1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

Renamed sid field in SEC_ACE to trustee to be more in line with MS's

definitions.
(This used to be commit 9712d3f15a)
This commit is contained in:
Tim Potter 2001-11-30 01:04:15 +00:00
parent 0d5f30fe5f
commit 6d9adfe73c
8 changed files with 58 additions and 46 deletions

View File

@ -95,7 +95,7 @@ typedef struct security_ace_info
uint16 size; uint16 size;
SEC_ACCESS info; SEC_ACCESS info;
DOM_SID sid; DOM_SID trustee;
} SEC_ACE; } SEC_ACE;
#define _SEC_ACE #define _SEC_ACE

View File

@ -33,7 +33,7 @@ static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
size_t i; size_t i;
for (i = 0; i < token->num_sids; i++) { for (i = 0; i < token->num_sids; i++) {
if (sid_equal(&ace->sid, &token->user_sids[i])) if (sid_equal(&ace->trustee, &token->user_sids[i]))
return True; return True;
} }
@ -277,7 +277,7 @@ BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n", DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
(unsigned int)i, ace->type, ace->flags, (unsigned int)i, ace->type, ace->flags,
sid_to_string(sid_str, &ace->sid), sid_to_string(sid_str, &ace->trustee),
(unsigned int) ace->info.mask, (unsigned int) ace->info.mask,
(unsigned int)tmp_acc_desired )); (unsigned int)tmp_acc_desired ));
@ -388,10 +388,10 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
continue; continue;
init_sec_access(&new_ace->info, ace->info.mask); init_sec_access(&new_ace->info, ace->info.mask);
init_sec_ace(new_ace, &ace->sid, ace->type, init_sec_ace(new_ace, &ace->trustee, ace->type,
new_ace->info, new_flags); new_ace->info, new_flags);
sid_to_string(sid_str, &ace->sid); sid_to_string(sid_str, &ace->trustee);
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n", sid_str, " inherited as %s:%d/0x%02x/0x%08x\n", sid_str,

View File

@ -3624,7 +3624,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, char *printername, SEC_DESC_BUF **secde
for (i = 0; i < the_acl->num_aces; i++) { for (i = 0; i < the_acl->num_aces; i++) {
fstring sid_str; fstring sid_str;
sid_to_string(sid_str, &the_acl->ace[i].sid); sid_to_string(sid_str, &the_acl->ace[i].trustee);
DEBUG(10, ("%s %d %d 0x%08x\n", sid_str, DEBUG(10, ("%s %d %d 0x%08x\n", sid_str,
the_acl->ace[i].type, the_acl->ace[i].flags, the_acl->ace[i].type, the_acl->ace[i].flags,

View File

@ -68,8 +68,8 @@ void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 f
t->size = sid_size(sid) + 8; t->size = sid_size(sid) + 8;
t->info = mask; t->info = mask;
ZERO_STRUCTP(&t->sid); ZERO_STRUCTP(&t->trustee);
sid_copy(&t->sid, sid); sid_copy(&t->trustee, sid);
} }
/******************************************************************* /*******************************************************************
@ -107,7 +107,7 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
if(!prs_align(ps)) if(!prs_align(ps))
return False; return False;
if(!smb_io_dom_sid("sid ", &psa->sid , ps, depth)) if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
return False; return False;
if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset))
@ -281,7 +281,7 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2)
/* Check SID */ /* Check SID */
if (!sid_equal(&s1->sid, &s2->sid)) { if (!sid_equal(&s1->trustee, &s2->trustee)) {
return False; return False;
} }

View File

@ -4150,7 +4150,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level,
for (i = 0; i < the_acl->num_aces; i++) { for (i = 0; i < the_acl->num_aces; i++) {
fstring sid_str; fstring sid_str;
sid_to_string(sid_str, &the_acl->ace[i].sid); sid_to_string(sid_str, &the_acl->ace[i].trustee);
DEBUG(10, ("%s 0x%08x\n", sid_str, DEBUG(10, ("%s 0x%08x\n", sid_str,
the_acl->ace[i].info.mask)); the_acl->ace[i].info.mask));
@ -4165,7 +4165,7 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level,
for (i = 0; i < the_acl->num_aces; i++) { for (i = 0; i < the_acl->num_aces; i++) {
fstring sid_str; fstring sid_str;
sid_to_string(sid_str, &the_acl->ace[i].sid); sid_to_string(sid_str, &the_acl->ace[i].trustee);
DEBUG(10, ("%s 0x%08x\n", sid_str, DEBUG(10, ("%s 0x%08x\n", sid_str,
the_acl->ace[i].info.mask)); the_acl->ace[i].info.mask));

