diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-05-30 13:23:56 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-05-31 00:32:07 +0200 |
commit | 381423b1bdba4c7d1931b162d872134c42e432cf (patch) | |
tree | 4105e5635e42347c8065fd6f13d98f06d6e1e043 | |
parent | e5dd03d1991f125fa3cfddac9a41d2f9e6391c42 (diff) | |
download | samba-381423b1bdba4c7d1931b162d872134c42e432cf.tar.gz samba-381423b1bdba4c7d1931b162d872134c42e432cf.tar.bz2 samba-381423b1bdba4c7d1931b162d872134c42e432cf.zip |
libcli/security: move secdesc.c to the top level libcli/security
This code does not rely on lp_ or other source3 only functions, so can
be part of the common library.
Andrew Bartlett
-rw-r--r-- | libcli/security/secdesc.c (renamed from source3/lib/secdesc.c) | 93 | ||||
-rw-r--r-- | libcli/security/secdesc.h | 102 | ||||
-rw-r--r-- | libcli/security/security.h | 1 | ||||
-rw-r--r-- | libcli/security/wscript_build | 2 | ||||
-rw-r--r-- | source3/Makefile.in | 2 | ||||
-rw-r--r-- | source3/include/proto.h | 41 | ||||
-rw-r--r-- | source3/libsmb/clisecdesc.c | 1 | ||||
-rw-r--r-- | source3/registry/reg_backend_db.c | 1 | ||||
-rw-r--r-- | source3/registry/regfio.c | 1 | ||||
-rw-r--r-- | source3/rpc_server/winreg/srv_winreg_nt.c | 1 | ||||
-rwxr-xr-x | source3/wscript_build | 1 |
11 files changed, 159 insertions, 87 deletions
diff --git a/source3/lib/secdesc.c b/libcli/security/secdesc.c index 001eccb576..5d75f073f4 100644 --- a/source3/lib/secdesc.c +++ b/libcli/security/secdesc.c @@ -1,28 +1,28 @@ -/* +/* * Unix SMB/Netbios implementation. * SEC_DESC handling functions * Copyright (C) Andrew Tridgell 1992-1998, * Copyright (C) Jeremy R. Allison 1995-2003. * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, * Copyright (C) Paul Ashton 1997-1998. - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" -#include "../librpc/gen_ndr/ndr_security.h" -#include "../libcli/security/security.h" +#include "librpc/gen_ndr/ndr_security.h" +#include "libcli/security/security.h" #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\ SECINFO_DACL|SECINFO_SACL|\ @@ -68,7 +68,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd) /******************************************************************* - Merge part of security descriptor old_sec in to the empty sections of + Merge part of security descriptor old_sec in to the empty sections of security descriptor new_sec. ********************************************************************/ @@ -78,7 +78,7 @@ struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *ne struct sec_desc_buf *return_sdb; struct security_acl *dacl, *sacl; struct security_descriptor *psd = NULL; - uint16 secdesc_type; + uint16_t secdesc_type; size_t secdesc_size; /* Copy over owner and group sids. There seems to be no flag for @@ -89,11 +89,11 @@ struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *ne group_sid = new_sdb->sd->group_sid ? new_sdb->sd->group_sid : old_sdb->sd->group_sid; - + secdesc_type = new_sdb->sd->type; /* Ignore changes to the system ACL. This has the effect of making - changes through the security tab audit button not sticking. + changes through the security tab audit button not sticking. Perhaps in future Samba could implement these settings somehow. */ sacl = NULL; @@ -122,7 +122,7 @@ struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_desc struct dom_sid *owner_sid, *group_sid; struct security_acl *dacl, *sacl; struct security_descriptor *psd = NULL; - uint16 secdesc_type; + uint16_t secdesc_type; size_t secdesc_size; /* Copy over owner and group sids. There seems to be no flag for @@ -162,20 +162,20 @@ struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_desc Creates a struct security_descriptor structure ********************************************************************/ -#define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32)) +#define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16_t) + 4 * sizeof(uint32_t)) struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx, enum security_descriptor_revision revision, - uint16 type, + uint16_t type, const struct dom_sid *owner_sid, const struct dom_sid *grp_sid, struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size) { struct security_descriptor *dst; - uint32 offset = 0; + uint32_t offset = 0; *sd_size = 0; - if(( dst = TALLOC_ZERO_P(ctx, struct security_descriptor)) == NULL) + if(( dst = talloc_zero(ctx, struct security_descriptor)) == NULL) return