};
/************************************************************************
- Return a uint32 of the pai_entry principal.
+ Return a uint32_t of the pai_entry principal.
************************************************************************/
static uint32_t get_pai_entry_val(struct pai_entry *paie)
}
/************************************************************************
- Return a uint32 of the entry principal.
+ Return a uint32_t of the entry principal.
************************************************************************/
static uint32_t get_entry_val(canon_ace *ace_entry)
static bool check_pai_ok_v1(const char *pai_buf, size_t pai_buf_data_size)
{
- uint16 num_entries;
- uint16 num_def_entries;
+ uint16_t num_entries;
+ uint16_t num_def_entries;
if (pai_buf_data_size < PAI_V1_ENTRIES_BASE) {
/* Corrupted - too small. */
static bool check_pai_ok_v2(const char *pai_buf, size_t pai_buf_data_size)
{
- uint16 num_entries;
- uint16 num_def_entries;
+ uint16_t num_entries;
+ uint16_t num_def_entries;
if (pai_buf_data_size < PAI_V2_ENTRIES_BASE) {
/* Corrupted - too small. */
#define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA)
#define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
-static mode_t map_nt_perms( uint32 *mask, int type)
+static mode_t map_nt_perms( uint32_t *mask, int type)
{
mode_t mode = 0;
NTSTATUS unpack_nt_owners(struct connection_struct *conn,
uid_t *puser, gid_t *pgrp,
- uint32 security_info_sent, const struct
+ uint32_t security_info_sent, const struct
security_descriptor *psd)
{
- struct dom_sid owner_sid;
- struct dom_sid grp_sid;
-
*puser = (uid_t)-1;
*pgrp = (gid_t)-1;
* Validate the owner and group SID's.
*/
- memset(&owner_sid, '\0', sizeof(owner_sid));
- memset(&grp_sid, '\0', sizeof(grp_sid));
-
DEBUG(5,("unpack_nt_owners: validating owner_sids.\n"));
/*
*/
if (security_info_sent & SECINFO_OWNER) {
- sid_copy(&owner_sid, psd->owner_sid);
- if (!sid_to_uid(&owner_sid, puser)) {
+ if (!sid_to_uid(psd->owner_sid, puser)) {
if (lp_force_unknown_acl_user(SNUM(conn))) {
/* this allows take ownership to work
* reasonably */
} else {
DEBUG(3,("unpack_nt_owners: unable to validate"
" owner sid for %s\n",
- sid_string_dbg(&owner_sid)));
+ sid_string_dbg(psd->owner_sid)));
return NT_STATUS_INVALID_OWNER;
}
}
*/
if (security_info_sent & SECINFO_GROUP) {
- sid_copy(&grp_sid, psd->group_sid);
- if (!sid_to_gid( &grp_sid, pgrp)) {
+ if (!sid_to_gid(psd->group_sid, pgrp)) {
if (lp_force_unknown_acl_user(SNUM(conn))) {
/* this allows take group ownership to work
* reasonably */
(SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) {
canon_ace *current_dir_ace = current_ace;
- DLIST_ADD_END(*dir_ace, current_ace, canon_ace *);
+ DLIST_ADD_END(*dir_ace, current_ace);
/*
* Note if this was an allow ace. We can't process
*/
if (current_ace && !(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
- DLIST_ADD_END(*file_ace, current_ace, canon_ace *);
+ DLIST_ADD_END(*file_ace, current_ace);
/*
* Note if this was an allow ace. We can't process
curr_ace->attr = ALLOW_ACE;
curr_ace->perms = (mode_t)0;
- DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
+ DLIST_DEMOTE(ace_list, curr_ace);
continue;
}
curr_ace->attr = ALLOW_ACE;
curr_ace->perms = (new_perms & ~curr_ace->perms);
- DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
+ DLIST_DEMOTE(ace_list, curr_ace);
}
/* Pass 3 above - deal with deny group entries. */
curr_ace->perms = allow_everyone_p->perms & ~curr_ace->perms;
else
curr_ace->perms = (mode_t)0;
- DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
+ DLIST_DEMOTE(ace_list, curr_ace);
}
/* Doing this fourth pass allows Windows semantics to be layered
struct dom_sid *pfile_grp_sid,
canon_ace **ppfile_ace,
canon_ace **ppdir_ace,
- uint32 security_info_sent,
+ uint32_t security_info_sent,
const struct security_descriptor *psd)
{
canon_ace *file_ace = NULL;
}
if (other_ace) {
- DLIST_DEMOTE(l_head, other_ace, canon_ace *);
+ DLIST_DEMOTE(l_head, other_ace);
}
/* We have probably changed the head of the list. */
entry_id = SMB_ACL_NEXT_ENTRY;
- /* Is this a MASK entry ? */
if (sys_acl_get_tag_type(entry, &tagtype) == -1)
continue;
