summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/rpc_secdes.h2
-rw-r--r--source3/lib/util_seaccess.c8
-rw-r--r--source3/printing/nt_printing.c2
-rw-r--r--source3/rpc_parse/parse_sec.c8
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c4
-rw-r--r--source3/rpcclient/cmd_spoolss.c2
-rw-r--r--source3/smbd/posix_acls.c46
-rw-r--r--source3/utils/smbcacls.c32
8 files changed, 58 insertions, 46 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 5d8a1895a6..259c156767 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -95,7 +95,7 @@ typedef struct security_ace_info
uint16 size;
SEC_ACCESS info;
- DOM_SID sid;
+ DOM_SID trustee;
} SEC_ACE;
#define _SEC_ACE
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 852ded5627..b8dc43dede 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -33,7 +33,7 @@ static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
size_t i;
for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&ace->sid, &token->user_sids[i]))
+ if (sid_equal(&ace->trustee, &token->user_sids[i]))
return True;
}
@@ -277,7 +277,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
(unsigned int)i, ace->type, ace->flags,
- sid_to_string(sid_str, &ace->sid),
+ sid_to_string(sid_str, &ace->trustee),
(unsigned int) ace->info.mask,
(unsigned int)tmp_acc_desired ));
@@ -388,10 +388,10 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
continue;
init_sec_access(&new_ace->info, ace->info.mask);
- init_sec_ace(new_ace, &ace->sid, ace->type,
+ init_sec_ace(new_ace, &ace->trustee, ace->type,
new_ace->info, new_flags);
- sid_to_string(sid_str, &ace->sid);
+ sid_to_string(sid_str, &ace->trustee);
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n", sid_str,
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index ae3c43fd93..68050163c4 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -3624,7 +3624,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, char *printername, SEC_DESC_BUF **secde
for (i = 0; i < the_acl->num_aces; i++) {
fstring sid_str;
- sid_to_string(sid_str, &the_acl->ace[i].sid);
+ sid_to_string(sid_str, &the_acl->ace[i].trustee);
DEBUG(10, ("%s %d %d 0x%08x\n", sid_str,
the_acl->ace[i].type, the_acl->ace[i].flags,
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
index 98f076c1e3..0e6f9e2879 100644
--- a/source3/rpc_parse/parse_sec.c
+++ b/source3/rpc_parse/parse_sec.c
@@ -68,8 +68,8 @@ void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 f
t->size = sid_size(sid) + 8;
t->info = mask;
- ZERO_STRUCTP(&t->sid);
- sid_copy(&t->sid, sid);
+ ZERO_STRUCTP(&t->trustee);
+ sid_copy(&t->trustee, sid);
}
/*******************************************************************
@@ -107,7 +107,7 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
if(!prs_align(ps))
return False;
- if(!smb_io_dom_sid("sid ", &psa->sid , ps, depth))
+ if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
return False;
if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset))
@@ -281,7 +281,7 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2)
/* Check SID */
- if (!sid_equal(&s1->sid, &s2->sid)) {
+ if (!sid_equal(&s1->trustee, &s2->trustee)) {
return False;
}
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 3b21726a0f..c64a7a218c 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -4150,7 +4150,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level,
for (i = 0; i < the_acl->num_aces; i++) {
fstring sid_str;
- sid_to_string(sid_str, &the_acl->ace[i].sid);
+ sid_to_string(sid_str, &the_acl->ace[i].trustee);
DEBUG(10, ("%s 0x%08x\n", sid_str,
the_acl->ace[i].info.mask));
@@ -4165,7 +4165,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level,
for (i = 0; i < the_acl->num_aces; i++) {
fstring sid_str;
- sid_to_string(sid_str, &the_acl->ace[i].sid);
+ sid_to_string(sid_str, &the_acl->ace[i].trustee);
DEBUG(10, ("%s 0x%08x\n", sid_str,
the_acl->ace[i].info.mask));
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index 684b6c58db..bc003284da 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -89,7 +89,7 @@ static void display_sec_ace(SEC_ACE *ace)
{
fstring sid_str;
- sid_to_string(sid_str, &ace->sid);
+ sid_to_string(sid_str, &ace->trustee);
printf("\t\tSID: %s\n", sid_str);
printf("\t\ttype:[%d], flags:[0x%02x], mask:[0x%08x]\n",
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index d42b11cb83..b00d1810a2 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -38,7 +38,7 @@ typedef struct canon_ace {
struct canon_ace *next, *prev;
SMB_ACL_TAG_T type;
mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
- DOM_SID sid;
+ DOM_SID trustee;
enum ace_owner owner_type;
enum ace_attribute attr;
posix_id unix_ug;
@@ -103,7 +103,7 @@ static void print_canon_ace(canon_ace *pace, int num)
fstring str;
dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
- dbgtext( "SID = %s ", sid_to_string( str, &pace->sid));
+ dbgtext( "SID = %s ", sid_to_string( str, &pace->trustee));
if (pace->owner_type == UID_ACE) {
struct passwd *pass = sys_getpwuid(pace->unix_ug.uid);
dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, pass ? pass->pw_name : "UNKNOWN");
@@ -243,7 +243,7 @@ static void merge_aces( canon_ace **pp_list_head )
curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
- if (sid_equal(&curr_ace->sid, &curr_ace_outer->sid) &&
+ if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace->attr == curr_ace_outer->attr)) {
if( DEBUGLVL( 10 )) {
@@ -283,7 +283,7 @@ static void merge_aces( canon_ace **pp_list_head )
* we've put on the ACL, we know the deny must be the first one.
