summaryrefslogtreecommitdiff
path: root/source3/lib/secdesc.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/lib/secdesc.c')
-rw-r--r--source3/lib/secdesc.c81
1 files changed, 37 insertions, 44 deletions
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index f8873277cf..2f592769b3 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -49,8 +49,8 @@ size_t sec_desc_size(SEC_DESC *psd)
if (psd->owner_sid != NULL)
offset += sid_size(psd->owner_sid);
- if (psd->grp_sid != NULL)
- offset += sid_size(psd->grp_sid);
+ if (psd->group_sid != NULL)
+ offset += sid_size(psd->group_sid);
if (psd->sacl != NULL)
offset += psd->sacl->size;
@@ -104,11 +104,11 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2)
return False;
}
- if (!sid_equal(s1->grp_sid, s2->grp_sid)) {
+ if (!sid_equal(s1->group_sid, s2->group_sid)) {
fstring str1, str2;
- sid_to_string(str1, s1->grp_sid);
- sid_to_string(str2, s2->grp_sid);
+ sid_to_string(str1, s1->group_sid);
+ sid_to_string(str2, s2->group_sid);
DEBUG(10, ("sec_desc_equal(): group differs (%s != %s)\n",
str1, str2));
@@ -154,13 +154,13 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU
/* Copy over owner and group sids. There seems to be no flag for
this so just check the pointer values. */
- owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid :
- old_sdb->sec->owner_sid;
+ owner_sid = new_sdb->sd->owner_sid ? new_sdb->sd->owner_sid :
+ old_sdb->sd->owner_sid;
- group_sid = new_sdb->sec->grp_sid ? new_sdb->sec->grp_sid :
- old_sdb->sec->grp_sid;
+ group_sid = new_sdb->sd->group_sid ? new_sdb->sd->group_sid :
+ old_sdb->sd->group_sid;
- secdesc_type = new_sdb->sec->type;
+ secdesc_type = new_sdb->sd->type;
/* Ignore changes to the system ACL. This has the effect of making
changes through the security tab audit button not sticking.
@@ -172,14 +172,14 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU
/* Copy across discretionary ACL */
if (secdesc_type & SEC_DESC_DACL_PRESENT) {
- dacl = new_sdb->sec->dacl;
+ dacl = new_sdb->sd->dacl;
} else {
- dacl = old_sdb->sec->dacl;
+ dacl = old_sdb->sd->dacl;
}
/* Create new security descriptor from bits */
- psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type,
+ psd = make_sec_desc(ctx, new_sdb->sd->revision, secdesc_type,
owner_sid, group_sid, sacl, dacl, &secdesc_size);
return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd);
@@ -211,15 +211,15 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type,
if (dacl)
dst->type |= SEC_DESC_DACL_PRESENT;
- dst->off_owner_sid = 0;
- dst->off_grp_sid = 0;
- dst->off_sacl = 0;
- dst->off_dacl = 0;
+ dst->owner_sid = NULL;
+ dst->group_sid = NULL;
+ dst->sacl = NULL;
+ dst->dacl = NULL;
if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
goto error_exit;
- if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
+ if(grp_sid && ((dst->group_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
goto error_exit;
if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
@@ -235,22 +235,18 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type,
*/
if (dst->sacl != NULL) {
- dst->off_sacl = offset;
offset += dst->sacl->size;
}
if (dst->dacl != NULL) {
- dst->off_dacl = offset;
offset += dst->dacl->size;
}
if (dst->owner_sid != NULL) {
- dst->off_owner_sid = offset;
offset += sid_size(dst->owner_sid);
}
- if (dst->grp_sid != NULL) {
- dst->off_grp_sid = offset;
- offset += sid_size(dst->grp_sid);
+ if (dst->group_sid != NULL) {
+ offset += sid_size(dst->group_sid);
}
*sd_size = (size_t)offset;
@@ -274,7 +270,7 @@ SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC *src)
return NULL;
return make_sec_desc( ctx, src->revision, src->type,
- src->owner_sid, src->grp_sid, src->sacl,
+ src->owner_sid, src->group_sid, src->sacl,
src->dacl, &dummy);
}
@@ -301,15 +297,12 @@ SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc)
return NULL;
/* max buffer size (allocated size) */
- dst->max_len = (uint32)len;
- dst->len = (uint32)len;
+ dst->sd_size = (uint32)len;
- if(sec_desc && ((dst->sec = dup_sec_desc(ctx, sec_desc)) == NULL)) {
+ if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) {
return NULL;
}
- dst->ptr = 0x1;
-
return dst;
}
@@ -322,7 +315,7 @@ SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src)
if(src == NULL)
return NULL;
- return make_sec_desc_buf( ctx, src->len, src->sec);
+ return make_sec_desc_buf( ctx, src->sd_size, src->sd);
}
/*******************************************************************
@@ -341,7 +334,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32
*sd_size = 0;
- status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask);
+ status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask);
if (!NT_STATUS_IS_OK(status))
return status;
@@ -350,7 +343,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32
return NT_STATUS_UNSUCCESSFUL;
if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
- psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
+ psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
return NT_STATUS_UNSUCCESSFUL;
*psd = sd;
@@ -369,7 +362,7 @@ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask)
if (!sd || !sid)
return NT_STATUS_INVALID_PARAMETER;
- status = sec_ace_mod_sid(sd->dacl->ace, sd->dacl->num_aces, sid, mask);
+ status = sec_ace_mod_sid(sd->dacl->aces, sd->dacl->num_aces, sid, mask);
if (!NT_STATUS_IS_OK(status))
return status;
@@ -393,7 +386,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t
*sd_size = 0;
- status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid);
+ status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid);
if (!NT_STATUS_IS_OK(status))
return status;
@@ -402,7 +395,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t
return NT_STATUS_UNSUCCESSFUL;
if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
- psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
+ psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
return NT_STATUS_UNSUCCESSFUL;
*psd = sd;
@@ -434,7 +427,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
return NULL;
for (i = 0; i < the_acl->num_aces; i++) {
- SEC_ACE *ace = &the_acl->ace[i];
+ SEC_ACE *ace = &the_acl->aces[i];
SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx];
uint8 new_flags = 0;
BOOL inherit = False;
@@ -490,17 +483,17 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
if (!inherit)
continue;
- init_sec_access(&new_ace->info, ace->info.mask);
+ init_sec_access(&new_ace->access_mask, ace->access_mask);
init_sec_ace(new_ace, &ace->trustee, ace->type,
- new_ace->info, new_flags);
+ new_ace->access_mask, new_flags);
sid_to_string(sid_str, &ace->trustee);
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n", sid_str,
- ace->type, ace->flags, ace->info.mask,
+ ace->type, ace->flags, ace->access_mask,
sid_str, new_ace->type, new_ace->flags,
- new_ace->info.mask));
+ new_ace->access_mask));
new_ace_list_ndx++;
}
@@ -515,7 +508,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
parent_ctr->owner_sid,
- parent_ctr->grp_sid,
+ parent_ctr->group_sid,
parent_ctr->sacl,
new_dacl, &size);
@@ -528,9 +521,9 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
Sets up a SEC_ACCESS structure.
********************************************************************/
-void init_sec_access(SEC_ACCESS *t, uint32 mask)
+void init_sec_access(uint32 *t, uint32 mask)
{
- t->mask = mask;
+ *t = mask;
}