s3-security: use shared SECINFO_OWNER define.

Guenther

source3/include/rpc_secdes.h

@@ -25,7 +25,6 @@
 #define SEC_RIGHTS_FULL_CTRL		0xf01ff
 
 /* security information */
-#define OWNER_SECURITY_INFORMATION	0x00000001
 #define GROUP_SECURITY_INFORMATION	0x00000002
 #define DACL_SECURITY_INFORMATION	0x00000004
 #define SACL_SECURITY_INFORMATION	0x00000008
@@ -35,7 +34,7 @@
 #define PROTECTED_SACL_SECURITY_INFORMATION	0x40000000
 #define PROTECTED_DACL_SECURITY_INFORMATION	0x80000000
 
-#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
+#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|GROUP_SECURITY_INFORMATION|\
 					DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
 					UNPROTECTED_SACL_SECURITY_INFORMATION|\
 					UNPROTECTED_DACL_SECURITY_INFORMATION|\

source3/lib/secdesc.c

@@ -43,7 +43,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd)
 	SMB_ASSERT(sd);
 
 	if (sd->owner_sid == NULL) {
-		sec_info &= ~OWNER_SECURITY_INFORMATION;
+		sec_info &= ~SECINFO_OWNER;
 	}
 	if (sd->group_sid == NULL) {
 		sec_info &= ~GROUP_SECURITY_INFORMATION;

source3/libsmb/clisecdesc.c

@@ -93,7 +93,7 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
 	if (sd->dacl)
 		sec_info |= DACL_SECURITY_INFORMATION;
 	if (sd->owner_sid)
-		sec_info |= OWNER_SECURITY_INFORMATION;
+		sec_info |= SECINFO_OWNER;
 	if (sd->group_sid)
 		sec_info |= GROUP_SECURITY_INFORMATION;
 	SSVAL(param, 4, sec_info);

source3/modules/nfs4_acls.c

@@ -322,7 +322,7 @@ static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf,
 
 	DEBUG(10,("after make sec_acl\n"));
 	*ppdesc = make_sec_desc(mem_ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
-	                        (security_info & OWNER_SECURITY_INFORMATION) ? &sid_owner : NULL,
+	                        (security_info & SECINFO_OWNER) ? &sid_owner : NULL,
 	                        (security_info & GROUP_SECURITY_INFORMATION) ? &sid_group : NULL,
 	                        NULL, psa, &sd_size);
 	if (*ppdesc==NULL) {
@@ -735,7 +735,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
 	DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
 
 	if ((security_info_sent & (DACL_SECURITY_INFORMATION |
-		GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION)) == 0)
+		GROUP_SECURITY_INFORMATION | SECINFO_OWNER)) == 0)
 	{
 		DEBUG(9, ("security_info_sent (0x%x) ignored\n",
 			security_info_sent));

source3/modules/onefs_acl.c

@@ -705,7 +705,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 	sacl = NULL;
 
 	/* Copy owner into ppdesc */
-	if (security_info & OWNER_SECURITY_INFORMATION) {
+	if (security_info & SECINFO_OWNER) {
 		if (!onefs_identity_to_sid(sd->owner, &owner_sid)) {
 			status = NT_STATUS_INVALID_PARAMETER;
 			goto out;
@@ -840,7 +840,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent,
 	*security_info_effective = security_info_sent;
 
 	/* Setup owner */
-	if (security_info_sent & OWNER_SECURITY_INFORMATION) {
+	if (security_info_sent & SECINFO_OWNER) {
 		if (!onefs_og_to_identity(psd->owner_sid, &owner, false, snum))
 			return NT_STATUS_ACCESS_DENIED;
 

source3/modules/vfs_acl_common.c

@@ -36,7 +36,7 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
 			files_struct *fsp,
 			DATA_BLOB *pblob);
 
