diff options
| author | Tim Prouty <tprouty@samba.org> | 2008-11-04 18:08:03 -0800 |
|---|---|---|
| committer | Tim Prouty <tprouty@samba.org> | 2008-12-09 14:51:48 -0800 |
| commit | 6153f622af0cd7855ca349f73307988c1b9478b8 (patch) | |
| tree | 061ec1daaceba2cfe933ef42c9e9e6a908ba17e6 | |
| parent | d5d9d3dc0e2c85ab608972cfa8e41122504fb75e (diff) | |
| download | samba-6153f622af0cd7855ca349f73307988c1b9478b8.tar.gz samba-6153f622af0cd7855ca349f73307988c1b9478b8.tar.bz2 samba-6153f622af0cd7855ca349f73307988c1b9478b8.zip | |
s3: Refactor getting sec_info from a security_descriptor into separate function
| -rw-r--r-- | source3/include/proto.h | 1 | ||||
| -rw-r--r-- | source3/lib/secdesc.c | 27 | ||||
| -rw-r--r-- | source3/smbd/open.c | 15 |
3 files changed, 30 insertions, 13 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 9de64d018c..26d131e393 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -723,6 +723,7 @@ bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2); /* The following definitions come from lib/secdesc.c */ bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2); +uint32_t get_sec_info(const SEC_DESC *sd); SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb); SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, enum security_descriptor_revision revision, diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index df85336603..400f5f31b0 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -100,6 +100,33 @@ bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) } /******************************************************************* + Given a security_descriptor return the sec_info. +********************************************************************/ + +uint32_t get_sec_info(const SEC_DESC *sd) +{ + uint32_t sec_info = ALL_SECURITY_INFORMATION; + + SMB_ASSERT(sd); + + if (sd->owner_sid == NULL) { + sec_info &= ~OWNER_SECURITY_INFORMATION; + } + if (sd->group_sid == NULL) { + sec_info &= ~GROUP_SECURITY_INFORMATION; + } + if (sd->sacl == NULL) { + sec_info &= ~SACL_SECURITY_INFORMATION; + } + if (sd->dacl == NULL) { + sec_info &= ~DACL_SECURITY_INFORMATION; + } + + return sec_info; +} + + +/******************************************************************* Merge part of security descriptor old_sec in to the empty sections of security descriptor new_sec. ********************************************************************/ diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 5bd28862e1..d59f018cfb 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2963,21 +2963,10 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, if ((sd != NULL) && (info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn))) { - uint32_t sec_info_sent = ALL_SECURITY_INFORMATION; + uint32_t sec_info_sent; uint32_t saved_access_mask = fsp->access_mask; - if (sd->owner_sid == NULL) { - sec_info_sent &= ~OWNER_SECURITY_INFORMATION; - } - if (sd->group_sid == NULL) { - sec_info_sent &= ~GROUP_SECURITY_INFORMATION; - } - if (sd->sacl == NULL) { - sec_info_sent &= ~SACL_SECURITY_INFORMATION; - } - if (sd->dacl == NULL) { - sec_info_sent &= ~DACL_SECURITY_INFORMATION; - } + sec_info_sent = get_sec_info(sd); fsp->access_mask = FILE_GENERIC_ALL; |