diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-12-09 06:22:09 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:47:13 -0500 |
commit | 2e4d4a9e28ddd84e245e45c2c58f9cc6e8e2967f (patch) | |
tree | bd1b6505d68042e0be32ecc34acff6d6ff54a483 /source4/libcli/security | |
parent | 781ed1f5ef38cc057c5efa3d09f6a388791b37f3 (diff) | |
download | samba-2e4d4a9e28ddd84e245e45c2c58f9cc6e8e2967f.tar.gz samba-2e4d4a9e28ddd84e245e45c2c58f9cc6e8e2967f.tar.bz2 samba-2e4d4a9e28ddd84e245e45c2c58f9cc6e8e2967f.zip |
r12139: - fixed up the ace object flags checking
- allow for arbitrary access masks in sddl_encode_ace()
(This used to be commit 5e2b1bd6afafe2eb96e98c4636e0a62235693183)
Diffstat (limited to 'source4/libcli/security')
-rw-r--r-- | source4/libcli/security/sddl.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c index a1b8346969..643cb7a82c 100644 --- a/source4/libcli/security/sddl.c +++ b/source4/libcli/security/sddl.c @@ -221,6 +221,7 @@ static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char if (!NT_STATUS_IS_OK(status)) { return False; } + ace->object.object.flags |= SEC_ACE_OBJECT_TYPE_PRESENT; } /* inherit object */ @@ -230,6 +231,7 @@ static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char if (!NT_STATUS_IS_OK(status)) { return False; } + ace->object.object.flags |= SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT; } /* trustee */ @@ -460,18 +462,21 @@ static char *sddl_encode_ace(TALLOC_CTX *mem_ctx, const struct security_ace *ace if (s_flags == NULL) goto failed; s_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask, ace->access_mask, True); - if (s_mask == NULL) goto failed; + if (s_mask == NULL) { + s_mask = talloc_asprintf(tmp_ctx, "0x%08x", ace->access_mask); + if (s_mask == NULL) goto failed; + } if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) { - if (!GUID_all_zero(&ace->object.object.type.type)) { + if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) { s_object = GUID_string(tmp_ctx, &ace->object.object.type.type); if (s_object == NULL) goto failed; } - if (!GUID_all_zero(&ace->object.object.inherited_type.inherited_type)) { + if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) { s_iobject = GUID_string(tmp_ctx, &ace->object.object.inherited_type.inherited_type); if (s_iobject == NULL) goto failed; } |