-#define HASH_SECURITY_INFO (OWNER_SECURITY_INFORMATION | \
+#define HASH_SECURITY_INFO (SECINFO_OWNER | \
 				GROUP_SECURITY_INFORMATION | \
 				DACL_SECURITY_INFORMATION | \
 				SACL_SECURITY_INFORMATION)
@@ -371,7 +371,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
 		}
 	}
 
-	if (!(security_info & OWNER_SECURITY_INFORMATION)) {
+	if (!(security_info & SECINFO_OWNER)) {
 		psd->owner_sid = NULL;
 	}
 	if (!(security_info & GROUP_SECURITY_INFORMATION)) {
@@ -436,7 +436,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 	}
 
 	return SMB_VFS_FSET_NT_ACL(fsp,
-				(OWNER_SECURITY_INFORMATION |
+				(SECINFO_OWNER |
 				 GROUP_SECURITY_INFORMATION |
 				 DACL_SECURITY_INFORMATION),
 				psd);
@@ -459,7 +459,7 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle,
 	status = get_nt_acl_internal(handle,
 					NULL,
 					parent_name,
-					(OWNER_SECURITY_INFORMATION |
+					(SECINFO_OWNER |
 					 GROUP_SECURITY_INFORMATION |
 					 DACL_SECURITY_INFORMATION),
 					&parent_desc);
@@ -532,7 +532,7 @@ static int open_acl_common(vfs_handle_struct *handle,
 	status = get_nt_acl_internal(handle,
 				NULL,
 				fname,
-				(OWNER_SECURITY_INFORMATION |
+				(SECINFO_OWNER |
 				 GROUP_SECURITY_INFORMATION |
 				 DACL_SECURITY_INFORMATION),
 				&pdesc);
@@ -678,10 +678,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 
         /* Ensure we have OWNER/GROUP/DACL set. */
 
-	if ((security_info_sent & (OWNER_SECURITY_INFORMATION|
+	if ((security_info_sent & (SECINFO_OWNER|
 				GROUP_SECURITY_INFORMATION|
 				DACL_SECURITY_INFORMATION)) !=
-				(OWNER_SECURITY_INFORMATION|
+				(SECINFO_OWNER|
 				 GROUP_SECURITY_INFORMATION|
 				 DACL_SECURITY_INFORMATION)) {
 		/* No we don't - read from the existing SD. */
@@ -689,7 +689,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 
 		status = get_nt_acl_internal(handle, fsp,
 				NULL,
-				(OWNER_SECURITY_INFORMATION|
+				(SECINFO_OWNER|
 				 GROUP_SECURITY_INFORMATION|
 				 DACL_SECURITY_INFORMATION),
 				&nc_psd);
@@ -699,10 +699,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 		}
 
 		/* This is safe as nc_psd is discarded at fn exit. */
-		if (security_info_sent & OWNER_SECURITY_INFORMATION) {
+		if (security_info_sent & SECINFO_OWNER) {
 			nc_psd->owner_sid = psd->owner_sid;
 		}
-		security_info_sent |= OWNER_SECURITY_INFORMATION;
+		security_info_sent |= SECINFO_OWNER;
 
 		if (security_info_sent & GROUP_SECURITY_INFORMATION) {
 			nc_psd->group_sid = psd->group_sid;

source3/modules/vfs_afsacl.c

@@ -644,7 +644,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
 
 	*ppdesc = make_sec_desc(mem_ctx, SD_REVISION,
 				SEC_DESC_SELF_RELATIVE,
-				(security_info & OWNER_SECURITY_INFORMATION)
+				(security_info & SECINFO_OWNER)
 				? &owner_sid : NULL,
 				(security_info & GROUP_SECURITY_INFORMATION)
 				? &group_sid : NULL,

source3/rpc_server/srv_srvsvc_nt.c

@@ -2146,7 +2146,7 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 	}
 
 	nt_status = SMB_VFS_FGET_NT_ACL(fsp,
-				       (OWNER_SECURITY_INFORMATION
+				       (SECINFO_OWNER
 					|GROUP_SECURITY_INFORMATION
 					|DACL_SECURITY_INFORMATION), &psd);
 
