r25803: Make our security descriptor acl manipulation methods more generic so that we

can add and delete ACEs for SACLs as well as for DACLs. Guenther (This used to be commit 947fff994181f0ae50ac76d09621ddd684873112)
author: Günther Deschner <gd@samba.org> 2007-11-02 12:54:19 +0100
committer: Stefan Metzmacher <metze@samba.org> 2007-12-21 05:44:06 +0100
commit: f2002541ced97da3658348fe9ac9e212dd50c55b (patch)
tree: e9e0b7df2f65fff9b3ef48167e5b631edfb712c2 /source4/torture
parent: ffc3ff734ee46c1c5837545114bbbc57ffcf6c9b (diff)
download: samba-f2002541ced97da3658348fe9ac9e212dd50c55b.tar.gz
samba-f2002541ced97da3658348fe9ac9e212dd50c55b.tar.bz2
samba-f2002541ced97da3658348fe9ac9e212dd50c55b.zip
3 files changed, 23 insertions, 23 deletions
diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c
index 0136056bdf..95e7282895 100644
--- a/source4/torture/raw/acls.c
+++ b/source4/torture/raw/acls.c
@@ -297,7 +297,7 @@ static bool test_creator_sid(struct torture_context *tctx,
 	owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
 
 	printf("set a sec desc allowing no write by CREATOR_OWNER\n");
-	sd = security_descriptor_create(tctx,
+	sd = security_descriptor_dacl_create(tctx,
 					0, NULL, NULL,
 					SID_CREATOR_OWNER,
 					SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -334,7 +334,7 @@ static bool test_creator_sid(struct torture_context *tctx,
 	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
 
 	printf("set a sec desc allowing no write by owner\n");
-	sd = security_descriptor_create(tctx,
+	sd = security_descriptor_dacl_create(tctx,
 					0, owner_sid, NULL,
 					owner_sid,
 					SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -389,7 +389,7 @@ static bool test_creator_sid(struct torture_context *tctx,
 	smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
 
 	printf("set a sec desc allowing generic read by owner\n");
-	sd = security_descriptor_create(tctx,
+	sd = security_descriptor_dacl_create(tctx,
 					0, NULL, NULL,
 					owner_sid,
 					SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -402,7 +402,7 @@ static bool test_creator_sid(struct torture_context *tctx,
 	CHECK_STATUS(status, NT_STATUS_OK);
 
 	printf("check that generic read has been mapped correctly\n");
-	sd2 = security_descriptor_create(tctx,
+	sd2 = security_descriptor_dacl_create(tctx,
 					 0, owner_sid, NULL,
 					 owner_sid,
 					 SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -567,7 +567,7 @@ static bool test_generic_bits(struct torture_context *tctx,
 
 		printf("testing generic bits 0x%08x\n", 
 		       file_mappings[i].gen_bits);
-		sd = security_descriptor_create(tctx,
+		sd = security_descriptor_dacl_create(tctx,
 						0, owner_sid, NULL,
 						owner_sid,
 						SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -583,7 +583,7 @@ static bool test_generic_bits(struct torture_context *tctx,
 		status = smb_raw_setfileinfo(cli->tree, &set);
 		CHECK_STATUS(status, NT_STATUS_OK);
 
-		sd2 = security_descriptor_create(tctx,
+		sd2 = security_descriptor_dacl_create(tctx,
 						 0, owner_sid, NULL,
 						 owner_sid,
 						 SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -615,7 +615,7 @@ static bool test_generic_bits(struct torture_context *tctx,
 
 		printf("testing generic bits 0x%08x (anonymous)\n", 
 		       file_mappings[i].gen_bits);
-		sd = security_descriptor_create(tctx,
+		sd = security_descriptor_dacl_create(tctx,
 						0, SID_NT_ANONYMOUS, NULL,
 						owner_sid,
 						SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -631,7 +631,7 @@ static bool test_generic_bits(struct torture_context *tctx,
 		status = smb_raw_setfileinfo(cli->tree, &set);
 		CHECK_STATUS(status, NT_STATUS_OK);
 
-		sd2 = security_descriptor_create(tctx,
+		sd2 = security_descriptor_dacl_create(tctx,
 						 0, SID_NT_ANONYMOUS, NULL,
 						 owner_sid,
 						 SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -732,7 +732,7 @@ static bool test_generic_bits(struct torture_context *tctx,
 
 		printf("testing generic bits 0x%08x\n", 
 		       file_mappings[i].gen_bits);
-		sd = security_descriptor_create(tctx,
+		sd = security_descriptor_dacl_create(tctx,
 						0, owner_sid, NULL,
 						owner_sid,
 						SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -748,7 +748,7 @@ static bool test_generic_bits(struct torture_context *tctx,
 		status = smb_raw_setfileinfo(cli->tree, &set);
 		CHECK_STATUS(status, NT_STATUS_OK);
 
-		sd2 = security_descriptor_create(tctx,
+		sd2 = security_descriptor_dacl_create(tctx,
 						 0, owner_sid, NULL,
 						 owner_sid,
 						 SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -780,7 +780,7 @@ static bool test_generic_bits(struct torture_context *tctx,
 
 		printf("testing generic bits 0x%08x (anonymous)\n", 
 		       file_mappings[i].gen_bits);
-		sd = security_descriptor_create(tctx,
+		sd = security_descriptor_dacl_create(tctx,
 						0, SID_NT_ANONYMOUS, NULL,
 						owner_sid,
 						SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -796,7 +796,7 @@ static bool test_generic_bits(struct torture_context *tctx,
 		status = smb_raw_setfileinfo(cli->tree, &set);
 		CHECK_STATUS(status, NT_STATUS_OK);
 