NULL; dst->revision = revision; @@ -254,7 +254,7 @@ struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_ ********************************************************************/ NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx, struct security_descriptor *secdesc, - uint8 **data, size_t *len) + uint8_t **data, size_t *len) { DATA_BLOB blob; enum ndr_err_code ndr_err; @@ -303,7 +303,7 @@ NTSTATUS marshall_sec_desc_buf(TALLOC_CTX *mem_ctx, /******************************************************************* Parse a byte stream into a secdesc ********************************************************************/ -NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len, +NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len, struct security_descriptor **psecdesc) { DATA_BLOB blob; @@ -314,7 +314,7 @@ NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len, return NT_STATUS_INVALID_PARAMETER; } - result = TALLOC_ZERO_P(mem_ctx, struct security_descriptor); + result = talloc_zero(mem_ctx, struct security_descriptor); if (result == NULL) { return NT_STATUS_NO_MEMORY; } @@ -350,7 +350,7 @@ NTSTATUS unmarshall_sec_desc_buf(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len, return NT_STATUS_INVALID_PARAMETER; } - result = TALLOC_ZERO_P(mem_ctx, struct sec_desc_buf); + result = talloc_zero(mem_ctx, struct sec_desc_buf); if (result == NULL) { return NT_STATUS_NO_MEMORY; } @@ -391,12 +391,12 @@ struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct secur { struct sec_desc_buf *dst; - if((dst = TALLOC_ZERO_P(ctx, struct sec_desc_buf)) == NULL) + if((dst = talloc_zero(ctx, struct sec_desc_buf)) == NULL) return NULL; /* max buffer size (allocated size) */ - dst->sd_size = (uint32)len; - + dst->sd_size = (uint32_t)len; + if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) { return NULL; } @@ -420,7 +420,7 @@ struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src) Add a new SID with its permissions to struct security_descriptor. ********************************************************************/ -NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32 mask, size_t *sd_size) +NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32_t mask, size_t *sd_size) { struct security_descriptor *sd = 0; struct security_acl *dacl = 0; @@ -433,14 +433,14 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, con *sd_size = 0; status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask); - + if (!NT_STATUS_IS_OK(status)) return status; if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) return NT_STATUS_UNSUCCESSFUL; - - if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, + + if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, psd[0]->group_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; @@ -453,7 +453,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, con Modify a SID's permissions in a struct security_descriptor. ********************************************************************/ -NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32 mask) +NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32_t mask) { NTSTATUS status; @@ -464,7 +464,7 @@ NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, u if (!NT_STATUS_IS_OK(status)) return status; - + return NT_STATUS_OK; } @@ -483,7 +483,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, str return NT_STATUS_INVALID_PARAMETER; *sd_size = 0; - + status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid); if (!NT_STATUS_IS_OK(status)) @@ -491,8 +491,8 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, str if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) return NT_STATUS_UNSUCCESSFUL; - - if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, + + if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, psd[0]->group_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; @@ -560,6 +560,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, struct security_ace *new_ace_list = NULL; unsigned int new_ace_list_ndx = 0, i; + TALLOC_CTX *frame; + *ppsd = NULL; *psize = 0; @@ -574,20 +576,22 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, return NT_STATUS_NO_MEMORY; } - if (!(new_ace_list = TALLOC_ARRAY(ctx, struct security_ace, - 2*the_acl->num_aces))) { + if (!