#define SEC_RIGHTS_FULL_CTRL 0xf01ff
/* security information */
-#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
/* Extra W2K flags. */
#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000
#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
-#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|GROUP_SECURITY_INFORMATION|\
+#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
UNPROTECTED_SACL_SECURITY_INFORMATION|\
UNPROTECTED_DACL_SECURITY_INFORMATION|\
sec_info &= ~SECINFO_OWNER;
}
if (sd->group_sid == NULL) {
- sec_info &= ~GROUP_SECURITY_INFORMATION;
+ sec_info &= ~SECINFO_GROUP;
}
if (sd->sacl == NULL) {
sec_info &= ~SACL_SECURITY_INFORMATION;
if (sd->owner_sid)
sec_info |= SECINFO_OWNER;
if (sd->group_sid)
- sec_info |= GROUP_SECURITY_INFORMATION;
+ sec_info |= SECINFO_GROUP;
SSVAL(param, 4, sec_info);
if (!cli_send_nt_trans(cli,
DEBUG(10,("after make sec_acl\n"));
*ppdesc = make_sec_desc(mem_ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
(security_info & SECINFO_OWNER) ? &sid_owner : NULL,
- (security_info & GROUP_SECURITY_INFORMATION) ? &sid_group : NULL,
+ (security_info & SECINFO_GROUP) ? &sid_group : NULL,
NULL, psa, &sd_size);
if (*ppdesc==NULL) {
DEBUG(2,("make_sec_desc failed\n"));
DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
if ((security_info_sent & (DACL_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION | SECINFO_OWNER)) == 0)
+ SECINFO_GROUP | SECINFO_OWNER)) == 0)
{
DEBUG(9, ("security_info_sent (0x%x) ignored\n",
security_info_sent));
}
/* Copy group into ppdesc */
- if (security_info & GROUP_SECURITY_INFORMATION) {
+ if (security_info & SECINFO_GROUP) {
if (!onefs_identity_to_sid(sd->group, &group_sid)) {
status = NT_STATUS_INVALID_PARAMETER;
goto out;
}
/* Setup group */
- if (security_info_sent & GROUP_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_GROUP) {
if (!onefs_og_to_identity(psd->group_sid, &group, true, snum))
return NT_STATUS_ACCESS_DENIED;
DATA_BLOB *pblob);
#define HASH_SECURITY_INFO (SECINFO_OWNER | \
- GROUP_SECURITY_INFORMATION | \
+ SECINFO_GROUP | \
DACL_SECURITY_INFORMATION | \
SACL_SECURITY_INFORMATION)
if (!(security_info & SECINFO_OWNER)) {
psd->owner_sid = NULL;
}
- if (!(security_info & GROUP_SECURITY_INFORMATION)) {
+ if (!(security_info & SECINFO_GROUP)) {
psd->group_sid = NULL;
}
if (!(security_info & DACL_SECURITY_INFORMATION)) {
return SMB_VFS_FSET_NT_ACL(fsp,
(SECINFO_OWNER |
- GROUP_SECURITY_INFORMATION |
+ SECINFO_GROUP |
DACL_SECURITY_INFORMATION),
psd);
}
NULL,
parent_name,
(SECINFO_OWNER |
- GROUP_SECURITY_INFORMATION |
+ SECINFO_GROUP |
DACL_SECURITY_INFORMATION),
&parent_desc);
NULL,
fname,
(SECINFO_OWNER |
- GROUP_SECURITY_INFORMATION |
+ SECINFO_GROUP |
DACL_SECURITY_INFORMATION),
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* Ensure we have OWNER/GROUP/DACL set. */
if ((security_info_sent & (SECINFO_OWNER|
- GROUP_SECURITY_INFORMATION|
+ SECINFO_GROUP|
DACL_SECURITY_INFORMATION)) !=
(SECINFO_OWNER|
- GROUP_SECURITY_INFORMATION|
+ SECINFO_GROUP|
DACL_SECURITY_INFORMATION)) {
/* No we don't - read from the existing SD. */
struct security_descriptor *nc_psd = NULL;
status = get_nt_acl_internal(handle, fsp,
NULL,
(SECINFO_OWNER|
- GROUP_SECURITY_INFORMATION|
+ SECINFO_GROUP|
DACL_SECURITY_INFORMATION),
&nc_psd);
}
security_info_sent |= SECINFO_OWNER;
- if (security_info_sent & GROUP_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_GROUP) {
nc_psd->group_sid = psd->group_sid;
}
- security_info_sent |= GROUP_SECURITY_INFORMATION;
+ security_info_sent |= SECINFO_GROUP;
if (security_info_sent & DACL_SECURITY_INFORMATION) {
nc_psd->dacl = dup_sec_acl(talloc_tos(), psd->dacl);
SEC_DESC_SELF_RELATIVE,
(security_info & SECINFO_OWNER)
? &owner_sid : NULL,
- (security_info & GROUP_SECURITY_INFORMATION)
+ (security_info & SECINFO_GROUP)
? &group_sid : NULL,
NULL, psa, &sd_size);
nt_status = SMB_VFS_FGET_NT_ACL(fsp,
(SECINFO_OWNER
- |GROUP_SECURITY_INFORMATION
+ |SECINFO_GROUP
|DACL_SECURITY_INFORMATION), &psd);
if (!NT_STATUS_IS_OK(nt_status)) {
security_info_sent &= ~SECINFO_OWNER;
}
if (psd->group_sid==0) {
- security_info_sent &= ~GROUP_SECURITY_INFORMATION;
+ security_info_sent &= ~SECINFO_GROUP;
}
if (psd->sacl==0) {
security_info_sent &= ~SACL_SECURITY_INFORMATION;
break;
case SECINFO_OWNER:
- case GROUP_SECURITY_INFORMATION:
+ case SECINFO_GROUP:
required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
break;
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
- GROUP_SECURITY_INFORMATION |
+ SECINFO_GROUP |
DACL_SECURITY_INFORMATION),
&secdesc);
if (!NT_STATUS_IS_OK(status)) {
security_info_sent &= ~SECINFO_OWNER;
}
if (psd->group_sid == NULL) {
- security_info_sent &= ~GROUP_SECURITY_INFORMATION;
+ security_info_sent &= ~SECINFO_GROUP;
}
/* Convert all the generic bits. */
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
- GROUP_SECURITY_INFORMATION |
+ SECINFO_GROUP |
DACL_SECURITY_INFORMATION),&sd);
if (!NT_STATUS_IS_OK(status)) {
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
- GROUP_SECURITY_INFORMATION |
+ SECINFO_GROUP |
DACL_SECURITY_INFORMATION),&sd);
if (!NT_STATUS_IS_OK(status)) {
security_acl_map_generic(sd->sacl, &file_generic_mapping);
if (sec_info_sent & (SECINFO_OWNER|
- GROUP_SECURITY_INFORMATION|
+ SECINFO_GROUP|
DACL_SECURITY_INFORMATION|
SACL_SECURITY_INFORMATION)) {
status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
* This may be an owner chown only set.
*/
- if (security_info_sent & GROUP_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_GROUP) {
sid_copy(&grp_sid, psd->group_sid);
if (!sid_to_gid( &grp_sid, pgrp)) {
if (lp_force_unknown_acl_user(SNUM(conn))) {
psd = make_standard_sec_desc( talloc_tos(),
(security_info & SECINFO_OWNER) ? &owner_sid : NULL,
- (security_info & GROUP_SECURITY_INFORMATION) ? &group_sid : NULL,
+ (security_info & SECINFO_GROUP) ? &group_sid : NULL,
psa,
&sd_size);