size_t i;
for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&ace->sid, &token->user_sids[i]))
+ if (sid_equal(&ace->trustee, &token->user_sids[i]))
return True;
}
DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
(unsigned int)i, ace->type, ace->flags,
- sid_to_string(sid_str, &ace->sid),
+ sid_to_string(sid_str, &ace->trustee),
(unsigned int) ace->info.mask,
(unsigned int)tmp_acc_desired ));
continue;
init_sec_access(&new_ace->info, ace->info.mask);
- init_sec_ace(new_ace, &ace->sid, ace->type,
+ init_sec_ace(new_ace, &ace->trustee, ace->type,
new_ace->info, new_flags);
- sid_to_string(sid_str, &ace->sid);
+ sid_to_string(sid_str, &ace->trustee);
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n", sid_str,
struct canon_ace *next, *prev;
SMB_ACL_TAG_T type;
mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
- DOM_SID sid;
+ DOM_SID trustee;
enum ace_owner owner_type;
enum ace_attribute attr;
posix_id unix_ug;
fstring str;
dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
- dbgtext( "SID = %s ", sid_to_string( str, &pace->sid));
+ dbgtext( "SID = %s ", sid_to_string( str, &pace->trustee));
if (pace->owner_type == UID_ACE) {
struct passwd *pass = sys_getpwuid(pace->unix_ug.uid);
dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, pass ? pass->pw_name : "UNKNOWN");
curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
- if (sid_equal(&curr_ace->sid, &curr_ace_outer->sid) &&
+ if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace->attr == curr_ace_outer->attr)) {
if( DEBUGLVL( 10 )) {
* we've put on the ACL, we know the deny must be the first one.
*/
- if (sid_equal(&curr_ace->sid, &curr_ace_outer->sid) &&
+ if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
if( DEBUGLVL( 10 )) {
pace->type = SMB_ACL_USER_OBJ;
pace->owner_type = UID_ACE;
pace->unix_ug.uid = pst->st_uid;
- pace->sid = *pfile_owner_sid;
+ pace->trustee = *pfile_owner_sid;
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
pace->attr = ALLOW_ACE;
pace->type = SMB_ACL_GROUP_OBJ;
pace->owner_type = GID_ACE;
pace->unix_ug.uid = pst->st_gid;
- pace->sid = *pfile_grp_sid;
+ pace->trustee = *pfile_grp_sid;
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
pace->attr = ALLOW_ACE;
pace->type = SMB_ACL_OTHER;
pace->owner_type = WORLD_ACE;
pace->unix_ug.world = -1;
- pace->sid = global_sid_World;
+ pace->trustee = global_sid_World;
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH);
pace->attr = ALLOW_ACE;
if (psa1->info.mask != psa2->info.mask)
continue;
- if (!sid_equal(&psa1->sid, &psa2->sid))
+ if (!sid_equal(&psa1->trustee, &psa2->trustee))
continue;
/*
* Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
*/
- if (non_mappable_sid(&psa->sid)) {
+ if (non_mappable_sid(&psa->trustee)) {
fstring str;
DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
- sid_to_string(str, &psa->sid) ));
+ sid_to_string(str, &psa->trustee) ));
continue;
}
ZERO_STRUCTP(current_ace);
- sid_copy(¤t_ace->sid, &psa->sid);
+ sid_copy(¤t_ace->trustee, &psa->trustee);
/*
* Try and work out if the SID is a user or group
* as we need to flag these differently for POSIX.
*/
- if( sid_equal(¤t_ace->sid, &global_sid_World)) {
+ if( sid_equal(¤t_ace->trustee, &global_sid_World)) {
current_ace->owner_type = WORLD_ACE;
current_ace->unix_ug.world = -1;
- } else if (sid_to_uid( ¤t_ace->sid, ¤t_ace->unix_ug.uid, &sid_type)) {
+ } else if (sid_to_uid( ¤t_ace->trustee, ¤t_ace->unix_ug.uid, &sid_type)) {
current_ace->owner_type = UID_ACE;
- } else if (sid_to_gid( ¤t_ace->sid, ¤t_ace->unix_ug.gid, &sid_type)) {
+ } else if (sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid, &sid_type)) {
current_ace->owner_type = GID_ACE;
} else {
fstring str;
free_canon_ace_list(dir_ace);
SAFE_FREE(current_ace);
DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",
- sid_to_string(str, ¤t_ace->sid) ));
+ sid_to_string(str, ¤t_ace->trustee) ));
return False;
}
* Now note what kind of a POSIX ACL this should map to.