(new_ace_list = talloc_array(ctx, struct security_ace, + 2*the_acl->num_aces))) { return NT_STATUS_NO_MEMORY; } } else { new_ace_list = NULL; } + frame = talloc_stackframe(); + for (i = 0; i < the_acl->num_aces; i++) { const struct security_ace *ace = &the_acl->aces[i]; struct security_ace *new_ace = &new_ace_list[new_ace_list_ndx]; const struct dom_sid *ptrustee = &ace->trustee; const struct dom_sid *creator = NULL; - uint8 new_flags = ace->flags; + uint8_t new_flags = ace->flags; if (!is_inheritable_ace(ace, container)) { continue; @@ -621,15 +625,15 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, /* First add the regular ACE entry. */ init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, 0); + ace->access_mask, 0); DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x" - " inherited as %s:%d/0x%02x/0x%08x\n", - sid_string_dbg(&ace->trustee), - ace->type, ace->flags, ace->access_mask, - sid_string_dbg(&new_ace->trustee), - new_ace->type, new_ace->flags, - new_ace->access_mask)); + " inherited as %s:%d/0x%02x/0x%08x\n", + dom_sid_string(frame, &ace->trustee), + ace->type, ace->flags, ace->access_mask, + dom_sid_string(frame, &new_ace->trustee), + new_ace->type, new_ace->flags, + new_ace->access_mask)); new_ace_list_ndx++; @@ -638,6 +642,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, ptrustee = creator; new_flags |= SEC_ACE_FLAG_INHERIT_ONLY; + } else if (container && !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { ptrustee = &ace->trustee; @@ -648,15 +653,17 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", - sid_string_dbg(&ace->trustee), + dom_sid_string(frame, &ace->trustee), ace->type, ace->flags, ace->access_mask, - sid_string_dbg(&ace->trustee), + dom_sid_string(frame, &ace->trustee), new_ace->type, new_ace->flags, new_ace->access_mask)); new_ace_list_ndx++; } + talloc_free(frame); + /* Create child security descriptor to return */ if (new_ace_list_ndx) { new_dacl = make_sec_acl(ctx, diff --git a/libcli/security/secdesc.h b/libcli/security/secdesc.h new file mode 100644 index 0000000000..eae8100fc6 --- /dev/null +++ b/libcli/security/secdesc.h @@ -0,0 +1,102 @@ +#ifndef _SECDESC_H_ +#define _SECDESC_H_ + +/* The following definitions come from libcli/security/secdesc.c */ +#include "librpc/gen_ndr/security.h" + +/******************************************************************* + Given a security_descriptor return the sec_info. +********************************************************************/ +uint32_t get_sec_info(const struct security_descriptor *sd); + +/******************************************************************* + Merge part of security descriptor old_sec in to the empty sections of + security descriptor new_sec. +********************************************************************/ +struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *new_sdb, struct sec_desc_buf *old_sdb); +struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_descriptor *new_sdb, struct security_descriptor *old_sdb); + +/******************************************************************* + Creates a struct security_descriptor structure +********************************************************************/ +struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx, + enum security_descriptor_revision revision, + uint16_t type, + const struct dom_sid *owner_sid, const struct dom_sid *grp_sid, + struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size); + +/******************************************************************* + Duplicate a struct security_descriptor structure. +********************************************************************/ +struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_descriptor *src); + +/******************************************************************* + Convert a secdesc into a byte stream +********************************************************************/ +NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx, + struct security_descriptor *secdesc, + uint8_t **data, size_t *len); + +/******************************************************************* + Convert a secdesc_buf into a byte stream +********************************************************************/ +NTSTATUS marshall_sec_desc_buf(TALLOC_CTX *mem_ctx, + struct sec_desc_buf *secdesc_buf, + uint8_t **data, size_t *len); + +/******************************************************************* + Parse a byte stream into a secdesc +********************************************************************/ +NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len, + struct