summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2003-09-19 21:57:46 +0000
committerJeremy Allison <jra@samba.org>2003-09-19 21:57:46 +0000
commit8139c5fcfa6bd26ce03af41c374f84be48343666 (patch)
treee96b2089507cba6c52d12c989f4c1d9a792785a4
parent389bf06cde17871fe4d8ef4cecc1cf92ef91e6be (diff)
downloadsamba-8139c5fcfa6bd26ce03af41c374f84be48343666.tar.gz
samba-8139c5fcfa6bd26ce03af41c374f84be48343666.tar.xz
samba-8139c5fcfa6bd26ce03af41c374f84be48343666.zip
Ensure that dup_sec_desc copies the 'type' field correctly. This caused
me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 546b2271c08735ac1049a453abac996d794aa364)
-rw-r--r--source3/lib/util_seaccess.c4
-rw-r--r--source3/printing/nt_printing.c6
-rw-r--r--source3/python/py_ntsec.c2
-rw-r--r--source3/rpc_parse/parse_sec.c20
-rw-r--r--source3/rpc_server/srv_lsa_nt.c2
-rw-r--r--source3/rpc_server/srv_samr_nt.c8
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c2
-rw-r--r--source3/utils/smbcacls.c6
8 files changed, 26 insertions, 24 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index eba8cab7fb8..2482d582d2c 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -435,7 +435,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
correct. Perhaps the user and group should be passed in as
parameters by the caller? */
- sd = make_sec_desc(ctx, SEC_DESC_REVISION,
+ sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
parent_ctr->owner_sid,
parent_ctr->grp_sid,
parent_ctr->sacl,
@@ -479,7 +479,7 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 868f68c0798..9c95cf90856 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -4572,7 +4572,7 @@ WERROR nt_printing_setsec(const char *printername, SEC_DESC_BUF *secdesc_ctr)
/* Make a deep copy of the security descriptor */
- psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision,
+ psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision, secdesc_ctr->sec->type,
owner_sid, group_sid,
sacl,
dacl,
@@ -4665,7 +4665,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
NT5 machine. */
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) != NULL) {
- psd = make_sec_desc(ctx, SEC_DESC_REVISION,
+ psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
&owner_sid, NULL,
NULL, psa, &sd_size);
}
@@ -4741,7 +4741,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *printername, SEC_DESC_BUF *
sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
- psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision,
+ psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision, (*secdesc_ctr)->sec->type,
&owner_sid,
(*secdesc_ctr)->sec->grp_sid,
(*secdesc_ctr)->sec->sacl,
diff --git a/source3/python/py_ntsec.c b/source3/python/py_ntsec.c
index 3d408e0bda2..5ce5e8fc1be 100644
--- a/source3/python/py_ntsec.c
+++ b/source3/python/py_ntsec.c
@@ -276,7 +276,7 @@ BOOL py_to_SECDESC(SEC_DESC **sd, PyObject *dict, TALLOC_CTX *mem_ctx)
{
size_t sd_size;
- *sd = make_sec_desc(mem_ctx, revision,
+ *sd = make_sec_desc(mem_ctx, revision, SEC_DESC_SELF_RELATIVE,
got_owner_sid ? &owner_sid : NULL,
got_group_sid ? &group_sid : NULL,
got_sacl ? &sacl : NULL,
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
index 3848bd7051f..0ed930c08d8 100644
--- a/source3/rpc_parse/parse_sec.c
+++ b/source3/rpc_parse/parse_sec.c
@@ -561,7 +561,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU
/* Create new security descriptor from bits */
- psd = make_sec_desc(ctx, new_sdb->sec->revision,
+ psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type,
owner_sid, group_sid, sacl, dacl, &secdesc_size);
return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd);
@@ -573,7 +573,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU
Creates a SEC_DESC structure
********************************************************************/
-SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
+SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type,
DOM_SID *owner_sid, DOM_SID *grp_sid,
SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
{
@@ -586,10 +586,12 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
return NULL;
dst->revision = revision;
- dst->type = SEC_DESC_SELF_RELATIVE;
+ dst->type = type;
- if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
- if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
+ if (sacl)
+ dst->type |= SEC_DESC_SACL_PRESENT;
+ if (dacl)
+ dst->type |= SEC_DESC_DACL_PRESENT;
dst->off_owner_sid = 0;
dst->off_grp_sid = 0;
@@ -654,7 +656,7 @@ SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
if(src == NULL)
return NULL;
- return make_sec_desc( ctx, src->revision,
+ return make_sec_desc( ctx, src->revision, src->type,
src->owner_sid, src->grp_sid, src->sacl,
src->dacl, &dummy);
}
@@ -666,7 +668,7 @@ SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *grp_sid,
SEC_ACL *dacl, size_t *sd_size)
{
- return make_sec_desc(ctx, SEC_DESC_REVISION,
+ return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
owner_sid, grp_sid, NULL, dacl, sd_size);
}
@@ -924,7 +926,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32
if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
return NT_STATUS_UNSUCCESSFUL;
- if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid,
+ if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
return NT_STATUS_UNSUCCESSFUL;
@@ -976,7 +978,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t
if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
return NT_STATUS_UNSUCCESSFUL;
- if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid,
+ if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
return NT_STATUS_UNSUCCESSFUL;
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 330dd727efd..686a3069bbf 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -334,7 +334,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, &adm_sid, NULL, NULL, psa, sd_size)) == NULL)
+ if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &adm_sid, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 261d641ab10..828e07c1ad9 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -467,7 +467,7 @@ static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
@@ -510,7 +510,7 @@ static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
@@ -549,7 +549,7 @@ static NTSTATUS samr_make_grp_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
@@ -588,7 +588,7 @@ static NTSTATUS samr_make_ali_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
- if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index ea66a7d38b4..4d1cf9bddcb 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -184,7 +184,7 @@ static SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, int snum, size_t *
init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
- psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, psize);
+ psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, psize);
}
if (!psd) {
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 58ee57b5dd2..5a70d168842 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -389,7 +389,7 @@ static SEC_DESC *sec_desc_parse(char *str)
return NULL;
}
- ret = make_sec_desc(ctx,revision, owner_sid, grp_sid,
+ ret = make_sec_desc(ctx,revision, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid,
NULL, dacl, &sd_size);
SAFE_FREE(grp_sid);
@@ -504,7 +504,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
return EXIT_FAILED;
}
- sd = make_sec_desc(ctx,old->revision,
+ sd = make_sec_desc(ctx,old->revision, old->type,
(change_mode == REQUEST_CHOWN) ? &sid : NULL,
(change_mode == REQUEST_CHGRP) ? &sid : NULL,
NULL, NULL, &sd_size);
@@ -679,7 +679,7 @@ static int cacl_set(struct cli_state *cli, char *filename,
sort_acl(old->dacl);
/* Create new security descriptor and set it */
- sd = make_sec_desc(ctx,old->revision, NULL, NULL,
+ sd = make_sec_desc(ctx,old->revision, old->type, NULL, NULL,
NULL, old->dacl, &sd_size);
fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS);