summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-10-09 09:49:03 -0700
committerJeremy Allison <jra@samba.org>2008-10-09 09:49:03 -0700
commite5692d4cbe70dc4f2aba88db4fa3b68c572c6142 (patch)
treef67b14c975fbf018ac4bbaf947230b95c077a8ed
parent45b359a77f006a366837efa3ad51570942bc4faa (diff)
downloadsamba-e5692d4cbe70dc4f2aba88db4fa3b68c572c6142.tar.gz
samba-e5692d4cbe70dc4f2aba88db4fa3b68c572c6142.tar.bz2
samba-e5692d4cbe70dc4f2aba88db4fa3b68c572c6142.zip
Remove SEC_ACCESS. It's a uint32_t.
Jeremy.
-rw-r--r--source3/include/proto.h3
-rw-r--r--source3/include/rpc_secdes.h3
-rw-r--r--source3/lib/display_sec.c2
-rw-r--r--source3/lib/secace.c2
-rw-r--r--source3/lib/secdesc.c13
-rw-r--r--source3/lib/sharesec.c8
-rw-r--r--source3/lib/util_seaccess.c14
-rw-r--r--source3/libgpo/gpo_reg.c14
-rw-r--r--source3/libsmb/libsmb_xattr.c2
-rw-r--r--source3/modules/nfs4_acls.c4
-rw-r--r--source3/modules/vfs_afsacl.c6
-rw-r--r--source3/printing/nt_printing.c10
-rw-r--r--source3/registry/reg_dispatcher.c10
-rw-r--r--source3/rpc_server/srv_lsa_nt.c10
-rw-r--r--source3/rpc_server/srv_samr_nt.c19
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c9
-rw-r--r--source3/services/services_db.c16
-rw-r--r--source3/smbd/posix_acls.c26
-rw-r--r--source3/utils/sharesec.c2
-rw-r--r--source3/utils/smbcacls.c2
20 files changed, 68 insertions, 107 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 99557a25a1..b7a7ed5479 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -497,7 +497,7 @@ TALLOC_CTX *debug_ctx(void);
/* The following definitions come from lib/display_sec.c */
char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type);
-void display_sec_access(SEC_ACCESS *info);
+void display_sec_access(uint32_t *info);
void display_sec_ace_flags(uint8_t flags);
void display_sec_ace(SEC_ACE *ace);
void display_sec_acl(SEC_ACL *sec_acl);
@@ -776,7 +776,6 @@ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask);
NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size);
SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
bool child_container);
-void init_sec_access(uint32 *t, uint32 mask);
/* The following definitions come from lib/select.c */
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 83103b7386..71fba41fe9 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -70,9 +70,6 @@
PROTECTED_SACL_SECURITY_INFORMATION|\
PROTECTED_DACL_SECURITY_INFORMATION)
-/* SEC_ACCESS */
-typedef uint32 SEC_ACCESS;
-
/* SEC_ACE */
typedef struct security_ace SEC_ACE;
#define SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32))
diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c
index 67392e4568..5427a8173e 100644
--- a/source3/lib/display_sec.c
+++ b/source3/lib/display_sec.c
@@ -118,7 +118,7 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
/****************************************************************************
display sec_access structure
****************************************************************************/
-void display_sec_access(SEC_ACCESS *info)
+void display_sec_access(uint32_t *info)
{
char *mask_str = get_sec_mask_str(NULL, *info);
printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
diff --git a/source3/lib/secace.c b/source3/lib/secace.c
index 8760a6109a..9f5a0c02ba 100644
--- a/source3/lib/secace.c
+++ b/source3/lib/secace.c
@@ -55,7 +55,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
********************************************************************/
void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type,
- uint32 mask, uint8 flag)
+ uint32_t mask, uint8 flag)
{
t->type = type;
t->flags = flag;
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 4965200bc1..52ff067d6a 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -512,7 +512,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
if (!inherit)
continue;
- init_sec_access(&new_ace->access_mask, ace->access_mask);
+ new_ace->access_mask = ace->access_mask;
init_sec_ace(new_ace, &ace->trustee, ace->type,
new_ace->access_mask, new_flags);
@@ -546,14 +546,3 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
return sdb;
}
-
-/*******************************************************************
- Sets up a SEC_ACCESS structure.
-********************************************************************/
-
-void init_sec_access(uint32 *t, uint32 mask)
-{
- *t = mask;
-}
-
-
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index 33f66ca47f..298655e181 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -124,7 +124,7 @@ static bool share_info_db_init(void)
SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
{
- SEC_ACCESS sa;
+ uint32_t sa;
SEC_ACE ace;
SEC_ACL *psa = NULL;
SEC_DESC *psd = NULL;
@@ -132,7 +132,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def
se_map_generic(&spec_access, &file_generic_mapping);
- init_sec_access(&sa, def_access | spec_access );
+ sa = (def_access | spec_access );
init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
@@ -332,7 +332,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
}
for (i = 0; i < num_aces; i++) {
- SEC_ACCESS sa;
+ uint32_t sa;
uint32 g_access;
uint32 s_access;
DOM_SID sid;
@@ -380,7 +380,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
pacl++; /* Go past any ',' */
se_map_generic(&s_access, &file_generic_mapping);
- init_sec_access(&sa, g_access | s_access );
+ sa = (g_access | s_access);
init_sec_ace(&ace_list[i], &sid, type, sa, 0);
}
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index cab4261adf..7e461556b3 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -30,7 +30,7 @@ extern NT_USER_TOKEN anonymous_token;
static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired,
NTSTATUS *status)
{
- uint32 mask = ace->access_mask;
+ uint32_t mask = ace->access_mask;
/*
* Inherit only is ignored.
@@ -346,7 +346,6 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
DOM_SID act_sid;
SEC_ACE ace[3];
- SEC_ACCESS mask;
SEC_ACL *psa = NULL;
@@ -357,13 +356,14 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ);
- init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS);
- init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
- init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[1], &adm_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
+ init_sec_ace(&ace[2], &act_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
diff --git a/source3/libgpo/gpo_reg.c b/source3/libgpo/gpo_reg.c
index 920deeb189..d49315021e 100644
--- a/source3/libgpo/gpo_reg.c
+++ b/source3/libgpo/gpo_reg.c
@@ -689,25 +689,25 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
size_t *sd_size)
{
SEC_ACE ace[6];
- SEC_ACCESS mask;
+ uint32_t mask;
SEC_ACL *acl = NULL;
uint8_t inherit_flags;
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[0],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, 0);
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[1],
&global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, 0);
- init_sec_access(&mask, REG_KEY_READ);
+ mask = REG_KEY_READ;
init_sec_ace(&ace[2],
sid ? sid : &global_sid_Authenticated_Users,
SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -717,19 +717,19 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
SEC_ACE_FLAG_CONTAINER_INHERIT |
SEC_ACE_FLAG_INHERIT_ONLY;
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[3],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, inherit_flags);
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[4],
&global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, inherit_flags);
- init_sec_access(&mask, REG_KEY_READ);
+ mask = REG_KEY_READ;
init_sec_ace(&ace[5],
sid ? sid : &global_sid_Authenticated_Users,
SEC_ACE_TYPE_ACCESS_ALLOWED,
diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c
index f1b3d1415e..ea2c46953c 100644
--- a/source3/libsmb/libsmb_xattr.c
+++ b/source3/libsmb/libsmb_xattr.c
@@ -266,7 +266,7 @@ parse_ace(struct cli_state *ipc_cli,
unsigned int aflags;
unsigned int amask;
DOM_SID sid;
- SEC_ACCESS mask;
+ uint32_t mask;
const struct perm_value *v;
struct perm_value {
const char *perm;
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index f1b8cfffce..f411176590 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -221,7 +221,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
}
for (aceint=aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
- SEC_ACCESS mask;
+ uint32_t mask;
DOM_SID sid;
SMB_ACE4PROP_T *ace = &aceint->prop;
@@ -256,7 +256,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
DEBUG(10, ("mapped %d to %s\n", ace->who.id,
sid_string_dbg(&sid)));
- init_sec_access(&mask, ace->aceMask);
+ mask = ace->aceMask;
init_sec_ace(&nt_ace_list[good_aces++], &sid,
ace->aceType, mask,
ace->aceFlags & 0xf);
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index c78369ac13..8c89d2fd9f 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -592,7 +592,6 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
{
SEC_ACE *nt_ace_list;
DOM_SID owner_sid, group_sid;
- SEC_ACCESS mask;
SEC_ACL *psa = NULL;
int good_aces;
size_t sd_size;
@@ -616,7 +615,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
good_aces = 0;
while (afs_ace != NULL) {
- uint32 nt_rights;
+ uint32_t nt_rights;
uint8 flag = SEC_ACE_FLAG_OBJECT_INHERIT |
SEC_ACE_FLAG_CONTAINER_INHERIT;
@@ -633,9 +632,8 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
else
nt_rights = afs_to_nt_file_rights(afs_ace->rights);
- init_sec_access(&mask, nt_rights);
init_sec_ace(&nt_ace_list[good_aces++], &(afs_ace->sid),
- SEC_ACE_TYPE_ACCESS_ALLOWED, mask, flag);
+ SEC_ACE_TYPE_ACCESS_ALLOWED, nt_rights, flag);
afs_ace = afs_ace->next;
}
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 19c44d1bbb..850375e82b 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -5493,7 +5493,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
{
SEC_ACE ace[5]; /* max number of ace entries */
int i = 0;
- SEC_ACCESS sa;
+ uint32_t sa;
SEC_ACL *psa = NULL;
SEC_DESC_BUF *sdb = NULL;
SEC_DESC *psd = NULL;
@@ -5502,7 +5502,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
/* Create an ACE where Everyone is allowed to print */
- init_sec_access(&sa, PRINTER_ACE_PRINT);
+ sa = PRINTER_ACE_PRINT;
init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
@@ -5514,7 +5514,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