security_descriptor **psecdesc); + +/******************************************************************* + Parse a byte stream into a sec_desc_buf +********************************************************************/ +NTSTATUS unmarshall_sec_desc_buf(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len, + struct sec_desc_buf **psecdesc_buf); + +/******************************************************************* + Creates a struct security_descriptor structure with typical defaults. +********************************************************************/ +struct security_descriptor *make_standard_sec_desc(TALLOC_CTX *ctx, const struct dom_sid *owner_sid, const struct dom_sid *grp_sid, + struct security_acl *dacl, size_t *sd_size); + +/******************************************************************* + Creates a struct sec_desc_buf structure. +********************************************************************/ +struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct security_descriptor *sec_desc); + +/******************************************************************* + Duplicates a struct sec_desc_buf structure. +********************************************************************/ +struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src); + +/******************************************************************* + Add a new SID with its permissions to struct security_descriptor. +********************************************************************/ +NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32_t mask, size_t *sd_size); + +/******************************************************************* + Modify a SID's permissions in a struct security_descriptor. +********************************************************************/ +NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32_t mask); + +/******************************************************************* + Delete a SID from a struct security_descriptor. +********************************************************************/ +NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, struct dom_sid *sid, size_t *sd_size); +bool sd_has_inheritable_components(const struct security_descriptor *parent_ctr, bool container); +NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, + struct security_descriptor **ppsd, + size_t *psize, + const struct security_descriptor *parent_ctr, + const struct dom_sid *owner_sid, + const struct dom_sid *group_sid, + bool container); +NTSTATUS se_create_child_secdesc_buf(TALLOC_CTX *ctx, + struct sec_desc_buf **ppsdb, + const struct security_descriptor *parent_ctr, + bool container); + +#endif /* _SECDESC_H_ */ diff --git a/libcli/security/security.h b/libcli/security/security.h index 1a9f4fa386..659d34157b 100644 --- a/libcli/security/security.h +++ b/libcli/security/security.h @@ -100,6 +100,7 @@ struct object_tree { #include "libcli/security/dom_sid.h" #include "libcli/security/secace.h" #include "libcli/security/secacl.h" +#include "libcli/security/secdesc.h" #include "libcli/security/security_descriptor.h" #include "libcli/security/security_token.h" #include "libcli/security/sddl.h" diff --git a/libcli/security/wscript_build b/libcli/security/wscript_build index 3f2e06a908..940ee700f2 100644 --- a/libcli/security/wscript_build +++ b/libcli/security/wscript_build @@ -2,7 +2,7 @@ bld.SAMBA_LIBRARY('security', - source='dom_sid.c display_sec.c secace.c secacl.c security_descriptor.c sddl.c privileges.c security_token.c access_check.c object_tree.c create_descriptor.c util_sid.c session.c', + source='dom_sid.c display_sec.c secace.c secacl.c security_descriptor.c sddl.c privileges.c security_token.c access_check.c object_tree.c create_descriptor.c util_sid.c session.c secdesc.c', private_library=True, deps='talloc ndr NDR_SECURITY' ) diff --git a/source3/Makefile.in b/source3/Makefile.in index ab59ad0104..822ffc509f 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -474,7 +474,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \ lib/module.o lib/events.o @LIBTEVENT_OBJ0@ \ lib/server_contexts.o \ lib/ldap_escape.o @CHARSET_STATIC@ \ - lib/secdesc.o ../libcli/security/access_check.o \ + ../libcli/security/secdesc.o ../libcli/security/access_check.o \ ../libcli/security/secace.o ../libcli/security/object_tree.o \ ../libcli/security/sddl.o \ ../libcli/security/secacl.o @PTHREADPOOL_OBJ@ \ diff --git a/source3/include/proto.h b/source3/include/proto.h