Changeset 745 for trunk/server/source3/lib/secdesc.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/lib/secdesc.c (modified) (29 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/lib/secdesc.c
r414 r745 22 22 23 23 #include "includes.h" 24 25 26 27 28 29 30 31 32 24 33 25 34 /* Map generic permissions to file object specific permissions */ … … 36 45 ********************************************************************/ 37 46 38 uint32_t get_sec_info(const SEC_DESC*sd)47 uint32_t get_sec_info(const *sd) 39 48 { 40 49 uint32_t sec_info = ALL_SECURITY_INFORMATION; … … 43 52 44 53 if (sd->owner_sid == NULL) { 45 sec_info &= ~ OWNER_SECURITY_INFORMATION;54 sec_info &= ~; 46 55 } 47 56 if (sd->group_sid == NULL) { 48 sec_info &= ~ GROUP_SECURITY_INFORMATION;57 sec_info &= ~; 49 58 } 50 59 if (sd->sacl == NULL) { 51 sec_info &= ~S ACL_SECURITY_INFORMATION;60 sec_info &= ~S; 52 61 } 53 62 if (sd->dacl == NULL) { 54 sec_info &= ~ DACL_SECURITY_INFORMATION;63 sec_info &= ~; 55 64 } 56 65 … … 64 73 ********************************************************************/ 65 74 66 SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF*old_sdb)67 { 68 DOM_SID*owner_sid, *group_sid;69 SEC_DESC_BUF*return_sdb;70 SEC_ACL*dacl, *sacl;71 SEC_DESC*psd = NULL;75 *old_sdb) 76 { 77 *owner_sid, *group_sid; 78 *return_sdb; 79 *dacl, *sacl; 80 *psd = NULL; 72 81 uint16 secdesc_type; 73 82 size_t secdesc_size; … … 109 118 } 110 119 111 /******************************************************************* 112 Creates a SEC_DESC structure 113 ********************************************************************/ 114 115 SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, 120 struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_descriptor *new_sdb, struct security_descriptor *old_sdb) 121 { 122 struct dom_sid *owner_sid, *group_sid; 123 struct security_acl *dacl, *sacl; 124 struct security_descriptor *psd = NULL; 125 uint16 secdesc_type; 126 size_t secdesc_size; 127 128 /* Copy over owner and group sids. There seems to be no flag for 129 this so just check the pointer values. */ 130 131 owner_sid = new_sdb->owner_sid ? new_sdb->owner_sid : 132 old_sdb->owner_sid; 133 134 group_sid = new_sdb->group_sid ? new_sdb->group_sid : 135 old_sdb->group_sid; 136 137 secdesc_type = new_sdb->type; 138 139 /* Ignore changes to the system ACL. This has the effect of making 140 changes through the security tab audit button not sticking. 141 Perhaps in future Samba could implement these settings somehow. */ 142 143 sacl = NULL; 144 secdesc_type &= ~SEC_DESC_SACL_PRESENT; 145 146 /* Copy across discretionary ACL */ 147 148 if (secdesc_type & SEC_DESC_DACL_PRESENT) { 149 dacl = new_sdb->dacl; 150 } else { 151 dacl = old_sdb->dacl; 152 } 153 154 /* Create new security descriptor from bits */ 155 psd = make_sec_desc(ctx, new_sdb->revision, secdesc_type, 156 owner_sid, group_sid, sacl, dacl, &secdesc_size); 157 158 return psd; 159 } 160 161 /******************************************************************* 162 Creates a struct security_descriptor structure 163 ********************************************************************/ 164 165 #define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32)) 166 167 struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx, 116 168 enum security_descriptor_revision revision, 117 169 uint16 type, 118 const DOM_SID *owner_sid, const DOM_SID*grp_sid,119 SEC_ACL *sacl, SEC_ACL*dacl, size_t *sd_size)120 { 121 SEC_DESC*dst;170 const *grp_sid, 171 *dacl, size_t *sd_size) 172 { 173 *dst; 122 174 uint32 offset = 0; 123 175 124 176 *sd_size = 0; 125 177 126 if(( dst = TALLOC_ZERO_P(ctx, SEC_DESC)) == NULL)178 if(( dst = TALLOC_ZERO_P(ctx, )) == NULL) 127 179 return