1c6ff249be35d16f1cefa5edceacc0ffcce692..d2838e363f842302b611d208fb3aed9ff6f24b69 100644 (file)
--- a/source4/lib/registry/tests/registry.c
+++ b/source4/lib/registry/tests/registry.c
@@ -400,6 +400,7 @@ static bool test_security(struct torture_context *tctx, const void *_data)
                return false;
 
        osd = security_descriptor_create(tctx,
+                                        0,
                                         NULL, NULL,
                                         SID_NT_AUTHENTICATED_USERS,
                                         SEC_ACE_TYPE_ACCESS_ALLOWED,
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c
index 1d8549a605b1294ab6b5fe8ba88371803c40fcd4..9723e8ccca56bf501192d800b085e4d675ab26b3 100644 (file)
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -327,6 +327,7 @@ bool security_descriptor_mask_equal(const struct security_descriptor *sd1,
   a typical call would be:
 
     sd = security_descriptor_create(mem_ctx,
+                                    sd_type_flags,
                                     mysid,
                                    mygroup,
                                    SID_NT_AUTHENTICATED_USERS, 
@@ -379,6 +380,7 @@ struct security_descriptor *security_descriptor_append(struct security_descripto
 }
 
 struct security_descriptor *security_descriptor_create(TALLOC_CTX *mem_ctx,
+                                                      uint16_t sd_type,
                                                       const char *owner_sid,
                                                       const char *group_sid,
                                                       ...)
@@ -390,6 +392,8 @@ struct security_descriptor *security_descriptor_create(TALLOC_CTX *mem_ctx,
        sd = security_descriptor_initialise(mem_ctx);
        if (sd == NULL) return NULL;
 
+       sd->type |= sd_type;
+
        if (owner_sid) {
                sd->owner_sid = dom_sid_parse_talloc(sd, owner_sid);
                if (sd->owner_sid == NULL) {
diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c
index cd782066dbe3e420893acfaf3f867b2dce80b2da..a6ca3551ceacd5e5628db32605bb2a15be662787 100644 (file)
--- a/source4/libnet/libnet_become_dc.c
+++ b/source4/libnet/libnet_become_dc.c
@@ -1737,6 +1737,7 @@ static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s)
                if (composite_nomem(domain_admins_sid_str, c)) return;
 
                v = security_descriptor_create(vd,
+                                              0,
                                               /* owner: domain admins */
                                               domain_admins_sid_str,
                                               /* owner group: domain admins */
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
index 2c3f4a52c61fcd3c1bef59e905f8c42feac5b80c..0136056bdf4249d29506b42f7113f3701429332c 100644 (file)
--- a/source4/torture/raw/acls.c
+++ b/source4/torture/raw/acls.c
@@ -298,7 +298,7 @@ static bool test_creator_sid(struct torture_context *tctx,
 
        printf("set a sec desc allowing no write by CREATOR_OWNER\n");
        sd = security_descriptor_create(tctx,
-                                       NULL, NULL,
+                                       0, NULL, NULL,
                                        SID_CREATOR_OWNER,
                                        SEC_ACE_TYPE_ACCESS_ALLOWED,
                                        SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
@@ -335,7 +335,7 @@ static bool test_creator_sid(struct torture_context *tctx,
 
        printf("set a sec desc allowing no write by owner\n");
        sd = security_descriptor_create(tctx,
-                                       owner_sid, NULL,
+                                       0, owner_sid, NULL,
                                        owner_sid,
                                        SEC_ACE_TYPE_ACCESS_ALLOWED,
                                        SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
@@ -390,7 +390,7 @@ static bool test_creator_sid(struct torture_context *tctx,
 
        printf("set a sec desc allowing generic read by owner\n");
        sd = security_descriptor_create(tctx,
-                                       NULL, NULL,
+                                       0, NULL, NULL,
                                        owner_sid,
                                        SEC_ACE_TYPE_ACCESS_ALLOWED,
                                        SEC_GENERIC_READ | SEC_STD_ALL,
@@ -403,7 +403,7 @@ static bool test_creator_sid(struct torture_context *tctx,
 
