From 0551426657167c676f1b88443602f9268d21784e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 19 Sep 2003 21:57:43 +0000 Subject: Ensure that dup_sec_desc copies the 'type' field correctly. This caused me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d) --- source3/lib/util_seaccess.c | 4 ++-- source3/printing/nt_printing.c | 6 +++--- source3/python/py_ntsec.c | 2 +- source3/rpc_parse/parse_sec.c | 20 +++++++++++--------- source3/rpc_server/srv_lsa_nt.c | 2 +- source3/rpc_server/srv_samr_nt.c | 8 ++++---- source3/rpc_server/srv_srvsvc_nt.c | 2 +- source3/utils/smbcacls.c | 6 +++--- 8 files changed, 26 insertions(+), 24 deletions(-) diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index eba8cab7fb..2482d582d2 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -435,7 +435,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, correct. Perhaps the user and group should be passed in as parameters by the caller? */ - sd = make_sec_desc(ctx, SEC_DESC_REVISION, + sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, parent_ctr->owner_sid, parent_ctr->grp_sid, parent_ctr->sacl, @@ -479,7 +479,7 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; - if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 868f68c079..9c95cf9085 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -4572,7 +4572,7 @@ WERROR nt_printing_setsec(const char *printername, SEC_DESC_BUF *secdesc_ctr) /* Make a deep copy of the security descriptor */ - psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision, + psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision, secdesc_ctr->sec->type, owner_sid, group_sid, sacl, dacl, @@ -4665,7 +4665,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) NT5 machine. */ if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) != NULL) { - psd = make_sec_desc(ctx, SEC_DESC_REVISION, + psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &owner_sid, NULL, NULL, psa, &sd_size); } @@ -4741,7 +4741,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *printername, SEC_DESC_BUF * sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); - psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision, + psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision, (*secdesc_ctr)->sec->type, &owner_sid, (*secdesc_ctr)->sec->grp_sid, (*secdesc_ctr)->sec->sacl, diff --git a/source3/python/py_ntsec.c b/source3/python/py_ntsec.c index 3d408e0bda..5ce5e8fc1b 100644 --- a/source3/python/py_ntsec.c +++ b/source3/python/py_ntsec.c @@ -276,7 +276,7 @@ BOOL py_to_SECDESC(SEC_DESC **sd, PyObject *dict, TALLOC_CTX *mem_ctx) { size_t sd_size; - *sd = make_sec_desc(mem_ctx, revision, + *sd = make_sec_desc(mem_ctx, revision, SEC_DESC_SELF_RELATIVE, got_owner_sid ? &owner_sid : NULL, got_group_sid ? &group_sid : NULL, got_sacl ? &sacl : NULL, diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 3848bd7051..0ed930c08d 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -561,7 +561,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU /* Create new security descriptor from bits */ - psd = make_sec_desc(ctx, new_sdb->sec->revision, + psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type, owner_sid, group_sid, sacl, dacl, &secdesc_size); return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd); @@ -573,7 +573,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU Creates a SEC_DESC structure ********************************************************************/ -SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, +SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { @@ -586,10 +586,12 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, return NULL; dst->revision = revision; - dst->type = SEC_DESC_SELF_RELATIVE; + dst->type = type; - if (sacl) dst->type |= SEC_DESC_SACL_PRESENT; - if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; + if (sacl) + dst->type |= SEC_DESC_SACL_PRESENT; + if (dacl) + dst->type |= SEC_DESC_DACL_PRESENT; dst->off_owner_sid = 0; dst->off_grp_sid = 0; @@ -654,7 +656,7 @@ SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) if(src == NULL) return NULL; - return make_sec_desc( ctx, src->revision, + return make_sec_desc( ctx, src->revision, src->type, src->owner_sid, src->grp_sid, src->sacl, src->dacl, &dummy); } @@ -666,7 +668,7 @@ SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *dacl, size_t *sd_size) { - return make_sec_desc(ctx, SEC_DESC_REVISION, + return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, NULL, dacl, sd_size); } @@ -924,7 +926,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) return NT_STATUS_UNSUCCESSFUL; - if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid, + if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; @@ -976,7 +978,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) return NT_STATUS_UNSUCCESSFUL; - if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid, + if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 330dd727ef..686a3069bb 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -334,7 +334,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; - if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, &adm_sid, NULL, NULL, psa, sd_size)) == NULL) + if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &adm_sid, NULL, NULL, psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 261d641ab1..828e07c1ad 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -467,7 +467,7 @@ static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; - if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; @@ -510,7 +510,7 @@ static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL) return NT_STATUS_NO_MEMORY; - if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; @@ -549,7 +549,7 @@ static NTSTATUS samr_make_grp_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; - if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; @@ -588,7 +588,7 @@ static NTSTATUS samr_make_ali_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; - if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL) return NT_STATUS_NO_MEMORY; return NT_STATUS_OK; diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index ea66a7d38b..4d1cf9bddc 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -184,7 +184,7 @@ static SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, int snum, size_t * init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { - psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, psize); + psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, psize); } if (!psd) { diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 58ee57b5dd..5a70d16884 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -389,7 +389,7 @@ static SEC_DESC *sec_desc_parse(char *str) return NULL; } - ret = make_sec_desc(ctx,revision, owner_sid, grp_sid, + ret = make_sec_desc(ctx,revision, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, NULL, dacl, &sd_size); SAFE_FREE(grp_sid); @@ -504,7 +504,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode, return EXIT_FAILED; } - sd = make_sec_desc(ctx,old->revision, + sd = make_sec_desc(ctx,old->revision, old->type, (change_mode == REQUEST_CHOWN) ? &sid : NULL, (change_mode == REQUEST_CHGRP) ? &sid : NULL, NULL, NULL, &sd_size); @@ -679,7 +679,7 @@ static int cacl_set(struct cli_state *cli, char *filename, sort_acl(old->dacl); /* Create new security descriptor and set it */ - sd = make_sec_desc(ctx,old->revision, NULL, NULL, + sd = make_sec_desc(ctx,old->revision, old->type, NULL, NULL, NULL, old->dacl, &sd_size); fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS); -- cgit