NULL; 128 180 … … 140 192 dst->dacl = NULL; 141 193 142 if(owner_sid && ((dst->owner_sid = sid_dup_talloc(dst,owner_sid)) == NULL))194 if(owner_sid && ((dst->owner_sid = (dst,owner_sid)) == NULL)) 143 195 goto error_exit; 144 196 145 if(grp_sid && ((dst->group_sid = sid_dup_talloc(dst,grp_sid)) == NULL))197 if(grp_sid && ((dst->group_sid = (dst,grp_sid)) == NULL)) 146 198 goto error_exit; 147 199 … … 166 218 167 219 if (dst->owner_sid != NULL) { 168 offset += ndr_size_dom_sid(dst->owner_sid, NULL,0);220 offset += ndr_size_dom_sid(dst->owner_sid, 0); 169 221 } 170 222 171 223 if (dst->group_sid != NULL) { 172 offset += ndr_size_dom_sid(dst->group_sid, NULL,0);224 offset += ndr_size_dom_sid(dst->group_sid, 0); 173 225 } 174 226 … … 183 235 184 236 /******************************************************************* 185 Duplicate a SEC_DESC structure.186 ********************************************************************/ 187 188 SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC*src)237 Duplicate a 238 ********************************************************************/ 239 240 *src) 189 241 { 190 242 size_t dummy; … … 209 261 210 262 ndr_err = ndr_push_struct_blob( 211 &blob, mem_ctx, NULL,secdesc,263 &blob, mem_ctx, secdesc, 212 264 (ndr_push_flags_fn_t)ndr_push_security_descriptor); 213 265 … … 215 267 DEBUG(0, ("ndr_push_security_descriptor failed: %s\n", 216 268 ndr_errstr(ndr_err))); 217 return ndr_map_error2ntstatus(ndr_err); ;269 return ndr_map_error2ntstatus(ndr_err); 218 270 } 219 271 … … 235 287 236 288 ndr_err = ndr_push_struct_blob( 237 &blob, mem_ctx, NULL,secdesc_buf,289 &blob, mem_ctx, secdesc_buf, 238 290 (ndr_push_flags_fn_t)ndr_push_sec_desc_buf); 239 291 … … 241 293 DEBUG(0, ("ndr_push_sec_desc_buf failed: %s\n", 242 294 ndr_errstr(ndr_err))); 243 return ndr_map_error2ntstatus(ndr_err); ;295 return ndr_map_error2ntstatus(ndr_err); 244 296 } 245 297 … … 270 322 blob = data_blob_const(data, len); 271 323 272 ndr_err = ndr_pull_struct_blob( 273 &blob, result, NULL, result, 324 ndr_err = ndr_pull_struct_blob(&blob, result, result, 274 325 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); 275 326 … … 278 329 ndr_errstr(ndr_err))); 279 330 TALLOC_FREE(result); 280 return ndr_map_error2ntstatus(ndr_err); ;331 return ndr_map_error2ntstatus(ndr_err); 281 332 } 282 333 … … 307 358 blob = data_blob_const(data, len); 308 359 309 ndr_err = ndr_pull_struct_blob( 310 &blob, result, NULL, result, 360 ndr_err = ndr_pull_struct_blob(&blob, result, result, 311 361 (ndr_pull_flags_fn_t)ndr_pull_sec_desc_buf); 312 362 … … 315 365 ndr_errstr(ndr_err))); 316 366 TALLOC_FREE(result); 317 return ndr_map_error2ntstatus(ndr_err); ;367 return ndr_map_error2ntstatus(ndr_err); 318 368 } 319 369 … … 323 373 324 374 /******************************************************************* 325 Creates a SEC_DESCstructure with typical defaults.326 ********************************************************************/ 327 328 SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID*grp_sid,329 SEC_ACL*dacl, size_t *sd_size)375 Creates a structure with typical defaults. 376 ********************************************************************/ 377 378 *grp_sid, 379 *dacl, size_t *sd_size) 330 380 { 331 381 return make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, … … 335 385 336 386 /******************************************************************* 337 Creates a SEC_DESC_BUFstructure.338 ********************************************************************/ 339 340 SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC*sec_desc)341 { 342 SEC_DESC_BUF*dst;343 344 if((dst = TALLOC_ZERO_P(ctx, SEC_DESC_BUF)) == NULL)387 Creates a structure. 