        printf("check that generic read has been mapped correctly\n");
        sd2 = security_descriptor_create(tctx,
-                                        owner_sid, NULL,
+                                        0, owner_sid, NULL,
                                         owner_sid,
                                         SEC_ACE_TYPE_ACCESS_ALLOWED,
                                         SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
@@ -568,7 +568,7 @@ static bool test_generic_bits(struct torture_context *tctx,
                printf("testing generic bits 0x%08x\n", 
                       file_mappings[i].gen_bits);
                sd = security_descriptor_create(tctx,
-                                               owner_sid, NULL,
+                                               0, owner_sid, NULL,
                                                owner_sid,
                                                SEC_ACE_TYPE_ACCESS_ALLOWED,
                                                file_mappings[i].gen_bits,
@@ -584,7 +584,7 @@ static bool test_generic_bits(struct torture_context *tctx,
                CHECK_STATUS(status, NT_STATUS_OK);
 
                sd2 = security_descriptor_create(tctx,
-                                                owner_sid, NULL,
+                                                0, owner_sid, NULL,
                                                 owner_sid,
                                                 SEC_ACE_TYPE_ACCESS_ALLOWED,
                                                 file_mappings[i].specific_bits,
@@ -616,7 +616,7 @@ static bool test_generic_bits(struct torture_context *tctx,
                printf("testing generic bits 0x%08x (anonymous)\n", 
                       file_mappings[i].gen_bits);
                sd = security_descriptor_create(tctx,
-                                               SID_NT_ANONYMOUS, NULL,
+                                               0, SID_NT_ANONYMOUS, NULL,
                                                owner_sid,
                                                SEC_ACE_TYPE_ACCESS_ALLOWED,
                                                file_mappings[i].gen_bits,
@@ -632,7 +632,7 @@ static bool test_generic_bits(struct torture_context *tctx,
                CHECK_STATUS(status, NT_STATUS_OK);
 
                sd2 = security_descriptor_create(tctx,
-                                                SID_NT_ANONYMOUS, NULL,
+                                                0, SID_NT_ANONYMOUS, NULL,
                                                 owner_sid,
                                                 SEC_ACE_TYPE_ACCESS_ALLOWED,
                                                 file_mappings[i].specific_bits,
@@ -733,7 +733,7 @@ static bool test_generic_bits(struct torture_context *tctx,
                printf("testing generic bits 0x%08x\n", 
                       file_mappings[i].gen_bits);
                sd = security_descriptor_create(tctx,
-                                               owner_sid, NULL,
+                                               0, owner_sid, NULL,
                                                owner_sid,
                                                SEC_ACE_TYPE_ACCESS_ALLOWED,
                                                dir_mappings[i].gen_bits,
@@ -749,7 +749,7 @@ static bool test_generic_bits(struct torture_context *tctx,
                CHECK_STATUS(status, NT_STATUS_OK);
 
                sd2 = security_descriptor_create(tctx,
-                                                owner_sid, NULL,
+                                                0, owner_sid, NULL,
                                                 owner_sid,
                                                 SEC_ACE_TYPE_ACCESS_ALLOWED,
                                                 dir_mappings[i].specific_bits,
@@ -781,7 +781,7 @@ static bool test_generic_bits(struct torture_context *tctx,
                printf("testing generic bits 0x%08x (anonymous)\n", 
                       file_mappings[i].gen_bits);
                sd = security_descriptor_create(tctx,
-                                               SID_NT_ANONYMOUS, NULL,
+                                               0, SID_NT_ANONYMOUS, NULL,
                                                owner_sid,
                                                SEC_ACE_TYPE_ACCESS_ALLOWED,
                                                file_mappings[i].gen_bits,
@@ -797,7 +797,7 @@ static bool test_generic_bits(struct torture_context *tctx,
                CHECK_STATUS(status, NT_STATUS_OK);
 
                sd2 = security_descriptor_create(tctx,
-                                                SID_NT_ANONYMOUS, NULL,
+                                                0, SID_NT_ANONYMOUS, NULL,
                                                 owner_sid,
                                                 SEC_ACE_TYPE_ACCESS_ALLOWED,
                                                 file_mappings[i].specific_bits,
@@ -908,7 +908,7 @@ static bool test_owner_bits(struct torture_context *tctx,
        printf("SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No");
 
        sd = security_descriptor_create(tctx,
-                                       NULL, NULL,
+                                       0, NULL, NULL,
                                        owner_sid,
                                        SEC_ACE_TYPE_ACCESS_ALLOWED,
                                        SEC_FILE_WRITE_DATA,
@@ -1115,7 +1115,7 @@ static bool test_inheritance(struct torture_context *tctx,
        printf("owner_sid is %s\n", owner_sid);
 
