summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-06-02 23:22:12 +0200
committerGünther Deschner <gd@samba.org>2010-06-03 10:59:15 +0200
commit415d3d5fe7637e8f9a649665497d3972391750b6 (patch)
tree54148725791d128842e9d1926fb3de01cd88f829
parent788d7f9e4ae76105ee481bde42e2ddb8fdac2617 (diff)
downloadsamba-415d3d5fe7637e8f9a649665497d3972391750b6.tar.gz
samba-415d3d5fe7637e8f9a649665497d3972391750b6.tar.bz2
samba-415d3d5fe7637e8f9a649665497d3972391750b6.zip
s3-security: use shared SECINFO_OWNER define.
Guenther
-rw-r--r--source3/include/rpc_secdes.h3
-rw-r--r--source3/lib/secdesc.c2
-rw-r--r--source3/libsmb/clisecdesc.c2
-rw-r--r--source3/modules/nfs4_acls.c4
-rw-r--r--source3/modules/onefs_acl.c4
-rw-r--r--source3/modules/vfs_acl_common.c20
-rw-r--r--source3/modules/vfs_afsacl.c2
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c4
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c2
-rw-r--r--source3/smbd/file_access.c2
-rw-r--r--source3/smbd/nttrans.c2
-rw-r--r--source3/smbd/open.c6
-rw-r--r--source3/smbd/posix_acls.c4
13 files changed, 28 insertions, 29 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 0badd0a478..0fcab46a66 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -25,7 +25,6 @@
#define SEC_RIGHTS_FULL_CTRL 0xf01ff
/* security information */
-#define OWNER_SECURITY_INFORMATION 0x00000001
#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
@@ -35,7 +34,7 @@
#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000
#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
-#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
+#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|GROUP_SECURITY_INFORMATION|\
DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
UNPROTECTED_SACL_SECURITY_INFORMATION|\
UNPROTECTED_DACL_SECURITY_INFORMATION|\
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index fc40b9ebf8..2cd6b98016 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -43,7 +43,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd)
SMB_ASSERT(sd);
if (sd->owner_sid == NULL) {
- sec_info &= ~OWNER_SECURITY_INFORMATION;
+ sec_info &= ~SECINFO_OWNER;
}
if (sd->group_sid == NULL) {
sec_info &= ~GROUP_SECURITY_INFORMATION;
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index b6eff394c6..5f404d97b3 100644
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -93,7 +93,7 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
if (sd->dacl)
sec_info |= DACL_SECURITY_INFORMATION;
if (sd->owner_sid)
- sec_info |= OWNER_SECURITY_INFORMATION;
+ sec_info |= SECINFO_OWNER;
if (sd->group_sid)
sec_info |= GROUP_SECURITY_INFORMATION;
SSVAL(param, 4, sec_info);
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 875f18c3b3..122fa9294f 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -322,7 +322,7 @@ static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf,
DEBUG(10,("after make sec_acl\n"));
*ppdesc = make_sec_desc(mem_ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
- (security_info & OWNER_SECURITY_INFORMATION) ? &sid_owner : NULL,
+ (security_info & SECINFO_OWNER) ? &sid_owner : NULL,
(security_info & GROUP_SECURITY_INFORMATION) ? &sid_group : NULL,
NULL, psa, &sd_size);
if (*ppdesc==NULL) {
@@ -735,7 +735,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
if ((security_info_sent & (DACL_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION)) == 0)
+ GROUP_SECURITY_INFORMATION | SECINFO_OWNER)) == 0)
{
DEBUG(9, ("security_info_sent (0x%x) ignored\n",
security_info_sent));
diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c
index 3337dea255..65e58e1797 100644
--- a/source3/modules/onefs_acl.c
+++ b/source3/modules/onefs_acl.c
@@ -705,7 +705,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
sacl = NULL;
/* Copy owner into ppdesc */
- if (security_info & OWNER_SECURITY_INFORMATION) {
+ if (security_info & SECINFO_OWNER) {
if (!onefs_identity_to_sid(sd->owner, &owner_sid)) {
status = NT_STATUS_INVALID_PARAMETER;
goto out;
@@ -840,7 +840,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent,
*security_info_effective = security_info_sent;
/* Setup owner */
- if (security_info_sent & OWNER_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_OWNER) {
if (!onefs_og_to_identity(psd->owner_sid, &owner, false, snum))
return NT_STATUS_ACCESS_DENIED;
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index a3f207738e..0e408d85af 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -36,7 +36,7 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
files_struct *fsp,
DATA_BLOB *pblob);
-#define HASH_SECURITY_INFO (OWNER_SECURITY_INFORMATION | \
+#define HASH_SECURITY_INFO (SECINFO_OWNER | \
GROUP_SECURITY_INFORMATION | \
DACL_SECURITY_INFORMATION | \
SACL_SECURITY_INFORMATION)
@@ -371,7 +371,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
}
}
- if (!(security_info & OWNER_SECURITY_INFORMATION)) {
+ if (!(security_info & SECINFO_OWNER)) {
psd->owner_sid = NULL;
}
if (!(security_info & GROUP_SECURITY_INFORMATION)) {
@@ -436,7 +436,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
}
return SMB_VFS_FSET_NT_ACL(fsp,
- (OWNER_SECURITY_INFORMATION |
+ (SECINFO_OWNER |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),
psd);
@@ -459,7 +459,7 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle,
status = get_nt_acl_internal(handle,
NULL,
parent_name,
- (OWNER_SECURITY_INFORMATION |
+ (SECINFO_OWNER |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),
&parent_desc);
@@ -532,7 +532,7 @@ static int open_acl_common(vfs_handle_struct *handle,
