summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-06-02 23:35:44 +0200
committerGünther Deschner <gd@samba.org>2010-06-03 11:00:12 +0200
commita75436e3ee11fa1491bfa574523269be716fc892 (patch)
tree16b926c2956bfb9bbf2e4814c86bca985cd8d85a
parente24a59f932897888cadae31469366663aca1a414 (diff)
downloadsamba-a75436e3ee11fa1491bfa574523269be716fc892.tar.gz
samba-a75436e3ee11fa1491bfa574523269be716fc892.tar.bz2
samba-a75436e3ee11fa1491bfa574523269be716fc892.zip
s3-security: use shared SECINFO_DACL define.
Guenther
-rw-r--r--libgpo/gpo_ldap.c2
-rw-r--r--source3/include/rpc_secdes.h4
-rw-r--r--source3/lib/secdesc.c2
-rw-r--r--source3/libsmb/clisecdesc.c2
-rw-r--r--source3/modules/nfs4_acls.c4
-rw-r--r--source3/modules/onefs_acl.c6
-rw-r--r--source3/modules/vfs_acl_common.c20
-rw-r--r--source3/modules/vfs_afsacl.c2
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c4
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c6
-rw-r--r--source3/rpcclient/cmd_lsarpc.c2
-rw-r--r--source3/rpcclient/cmd_samr.c2
-rw-r--r--source3/smbd/file_access.c4
-rw-r--r--source3/smbd/nttrans.c2
-rw-r--r--source3/smbd/open.c6
-rw-r--r--source3/smbd/posix_acls.c12
-rw-r--r--source3/utils/net_ads_gpo.c2
17 files changed, 40 insertions, 42 deletions
diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c
index 66e90fb0c9..367756d7a2 100644
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@@ -485,7 +485,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
"ntSecurityDescriptor",
"versionNumber",
NULL};
- uint32_t sd_flags = DACL_SECURITY_INFORMATION;
+ uint32_t sd_flags = SECINFO_DACL;
ZERO_STRUCTP(gpo);
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index f4eb22cfef..1eefbc92da 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -24,8 +24,6 @@
/* for ADS */
#define SEC_RIGHTS_FULL_CTRL 0xf01ff
-/* security information */
-#define DACL_SECURITY_INFORMATION 0x00000004
/* Extra W2K flags. */
#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
@@ -33,7 +31,7 @@
#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
- DACL_SECURITY_INFORMATION|SECINFO_SACL|\
+ SECINFO_DACL|SECINFO_SACL|\
UNPROTECTED_SACL_SECURITY_INFORMATION|\
UNPROTECTED_DACL_SECURITY_INFORMATION|\
PROTECTED_SACL_SECURITY_INFORMATION|\
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index b1e12c3f2b..8cabe0b5f5 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -52,7 +52,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd)
sec_info &= ~SECINFO_SACL;
}
if (sd->dacl == NULL) {
- sec_info &= ~DACL_SECURITY_INFORMATION;
+ sec_info &= ~SECINFO_DACL;
}
return sec_info;
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index bddf3895a0..1fc3da0c86 100644
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -91,7 +91,7 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
SIVAL(param, 0, fnum);
if (sd->dacl)
- sec_info |= DACL_SECURITY_INFORMATION;
+ sec_info |= SECINFO_DACL;
if (sd->owner_sid)
sec_info |= SECINFO_OWNER;
if (sd->group_sid)
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 9f383cfc16..a6b9c6ed01 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -734,7 +734,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
- if ((security_info_sent & (DACL_SECURITY_INFORMATION |
+ if ((security_info_sent & (SECINFO_DACL |
SECINFO_GROUP | SECINFO_OWNER)) == 0)
{
DEBUG(9, ("security_info_sent (0x%x) ignored\n",
@@ -784,7 +784,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
}
}
- if (!(security_info_sent & DACL_SECURITY_INFORMATION) || psd->dacl ==NULL) {
+ if (!(security_info_sent & SECINFO_DACL) || psd->dacl ==NULL) {
DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent));
return NT_STATUS_OK;
}
diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c
index 4fa2e79c7b..7080f6c660 100644
--- a/source3/modules/onefs_acl.c
+++ b/source3/modules/onefs_acl.c
@@ -725,7 +725,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
}
/* Copy DACL into ppdesc */
- if (security_info & DACL_SECURITY_INFORMATION) {
+ if (security_info & SECINFO_DACL) {
if (!onefs_acl_to_samba_acl(sd->dacl, &dacl)) {
status = NT_STATUS_INVALID_PARAMETER;
goto out;
@@ -860,13 +860,13 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent,
}
/* Setup DACL */
- if ((security_info_sent & DACL_SECURITY_INFORMATION) && (psd->dacl)) {
+ if ((security_info_sent & SECINFO_DACL) && (psd->dacl)) {
if (!onefs_samba_acl_to_acl(psd->dacl, &daclp, &ignore_aces,
snum))
return NT_STATUS_ACCESS_DENIED;
if (ignore_aces == true)
- *security_info_effective &= ~DACL_SECURITY_INFORMATION;
+ *security_info_effective &= ~SECINFO_DACL;
}
/* Setup SACL */
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 59aa70310f..79eb533af7 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -38,7 +38,7 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
#define HASH_SECURITY_INFO (SECINFO_OWNER | \
SECINFO_GROUP | \
- DACL_SECURITY_INFORMATION | \
+ SECINFO_DACL | \
SECINFO_SACL)
/*******************************************************************
@@ -377,7 +377,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
if (!(security_info & SECINFO_GROUP)) {
psd->group_sid = NULL;
}
- if (!(security_info & DACL_SECURITY_INFORMATION)) {
+ if (!(security_info & SECINFO_DACL)) {
psd->dacl = NULL;
}
if (!(security_info & SECINFO_SACL)) {
@@ -438,7 +438,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
return SMB_VFS_FSET_NT_ACL(fsp,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
psd);
}
@@ -461,7 +461,7 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle,
parent_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
&parent_desc);
if (!NT_STATUS_IS_OK(status)) {
@@ -534,7 +534,7 @@ static int open_acl_common(vfs_handle_struct *handle,
fname,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
@@ -680,10 +680,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
if ((security_info_sent & (SECINFO_OWNER|
SECINFO_GROUP|
- DACL_SECURITY_INFORMATION)) !=
+ SECINFO_DACL)) !=
(SECINFO_OWNER|
SECINFO_GROUP|
- DACL_SECURITY_INFORMATION)) {
+ SECINFO_DACL)) {
/* No we don't - read from the existing SD. */
struct security_descriptor *nc_psd = NULL;
@@ -691,7 +691,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
NULL,
(SECINFO_OWNER|
SECINFO_GROUP|
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
&nc_psd);
if (!NT_STATUS_IS_OK(status)) {
@@ -709,13 +709,13 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
}
security_info_sent |= SECINFO_GROUP;
- if (security_info_sent & DACL_SECURITY_INFORMATION) {
+ if (security_info_sent & SECINFO_DACL) {
nc_psd->dacl = dup_sec_acl(talloc_tos(), psd->dacl);
if (nc_psd->dacl == NULL) {
return NT_STATUS_NO_MEMORY;
}
}
- security_info_sent |= DACL_SECURITY_INFORMATION;
+ security_info_sent |= SECINFO_DACL;
psd = nc_psd;
}
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index f2ff474f06..dacd58f7ae 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -731,7 +731,7 @@ static bool nt_to_afs_acl(const char *filename,
/* Currently we *only* look at the dacl */
- if (((security_info_sent & DACL_SECURITY_INFORMATION) == 0) ||
+ if (((security_info_sent & SECINFO_DACL) == 0) ||
(psd->dacl == NULL))
return True;
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index bdf7018147..14461df355 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -2148,7 +2148,7 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
nt_status = SMB_VFS_FGET_NT_ACL(fsp,
(SECINFO_OWNER
|SECINFO_GROUP
- |DACL_SECURITY_INFORMATION), &psd);
+ |SECINFO_DACL), &psd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL "
@@ -2289,7 +2289,7 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
security_info_sent &= ~SECINFO_SACL;
}
if (psd->dacl==0) {
- security_info_sent &= ~DACL_SECURITY_INFORMATION;
+ security_info_sent &= ~SECINFO_DACL;
}
/* Convert all the generic bits. */
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index b8dcfbe1c6..02b3c8d833 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -872,9 +872,9 @@ WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p,
if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
return WERR_ACCESS_DENIED;
- /* TODO: handle something besides DACL_SECURITY_INFORMATION */
+ /* TODO: handle something besides SECINFO_DACL */
- if ( (r->in.security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
+ if ( (r->in.security_flags & SECINFO_DACL) != SECINFO_DACL )
return WERR_INVALID_PARAM;
/* lookup the security descriptor and marshall it up for a reply */
@@ -922,7 +922,7 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
/* check the access on the open handle */
switch ( r->in.security_flags ) {
- case DACL_SECURITY_INFORMATION:
+ case SECINFO_DACL:
required_access = STD_RIGHT_WRITE_DAC_ACCESS;
break;
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index da01e6ec94..1cc16fb7f4 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -1040,7 +1040,7 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct sec_desc_buf *sdb;
- uint32 sec_info = DACL_SECURITY_INFORMATION;
+ uint32 sec_info = SECINFO_DACL;
if (argc < 1 || argc > 2) {
printf("Usage: %s [sec_info]\n", argv[0]);
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 199c8b1dcc..367c3b864b 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -2160,7 +2160,7 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
{
struct policy_handle connect_pol, domain_pol, user_pol, *pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- uint32 sec_info = DACL_SECURITY_INFORMATION;
