diff options
-rw-r--r-- | source/include/rpc_secdes.h | 24 | ||||
-rw-r--r-- | source/include/vfs.h | 2 | ||||
-rw-r--r-- | source/lib/display_sec.c | 10 | ||||
-rw-r--r-- | source/lib/secace.c | 10 | ||||
-rw-r--r-- | source/lib/secacl.c | 8 | ||||
-rw-r--r-- | source/lib/secdesc.c | 54 | ||||
-rw-r--r-- | source/lib/util_seaccess.c | 10 | ||||
-rw-r--r-- | source/libads/disp_sec.c | 12 | ||||
-rw-r--r-- | source/libsmb/libsmbclient.c | 82 | ||||
-rw-r--r-- | source/printing/nt_printing.c | 26 | ||||
-rw-r--r-- | source/rpc_parse/parse_sec.c | 32 | ||||
-rw-r--r-- | source/rpc_server/srv_samr_nt.c | 4 | ||||
-rw-r--r-- | source/rpc_server/srv_spoolss_nt.c | 8 | ||||
-rw-r--r-- | source/rpc_server/srv_srvsvc_nt.c | 8 | ||||
-rw-r--r-- | source/smbd/nttrans.c | 2 | ||||
-rw-r--r-- | source/smbd/posix_acls.c | 28 | ||||
-rw-r--r-- | source/utils/net_usershare.c | 8 | ||||
-rw-r--r-- | source/utils/profiles.c | 8 | ||||
-rw-r--r-- | source/utils/sharesec.c | 66 | ||||
-rw-r--r-- | source/utils/smbcacls.c | 68 |
20 files changed, 221 insertions, 249 deletions
diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h index 83c3b669144..9e65052f849 100644 --- a/source/include/rpc_secdes.h +++ b/source/include/rpc_secdes.h @@ -72,20 +72,15 @@ PROTECTED_DACL_SECURITY_INFORMATION) /* SEC_ACCESS */ -typedef struct security_info_info -{ - uint32 mask; - -} SEC_ACCESS; +typedef uint32 SEC_ACCESS; /* SEC_ACE */ -typedef struct security_ace_info -{ +typedef struct security_ace_info { uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */ uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */ uint16 size; - SEC_ACCESS info; + SEC_ACCESS access_mask; /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */ uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */ @@ -104,13 +99,12 @@ typedef struct security_ace_info #ifndef _SEC_ACL /* SEC_ACL */ -typedef struct security_acl_info -{ +typedef struct security_acl_info { uint16 revision; /* 0x0003 */ uint16 size; /* size in bytes of the entire ACL structure */ uint32 num_aces; /* number of Access Control Entries */ - SEC_ACE *ace; + SEC_ACE *aces; } SEC_ACL; #define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16) + sizeof(uint32)) @@ -123,8 +117,7 @@ typedef struct security_acl_info #ifndef _SEC_DESC /* SEC_DESC */ -typedef struct security_descriptor_info -{ +typedef struct security_descriptor_info { uint16 revision; /* 0x0001 */ uint16 type; /* SEC_DESC_xxxx flags */ @@ -136,7 +129,7 @@ typedef struct security_descriptor_info SEC_ACL *dacl; /* user ACL */ SEC_ACL *sacl; /* system ACL */ DOM_SID *owner_sid; - DOM_SID *grp_sid; + DOM_SID *group_sid; } SEC_DESC; #define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32)) @@ -145,8 +138,7 @@ typedef struct security_descriptor_info #ifndef _SEC_DESC_BUF /* SEC_DESC_BUF */ -typedef struct sec_desc_buf_info -{ +typedef struct sec_desc_buf_info { uint32 max_len; uint32 ptr; uint32 len; diff --git a/source/include/vfs.h b/source/include/vfs.h index acc06730bd0..2d04a374c4c 100644 --- a/source/include/vfs.h +++ b/source/include/vfs.h @@ -88,7 +88,7 @@ struct vfs_handle_struct; struct connection_struct; struct files_struct; -struct security_descriptor; +struct security_descriptor_info; struct vfs_statvfs_struct; /* diff --git a/source/lib/display_sec.c b/source/lib/display_sec.c index 49a86c261ca..2b3542922c1 100644 --- a/source/lib/display_sec.c +++ b/source/lib/display_sec.c @@ -63,7 +63,7 @@ char *get_sec_mask_str(uint32 type) ****************************************************************************/ void display_sec_access(SEC_ACCESS *info) { - printf("\t\tPermissions: 0x%x: %s\n", info->mask, get_sec_mask_str(info->mask)); + printf("\t\tPermissions: 0x%x: %s\n", *info, get_sec_mask_str(*info)); } /**************************************************************************** @@ -92,7 +92,7 @@ void display_sec_ace(SEC_ACE *ace) break; } printf(" (%d) flags: %d\n", ace->type, ace->flags); - display_sec_access(&ace->info); + display_sec_access(&ace->access_mask); sid_to_string(sid_str, &ace->trustee); printf("\t\tSID: %s\n\n", sid_str); } @@ -110,7 +110,7 @@ void display_sec_acl(SEC_ACL *sec_acl) if (sec_acl->size != 0 && sec_acl->num_aces != 0) for (i = 0; i < sec_acl->num_aces; i++) - display_sec_ace(&sec_acl->ace[i]); + display_sec_ace(&sec_acl->aces[i]); } @@ -179,8 +179,8 @@ void display_sec_desc(SEC_DESC *sec) printf("\tOwner SID:\t%s\n", sid_str); } - if (sec->grp_sid) { - sid_to_string(sid_str, sec->grp_sid); + if (sec->group_sid) { + sid_to_string(sid_str, sec->group_sid); printf("\tParent SID:\t%s\n", sid_str); } } diff --git a/source/lib/secace.c b/source/lib/secace.c index eb2fdd5c2bd..ab7ad811a0a 100644 --- a/source/lib/secace.c +++ b/source/lib/secace.c @@ -46,7 +46,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ace_dest->type = ace_src->type; ace_dest->flags = ace_src->flags; ace_dest->size = ace_src->size; - ace_dest->info.mask = ace_src->info.mask; + ace_dest->access_mask = ace_src->access_mask; ace_dest->obj_flags = ace_src->obj_flags; memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct GUID)); memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct GUID)); @@ -62,7 +62,7 @@ void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, u t->type = type; t->flags = flag; t->size = sid_size(sid) + 8; - t->info = mask; + t->access_mask = mask; ZERO_STRUCTP(&t->trustee); sid_copy(&t->trustee, sid); @@ -89,7 +89,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsign (*pp_new)[i].type = 0; (*pp_new)[i].flags = 0; (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); - (*pp_new)[i].info.mask = mask; + (*pp_new)[i].access_mask = mask; sid_copy(&(*pp_new)[i].trustee, sid); return NT_STATUS_OK; } @@ -106,7 +106,7 @@ NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) for (i = 0; i < num; i ++) { if (sid_compare(&ace[i].trustee, sid) == 0) { - ace[i].info.mask = mask; + ace[i].access_mask = mask; return NT_STATUS_OK; } } @@ -160,7 +160,7 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) /* Check top level stuff */ if (s1->type != s2->type || s1->flags != s2->flags || - s1->info.mask != s2->info.mask) { + s1->access_mask != s2->access_mask) { return False; } diff --git a/source/lib/secacl.c b/source/lib/secacl.c index e213e0d9a0c..4e2178c195e 100644 --- a/source/lib/secacl.c +++ b/source/lib/secacl.c @@ -46,13 +46,13 @@ SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *a positive number. */ if ((num_aces) && - ((dst->ace = TALLOC_ARRAY(ctx, SEC_ACE, num_aces)) + ((dst->aces = TALLOC_ARRAY(ctx, SEC_ACE, num_aces)) == NULL)) { return NULL; } for (i = 0; i < num_aces; i++) { - dst->ace[i] = ace_list[i]; /* Structure copy. */ + dst->aces[i] = ace_list[i]; /* Structure copy. */ dst->size += ace_list[i].size; } @@ -68,7 +68,7 @@ SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) if(src == NULL) return NULL; - return make_sec_acl(ctx, src->revision, src->num_aces, src->ace); + return make_sec_acl(ctx, src->revision, src->num_aces, src->aces); } /******************************************************************* @@ -105,7 +105,7 @@ BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) BOOL found = False; for (j = 0; j < s2->num_aces; j++) { - if (sec_ace_equal(&s1->ace[i], &s2->ace[j])) { + if (sec_ace_equal(&s1->aces[i], &s2->aces[j])) { found = True; break; } diff --git a/source/lib/secdesc.c b/source/lib/secdesc.c index f8873277cf8..16dde0da111 100644 --- a/source/lib/secdesc.c +++ b/source/lib/secdesc.c @@ -49,8 +49,8 @@ size_t sec_desc_size(SEC_DESC *psd) if (psd->owner_sid != NULL) offset += sid_size(psd->owner_sid); - if (psd->grp_sid != NULL) - offset += sid_size(psd->grp_sid); + if (psd->group_sid != NULL) + offset += sid_size(psd->group_sid); if (psd->sacl != NULL) offset += psd->sacl->size; @@ -104,11 +104,11 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) return False; } - if (!sid_equal(s1->grp_sid, s2->grp_sid)) { + if (!sid_equal(s1->group_sid, s2->group_sid)) { fstring str1, str2; - sid_to_string(str1, s1->grp_sid); - sid_to_string(str2, s2->grp_sid); + sid_to_string(str1, s1->group_sid); + sid_to_string(str2, s2->group_sid); DEBUG(10, ("sec_desc_equal(): group differs (%s != %s)\n", str1, str2)); @@ -157,8 +157,8 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid : old_sdb->sec->owner_sid; - group_sid = new_sdb->sec->grp_sid ? new_sdb->sec->grp_sid : - old_sdb->sec->grp_sid; + group_sid = new_sdb->sec->group_sid ? new_sdb->sec->group_sid : + old_sdb->sec->group_sid; secdesc_type = new_sdb->sec->type; @@ -192,7 +192,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU ********************************************************************/ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, - const DOM_SID *owner_sid, const DOM_SID *grp_sid, + const DOM_SID *owner_sid, const DOM_SID *group_sid, SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { SEC_DESC *dst; @@ -219,7 +219,7 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) goto error_exit; - if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL)) + if(group_sid && ((dst->group_sid = sid_dup_talloc(ctx,group_sid)) == NULL)) goto error_exit; if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) @@ -248,9 +248,9 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, offset += sid_size(dst->owner_sid); } - if (dst->grp_sid != NULL) { + if (dst->group_sid != NULL) { dst->off_grp_sid = offset; - offset += sid_size(dst->grp_sid); + offset += sid_size(dst->group_sid); } *sd_size = (size_t)offset; @@ -274,7 +274,7 @@ SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC *src) return NULL; return make_sec_desc( ctx, src->revision, src->type, - src->owner_sid, src->grp_sid, src->sacl, + src->owner_sid, src->group_sid, src->sacl, src->dacl, &dummy); } @@ -282,11 +282,11 @@ SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC *src) Creates a SEC_DESC structure with typical defaults. ********************************************************************/ -SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *grp_sid, +SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *group_sid, SEC_ACL *dacl, size_t *sd_size) { return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, - owner_sid, grp_sid, NULL, dacl, sd_size); + owner_sid, group_sid, NULL, dacl, sd_size); } /******************************************************************* @@ -341,7 +341,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 *sd_size = 0; - status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask); + status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask); if (!NT_STATUS_IS_OK(status)) return status; @@ -350,7 +350,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 return NT_STATUS_UNSUCCESSFUL; if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, - psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) + psd[0]->group_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; *psd = sd; @@ -369,7 +369,7 @@ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask) if (!sd || !sid) return NT_STATUS_INVALID_PARAMETER; - status = sec_ace_mod_sid(sd->dacl->ace, sd->dacl->num_aces, sid, mask); + status = sec_ace_mod_sid(sd->dacl->aces, sd->dacl->num_aces, sid, mask); if (!NT_STATUS_IS_OK(status)) return status; @@ -393,7 +393,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size = 0; - status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid); + status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid); if (!NT_STATUS_IS_OK(status)) return status; @@ -402,7 +402,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t return NT_STATUS_UNSUCCESSFUL; if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, - psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) + psd[0]->group_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; *psd = sd; @@ -434,7 +434,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, return NULL; for (i = 0; i < the_acl->num_aces; i++) { - SEC_ACE *ace = &the_acl->ace[i]; + SEC_ACE *ace = &the_acl->aces[i]; SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx]; uint8 new_flags = 0; BOOL inherit = False; @@ -490,17 +490,17 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, if (!inherit) continue; - init_sec_access(&new_ace->info, ace->info.mask); + init_sec_access(&new_ace->access_mask, ace->access_mask); init_sec_ace(new_ace, &ace->trustee, ace->type, - new_ace->info, new_flags); + new_ace->access_mask, new_flags); sid_to_string(sid_str, &ace->trustee); DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", sid_str, - ace->type, ace->flags, ace->info.mask, + ace->type, ace->flags, ace->access_mask, sid_str, new_ace->type, new_ace->flags, - new_ace->info.mask)); + new_ace->access_mask)); new_ace_list_ndx++; } @@ -515,7 +515,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, parent_ctr->owner_sid, - parent_ctr->grp_sid, + parent_ctr->group_sid, parent_ctr->sacl, new_dacl, &size); @@ -530,7 +530,5 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, void init_sec_access(SEC_ACCESS *t, uint32 mask) { - t->mask = mask; + *t = mask; } - - diff --git a/source/lib/util_seaccess.c b/source/lib/util_seaccess.c index 73fc45c844d..7d14ed896f6 100644 --- a/source/lib/util_seaccess.c +++ b/source/lib/util_seaccess.c @@ -31,7 +31,7 @@ extern NT_USER_TOKEN anonymous_token; static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, NTSTATUS *status) { - uint32 mask = ace->info.mask; + uint32 mask = ace->access_mask; /* * Inherit only is ignored. @@ -97,8 +97,8 @@ static BOOL get_max_access( SEC_ACL *the_acl, const NT_USER_TOKEN *token, uint32 size_t i; for ( i = 0 ; i < the_acl->num_aces; i++) { - SEC_ACE *ace = &the_acl->ace[i]; - uint32 mask = ace->info.mask; + SEC_ACE *ace = &the_acl->aces[i]; + uint32 mask = ace->access_mask; if (!token_sid_in_ace( token, ace)) continue; @@ -281,12 +281,12 @@ BOOL se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, } for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) { - SEC_ACE *ace = &the_acl->ace[i]; + SEC_ACE *ace = &the_acl->aces[i]; DEBUGADD(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", (unsigned int)i, ace->type, ace->flags, sid_to_string(sid_str, &ace->trustee), - (unsigned int) ace->info.mask, + (unsigned int) ace->access_mask, (unsigned int)tmp_acc_desired )); tmp_acc_desired = check_ace( ace, token, tmp_acc_desired, status); diff --git a/source/libads/disp_sec.c b/source/libads/disp_sec.c index c9de447e698..f0f1765b237 100644 --- a/source/libads/disp_sec.c +++ b/source/libads/disp_sec.c @@ -90,13 +90,13 @@ static void ads_disp_ace(SEC_ACE *sec_ace) sec_ace->type, sec_ace->flags, sec_ace->size, - sec_ace->info.mask); + sec_ace->access_mask); } else { printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n", sec_ace->type, sec_ace->flags, sec_ace->size, - sec_ace->info.mask, + sec_ace->access_mask, sec_ace->obj_flags); } @@ -117,7 +117,7 @@ static void ads_disp_ace(SEC_ACE *sec_ace) printf("access SID: %s\naccess type: %s\n", sid_string_static(&sec_ace->trustee), access_type); - ads_disp_perms(sec_ace->info.mask); + ads_disp_perms(sec_ace->access_mask); } /* display ACL */ @@ -143,15 +143,15 @@ void ads_disp_sd(SEC_DESC *sd) sd->revision, sd->type); printf("owner SID: %s\n", sid_string_static(sd->owner_sid)); - printf("group SID: %s\n", sid_string_static(sd->grp_sid)); + printf("group SID: %s\n", sid_string_static(sd->group_sid)); ads_disp_acl(sd->sacl, "system"); for (i = 0; i < sd->sacl->num_aces; i ++) - ads_disp_ace(&sd->sacl->ace[i]); + ads_disp_ace(&sd->sacl->aces[i]); ads_disp_acl(sd->dacl, "user"); for (i = 0; i < sd->dacl->num_aces; i ++) - ads_disp_ace(&sd->dacl->ace[i]); + ads_disp_ace(&sd->dacl->aces[i]); printf("-------------- End Of Security Descriptor\n"); } diff --git a/source/libsmb/libsmbclient.c b/source/libsmb/libsmbclient.c index ca79a73e2c5..6a154aa68e2 100644 --- a/source/libsmb/libsmbclient.c +++ b/source/libsmb/libsmbclient.c @@ -3745,8 +3745,8 @@ ace_compare(SEC_ACE *ace1, if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; - if (ace1->info.mask != ace2->info.mask) - return ace1->info.mask - ace2->info.mask; + if (ace1->access_mask != ace2->access_mask) + return ace1->access_mask - ace2->access_mask; if (ace1->size != ace2->size) return ace1->size - ace2->size; @@ -3761,14 +3761,14 @@ sort_acl(SEC_ACL *the_acl) uint32 i; if (!the_acl) return; - qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]), + qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]), QSORT_CAST ace_compare); for (i=1;i<the_acl->num_aces;) { - if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) { + if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) { int j; for (j=i; j<the_acl->num_aces-1; j++) { - the_acl->ace[j] = the_acl->ace[j+1]; + the_acl->aces[j] = the_acl->aces[j+1]; } the_acl->num_aces--; } else { @@ -3973,7 +3973,7 @@ parse_ace(struct cli_state *ipc_cli, } done: - mask.mask = amask; + mask = amask; init_sec_ace(ace, &sid, atype, mask, aflags); return True; } @@ -3995,7 +3995,7 @@ add_ace(SEC_ACL **the_acl, if ((aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces)) == NULL) { return False; } - memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE)); + memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE)); memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); newacl = make_sec_acl(ctx, (*the_acl)->revision, 1+(*the_acl)->num_aces, aces); @@ -4017,7 +4017,7 @@ sec_desc_parse(TALLOC_CTX *ctx, fstring tok; SEC_DESC *ret = NULL; size_t sd_size; - DOM_SID *grp_sid=NULL; + DOM_SID *group_sid=NULL; DOM_SID *owner_sid=NULL; SEC_ACL *dacl=NULL; int revision=1; @@ -4062,15 +4062,15 @@ sec_desc_parse(TALLOC_CTX *ctx, } if (StrnCaseCmp(tok,"GROUP:", 6) == 0) { - if (grp_sid) { + if (group_sid) { DEBUG(5, ("GROUP specified more than once!\n")); goto done; } - grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); - if (!grp_sid || + group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); + if (!group_sid || !convert_string_to_sid(ipc_cli, pol, numeric, - grp_sid, tok+6)) { + group_sid, tok+6)) { DEBUG(5, ("Failed to parse group sid\n")); goto done; } @@ -4078,15 +4078,15 @@ sec_desc_parse(TALLOC_CTX *ctx, } if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) { - if (grp_sid) { + if (group_sid) { DEBUG(5, ("GROUP specified more than once!