sid_copy(&domadmins_sid, get_global_sam_sid());
sid_append_rid(&domadmins_sid, DOMAIN_GROUP_RID_ADMINS);
- init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+ sa = PRINTER_ACE_FULL_CONTROL;
init_sec_ace(&ace[i++], &domadmins_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
@@ -5524,7 +5524,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) {
sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN);
- init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+ sa = PRINTER_ACE_FULL_CONTROL;
init_sec_ace(&ace[i++], &adm_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
@@ -5534,7 +5534,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
/* add BUILTIN\Administrators as FULL CONTROL */
- init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+ sa = PRINTER_ACE_FULL_CONTROL;
init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
diff --git a/source3/registry/reg_dispatcher.c b/source3/registry/reg_dispatcher.c
index c68ecdedeb..d06410a1b3 100644
--- a/source3/registry/reg_dispatcher.c
+++ b/source3/registry/reg_dispatcher.c
@@ -37,7 +37,6 @@ static const struct generic_mapping reg_generic_map =
static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
{
SEC_ACE ace[3];
- SEC_ACCESS mask;
size_t i = 0;
SEC_DESC *sd;
SEC_ACL *acl;
@@ -45,21 +44,18 @@ static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
/* basic access for Everyone */
- init_sec_access(&mask, REG_KEY_READ);
init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
- mask, 0);
+ REG_KEY_READ, 0);
/* Full Access 'BUILTIN\Administrators' */
- init_sec_access(&mask, REG_KEY_ALL);
init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
- SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
/* Full Access 'NT Authority\System' */
- init_sec_access(&mask, REG_KEY_ALL );
init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
- mask, 0);
+ REG_KEY_ALL, 0);
/* create the security descriptor */
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 94517f3478..0e9d121242 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -290,22 +290,18 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
DOM_SID adm_sid;
SEC_ACE ace[3];
- SEC_ACCESS mask;
SEC_ACL *psa = NULL;
- init_sec_access(&mask, LSA_POLICY_EXECUTE);
- init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_EXECUTE, 0);
sid_copy(&adm_sid, get_global_sam_sid());
sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
- init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
- init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_ALL_ACCESS, 0);
sid_copy(&local_adm_sid, &global_sid_Builtin);
sid_append_rid(&local_adm_sid, BUILTIN_ALIAS_RID_ADMINS);
- init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
- init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_ALL_ACCESS, 0);
if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 1b1e98c049..6455f02374 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -113,36 +113,35 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
{
DOM_SID domadmin_sid;
SEC_ACE ace[5]; /* at most 5 entries */
- SEC_ACCESS mask;
size_t i = 0;
SEC_ACL *psa = NULL;
/* basic access for Everyone */
- init_sec_access(&mask, map->generic_execute | map->generic_read );
- init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ map->generic_execute | map->generic_read, 0);
/* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
- init_sec_access(&mask, map->generic_all);
-
- init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
- init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
/* Add Full Access for Domain Admins if we are a DC */
if ( IS_DC ) {
sid_copy( &domadmin_sid, get_global_sam_sid() );
sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
- init_sec_ace(&ace[i++], &domadmin_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &domadmin_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
}
/* if we have a sid, give it some special access */
if ( sid ) {
- init_sec_access( &mask, sid_access );
- init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0);
}
/* create the security descriptor */
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 6bb538a311..a57d0ff4a4 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -140,7 +140,6 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
{
SEC_ACE ace[2];
- SEC_ACCESS mask;
size_t i = 0;
SEC_DESC *sd;
SEC_ACL *acl;
@@ -148,13 +147,13 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
/* basic access for Everyone */
- init_sec_access(&mask, SC_MANAGER_READ_ACCESS );
- init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_World,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0);
/* Full Access 'BUILTIN\Administrators' */
- init_sec_access(&mask,SC_MANAGER_ALL_ACCESS );
- init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0);
/* create the security descriptor */
diff --git a/source3/services/services_db.c b/source3/services/services_db.c
index 8f58c2dbfa..0f5264bcd8 100644
--- a/source3/services/services_db.c
+++ b/source3/services/services_db.c
@@ -89,7 +89,6 @@ struct service_display_info common_unix_svcs[] = {
static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx )
{
SEC_ACE ace[4];
- SEC_ACCESS mask;
size_t i = 0;
SEC_DESC *sd = NULL;
SEC_ACL *acl = NULL;
@@ -97,15 +96,16 @@ static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx )
/* basic access for Everyone */
- init_sec_access(&mask, SERVICE_READ_ACCESS );
- init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_World,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0);
- init_sec_access(&mask,SERVICE_EXECUTE_ACCESS );
- init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0);
- init_sec_access(&mask,SERVICE_ALL_ACCESS );
- init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
- init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0);
/* create the security descriptor */
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index da17e53b2c..4e35e9deaa 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -890,13 +890,12 @@ static bool nt4_compatible_acls(void)
not get. Deny entries are implicit on get with ace->perms = 0.
