From 4db7642caa99c1b054322a8971c4b673556487ce Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 20 Sep 2006 22:23:12 +0000 Subject: r18745: Use the Samba4 data structures for security descriptors and security descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366) --- source3/include/rpc_secdes.h | 61 ++----------------------- source3/include/vfs.h | 10 ++-- source3/lib/display_sec.c | 10 ++-- source3/lib/secace.c | 16 +++---- source3/lib/secacl.c | 8 ++-- source3/lib/secdesc.c | 81 +++++++++++++++------------------ source3/lib/util_seaccess.c | 10 ++-- source3/libads/disp_sec.c | 14 +++--- source3/libmsrpc/cac_winreg.c | 4 +- source3/libsmb/clisecdesc.c | 6 +-- source3/libsmb/libsmbclient.c | 60 ++++++++++++------------ source3/modules/vfs_afsacl.c | 12 ++--- source3/modules/vfs_cap.c | 2 +- source3/modules/vfs_catia.c | 4 +- source3/printing/nt_printing.c | 70 ++++++++++++++-------------- source3/registry/reg_printing.c | 4 +- source3/rpc_client/cli_reg.c | 2 +- source3/rpc_parse/parse_reg.c | 8 ++-- source3/rpc_parse/parse_sec.c | 91 +++++++++++++++++++------------------ source3/rpc_parse/parse_spoolss.c | 12 ++--- source3/rpc_server/srv_spoolss_nt.c | 26 +++++------ source3/rpc_server/srv_srvsvc_nt.c | 10 ++-- source3/rpcclient/cmd_lsarpc.c | 2 +- source3/rpcclient/cmd_samr.c | 2 +- source3/smbd/nttrans.c | 8 ++-- source3/smbd/posix_acls.c | 54 +++++++++++----------- source3/tdb/include/tdbutil.h | 6 +-- source3/utils/net_usershare.c | 8 ++-- source3/utils/profiles.c | 8 ++-- source3/utils/sharesec.c | 16 +++---- source3/utils/smbcacls.c | 52 ++++++++++----------- 31 files changed, 309 insertions(+), 368 deletions(-) diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 83c3b66914..9b0694b08d 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -72,30 +72,10 @@ PROTECTED_DACL_SECURITY_INFORMATION) /* SEC_ACCESS */ -typedef struct security_info_info -{ - uint32 mask; - -} SEC_ACCESS; +typedef uint32 SEC_ACCESS; /* SEC_ACE */ -typedef struct security_ace_info -{ - uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */ - uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */ - uint16 size; - - SEC_ACCESS info; - - /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */ - uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */ - struct GUID obj_guid; /* object GUID */ - struct GUID inh_guid; /* inherited object GUID */ - /* eof object stuff */ - - DOM_SID trustee; - -} SEC_ACE; +typedef struct security_ace SEC_ACE; #define SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32)) #ifndef ACL_REVISION @@ -104,15 +84,7 @@ typedef struct security_ace_info #ifndef _SEC_ACL /* SEC_ACL */ -typedef struct security_acl_info -{ - uint16 revision; /* 0x0003 */ - uint16 size; /* size in bytes of the entire ACL structure */ - uint32 num_aces; /* number of Access Control Entries */ - - SEC_ACE *ace; - -} SEC_ACL; +typedef struct security_acl SEC_ACL; #define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16) + sizeof(uint32)) #define _SEC_ACL #endif @@ -123,37 +95,14 @@ typedef struct security_acl_info #ifndef _SEC_DESC /* SEC_DESC */ -typedef struct security_descriptor_info -{ - uint16 revision; /* 0x0001 */ - uint16 type; /* SEC_DESC_xxxx flags */ - - uint32 off_owner_sid; /* offset to owner sid */ - uint32 off_grp_sid ; /* offset to group sid */ - uint32 off_sacl ; /* offset to system list of permissions */ - uint32 off_dacl ; /* offset to list of permissions */ - - SEC_ACL *dacl; /* user ACL */ - SEC_ACL *sacl; /* system ACL */ - DOM_SID *owner_sid; - DOM_SID *grp_sid; - -} SEC_DESC; +typedef struct security_descriptor SEC_DESC; #define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32)) #define _SEC_DESC #endif #ifndef _SEC_DESC_BUF /* SEC_DESC_BUF */ -typedef struct sec_desc_buf_info -{ - uint32 max_len; - uint32 ptr; - uint32 len; - - SEC_DESC *sec; - -} SEC_DESC_BUF; +typedef struct sec_desc_buf SEC_DESC_BUF; #define _SEC_DESC_BUF #endif diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 6ef9e829bc..185ca01f6c 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -85,7 +85,7 @@ struct vfs_handle_struct; struct connection_struct; struct files_struct; -struct security_descriptor_info; +struct security_descriptor; struct vfs_statvfs_struct; /* @@ -275,10 +275,10 @@ struct vfs_ops { /* NT ACL operations. */ - size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor_info **ppdesc); - size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor_info **ppdesc); - BOOL (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor_info *psd); - BOOL (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd); + size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc); + size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc); + BOOL (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor *psd); + BOOL (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd); /* POSIX ACL operations. */ diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c index 49a86c261c..2b3542922c 100644 --- a/source3/lib/display_sec.c +++ b/source3/lib/display_sec.c @@ -63,7 +63,7 @@ char *get_sec_mask_str(uint32 type) ****************************************************************************/ void display_sec_access(SEC_ACCESS *info) { - printf("\t\tPermissions: 0x%x: %s\n", info->mask, get_sec_mask_str(info->mask)); + printf("\t\tPermissions: 0x%x: %s\n", *info, get_sec_mask_str(*info)); } /**************************************************************************** @@ -92,7 +92,7 @@ void display_sec_ace(SEC_ACE *ace) break; } printf(" (%d) flags: %d\n", ace->type, ace->flags); - display_sec_access(&ace->info); + display_sec_access(&ace->access_mask); sid_to_string(sid_str, &ace->trustee); printf("\t\tSID: %s\n\n", sid_str); } @@ -110,7 +110,7 @@ void display_sec_acl(SEC_ACL *sec_acl) if (sec_acl->size != 0 && sec_acl->num_aces != 0) for (i = 0; i < sec_acl->num_aces; i++) - display_sec_ace(&sec_acl->ace[i]); + display_sec_ace(&sec_acl->aces[i]); } @@ -179,8 +179,8 @@ void display_sec_desc(SEC_DESC *sec) printf("\tOwner SID:\t%s\n", sid_str); } - if (sec->grp_sid) { - sid_to_string(sid_str, sec->grp_sid); + if (sec->group_sid) { + sid_to_string(sid_str, sec->group_sid); printf("\tParent SID:\t%s\n", sid_str); } } diff --git a/source3/lib/secace.c b/source3/lib/secace.c index eb2fdd5c2b..d60722c57e 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -46,10 +46,8 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ace_dest->type = ace_src->type; ace_dest->flags = ace_src->flags; ace_dest->size = ace_src->size; - ace_dest->info.mask = ace_src->info.mask; - ace_dest->obj_flags = ace_src->obj_flags; - memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct GUID)); - memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct GUID)); + ace_dest->access_mask = ace_src->access_mask; + ace_dest->object = ace_src->object; sid_copy(&ace_dest->trustee, &ace_src->trustee); } @@ -57,12 +55,12 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) Sets up a SEC_ACE structure. ********************************************************************/ -void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) +void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, uint32 mask, uint8 flag) { t->type = type; t->flags = flag; t->size = sid_size(sid) + 8; - t->info = mask; + t->access_mask = mask; ZERO_STRUCTP(&t->trustee); sid_copy(&t->trustee, sid); @@ -89,7 +87,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsign (*pp_new)[i].type = 0; (*pp_new)[i].flags = 0; (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); - (*pp_new)[i].info.mask = mask; + (*pp_new)[i].access_mask = mask; sid_copy(&(*pp_new)[i].trustee, sid); return NT_STATUS_OK; } @@ -106,7 +104,7 @@ NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) for (i = 0; i < num; i ++) { if (sid_compare(&ace[i].trustee, sid) == 0) { - ace[i].info.mask = mask; + ace[i].access_mask = mask; return NT_STATUS_OK; } } @@ -160,7 +158,7 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) /* Check top level stuff */ if (s1->type != s2->type || s1->flags != s2->flags || - s1->info.mask != s2->info.mask) { + s1->access_mask != s2->access_mask) { return False; } diff --git a/source3/lib/secacl.c b/source3/lib/secacl.c index e213e0d9a0..4e2178c195 100644 --- a/source3/lib/secacl.c +++ b/source3/lib/secacl.c @@ -46,13 +46,13 @@ SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *a positive number. */ if ((num_aces) && - ((dst->ace = TALLOC_ARRAY(ctx, SEC_ACE, num_aces)) + ((dst->aces = TALLOC_ARRAY(ctx, SEC_ACE, num_aces)) == NULL)) { return NULL; } for (i = 0; i < num_aces; i++) { - dst->ace[i] = ace_list[i]; /* Structure copy. */ + dst->aces[i] = ace_list[i]; /* Structure copy. */ dst->size += ace_list[i].size; } @@ -68,7 +68,7 @@ SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) if(src == NULL) return NULL; - return make_sec_acl(ctx, src->revision, src->num_aces, src->ace); + return make_sec_acl(ctx, src->revision, src->num_aces, src->aces); } /******************************************************************* @@ -105,7 +105,7 @@ BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) BOOL found = False; for (j = 0; j < s2->num_aces; j++) { - if (sec_ace_equal(&s1->ace[i], &s2->ace[j])) { + if (sec_ace_equal(&s1->aces[i], &s2->aces[j])) { found = True; break; } diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index f8873277cf..2f592769b3 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -49,8 +49,8 @@ size_t sec_desc_size(SEC_DESC *psd) if (psd->owner_sid != NULL) offset += sid_size(psd->owner_sid); - if (psd->grp_sid != NULL) - offset += sid_size(psd->grp_sid); + if (psd->group_sid != NULL) + offset += sid_size(psd->group_sid); if (psd->sacl != NULL) offset += psd->sacl->size; @@ -104,11 +104,11 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) return False; } - if (!sid_equal(s1->grp_sid, s2->grp_sid)) { + if (!sid_equal(s1->group_sid, s2->group_sid)) { fstring str1, str2; - sid_to_string(str1, s1->grp_sid); - sid_to_string(str2, s2->grp_sid); + sid_to_string(str1, s1->group_sid); + sid_to_string(str2, s2->group_sid); DEBUG(10, ("sec_desc_equal(): group differs (%s != %s)\n", str1, str2)); @@ -154,13 +154,13 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU /* Copy over owner and group sids. There seems to be no flag for this so just check the pointer values. */ - owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid : - old_sdb->sec->owner_sid; + owner_sid = new_sdb->sd->owner_sid ? new_sdb->sd->owner_sid : + old_sdb->sd->owner_sid; - group_sid = new_sdb->sec->grp_sid ? new_sdb->sec->grp_sid : - old_sdb->sec->grp_sid; + group_sid = new_sdb->sd->group_sid ? new_sdb->sd->group_sid : + old_sdb->sd->group_sid; - secdesc_type = new_sdb->sec->type; + secdesc_type = new_sdb->sd->type; /* Ignore changes to the system ACL. This has the effect of making changes through the security tab audit button not sticking. @@ -172,14 +172,14 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU /* Copy across discretionary ACL */ if (secdesc_type & SEC_DESC_DACL_PRESENT) { - dacl = new_sdb->sec->dacl; + dacl = new_sdb->sd->dacl; } else { - dacl = old_sdb->sec->dacl; + dacl = old_sdb->sd->dacl; } /* Create new security descriptor from bits */ - psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type, + psd = make_sec_desc(ctx, new_sdb->sd->revision, secdesc_type, owner_sid, group_sid, sacl, dacl, &secdesc_size); return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd); @@ -211,15 +211,15 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; - dst->off_owner_sid = 0; - dst->off_grp_sid = 0; - dst->off_sacl = 0; - dst->off_dacl = 0; + dst->owner_sid = NULL; + dst->group_sid = NULL; + dst->sacl = NULL; + dst->dacl = NULL; if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) goto error_exit; - if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL)) + if(grp_sid && ((dst->group_sid = sid_dup_talloc(ctx,grp_sid)) == NULL)) goto error_exit; if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) @@ -235,22 +235,18 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, */ if (dst->sacl != NULL) { - dst->off_sacl = offset; offset += dst->sacl->size; } if (dst->dacl != NULL) { - dst->off_dacl = offset; offset += dst->dacl->size; } if (dst->owner_sid != NULL) { - dst->off_owner_sid = offset; offset += sid_size(dst->owner_sid); } - if (dst->grp_sid != NULL) { - dst->off_grp_sid = offset; - offset += sid_size(dst->grp_sid); + if (dst->group_sid != NULL) { + offset += sid_size(dst->group_sid); } *sd_size = (size_t)offset; @@ -274,7 +270,7 @@ SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC *src) return NULL; return make_sec_desc( ctx, src->revision, src->type, - src->owner_sid, src->grp_sid, src->sacl, + src->owner_sid, src->group_sid, src->sacl, src->dacl, &dummy); } @@ -301,15 +297,12 @@ SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc) return NULL; /* max buffer size (allocated size) */ - dst->max_len = (uint32)len; - dst->len = (uint32)len; + dst->sd_size = (uint32)len; - if(sec_desc && ((dst->sec = dup_sec_desc(ctx, sec_desc)) == NULL)) { + if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) { return NULL; } - dst->ptr = 0x1; - return dst; } @@ -322,7 +315,7 @@ SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src) if(src == NULL) return NULL; - return make_sec_desc_buf( ctx, src->len, src->sec); + return make_sec_desc_buf( ctx, src->sd_size, src->sd); } /******************************************************************* @@ -341,7 +334,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 *sd_size = 0; - status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask); + status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask); if (!NT_STATUS_IS_OK(status)) return status; @@ -350,7 +343,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 return NT_STATUS_UNSUCCESSFUL; if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, - psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) + psd[0]->group_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; *psd = sd; @@ -369,7 +362,7 @@ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask) if (!sd || !sid) return NT_STATUS_INVALID_PARAMETER; - status = sec_ace_mod_sid(sd->dacl->ace, sd->dacl->num_aces, sid, mask); + status = sec_ace_mod_sid(sd->dacl->aces, sd->dacl->num_aces, sid, mask); if (!NT_STATUS_IS_OK(status)) return status; @@ -393,7 +386,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size = 0; - status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid); + status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid); if (!NT_STATUS_IS_OK(status)) return status; @@ -402,7 +395,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t return NT_STATUS_UNSUCCESSFUL; if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, - psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) + psd[0]->group_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; *psd = sd; @@ -434,7 +427,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, return NULL; for (i = 0; i < the_acl->num_aces; i++) { - SEC_ACE *ace = &the_acl->ace[i]; + SEC_ACE *ace = &the_acl->aces[i]; SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx]; uint8 new_flags = 0; BOOL inherit = False; @@ -490,17 +483,17 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, if (!inherit) continue; - init_sec_access(&new_ace->info, ace->info.mask); + init_sec_access(&new_ace->access_mask, ace->access_mask); init_sec_ace(new_ace, &ace->trustee, ace->type, - new_ace->info, new_flags); + new_ace->access_mask, new_flags); sid_to_string(sid_str, &ace->trustee); DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", sid_str, - ace->type, ace->flags, ace->info.mask, + ace->type, ace->flags, ace->access_mask, sid_str, new_ace->type, new_ace->flags, - new_ace->info.mask)); + new_ace->access_mask)); new_ace_list_ndx++; } @@ -515,7 +508,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, parent_ctr->owner_sid, - parent_ctr->grp_sid, + parent_ctr->group_sid, parent_ctr->sacl, new_dacl, &size); @@ -528,9 +521,9 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, Sets up a SEC_ACCESS structure. ********************************************************************/ -void init_sec_access(SEC_ACCESS *t, uint32 mask) +void init_sec_access(uint32 *t, uint32 mask) { - t->mask = mask; + *t = mask; } diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 73fc45c844..7d14ed896f 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -31,7 +31,7 @@ extern NT_USER_TOKEN anonymous_token; static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, NTSTATUS *status) { - uint32 mask = ace->info.mask; + uint32 mask = ace->access_mask; /* * Inherit only is ignored. @@ -97,8 +97,8 @@ static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 size_t i; for ( i = 0 ; i < the_acl->num_aces; i++) { - SEC_ACE *ace = &the_acl->ace[i]; - uint32 mask = ace->info.mask; + SEC_ACE *ace = &the_acl->aces[i]; + uint32 mask = ace->access_mask; if (!token_sid_in_ace( token, ace)) continue; @@ -281,12 +281,12 @@ BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, } for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) { - SEC_ACE *ace = &the_acl->ace[i]; + SEC_ACE *ace = &the_acl->aces[i]; DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", (unsigned int)i, ace->type, ace->flags, sid_to_string(sid_str, &ace->trustee), - (unsigned int) ace->info.mask, + (unsigned int) ace->access_mask, (unsigned int)tmp_acc_desired )); tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index c9de447e69..a768ba08f3 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -90,14 +90,14 @@ static void ads_disp_ace(SEC_ACE *sec_ace) sec_ace->type, sec_ace->flags, sec_ace->size, - sec_ace->info.mask); + sec_ace->access_mask); } else { printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", sec_ace->type, sec_ace->flags, sec_ace->size, - sec_ace->info.mask, - sec_ace->obj_flags); + sec_ace->access_mask, + sec_ace->object.object.flags); } if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) { @@ -117,7 +117,7 @@ static void ads_disp_ace(SEC_ACE *sec_ace) printf("access SID: %s\naccess type: %s\n", sid_string_static(&sec_ace->trustee), access_type); - ads_disp_perms(sec_ace->info.mask); + ads_disp_perms(sec_ace->access_mask); } /* display ACL */ @@ -143,15 +143,15 @@ void ads_disp_sd(SEC_DESC *sd) sd->revision, sd->type); printf("owner SID: %s\n", sid_string_static(sd->owner_sid)); - printf("group SID: %s\n", sid_string_static(sd->grp_sid)); + printf("group SID: %s\n", sid_string_static(sd->group_sid)); ads_disp_acl(sd->sacl, "system"); for (i = 0; i < sd->sacl->num_aces; i ++) - ads_disp_ace(&sd->sacl->ace[i]); + ads_disp_ace(&sd->sacl->aces[i]); ads_disp_acl(sd->dacl, "user"); for (i = 0; i < sd->dacl->num_aces; i ++) - ads_disp_ace(&sd->dacl->ace[i]); + ads_disp_ace(&sd->dacl->aces[i]); printf("-------------- End Of Security Descriptor\n"); } diff --git a/source3/libmsrpc/cac_winreg.c b/source3/libmsrpc/cac_winreg.c index df3bbe154a..ea17efb811 100644 --- a/source3/libmsrpc/cac_winreg.c +++ b/source3/libmsrpc/cac_winreg.c @@ -860,8 +860,8 @@ int cac_RegGetKeySecurity(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegG return CAC_FAILURE; } - op->out.size = buf.len; - op->out.descriptor = dup_sec_desc(mem_ctx, buf.sec); + op->out.size = buf.sd_size; + op->out.descriptor = dup_sec_desc(mem_ctx, buf.sd); if (op->out.descriptor == NULL) { return CAC_FAILURE; diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c index 2475743479..e55be48e94 100644 --- a/source3/libsmb/clisecdesc.c +++ b/source3/libsmb/clisecdesc.c @@ -107,11 +107,11 @@ BOOL cli_set_secdesc(struct cli_state *cli, int fnum, SEC_DESC *sd) SIVAL(param, 0, fnum); - if (sd->off_dacl) + if (sd->dacl) sec_info |= DACL_SECURITY_INFORMATION; - if (sd->off_owner_sid) + if (sd->owner_sid) sec_info |= OWNER_SECURITY_INFORMATION; - if (sd->off_grp_sid) + if (sd->group_sid) sec_info |= GROUP_SECURITY_INFORMATION; SSVAL(param, 4, sec_info); diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c index 7b4e216961..15a1ad3055 100644 --- a/source3/libsmb/libsmbclient.c +++ b/source3/libsmb/libsmbclient.c @@ -3742,8 +3742,8 @@ ace_compare(SEC_ACE *ace1, if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; - if (ace1->info.mask != ace2->info.mask) - return ace1->info.mask - ace2->info.mask; + if (ace1->access_mask != ace2->access_mask) + return ace1->access_mask - ace2->access_mask; if (ace1->size != ace2->size) return ace1->size - ace2->size; @@ -3758,14 +3758,14 @@ sort_acl(SEC_ACL *the_acl) uint32 i; if (!the_acl) return; - qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]), + qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]), QSORT_CAST ace_compare); for (i=1;inum_aces;) { - if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) { + if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) { int j; for (j=i; jnum_aces-1; j++) { - the_acl->ace[j] = the_acl->ace[j+1]; + the_acl->aces[j] = the_acl->aces[j+1]; } the_acl->num_aces--; } else { @@ -3970,7 +3970,7 @@ parse_ace(struct cli_state *ipc_cli, } done: - mask.mask = amask; + mask = amask; init_sec_ace(ace, &sid, atype, mask, aflags); return True; } @@ -3992,7 +3992,7 @@ add_ace(SEC_ACL **the_acl, if ((aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces)) == NULL) { return False; } - memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE)); + memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE)); memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); newacl = make_sec_acl(ctx, (*the_acl)->revision, 1+(*the_acl)->num_aces, aces); @@ -4564,10 +4564,10 @@ cacl_get(SMBCCTX *context, } if (! exclude_nt_group) { - if (sd->grp_sid) { + if (sd->group_sid) { convert_sid_to_string(ipc_cli, pol, sidstr, numeric, - sd->grp_sid); + sd->group_sid); } else { fstrcpy(sidstr, ""); } @@ -4612,7 +4612,7 @@ cacl_get(SMBCCTX *context, /* Add aces to value buffer */ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { - SEC_ACE *ace = &sd->dacl->ace[i]; + SEC_ACE *ace = &sd->dacl->aces[i]; convert_sid_to_string(ipc_cli, pol, sidstr, numeric, &ace->trustee); @@ -4626,7 +4626,7 @@ cacl_get(SMBCCTX *context, sidstr, ace->type, ace->flags, - ace->info.mask); + ace->access_mask); if (!p) { errno = ENOMEM; return -1; @@ -4639,7 +4639,7 @@ cacl_get(SMBCCTX *context, sidstr, ace->type, ace->flags, - ace->info.mask); + ace->access_mask); } } else if ((StrnCaseCmp(name, "acl", 3) == 0 && StrCaseCmp(name+3, sidstr) == 0) || @@ -4651,7 +4651,7 @@ cacl_get(SMBCCTX *context, "%d/%d/0x%08x", ace->type, ace->flags, - ace->info.mask); + ace->access_mask); if (!p) { errno = ENOMEM; return -1; @@ -4662,7 +4662,7 @@ cacl_get(SMBCCTX *context, "%d/%d/0x%08x", ace->type, ace->flags, - ace->info.mask); + ace->access_mask); } } else if (all_nt_acls) { if (determine_size) { @@ -4673,7 +4673,7 @@ cacl_get(SMBCCTX *context, sidstr, ace->type, ace->flags, - ace->info.mask); + ace->access_mask); if (!p) { errno = ENOMEM; return -1; @@ -4686,7 +4686,7 @@ cacl_get(SMBCCTX *context, sidstr, ace->type, ace->flags, - ace->info.mask); + ace->access_mask); } } if (n > bufsize) { @@ -5117,9 +5117,9 @@ cacl_set(TALLOC_CTX *ctx, switch (mode) { case SMBC_XATTR_MODE_REMOVE_ALL: old->dacl->num_aces = 0; - SAFE_FREE(old->dacl->ace); + SAFE_FREE(old->dacl->aces); SAFE_FREE(old->dacl); - old->off_dacl = 0; + old->dacl = NULL; dacl = old->dacl; break; @@ -5128,18 +5128,18 @@ cacl_set(TALLOC_CTX *ctx, BOOL found = False; for (j=0;old->dacl && jdacl->num_aces;j++) { - if (sec_ace_equal(&sd->dacl->ace[i], - &old->dacl->ace[j])) { + if (sec_ace_equal(&sd->dacl->aces[i], + &old->dacl->aces[j])) { uint32 k; for (k=j; kdacl->num_aces-1;k++) { - old->dacl->ace[k] = - old->dacl->ace[k+1]; + old->dacl->aces[k] = + old->dacl->aces[k+1]; } old->dacl->num_aces--; if (old->dacl->num_aces == 0) { - SAFE_FREE(old->dacl->ace); + SAFE_FREE(old->dacl->aces); SAFE_FREE(old->dacl); - old->off_dacl = 0; + old->dacl = NULL; } found = True; dacl = old->dacl; @@ -5160,14 +5160,14 @@ cacl_set(TALLOC_CTX *ctx, BOOL found = False; for (j=0;old->dacl && jdacl->num_aces;j++) { - if (sid_equal(&sd->dacl->ace[i].trustee, - &old->dacl->ace[j].trustee)) { + if (sid_equal(&sd->dacl->aces[i].trustee, + &old->dacl->aces[j].trustee)) { if (!