        sd_def = security_descriptor_create(tctx,
-                                           owner_sid, NULL,
+                                           0, owner_sid, NULL,
                                            owner_sid,
                                            SEC_ACE_TYPE_ACCESS_ALLOWED,
                                            SEC_RIGHTS_FILE_ALL,
@@ -1130,7 +1130,7 @@ static bool test_inheritance(struct torture_context *tctx,
 
        for (i=0;i<ARRAY_SIZE(test_flags);i++) {
                sd = security_descriptor_create(tctx,
-                                               NULL, NULL,
+                                               0, NULL, NULL,
                                                SID_CREATOR_OWNER,
                                                SEC_ACE_TYPE_ACCESS_ALLOWED,
                                                SEC_FILE_WRITE_DATA,
@@ -1263,7 +1263,7 @@ static bool test_inheritance(struct torture_context *tctx,
 
        printf("testing access checks on inherited create with %s\n", fname1);
        sd = security_descriptor_create(tctx,
-                                       NULL, NULL,
+                                       0, NULL, NULL,
                                        owner_sid,
                                        SEC_ACE_TYPE_ACCESS_ALLOWED,
                                        SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
@@ -1296,7 +1296,7 @@ static bool test_inheritance(struct torture_context *tctx,
        smbcli_close(cli->tree, fnum2);
 
        sd2 = security_descriptor_create(tctx,
-                                        owner_sid, NULL,
+                                        0, owner_sid, NULL,
                                         owner_sid,
                                         SEC_ACE_TYPE_ACCESS_ALLOWED,
                                         SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
@@ -1432,7 +1432,7 @@ static bool test_inheritance_dynamic(struct torture_context *tctx,
        printf("owner_sid is %s\n", owner_sid);
 
        sd = security_descriptor_create(tctx,
-                                       NULL, NULL,
+                                       0, NULL, NULL,
                                        owner_sid,
                                        SEC_ACE_TYPE_ACCESS_ALLOWED,
                                        SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE,
@@ -1472,7 +1472,7 @@ static bool test_inheritance_dynamic(struct torture_context *tctx,
 
        printf("update parent sd\n");
        sd = security_descriptor_create(tctx,
-                                       NULL, NULL,
+                                       0, NULL, NULL,
                                        owner_sid,
                                        SEC_ACE_TYPE_ACCESS_ALLOWED,
                                        SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE,
@@ -1587,7 +1587,7 @@ static bool test_sd_get_set(struct torture_context *tctx,
 
        /* first create a file with full access for everyone */
        sd = security_descriptor_create(tctx,
-                                       SID_NT_ANONYMOUS, SID_BUILTIN_USERS,
+                                       0, SID_NT_ANONYMOUS, SID_BUILTIN_USERS,
                                        SID_WORLD,
                                        SEC_ACE_TYPE_ACCESS_ALLOWED,
                                        SEC_GENERIC_ALL,
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index 8c52199e665d8426495f9094456d0173845e9300..fe75fabad67c6d45f5f4b680c07222cf9d982ab1 100644 (file)
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -2004,7 +2004,7 @@ bool try_tcon(TALLOC_CTX *mem_ctx,
        }
 
        sd = security_descriptor_create(
-               tmp_ctx, "S-1-5-32-544",
+               tmp_ctx, 0, "S-1-5-32-544",
                dom_sid_string(mem_ctx, dom_sid_add_rid(mem_ctx, domain_sid,
                                                        DOMAIN_RID_USERS)),
                dom_sid_string(mem_ctx, user_sid),
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c
index 44df6dab7486e882f0de87b75bb942c6a8eff64e..80869869176ada302f39a6c9d16a8bc827307a27 100644 (file)
--- a/source4/torture/rpc/winreg.c
+++ b/source4/torture/rpc/winreg.c
@@ -138,6 +138,7 @@ static bool test_CreateKey_sd(struct dcerpc_pipe *p,
        struct winreg_SecBuf secbuf;
 
        sd = security_descriptor_create(tctx,
+                                       0,
                                        NULL, NULL,
                                        SID_NT_AUTHENTICATED_USERS,
                                        SEC_ACE_TYPE_ACCESS_ALLOWED,
Samba Shared Repository