@@ -2280,7 +2280,7 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
 	security_info_sent = r->in.securityinformation;
 
 	if (psd->owner_sid==0) {
-		security_info_sent &= ~OWNER_SECURITY_INFORMATION;
+		security_info_sent &= ~SECINFO_OWNER;
 	}
 	if (psd->group_sid==0) {
 		security_info_sent &= ~GROUP_SECURITY_INFORMATION;

source3/rpc_server/srv_svcctl_nt.c

@@ -926,7 +926,7 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
 			required_access = STD_RIGHT_WRITE_DAC_ACCESS;
 			break;
 
-		case OWNER_SECURITY_INFORMATION:
+		case SECINFO_OWNER:
 		case GROUP_SECURITY_INFORMATION:
 			required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
 			break;

source3/smbd/file_access.c

@@ -42,7 +42,7 @@ bool can_access_file_acl(struct connection_struct *conn,
 	}
 
 	status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
-				    (OWNER_SECURITY_INFORMATION |
+				    (SECINFO_OWNER |
 				     GROUP_SECURITY_INFORMATION |
 				     DACL_SECURITY_INFORMATION),
 				    &secdesc);

source3/smbd/nttrans.c

@@ -846,7 +846,7 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len,
 	}
 
 	if (psd->owner_sid == NULL) {
-		security_info_sent &= ~OWNER_SECURITY_INFORMATION;
+		security_info_sent &= ~SECINFO_OWNER;
 	}
 	if (psd->group_sid == NULL) {
 		security_info_sent &= ~GROUP_SECURITY_INFORMATION;

source3/smbd/open.c

@@ -89,7 +89,7 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
 	struct security_descriptor *sd = NULL;
 
 	status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
-			(OWNER_SECURITY_INFORMATION |
+			(SECINFO_OWNER |
 			GROUP_SECURITY_INFORMATION |
 			DACL_SECURITY_INFORMATION),&sd);
 
@@ -1413,7 +1413,7 @@ static NTSTATUS calculate_access_mask(connection_struct *conn,
 			uint32_t access_granted = 0;
 
 			status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
-					(OWNER_SECURITY_INFORMATION |
+					(SECINFO_OWNER |
 					GROUP_SECURITY_INFORMATION |
 					DACL_SECURITY_INFORMATION),&sd);
 
@@ -3209,7 +3209,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
 		security_acl_map_generic(sd->dacl, &file_generic_mapping);
 		security_acl_map_generic(sd->sacl, &file_generic_mapping);
 
-		if (sec_info_sent & (OWNER_SECURITY_INFORMATION|
+		if (sec_info_sent & (SECINFO_OWNER|
 					GROUP_SECURITY_INFORMATION|
 					DACL_SECURITY_INFORMATION|
 					SACL_SECURITY_INFORMATION)) {

source3/smbd/posix_acls.c

@@ -1197,7 +1197,7 @@ NTSTATUS unpack_nt_owners(struct connection_struct *conn,
 	 * This may be a group chown only set.
 	 */
 
-	if (security_info_sent & OWNER_SECURITY_INFORMATION) {
+	if (security_info_sent & SECINFO_OWNER) {
 		sid_copy(&owner_sid, psd->owner_sid);
 		if (!sid_to_uid(&owner_sid, puser)) {
 			if (lp_force_unknown_acl_user(SNUM(conn))) {
@@ -3388,7 +3388,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
 	} /* security_info & DACL_SECURITY_INFORMATION */
 
 	psd = make_standard_sec_desc( talloc_tos(),
-			(security_info & OWNER_SECURITY_INFORMATION) ? &owner_sid : NULL,
+			(security_info & SECINFO_OWNER) ? &owner_sid : NULL,
 			(security_info & GROUP_SECURITY_INFORMATION) ? &group_sid : NULL,
 			psa,
 			&sd_size);