-		sd2 = security_descriptor_create(tctx,
+		sd2 = security_descriptor_dacl_create(tctx,
 						 0, SID_NT_ANONYMOUS, NULL,
 						 owner_sid,
 						 SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -907,7 +907,7 @@ static bool test_owner_bits(struct torture_context *tctx,
 	}
 	printf("SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No");
 
-	sd = security_descriptor_create(tctx,
+	sd = security_descriptor_dacl_create(tctx,
 					0, NULL, NULL,
 					owner_sid,
 					SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -1114,7 +1114,7 @@ static bool test_inheritance(struct torture_context *tctx,
 
 	printf("owner_sid is %s\n", owner_sid);
 
-	sd_def = security_descriptor_create(tctx,
+	sd_def = security_descriptor_dacl_create(tctx,
 					    0, owner_sid, NULL,
 					    owner_sid,
 					    SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -1129,7 +1129,7 @@ static bool test_inheritance(struct torture_context *tctx,
 	creator_owner = dom_sid_parse_talloc(tctx, SID_CREATOR_OWNER);
 
 	for (i=0;i<ARRAY_SIZE(test_flags);i++) {
-		sd = security_descriptor_create(tctx,
+		sd = security_descriptor_dacl_create(tctx,
 						0, NULL, NULL,
 						SID_CREATOR_OWNER,
 						SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -1262,7 +1262,7 @@ static bool test_inheritance(struct torture_context *tctx,
 	}
 
 	printf("testing access checks on inherited create with %s\n", fname1);
-	sd = security_descriptor_create(tctx,
+	sd = security_descriptor_dacl_create(tctx,
 					0, NULL, NULL,
 					owner_sid,
 					SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -1295,7 +1295,7 @@ static bool test_inheritance(struct torture_context *tctx,
 	CHECK_STATUS(status, NT_STATUS_OK);
 	smbcli_close(cli->tree, fnum2);
 
-	sd2 = security_descriptor_create(tctx,
+	sd2 = security_descriptor_dacl_create(tctx,
 					 0, owner_sid, NULL,
 					 owner_sid,
 					 SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -1431,7 +1431,7 @@ static bool test_inheritance_dynamic(struct torture_context *tctx,
 
 	printf("owner_sid is %s\n", owner_sid);
 
-	sd = security_descriptor_create(tctx,
+	sd = security_descriptor_dacl_create(tctx,
 					0, NULL, NULL,
 					owner_sid,
 					SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -1471,7 +1471,7 @@ static bool test_inheritance_dynamic(struct torture_context *tctx,
 	CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
 
 	printf("update parent sd\n");
-	sd = security_descriptor_create(tctx,
+	sd = security_descriptor_dacl_create(tctx,
 					0, NULL, NULL,
 					owner_sid,
 					SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -1586,7 +1586,7 @@ static bool test_sd_get_set(struct torture_context *tctx,
 	printf("TESTING ACCESS MASKS FOR SD GET/SET\n");
 
 	/* first create a file with full access for everyone */
-	sd = security_descriptor_create(tctx,
+	sd = security_descriptor_dacl_create(tctx,
 					0, SID_NT_ANONYMOUS, SID_BUILTIN_USERS,
 					SID_WORLD,
 					SEC_ACE_TYPE_ACCESS_ALLOWED,
diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c
index c8d58bf620..d91f935f7f 100644
--- a/source4/torture/rpc/samba3rpc.c
+++ b/source4/torture/rpc/samba3rpc.c
@@ -2117,14 +2117,14 @@ bool try_tcon(TALLOC_CTX *mem_ctx,
 		return false;
 	}
 
-	sd = security_descriptor_create(
+	sd = security_descriptor_dacl_create(
 		tmp_ctx, 0, "S-1-5-32-544",
 		dom_sid_string(mem_ctx, dom_sid_add_rid(mem_ctx, domain_sid,
 							DOMAIN_RID_USERS)),
 		dom_sid_string(mem_ctx, user_sid),
 		SEC_ACE_TYPE_ACCESS_ALLOWED, access_mask, 0, NULL);
 	if (sd == NULL) {
-		d_printf("security_descriptor_create failed\n");
+		d_printf("security_descriptor_dacl_create failed\n");
 		talloc_free(tmp_ctx);
                 return false;
         }
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c
index 4c765f72a2..733d7f2958 100644
--- a/source4/torture/rpc/winreg.c
+++ b/source4/torture/rpc/winreg.c
@@ -139,7 +139,7 @@ static bool test_CreateKey_sd(struct dcerpc_pipe *p,
 	DATA_BLOB sdblob;
 	struct winreg_SecBuf secbuf;
 
-	sd = security_descriptor_create(tctx,
+	sd = security_descriptor_dacl_create(tctx,
 					0,
 					NULL, NULL,
 					SID_NT_AUTHENTICATED_USERS,
author	Günther Deschner <gd@samba.org>	2007-11-02 12:54:19 +0100
committer	Stefan Metzmacher <metze@samba.org>	2007-12-21 05:44:06 +0100
commit	f2002541ced97da3658348fe9ac9e212dd50c55b (patch)
tree	e9e0b7df2f65fff9b3ef48167e5b631edfb712c2 /source4/torture
parent	ffc3ff734ee46c1c5837545114bbbc57ffcf6c9b (diff)
download	samba-f2002541ced97da3658348fe9ac9e212dd50c55b.tar.gz samba-f2002541ced97da3658348fe9ac9e212dd50c55b.tar.bz2 samba-f2002541ced97da3658348fe9ac9e212dd50c55b.zip