\n")); goto done; } - grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); - if (!grp_sid || + group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); + if (!group_sid || !convert_string_to_sid(ipc_cli, pol, False, - grp_sid, tok+6)) { + group_sid, tok+6)) { DEBUG(5, ("Failed to parse group sid\n")); goto done; } @@ -4124,10 +4124,10 @@ sec_desc_parse(TALLOC_CTX *ctx, } ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE, - owner_sid, grp_sid, NULL, dacl, &sd_size); + owner_sid, group_sid, NULL, dacl, &sd_size); done: - SAFE_FREE(grp_sid); + SAFE_FREE(group_sid); SAFE_FREE(owner_sid); return ret; @@ -4570,10 +4570,10 @@ cacl_get(SMBCCTX *context, } if (! exclude_nt_group) { - if (sd->grp_sid) { + if (sd->group_sid) { convert_sid_to_string(ipc_cli, pol, sidstr, numeric, - sd->grp_sid); + sd->group_sid); } else { fstrcpy(sidstr, ""); } @@ -4618,7 +4618,7 @@ cacl_get(SMBCCTX *context, /* Add aces to value buffer */ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { - SEC_ACE *ace = &sd->dacl->ace[i]; + SEC_ACE *ace = &sd->dacl->aces[i]; convert_sid_to_string(ipc_cli, pol, sidstr, numeric, &ace->trustee); @@ -4632,7 +4632,7 @@ cacl_get(SMBCCTX *context, sidstr, ace->type, ace->flags, - ace->info.mask); + ace->access_mask); if (!p) { errno = ENOMEM; return -1; @@ -4645,7 +4645,7 @@ cacl_get(SMBCCTX *context, sidstr, ace->type, ace->flags, - ace->info.mask); + ace->access_mask); } } else if ((StrnCaseCmp(name, "acl", 3) == 0 && StrCaseCmp(name+3, sidstr) == 0) || @@ -4657,7 +4657,7 @@ cacl_get(SMBCCTX *context, "%d/%d/0x%08x", ace->type, ace->flags, - ace->info.mask); + ace->access_mask); if (!p) { errno = ENOMEM; return -1; @@ -4668,7 +4668,7 @@ cacl_get(SMBCCTX *context, "%d/%d/0x%08x", ace->type, ace->flags, - ace->info.mask); + ace->access_mask); } } else if (all_nt_acls) { if (determine_size) { @@ -4679,7 +4679,7 @@ cacl_get(SMBCCTX *context, sidstr, ace->type, ace->flags, - ace->info.mask); + ace->access_mask); if (!p) { errno = ENOMEM; return -1; @@ -4692,7 +4692,7 @@ cacl_get(SMBCCTX *context, sidstr, ace->type, ace->flags, - ace->info.mask); + ace->access_mask); } } if (n > bufsize) { @@ -5062,7 +5062,7 @@ cacl_set(TALLOC_CTX *ctx, SEC_DESC *sd = NULL, *old; SEC_ACL *dacl = NULL; DOM_SID *owner_sid = NULL; - DOM_SID *grp_sid = NULL; + DOM_SID *group_sid = NULL; uint32 i, j; size_t sd_size; int ret = 0; @@ -5123,7 +5123,7 @@ cacl_set(TALLOC_CTX *ctx, switch (mode) { case SMBC_XATTR_MODE_REMOVE_ALL: old->dacl->num_aces = 0; - SAFE_FREE(old->dacl->ace); + SAFE_FREE(old->dacl->aces); SAFE_FREE(old->dacl); old->dacl = NULL; dacl = old->dacl; @@ -5134,16 +5134,16 @@ cacl_set(TALLOC_CTX *ctx, BOOL found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sec_ace_equal(&sd->dacl->ace[i], - &old->dacl->ace[j])) { + if (sec_ace_equal(&sd->dacl->aces[i], + &old->dacl->aces[j])) { uint32 k; for (k=j; k<old->dacl->num_aces-1;k++) { - old->dacl->ace[k] = - old->dacl->ace[k+1]; + old->dacl->aces[k] = + old->dacl->aces[k+1]; } old->dacl->num_aces--; if (old->dacl->num_aces == 0) { - SAFE_FREE(old->dacl->ace); + SAFE_FREE(old->dacl->aces); SAFE_FREE(old->dacl); old->dacl = NULL; } @@ -5166,14 +5166,14 @@ cacl_set(TALLOC_CTX *ctx, BOOL found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->ace[i].trustee, - &old->dacl->ace[j].trustee)) { + if (sid_equal(&sd->dacl->aces[i].trustee, + &old->dacl->aces[j].trustee)) { if (!(flags & SMBC_XATTR_FLAG_CREATE)) { err = EEXIST; ret = -1; goto failed; } - old->dacl->ace[j] = sd->dacl->ace[i]; + old->dacl->aces[j] = sd->dacl->aces[i]; ret = -1; found = True; } @@ -5186,7 +5186,7 @@ cacl_set(TALLOC_CTX *ctx, } for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { - add_ace(&old->dacl, &sd->dacl->ace[i], ctx); + add_ace(&old->dacl, &sd->dacl->aces[i], ctx); } } dacl = old->dacl; @@ -5195,7 +5195,7 @@ cacl_set(TALLOC_CTX *ctx, case SMBC_XATTR_MODE_SET: old = sd; owner_sid = old->owner_sid; - grp_sid = old->grp_sid; + group_sid = old->group_sid; dacl = old->dacl; break; @@ -5204,7 +5204,7 @@ cacl_set(TALLOC_CTX *ctx, break; case SMBC_XATTR_MODE_CHGRP: - grp_sid = sd->grp_sid; + group_sid = sd->group_sid; break; } @@ -5213,7 +5213,7 @@ cacl_set(TALLOC_CTX *ctx, /* Create new security descriptor and set it */ sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE, - owner_sid, grp_sid, NULL, dacl, &sd_size); + owner_sid, group_sid, NULL, dacl, &sd_size); fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS); diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 5b5f82d1f48..063e4b3e175 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -385,17 +385,17 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key, /* update access masks */ for ( i=0; i<sec->dacl->num_aces; i++ ) { - switch ( sec->dacl->ace[i].info.mask ) { + switch ( sec->dacl->aces[i].access_mask ) { case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS): - sec->dacl->ace[i].info.mask = PRINTER_ACE_PRINT; + sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT; break; case GENERIC_ALL_ACCESS: - sec->dacl->ace[i].info.mask = PRINTER_ACE_FULL_CONTROL; + sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL; break; case READ_CONTROL_ACCESS: - sec->dacl->ace[i].info.mask = PRINTER_ACE_MANAGE_DOCUMENTS; + sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS; default: /* no change */ break; @@ -5063,7 +5063,7 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr) permissions through NT. If they are NULL in the new security descriptor then copy them over from the old one. */ - if (!secdesc_ctr->sec->owner_sid || !secdesc_ctr->sec->grp_sid) { + if (!secdesc_ctr->sec->owner_sid || !secdesc_ctr->sec->group_sid) { DOM_SID *owner_sid, *group_sid; SEC_ACL *dacl, *sacl; SEC_DESC *psd = NULL; @@ -5080,9 +5080,9 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr) secdesc_ctr->sec->owner_sid : old_secdesc_ctr->sec->owner_sid; - group_sid = secdesc_ctr->sec->grp_sid ? - secdesc_ctr->sec->grp_sid : - old_secdesc_ctr->sec->grp_sid; + group_sid = secdesc_ctr->sec->group_sid ? + secdesc_ctr->sec->group_sid : + old_secdesc_ctr->sec->group_sid; dacl = secdesc_ctr->sec->dacl ? secdesc_ctr->sec->dacl : @@ -5293,7 +5293,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision, (*secdesc_ctr)->sec->type, &owner_sid, - (*secdesc_ctr)->sec->grp_sid, + (*secdesc_ctr)->sec->group_sid, (*secdesc_ctr)->sec->sacl, (*secdesc_ctr)->sec->dacl, &size); @@ -5327,11 +5327,11 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s