summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2006-09-20 22:23:12 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:00:54 -0500
commit4db7642caa99c1b054322a8971c4b673556487ce (patch)
tree4ca6f040d613bc8127f43cd30a2bc12d3192471b /source3/smbd
parent3ef4b8cf2f4a52c08b71fa8cac1ce4e8409c160b (diff)
downloadsamba-4db7642caa99c1b054322a8971c4b673556487ce.tar.gz
samba-4db7642caa99c1b054322a8971c4b673556487ce.tar.bz2
samba-4db7642caa99c1b054322a8971c4b673556487ce.zip
r18745: Use the Samba4 data structures for security descriptors and security descriptor
buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/nttrans.c8
-rw-r--r--source3/smbd/posix_acls.c54
2 files changed, 31 insertions, 31 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index c5e48a6324..9cebd21d7d 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1009,16 +1009,16 @@ static NTSTATUS set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 secu
return NT_STATUS_NO_MEMORY;
}
- if (psd->off_owner_sid==0) {
+ if (psd->owner_sid==0) {
security_info_sent &= ~OWNER_SECURITY_INFORMATION;
}
- if (psd->off_grp_sid==0) {
+ if (psd->group_sid==0) {
security_info_sent &= ~GROUP_SECURITY_INFORMATION;
}
- if (psd->off_sacl==0) {
+ if (psd->sacl==0) {
security_info_sent &= ~SACL_SECURITY_INFORMATION;
}
- if (psd->off_dacl==0) {
+ if (psd->dacl==0) {
security_info_sent &= ~DACL_SECURITY_INFORMATION;
}
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 18ef187f38..3b38b91547 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -860,36 +860,36 @@ static SEC_ACCESS map_canon_ace_perms(int snum, int *pacl_type, DOM_SID *powner_
#define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES)
#define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
-static mode_t map_nt_perms( SEC_ACCESS sec_access, int type)
+static mode_t map_nt_perms( uint32 *mask, int type)
{
mode_t mode = 0;
switch(type) {
case S_IRUSR:
- if(sec_access.mask & GENERIC_ALL_ACCESS)
+ if((*mask) & GENERIC_ALL_ACCESS)
mode = S_IRUSR|S_IWUSR|S_IXUSR;
else {
- mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
- mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
- mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
+ mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
+ mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
+ mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
}
break;
case S_IRGRP:
- if(sec_access.mask & GENERIC_ALL_ACCESS)
+ if((*mask) & GENERIC_ALL_ACCESS)
mode = S_IRGRP|S_IWGRP|S_IXGRP;
else {
- mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
- mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
- mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
+ mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
+ mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
+ mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
}
break;
case S_IROTH:
- if(sec_access.mask & GENERIC_ALL_ACCESS)
+ if((*mask) & GENERIC_ALL_ACCESS)
mode = S_IROTH|S_IWOTH|S_IXOTH;
else {
- mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
- mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
- mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
+ mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
+ mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
+ mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
}
break;
}
@@ -950,7 +950,7 @@ BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_
*/
if (security_info_sent & GROUP_SECURITY_INFORMATION) {
- sid_copy(&grp_sid, psd->grp_sid);
+ sid_copy(&grp_sid, psd->group_sid);
if (!sid_to_gid( &grp_sid, pgrp)) {
if (lp_force_unknown_acl_user(snum)) {
/* this allows take group ownership to work
@@ -1254,7 +1254,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
*/
for(i = 0; i < dacl->num_aces; i++) {
- SEC_ACE *psa = &dacl->ace[i];
+ SEC_ACE *psa = &dacl->aces[i];
if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
@@ -1273,12 +1273,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
* Convert GENERIC bits to specific bits.
*/
- se_map_generic(&psa->info.mask, &file_generic_mapping);
+ se_map_generic(&psa->access_mask, &file_generic_mapping);
- psa->info.mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
+ psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
- if(psa->info.mask != UNIX_ACCESS_NONE)
- psa->info.mask &= ~UNIX_ACCESS_NONE;
+ if(psa->access_mask != UNIX_ACCESS_NONE)
+ psa->access_mask &= ~UNIX_ACCESS_NONE;
}
}
@@ -1291,12 +1291,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
*/
for(i = 0; i < dacl->num_aces; i++) {
- SEC_ACE *psa1 = &dacl->ace[i];
+ SEC_ACE *psa1 = &dacl->aces[i];
for (j = i + 1; j < dacl->num_aces; j++) {
- SEC_ACE *psa2 = &dacl->ace[j];
+ SEC_ACE *psa2 = &dacl->aces[j];
- if (psa1->info.mask != psa2->info.mask)
+ if (psa1->access_mask != psa2->access_mask)
continue;
if (!sid_equal(&psa1->trustee, &psa2->trustee))
@@ -1322,7 +1322,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
}
for(i = 0; i < dacl->num_aces; i++) {
- SEC_ACE *psa = &dacl->ace[i];
+ SEC_ACE *psa = &dacl->aces[i];
/*
* Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
@@ -1408,7 +1408,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
* S_I(R|W|X)USR bits.
*/
- current_ace->perms |= map_nt_perms( psa->info, S_IRUSR);
+ current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR);
current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
current_ace->inherited = ((psa->flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False);
@@ -2641,7 +2641,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
/* We know the lower number ACE's are file entries. */
if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
(nt_ace_list[i].size == nt_ace_list[j].size) &&
- (nt_ace_list[i].info.mask == nt_ace_list[j].info.mask) &&
+ (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
(i_inh == j_inh) &&
(i_flags_ni == 0) &&
@@ -2654,7 +2654,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
* the non-inherited ACE onto the inherited ACE.
*/
- if (nt_ace_list[i].info.mask == 0) {
+ if (nt_ace_list[i].access_mask == 0) {
nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
(i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
if (num_aces - i - 1 > 0)
@@ -2954,7 +2954,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
}
if (psd->dacl) {
- dacl_sort_into_canonical_order(psd->dacl->ace, (unsigned int)psd->dacl->num_aces);
+ dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces);
}
*ppdesc = psd;