From b2eef912cfaf768fd26b3b2acbcfc0be2951a197 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 8 Jun 2000 00:17:05 +0000 Subject: Cause printer SD's to be displayed correctly (full control). Jeremy. (This used to be commit 341d07c516865bdd9be99f98cd0754d12b25f9c0) --- source3/include/rpc_secdes.h | 6 ++++-- source3/printing/nt_printing.c | 16 +++++++++------- source3/rpc_parse/parse_sec.c | 2 +- source3/smbd/unix_acls.c | 2 +- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 9d54622758..d314d06d71 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -38,7 +38,6 @@ #define SEC_RIGHTS_FULL_CONTROL 0x000f003f #define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000 - #define SEC_ACE_TYPE_ACCESS_ALLOWED 0x0 #define SEC_ACE_TYPE_ACCESS_DENIED 0x1 #define SEC_ACE_TYPE_SYSTEM_AUDIT 0x2 @@ -102,10 +101,12 @@ typedef struct security_ace_info #define MAX_SEC_ACES 16 +#define ACL_REVISION 0x3 + /* SEC_ACL */ typedef struct security_acl_info { - uint16 revision; /* 0x0002 */ + uint16 revision; /* 0x0003 */ uint16 size; /* size in bytes of the entire ACL structure */ uint32 num_aces; /* number of Access Control Entries */ @@ -113,6 +114,7 @@ typedef struct security_acl_info } SEC_ACL; +#define SEC_DESC_REVISION 0x1 /* SEC_DESC */ typedef struct security_descriptor_info diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 991f66a8ac..f9365b481d 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1493,20 +1493,22 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr) static SEC_DESC_BUF *construct_default_printer_sdb(void) { extern DOM_SID global_sid_World; - SEC_ACE ace; + SEC_ACE ace[2]; SEC_ACCESS sa; SEC_ACL *psa = NULL; SEC_DESC_BUF *sdb = NULL; SEC_DESC *psd = NULL; size_t sd_size; - init_sec_access(&sa,PRINTER_ALL_ACCESS); - init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); + init_sec_access(&sa,PRINTER_MANAGE_DOCUMENTS); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, + sa, SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY); + init_sec_ace(&ace[1], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, + sa, SEC_ACE_FLAG_CONTAINER_INHERIT); - if ((psa = make_sec_acl( 3, 1, &ace)) != NULL) { - psd = make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, - &global_sid_World, &global_sid_World, - NULL, psa, &sd_size); + if ((psa = make_sec_acl( ACL_REVISION, 2, &ace)) != NULL) { + psd = make_sec_desc(SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + &global_sid_World, &global_sid_World, NULL, psa, &sd_size); free_sec_acl(&psa); } diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 25450e0b19..4a7db6d7c2 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -411,7 +411,7 @@ void free_sec_desc(SEC_DESC **ppsd) SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *dacl, size_t *sd_size) { - return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + return make_sec_desc(SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, owner_sid, grp_sid, NULL, dacl, sd_size); } diff --git a/source3/smbd/unix_acls.c b/source3/smbd/unix_acls.c index 40bb281c74..7a2dc6ab6e 100644 --- a/source3/smbd/unix_acls.c +++ b/source3/smbd/unix_acls.c @@ -423,7 +423,7 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) } if(num_acls) - if((psa = make_sec_acl( 3, num_acls, ace_list)) == NULL) { + if((psa = make_sec_acl( ACL_REVISION, num_acls, ace_list)) == NULL) { DEBUG(0,("get_nt_acl: Unable to malloc space for acl.\n")); return 0; } -- cgit