+ uint32 sec_info = SECINFO_DACL;
uint32 user_rid = 0;
TALLOC_CTX *ctx = NULL;
struct sec_desc_buf *sec_desc_buf=NULL;
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index bd0a725e9d..1d1776218e 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -44,7 +44,7 @@ bool can_access_file_acl(struct connection_struct *conn,
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),
+ SECINFO_DACL),
&secdesc);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Could not get acl: %s\n", nt_errstr(status)));
@@ -252,7 +252,7 @@ bool directory_has_default_acl(connection_struct *conn, const char *fname)
struct security_descriptor *secdesc = NULL;
unsigned int i;
NTSTATUS status = SMB_VFS_GET_NT_ACL(conn, fname,
- DACL_SECURITY_INFORMATION, &secdesc);
+ SECINFO_DACL, &secdesc);
if (!NT_STATUS_IS_OK(status) || secdesc == NULL) {
return false;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 1b34b6ce80..04c32260a9 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1809,7 +1809,7 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
security_info_wanted & SECINFO_SACL)
psd->type |= SEC_DESC_SACL_PRESENT;
if (psd->dacl == NULL &&
- security_info_wanted & DACL_SECURITY_INFORMATION)
+ security_info_wanted & SECINFO_DACL)
psd->type |= SEC_DESC_DACL_PRESENT;
*psd_size = ndr_size_security_descriptor(psd, 0);
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index f6905eaaa1..4fc464d8ab 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -91,7 +91,7 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),&sd);
+ SECINFO_DACL),&sd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("smbd_check_open_rights: Could not get acl "
@@ -1415,7 +1415,7 @@ static NTSTATUS calculate_access_mask(connection_struct *conn,
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- DACL_SECURITY_INFORMATION),&sd);
+ SECINFO_DACL),&sd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("calculate_access_mask: Could not get acl "
@@ -3211,7 +3211,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
if (sec_info_sent & (SECINFO_OWNER|
SECINFO_GROUP|
- DACL_SECURITY_INFORMATION|
+ SECINFO_DACL|
SECINFO_SACL)) {
status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
}
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index c6b0cfdeeb..a809b909b3 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2337,7 +2337,7 @@ static bool unpack_canon_ace(files_struct *fsp,
* If no DACL then this is a chown only security descriptor.
*/
- if(!(security_info_sent & DACL_SECURITY_INFORMATION) || !psd->dacl)
+ if(!(security_info_sent & SECINFO_DACL) || !psd->dacl)
return True;
/*
@@ -3206,7 +3206,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
num_profile_acls = 3;
}
- if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
+ if ((security_info & SECINFO_DACL) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
/*
* In the optimum case Creator Owner and Creator Group would be used for
@@ -3385,7 +3385,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
goto done;
}
}
- } /* security_info & DACL_SECURITY_INFORMATION */
+ } /* security_info & SECINFO_DACL */
psd = make_standard_sec_desc( talloc_tos(),
(security_info & SECINFO_OWNER) ? &owner_sid : NULL,
@@ -3682,7 +3682,7 @@ NTSTATUS append_parent_acl(files_struct *fsp,
}
status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, smb_dname->base_name,
- DACL_SECURITY_INFORMATION, &parent_sd );
+ SECINFO_DACL, &parent_sd );
close_file(NULL, parent_fsp, NORMAL_CLOSE);
TALLOC_FREE(smb_dname);
@@ -3937,7 +3937,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
* Only change security if we got a DACL.
*/
- if(!(security_info_sent & DACL_SECURITY_INFORMATION) || (psd->dacl == NULL)) {
+ if(!(security_info_sent & SECINFO_DACL) || (psd->dacl == NULL)) {
free_canon_ace_list(file_ace_list);
free_canon_ace_list(dir_ace_list);
return NT_STATUS_OK;
@@ -4747,7 +4747,7 @@ struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fna
return NULL;
}
- if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, DACL_SECURITY_INFORMATION, &psd))) {
+ if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, SECINFO_DACL, &psd))) {
DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
TALLOC_FREE(finfo.fsp_name);
conn_free(conn);
diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c
index e47efe768e..b120ca597b 100644
--- a/source3/utils/net_ads_gpo.c
+++ b/source3/utils/net_ads_gpo.c
@@ -248,7 +248,7 @@ static int net_ads_gpo_list_all(struct net_context *c, int argc, const char **ar
LDAP_SCOPE_SUBTREE,
"(objectclass=groupPolicyContainer)",
attrs,
- DACL_SECURITY_INFORMATION,
+ SECINFO_DACL,
&res);
if (!ADS_ERR_OK(status)) {