From 2e4d4a9e28ddd84e245e45c2c58f9cc6e8e2967f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 9 Dec 2005 06:22:09 +0000 Subject: r12139: - fixed up the ace object flags checking - allow for arbitrary access masks in sddl_encode_ace() (This used to be commit 5e2b1bd6afafe2eb96e98c4636e0a62235693183) --- source4/libcli/security/sddl.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c index a1b8346969..643cb7a82c 100644 --- a/source4/libcli/security/sddl.c +++ b/source4/libcli/security/sddl.c @@ -221,6 +221,7 @@ static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char if (!NT_STATUS_IS_OK(status)) { return False; } + ace->object.object.flags |= SEC_ACE_OBJECT_TYPE_PRESENT; } /* inherit object */ @@ -230,6 +231,7 @@ static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char if (!NT_STATUS_IS_OK(status)) { return False; } + ace->object.object.flags |= SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT; } /* trustee */ @@ -460,18 +462,21 @@ static char *sddl_encode_ace(TALLOC_CTX *mem_ctx, const struct security_ace *ace if (s_flags == NULL) goto failed; s_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask, ace->access_mask, True); - if (s_mask == NULL) goto failed; + if (s_mask == NULL) { + s_mask = talloc_asprintf(tmp_ctx, "0x%08x", ace->access_mask); + if (s_mask == NULL) goto failed; + } if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) { - if (!GUID_all_zero(&ace->object.object.type.type)) { + if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) { s_object = GUID_string(tmp_ctx, &ace->object.object.type.type); if (s_object == NULL) goto failed; } - if (!GUID_all_zero(&ace->object.object.inherited_type.inherited_type)) { + if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) { s_iobject = GUID_string(tmp_ctx, &ace->object.object.inherited_type.inherited_type); if (s_iobject == NULL) goto failed; } -- cgit