diff options
author | Stefan Metzmacher <metze@samba.org> | 2007-01-15 10:47:22 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:43:31 -0500 |
commit | d363192d6466d3b1654284227addc745ca5d0a81 (patch) | |
tree | 63388c605a43d2821667368c671f292fc9e38da2 /source4/libcli/security | |
parent | d6fafdb23714551e844c2ce6006683f9f51e4ff1 (diff) | |
download | samba-d363192d6466d3b1654284227addc745ca5d0a81.tar.gz samba-d363192d6466d3b1654284227addc745ca5d0a81.tar.bz2 samba-d363192d6466d3b1654284227addc745ca5d0a81.zip |
r20801: try to always fix up the acl revision when we add or remove
an ace
metze
(This used to be commit 18cc56be6a7c21e5b19d0826aca6ae2416c116b8)
Diffstat (limited to 'source4/libcli/security')
-rw-r--r-- | source4/libcli/security/security_descriptor.c | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c index f7972f57ac..441f2c6370 100644 --- a/source4/libcli/security/security_descriptor.c +++ b/source4/libcli/security/security_descriptor.c @@ -150,7 +150,7 @@ NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd, if (sd->dacl == NULL) { return NT_STATUS_NO_MEMORY; } - sd->dacl->revision = NT4_ACL_REVISION; + sd->dacl->revision = SECURITY_ACL_REVISION_NT4; sd->dacl->size = 0; sd->dacl->num_aces = 0; sd->dacl->aces = NULL; @@ -171,7 +171,18 @@ NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd, if (sd->dacl->aces[sd->dacl->num_aces].trustee.sub_auths == NULL) { return NT_STATUS_NO_MEMORY; } - + + switch (sd->dacl->aces[sd->dacl->num_aces].type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: + case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: + sd->dacl->revision = SECURITY_ACL_REVISION_ADS; + break; + default: + break; + } + sd->dacl->num_aces++; sd->type |= SEC_DESC_DACL_PRESENT; @@ -187,11 +198,13 @@ NTSTATUS security_descriptor_dacl_del(struct security_descriptor *sd, struct dom_sid *trustee) { int i; + bool found = false; if (sd->dacl == NULL) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - + + /* there can be multiple ace's for one trustee */ for (i=0;i<sd->dacl->num_aces;i++) { if (dom_sid_equal(trustee, &sd->dacl->aces[i].trustee)) { memmove(&sd->dacl->aces[i], &sd->dacl->aces[i+1], @@ -200,10 +213,30 @@ NTSTATUS security_descriptor_dacl_del(struct security_descriptor *sd, if (sd->dacl->num_aces == 0) { sd->dacl->aces = NULL; } + found = true; + } + } + + if (!found) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + sd->dacl->revision = SECURITY_ACL_REVISION_NT4; + + for (i=0;i<sd->dacl->num_aces;i++) { + switch (sd->dacl->aces[i].type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: + case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: + sd->dacl->revision = SECURITY_ACL_REVISION_ADS; return NT_STATUS_OK; + default: + break; /* only for the switch statement */ } } - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_OK; } |