for (i = 0; i < the_acl->num_aces; i++) { fstring sid_str; - sid_to_string(sid_str, &the_acl->ace[i].trustee); + sid_to_string(sid_str, &the_acl->aces[i].trustee); DEBUG(10, ("%s %d %d 0x%08x\n", sid_str, - the_acl->ace[i].type, the_acl->ace[i].flags, - the_acl->ace[i].info.mask)); + the_acl->aces[i].type, the_acl->aces[i].flags, + the_acl->aces[i].access_mask)); } } @@ -5383,7 +5383,7 @@ void map_printer_permissions(SEC_DESC *sd) int i; for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { - se_map_generic(&sd->dacl->ace[i].info.mask, + se_map_generic(&sd->dacl->aces[i].access_mask, &printer_generic_mapping); } } diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c index 6a752688a0b..76583605939 100644 --- a/source/rpc_parse/parse_sec.c +++ b/source/rpc_parse/parse_sec.c @@ -28,24 +28,6 @@ #define DBGC_CLASS DBGC_RPC_PARSE /******************************************************************* - Reads or writes a SEC_ACCESS structure. -********************************************************************/ - -BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) -{ - if (t == NULL) - return False; - - prs_debug(ps, depth, desc, "sec_io_access"); - depth++; - - if(!prs_uint32("mask", ps, depth, &t->mask)) - return False; - - return True; -} - -/******************************************************************* Reads or writes a SEC_ACE structure. ********************************************************************/ @@ -71,7 +53,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size)) return False; - if(!sec_io_access("info ", &psa->info, ps, depth)) + if (!prs_uint32("access_mask", ps, depth, &psa->access_mask)) return False; /* check whether object access is present */ @@ -170,14 +152,14 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) * between a non-present DACL (allow all access) and a DACL with no ACE's * (allow no access). */ - if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) + if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) return False; } for (i = 0; i < psa->num_aces; i++) { fstring tmp; slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); - if(!sec_io_ace(tmp, &psa->ace[i], ps, depth)) + if(!sec_io_ace(tmp, &psa->aces[i], ps, depth)) return False; } @@ -270,9 +252,9 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) psd->off_owner_sid = 0; } - if (psd->grp_sid != NULL) { + if (psd->group_sid != NULL) { psd->off_grp_sid = offset; - offset += sid_size(psd->grp_sid); + offset += sid_size(psd->group_sid); } else { psd->off_grp_sid = 0; } @@ -321,11 +303,11 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (UNMARSHALLING(ps)) { /* reading */ - if((psd->grp_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) + if((psd->group_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) return False; } - if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) + if(!smb_io_dom_sid("group_sid", psd->group_sid, ps, depth)) return False; max_offset = MAX(max_offset, prs_offset(ps)); diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 42e2550786d..3d469c7b6bc 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -724,9 +724,9 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_ dacl = q_u->buf->sec->dacl; for (i=0; i < dacl->num_aces; i++) { - if (sid_equal(&pol_sid, &dacl->ace[i].trustee)) { + if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) { ret = pdb_set_pass_can_change(sampass, - (dacl->ace[i].info.mask & + (dacl->aces[i].access_mask & SA_RIGHT_USER_CHANGE_PASSWORD) ? True: False); break; diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index f5a2298fe97..5fd8e2c12e1 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -5883,10 +5883,10 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, for (i = 0; i < the_acl->num_aces; i++) { fstring sid_str; - sid_to_string(sid_str, &the_acl->ace[i].trustee); + sid_to_string(sid_str, &the_acl->aces[i].trustee); DEBUG(10, ("%s 0x%08x\n", sid_str, - the_acl->ace[i].info.mask)); + the_acl->aces[i].access_mask)); } the_acl = secdesc_ctr->sec->dacl; @@ -5898,10 +5898,10 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, for (i = 0; i < the_acl->num_aces; i++) { fstring sid_str; - sid_to_string(sid_str, &the_acl->ace[i].trustee); + sid_to_string(sid_str, &the_acl->aces[i].trustee); DEBUG(10, ("%s 0x%08x\n", sid_str, - the_acl->ace[i].info.mask)); + the_acl->aces[i].access_mask)); } } else { DEBUG(10, ("dacl for secdesc_ctr is NULL\n")); diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c index 17247b65938..06a8c77098d 100644 --- a/source/rpc_server/srv_srvsvc_nt.c +++ b/source/rpc_server/srv_srvsvc_nt.c @@ -128,11 +128,11 @@ static void map_generic_share_sd_bits(SEC_DESC *psd) return; for (i = 0; i < ps_dacl->num_aces; i++) { - SEC_ACE *psa = &ps_dacl->ace[i]; - uint32 orig_mask = psa->info.mask; + SEC_ACE *psa = &ps_dacl->aces[i]; + uint32 orig_mask = psa->access_mask; - se_map_generic(&psa->info.mask, &file_generic_mapping); - psa->info.mask |= orig_mask; + se_map_generic(&psa->access_mask, &file_generic_mapping); + psa->access_mask |= orig_mask; } } diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 08f19e7bdb6..19710d1dcdd 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -1024,7 +1024,7 @@ static NTSTATUS set_sd(files_struct *fsp, char *data, uint32 sd_len, uint32 secu if (psd->owner_sid==0) { security_info_sent &= ~OWNER_SECURITY_INFORMATION; } - if (psd->grp_sid==0) { + if (psd->group_sid==0) { security_info_sent &= ~GROUP_SECURITY_INFORMATION; } if (psd->sacl==0) { diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 69d3a88d382..50038dd464c 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -972,7 +972,7 @@ BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_ */ if (security_info_sent & GROUP_SECURITY_INFORMATION) { - sid_copy(&grp_sid, psd->grp_sid); + sid_copy(&grp_sid, psd->group_sid); if (!sid_to_gid( &grp_sid, pgrp)) { if (lp_force_unknown_acl_user(snum)) { /* this allows take group ownership to work @@ -1276,7 +1276,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, */ for(i = 0; i < dacl->num_aces; i++) { - SEC_ACE *psa = &dacl->ace[i]; + SEC_ACE *psa = &dacl->aces[i]; if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) { DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n")); @@ -1295,12 +1295,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, * Convert GENERIC bits to specific bits. */ - se_map_generic(&psa->info.mask, &file_generic_mapping); + se_map_generic(&psa->access_mask, &file_generic_mapping); - psa->info.mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS); + psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS); - if(psa->info.mask != UNIX_ACCESS_NONE) - psa->info.mask &= ~UNIX_ACCESS_NONE; + if(psa->access_mask != UNIX_ACCESS_NONE) + psa->access_mask &= ~UNIX_ACCESS_NONE; } } @@ -1313,12 +1313,12 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, */ for(i = 0; i < dacl->num_aces; i++) { - SEC_ACE *psa1 = &dacl->ace[i]; + SEC_ACE *psa1 = &dacl->aces[i]; for (j = i + 1; j < dacl->num_aces; j++) { - SEC_ACE *psa2 = &dacl->ace[j]; + SEC_ACE *psa2 = &dacl->aces[j]; - if (psa1->info.mask != psa2->info.mask) + if (psa1->access_mask != psa2->access_mask) continue; if (!sid_equal(&psa1->trustee, &psa2->trustee)) @@ -1344,7 +1344,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, } for(i = 0; i < dacl->num_aces; i++) { - SEC_ACE *psa = &dacl->ace[i]; + SEC_ACE *psa = &dacl->aces[i]; /* * Ignore non-mappable SIDs (NT Authority, BUILTIN etc). @@ -1430,7 +1430,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, * S_I(R|W|X)USR bits. */ - current_ace->perms |= map_nt_perms( &psa->info.mask, S_IRUSR); + current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR); current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE; current_ace->inherited = ((psa->flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False); @@ -2666,7 +2666,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces) /* We know the lower number ACE's are file entries. */ if ((nt_ace_list[i].type == nt_ace_list[j].type) && (nt_ace_list[i].size == nt_ace_list[j].size) && - (nt_ace_list[i].info.mask == nt_ace_list[j].info.mask) && + (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) && sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) && (i_inh == j_inh) && (i_flags_ni == 0) && @@ -2679,7 +2679,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces) * the non-inherited ACE onto the inherited ACE. */ - if (nt_ace_list[i].info.mask == 0) { + if (nt_ace_list[i].access_mask == 0) { nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT| (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0); if (num_aces - i - 1 > 0) @@ -2979,7 +2979,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) } if (psd->dacl) { - dacl_sort_into_canonical_order(psd->dacl->ace, (unsigned int)psd->dacl->num_aces); + dacl_sort_into_canonical_order(psd->dacl->aces, (unsigned int)psd->dacl->num_aces); } *ppdesc = psd; diff --git a/source/utils/net_usershare.c b/source/utils/net_usershare.c index 44e05619630..e867f4c9409 100644 --- a/source/utils/net_usershare.c +++ b/source/utils/net_usershare.c @@ -372,7 +372,7 @@ static int info_fn(struct file_list *fl, void *priv) const char *name; NTSTATUS ntstatus; - ntstatus = net_lookup_name_from_sid(ctx, &psd->dacl->ace[num_aces].trustee, &domain, &name); + ntstatus = net_lookup_name_from_sid(ctx, &psd->dacl->aces[num_aces].trustee, &domain, &name); if (NT_STATUS_IS_OK(ntstatus)) { if (domain && *domain) { @@ -382,15 +382,15 @@ static int info_fn(struct file_list *fl, void *priv) pstrcat(acl_str,name); } else { fstring sidstr; - sid_to_string(sidstr, &psd->dacl->ace[num_aces].trustee); + sid_to_string(sidstr, &psd->dacl->aces[num_aces].trustee); pstrcat(acl_str,sidstr); } pstrcat(acl_str, ":"); - if (psd->dacl->ace[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) { + if (psd->dacl->aces[num_aces].type == SEC_ACE_TYPE_ACCESS_DENIED) { pstrcat(acl_str, "D,"); } else { - if (psd->dacl->ace[num_aces].info.mask & GENERIC_ALL_ACCESS) { + if (psd->dacl->aces[num_aces].access_mask & GENERIC_ALL_ACCESS) { pstrcat(acl_str, "F,"); } else { pstrcat(acl_str, "R,"); diff --git a/source/utils/profiles.c b/source/utils/profiles.c index d40a2deea3b..d5b14fdfb04 100644 --- a/source/utils/profiles.c +++ b/source/utils/profiles.c @@ -43,14 +43,14 @@ static BOOL swap_sid_in_acl( SEC_DESC *sd, DOM_SID *s1, DOM_SID *s2 ) update = True; } - if ( sid_equal( sd->grp_sid, s1 ) ) { - sid_copy( sd->grp_sid, s2 ); + if ( sid_equal( sd->group_sid, s1 ) ) { + sid_copy( sd->group_sid, s2 ); update = True; } for ( i=0; i<acl->num_aces; i++ ) { - if ( sid_equal( &acl->ace[i].trustee, s1 ) ) { - sid_copy( &acl->ace[i].trustee, s2 ); + if ( sid_equal( &acl->aces[i].trustee, s1 ) ) { + sid_copy( &acl->aces[i].trustee, s2 ); update = True; } } diff --git a/source/utils/sharesec.c b/source/utils/sharesec.c index d73a9e2e22e..4fa948a18a5 100644 --- a/source/utils/sharesec.c +++ b/source/utils/sharesec.c @@ -84,7 +84,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* Standard permissions */ for (v = standard_values; v->perm; v++) { - if (ace->info.mask == v->mask) { + if (ace->access_mask == v->mask) { fprintf(f, "%s", v->perm); return; } @@ -93,11 +93,11 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* Special permissions. Print out a hex value if we have leftover bits in the mask. */ - got_mask = ace->info.mask; + got_mask = ace->access_mask; again: for (v = special_values; v->perm; v++) { - if ((ace->info.mask & v->mask) == v->mask) { + if ((ace->access_mask & v->mask) == v->mask) { if (do_print) { fprintf(f, "%s", v->perm); } @@ -107,7 +107,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) if (!do_print) { if (got_mask != 0) { - fprintf(f, "0x%08x", ace->info.mask); + fprintf(f, "0x%08x", ace->access_mask); } else { do_print = 1; goto again; @@ -129,11 +129,11 @@ static void sec_desc_print(FILE *f, SEC_DESC *sd) fprintf(f, "OWNER:%s\n", sid_string_static(sd->owner_sid)); - fprintf(f, "GROUP:%s\n", sid_string_static(sd->grp_sid)); + fprintf(f, "GROUP:%s\n", sid_string_static(sd->group_sid)); /* Print aces */ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { - SEC_ACE *ace = &sd->dacl->ace[i]; + SEC_ACE *ace = &sd->dacl->aces[i]; fprintf(f, "ACL:"); print_ace(f, ace); fprintf(f, "\n"); @@ -268,7 +268,7 @@ static BOOL parse_ace(SEC_ACE *ace, const char *orig_str) } done: - mask.mask = amask; + mask = amask; init_sec_ace(ace, &sid, atype, mask, aflags); SAFE_FREE(str); return True; @@ -278,7 +278,7 @@ static BOOL parse_ace(SEC_ACE *ace, const char *orig_str) /******************************************************************** ********************************************************************/ -static SEC_DESC* parse_acl_string(TALLOC_CTX *ctx, const char *szACL, size_t *sd_size ) +static SEC_DESC* parse_acl_string(TALLOC_CTX *mem_ctx, const char *szACL, size_t *sd_size ) { SEC_DESC *sd = NULL; SEC_ACE *ace; @@ -293,7 +293,7 @@ static SEC_DESC* parse_acl_string(TALLOC_CTX *ctx, const char *szACL, size_t *sd pacl = szACL; num_ace = count_chars( pacl, ',' ) + 1; - if ( !