*/
- if(sid_equal(¤t_ace->sid, pfile_owner_sid)) {
+ if(sid_equal(¤t_ace->trustee, pfile_owner_sid)) {
current_ace->type = SMB_ACL_USER_OBJ;
- } else if( sid_equal(¤t_ace->sid, pfile_grp_sid)) {
+ } else if( sid_equal(¤t_ace->trustee, pfile_grp_sid)) {
current_ace->type = SMB_ACL_GROUP_OBJ;
- } else if( sid_equal(¤t_ace->sid, &global_sid_World)) {
+ } else if( sid_equal(¤t_ace->trustee, &global_sid_World)) {
current_ace->type = SMB_ACL_OTHER;
/* "Everyone" always matches every uid. */
- if (sid_equal(&group_ace->sid, &global_sid_World))
+ if (sid_equal(&group_ace->trustee, &global_sid_World))
return True;
if (!(pass = sys_getpwuid(uid_ace->unix_ug.uid)))
continue;
}
- if (!sid_equal(&curr_ace->sid, &global_sid_World))
+ if (!sid_equal(&curr_ace->trustee, &global_sid_World))
continue;
/* JRATEST - assert. */
ace->type = tagtype;
ace->perms = convert_permset_to_mode_t(permset);
ace->attr = ALLOW_ACE;
- ace->sid = sid;
+ ace->trustee = sid;
ace->unix_ug = unix_ug;
ace->owner_type = owner_type;
for (i = 0; i < num_acls; i++, ace = ace->next) {
SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
- init_sec_ace(&nt_ace_list[num_aces++], &ace->sid, nt_acl_type, acc, 0);
+ init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, 0);
}
ace = dir_ace;
for (i = 0; i < num_dir_acls; i++, ace = ace->next) {
SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
- init_sec_ace(&nt_ace_list[num_aces++], &ace->sid, nt_acl_type, acc,
+ init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc,
SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
}
int do_print = 0;
uint32 got_mask;
- SidToString(sidstr, &ace->sid);
+ SidToString(sidstr, &ace->trustee);
fprintf(f, "%s:", sidstr);
static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2)
{
- if (sec_ace_equal(ace1, ace2)) return 0;
- if (ace1->type != ace2->type) return ace2->type - ace1->type;
- if (sid_compare(&ace1->sid, &ace2->sid)) return sid_compare(&ace1->sid, &ace2->sid);
- if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags;
- if (ace1->info.mask != ace2->info.mask) return ace1->info.mask - ace2->info.mask;
- if (ace1->size != ace2->size) return ace1->size - ace2->size;
+ if (sec_ace_equal(ace1, ace2))
+ return 0;
+
+ if (ace1->type != ace2->type)
+ return ace2->type - ace1->type;
+
+ if (sid_compare(&ace1->trustee, &ace2->trustee))
+ return sid_compare(&ace1->trustee, &ace2->trustee);
+
+ if (ace1->flags != ace2->flags)
+ return ace1->flags - ace2->flags;
+
+ if (ace1->info.mask != ace2->info.mask)
+ return ace1->info.mask - ace2->info.mask;
+
+ if (ace1->size != ace2->size)
+ return ace1->size - ace2->size;
+
return memcmp(ace1, ace2, sizeof(SEC_ACE));
}
BOOL found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->ace[i].sid,
- &old->dacl->ace[j].sid)) {
+ if (sid_equal(&sd->dacl->ace[i].trustee,
+ &old->dacl->ace[j].trustee)) {
old->dacl->ace[j] = sd->dacl->ace[i];
found = True;
}
if (!found) {
fstring str;
- SidToString(str, &sd->dacl->ace[i].sid);
+ SidToString(str, &sd->dacl->ace[i].trustee);
printf("ACL for SID %s not found\n", str);
}
}