diff options
| -rw-r--r-- | source/include/rpc_secdes.h | 51 | ||||
| -rw-r--r-- | source/include/smb.h | 3 | ||||
| -rw-r--r-- | source/include/vfs.h | 10 | ||||
| -rw-r--r-- | source/lib/secace.c | 6 | ||||
| -rw-r--r-- | source/lib/secdesc.c | 112 | ||||
| -rw-r--r-- | source/libads/disp_sec.c | 2 | ||||
| -rw-r--r-- | source/libmsrpc/cac_winreg.c | 6 | ||||
| -rw-r--r-- | source/libsmb/clisecdesc.c | 6 | ||||
| -rw-r--r-- | source/printing/nt_printing.c | 54 | ||||
| -rw-r--r-- | source/python/py_ntsec.c | 2 | ||||
| -rw-r--r-- | source/python/py_spoolss_printers_conv.c | 1 | ||||
| -rw-r--r-- | source/registry/reg_printing.c | 4 | ||||
| -rw-r--r-- | source/rpc_client/cli_reg.c | 2 | ||||
| -rw-r--r-- | source/rpc_parse/parse_reg.c | 8 | ||||
| -rw-r--r-- | source/rpc_parse/parse_sec.c | 124 | ||||
| -rw-r--r-- | source/rpc_parse/parse_spoolss.c | 14 | ||||
| -rw-r--r-- | source/rpc_server/srv_samr_nt.c | 8 | ||||
| -rw-r--r-- | source/rpc_server/srv_spoolss_nt.c | 18 | ||||
| -rw-r--r-- | source/rpc_server/srv_srvsvc_nt.c | 2 | ||||
| -rw-r--r-- | source/rpcclient/cmd_lsarpc.c | 2 | ||||
| -rw-r--r-- | source/rpcclient/cmd_samr.c | 2 |
21 files changed, 246 insertions, 191 deletions
diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h index a211d6012e8..8396040a9b1 100644 --- a/source/include/rpc_secdes.h +++ b/source/include/rpc_secdes.h @@ -76,22 +76,7 @@ typedef uint32 SEC_ACCESS; /* SEC_ACE */ -typedef struct security_ace_info { - uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */ - uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */ - uint16 size; - - SEC_ACCESS access_mask; - - /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */ - uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */ - struct GUID obj_guid; /* object GUID */ - struct GUID inh_guid; /* inherited object GUID */ - /* eof object stuff */ - - DOM_SID trustee; - -} SEC_ACE; +typedef struct security_ace SEC_ACE; #define SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32)) #ifndef ACL_REVISION @@ -100,14 +85,7 @@ typedef struct security_ace_info { #ifndef _SEC_ACL /* SEC_ACL */ -typedef struct security_acl_info { - uint16 revision; /* 0x0003 */ - uint16 size; /* size in bytes of the entire ACL structure */ - uint32 num_aces; /* number of Access Control Entries */ - - SEC_ACE *aces; - -} SEC_ACL; +typedef struct security_acl SEC_ACL; #define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16) + sizeof(uint32)) #define _SEC_ACL #endif @@ -118,35 +96,14 @@ typedef struct security_acl_info { #ifndef _SEC_DESC /* SEC_DESC */ -typedef struct security_descriptor_info { - uint16 revision; /* 0x0001 */ - uint16 type; /* SEC_DESC_xxxx flags */ - - uint32 off_owner_sid; /* offset to owner sid */ - uint32 off_grp_sid ; /* offset to group sid */ - uint32 off_sacl ; /* offset to system list of permissions */ - uint32 off_dacl ; /* offset to list of permissions */ - - SEC_ACL *dacl; /* user ACL */ - SEC_ACL *sacl; /* system ACL */ - DOM_SID *owner_sid; - DOM_SID *group_sid; - -} SEC_DESC; +typedef struct security_descriptor SEC_DESC; #define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32)) #define _SEC_DESC #endif #ifndef _SEC_DESC_BUF /* SEC_DESC_BUF */ -typedef struct sec_desc_buf_info { - uint32 max_len; - uint32 ptr; - uint32 len; - - SEC_DESC *sec; - -} SEC_DESC_BUF; +typedef struct sec_desc_buf SEC_DESC_BUF; #define _SEC_DESC_BUF #endif diff --git a/source/include/smb.h b/source/include/smb.h index 713d78f5e56..dbfb82e798b 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -600,8 +600,6 @@ struct trans_state { /* Include VFS stuff */ -struct security_descriptor_info; - #include "smb_acls.h" #include "vfs.h" @@ -1890,6 +1888,7 @@ struct ea_list { #define SAMBA_XATTR_DOS_ATTRIB "user.DOSATTRIB" #define UUID_SIZE 16 + #define UUID_FLAT_SIZE 16 typedef struct uuid_flat { uint8 info[UUID_FLAT_SIZE]; diff --git a/source/include/vfs.h b/source/include/vfs.h index 4464d66c1da..eac9eced165 100644 --- a/source/include/vfs.h +++ b/source/include/vfs.h @@ -92,7 +92,7 @@ struct vfs_handle_struct; struct connection_struct; struct files_struct; -struct security_descriptor_info; +struct security_descriptor; struct vfs_statvfs_struct; /* @@ -298,10 +298,10 @@ struct vfs_ops { /* NT ACL operations. */ - size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor_info **ppdesc); - size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor_info **ppdesc); - BOOL (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor_info *psd); - BOOL (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd); + size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc); + size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc); + BOOL (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor *psd); + BOOL (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd); /* POSIX ACL operations. */ diff --git a/source/lib/secace.c b/source/lib/secace.c index c9b4f839503..871c983533d 100644 --- a/source/lib/secace.c +++ b/source/lib/secace.c @@ -47,9 +47,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ace_dest->flags = ace_src->flags; ace_dest->size = ace_src->size; ace_dest->access_mask = ace_src->access_mask; - ace_dest->obj_flags = ace_src->obj_flags; - memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct GUID)); - memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct GUID)); + ace_dest->object = ace_src->object; sid_copy(&ace_dest->trustee, &ace_src->trustee); } @@ -57,7 +55,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) Sets up a SEC_ACE structure. ********************************************************************/ -void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) +void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, uint32 mask, uint8 flag) { t->type = type; t->flags = flag; diff --git a/source/lib/secdesc.c b/source/lib/secdesc.c index 160fdb949d2..510282bbfb0 100644 --- a/source/lib/secdesc.c +++ b/source/lib/secdesc.c @@ -154,13 +154,13 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU /* Copy over owner and group sids. There seems to be no flag for this so just check the pointer values. */ - owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid : - old_sdb->sec->owner_sid; + owner_sid = new_sdb->sd->owner_sid ? new_sdb->sd->owner_sid : + old_sdb->sd->owner_sid; - group_sid = new_sdb->sec->group_sid ? new_sdb->sec->group_sid : - old_sdb->sec->group_sid; + group_sid = new_sdb->sd->group_sid ? new_sdb->sd->group_sid : + old_sdb->sd->group_sid; - secdesc_type = new_sdb->sec->type; + secdesc_type = new_sdb->sd->type; /* Ignore changes to the system ACL. This has the effect of making changes through the security tab audit button not sticking. @@ -172,14 +172,14 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU /* Copy across discretionary ACL */ if (secdesc_type & SEC_DESC_DACL_PRESENT) { - dacl = new_sdb->sec->dacl; + dacl = new_sdb->sd->dacl; } else { - dacl = old_sdb->sec->dacl; + dacl = old_sdb->sd->dacl; } /* Create new security descriptor from bits */ - psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type, + psd = make_sec_desc(ctx, new_sdb->sd->revision, secdesc_type, owner_sid, group_sid, sacl, dacl, &secdesc_size); return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd); @@ -192,7 +192,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU ********************************************************************/ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, - const DOM_SID *owner_sid, const DOM_SID *group_sid, + const DOM_SID *owner_sid, const DOM_SID *grp_sid, SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { SEC_DESC *dst; @@ -211,21 +211,21 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; - dst->off_owner_sid = 0; - dst->off_grp_sid = 0; - dst->off_sacl = 0; - dst->off_dacl = 0; + dst->owner_sid = NULL; + dst->group_sid = NULL; + dst->sacl = NULL; + dst->dacl = NULL; - if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) + if(owner_sid && ((dst->owner_sid = sid_dup_talloc(dst,owner_sid)) == NULL)) goto error_exit; - if(group_sid && ((dst->group_sid = sid_dup_talloc(ctx,group_sid)) == NULL)) + if(grp_sid && ((dst->group_sid = sid_dup_talloc(dst,grp_sid)) == NULL)) goto error_exit; - if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) + if(sacl && ((dst->sacl = dup_sec_acl(dst, sacl)) == NULL)) goto error_exit; - if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) + if(dacl && ((dst->dacl = dup_sec_acl(dst, dacl)) == NULL)) goto error_exit; offset = SEC_DESC_HEADER_SIZE; @@ -235,21 +235,17 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, */ if (dst->sacl != NULL) { - dst->off_sacl = offset; offset += dst->sacl->size; } if (dst->dacl != NULL) { - dst->off_dacl = offset; offset += dst->dacl->size; } if (dst->owner_sid != NULL) { - dst->off_owner_sid = offset; offset += sid_size(dst->owner_sid); } if (dst->group_sid != NULL) { - dst->off_grp_sid = offset; offset += sid_size(dst->group_sid); } @@ -279,14 +275,71 @@ SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC *src) } /******************************************************************* + Convert a secdesc into a byte stream +********************************************************************/ +NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx, + struct security_descriptor *secdesc, + uint8 **data, size_t *len) +{ + prs_struct ps; + + if (!prs_init(&ps, sec_desc_size(secdesc), mem_ctx, MARSHALL)) { + return NT_STATUS_NO_MEMORY; + } + + if (!sec_io_desc("security_descriptor", &secdesc, &ps, 1)) { + prs_mem_free(&ps); + return NT_STATUS_INVALID_PARAMETER; + } + + if (!