status = get_nt_acl_internal(handle,
NULL,
fname,
- (OWNER_SECURITY_INFORMATION |
+ (SECINFO_OWNER |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),
&pdesc);
@@ -678,10 +678,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
/* Ensure we have OWNER/GROUP/DACL set. */
- if ((security_info_sent & (OWNER_SECURITY_INFORMATION|
+ if ((security_info_sent & (SECINFO_OWNER|
GROUP_SECURITY_INFORMATION|
DACL_SECURITY_INFORMATION)) !=
- (OWNER_SECURITY_INFORMATION|
+ (SECINFO_OWNER|
GROUP_SECURITY_INFORMATION|
DACL_SECURITY_INFORMATION)) {
/* No we don't - read from the existing SD. */
@@ -689,7 +689,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
status = get_nt_acl_internal(handle, fsp,
NULL,
- (OWNER_SECURITY_INFORMATION|
+ (SECINFO_OWNER|
GROUP_SECURITY_INFORMATION|
DACL_SECURITY_INFORMATION),
&nc_psd);
@@ -699,10 +699,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
}
/* This is safe as nc_psd is discarded at fn exit. */
- if (security_info_sent & OWNER_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_OWNER) {
nc_psd->owner_sid = psd->owner_sid;
}
- security_info_sent |= OWNER_SECURITY_INFORMATION;
+ security_info_sent |= SECINFO_OWNER;
if (security_info_sent & GROUP_SECURITY_INFORMATION) {
nc_psd->group_sid = psd->group_sid;
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index 1f495d9448..7ea0eafd21 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -644,7 +644,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
*ppdesc = make_sec_desc(mem_ctx, SD_REVISION,
SEC_DESC_SELF_RELATIVE,
- (security_info & OWNER_SECURITY_INFORMATION)
+ (security_info & SECINFO_OWNER)
? &owner_sid : NULL,
(security_info & GROUP_SECURITY_INFORMATION)
? &group_sid : NULL,
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 40c26f6809..1271971ac6 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -2146,7 +2146,7 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
}
nt_status = SMB_VFS_FGET_NT_ACL(fsp,
- (OWNER_SECURITY_INFORMATION
+ (SECINFO_OWNER
|GROUP_SECURITY_INFORMATION
|DACL_SECURITY_INFORMATION), &psd);
@@ -2280,7 +2280,7 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
security_info_sent = r->in.securityinformation;
if (psd->owner_sid==0) {
- security_info_sent &= ~OWNER_SECURITY_INFORMATION;
+ security_info_sent &= ~SECINFO_OWNER;
}
if (psd->group_sid==0) {
security_info_sent &= ~GROUP_SECURITY_INFORMATION;
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index bc751e79b8..e67ab8e8ce 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -926,7 +926,7 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
required_access = STD_RIGHT_WRITE_DAC_ACCESS;
break;
- case OWNER_SECURITY_INFORMATION:
+ case SECINFO_OWNER:
case GROUP_SECURITY_INFORMATION:
required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
break;
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index b487afb5e8..2404bacc38 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -42,7 +42,7 @@ bool can_access_file_acl(struct connection_struct *conn,
}
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
- (OWNER_SECURITY_INFORMATION |
+ (SECINFO_OWNER |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),
&secdesc);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 577a7e4076..9b838a616d 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -846,7 +846,7 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len,
}
if (psd->owner_sid == NULL) {
- security_info_sent &= ~OWNER_SECURITY_INFORMATION;
+ security_info_sent &= ~SECINFO_OWNER;
}
if (psd->group_sid == NULL) {
security_info_sent &= ~GROUP_SECURITY_INFORMATION;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ca5b133ec6..0bec72582a 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -89,7 +89,7 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
struct security_descriptor *sd = NULL;
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
- (OWNER_SECURITY_INFORMATION |
+ (SECINFO_OWNER |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),&sd);
@@ -1413,7 +1413,7 @@ static NTSTATUS calculate_access_mask(connection_struct *conn,
uint32_t access_granted = 0;
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
- (OWNER_SECURITY_INFORMATION |
+ (SECINFO_OWNER |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),&sd);
@@ -3209,7 +3209,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
security_acl_map_generic(sd->dacl, &file_generic_mapping);
security_acl_map_generic(sd->sacl, &file_generic_mapping);
- if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
+ if (sec_info_sent & (SECINFO_OWNER|
GROUP_SECURITY_INFORMATION|
DACL_SECURITY_INFORMATION|
SACL_SECURITY_INFORMATION)) {
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 36d18b013c..5fa8f6dc67 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1197,7 +1197,7 @@ NTSTATUS unpack_nt_owners(struct connection_struct *conn,
* This may be a group chown only set.
*/
- if (security_info_sent & OWNER_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_OWNER) {
sid_copy(&owner_sid, psd->owner_sid);
if (!sid_to_uid(&owner_sid, puser)) {
if (lp_force_unknown_acl_user(SNUM(conn))) {
@@ -3388,7 +3388,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
} /* security_info & DACL_SECURITY_INFORMATION */
psd = make_standard_sec_desc( talloc_tos(),
- (security_info & OWNER_SECURITY_INFORMATION) ? &owner_sid : NULL,
+ (security_info & SECINFO_OWNER) ? &owner_sid : NULL,
(security_info & GROUP_SECURITY_INFORMATION) ? &group_sid : NULL,
psa,
&sd_size);