*/
- if (sid_equal(&curr_ace->sid, &curr_ace_outer->sid) &&
+ if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
if( DEBUGLVL( 10 )) {
@@ -572,7 +572,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->type = SMB_ACL_USER_OBJ;
pace->owner_type = UID_ACE;
pace->unix_ug.uid = pst->st_uid;
- pace->sid = *pfile_owner_sid;
+ pace->trustee = *pfile_owner_sid;
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
pace->attr = ALLOW_ACE;
@@ -589,7 +589,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->type = SMB_ACL_GROUP_OBJ;
pace->owner_type = GID_ACE;
pace->unix_ug.uid = pst->st_gid;
- pace->sid = *pfile_grp_sid;
+ pace->trustee = *pfile_grp_sid;
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
pace->attr = ALLOW_ACE;
@@ -606,7 +606,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->type = SMB_ACL_OTHER;
pace->owner_type = WORLD_ACE;
pace->unix_ug.world = -1;
- pace->sid = global_sid_World;
+ pace->trustee = global_sid_World;
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH);
pace->attr = ALLOW_ACE;
@@ -688,7 +688,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
if (psa1->info.mask != psa2->info.mask)
continue;
- if (!sid_equal(&psa1->sid, &psa2->sid))
+ if (!sid_equal(&psa1->trustee, &psa2->trustee))
continue;
/*
@@ -718,10 +718,10 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
* Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
*/
- if (non_mappable_sid(&psa->sid)) {
+ if (non_mappable_sid(&psa->trustee)) {
fstring str;
DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
- sid_to_string(str, &psa->sid) ));
+ sid_to_string(str, &psa->trustee) ));
continue;
}
@@ -738,19 +738,19 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
ZERO_STRUCTP(current_ace);
- sid_copy(&current_ace->sid, &psa->sid);
+ sid_copy(&current_ace->trustee, &psa->trustee);
/*
* Try and work out if the SID is a user or group
* as we need to flag these differently for POSIX.
*/
- if( sid_equal(&current_ace->sid, &global_sid_World)) {
+ if( sid_equal(&current_ace->trustee, &global_sid_World)) {
current_ace->owner_type = WORLD_ACE;
current_ace->unix_ug.world = -1;
- } else if (sid_to_uid( &current_ace->sid, &current_ace->unix_ug.uid, &sid_type)) {
+ } else if (sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid, &sid_type)) {
current_ace->owner_type = UID_ACE;
- } else if (sid_to_gid( &current_ace->sid, &current_ace->unix_ug.gid, &sid_type)) {
+ } else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid, &sid_type)) {
current_ace->owner_type = GID_ACE;
} else {
fstring str;
@@ -759,7 +759,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
free_canon_ace_list(dir_ace);
SAFE_FREE(current_ace);
DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",
- sid_to_string(str, &current_ace->sid) ));
+ sid_to_string(str, &current_ace->trustee) ));
return False;
}
@@ -775,15 +775,15 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
* Now note what kind of a POSIX ACL this should map to.