if ((ace = talloc(talloc_tos(), canon_ace)) == NULL)
goto fail;
- ZERO_STRUCTP(ace);
- ace->type = tagtype;
- ace->perms = convert_permset_to_mode_t(permset);
- ace->attr = ALLOW_ACE;
- ace->trustee = sid;
- ace->unix_ug = unix_ug;
- ace->owner_type = owner_type;
- ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
+ *ace = (canon_ace) {
+ .type = tagtype,
+ .perms = convert_permset_to_mode_t(permset),
+ .attr = ALLOW_ACE,
+ .trustee = sid,
+ .unix_ug = unix_ug,
+ .owner_type = owner_type,
+ .ace_flags = get_pai_flags(pal, ace, is_default_acl)
+ };
DLIST_ADD(l_head, ace);
}
for (i = 0; i < num_aces; i++) {
for (j = i+1; j < num_aces; j++) {
- uint32 i_flags_ni = (nt_ace_list[i].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
- uint32 j_flags_ni = (nt_ace_list[j].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
+ uint32_t i_flags_ni = (nt_ace_list[i].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
+ uint32_t j_flags_ni = (nt_ace_list[j].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
bool i_inh = (nt_ace_list[i].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
bool j_inh = (nt_ace_list[j].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
num_profile_acls = 3;
}
- if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) {
+ if (security_info & SECINFO_DACL) {
/*
* In the optimum case Creator Owner and Creator Group would be used for
it, even though it's a const pointer.
****************************************************************************/
-NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd_orig)
+NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd_orig)
{
connection_struct *conn = fsp->conn;
uid_t user = (uid_t)-1;
return NT_STATUS_INVALID_PARAMETER;
}
+ /*
+ * MS NFS mode, here's the deal: the client merely wants to
+ * modify the mode, but roundtripping get_acl/set/acl would
+ * add additional POSIX ACEs. So in case we get a request
+ * containing a MS NFS mode SID, we do nothing here.
+ */
+ if (security_descriptor_with_ms_nfs(psd_orig)) {
+ return NT_STATUS_OK;
+ }
+
psd = security_descriptor_copy(talloc_tos(), psd_orig);
if (psd == NULL) {
return NT_STATUS_NO_MEMORY;
****************************************************************************/
static SMB_ACL_T create_posix_acl_from_wire(connection_struct *conn,
- uint16 num_acls,
+ uint16_t num_acls,
const char *pdata,
TALLOC_CTX *mem_ctx)
{
}
if (tag_type == SMB_ACL_USER) {
- uint32 uidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
+ uint32_t uidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
uid_t uid = (uid_t)uidval;
if (sys_acl_set_qualifier(the_entry,(void *)&uid) == -1) {
DEBUG(0,("create_posix_acl_from_wire: Failed to set uid %u on entry %u. (%s)\n",
}
if (tag_type == SMB_ACL_GROUP) {
- uint32 gidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
+ uint32_t gidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
gid_t gid = (uid_t)gidval;
if (sys_acl_set_qualifier(the_entry,(void *)&gid) == -1) {
DEBUG(0,("create_posix_acl_from_wire: Failed to set gid %u on entry %u. (%s)\n",
****************************************************************************/
bool set_unix_posix_default_acl(connection_struct *conn, const char *fname, const SMB_STRUCT_STAT *psbuf,
- uint16 num_def_acls, const char *pdata)
+ uint16_t num_def_acls, const char *pdata)
{
SMB_ACL_T def_acl = NULL;
except SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER.
****************************************************************************/
-bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata)
+bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16_t num_acls, const char *pdata)
{
SMB_ACL_T file_acl = NULL;
********************************************************************/
NTSTATUS get_nt_acl_no_snum(TALLOC_CTX *ctx, const char *fname,
- uint32 security_info_wanted,
+ uint32_t security_info_wanted,
struct security_descriptor **sd)
{
TALLOC_CTX *frame = talloc_stackframe();
};
struct smb_filename *smb_fname;
- smb_fname = synthetic_smb_fname_split(frame, path_p, NULL);
+ smb_fname = synthetic_smb_fname(frame, path_p, NULL, NULL);
if (smb_fname == NULL) {
TALLOC_FREE(frame);
errno = ENOMEM;