diff options
-rw-r--r-- | source3/include/rpc_secdes.h | 2 | ||||
-rw-r--r-- | source3/lib/util_seaccess.c | 8 | ||||
-rw-r--r-- | source3/printing/nt_printing.c | 2 | ||||
-rw-r--r-- | source3/rpc_parse/parse_sec.c | 8 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 4 | ||||
-rw-r--r-- | source3/rpcclient/cmd_spoolss.c | 2 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 46 | ||||
-rw-r--r-- | source3/utils/smbcacls.c | 32 |
8 files changed, 58 insertions, 46 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 5d8a1895a6..259c156767 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -95,7 +95,7 @@ typedef struct security_ace_info uint16 size; SEC_ACCESS info; - DOM_SID sid; + DOM_SID trustee; } SEC_ACE; #define _SEC_ACE diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 852ded5627..b8dc43dede 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -33,7 +33,7 @@ static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->sid, &token->user_sids[i])) + if (sid_equal(&ace->trustee, &token->user_sids[i])) return True; } @@ -277,7 +277,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", (unsigned int)i, ace->type, ace->flags, - sid_to_string(sid_str, &ace->sid), + sid_to_string(sid_str, &ace->trustee), (unsigned int) ace->info.mask, (unsigned int)tmp_acc_desired )); @@ -388,10 +388,10 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, continue; init_sec_access(&new_ace->info, ace->info.mask); - init_sec_ace(new_ace, &ace->sid, ace->type, + init_sec_ace(new_ace, &ace->trustee, ace->type, new_ace->info, new_flags); - sid_to_string(sid_str, &ace->sid); + sid_to_string(sid_str, &ace->trustee); DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", sid_str, diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index ae3c43fd93..68050163c4 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -3624,7 +3624,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, char *printername, SEC_DESC_BUF **secde for (i = 0; i < the_acl->num_aces; i++) { fstring sid_str; - sid_to_string(sid_str, &the_acl->ace[i].sid); + sid_to_string(sid_str, &the_acl->ace[i].trustee); DEBUG(10, ("%s %d %d 0x%08x\n", sid_str, the_acl->ace[i].type, the_acl->ace[i].flags, diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 98f076c1e3..0e6f9e2879 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -68,8 +68,8 @@ void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 f t->size = sid_size(sid) + 8; t->info = mask; - ZERO_STRUCTP(&t->sid); - sid_copy(&t->sid, sid); + ZERO_STRUCTP(&t->trustee); + sid_copy(&t->trustee, sid); } /******************************************************************* @@ -107,7 +107,7 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if(!prs_align(ps)) return False; - if(!smb_io_dom_sid("sid ", &psa->sid , ps, depth)) + if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) return False; if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) @@ -281,7 +281,7 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) /* Check SID */ - if (!sid_equal(&s1->sid, &s2->sid)) { + if (!sid_equal(&s1->trustee, &s2->trustee)) { return False; } diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 3b21726a0f..c64a7a218c 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -4150,7 +4150,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, for (i = 0; i < the_acl->num_aces; i++) { fstring sid_str; - sid_to_string(sid_str, &the_acl->ace[i].sid); + sid_to_string(sid_str, &the_acl->ace[i].trustee); DEBUG(10, ("%s 0x%08x\n", sid_str, the_acl->ace[i].info.mask)); @@ -4165,7 +4165,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, for (i = 0; i < the_acl->num_aces; i++) { fstring sid_str; - sid_to_string(sid_str, &the_acl->ace[i].sid); + sid_to_string(sid_str, &the_acl->ace[i].trustee); DEBUG(10, ("%s 0x%08x\n", sid_str, the_acl->ace[i].info.mask)); diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index 684b6c58db..bc003284da 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -89,7 +89,7 @@ static void display_sec_ace(SEC_ACE *ace) { fstring sid_str; - sid_to_string(sid_str, &ace->sid); + sid_to_string(sid_str, &ace->trustee); printf("\t\tSID: %s\n", sid_str); printf("\t\ttype:[%d], flags:[0x%02x], mask:[0x%08x]\n", diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index d42b11cb83..b00d1810a2 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -38,7 +38,7 @@ typedef struct canon_ace { struct canon_ace *next, *prev; SMB_ACL_TAG_T type; mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */ - DOM_SID sid; + DOM_SID trustee; enum ace_owner owner_type; enum ace_attribute attr; posix_id unix_ug; @@ -103,7 +103,7 @@ static void print_canon_ace(canon_ace *pace, int num) fstring str; dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" ); - dbgtext( "SID = %s ", sid_to_string( str, &pace->sid)); + dbgtext( "SID = %s ", sid_to_string( str, &pace->trustee)); if (pace->owner_type == UID_ACE) { struct passwd *pass = sys_getpwuid(pace->unix_ug.uid); dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, pass ? pass->pw_name : "UNKNOWN"); @@ -243,7 +243,7 @@ static void merge_aces( canon_ace **pp_list_head ) curr_ace_next = curr_ace->next; /* Save the link in case of delete. */ - if (sid_equal(&curr_ace->sid, &curr_ace_outer->sid) && + if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && (curr_ace->attr == curr_ace_outer->attr)) { if( DEBUGLVL( 10 )) { @@ -283,7 +283,7 @@ static void merge_aces( canon_ace **pp_list_head ) * we've put on the ACL, we know the deny must be the first one. */ - if (sid_equal(&curr_ace->sid, &curr_ace_outer->sid) && + if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) && (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) { if( DEBUGLVL( 10 )) { @@ -572,7 +572,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->type = SMB_ACL_USER_OBJ; pace->owner_type = UID_ACE; pace->unix_ug.uid = pst->st_uid; - pace->sid = *pfile_owner_sid; + pace->trustee = *pfile_owner_sid; pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR); pace->attr = ALLOW_ACE; @@ -589,7 +589,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->type = SMB_ACL_GROUP_OBJ; pace->owner_type = GID_ACE; pace->unix_ug.uid = pst->st_gid; - pace->sid = *pfile_grp_sid; + pace->trustee = *pfile_grp_sid; pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP); pace->attr = ALLOW_ACE; @@ -606,7 +606,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, pace->type = SMB_ACL_OTHER; pace->owner_type = WORLD_ACE; pace->unix_ug.world = -1; - pace->sid = global_sid_World; + pace->trustee = global_sid_World; pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH); pace->attr = ALLOW_ACE; @@ -688,7 +688,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, if (psa1->info.mask != psa2->info.mask) continue; - if (!sid_equal(&psa1->sid, &psa2->sid)) + if (!sid_equal(&psa1->trustee, &psa2->trustee)) continue; /* @@ -718,10 +718,10 @@ static BOOL create_canon_ace_lists(files_struct *fsp, * Ignore non-mappable SIDs (NT Authority, BUILTIN etc). */ - if (non_mappable_sid(&psa->sid)) { + if (non_mappable_sid(&psa->trustee)) { fstring str; DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n", - sid_to_string(str, &psa->sid) )); + sid_to_string(str, &psa->trustee) )); continue; } @@ -738,19 +738,19 @@ static BOOL create_canon_ace_lists(files_struct *fsp, ZERO_STRUCTP(current_ace); - sid_copy(¤t_ace->sid, &psa->sid); + sid_copy(¤t_ace->trustee, &psa->trustee); /* * Try and work out if the SID is a user or group * as we need to flag these differently for POSIX. */ - if( sid_equal(¤t_ace->sid, &global_sid_World)) { + if( sid_equal(¤t_ace->trustee, &global_sid_World)) { current_ace->owner_type = WORLD_ACE; current_ace->unix_ug.world = -1; - } else if (sid_to_uid( ¤t_ace->sid, ¤t_ace->unix_ug.uid, &sid_type)) { + } else if (sid_to_uid( ¤t_ace->trustee, ¤t_ace->unix_ug.uid, &sid_type)) { current_ace->owner_type = UID_ACE; - } else if (sid_to_gid( ¤t_ace->sid, ¤t_ace->unix_ug.gid, &sid_type)) { + } else if (sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid, &sid_type)) { current_ace->owner_type = GID_ACE; } else { fstring str; @@ -759,7 +759,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, free_canon_ace_list(dir_ace); SAFE_FREE(current_ace); DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n", - sid_to_string(str, ¤t_ace->sid) )); + sid_to_string(str, ¤t_ace->trustee) )); return False; } @@ -775,15 +775,15 @@ static BOOL create_canon_ace_lists(files_struct *fsp, * Now note what kind of a POSIX ACL this should map to. */ - if(sid_equal(¤t_ace->sid, pfile_owner_sid)) { + if(sid_equal(¤t_ace->trustee, pfile_owner_sid)) { current_ace->type = SMB_ACL_USER_OBJ; - } else if( sid_equal(¤t_ace->sid, pfile_grp_sid)) { + } else if( sid_equal(¤t_ace->trustee, pfile_grp_sid)) { current_ace->type = SMB_ACL_GROUP_OBJ; - } else if( sid_equal(¤t_ace->sid, &global_sid_World)) { + } else if( sid_equal(¤t_ace->trustee, &global_sid_World)) { current_ace->type = SMB_ACL_OTHER; @@ -930,7 +930,7 @@ static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) /* "Everyone" always matches every uid. */ - if (sid_equal(&group_ace->sid, &global_sid_World)) + if (sid_equal(&group_ace->trustee, &global_sid_World)) return True; if (!(pass = sys_getpwuid(uid_ace->unix_ug.uid))) @@ -1067,7 +1067,7 @@ static void process_deny_list( canon_ace **pp_ace_list ) continue; } - if (!sid_equal(&curr_ace->sid, &global_sid_World)) + if (!sid_equal(&curr_ace->trustee, &global_sid_World)) continue; /* JRATEST - assert. */ @@ -1518,7 +1518,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_ ace->type = tagtype; ace->perms = convert_permset_to_mode_t(permset); ace->attr = ALLOW_ACE; - ace->sid = sid; + ace->trustee = sid; ace->unix_ug = unix_ug; ace->owner_type = owner_type; @@ -1937,14 +1937,14 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) for (i = 0; i < num_acls; i++, ace = ace->next) { SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace ); - init_sec_ace(&nt_ace_list[num_aces++], &ace->sid, nt_acl_type, acc, 0); + init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, 0); } ace = dir_ace; for (i = 0; i < num_dir_acls; i++, ace = ace->next) { SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace ); - init_sec_ace(&nt_ace_list[num_aces++], &ace->sid, nt_acl_type, acc, + init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY); } diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 670e1f6efe..8a3f3978e5 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -163,7 +163,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) int do_print = 0; uint32 got_mask; - SidToString(sidstr, &ace->sid); + SidToString(sidstr, &ace->trustee); fprintf(f, "%s:", sidstr); @@ -525,12 +525,24 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode, static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2) { - if (sec_ace_equal(ace1, ace2)) return 0; - if (ace1->type != ace2->type) return ace2->type - ace1->type; - if (sid_compare(&ace1->sid, &ace2->sid)) return sid_compare(&ace1->sid, &ace2->sid); - if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; - if (ace1->info.mask != ace2->info.mask) return ace1->info.mask - ace2->info.mask; - if (ace1->size != ace2->size) return ace1->size - ace2->size; + if (sec_ace_equal(ace1, ace2)) + return 0; + + if (ace1->type != ace2->type) + return ace2->type - ace1->type; + + if (sid_compare(&ace1->trustee, &ace2->trustee)) + return sid_compare(&ace1->trustee, &ace2->trustee); + + if (ace1->flags != ace2->flags) + return ace1->flags - ace2->flags; + + if (ace1->info.mask != ace2->info.mask) + return ace1->info.mask - ace2->info.mask; + + if (ace1->size != ace2->size) + return ace1->size - ace2->size; + return memcmp(ace1, ace2, sizeof(SEC_ACE)); } @@ -627,8 +639,8 @@ static int cacl_set(struct cli_state *cli, char *filename, BOOL found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->ace[i].sid, - &old->dacl->ace[j].sid)) { + if (sid_equal(&sd->dacl->ace[i].trustee, + &old->dacl->ace[j].trustee)) { old->dacl->ace[j] = sd->dacl->ace[i]; found = True; } @@ -637,7 +649,7 @@ static int cacl_set(struct cli_state *cli, char *filename, if (!found) { fstring str; - SidToString(str, &sd->dacl->ace[i].sid); + SidToString(str, &sd->dacl->ace[i].trustee); printf("ACL for SID %s not found\n", str); } } |