*/
- if(sid_equal(&current_ace->sid, pfile_owner_sid)) {
+ if(sid_equal(&current_ace->trustee, pfile_owner_sid)) {
current_ace->type = SMB_ACL_USER_OBJ;
- } else if( sid_equal(&current_ace->sid, pfile_grp_sid)) {
+ } else if( sid_equal(&current_ace->trustee, pfile_grp_sid)) {
current_ace->type = SMB_ACL_GROUP_OBJ;
- } else if( sid_equal(&current_ace->sid, &global_sid_World)) {
+ } else if( sid_equal(&current_ace->trustee, &global_sid_World)) {
current_ace->type = SMB_ACL_OTHER;
@@ -930,7 +930,7 @@ static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
/* "Everyone" always matches every uid. */
- if (sid_equal(&group_ace->sid, &global_sid_World))
+ if (sid_equal(&group_ace->trustee, &global_sid_World))
return True;
if (!(pass = sys_getpwuid(uid_ace->unix_ug.uid)))
@@ -1067,7 +1067,7 @@ static void process_deny_list( canon_ace **pp_ace_list )
continue;
}
- if (!sid_equal(&curr_ace->sid, &global_sid_World))
+ if (!sid_equal(&curr_ace->trustee, &global_sid_World))
continue;
/* JRATEST - assert. */
@@ -1518,7 +1518,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
ace->type = tagtype;
ace->perms = convert_permset_to_mode_t(permset);
ace->attr = ALLOW_ACE;
- ace->sid = sid;
+ ace->trustee = sid;
ace->unix_ug = unix_ug;
ace->owner_type = owner_type;
@@ -1937,14 +1937,14 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
for (i = 0; i < num_acls; i++, ace = ace->next) {
SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
- init_sec_ace(&nt_ace_list[num_aces++], &ace->sid, nt_acl_type, acc, 0);
+ init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, 0);
}
ace = dir_ace;
for (i = 0; i < num_dir_acls; i++, ace = ace->next) {
SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
- init_sec_ace(&nt_ace_list[num_aces++], &ace->sid, nt_acl_type, acc,
+ init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc,
SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
}
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 670e1f6efe..8a3f3978e5 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -163,7 +163,7 @@ static void print_ace(FILE *f, SEC_ACE *ace)
int do_print = 0;
uint32 got_mask;
- SidToString(sidstr, &ace->sid);
+ SidToString(sidstr, &ace->trustee);
fprintf(f, "%s:", sidstr);
@@ -525,12 +525,24 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2)
{
- if (sec_ace_equal(ace1, ace2)) return 0;
- if (ace1->type != ace2->type) return ace2->type - ace1->type;
- if (sid_compare(&ace1->sid, &ace2->sid)) return sid_compare(&ace1->sid, &ace2->sid);
- if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags;
- if (ace1->info.mask != ace2->info.mask) return ace1->info.mask - ace2->info.mask;
- if (ace1->size != ace2->size) return ace1->size - ace2->size;
+ if (sec_ace_equal(ace1, ace2))
+ return 0;
+
+ if (ace1->type != ace2->type)
+ return ace2->type - ace1->type;
+
+ if (sid_compare(&ace1->trustee, &ace2->trustee))
+ return sid_compare(&ace1->trustee, &ace2->trustee);
+
+ if (ace1->flags != ace2->flags)
+ return ace1->flags - ace2->flags;
+
+ if (ace1->info.mask != ace2->info.mask)
+ return ace1->info.mask - ace2->info.mask;
+
+ if (ace1->size != ace2->size)
+ return ace1->size - ace2->size;
+
return memcmp(ace1, ace2, sizeof(SEC_ACE));
}
@@ -627,8 +639,8 @@ static int cacl_set(struct cli_state *cli, char *filename,
BOOL found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
- if (sid_equal(&sd->dacl->ace[i].sid,
- &old->dacl->ace[j].sid)) {
+ if (sid_equal(&sd->dacl->ace[i].trustee,
+ &old->dacl->ace[j].trustee)) {
old->dacl->ace[j] = sd->dacl->ace[i];
found = True;
}
@@ -637,7 +649,7 @@ static int cacl_set(struct cli_state *cli, char *filename,
if (!found) {
fstring str;
- SidToString(str, &sd->dacl->ace[i].sid);
+ SidToString(str, &sd->dacl->ace[i].trustee);
printf("ACL for SID %s not found\n", str);
}
}