index 8cd3ec2ea8..ba9497e6ca 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -236,47 +236,6 @@ ssize_t sys_recvfile(int fromfd, size_t count); ssize_t drain_socket(int sockfd, size_t count); -/* The following definitions come from lib/secdesc.c */ - -uint32_t get_sec_info(const struct security_descriptor *sd); -struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_descriptor *new_sdb, struct security_descriptor *old_sdb); -struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *new_sdb, struct sec_desc_buf *old_sdb); -struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx, - enum security_descriptor_revision revision, - uint16 type, - const struct dom_sid *owner_sid, const struct dom_sid *grp_sid, - struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size); -struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_descriptor *src); -NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx, - struct security_descriptor *secdesc, - uint8 **data, size_t *len); -NTSTATUS marshall_sec_desc_buf(TALLOC_CTX *mem_ctx, - struct sec_desc_buf *secdesc_buf, - uint8_t **data, size_t *len); -NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len, - struct security_descriptor **psecdesc); -NTSTATUS unmarshall_sec_desc_buf(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len, - struct sec_desc_buf **psecdesc_buf); -struct security_descriptor *make_standard_sec_desc(TALLOC_CTX *ctx, const struct dom_sid *owner_sid, const struct dom_sid *grp_sid, - struct security_acl *dacl, size_t *sd_size); -struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct security_descriptor *sec_desc); -struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src); -NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32 mask, size_t *sd_size); -NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32 mask); -NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, struct dom_sid *sid, size_t *sd_size); -bool sd_has_inheritable_components(const struct security_descriptor *parent_ctr, bool container); -NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, - struct security_descriptor **ppsd, - size_t *psize, - const struct security_descriptor *parent_ctr, - const struct dom_sid *owner_sid, - const struct dom_sid *group_sid, - bool container); -NTSTATUS se_create_child_secdesc_buf(TALLOC_CTX *ctx, - struct sec_desc_buf **ppsdb, - const struct security_descriptor *parent_ctr, - bool container); - /* The following definitions come from lib/sendfile.c */ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, SMB_OFF_T offset, size_t count); diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c index c998c70826..d703b1f774 100644 --- a/source3/libsmb/clisecdesc.c +++ b/source3/libsmb/clisecdesc.c @@ -19,6 +19,7 @@ #include "includes.h" #include "libsmb/libsmb.h" +#include "../libcli/security/secdesc.h" /**************************************************************************** query the security descriptor for a open file diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index 1db745d962..566ab0bc6b 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -30,6 +30,7 @@ #include "nt_printing.h" #include "util_tdb.h" #include "dbwrap.h" +#include "../libcli/security/secdesc.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_REGISTRY diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c index c4d2a6d4d3..8715ab5673 100644 --- a/source3/registry/regfio.c +++ b/source3/registry/regfio.c @@ -22,6 +22,7 @@ #include "regfio.h" #include "../librpc/gen_ndr/ndr_security.h" #include "../libcli/security/security_descriptor.h" +#include "../libcli/security/secdesc.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_REGISTRY diff --git a/source3/rpc_server/winreg/srv_winreg_nt.c b/source3/rpc_server/winreg/srv_winreg_nt.c index 1b3cab8844..6f319e9905 100644 --- a/source3/rpc_server/winreg/srv_winreg_nt.c +++ b/source3/rpc_server/winreg/srv_winreg_nt.c @@ -30,6 +30,7 @@ #include "rpc_misc.h" #include "auth.h" #include "lib/privileges.h" +#include "libcli/security/secdesc.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV diff --git a/source3/wscript_build b/source3/wscript_build index cbb94797f0..543aef7158 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -87,7 +87,6 @@ LIB_SRC = ''' lib/module.c lib/events.c lib/server_contexts.c lib/ldap_escape.c - lib/secdesc.c lib/fncall.c libads/krb5_errs.c lib/system_smbd.c lib/audit.c lib/file_id.c lib/idmap_cache.c''' |