summaryrefslogtreecommitdiff
path: root/source4/libcli/security
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2007-01-15 10:47:22 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:43:31 -0500
commitd363192d6466d3b1654284227addc745ca5d0a81 (patch)
tree63388c605a43d2821667368c671f292fc9e38da2 /source4/libcli/security
parentd6fafdb23714551e844c2ce6006683f9f51e4ff1 (diff)
downloadsamba-d363192d6466d3b1654284227addc745ca5d0a81.tar.gz
samba-d363192d6466d3b1654284227addc745ca5d0a81.tar.bz2
samba-d363192d6466d3b1654284227addc745ca5d0a81.zip
r20801: try to always fix up the acl revision when we add or remove
an ace metze (This used to be commit 18cc56be6a7c21e5b19d0826aca6ae2416c116b8)
Diffstat (limited to 'source4/libcli/security')
-rw-r--r--source4/libcli/security/security_descriptor.c41
1 files changed, 37 insertions, 4 deletions
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c
index f7972f57ac..441f2c6370 100644
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -150,7 +150,7 @@ NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
if (sd->dacl == NULL) {
return NT_STATUS_NO_MEMORY;
}
- sd->dacl->revision = NT4_ACL_REVISION;
+ sd->dacl->revision = SECURITY_ACL_REVISION_NT4;
sd->dacl->size = 0;
sd->dacl->num_aces = 0;
sd->dacl->aces = NULL;
@@ -171,7 +171,18 @@ NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
if (sd->dacl->aces[sd->dacl->num_aces].trustee.sub_auths == NULL) {
return NT_STATUS_NO_MEMORY;
}
-
+
+ switch (sd->dacl->aces[sd->dacl->num_aces].type) {
+ case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+ case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+ case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+ case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+ sd->dacl->revision = SECURITY_ACL_REVISION_ADS;
+ break;
+ default:
+ break;
+ }
+
sd->dacl->num_aces++;
sd->type |= SEC_DESC_DACL_PRESENT;
@@ -187,11 +198,13 @@ NTSTATUS security_descriptor_dacl_del(struct security_descriptor *sd,
struct dom_sid *trustee)
{
int i;
+ bool found = false;
if (sd->dacl == NULL) {
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
-
+
+ /* there can be multiple ace's for one trustee */
for (i=0;i<sd->dacl->num_aces;i++) {
if (dom_sid_equal(trustee, &sd->dacl->aces[i].trustee)) {
memmove(&sd->dacl->aces[i], &sd->dacl->aces[i+1],
@@ -200,10 +213,30 @@ NTSTATUS security_descriptor_dacl_del(struct security_descriptor *sd,
if (sd->dacl->num_aces == 0) {
sd->dacl->aces = NULL;
}
+ found = true;
+ }
+ }
+
+ if (!found) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ sd->dacl->revision = SECURITY_ACL_REVISION_NT4;
+
+ for (i=0;i<sd->dacl->num_aces;i++) {
+ switch (sd->dacl->aces[i].type) {
+ case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+ case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+ case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+ case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+ sd->dacl->revision = SECURITY_ACL_REVISION_ADS;
return NT_STATUS_OK;
+ default:
+ break; /* only for the switch statement */
}
}
- return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+ return NT_STATUS_OK;
}