(*data = (uint8 *)talloc_memdup(mem_ctx, ps.data_p, + prs_offset(&ps)))) { + prs_mem_free(&ps); + return NT_STATUS_NO_MEMORY; + } + + *len = prs_offset(&ps); + prs_mem_free(&ps); + return NT_STATUS_OK; +} + +/******************************************************************* + Parse a byte stream into a secdesc +********************************************************************/ +NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len, + struct security_descriptor **psecdesc) +{ + prs_struct ps; + struct security_descriptor *secdesc = NULL; + + if (!(secdesc = TALLOC_ZERO_P(mem_ctx, struct security_descriptor))) { + return NT_STATUS_NO_MEMORY; + } + + if (!prs_init(&ps, 0, secdesc, UNMARSHALL)) { + return NT_STATUS_NO_MEMORY; + } + + prs_give_memory(&ps, (char *)data, len, False); + + if (!sec_io_desc("security_descriptor", &secdesc, &ps, 1)) { + return NT_STATUS_INVALID_PARAMETER; + } + + prs_mem_free(&ps); + *psecdesc = secdesc; + return NT_STATUS_OK; +} + +/******************************************************************* Creates a SEC_DESC structure with typical defaults. ********************************************************************/ -SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *group_sid, +SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *grp_sid, SEC_ACL *dacl, size_t *sd_size) { return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, - owner_sid, group_sid, NULL, dacl, sd_size); + owner_sid, grp_sid, NULL, dacl, sd_size); } /******************************************************************* @@ -301,15 +354,12 @@ SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc) return NULL; /* max buffer size (allocated size) */ - dst->max_len = (uint32)len; - dst->len = (uint32)len; + dst->sd_size = (uint32)len; - if(sec_desc && ((dst->sec = dup_sec_desc(ctx, sec_desc)) == NULL)) { + if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) { return NULL; } - dst->ptr = 0x1; - return dst; } @@ -322,7 +372,7 @@ SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src) if(src == NULL) return NULL; - return make_sec_desc_buf( ctx, src->len, src->sec); + return make_sec_desc_buf( ctx, src->sd_size, src->sd); } /******************************************************************* @@ -532,7 +582,9 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, Sets up a SEC_ACCESS structure. ********************************************************************/ -void init_sec_access(SEC_ACCESS *t, uint32 mask) +void init_sec_access(uint32 *t, uint32 mask) { *t = mask; } + + diff --git a/source/libads/disp_sec.c b/source/libads/disp_sec.c index d545a3454b1..1e62eb85517 100644 --- a/source/libads/disp_sec.c +++ b/source/libads/disp_sec.c @@ -100,7 +100,7 @@ static void ads_disp_ace(SEC_ACE *sec_ace) sec_ace->flags, sec_ace->size, sec_ace->access_mask, - sec_ace->obj_flags); + sec_ace->object.object.flags); } if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) { diff --git a/source/libmsrpc/cac_winreg.c b/source/libmsrpc/cac_winreg.c index d8d2047be4e..f55f77346fb 100644 --- a/source/libmsrpc/cac_winreg.c +++ b/source/libmsrpc/cac_winreg.c @@ -946,8 +946,10 @@ int cac_RegGetKeySecurity( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, return CAC_FAILURE; } - op->out.size = buf.len; - op->out.descriptor = dup_sec_desc( mem_ctx, buf.sec ); +#if 0 /* FIX ME!!!! unmarshall the security descriptor */ + op->out.size = buf.sd_size; + op->out.descriptor = dup_sec_desc( mem_ctx, buf.sd ); +#endif if ( op->out.descriptor == NULL ) { return CAC_FAILURE; diff --git a/source/libsmb/clisecdesc.c b/source/libsmb/clisecdesc.c index 24757434794..e55be48e940 100644 --- a/source/libsmb/clisecdesc.c +++ b/source/libsmb/clisecdesc.c @@ -107,11 +107,11 @@ BOOL cli_set_secdesc(struct cli_state *cli, int fnum, SEC_DESC *sd) SIVAL(param, 0, fnum); - if (sd->off_dacl) + if (sd->dacl) sec_info |= DACL_SECURITY_INFORMATION; - if (sd->off_owner_sid) + if (sd->owner_sid) sec_info |= OWNER_SECURITY_INFORMATION; - if (sd->off_grp_sid) + if (sd->group_sid) sec_info |= GROUP_SECURITY_INFORMATION; SSVAL(param, 4, sec_info); diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index c00bda921ed..84dba9d55a7 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -376,7 +376,7 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key, prs_mem_free( &ps ); return 0; } - sec = sd_orig->sec; + sec = sd_orig->sd; /* is this even valid? */ @@ -431,7 +431,7 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key, /* store it back */ - sd_size = sec_desc_size(sd_store->sec) + sizeof(SEC_DESC_BUF); + sd_size = sec_desc_size(sd_store->sd) + sizeof(SEC_DESC_BUF); prs_init(&ps, sd_size, ctx, MARSHALL); if ( !sec_io_desc_buf( "sec_desc_upg_fn", &sd_store, &ps, 1 ) ) { @@ -5078,7 +5078,7 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr) permissions through NT. If they are NULL in the new security descriptor then copy them over from the old one. */ - if (!secdesc_ctr->sec->owner_sid || !secdesc_ctr->sec->group_sid) { + if (!secdesc_ctr->sd->owner_sid || !secdesc_ctr->sd->group_sid) { DOM_SID *owner_sid, *group_sid; SEC_ACL *dacl, *sacl; SEC_DESC *psd = NULL; @@ -5091,25 +5091,25 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr) /* Pick out correct owner and group sids */ - owner_sid = secdesc_ctr->sec->owner_sid ? - secdesc_ctr->sec->owner_sid : - old_secdesc_ctr->sec->owner_sid; + owner_sid = secdesc_ctr->sd->owner_sid ? + secdesc_ctr->sd->owner_sid : + old_secdesc_ctr->sd->owner_sid; - group_sid = secdesc_ctr->sec->group_sid ? - secdesc_ctr->sec->group_sid : - old_secdesc_ctr->sec->group_sid; + group_sid = secdesc_ctr->sd->group_sid ? + secdesc_ctr->sd->group_sid : + old_secdesc_ctr->sd->group_sid; - dacl = secdesc_ctr->sec->dacl ? - secdesc_ctr->sec->dacl : - old_secdesc_ctr->sec->dacl; + dacl = secdesc_ctr->sd->dacl ? + secdesc_ctr->sd->dacl : + old_secdesc_ctr->sd->dacl; - sacl = secdesc_ctr->sec->sacl ? - secdesc_ctr->sec->sacl : - old_secdesc_ctr->sec->sacl; + sacl = secdesc_ctr->sd->sacl ? + secdesc_ctr->sd->sacl : + old_secdesc_ctr->sd->sacl; /* Make a deep copy of the security descriptor */ - psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision, secdesc_ctr->sec->type, + psd = make_sec_desc(mem_ctx, secdesc_ctr->sd->revision, secdesc_ctr->sd->type, owner_sid, group_sid, sacl, dacl, @@ -5129,7 +5129,7 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr) /* Store the security descriptor in a tdb */ - prs_init(&ps, (uint32)sec_desc_size(new_secdesc_ctr->sec) + + prs_init(&ps, (uint32)sec_desc_size(new_secdesc_ctr->sd) + sizeof(SEC_DESC_BUF), mem_ctx, MARSHALL); if (!sec_io_desc_buf("nt_printing_setsec", &new_secdesc_ctr, @@ -5274,7 +5274,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s /* Save default security descriptor for later */ - prs_init(&ps, (uint32)sec_desc_size((*secdesc_ctr)->sec) + + prs_init(&ps, (uint32)sec_desc_size((*secdesc_ctr)->sd) + sizeof(SEC_DESC_BUF), ctx, MARSHALL); if (sec_io_desc_buf("nt_printing_getsec", secdesc_ctr, &ps, 1)) { @@ -5292,7 +5292,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s this security descriptor has been created when winbindd was down. Take ownership of security descriptor. */ - if (sid_equal((*secdesc_ctr)->sec->owner_sid, &global_sid_World)) { + if (sid_equal((*secdesc_ctr)->sd->owner_sid, &global_sid_World)) { DOM_SID owner_sid; /* Change sd owner to workgroup administrator */ @@ -5306,11 +5306,11 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN); - psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision, (*secdesc_ctr)->sec->type, + psd = make_sec_desc(ctx, (*secdesc_ctr)->sd->revision, (*secdesc_ctr)->sd->type, &owner_sid, - (*secdesc_ctr)->sec->group_sid, - (*secdesc_ctr)->sec->sacl, - (*secdesc_ctr)->sec->dacl, + (*secdesc_ctr)->sd->group_sid, + (*secdesc_ctr)->sd->sacl, + (*secdesc_ctr)->sd->dacl, &size); if (!psd) { @@ -5333,7 +5333,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s } if (DEBUGLEVEL >= 10) { - SEC_ACL *the_acl = (*secdesc_ctr)->sec->dacl; + SEC_ACL *the_acl = (*secdesc_ctr)->sd->dacl; int i; DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", @@ -5476,7 +5476,7 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type) against. This is because print jobs are child objects objects of a printer. */ - secdesc = se_create_child_secdesc(mem_ctx, parent_secdesc->sec, False); + secdesc = se_create_child_secdesc(mem_ctx, parent_secdesc->sd, False); if (!secdesc) { talloc_destroy(mem_ctx); @@ -5495,9 +5495,9 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type) /* Check access */ - map_printer_permissions(secdesc->sec); + map_printer_permissions(secdesc->sd); - result = se_access_check(secdesc->sec, user->nt_user_token, access_type, + result = se_access_check(secdesc->sd, user->nt_user_token, access_type, &access_granted, &status); DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE")); diff --git a/source/python/py_ntsec.c b/source/python/py_ntsec.c index f832b22fe01..f82433a69ff 100644 --- a/source/python/py_ntsec.c +++ b/source/python/py_ntsec.c @@ -157,7 +157,7 @@ BOOL py_to_ACL(SEC_ACL *acl, PyObject *dict, TALLOC_CTX *mem_ctx) acl->num_aces = PyList_Size(obj); - acl->aces = _talloc(mem_ctx, acl->num_aces * sizeof(SEC_ACE)); + acl->aces = TALLOC_ARRAY(mem_ctx, struct security_ace, acl->num_aces); acl->size = SEC_ACL_HEADER_SIZE; for (i = 0; i < acl->num_aces; i++) { diff --git a/source/python/py_spoolss_printers_conv.c b/source/python/py_spoolss_printers_conv.c index a36291f62d1..4ab030d9619 100644 --- a/source/python/py_spoolss_printers_conv.c +++ b/source/python/py_spoolss_printers_conv.c @@ -103,6 +103,7 @@ struct pyconv py_PRINTER_INFO_2[] = { }; struct pyconv py_PRINTER_INFO_3[] = { + { "flags", PY_UINT32, offsetof(PRINTER_INFO_3, flags) }, { NULL } }; diff --git a/source/registry/reg_printing.c b/source/registry/reg_printing.c index 10cfce604ef..f99a7e570c3 100644 --- a/source/registry/reg_printing.c +++ b/source/registry/reg_printing.c @@ -449,8 +449,8 @@ static void fill_in_printer_values( NT_PRINTER_INFO_LEVEL_2 *info2, REGVAL_CTR * /* stream the printer security descriptor */ - if ( info2->secdesc_buf && info2->secdesc_buf->len ) { - if ( sec_io_desc("sec_desc", &info2->secdesc_buf->sec, &prs, 0 ) ) { + if ( info2->secdesc_buf && info2->secdesc_buf->sd_size ) { + if ( sec_io_desc("sec_desc", &info2->secdesc_buf->sd, &prs, 0 ) ) { offset = prs_offset( &prs ); regval_ctr_addvalue( values, "Security", REG_BINARY, prs_data_p(&prs), offset ); } diff --git a/source/rpc_client/cli_reg.c b/source/rpc_client/cli_reg.c index e136df753ad..09d4732714c 100644 --- a/source/rpc_client/cli_reg.c +++ b/source/rpc_client/cli_reg.c @@ -383,7 +383,7 @@ WERROR rpccli_reg_get_key_sec(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, return out.status; sec_buf = out.data; - *sec_buf_size = out.data->len; + *sec_buf_size = out.data->sd_size; return out.status; } diff --git a/source/rpc_parse/parse_reg.c b/source/rpc_parse/parse_reg.c index fef1332e5c7..54a206948c3 100644 --- a/source/rpc_parse/parse_reg.c +++ b/source/rpc_parse/parse_reg.c @@ -193,9 +193,9 @@ static BOOL reg_io_hdrbuf_sec(uint32 ptr, uint32 *ptr3, BUFHDR *hdr_sec, } if(!smb_io_hdrbuf_post("hdr_sec", hdr_sec, ps, depth, - hdr_offset, data->max_len, data->len)) + hdr_offset, data->sd_size, data->sd_size)) return False; - if(!prs_set_offset(ps, old_offset + data->len + + if(!prs_set_offset(ps, old_offset + data->sd_size + sizeof(uint32) * ((ptr3 != NULL) ? 5 : 3))) return False; @@ -233,7 +233,7 @@ void init_reg_q_create_key_ex(REG_Q_CREATE_KEY_EX *q_c, POLICY_HND *hnd, q_c->data = sec_buf; q_c->ptr2 = 1; - init_buf_hdr(&q_c->hdr_sec, sec_buf->len, sec_buf->len); + init_buf_hdr(&q_c->hdr_sec, sec_buf->sd_size, sec_buf->sd_size); q_c->ptr3 = 1; q_c->disposition = TALLOC_P( get_talloc_ctx(), uint32 ); if (!q_c->disposition) { @@ -756,7 +756,7 @@ void init_reg_q_set_key_sec(REG_Q_SET_KEY_SEC *q_u, POLICY_HND *pol, q_u->sec_info = sec_info; q_u->ptr = 1; - init_buf_hdr(&q_u->hdr_sec, sec_desc_buf->len, sec_desc_buf->len); + init_buf_hdr(&q_u->hdr_sec, sec_desc_buf->sd_size, sec_desc_buf->sd_size); q_u->data = sec_desc_buf; } diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c index 15c6d7f1657..72accad1b6c 100644 --- a/source/rpc_parse/parse_sec.c +++ b/source/rpc_parse/parse_sec.c @@ -28,6 +28,24 @@ #define DBGC_CLASS DBGC_RPC_PARSE /******************************************************************* + Reads or writes a SEC_ACCESS structure. +********************************************************************/ + +BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) +{ + if (t == NULL) + return False; + + prs_debug(ps, depth, desc, "sec_io_access"); + depth++; + + if(!prs_uint32("mask", ps, depth, t)) + return False; + + return True; +} + +/******************************************************************* Reads or writes a SEC_ACE structure. ********************************************************************/ @@ -35,6 +53,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; + uint8 type; if (psa == NULL) return False; @@ -44,16 +63,24 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) old_offset = prs_offset(ps); - if(!prs_uint8("type ", ps, depth, &psa->type)) + if (MARSHALLING(ps)) { + type = (uint8)psa->type; + } + + if(!prs_uint8("type ", ps, depth, &type)) return False; + if (UNMARSHALLING(ps)) { + psa->type = (enum security_ace_type)type; + } + if(!prs_uint8("flags", ps, depth, &psa->flags)) return False; if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size)) return False; - if (!prs_uint32("access_mask", ps, depth, &psa->access_mask)) + if(!prs_uint32("access_mask", ps, depth, &psa->access_mask)) return False; /* check whether object access is present */ @@ -61,15 +88,15 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) return False; } else { - if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags)) + if (!prs_uint32("obj_flags", ps, depth, &psa->object.object.flags)) return False; - if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT) - if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth)) + if (psa->object.object.flags & SEC_ACE_OBJECT_PRESENT) + if (!smb_io_uuid("obj_guid", &psa->object.object.type.type, ps,depth)) return False; - if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT) - if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth)) + if (psa->object.object.flags & SEC_ACE_OBJECT_INHERITED_PRESENT) + if (!smb_io_uuid("inh_guid", &psa->object.object.inherited_type.inherited_type, ps,depth)) return False; if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) @@ -110,6 +137,7 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) uint32 old_offset; uint32 offset_acl_size; SEC_ACL *psa; + uint16 revision; /* * Note that the size is always a multiple of 4 bytes due to the @@ -137,9 +165,17 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) old_offset = prs_offset(ps); - if(!prs_uint16("revision", ps, depth, &psa->revision)) + if (MARSHALLING(ps)) { + revision = (uint16)psa->revision; + } + + if(!prs_uint16("revision", ps, depth, &revision)) return False; + if (UNMARSHALLING(ps)) { + psa->revision = (enum security_acl_revision)revision; + } + if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size)) return False; @@ -192,6 +228,8 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ uint32 tmp_offset = 0; + uint32 off_sacl, off_dacl, off_owner_sid, off_grp_sid; + uint16 revision; SEC_DESC *psd; @@ -217,9 +255,17 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); - if(!prs_uint16("revision ", ps, depth, &psd->revision)) + if (MARSHALLING(ps)) { + revision = (uint16)psd->revision; + } + + if(!prs_uint16("revision", ps, depth, &revision)) return False; + if (UNMARSHALLING(ps)) { + psd->revision = (enum security_acl_revision)revision; + } + if(!prs_uint16("type ", ps, depth, &psd->type)) return False; @@ -231,52 +277,52 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) */ if (psd->sacl != NULL) { - psd->off_sacl = offset; + off_sacl = offset; offset += psd->sacl->size; } else { - psd->off_sacl = 0; + off_sacl = 0; } if (psd->dacl != NULL) { - psd->off_dacl = offset; + off_dacl = offset; offset += psd->dacl->size; } else { - psd->off_dacl = 0; + off_dacl = 0; } if (psd->owner_sid != NULL) { - psd->off_owner_sid = offset; + off_owner_sid = offset; offset += sid_size(psd->owner_sid); } else { - psd->off_owner_sid = 0; + off_owner_sid = 0; } if (psd->group_sid != NULL) { - psd->off_grp_sid = offset; + off_grp_sid = offset; offset += sid_size(psd->group_sid); } else { - psd->off_grp_sid = 0; + off_grp_sid = 0; } } - if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)) + if(!prs_uint32("off_owner_sid", ps, depth, &off_owner_sid)) return False; - if(!prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid)) + if(!prs_uint32("off_grp_sid ", ps, depth, &off_grp_sid)) return False; - if(!prs_uint32("off_sacl ", ps, depth, &psd->off_sacl)) + if(!prs_uint32("off_sacl ", ps, depth, &off_sacl)) return False; - if(!prs_uint32("off_dacl ", ps, depth, &psd->off_dacl)) + if(!prs_uint32("off_dacl ", ps, depth, &off_dacl)) return False; max_offset = MAX(max_offset, prs_offset(ps)); - if (psd->off_owner_sid != 0) { + if (off_owner_sid != 0) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) + if(!prs_set_offset(ps, old_offset + off_owner_sid)) return False; if (UNMARSHALLING(ps)) { @@ -294,10 +340,10 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if (psd->off_grp_sid != 0) { + if (psd->group_sid != 0) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) + if(!prs_set_offset(ps, old_offset + off_grp_sid)) return False; if (UNMARSHALLING(ps)) { @@ -306,7 +352,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if(!smb_io_dom_sid("group_sid", psd->group_sid, ps, depth)) + if(!smb_io_dom_sid("grp_sid", psd->group_sid, ps, depth)) return False; max_offset = MAX(max_offset, prs_offset(ps)); @@ -315,9 +361,9 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) { + if ((psd->type & SEC_DESC_SACL_PRESENT) && off_sacl) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_sacl)) + if(!prs_set_offset(ps, old_offset + off_sacl)) return False; if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) return False; @@ -326,9 +372,9 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { + if ((psd->type & SEC_DESC_DACL_PRESENT) && off_dacl != 0) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_dacl)) + if(!prs_set_offset(ps, old_offset + off_dacl)) return False; if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) return False; @@ -353,7 +399,9 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int uint32 off_max_len; uint32 old_offset; uint32 size; + uint32 len; SEC_DESC_BUF *psdb; + uint32 ptr; if (ppsdb == NULL) return False; @@ -372,20 +420,22 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int if(!prs_align(ps)) return False; - if(!prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len)) + if(!prs_uint32_pre("max_len", ps, depth, &psdb->sd_size, &off_max_len)) return False; - if(!prs_uint32 ("ptr ", ps, depth, &psdb->ptr)) + ptr = 1; + if(!prs_uint32 ("ptr ", ps, depth, &ptr)) return False; - if(!prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len)) + len = sec_desc_size(psdb->sd); + if(!prs_uint32_pre("len ", ps, depth, &len, &off_len)) return False; old_offset = prs_offset(ps); /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((UNMARSHALLING(ps) && psdb->len != 0) || (MARSHALLING(ps) && psdb->sec != NULL)) { - if(!sec_io_desc("sec ", &psdb->sec, ps, depth)) + if ((UNMARSHALLING(ps) && psdb->sd_size != 0) || (MARSHALLING(ps) && psdb->sd != NULL)) { + if(!sec_io_desc("sec ", &psdb->sd, ps, depth)) return False; } @@ -393,10 +443,10 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int return False; size = prs_offset(ps) - old_offset; - if(!prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size)) + if(!prs_uint32_post("max_len", ps, depth, &psdb->sd_size, off_max_len, size == 0 ? psdb->sd_size : size)) return False; - if(!prs_uint32_post("len ", ps, depth, &psdb->len, off_len, size)) + if(!prs_uint32_post("len ", ps, depth, &len, off_len, size)) return False; return True; diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c index 38141515dc1..cd8d4174c14 100644 --- a/source/rpc_parse/parse_spoolss.c +++ b/source/rpc_parse/parse_spoolss.c @@ -3,7 +3,7 @@ * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, - * Copyright (C) Jean François Micouleau 1998-2000, + * Copyright (C) Jean François Micouleau 1998-2000, * Copyright (C) Gerald Carter 2000-2002, * Copyright (C) Tim Potter 2001-2002. * @@ -3842,10 +3842,8 @@ BOOL make_spoolss_q_setprinter(TALLOC_CTX *mem_ctx, SPOOL_Q_SETPRINTER *q_u, q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF); if (!q_u->secdesc_ctr) return False; - q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0; - q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; - q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; - q_u->secdesc_ctr->sec = secdesc; + q_u->secdesc_ctr->sd = secdesc; + q_u->secdesc_ctr->sd_size = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; q_u->devmode_ctr.devmode_ptr = (devmode != NULL) ? 1 : 0; q_u->devmode_ctr.size = (devmode != NULL) ? sizeof(DEVICEMODE) + (3*sizeof(uint32)) : 0; @@ -3866,10 +3864,8 @@ BOOL make_spoolss_q_setprinter(TALLOC_CTX *mem_ctx, SPOOL_Q_SETPRINTER *q_u, q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF); if (!q_u->secdesc_ctr) return False; - q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0; - q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; - q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; - q_u->secdesc_ctr->sec = secdesc; + q_u->secdesc_ctr->sd_size = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0; + q_u->secdesc_ctr->sd = secdesc; break; case 7: diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 07db64eb5f2..2cce51776f7 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -723,7 +723,7 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_ return NT_STATUS_INVALID_HANDLE; } - dacl = q_u->buf->sec->dacl; + dacl = q_u->buf->sd->dacl; for (i=0; i < dacl->num_aces; i++) { if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) { ret = pdb_set_pass_can_change(sampass, @@ -1727,7 +1727,7 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK int num_rids = (int)q_u->num_rids1; uint32 acc_granted; int i; - + r_u->status = NT_STATUS_OK; DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__)); @@ -3461,7 +3461,7 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25, * the delete explicit / add explicit, which would then fail to find * the previous primaryGroupSid value. */ - + if ( IS_SAM_CHANGED(pwd, PDB_GROUPSID) ) { status = pdb_set_unix_primary_group(mem_ctx, pwd); if ( !NT_STATUS_IS_OK(status) ) { @@ -4768,7 +4768,7 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_ if ( !NT_STATUS_IS_OK( status ) ) return status; break; - } + } case 3: if ( ctr->alias.info3.description.string ) { unistr2_to_ascii( info.acct_desc, diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 585e78d4c3b..57748d74ba7 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -3084,8 +3084,8 @@ static void spoolss_notify_security_desc(int snum, NT_PRINTER_INFO_LEVEL *printer, TALLOC_CTX *mem_ctx) { - data->notify_data.sd.size = printer->info_2->secdesc_buf->len; - data->notify_data.sd.desc = dup_sec_desc( mem_ctx, printer->info_2->secdesc_buf->sec ) ; + data->notify_data.sd.size = printer->info_2->secdesc_buf->sd_size; + data->notify_data.sd.desc = dup_sec_desc( mem_ctx, printer->info_2->secdesc_buf->sd ) ; } /******************************************************************* @@ -4243,13 +4243,13 @@ static BOOL construct_printer_info_2(Printer_entry *print_hnd, PRINTER_INFO_2 *p printer->secdesc = NULL; if ( ntprinter->info_2->secdesc_buf - && ntprinter->info_2->secdesc_buf->len != 0 ) + && ntprinter->info_2->secdesc_buf->sd_size != 0 ) { /* don't use talloc_steal() here unless you do a deep steal of all the SEC_DESC members */ printer->secdesc = dup_sec_desc( get_talloc_ctx(), - ntprinter->info_2->secdesc_buf->sec ); + ntprinter->info_2->secdesc_buf->sd ); } free_a_printer(&ntprinter, 2); @@ -4281,12 +4281,12 @@ static BOOL construct_printer_info_3(Printer_entry *print_hnd, PRINTER_INFO_3 ** /* These are the components of the SD we are returning. */ - if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->len != 0) { + if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->sd_size != 0) { /* don't use talloc_steal() here unless you do a deep steal of all the SEC_DESC members */ printer->secdesc = dup_sec_desc( get_talloc_ctx(), - ntprinter->info_2->secdesc_buf->sec ); + ntprinter->info_2->secdesc_buf->sd ); } free_a_printer(&ntprinter, 2); @@ -5947,7 +5947,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, SEC_ACL *the_acl; int i; - the_acl = old_secdesc_ctr->sec->dacl; + the_acl = old_secdesc_ctr->sd->dacl; DEBUG(10, ("old_secdesc_ctr for %s has %d aces:\n", PRINTERNAME(snum), the_acl->num_aces)); @@ -5960,7 +5960,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, the_acl->aces[i].access_mask)); } - the_acl = secdesc_ctr->sec->dacl; + the_acl = secdesc_ctr->sd->dacl; if (the_acl) { DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", @@ -5985,7 +5985,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, goto done; } - if (sec_desc_equal(new_secdesc_ctr->sec, old_secdesc_ctr->sec)) { + if (sec_desc_equal(new_secdesc_ctr->sd, old_secdesc_ctr->sd)) { result = WERR_OK; goto done; } diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c index 5049a539961..e4c4491582c 100644 --- a/source/rpc_server/srv_srvsvc_nt.c +++ b/source/rpc_server/srv_srvsvc_nt.c @@ -1558,7 +1558,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S case 1501: pstrcpy(pathname, lp_pathname(snum)); fstrcpy(comment, lp_comment(snum)); - psd = q_u->info.share.info1501.sdb->sec; + psd = q_u->info.share.info1501.sdb->sd; map_generic_share_sd_bits(psd); type = STYPE_DISKTREE; break; diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c index a130def4f57..e0c2dac094d 100644 --- a/source/rpcclient/cmd_lsarpc.c +++ b/source/rpcclient/cmd_lsarpc.c @@ -834,7 +834,7 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli, /* Print results */ - display_sec_desc(sdb->sec); + display_sec_desc(sdb->sd); rpccli_lsa_close(cli, mem_ctx, &pol); done: diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index dd55e65fb97..a3f62b7c943 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -1926,7 +1926,7 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli, if (!NT_STATUS_IS_OK(result)) goto done; - display_sec_desc(sec_desc_buf->sec); + display_sec_desc(sec_desc_buf->sd); rpccli_samr_close(cli, mem_ctx, &user_pol); rpccli_samr_close(cli, mem_ctx, &domain_pol); |