(ace = TALLOC_ZERO_ARRAY( ctx, SEC_ACE, num_ace )) ) + if ( !(ace = TALLOC_ZERO_ARRAY( mem_ctx, SEC_ACE, num_ace )) ) return NULL; for ( i=0; i<num_ace; i++ ) { @@ -310,30 +310,30 @@ static SEC_DESC* parse_acl_string(TALLOC_CTX *ctx, const char *szACL, size_t *sd pacl++; } - if ( !(acl = make_sec_acl( ctx, NT4_ACL_REVISION, num_ace, ace )) ) + if ( !(acl = make_sec_acl( mem_ctx, NT4_ACL_REVISION, num_ace, ace )) ) return NULL; - sd = make_sec_desc( ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, + sd = make_sec_desc( mem_ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, sd_size); return sd; } /* add an ACE to a list of ACEs in a SEC_ACL */ -static BOOL add_ace(TALLOC_CTX *ctx, SEC_ACL **the_acl, SEC_ACE *ace) +static BOOL add_ace(TALLOC_CTX *mem_ctx, SEC_ACL **the_acl, SEC_ACE *ace) { SEC_ACL *new_ace; SEC_ACE *aces; if (! *the_acl) { - return (((*the_acl) = make_sec_acl(ctx, 3, 1, ace)) != NULL); + return (((*the_acl) = make_sec_acl(mem_ctx, 3, 1, ace)) != NULL); } if (!(aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces))) { return False; } - memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE)); + memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE)); memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); - new_ace = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces); + new_ace = make_sec_acl(mem_ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces); SAFE_FREE(aces); (*the_acl) = new_ace; return True; @@ -358,8 +358,8 @@ static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2) if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; - if (ace1->info.mask != ace2->info.mask) - return ace1->info.mask - ace2->info.mask; + if (ace1->access_mask != ace2->access_mask) + return ace1->access_mask - ace2->access_mask; if (ace1->size != ace2->size) return ace1->size - ace2->size; @@ -372,13 +372,13 @@ static void sort_acl(SEC_ACL *the_acl) uint32 i; if (!the_acl) return; - qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]), QSORT_CAST ace_compare); + qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]), QSORT_CAST ace_compare); for (i=1;i<the_acl->num_aces;) { - if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) { + if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) { int j; for (j=i; j<the_acl->num_aces-1; j++) { - the_acl->ace[j] = the_acl->ace[j+1]; + the_acl->aces[j] = the_acl->aces[j+1]; } the_acl->num_aces--; } else { @@ -388,7 +388,7 @@ static void sort_acl(SEC_ACL *the_acl) } -static int change_share_sec(TALLOC_CTX *ctx, const char *sharename, char *the_acl, enum acl_mode mode) +static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *the_acl, enum acl_mode mode) { SEC_DESC *sd; SEC_DESC *old = NULL; @@ -396,13 +396,13 @@ static int change_share_sec(TALLOC_CTX *ctx, const char *sharename, char *the_ac uint32 i, j; if (mode != SMB_ACL_SET) { - if (!(old = get_share_security( ctx, sharename, &sd_size )) ) { + if (!(old = get_share_security( mem_ctx, sharename, &sd_size )) ) { fprintf(stderr, "Unable to retrieve permissions for share [%s]\n", sharename); return -1; } } - if ( (mode != SMB_ACL_VIEW) && !(sd = parse_acl_string(ctx, the_acl, &sd_size )) ) { + if ( (mode != SMB_ACL_VIEW) && !(sd = parse_acl_string(mem_ctx, the_acl, &sd_size )) ) { fprintf( stderr, "Failed to parse acl\n"); return -1; } @@ -416,10 +416,10 @@ static int change_share_sec(TALLOC_CTX *ctx, const char *sharename, char *the_ac BOOL found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sec_ace_equal(&sd->dacl->ace[i], &old->dacl->ace[j])) { + if (sec_ace_equal(&sd->dacl->aces[i], &old->dacl->aces[j])) { uint32 k; for (k=j; k<old->dacl->num_aces-1;k++) { - old->dacl->ace[k] = old->dacl->ace[k+1]; + old->dacl->aces[k] = old->dacl->aces[k+1]; } old->dacl->num_aces--; found = True; @@ -429,7 +429,7 @@ static int change_share_sec(TALLOC_CTX *ctx, const char *sharename, char *the_ac if (!found) { printf("ACL for ACE:"); - print_ace(stdout, &sd->dacl->ace[i]); + print_ace(stdout, &sd->dacl->aces[i]); printf(" not found\n"); } } @@ -440,15 +440,15 @@ static int change_share_sec(TALLOC_CTX *ctx, const char *sharename, char *the_ac BOOL found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->ace[i].trustee, - &old->dacl->ace[j].trustee)) { - old->dacl->ace[j] = sd->dacl->ace[i]; + if (sid_equal(&sd->dacl->aces[i].trustee, + &old->dacl->aces[j].trustee)) { + old->dacl->aces[j] = sd->dacl->aces[i]; found = True; } } if (!found) { - printf("ACL for SID %s not found\n", sid_string_static(&sd->dacl->ace[i].trustee)); + printf("ACL for SID %s not found\n", sid_string_static(&sd->dacl->aces[i].trustee)); } } @@ -456,13 +456,13 @@ static int change_share_sec(TALLOC_CTX *ctx, const char *sharename, char *the_ac old->owner_sid = sd->owner_sid; } - if (sd->grp_sid) { - old->grp_sid = sd->grp_sid; + if (sd->group_sid) { + old->group_sid = sd->group_sid; } break; case SMB_ACL_ADD: for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { - add_ace(ctx, &old->dacl, &sd->dacl->ace[i]); + add_ace(mem_ctx, &old->dacl, &sd->dacl->aces[i]); } break; case SMB_ACL_SET: diff --git a/source/utils/smbcacls.c b/source/utils/smbcacls.c index 85c59db5ec3..82cae037207 100644 --- a/source/utils/smbcacls.c +++ b/source/utils/smbcacls.c @@ -172,7 +172,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) if (numeric) { fprintf(f, "%d/%d/0x%08x", - ace->type, ace->flags, ace->info.mask); + ace->type, ace->flags, ace->access_mask); return; } @@ -193,7 +193,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* Standard permissions */ for (v = standard_values; v->perm; v++) { - if (ace->info.mask == v->mask) { + if (ace->access_mask == v->mask) { fprintf(f, "%s", v->perm); return; } @@ -202,11 +202,11 @@ static void print_ace(FILE *f, SEC_ACE *ace) /* Special permissions. Print out a hex value if we have leftover bits in the mask. */ - got_mask = ace->info.mask; + got_mask = ace->access_mask; again: for (v = special_values; v->perm; v++) { - if ((ace->info.mask & v->mask) == v->mask) { + if ((ace->access_mask & v->mask) == v->mask) { if (do_print) { fprintf(f, "%s", v->perm); } @@ -216,7 +216,7 @@ static void print_ace(FILE *f, SEC_ACE *ace) if (!do_print) { if (got_mask != 0) { - fprintf(f, "0x%08x", ace->info.mask); + fprintf(f, "0x%08x", ace->access_mask); } else { do_print = 1; goto again; @@ -348,7 +348,7 @@ static BOOL parse_ace(SEC_ACE *ace, const char *orig_str) } done: - mask.mask = amask; + mask = amask; init_sec_ace(ace, &sid, atype, mask, aflags); SAFE_FREE(str); return True; @@ -366,7 +366,7 @@ static BOOL add_ace(SEC_ACL **the_acl, SEC_ACE *ace) if (!(aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces))) { return False; } - memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE)); + memcpy(aces, (*the_acl)->aces, (*the_acl)->num_aces * sizeof(SEC_ACE)); memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); new_ace = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces); SAFE_FREE(aces); @@ -381,7 +381,7 @@ static SEC_DESC *sec_desc_parse(char *str) fstring tok; SEC_DESC *ret = NULL; size_t sd_size; - DOM_SID *grp_sid=NULL, *owner_sid=NULL; + DOM_SID *group_sid=NULL, *owner_sid=NULL; SEC_ACL *dacl=NULL; int revision=1; @@ -407,13 +407,13 @@ static SEC_DESC *sec_desc_parse(char *str) } if (strncmp(tok,"GROUP:", 6) == 0) { - if (grp_sid) { + if (group_sid) { printf("Only specify group once\n"); goto done; } - grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); - if (!grp_sid || - !StringToSid(grp_sid, tok+6)) { + group_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); + if (!group_sid || + !StringToSid(group_sid, tok+6)) { printf("Failed to parse group sid\n"); goto done; } @@ -436,11 +436,11 @@ static SEC_DESC *sec_desc_parse(char *str) goto done; } - ret = make_sec_desc(ctx,revision, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, + ret = make_sec_desc(ctx,revision, SEC_DESC_SELF_RELATIVE, owner_sid, group_sid, NULL, dacl, &sd_size); done: - SAFE_FREE(grp_sid); + SAFE_FREE(group_sid); SAFE_FREE(owner_sid); return ret; @@ -465,8 +465,8 @@ static void sec_desc_print(FILE *f, SEC_DESC *sd) fprintf(f, "OWNER:%s\n", sidstr); - if (sd->grp_sid) { - SidToString(sidstr, sd->grp_sid); + if (sd->group_sid) { + SidToString(sidstr, sd->group_sid); } else { fstrcpy(sidstr, ""); } @@ -475,7 +475,7 @@ static void sec_desc_print(FILE *f, SEC_DESC *sd) /* Print aces */ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) { - SEC_ACE *ace = &sd->dacl->ace[i]; + SEC_ACE *ace = &sd->dacl->aces[i]; fprintf(f, "ACL:"); print_ace(f, ace); fprintf(f, "\n"); @@ -593,8 +593,8 @@ static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2) if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; - if (ace1->info.mask != ace2->info.mask) - return ace1->info.mask - ace2->info.mask; + if (ace1->access_mask != ace2->access_mask) + return ace1->access_mask - ace2->access_mask; if (ace1->size != ace2->size) return ace1->size - ace2->size; @@ -607,13 +607,13 @@ static void sort_acl(SEC_ACL *the_acl) uint32 i; if (!the_acl) return; - qsort(the_acl->ace, the_acl->num_aces, sizeof(the_acl->ace[0]), QSORT_CAST ace_compare); + qsort(the_acl->aces, the_acl->num_aces, sizeof(the_acl->aces[0]), QSORT_CAST ace_compare); for (i=1;i<the_acl->num_aces;) { - if (sec_ace_equal(&the_acl->ace[i-1], &the_acl->ace[i])) { + if (sec_ace_equal(&the_acl->aces[i-1], &the_acl->aces[i])) { int j; for (j=i; j<the_acl->num_aces-1; j++) { - the_acl->ace[j] = the_acl->ace[j+1]; + the_acl->aces[j] = the_acl->aces[j+1]; } the_acl->num_aces--; } else { @@ -665,11 +665,11 @@ static int cacl_set(struct cli_state *cli, char *filename, BOOL found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sec_ace_equal(&sd->dacl->ace[i], - &old->dacl->ace[j])) { + if (sec_ace_equal(&sd->dacl->aces[i], + &old->dacl->aces[j])) { uint32 k; for (k=j; k<old->dacl->num_aces-1;k++) { - old->dacl->ace[k] = old->dacl->ace[k+1]; + old->dacl->aces[k] = old->dacl->aces[k+1]; } old->dacl->num_aces--; found = True; @@ -679,7 +679,7 @@ static int cacl_set(struct cli_state *cli, char *filename, if (!found) { printf("ACL for ACE:"); - print_ace(stdout, &sd->dacl->ace[i]); + print_ace(stdout, &sd->dacl->aces[i]); printf(" not found\n"); } } @@ -690,9 +690,9 @@ static int cacl_set(struct cli_state *cli, char *filename, BOOL found = False; for (j=0;old->dacl && j<old->dacl->num_aces;j++) { - if (sid_equal(&sd->dacl->ace[i].trustee, - &old->dacl->ace[j].trustee)) { - old->dacl->ace[j] = sd->dacl->ace[i]; + if (sid_equal(&sd->dacl->aces[i].trustee, + &old->dacl->aces[j].trustee)) { + old->dacl->aces[j] = sd->dacl->aces[i]; found = True; } } @@ -700,7 +700,7 @@ static int cacl_set(struct cli_state *cli, char *filename, if (!found) { fstring str; - SidToString(str, &sd->dacl->ace[i].trustee); + SidToString(str, &sd->dacl->aces[i].trustee); printf("ACL for SID %s not found\n", str); } } @@ -709,15 +709,15 @@ static int cacl_set(struct cli_state *cli, char *filename, old->owner_sid = sd->owner_sid; } - if (sd->grp_sid) { - old->grp_sid = sd->grp_sid; + if (sd->group_sid) { + old->group_sid = sd->group_sid; } break; case SMB_ACL_ADD: for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) { - add_ace(&old->dacl, &sd->dacl->ace[i]); + add_ace(&old->dacl, &sd->dacl->aces[i]); } break; @@ -738,7 +738,7 @@ static int cacl_set(struct cli_state *cli, char *filename, and W2K. JRA. */ - sd = make_sec_desc(ctx,old->revision, old->type, old->owner_sid, old->grp_sid, + sd = make_sec_desc(ctx,old->revision, old->type, old->owner_sid, old->group_sid, NULL, old->dacl, &sd_size); fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS); |