From 762e7e1dff89cc14b0130fc9a22038b0845630a2 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 6 Oct 2003 01:24:48 +0000 Subject: split some security related functions in their own files. (no need to include all of smbd files to use some basic sec functions) also minor compile fixes (This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d) --- source3/lib/secace.c | 285 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 285 insertions(+) create mode 100644 source3/lib/secace.c (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c new file mode 100644 index 0000000000..6769f1288a --- /dev/null +++ b/source3/lib/secace.c @@ -0,0 +1,285 @@ +/* + * Unix SMB/Netbios implementation. + * SEC_ACE handling functions + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Jeremy R. Allison 1995-2003. + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Paul Ashton 1997-1998. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +/******************************************************************* + Check if ACE has OBJECT type. +********************************************************************/ + +BOOL sec_ace_object(uint8 type) +{ + if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || + type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || + type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || + type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) { + return True; + } + return False; +} + +/******************************************************************* + copy a SEC_ACE structure. +********************************************************************/ +void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) +{ + ace_dest->type = ace_src->type; + ace_dest->flags = ace_src->flags; + ace_dest->size = ace_src->size; + ace_dest->info.mask = ace_src->info.mask; + ace_dest->obj_flags = ace_src->obj_flags; + memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE); + memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE); + sid_copy(&ace_dest->trustee, &ace_src->trustee); +} + +/******************************************************************* + Sets up a SEC_ACE structure. +********************************************************************/ + +void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) +{ + t->type = type; + t->flags = flag; + t->size = sid_size(sid) + 8; + t->info = mask; + + ZERO_STRUCTP(&t->trustee); + sid_copy(&t->trustee, sid); +} + +/******************************************************************* + adds new SID with its permissions to ACE list +********************************************************************/ + +NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask) +{ + unsigned int i = 0; + + if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; + + *num += 1; + + if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0) + return NT_STATUS_NO_MEMORY; + + for (i = 0; i < *num - 1; i ++) + sec_ace_copy(&(*new)[i], &old[i]); + + (*new)[i].type = 0; + (*new)[i].flags = 0; + (*new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); + (*new)[i].info.mask = mask; + sid_copy(&(*new)[i].trustee, sid); + return NT_STATUS_OK; +} + +/******************************************************************* + modify SID's permissions at ACL +********************************************************************/ + +NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) +{ + unsigned int i = 0; + + if (!ace || !sid) return NT_STATUS_INVALID_PARAMETER; + + for (i = 0; i < num; i ++) { + if (sid_compare(&ace[i].trustee, sid) == 0) { + ace[i].info.mask = mask; + return NT_STATUS_OK; + } + } + return NT_STATUS_NOT_FOUND; +} + +/******************************************************************* + delete SID from ACL +********************************************************************/ + +NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, uint32 *num, DOM_SID *sid) +{ + unsigned int i = 0; + unsigned int n_del = 0; + + if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; + + if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0) + return NT_STATUS_NO_MEMORY; + + for (i = 0; i < *num; i ++) { + if (sid_compare(&old[i].trustee, sid) != 0) + sec_ace_copy(&(*new)[i], &old[i]); + else + n_del ++; + } + if (n_del == 0) + return NT_STATUS_NOT_FOUND; + else { + *num -= n_del; + return NT_STATUS_OK; + } +} + +/******************************************************************* + Compares two SEC_ACE structures +********************************************************************/ + +BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) +{ + /* Trivial case */ + + if (!s1 && !s2) return True; + + /* Check top level stuff */ + + if (s1->type != s2->type || s1->flags != s2->flags || + s1->info.mask != s2->info.mask) { + return False; + } + + /* Check SID */ + + if (!sid_equal(&s1->trustee, &s2->trustee)) { + return False; + } + + return True; +} + +int nt_ace_inherit_comp( SEC_ACE *a1, SEC_ACE *a2) +{ + int a1_inh = a1->flags & SEC_ACE_FLAG_INHERITED_ACE; + int a2_inh = a2->flags & SEC_ACE_FLAG_INHERITED_ACE; + + if (a1_inh == a2_inh) + return 0; + + if (!a1_inh && a2_inh) + return -1; + return 1; +} + +/******************************************************************* + Comparison function to apply the order explained below in a group. +*******************************************************************/ + +int nt_ace_canon_comp( SEC_ACE *a1, SEC_ACE *a2) +{ + if ((a1->type == SEC_ACE_TYPE_ACCESS_DENIED) && + (a2->type != SEC_ACE_TYPE_ACCESS_DENIED)) + return -1; + + if ((a2->type == SEC_ACE_TYPE_ACCESS_DENIED) && + (a1->type != SEC_ACE_TYPE_ACCESS_DENIED)) + return 1; + + /* Both access denied or access allowed. */ + + /* 1. ACEs that apply to the object itself */ + + if (!(a1->flags & SEC_ACE_FLAG_INHERIT_ONLY) && + (a2->flags & SEC_ACE_FLAG_INHERIT_ONLY)) + return -1; + else if (!(a2->flags & SEC_ACE_FLAG_INHERIT_ONLY) && + (a1->flags & SEC_ACE_FLAG_INHERIT_ONLY)) + return 1; + + /* 2. ACEs that apply to a subobject of the object, such as + * a property set or property. */ + + if (a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) && + !(a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT))) + return -1; + else if (a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) && + !(a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT))) + return 1; + + return 0; +} + +/******************************************************************* + Functions to convert a SEC_DESC ACE DACL list into canonical order. + JRA. + +--- from http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/order_of_aces_in_a_dacl.asp + +The following describes the preferred order: + + To ensure that noninherited ACEs have precedence over inherited ACEs, + place all noninherited ACEs in a group before any inherited ACEs. + This ordering ensures, for example, that a noninherited access-denied ACE + is enforced regardless of any inherited ACE that allows access. + + Within the groups of noninherited ACEs and inherited ACEs, order ACEs according to ACE type, as the following shows: + 1. Access-denied ACEs that apply to the object itself + 2. Access-denied ACEs that apply to a subobject of the object, such as a property set or property + 3. Access-allowed ACEs that apply to the object itself + 4. Access-allowed ACEs that apply to a subobject of the object" + +********************************************************************/ + +void dacl_sort_into_canonical_order(SEC_ACE *srclist, unsigned int num_aces) +{ + unsigned int i; + + if (!srclist || num_aces == 0) + return; + + /* Sort so that non-inherited ACE's come first. */ + qsort( srclist, num_aces, sizeof(srclist[0]), QSORT_CAST nt_ace_inherit_comp); + + /* Find the boundary between non-inherited ACEs. */ + for (i = 0; i < num_aces; i++ ) { + SEC_ACE *curr_ace = &srclist[i]; + + if (curr_ace->flags & SEC_ACE_FLAG_INHERITED_ACE) + break; + } + + /* i now points at entry number of the first inherited ACE. */ + + /* Sort the non-inherited ACEs. */ + if (i) + qsort( srclist, i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); + + /* Now sort the inherited ACEs. */ + if (num_aces - i) + qsort( &srclist[i], num_aces - i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); +} + +/******************************************************************* + Check if this ACE has a SID in common with the token. +********************************************************************/ + +BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) +{ + size_t i; + + for (i = 0; i < token->num_sids; i++) { + if (sid_equal(&ace->trustee, &token->user_sids[i])) + return True; + } + + return False; +} -- cgit From 8ad3d8c9b065f3a2040beff801bdc9dceac868a8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 13 Apr 2004 14:39:48 +0000 Subject: r196: merging struct uuid from trunk (This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb) --- source3/lib/secace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index 6769f1288a..8c54c97043 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -48,8 +48,8 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ace_dest->size = ace_src->size; ace_dest->info.mask = ace_src->info.mask; ace_dest->obj_flags = ace_src->obj_flags; - memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE); - memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE); + memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct uuid)); + memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct uuid)); sid_copy(&ace_dest->trustee, &ace_src->trustee); } -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/lib/secace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index 8c54c97043..e44d9aa940 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -80,7 +80,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned *num += 1; - if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0) + if((new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) return NT_STATUS_NO_MEMORY; for (i = 0; i < *num - 1; i ++) @@ -124,7 +124,7 @@ NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, uint32 *n if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; - if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0) + if((new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) return NT_STATUS_NO_MEMORY; for (i = 0; i < *num; i ++) { -- cgit From 83e11ba86c2401ece3c845fd10c22b84e6be7811 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 9 Apr 2005 11:46:40 +0000 Subject: r6263: Get rid of generate_wellknown_sids, they are const static and initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9) --- source3/lib/secace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index e44d9aa940..c550dcce31 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -57,7 +57,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) Sets up a SEC_ACE structure. ********************************************************************/ -void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) +void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) { t->type = type; t->flags = flag; -- cgit From 19ca97a70f6b7b41d251eaa76e4d3c980c6eedff Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 24 Jun 2005 20:25:18 +0000 Subject: r7882: Looks like a large patch - but what it actually does is make Samba safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a) --- source3/lib/secace.