****************************************************************************/
-static SEC_ACCESS map_canon_ace_perms(int snum,
+static uint32_t map_canon_ace_perms(int snum,
enum security_ace_type *pacl_type,
mode_t perms,
bool directory_ace)
{
- SEC_ACCESS sa;
- uint32 nt_mask = 0;
+ uint32_t nt_mask = 0;
*pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
@@ -935,8 +934,7 @@ static SEC_ACCESS map_canon_ace_perms(int snum,
DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
(unsigned int)perms, (unsigned int)nt_mask ));
- init_sec_access(&sa,nt_mask);
- return sa;
+ return nt_mask;
}
/****************************************************************************
@@ -2962,9 +2960,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
*/
for (ace = file_ace; ace != NULL; ace = ace->next) {
- SEC_ACCESS acc;
-
- acc = map_canon_ace_perms(SNUM(conn),
+ uint32_t acc = map_canon_ace_perms(SNUM(conn),
&nt_acl_type,
ace->perms,
S_ISDIR(sbuf->st_mode));
@@ -2979,19 +2975,14 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
/* The User must have access to a profile share - even
* if we can't map the SID. */
if (lp_profile_acls(SNUM(conn))) {
- SEC_ACCESS acc;
-
- init_sec_access(&acc,FILE_GENERIC_ALL);
init_sec_ace(&nt_ace_list[num_aces++],
&global_sid_Builtin_Users,
SEC_ACE_TYPE_ACCESS_ALLOWED,
- acc, 0);
+ FILE_GENERIC_ALL, 0);
}
for (ace = dir_ace; ace != NULL; ace = ace->next) {
- SEC_ACCESS acc;
-
- acc = map_canon_ace_perms(SNUM(conn),
+ uint32_t acc = map_canon_ace_perms(SNUM(conn),
&nt_acl_type,
ace->perms,
S_ISDIR(sbuf->st_mode));
@@ -3009,10 +3000,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
/* The User must have access to a profile share - even
* if we can't map the SID. */
if (lp_profile_acls(SNUM(conn))) {
- SEC_ACCESS acc;
-
- init_sec_access(&acc,FILE_GENERIC_ALL);
- init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, acc,
+ init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_ALL,
SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
SEC_ACE_FLAG_INHERIT_ONLY|0);
}
diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c
index 46f9ecdc7d..3ad949a6d3 100644
--- a/source3/utils/sharesec.c
+++ b/source3/utils/sharesec.c
@@ -153,7 +153,7 @@ static bool parse_ace(SEC_ACE *ace, const char *orig_str)
unsigned int aflags = 0;
unsigned int amask = 0;
DOM_SID sid;
- SEC_ACCESS mask;
+ uint32_t mask;
const struct perm_value *v;
char *str = SMB_STRDUP(orig_str);
TALLOC_CTX *frame = talloc_stackframe();
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index d488ce2187..eda8732c89 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -275,7 +275,7 @@ static bool parse_ace(struct cli_state *cli, SEC_ACE *ace,
unsigned int aflags = 0;
unsigned int amask = 0;
DOM_SID sid;
- SEC_ACCESS mask;
+ uint32_t mask;
const struct perm_value *v;
char *str = SMB_STRDUP(orig_str);
TALLOC_CTX *frame = talloc_stackframe();