388 ********************************************************************/ 389 390 *sec_desc) 391 { 392 *dst; 393 394 if((dst = TALLOC_ZERO_P(ctx, )) == NULL) 345 395 return NULL; 346 396 … … 356 406 357 407 /******************************************************************* 358 Duplicates a SEC_DESC_BUFstructure.359 ********************************************************************/ 360 361 SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF*src)408 Duplicates a structure. 409 ********************************************************************/ 410 411 *src) 362 412 { 363 413 if(src == NULL) … … 368 418 369 419 /******************************************************************* 370 Add a new SID with its permissions to SEC_DESC.371 ********************************************************************/ 372 373 NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID*sid, uint32 mask, size_t *sd_size)374 { 375 SEC_DESC*sd = 0;376 SEC_ACL*dacl = 0;377 SEC_ACE*ace = 0;420 Add a new SID with its permissions to . 421 ********************************************************************/ 422 423 NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, *sid, uint32 mask, size_t *sd_size) 424 { 425 *sd = 0; 426 *dacl = 0; 427 *ace = 0; 378 428 NTSTATUS status; 379 429 … … 401 451 402 452 /******************************************************************* 403 Modify a SID's permissions in a SEC_DESC.404 ********************************************************************/ 405 406 NTSTATUS sec_desc_mod_sid( SEC_DESC *sd, DOM_SID*sid, uint32 mask)453 Modify a SID's permissions in a . 454 ********************************************************************/ 455 456 NTSTATUS sec_desc_mod_sid( *sid, uint32 mask) 407 457 { 408 458 NTSTATUS status; … … 420 470 421 471 /******************************************************************* 422 Delete a SID from a SEC_DESC.423 ********************************************************************/ 424 425 NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID*sid, size_t *sd_size)426 { 427 SEC_DESC*sd = 0;428 SEC_ACL*dacl = 0;429 SEC_ACE*ace = 0;472 Delete a SID from a . 473 ********************************************************************/ 474 475 NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, *sid, size_t *sd_size) 476 { 477 *sd = 0; 478 *dacl = 0; 479 *ace = 0; 430 480 NTSTATUS status; 431 481 … … 453 503 454 504 /* 455 * Determine if an ACEis inheritable505 * Determine if an is inheritable 456 506 */ 457 507 458 static bool is_inheritable_ace(const SEC_ACE*ace,508 static bool is_inheritable_ace(const *ace, 459 509 bool container) 460 510 { … … 480 530 */ 481 531 482 bool sd_has_inheritable_components(const SEC_DESC*parent_ctr, bool container)532 bool sd_has_inheritable_components(const *parent_ctr, bool container) 483 533 { 484 534 unsigned int i; 485 const SEC_ACL*the_acl = parent_ctr->dacl;535 const *the_acl = parent_ctr->dacl; 486 536 487 537 for (i = 0; i < the_acl->num_aces; i++) { 488 const SEC_ACE*ace = &the_acl->aces[i];538 const *ace = &the_acl->aces[i]; 489 539 490 540 if (is_inheritable_ace(ace, container)) { … … 500 550 501 551 NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, 502 SEC_DESC**ppsd,552 **ppsd, 503 553 size_t *psize, 504 const SEC_DESC*parent_ctr,505 const DOM_SID*owner_sid,506 const DOM_SID*group_sid,554 const *parent_ctr, 555 const *owner_sid, 556 const *group_sid, 507 557 bool container) 508 558 { 509 SEC_ACL*new_dacl = NULL, *the_acl = NULL;510 SEC_ACE*new_ace_list = NULL;559 *new_dacl = NULL, *the_acl = NULL; 560 *new_ace_list = NULL; 511 561 unsigned int new_ace_list_ndx = 0, i; 512 562 … … 525 575 } 526 576 527 if (!(new_ace_list = TALLOC_ARRAY(ctx, SEC_ACE,577 if (!(new_ace_list = TALLOC_ARRAY(ctx,