diff options
| author | Andreas Schneider <asn@samba.org> | 2010-04-26 17:38:56 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2010-05-04 19:37:39 +0200 |
| commit | 6683b0d4b6908e54af501701bd20a12990e3e77f (patch) | |
| tree | ede58e0b757a8d517e89c0d785fdf2fcdc994fe1 /source3/lib/secdesc.c | |
| parent | efb1aea909fc088cc08b6d892d7dd1031fb79fdf (diff) | |
| download | samba-6683b0d4b6908e54af501701bd20a12990e3e77f.tar.gz samba-6683b0d4b6908e54af501701bd20a12990e3e77f.tar.bz2 samba-6683b0d4b6908e54af501701bd20a12990e3e77f.zip | |
s3-lib: Create a sec_desc_merge and sec_desc_merge_buf function.
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/lib/secdesc.c')
| -rw-r--r-- | source3/lib/secdesc.c | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index d45be00212..f5a0039ec7 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -63,7 +63,7 @@ uint32_t get_sec_info(const SEC_DESC *sd) security descriptor new_sec. ********************************************************************/ -SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb) +SEC_DESC_BUF *sec_desc_merge_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb) { DOM_SID *owner_sid, *group_sid; SEC_DESC_BUF *return_sdb; @@ -108,6 +108,47 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU return(return_sdb); } +SEC_DESC *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC *new_sdb, SEC_DESC *old_sdb) +{ + DOM_SID *owner_sid, *group_sid; + SEC_ACL *dacl, *sacl; + SEC_DESC *psd = NULL; + uint16 secdesc_type; + size_t secdesc_size; + + /* Copy over owner and group sids. There seems to be no flag for + this so just check the pointer values. */ + + owner_sid = new_sdb->owner_sid ? new_sdb->owner_sid : + old_sdb->owner_sid; + + group_sid = new_sdb->group_sid ? new_sdb->group_sid : + old_sdb->group_sid; + + secdesc_type = new_sdb->type; + + /* Ignore changes to the system ACL. This has the effect of making + changes through the security tab audit button not sticking. + Perhaps in future Samba could implement these settings somehow. */ + + sacl = NULL; + secdesc_type &= ~SEC_DESC_SACL_PRESENT; + + /* Copy across discretionary ACL */ + + if (secdesc_type & SEC_DESC_DACL_PRESENT) { + dacl = new_sdb->dacl; + } else { + dacl = old_sdb->dacl; + } + + /* Create new security descriptor from bits */ + psd = make_sec_desc(ctx, new_sdb->revision, secdesc_type, + owner_sid, group_sid, sacl, dacl, &secdesc_size); + + return psd; +} + /******************************************************************* Creates a SEC_DESC structure ********************************************************************/ |