(flags & SMBC_XATTR_FLAG_CREATE)) { err = EEXIST; ret = -1; goto failed; } - old->dacl->ace[j] = sd->dacl->ace[i]; + old->dacl->aces[j] = sd->dacl->aces[i]; ret = -1; found = True; } @@ -5180,7 +5180,7 @@ cacl_set(TALLOC_CTX *ctx, } for (i=0;sd->dacl && idacl->num_aces;i++) { - add_ace(&old->dacl, &sd->dacl->ace[i], ctx); + add_ace(&old->dacl, &sd->dacl->aces[i], ctx); } } dacl = old->dacl; @@ -5189,7 +5189,7 @@ cacl_set(TALLOC_CTX *ctx, case SMBC_XATTR_MODE_SET: old = sd; owner_sid = old->owner_sid; - grp_sid = old->grp_sid; + grp_sid = old->group_sid; dacl = old->dacl; break; @@ -5198,7 +5198,7 @@ cacl_set(TALLOC_CTX *ctx, break; case SMBC_XATTR_MODE_CHGRP: - grp_sid = sd->grp_sid; + grp_sid = sd->group_sid; break; } diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 58d823c4f9..e485b3c526 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -589,7 +589,7 @@ static uint32 nt_to_afs_file_rights(const char *filename, const SEC_ACE *ace) static size_t afs_to_nt_acl(struct afs_acl *afs_acl, struct files_struct *fsp, uint32 security_info, - struct security_descriptor_info **ppdesc) + struct security_descriptor **ppdesc) { SEC_ACE *nt_ace_list; DOM_SID owner_sid, group_sid; @@ -691,7 +691,7 @@ static BOOL mappable_sid(const DOM_SID *sid) static BOOL nt_to_afs_acl(const char *filename, uint32 security_info_sent, - struct security_descriptor_info *psd, + struct security_descriptor *psd, uint32 (*nt_to_afs_rights)(const char *filename, const SEC_ACE *ace), struct afs_acl *afs_acl) @@ -827,7 +827,7 @@ static BOOL afs_get_afs_acl(char *filename, struct afs_acl *acl) } static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info, - struct security_descriptor_info **ppdesc) + struct security_descriptor **ppdesc) { struct afs_acl acl; size_t sd_size; @@ -881,7 +881,7 @@ static void merge_unknown_aces(struct afs_acl *src, struct afs_acl *dst) static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - struct security_descriptor_info *psd) + struct security_descriptor *psd) { struct afs_acl old_afs_acl, new_afs_acl; struct afs_acl dir_acl, file_acl; @@ -982,14 +982,14 @@ static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static size_t afsacl_fget_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, - struct security_descriptor_info **ppdesc) + struct security_descriptor **ppdesc) { return afs_get_nt_acl(fsp, security_info, ppdesc); } static size_t afsacl_get_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, - struct security_descriptor_info **ppdesc) + struct security_descriptor **ppdesc) { return afs_get_nt_acl(fsp, security_info, ppdesc); } diff --git a/source3/modules/vfs_cap.c b/source3/modules/vfs_cap.c index 54f74dde67..c4539ca34a 100644 --- a/source3/modules/vfs_cap.c +++ b/source3/modules/vfs_cap.c @@ -177,7 +177,7 @@ static char *cap_realpath(vfs_handle_struct *handle, const char *path, char *res return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path); } -static BOOL cap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd) +static BOOL cap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd) { pstring capname; capencode(capname, name); diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c index f5c7e95794..ccf637c3bc 100644 --- a/source3/modules/vfs_catia.c +++ b/source3/modules/vfs_catia.c @@ -222,7 +222,7 @@ static char *catia_realpath(vfs_handle_struct *handle, static size_t catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, - struct security_descriptor_info **ppdesc) + struct security_descriptor **ppdesc) { return SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, ppdesc); @@ -230,7 +230,7 @@ static size_t catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static BOOL catia_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, - struct security_descriptor_info *psd) + struct security_descriptor *psd) { return SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent, psd); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index b74763b2e5..1ff29a67ee 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -373,7 +373,7 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key, prs_mem_free( &ps ); return 0; } - sec = sd_orig->sec; + sec = sd_orig->sd; /* is this even valid? */ @@ -385,17 +385,17 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key, /* update access masks */ for ( i=0; idacl->num_aces; i++ ) { - switch ( sec->dacl->ace[i].info.mask ) { + switch ( sec->dacl->aces[i].access_mask ) { case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS): - sec->dacl->ace[i].info.mask = PRINTER_ACE_PRINT; + sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT; break; case GENERIC_ALL_ACCESS: - sec->dacl->ace[i].info.mask = PRINTER_ACE_FULL_CONTROL; + sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL; break; case READ_CONTROL_ACCESS: - sec->dacl->ace[i].info.mask = PRINTER_ACE_MANAGE_DOCUMENTS; + sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS; default: /* no change */ break; @@ -428,7 +428,7 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key, /* store it back */ - sd_size = sec_desc_size(sd_store->sec) + sizeof(SEC_DESC_BUF); + sd_size = sec_desc_size(sd_store->sd) + sizeof(SEC_DESC_BUF); prs_init(&ps, sd_size, ctx, MARSHALL); if ( !sec_io_desc_buf( "sec_desc_upg_fn", &sd_store, &ps, 1 ) ) { @@ -4998,7 +4998,7 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr) permissions through NT. If they are NULL in the new security descriptor then copy them over from the old one. */ - if (!secdesc_ctr->sec->owner_sid || !secdesc_ctr->sec->grp_sid) { + if (!secdesc_ctr->sd->owner_sid || !secdesc_ctr->sd->group_sid) { DOM_SID *owner_sid, *group_sid; SEC_ACL *dacl, *sacl; SEC_DESC *psd = NULL; @@ -5011,25 +5011,25 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr) /* Pick out correct owner and group sids */ - owner_sid = secdesc_ctr->sec->owner_sid ? - secdesc_ctr->sec->owner_sid : - old_secdesc_ctr->sec->owner_sid; + owner_sid = secdesc_ctr->sd->owner_sid ? + secdesc_ctr->sd->owner_sid : + old_secdesc_ctr->sd->owner_sid; - group_sid = secdesc_ctr->sec->grp_sid ? - secdesc_ctr->sec->grp_sid : - old_secdesc_ctr->sec->grp_sid; + group_sid = secdesc_ctr->sd->group_sid ? + secdesc_ctr->sd->group_sid : + old_secdesc_ctr->sd->group_sid; - dacl = secdesc_ctr->sec->dacl ? - secdesc_ctr->sec->dacl : - old_secdesc_ctr->sec->dacl; + dacl = secdesc_ctr->sd->dacl ? + secdesc_ctr->sd->dacl : + old_secdesc_ctr->sd->dacl; - sacl = secdesc_ctr->sec->sacl ? - secdesc_ctr->sec->sacl : - old_secdesc_ctr->sec->sacl; + sacl = secdesc_ctr->sd->sacl ? + secdesc_ctr->sd->sacl : + old_secdesc_ctr->sd->sacl; /* Make a deep copy of the security descriptor */ - psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision, secdesc_ctr->sec->type, + psd = make_sec_desc(mem_ctx, secdesc_ctr->sd->revision, secdesc_ctr->sd->type, owner_sid, group_sid, sacl, dacl, @@ -5049,7 +5049,7 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr) /* Store the security descriptor in a tdb */ - prs_init(&ps, (uint32)sec_desc_size(new_secdesc_ctr->sec) + + prs_init(&ps, (uint32)sec_desc_size(new_secdesc_ctr->sd) + sizeof(SEC_DESC_BUF), mem_ctx, MARSHALL); if (!sec_io_desc_buf("nt_printing_setsec", &new_secdesc_ctr, @@ -5194,7 +5194,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s /* Save default security descriptor for later */ - prs_init(&ps, (uint32)sec_desc_size((*secdesc_ctr)->sec) + + prs_init(&ps, (uint32)sec_desc_size((*secdesc_ctr)->sd) + sizeof(SEC_DESC_BUF), ctx, MARSHALL); if (sec_io_desc_buf("nt_printing_getsec", secdesc_ctr, &ps, 1)) { @@ -5212,7 +5212,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s this security descriptor has been created when winbindd was down. Take ownership of security descriptor. */ - if (sid_equal((*secdesc_ctr)->sec->owner_sid, &global_sid_World)) { + if (sid_equal((*secdesc_ctr)->sd->owner_sid, &global_sid_World)) { DOM_SID owner_sid; /* Change sd owner to workgroup administrator */ @@ -5226,11 +5226,11 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); - psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision, (*secdesc_ctr)->sec->type, + psd = make_sec_desc(ctx, (*secdesc_ctr)->sd->revision, (*secdesc_ctr)->sd->type, &owner_sid, - (*secdesc_ctr)->sec->grp_sid, - (*secdesc_ctr)->sec->sacl, - (*secdesc_ctr)->sec->dacl, + (*secdesc_ctr)->sd->group_sid, + (*secdesc_ctr)->sd->sacl, + (*secdesc_ctr)->sd->dacl, &size); if (!psd) { @@ -5253,7 +5253,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s } if (DEBUGLEVEL >= 10) { - SEC_ACL *the_acl = (*secdesc_ctr)->sec->dacl; + SEC_ACL *the_acl = (*secdesc_ctr)->sd->dacl; int i; DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", @@ -5262,11 +5262,11 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s for (i = 0; i < the_acl->num_aces; i++) { fstring sid_str; - sid_to_string(sid_str, &the_acl->ace[i].trustee); + sid_to_string(sid_str, &the_acl->aces[i].trustee); DEBUG(10, ("%s %d %d 0x%08x\n", sid_str, - the_acl->ace[i].type, the_acl->ace[i].flags, - the_acl->ace[i].info.mask)); + the_acl->aces[i].type, the_acl->aces[i].flags, + the_acl->aces[i].access_mask)); } } @@ -5318,7 +5318,7 @@ void map_printer_permissions(SEC_DESC *sd) int i; for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { - se_map_generic(&sd->dacl->ace[i].info.mask, + se_map_generic(&sd->dacl->aces[i].access_mask, &printer_generic_mapping); } } @@ -5396,7 +5396,7 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type) against. This is because print jobs are child objects objects of a printer. */ - secdesc = se_create_child_secdesc(mem_ctx, parent_secdesc->sec, False); + secdesc = se_create_child_secdesc(mem_ctx, parent_secdesc->sd, False); if (!secdesc) { talloc_destroy(mem_ctx); @@ -5415,9 +5415,9 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type) /* Check access */ - map_printer_permissions(secdesc->sec); + map_printer_permissions(secdesc->sd); - result = se_access_check(secdesc->sec, user->nt_user_token, access_type, + result = se_access_check(secdesc->sd, user->nt_user_token, access_type, &access_granted, &status); DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE")); diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_printing.c index d8c25d802d..ba79092ea5 100644 --- a/source3/registry/reg_printing.c +++ b/source3/registry/reg_printing.c @@ -449,8 +449,8 @@ static void fill_in_printer_values( NT_PRINTER_INFO_LEVEL_2 *info2, REGVAL_CTR * /* stream the printer security descriptor */ - if ( info2->secdesc_buf && info2->secdesc_buf->len ) { - if ( sec_io_desc("sec_desc", &info2->secdesc_buf->sec, &prs, 0 ) ) { + if ( info2->secdesc_buf && info2->secdesc_buf->sd ) { + if ( sec_io_desc("sec_desc", &info2->secdesc_buf->sd, &prs, 0 ) ) { offset = prs_offset( &prs ); regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&prs), offset ); } diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c index 6a544bba64..0f0c642d21 100644 --- a/source3/rpc_client/cli_reg.c +++ b/source3/rpc_client/cli_reg.c @@ -332,7 +332,7 @@ WERROR rpccli_reg_get_key_sec(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, return out.status; sec_buf = out.data; - *sec_buf_size = out.data->len; + *sec_buf_size = out.data->sd_size; return out.status; } diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c index 06a2b19095..f529ad1425 100644 --- a/source3/rpc_parse/parse_reg.c +++ b/source3/rpc_parse/parse_reg.c @@ -141,9 +141,9 @@ static BOOL reg_io_hdrbuf_sec(uint32 ptr, uint32 *ptr3, BUFHDR *hdr_sec, } if(!smb_io_hdrbuf_post("hdr_sec", hdr_sec, ps, depth, - hdr_offset, data->max_len, data->len)) + hdr_offset, data->sd_size, data->sd_size)) return False; - if(!prs_set_offset(ps, old_offset + data->len + + if(!prs_set_offset(ps, old_offset + data->sd_size + sizeof(uint32) * ((ptr3 != NULL) ? 5 : 3))) return False; @@ -181,7 +181,7 @@ void init_reg_q_create_key_ex(REG_Q_CREATE_KEY_EX *q_c, POLICY_HND *hnd, q_c->data = sec_buf; q_c->ptr2 = 1; - init_buf_hdr(&q_c->hdr_sec, sec_buf->len, sec_buf->len); + init_buf_hdr(&q_c->hdr_sec, sec_buf->sd_size, sec_buf->sd_size); q_c->ptr3 = 1; q_c->disposition = TALLOC_P( get_talloc_ctx(), uint32 ); if (!q_c->disposition) { @@ -704,7 +704,7 @@ void init_reg_q_set_key_sec(REG_Q_SET_KEY_SEC *q_u, POLICY_HND *pol, q_u->sec_info = sec_info; q_u->ptr = 1; - init_buf_hdr(&q_u->hdr_sec, sec_desc_buf->len, sec_desc_buf->len); + init_buf_hdr(&q_u->hdr_sec, sec_desc_buf->sd_size, sec_desc_buf->sd_size); q_u->data = sec_desc_buf; } diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 6a752688a0..32a8a8cd32 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -39,7 +39,7 @@ BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_access"); depth++; - if(!prs_uint32("mask", ps, depth, &t->mask)) + if(!prs_uint32("mask", ps, depth, t)) return False; return True; @@ -62,7 +62,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) old_offset = prs_offset(ps); - if(!prs_uint8("type ", ps, depth, &psa->type)) + if(!prs_uint8("type ", ps, depth, (uint8*)&psa->type)) return False; if(!prs_uint8("flags", ps, depth, &psa->flags)) @@ -71,7 +71,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size)) return False; - if(!sec_io_access("info ", &psa->info, ps, depth)) + if(!prs_uint32("access_mask", ps, depth, &psa->access_mask)) return False; /* check whether object access is present */ @@ -79,15 +79,15 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) return False; } else { - if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags)) + if (!prs_uint32("obj_flags", ps, depth, &psa->object.object.flags)) return False; - if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT) - if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth)) + if (psa->object.object.flags & SEC_ACE_OBJECT_PRESENT) + if (!smb_io_uuid("obj_guid", &psa->object.object.type.type, ps,depth)) return False; - if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT) - if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth)) + if (psa->object.object.flags & SEC_ACE_OBJECT_INHERITED_PRESENT) + if (!smb_io_uuid("inh_guid", &psa->object.object.inherited_type.inherited_type, ps,depth)) return False; if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) @@ -155,7 +155,7 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) old_offset = prs_offset(ps); - if(!prs_uint16("revision", ps, depth, &psa->revision)) + if(!prs_uint16("revision", ps, depth, (uint16 *)&psa->revision)) return False; if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size)) @@ -170,14 +170,14 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) * between a non-present DACL (allow all access) and a DACL with no ACE's * (allow no access). */ - if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) + if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) return False; } for (i = 0; i < psa->num_aces; i++) { fstring tmp; slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); - if(!sec_io_ace(tmp, &psa->ace[i], ps, depth)) + if(!sec_io_ace(tmp, &psa->aces[i], ps, depth)) return False; } @@ -211,6 +211,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ uint32 tmp_offset = 0; + uint32 off_sacl, off_dacl, off_owner_sid, off_grp_sid; SEC_DESC *psd; @@ -236,7 +237,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); - if(!prs_uint16("revision ", ps, depth, &psd->revision)) + if(!prs_uint16("revision ", ps, depth, (uint16*)&psd->revision)) return False; if(!prs_uint16("type ", ps, depth, &psd->type)) @@ -250,52 +251,52 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) */ if (psd->sacl != NULL) { - psd->off_sacl = offset; + off_sacl = offset; offset += psd->sacl->size; } else { - psd->off_sacl = 0; + off_sacl = 0; } if (psd->dacl != NULL) { - psd->off_dacl = offset; + off_dacl = offset; offset += psd->dacl->size; } else { - psd->off_dacl = 0; + off_dacl = 0; } if (psd->owner_sid != NULL) { - psd->off_owner_sid = offset; + off_owner_sid = offset; offset += sid_size(psd->owner_sid); } else { - psd->off_owner_sid = 0; + off_owner_sid = 0; } - if (psd->grp_sid != NULL) { - psd->off_grp_sid = offset; - offset += sid_size(psd->grp_sid); + if (psd->group_sid != NULL) { + off_grp_sid = offset; + offset += sid_size(psd->group_sid); } else { - psd->off_grp_sid = 0; + off_grp_sid = 0; } } - if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)) + if(!prs_uint32("off_owner_sid", ps, depth, &off_owner_sid)) return False; - if(!prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid)) + if(!prs_uint32("off_grp_sid ", ps, depth, &off_grp_sid)) return False; - if(!prs_uint32("off_sacl ", ps, depth, &psd->off_sacl)) + if(!prs_uint32("off_sacl ", ps, depth, &off_sacl)) return False; - if(!prs_uint32("off_dacl ", ps, depth, &psd->off_dacl)) + if(!prs_uint32("off_dacl ", ps, depth, &off_dacl)) return False; max_offset = MAX(max_offset, prs_offset(ps)); - if (psd->off_owner_sid != 0) { + if (off_owner_sid != 0) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) + if(!prs_set_offset(ps, old_offset + off_owner_sid)) return False; if (UNMARSHALLING(ps)) { @@ -313,19 +314,19 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if (psd->off_grp_sid != 0) { + if (psd->group_sid != 0) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) + if(!prs_set_offset(ps, old_offset + off_grp_sid)) return False; if (UNMARSHALLING(ps)) { /* reading */ - if((psd->grp_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) + if((psd->group_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) return False; } - if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) + if(!smb_io_dom_sid("grp_sid", psd->group_sid, ps, depth)) return False; max_offset = MAX(max_offset, prs_offset(ps)); @@ -334,9 +335,9 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) { + if ((psd->type & SEC_DESC_SACL_PRESENT) && off_sacl) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_sacl)) + if(!prs_set_offset(ps, old_offset + off_sacl)) return False; if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) return False; @@ -345,9 +346,9 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { + if ((psd->type & SEC_DESC_DACL_PRESENT) && off_dacl != 0) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_dacl)) + if(!prs_set_offset(ps, old_offset + off_dacl)) return False; if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) return False; @@ -372,7 +373,9 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int uint32 off_max_len; uint32 old_offset; uint32 size; + uint32 len; SEC_DESC_BUF *psdb; + uint32 ptr; if (ppsdb == NULL) return False; @@ -391,20 +394,22 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int if(!prs_align(ps)) return False; - if(!prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len)) + if(!prs_uint32_pre("max_len", ps, depth, &psdb->sd_size, &off_max_len)) return False; - if(!prs_uint32 ("ptr ", ps, depth, &psdb->ptr)) + ptr = 1; + if(!prs_uint32 ("ptr ", ps, depth, &ptr)) return False; - if(!prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len)) + len = sec_desc_size(psdb->sd); + if(!prs_uint32_pre("len ", ps, depth, &len, &off_len)) return False; old_offset = prs_offset(ps); /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((UNMARSHALLING(ps) && psdb->len != 0) || (MARSHALLING(ps) && psdb->sec != NULL)) { - if(!sec_io_desc("sec ", &psdb->sec, ps, depth)) + if ((UNMARSHALLING(ps) && psdb->sd_size != 0) || (MARSHALLING(ps) && psdb->sd != NULL)) { + if(!sec_io_desc("sec ", &psdb->sd, ps, depth)) return False; } @@ -412,10 +417,10 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int return False; size = prs_offset(ps) - old_offset; - if(!prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size)) + if(!prs_uint32_post("max_len", ps, depth, &psdb->sd_size, off_max_len, size == 0 ? psdb->sd_size : size)) return False; - if(!prs_uint32_post("len ", ps, depth, &psdb->len, off_len, size)) + if(!prs_uint32_post("len ", ps, depth, &len, off_len, size)) return False; return True; diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index ec64e10a59..e878744a1b 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -3775,10 +3775,8 @@ BOOL make_spoolss_q_setprinter(TALLOC_CTX *mem_ctx, SPOOL_Q_SETPRINTER *q_u, q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF); if (!q_u->secdesc_ctr) return False; - q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0; - q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; - q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; - q_u->secdesc_ctr->sec = secdesc; + q_u->secdesc_ctr->sd = secdesc; + q_u->secdesc_ctr->sd_size = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; q_u->devmode_ctr.devmode_ptr = (devmode != NULL) ? 1 : 0; q_u->devmode_ctr.size = (devmode != NULL) ? sizeof(DEVICEMODE) + (3*sizeof(uint32)) : 0; @@ -3799,10 +3797,8 @@ BOOL make_spoolss_q_setprinter(TALLOC_CTX *mem_ctx, SPOOL_Q_SETPRINTER *q_u, q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF); if (!q_u->secdesc_ctr) return False; - q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0; - q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; - q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; - q_u->secdesc_ctr->sec = secdesc; + q_u->secdesc_ctr->sd_size = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; + q_u->secdesc_ctr->sd = secdesc; break; case 7: diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 16dec45318..1a396a2391 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -3008,8 +3008,8 @@ static void spoolss_notify_security_desc(int snum, NT_PRINTER_INFO_LEVEL *printer, TALLOC_CTX *mem_ctx) { - data->notify_data.sd.size = printer->info_2->secdesc_buf->len; - data->notify_data.sd.desc = dup_sec_desc( mem_ctx, printer->info_2->secdesc_buf->sec ) ; + data->notify_data.sd.size = printer->info_2->secdesc_buf->sd_size; + data->notify_data.sd.desc = dup_sec_desc( mem_ctx, printer->info_2->secdesc_buf->sd ) ; } /******************************************************************* @@ -4154,13 +4154,13 @@ static BOOL construct_printer_info_2(Printer_entry *print_hnd, PRINTER_INFO_2 *p printer->secdesc = NULL; if ( ntprinter->info_2->secdesc_buf - && ntprinter->info_2->secdesc_buf->len != 0 ) + && ntprinter->info_2->secdesc_buf->sd_size != 0 ) { /* don't use talloc_steal() here unless you do a deep steal of all the SEC_DESC members */ printer->secdesc = dup_sec_desc( get_talloc_ctx(), - ntprinter->info_2->secdesc_buf->sec ); + ntprinter->info_2->secdesc_buf->sd ); } free_a_printer(&ntprinter, 2); @@ -4194,12 +4194,12 @@ static BOOL construct_printer_info_3(Printer_entry *print_hnd, PRINTER_INFO_3 ** printer->flags = 0x4; - if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->len != 0) { + if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->sd_size != 0) { /* don't use talloc_steal() here unless you do a deep steal of all the SEC_DESC members */ printer->secdesc = dup_sec_desc( get_talloc_ctx(), - ntprinter->info_2->secdesc_buf->sec ); + ntprinter->info_2->secdesc_buf->sd ); } free_a_printer(&ntprinter, 2); @@ -5845,20 +5845,20 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, SEC_ACL *the_acl; int i; - the_acl = old_secdesc_ctr->sec->dacl; + the_acl = old_secdesc_ctr->sd->dacl; DEBUG(10, ("old_secdesc_ctr for %s has %d aces:\n", PRINTERNAME(snum), the_acl->num_aces)); for (i = 0; i < the_acl->num_aces; i++) { fstring sid_str; - sid_to_string(sid_str, &the_acl->ace[i].trustee); + sid_to_string(sid_str, &the_acl->aces[i].trustee); DEBUG(10, ("%s 0x%08x\n", sid_str, - the_acl->ace[i].info.mask)); + the_acl->aces[i].access_mask)); } - the_acl = secdesc_ctr->sec->dacl; + the_acl = secdesc_ctr->sd->dacl; if (the_acl) { DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", @@ -5867,10 +5867,10 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, for (i = 0; i < the_acl->num_aces; i++) { fstring sid_str; - sid_to_string(sid_str, &the_acl->ace[i].trustee); + sid_to_string(sid_str, &the_acl->aces[i].trustee); DEBUG(10, ("%s 0x%08x\n", sid_str, - the_acl->ace[i].info.mask)); + the_acl->aces[i].access_mask)); } } else { DEBUG(10, ("dacl for secdesc_ctr is NULL\n")); @@ -5883,7 +5883,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, goto done; } - if (sec_desc_equal(new_secdesc_ctr->sec, old_secdesc_ctr->sec)) { + if (sec_desc_equal(new_secdesc_ctr->sd, old_secdesc_ctr->sd)) { result = WERR_OK; goto done; } diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index c65401f1c4..21032a4ed9 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -309,11 +309,11 @@ static void map_generic_share_sd_bits(SEC_DESC *psd) return; for (i = 0; i < ps_dacl->num_aces; i++) { - SEC_ACE *psa = &ps_dacl->ace[i]; - uint32 orig_mask = psa->info.mask; + SEC_ACE *psa = &ps_dacl->aces[i]; + uint32 orig_mask = psa->access_mask; - se_map_generic(&psa->info.mask, &file_generic_mapping); - psa->info.mask |= orig_mask; + se_map_generic(&psa->access_mask, &file_generic_mapping); + psa->access_mask |= orig_mask; } } @@ -1538,7 +1538,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S case 1501: pstrcpy(pathname, lp_pathname(snum)); fstrcpy(comment, lp_comment(snum)); - psd = q_u->info.share.info1501.sdb->sec; + psd = q_u->info.share.info1501.sdb->sd; map_generic_share_sd_bits(psd); type = STYPE_DISKTREE; break; diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index 3cd242cd4d..7134f5fbf2 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -834,7 +834,7 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli, /* Print results */ - display_sec_desc(sdb->sec); + display_sec_desc(sdb->sd); rpccli_lsa_close(cli, mem_ctx, &pol); done: diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index cc0fe61990..04ffa002d2 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1994,7 +1994,7 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - display_sec_desc(sec_desc_buf->sec); + display_sec_desc(sec_desc_buf->sd); rpccli_samr_close(cli, mem_ctx, &user_pol); rpccli_samr_close(cli, mem_ctx, &domain_pol); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index c5e48a6324..9cebd21d7d 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1009,16 +1009,16 @@ static NTSTATUS set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 secu return NT_STATUS_NO_MEMORY; } - if (psd->off_owner_sid==0) { + if (psd->owner_sid==0) { security_info_sent &= ~OWNER_SECURITY_INFORMATION; } - if (psd->off_grp_sid==0) { + if (psd->group_sid==0) { security_info_sent &= ~GROUP_SECURITY_INFORMATION; } - if (psd->off_sacl==0) { + if (psd->sacl==0) { security_info_sent &= ~SACL_SECURITY_INFORMATION; } - if (psd->off_dacl==0) { + if (psd->dacl==0) { security_info_sent &= ~DACL_SECURITY_INFORMATION; } diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 18ef187f38..3b38b91547 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -860,36 +860,36 @@ static SEC_ACCESS map_canon_ace_perms(int snum, int *pacl_type, DOM_SID *powner_ #define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES) #define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE) -static mode_t map_nt_perms( SEC_ACCESS sec_access, int type) +static mode_t map_nt_perms( uint32 *mask, int type) { mode_t mode = 0; switch(type) { case S_IRUSR: - if(sec_access.mask & GENERIC_ALL_ACCESS) + if((*mask) & GENERIC_ALL_ACCESS) mode = S_IRUSR|S_IWUSR|S_IXUSR; else { - mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0; - mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0; - mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0; + mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0; + mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0; + mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0; } break; case S_IRGRP: - if(sec_access.mask & GENERIC_ALL_ACCESS) + if((*mask) & GENERIC_ALL_ACCESS) mode = S_IRGRP|S_IWGRP|S_IXGRP; else { - mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0; - mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0; - mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0; + mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0; + mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0; + mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0; } break; case S_IROTH: - if(sec_access.mask & GENERIC_ALL_ACCESS) + if((*mask) & GENERIC_ALL_ACCESS) mode = S_IROTH|S_IWOTH|S_IXOTH; else { - mode |= (sec_access.mask & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0; - mode |= (sec_access.mask & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0; - mode |= (sec_access.mask & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0; + mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0; + mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0; + mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0; } break; } @@ -950,7 +950,7 @@ BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_ */ if (security_info_sent & GROUP_SECURITY_INFORMATION) { - sid_copy(&grp_sid, psd->grp_sid); + sid_copy(&grp_sid, psd->group_sid); if (!sid_to_gid( &grp_sid, pgrp)) { if (lp_force_unknown_acl_user(snum)) { /* this allows take group ownership to work @@ -1254,7 +1254,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, */ for(i = 0; i < dacl->num_aces; i++) { - SEC_ACE *psa = &dacl->ace[i]; + SEC_ACE *psa = &dacl->aces[i]; if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) { DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n")); @@ -1273,12 +1273,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, * Convert GENERIC bits to specific bits. */ - se_map_generic(&psa->info.mask, &file_generic_mapping); + se_map_generic(&psa->access_mask, &file_generic_mapping); - psa->info.mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS); + psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS); - if(psa->info.mask != UNIX_ACCESS_NONE) - psa->info.mask &= ~UNIX_ACCESS_NONE; + if(psa->access_mask != UNIX_ACCESS_NONE) + psa->access_mask &= ~UNIX_ACCESS_NONE; } } @@ -1291,12 +1291,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, */ for(i = 0; i < dacl->num_aces; i++) { - SEC_ACE *psa1 = &dacl->ace[i]; + SEC_ACE *psa1 = &dacl->aces[i]; for (j = i + 1; j < dacl->num_aces; j++) { - SEC_ACE *psa2 = &dacl->ace[j]; + SEC_ACE *psa2 = &dacl->aces[j]; - if (psa1->info.mask != psa2->info.mask) + if (psa1->access_mask != psa2->access_mask) continue; if (!sid_equal(&psa1->trustee, &psa2->trustee)) @@ -1322,7 +1322,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, } for(i = 0; i < dacl->num_aces; i++) { - SEC_ACE *psa = &dacl->ace[i]; + SEC_ACE *psa = &dacl->aces[i]; /* * Ignore non-mappable SIDs (NT Authority, BUILTIN etc). @@ -1408,7 +1408,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, * S_I(R|W|X)USR bits. */ - current_ace->perms |= map_nt_perms( psa->info, S_IRUSR); + current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR); current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE; current_ace->inherited = ((psa->flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False); @@ -2641,7 +2641,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces) /* We know the lower number ACE's are file entries. */ if ((nt_ace_list[i].type == nt_ace_list[j].type) && (nt_ace_list[i].size == nt_ace_list[j].size) && - (nt_ace_list[i].info.mask == nt_ace_list[j].info.mask) && + (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) && sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) && (i_inh == j_inh) && (i_flags_ni == 0) && @@ -2654,7 +2654,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces) * the non-inherited ACE onto the inherited ACE. */ - if (nt_ace_list[i].info.mask == 0) { + if (nt_ace_list[i].access_mask == 0) { nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT| (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0); if (num_aces - i - 1 > 0) @@ -2954,7 +2954,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) } if (psd->dacl) { - dacl_sort_into_canonical_order(psd->dacl->ace, (unsigned int)psd->dacl->num_aces); + dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces); } *ppdesc = psd; diff --git a/source3/tdb/include/tdbutil.h b/source3/tdb/include/tdbutil.h index 1bc000337b..72d1505f4e 100644 --- a/source3/tdb/include/tdbutil.h +++ b/source3/tdb/include/tdbutil.h @@ -47,9 +47,9 @@ int tdb_read_lock_bystring_with_timeout(TDB_CONTEXT *tdb, const char *keyval, unsigned int timeout); void tdb_read_unlock_bystring(TDB_CONTEXT *tdb, const char *keyval); int32_t tdb_fetch_int32(struct tdb_context *tdb, const char *keystr); -BOOL tdb_store_uint32(struct tdb_context *tdb, const char *keystr, uint32_t value); +int tdb_store_uint32(struct tdb_context *tdb, const char *keystr, uint32_t value); int tdb_store_int32(struct tdb_context *tdb, const char *keystr, int32_t v); -BOOL tdb_fetch_uint32(struct tdb_context *tdb, const char *keystr, uint32_t *value); +int tdb_fetch_uint32(struct tdb_context *tdb, const char *keystr, uint32_t *value); int tdb_traverse_delete_fn(struct tdb_context *the_tdb, TDB_DATA key, TDB_DATA dbuf, void *state); int tdb_store_bystring(struct tdb_context *tdb, const char *keystr, TDB_DATA data, int flags); @@ -63,7 +63,7 @@ TDB_DATA make_tdb_data(const char *dptr, size_t dsize); TDB_DATA string_tdb_data(const char *string); int tdb_trans_store(struct tdb_context *tdb, TDB_DATA key, TDB_DATA dbuf, int flag); -BOOL tdb_change_uint32_atomic(TDB_CONTEXT *tdb, const char *keystr, +int tdb_change_uint32_atomic(TDB_CONTEXT *tdb, const char *keystr, uint32 *oldval, uint32 change_val); int tdb_chainlock_with_timeout( TDB_CONTEXT *tdb, TDB_DATA key, unsigned int timeout); diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c index 6a306a9983..a41f9ec562 100644 --- a/source3/utils/net_usershare.c +++ b/source3/utils/net_usershare.c @@ -372,7 +372,7 @@ static int info_fn(struct file_list *fl, void *priv) const char *name; NTSTATUS ntstatus; - ntstatus = net_lookup_name_from_sid(ctx, &psd->dacl->ace[num_aces].trustee, &domain, &name); + ntstatus = net_lookup_name_from_sid(ctx, &psd->dacl->aces[num_aces].trustee, &domain, &name); if (NT_STATUS_IS_OK(ntstatus)) { if (domain && *domain) { @@ -382,15 +382,15 @@ static int info_fn(struct file_list *fl, void *priv) pstrcat(acl_str,name); } else { fstring sidstr; - sid_to_string(sidstr, &psd->dacl->ace[num_aces].trustee); + sid_to_string(sidstr, &psd->dacl->aces[num_aces].trustee); pstrcat(acl_str,sidstr); } pstrcat(acl_str, ":"); - if (psd->dacl->ace[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) { + if (psd->dacl->aces[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) { pstrcat(acl_str, "D,"); } else { - if (psd->dacl->ace[num_aces].info.mask & GENERIC_ALL_ACCESS) { + if (psd->dacl->aces[num_aces].access_mask & GENERIC_ALL_ACCESS) { pstrcat(acl_str, "F,"); } else { pstrcat(acl_str, "R,"); diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c index d40a2deea3..d5b14fdfb0 100644 --- a/source3/utils/profiles.c +++ b/source3/utils/profiles.c @@ -43,14 +43,14 @@ static BOOL swap_sid_in_acl( SEC_DESC *sd, DOM_SID *s1, DOM_SID *s2 ) update = True; } - if ( sid_equal( sd->grp_sid, s1 ) ) { - sid_copy( sd->grp_sid, s2 ); + if ( sid_equal( sd->group_sid, s1 ) ) { + sid_copy( sd->group_sid, s2 ); update = True; } for ( i=0; inum_aces; i++ ) { - if ( sid_equal( &acl->ace[i].trustee, s1 ) ) { - sid_copy( &acl->ace[i].trustee, s2 ); + if ( sid_equal( &acl->aces[i].trustee, s1 ) ) { + sid_copy( &acl->aces[i].trustee, s2 ); update = True; } } diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c index 3f66d4da6e..5749cf2f55 100644 --- a/source3/utils/sharesec.c +++ b/source3/utils/sharesec.c @@ -75,7 +75,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) if (numeric) { fprintf(f, "%d/%d/0x%08x", - ace->type, ace->flags, ace->info.mask); + ace->type, ace->flags, ace->access_mask); return; } @@ -96,7 +96,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* Standard permissions */ for (v = standard_values; v->perm; v++) { - if (ace->info.mask == v->mask) { + if (ace->access_mask == v->mask) { fprintf(f, "%s", v->perm); return; } @@ -105,11 +105,11 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* Special permissions. Print out a hex value if we have leftover bits in the mask. */ - got_mask = ace->info.mask; + got_mask = ace->access_mask; again: for (v = special_values; v->perm; v++) { - if ((ace->info.mask & v->mask) == v->mask) { + if ((ace->access_mask & v->mask) == v->mask) { if (do_print) { fprintf(f, "%s", v->perm); } @@ -119,7 +119,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) if (!do_print) { if (got_mask != 0) { - fprintf(f, "0x%08x", ace->info.mask); + fprintf(f, "0x%08x", ace->access_mask); } else { do_print = 1; goto again; @@ -148,8 +148,8 @@ static void sec_desc_print(FILE *f, SEC_DESC *sd) fprintf(f, "OWNER:%s\n", sidstr); - if (sd->grp_sid) { - sid_to_string(sidstr, sd->grp_sid); + if (sd->group_sid) { + sid_to_string(sidstr, sd->group_sid); } else { fstrcpy(sidstr, ""); } @@ -158,7 +158,7 @@ static void sec_desc_print(FILE *f, SEC_DESC *sd) /* Print aces */ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { - SEC_ACE *ace = &sd->dacl->ace[i]; + SEC_ACE *ace = &sd->dacl->aces[i]; fprintf(f, "ACL:"); print_ace(f, ace); fprintf(f, "\n"); diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 85c59db5ec..67de8c7335 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -172,7 +172,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) if (numeric) { fprintf(f, "%d/%d/0x%08x", - ace->type, ace->flags, ace->info.mask); + ace->type, ace->flags, ace->access_mask); return; } @@ -193,7 +193,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* Standard permissions */ for (v = standard_values; v->perm; v++) { - if (ace->info.mask == v->mask) { + if (ace->access_mask == v->mask) { fprintf(f, "%s", v->perm); return; } @@ -202,11 +202,11 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* Special permissions. Print out a hex value if we have leftover bits in the mask. */ - got_mask = ace->info.mask; + got_mask = ace->access_mask; again: for (v = special_values; v->perm; v++) { - if ((ace->info.mask & v->mask) == v->mask) { + if ((ace->access_mask & v->mask) == v->mask) { if (do_print) { fprintf(f, "%s", v->perm); } @@ -216,7 +216,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) if (!do_print) { if (got_mask != 0) { - fprintf(f, "0x%08x", ace->info.mask); + fprintf(f, "0x%08x", ace->access_mask); } else { do_print = 1; goto again; @@ -348,7 +348,7 @@ static BOOL parse_ace(SEC_ACE *ace, const char *orig_str) } done: - mask.mask = amask; + mask = amask; init_sec_ace(ace, &sid, atype, mask, aflags); SAFE_FREE(str); return True; @@ -366,7 +366,7 @@ static BOOL add_ace(SEC_ACL **the_acl, SEC_ACE *ace) if (!(aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces))) { return False; } - memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE)); + memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE)); memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); new_ace = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces); SAFE_FREE(aces); @@ -465,8 +465,8 @@ static void sec_desc_print(FILE *f, SEC_DESC *sd) fprintf(f, "OWNER:%s\n", sidstr); - if (sd->grp_sid) { - SidToString(sidstr, sd->grp_sid); + if (sd->group_sid) { + SidToString(sidstr, sd->group_sid); } else { fstrcpy(sidstr, ""); } @@ -475,7 +475,7 @@ static void sec_desc_print(FILE *f, SEC_DESC *sd) /* Print aces */ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { - SEC_ACE *ace = &sd->dacl->ace[i]; + SEC_ACE *ace = &sd->dacl->aces[i]; fprintf(f, "ACL:"); print_ace(f, ace); fprintf(f, "\n"); @@ -593,8 +593,8 @@ static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2) if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; - if (ace1->info.mask != ace2->info.mask) - return ace1->info.mask - ace2->info.mask; + if (ace1->access_mask != ace2->access_mask) + return ace1->access_mask - ace2->access_mask; if (ace1->size != ace2->size) return ace1->size - ace2->size; @@ -607,13 +607,13 @@ static void sort_acl(SEC_ACL *the_acl) uint32 i; if (!the_acl) return; - qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]), QSORT_CAST ace_compare); + qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]), QSORT_CAST ace_compare); for (i=1;inum_aces;) { - if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) { + if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) { int j; for (j=i; jnum_aces-1; j++) { - the_acl->ace[j] = the_acl->ace[j+1]; + the_acl->aces[j] = the_acl->aces[j+1]; } the_acl->num_aces--; } else { @@ -665,11 +665,11 @@ static int cacl_set(struct cli_state *cli, char *filename, BOOL found = False; for (j=0;old->dacl && jdacl->num_aces;j++) { - if (sec_ace_equal(&sd->dacl->ace[i], - &old->dacl->ace[j])) { + if (sec_ace_equal(&sd->dacl->aces[i], + &old->dacl->aces[j])) { uint32 k; for (k=j; kdacl->num_aces-1;k++) { - old->dacl->ace[k] = old->dacl->ace[k+1]; + old->dacl->aces[k] = old->dacl->aces[k+1]; } old->dacl->num_aces--; found = True; @@ -679,7 +679,7 @@ static int cacl_set(struct cli_state *cli, char *filename, if (!found) { printf("ACL for ACE:"); - print_ace(stdout, &sd->dacl->ace[i]); + print_ace(stdout, &sd->dacl->aces[i]); printf(" not found\n"); } } @@ -690,9 +690,9 @@ static int cacl_set(struct cli_state *cli, char *filename, BOOL found = False; for (j=0;old->dacl && jdacl->num_aces;j++) { - if (sid_equal(&sd->dacl->ace[i].trustee, - &old->dacl->ace[j].trustee)) { - old->dacl->ace[j] = sd->dacl->ace[i]; + if (sid_equal(&sd->dacl->aces[i].trustee, + &old->dacl->aces[j].trustee)) { + old->dacl->aces[j] = sd->dacl->aces[i]; found = True; } } @@ -700,7 +700,7 @@ static int cacl_set(struct cli_state *cli, char *filename, if (!found) { fstring str; - SidToString(str, &sd->dacl->ace[i].trustee); + SidToString(str, &sd->dacl->aces[i].trustee); printf("ACL for SID %s not found\n", str); } } @@ -709,15 +709,15 @@ static int cacl_set(struct cli_state *cli, char *filename, old->owner_sid = sd->owner_sid; } - if (sd->grp_sid) { - old->grp_sid = sd->grp_sid; + if (sd->group_sid) { + old->group_sid = sd->group_sid; } break; case SMB_ACL_ADD: for (i=0;sd->dacl && idacl->num_aces;i++) { - add_ace(&old->dacl, &sd->dacl->ace[i]); + add_ace(&old->dacl, &sd->dacl->aces[i]); } break; -- cgit