r18745: Use the Samba4 data structures for security descriptors and security descriptor

buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
author: Jelmer Vernooij <jelmer@samba.org> 2006-09-20 22:23:12 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:00:54 -0500
commit: 4db7642caa99c1b054322a8971c4b673556487ce (patch)
tree: 4ca6f040d613bc8127f43cd30a2bc12d3192471b /source3/smbd/posix_acls.c
parent: 3ef4b8cf2f4a52c08b71fa8cac1ce4e8409c160b (diff)
download: samba-4db7642caa99c1b054322a8971c4b673556487ce.tar.gz
samba-4db7642caa99c1b054322a8971c4b673556487ce.tar.bz2
samba-4db7642caa99c1b054322a8971c4b673556487ce.zip
1 files changed, 27 insertions, 27 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 18ef187f38..3b38b91547 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -860,36 +860,36 @@ static SEC_ACCESS map_canon_ace_perms(int snum, int *pacl_type, DOM_SID *powner_
 #define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES)
 #define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
 
-static mode_t map_nt_perms( SEC_ACCESS sec_access, int type)
+static mode_t map_nt_perms( uint32 *mask, int type)
 {
 	mode_t mode = 0;
 
 	switch(type) {
 	case S_IRUSR:
-		if(sec_access.mask & GENERIC_ALL_ACCESS)
+		if((*mask) & GENERIC_ALL_ACCESS)
 			mode = S_IRUSR|S_IWUSR|S_IXUSR;
 		else {
-			mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
-			mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
-			mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
+			mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
+			mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
+			mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
 		}
 		break;
 	case S_IRGRP:
-		if(sec_access.mask & GENERIC_ALL_ACCESS)
+		if((*mask) & GENERIC_ALL_ACCESS)
 			mode = S_IRGRP|S_IWGRP|S_IXGRP;
 		else {
-			mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
-			mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
-			mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
+			mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
+			mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
+			mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
 		}
 		break;
 	case S_IROTH:
-		if(sec_access.mask & GENERIC_ALL_ACCESS)
+		if((*mask) & GENERIC_ALL_ACCESS)
 			mode = S_IROTH|S_IWOTH|S_IXOTH;
 		else {
-			mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
-			mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
-			mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
+			mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
+			mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
+			mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
 		}
 		break;
 	}
@@ -950,7 +950,7 @@ BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_
 	 */
 
 	if (security_info_sent & GROUP_SECURITY_INFORMATION) {
-		sid_copy(&grp_sid, psd->grp_sid);
+		sid_copy(&grp_sid, psd->group_sid);
 		if (!sid_to_gid( &grp_sid, pgrp)) {
 			if (lp_force_unknown_acl_user(snum)) {
 				/* this allows take group ownership to work
@@ -1254,7 +1254,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 	 */
 
 	for(i = 0; i < dacl->num_aces; i++) {
-		SEC_ACE *psa = &dacl->ace[i];
+		SEC_ACE *psa = &dacl->aces[i];
 
 		if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
 			DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
@@ -1273,12 +1273,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 			 * Convert GENERIC bits to specific bits.
 			 */
  
-			se_map_generic(&psa->info.mask, &file_generic_mapping);
+			se_map_generic(&psa->access_mask, &file_generic_mapping);
 
-			psa->info.mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
+			psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
 
-			if(psa->info.mask != UNIX_ACCESS_NONE)
-				psa->info.mask &= ~UNIX_ACCESS_NONE;
+			if(psa->access_mask != UNIX_ACCESS_NONE)
+				psa->access_mask &= ~UNIX_ACCESS_NONE;
 		}
 	}
 
@@ -1291,12 +1291,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 	 */
 
 	for(i = 0; i < dacl->num_aces; i++) {
-		SEC_ACE *psa1 = &dacl->ace[i];
+		SEC_ACE *psa1 = &dacl->aces[i];
 
 		for (j = i + 1; j < dacl->num_aces; j++) {
-			SEC_ACE *psa2 = &dacl->ace[j];
+			SEC_ACE *psa2 = &dacl->aces[j];
 
-			if (psa1->info.mask != psa2->info.mask)
+			if (psa1->access_mask != psa2->access_mask)
 				continue;
 
 			if (!sid_equal(&psa1->trustee, &psa2->trustee))
@@ -1322,7 +1322,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 	}
 
 	for(i = 0; i < dacl->num_aces; i++) {
-		SEC_ACE *psa = &dacl->ace[i];
+		SEC_ACE *psa = &dacl->aces[i];
 
 		/*
 		 * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
@@ -1408,7 +1408,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 		 * S_I(R|W|X)USR bits.
 		 */
 
-		current_ace->perms |= map_nt_perms( psa->info, S_IRUSR);
+		current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR);
 		current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
 		current_ace->inherited = ((psa->flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False);
 
@@ -2641,7 +2641,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
 			/* We know the lower number ACE's are file entries. */
 			if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
 				(nt_ace_list[i].size == nt_ace_list[j].size) &&
-				(nt_ace_list[i].info.mask == nt_ace_list[j].info.mask) &&
+				(nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
 				sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
 				(i_inh == j_inh) &&
 				(i_flags_ni == 0) &&
@@ -2654,7 +2654,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
 				 * the non-inherited ACE onto the inherited ACE.
 				 */
 
-				if (nt_ace_list[i].info.mask == 0) {
+				if (nt_ace_list[i].access_mask == 0) {
 					nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
 								(i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
 					if (num_aces - i - 1 > 0)
@@ -2954,7 +2954,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
 	}
 
 	if (psd->dacl) {
-		dacl_sort_into_canonical_order(psd->dacl->ace, (unsigned int)psd->dacl->num_aces);
+		dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces);
 	}
 
 	*ppdesc = psd;
author	Jelmer Vernooij <jelmer@samba.org>	2006-09-20 22:23:12 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:00:54 -0500
commit	4db7642caa99c1b054322a8971c4b673556487ce (patch)
tree	4ca6f040d613bc8127f43cd30a2bc12d3192471b /source3/smbd/posix_acls.c
parent	3ef4b8cf2f4a52c08b71fa8cac1ce4e8409c160b (diff)
download	samba-4db7642caa99c1b054322a8971c4b673556487ce.tar.gz samba-4db7642caa99c1b054322a8971c4b673556487ce.tar.bz2 samba-4db7642caa99c1b054322a8971c4b673556487ce.zip