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index c550dcce31..b2cf81d0fd 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -72,25 +72,25 @@ void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, u adds new SID with its permissions to ACE list ********************************************************************/ -NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask) +NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask) { unsigned int i = 0; - if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; + if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; *num += 1; - if((new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) + if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) return NT_STATUS_NO_MEMORY; for (i = 0; i < *num - 1; i ++) - sec_ace_copy(&(*new)[i], &old[i]); + sec_ace_copy(&(*pp_new)[i], &old[i]); - (*new)[i].type = 0; - (*new)[i].flags = 0; - (*new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); - (*new)[i].info.mask = mask; - sid_copy(&(*new)[i].trustee, sid); + (*pp_new)[i].type = 0; + (*pp_new)[i].flags = 0; + (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); + (*pp_new)[i].info.mask = mask; + sid_copy(&(*pp_new)[i].trustee, sid); return NT_STATUS_OK; } @@ -117,19 +117,19 @@ NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) delete SID from ACL ********************************************************************/ -NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, uint32 *num, DOM_SID *sid) +NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 *num, DOM_SID *sid) { unsigned int i = 0; unsigned int n_del = 0; - if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; + if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; - if((new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) + if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) return NT_STATUS_NO_MEMORY; for (i = 0; i < *num; i ++) { if (sid_compare(&old[i].trustee, sid) != 0) - sec_ace_copy(&(*new)[i], &old[i]); + sec_ace_copy(&(*pp_new)[i], &old[i]); else n_del ++; } -- cgit From 1eea156f571e498a33dd8ad528f3fb94433a8311 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Mar 2006 01:01:34 +0000 Subject: r13999: Quick fix for Coverity bug #11. Jeremy. (This used to be commit b9de6c926953b3321fa3850d501c807c6eabf230) --- source3/lib/secace.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index b2cf81d0fd..f1d4d99cc1 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -149,7 +149,13 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) { /* Trivial case */ - if (!s1 && !s2) return True; + if (!s1 && !s2) { + return True; + } + + if (!s1 || !s2) { + return False; + } /* Check top level stuff */ -- cgit From 4e7d11449ad419f4fa791e26e059a9f73d6d4042 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 19 Sep 2006 00:12:11 +0000 Subject: r18654: Rename "struct uuid" => "struct GUID" for consistency. (This used to be commit 5de76767e857e9d159ea46e2ded612ccd6d6bf19) --- source3/lib/secace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index f1d4d99cc1..eb2fdd5c2b 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -48,8 +48,8 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ace_dest->size = ace_src->size; ace_dest->info.mask = ace_src->info.mask; ace_dest->obj_flags = ace_src->obj_flags; - memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct uuid)); - memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct uuid)); + memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct GUID)); + memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct GUID)); sid_copy(&ace_dest->trustee, &ace_src->trustee); } -- cgit From 4db7642caa99c1b054322a8971c4b673556487ce Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 20 Sep 2006 22:23:12 +0000 Subject: r18745: Use the Samba4 data structures for security descriptors and security descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366) --- source3/lib/secace.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index eb2fdd5c2b..d60722c57e 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -46,10 +46,8 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ace_dest->type = ace_src->type; ace_dest->flags = ace_src->flags; ace_dest->size = ace_src->size; - ace_dest->info.mask = ace_src->info.mask; - ace_dest->obj_flags = ace_src->obj_flags; - memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct GUID)); - memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct GUID)); + ace_dest->access_mask = ace_src->access_mask; + ace_dest->object = ace_src->object; sid_copy(&ace_dest->trustee, &ace_src->trustee); } @@ -57,12 +55,12 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) Sets up a SEC_ACE structure. ********************************************************************/ -void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) +void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, uint32 mask, uint8 flag) { t->type = type; t->flags = flag; t->size = sid_size(sid) + 8; - t->info = mask; + t->access_mask = mask; ZERO_STRUCTP(&t->trustee); sid_copy(&t->trustee, sid); @@ -89,7 +87,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsign (*pp_new)[i].type = 0; (*pp_new)[i].flags = 0; (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); - (*pp_new)[i].info.mask = mask; + (*pp_new)[i].access_mask = mask; sid_copy(&(*pp_new)[i].trustee, sid); return NT_STATUS_OK; } @@ -106,7 +104,7 @@ NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) for (i = 0; i < num; i ++) { if (sid_compare(&ace[i].trustee, sid) == 0) { - ace[i].info.mask = mask; + ace[i].access_mask = mask; return NT_STATUS_OK; } } @@ -160,7 +158,7 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) /* Check top level stuff */ if (s1->type != s2->type || s1->flags != s2->flags || - s1->info.mask != s2->info.mask) { + s1->access_mask != s2->access_mask) { return False; } -- cgit From 56a5d05b8b285250bdc0e9cc3c8f3c3d8af80382 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 30 Apr 2007 02:51:26 +0000 Subject: r22590: Make TALLOC_ARRAY consistent across all uses. That should be it.... Jeremy. (This used to be commit 603233a98bbf65467c8b4f04719d771c70b3b4c9) --- source3/lib/secace.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index d60722c57e..871c983533 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -122,8 +122,12 @@ NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; - if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) - return NT_STATUS_NO_MEMORY; + if (*num) { + if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) + return NT_STATUS_NO_MEMORY; + } else { + pp_new[0] = NULL; + } for (i = 0; i < *num; i ++) { if (sid_compare(&old[i].trustee, sid) != 0) -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/secace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index 871c983533..926169e0a1 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -8,7 +8,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/lib/secace.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index 926169e0a1..ff6a5105a3 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -17,8 +17,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #include "includes.h" -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/lib/secace.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index ff6a5105a3..9e533a5a28 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -26,7 +26,7 @@ Check if ACE has OBJECT type. ********************************************************************/ -BOOL sec_ace_object(uint8 type) +bool sec_ace_object(uint8 type) { if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || @@ -146,7 +146,7 @@ NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 Compares two SEC_ACE structures ********************************************************************/ -BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) +bool sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) { /* Trivial case */ @@ -279,7 +279,7 @@ void dacl_sort_into_canonical_order(SEC_ACE *srclist, unsigned int num_aces) Check if this ACE has a SID in common with the token. ********************************************************************/ -BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) +bool token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) { size_t i; -- cgit From 99b86e4a266b99634f6a65015f6df115c421d3e5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 20 Dec 2007 22:27:01 +0100 Subject: Some C++ fixes (This used to be commit 5c392c4c6e277a24d0d477902dc7856b2b46ee53) --- source3/lib/secace.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index 9e533a5a28..90ecc342cd 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -54,7 +54,8 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) Sets up a SEC_ACE structure. ********************************************************************/ -void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, uint32 mask, uint8 flag) +void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type, + uint32 mask, uint8 flag) { t->type = type; t->flags = flag; @@ -83,7 +84,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsign for (i = 0; i < *num - 1; i ++) sec_ace_copy(&(*pp_new)[i], &old[i]); - (*pp_new)[i].type = 0; + (*pp_new)[i].type = SEC_ACE_TYPE_ACCESS_ALLOWED; (*pp_new)[i].flags = 0; (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); (*pp_new)[i].access_mask = mask; -- cgit From a59280792cab616f5b269960ab68bc44ccc1fd38 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 29 Dec 2007 22:16:31 +0100 Subject: Remove tiny code duplication sid_size did the same as ndr_size_dom_sid (This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389) --- source3/lib/secace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/secace.c') diff --git a/source3/lib/secace.c b/source3/lib/secace.c index 90ecc342cd..8760a6109a 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -59,7 +59,7 @@ void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type, { t->type = type; t->flags = flag; - t->size = sid_size(sid) + 8; + t->size = ndr_size_dom_sid(sid, 0) + 8; t->access_mask = mask; ZERO_STRUCTP(&t->trustee); @@ -86,7 +86,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsign (*pp_new)[i].type = SEC_ACE_TYPE_ACCESS_ALLOWED; (*pp_new)[i].flags = 0; - (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); + (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + ndr_size_dom_sid(sid, 0); (*pp_new)[i].access_mask = mask; sid_copy(&(*pp_new)[i].trustee, sid); return NT_STATUS_OK; -- cgit