diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2006-09-20 22:23:12 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:00:54 -0500 |
commit | 4db7642caa99c1b054322a8971c4b673556487ce (patch) | |
tree | 4ca6f040d613bc8127f43cd30a2bc12d3192471b /source3/smbd | |
parent | 3ef4b8cf2f4a52c08b71fa8cac1ce4e8409c160b (diff) | |
download | samba-4db7642caa99c1b054322a8971c4b673556487ce.tar.gz samba-4db7642caa99c1b054322a8971c4b673556487ce.tar.bz2 samba-4db7642caa99c1b054322a8971c4b673556487ce.zip |
r18745: Use the Samba4 data structures for security descriptors and security descriptor
buffers.
Make security access masks simply a uint32 rather than a structure
with a uint32 in it.
(This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/nttrans.c | 8 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 54 |
2 files changed, 31 insertions, 31 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index c5e48a6324..9cebd21d7d 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1009,16 +1009,16 @@ static NTSTATUS set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 secu return NT_STATUS_NO_MEMORY; } - if (psd->off_owner_sid==0) { + if (psd->owner_sid==0) { security_info_sent &= ~OWNER_SECURITY_INFORMATION; } - if (psd->off_grp_sid==0) { + if (psd->group_sid==0) { security_info_sent &= ~GROUP_SECURITY_INFORMATION; } - if (psd->off_sacl==0) { + if (psd->sacl==0) { security_info_sent &= ~SACL_SECURITY_INFORMATION; } - if (psd->off_dacl==0) { + if (psd->dacl==0) { security_info_sent &= ~DACL_SECURITY_INFORMATION; } diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 18ef187f38..3b38b91547 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -860,36 +860,36 @@ static SEC_ACCESS map_canon_ace_perms(int snum, int *pacl_type, DOM_SID *powner_ #define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES) #define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE) -static mode_t map_nt_perms( SEC_ACCESS sec_access, int type) +static mode_t map_nt_perms( uint32 *mask, int type) { mode_t mode = 0; switch(type) { case S_IRUSR: - if(sec_access.mask & GENERIC_ALL_ACCESS) + if((*mask) & GENERIC_ALL_ACCESS) mode = S_IRUSR|S_IWUSR|S_IXUSR; else { - mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0; - mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0; - mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0; + mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0; + mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0; + mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0; } break; case S_IRGRP: - if(sec_access.mask & GENERIC_ALL_ACCESS) + if((*mask) & GENERIC_ALL_ACCESS) mode = S_IRGRP|S_IWGRP|S_IXGRP; else { - mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0; - mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0; - mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0; + mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0; + mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0; + mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0; } break; case S_IROTH: - if(sec_access.mask & GENERIC_ALL_ACCESS) + if((*mask) & GENERIC_ALL_ACCESS) mode = S_IROTH|S_IWOTH|S_IXOTH; else { - mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0; - mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0; - mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0; + mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0; + mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0; + mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0; } break; } @@ -950,7 +950,7 @@ BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_ */ if (security_info_sent & GROUP_SECURITY_INFORMATION) { - sid_copy(&grp_sid, psd->grp_sid); + sid_copy(&grp_sid, psd->group_sid); if (!sid_to_gid( &grp_sid, pgrp)) { if (lp_force_unknown_acl_user(snum)) { /* this allows take group ownership to work @@ -1254,7 +1254,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, */ for(i = 0; i < dacl->num_aces; i++) { - SEC_ACE *psa = &dacl->ace[i]; + SEC_ACE *psa = &dacl->aces[i]; if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) { DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n")); @@ -1273,12 +1273,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, * Convert GENERIC bits to specific bits. */ - se_map_generic(&psa->info.mask, &file_generic_mapping); + se_map_generic(&psa->access_mask, &file_generic_mapping); - psa->info.mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS); + psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS); - if(psa->info.mask != UNIX_ACCESS_NONE) - psa->info.mask &= ~UNIX_ACCESS_NONE; + if(psa->access_mask != UNIX_ACCESS_NONE) + psa->access_mask &= ~UNIX_ACCESS_NONE; } } @@ -1291,12 +1291,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, */ for(i = 0; i < dacl->num_aces; i++) { - SEC_ACE *psa1 = &dacl->ace[i]; + SEC_ACE *psa1 = &dacl->aces[i]; for (j = i + 1; j < dacl->num_aces; j++) { - SEC_ACE *psa2 = &dacl->ace[j]; + SEC_ACE *psa2 = &dacl->aces[j]; - if (psa1->info.mask != psa2->info.mask) + if (psa1->access_mask != psa2->access_mask) continue; if (!sid_equal(&psa1->trustee, &psa2->trustee)) @@ -1322,7 +1322,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, } for(i = 0; i < dacl->num_aces; i++) { - SEC_ACE *psa = &dacl->ace[i]; + SEC_ACE *psa = &dacl->aces[i]; /* * Ignore non-mappable SIDs (NT Authority, BUILTIN etc). @@ -1408,7 +1408,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, * S_I(R|W|X)USR bits. */ - current_ace->perms |= map_nt_perms( psa->info, S_IRUSR); + current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR); current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE; current_ace->inherited = ((psa->flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False); @@ -2641,7 +2641,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces) /* We know the lower number ACE's are file entries. */ if ((nt_ace_list[i].type == nt_ace_list[j].type) && (nt_ace_list[i].size == nt_ace_list[j].size) && - (nt_ace_list[i].info.mask == nt_ace_list[j].info.mask) && + (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) && sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) && (i_inh == j_inh) && (i_flags_ni == 0) && @@ -2654,7 +2654,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces) * the non-inherited ACE onto the inherited ACE. */ - if (nt_ace_list[i].info.mask == 0) { + if (nt_ace_list[i].access_mask == 0) { nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT| (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0); if (num_aces - i - 1 > 0) @@ -2954,7 +2954,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) } if (psd->dacl) { - dacl_sort_into_canonical_order(psd->dacl->ace, (unsigned int)psd->dacl->num_aces); + dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces); } *ppdesc = psd; |