View File

@ -89,7 +89,7 @@ static void display_sec_ace(SEC_ACE *ace)
{ {
fstring sid_str; fstring sid_str;
sid_to_string(sid_str, &ace->sid); sid_to_string(sid_str, &ace->trustee);
printf("\t\tSID: %s\n", sid_str); printf("\t\tSID: %s\n", sid_str);
printf("\t\ttype:[%d], flags:[0x%02x], mask:[0x%08x]\n", printf("\t\ttype:[%d], flags:[0x%02x], mask:[0x%08x]\n",

View File

@ -38,7 +38,7 @@ typedef struct canon_ace {
struct canon_ace *next, *prev; struct canon_ace *next, *prev;
SMB_ACL_TAG_T type; SMB_ACL_TAG_T type;
mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */ mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
DOM_SID sid; DOM_SID trustee;
enum ace_owner owner_type; enum ace_owner owner_type;
enum ace_attribute attr; enum ace_attribute attr;
posix_id unix_ug; posix_id unix_ug;
@ -103,7 +103,7 @@ static void print_canon_ace(canon_ace *pace, int num)
fstring str; fstring str;
dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" ); dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
dbgtext( "SID = %s ", sid_to_string( str, &pace->sid)); dbgtext( "SID = %s ", sid_to_string( str, &pace->trustee));
if (pace->owner_type == UID_ACE) { if (pace->owner_type == UID_ACE) {
struct passwd *pass = sys_getpwuid(pace->unix_ug.uid); struct passwd *pass = sys_getpwuid(pace->unix_ug.uid);
dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, pass ? pass->pw_name : "UNKNOWN"); dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, pass ? pass->pw_name : "UNKNOWN");
@ -243,7 +243,7 @@ static void merge_aces( canon_ace **pp_list_head )
curr_ace_next = curr_ace->next; /* Save the link in case of delete. */ curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
if (sid_equal(&curr_ace->sid, &curr_ace_outer->sid) && if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace->attr == curr_ace_outer->attr)) { (curr_ace->attr == curr_ace_outer->attr)) {
if( DEBUGLVL( 10 )) { if( DEBUGLVL( 10 )) {
@ -283,7 +283,7 @@ static void merge_aces( canon_ace **pp_list_head )
* we've put on the ACL, we know the deny must be the first one. * we've put on the ACL, we know the deny must be the first one.
*/ */
if (sid_equal(&curr_ace->sid, &curr_ace_outer->sid) && if (sid_equal(&curr_ace->trustee, &curr_ace_outer->trustee) &&
(curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) { (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
if( DEBUGLVL( 10 )) { if( DEBUGLVL( 10 )) {
@ -572,7 +572,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->type = SMB_ACL_USER_OBJ; pace->type = SMB_ACL_USER_OBJ;
pace->owner_type = UID_ACE; pace->owner_type = UID_ACE;
pace->unix_ug.uid = pst->st_uid; pace->unix_ug.uid = pst->st_uid;
pace->sid = *pfile_owner_sid; pace->trustee = *pfile_owner_sid;
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR); pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
pace->attr = ALLOW_ACE; pace->attr = ALLOW_ACE;
@ -589,7 +589,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->type = SMB_ACL_GROUP_OBJ; pace->type = SMB_ACL_GROUP_OBJ;
pace->owner_type = GID_ACE; pace->owner_type = GID_ACE;
pace->unix_ug.uid = pst->st_gid; pace->unix_ug.uid = pst->st_gid;
pace->sid = *pfile_grp_sid; pace->trustee = *pfile_grp_sid;
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP); pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
pace->attr = ALLOW_ACE; pace->attr = ALLOW_ACE;
@ -606,7 +606,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
pace->type = SMB_ACL_OTHER; pace->type = SMB_ACL_OTHER;
pace->owner_type = WORLD_ACE; pace->owner_type = WORLD_ACE;
pace->unix_ug.world = -1; pace->unix_ug.world = -1;
pace->sid = global_sid_World; pace->trustee = global_sid_World;
pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH); pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH);
pace->attr = ALLOW_ACE; pace->attr = ALLOW_ACE;
@ -688,7 +688,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
if (psa1->info.mask != psa2->info.mask) if (psa1->info.mask != psa2->info.mask)
continue; continue;
if (!sid_equal(&psa1->sid, &psa2->sid)) if (!sid_equal(&psa1->trustee, &psa2->trustee))
continue; continue;
/* /*
@ -718,10 +718,10 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
* Ignore non-mappable SIDs (NT Authority, BUILTIN etc). * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
*/ */
if (non_mappable_sid(&psa->sid)) { if (non_mappable_sid(&psa->trustee)) {
fstring str; fstring str;
DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n", DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
sid_to_string(str, &psa->sid) )); sid_to_string(str, &psa->trustee) ));
continue; continue;
} }
@ -738,19 +738,19 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
ZERO_STRUCTP(current_ace); ZERO_STRUCTP(current_ace);
sid_copy(&current_ace->sid, &psa->sid); sid_copy(&current_ace->trustee, &psa->trustee);
/* /*
* Try and work out if the SID is a user or group * Try and work out if the SID is a user or group
* as we need to flag these differently for POSIX. * as we need to flag these differently for POSIX.
*/ */
if( sid_equal(&current_ace->sid, &global_sid_World)) { if( sid_equal(&current_ace->trustee, &global_sid_World)) {
current_ace->owner_type = WORLD_ACE; current_ace->owner_type = WORLD_ACE;
current_ace->unix_ug.world = -1; current_ace->unix_ug.world = -1;
} else if (sid_to_uid( &current_ace->sid, &current_ace->unix_ug.uid, &sid_type)) { } else if (sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid, &sid_type)) {
current_ace->owner_type = UID_ACE; current_ace->owner_type = UID_ACE;
} else if (sid_to_gid( &current_ace->sid, &current_ace->unix_ug.gid, &sid_type)) { } else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid, &sid_type)) {
current_ace->owner_type = GID_ACE; current_ace->owner_type = GID_ACE;
} else { } else {
fstring str; fstring str;
@ -759,7 +759,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
free_canon_ace_list(dir_ace); free_canon_ace_list(dir_ace);
SAFE_FREE(current_ace); SAFE_FREE(current_ace);
DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n", DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",
sid_to_string(str, &current_ace->sid) )); sid_to_string(str, &current_ace->trustee) ));
return False; return False;
} }
@ -775,15 +775,15 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
* Now note what kind of a POSIX ACL this should map to. * Now note what kind of a POSIX ACL this should map to.
*/ */
if(sid_equal(&current_ace->sid, pfile_owner_sid)) { if(sid_equal(&current_ace->trustee, pfile_owner_sid)) {
current_ace->type = SMB_ACL_USER_OBJ; current_ace->type = SMB_ACL_USER_OBJ;
} else if( sid_equal(&current_ace->sid, pfile_grp_sid)) { } else if( sid_equal(&current_ace->trustee, pfile_grp_sid)) {
current_ace->type = SMB_ACL_GROUP_OBJ; current_ace->type = SMB_ACL_GROUP_OBJ;
} else if( sid_equal(&current_ace->sid, &global_sid_World)) { } else if( sid_equal(&current_ace->trustee, &global_sid_World)) {
current_ace->type = SMB_ACL_OTHER; current_ace->type = SMB_ACL_OTHER;
@ -930,7 +930,7 @@ static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
/* "Everyone" always matches every uid. */ /* "Everyone" always matches every uid. */
if (sid_equal(&group_ace->sid, &global_sid_World)) if (sid_equal(&group_ace->trustee, &global_sid_World))
return True; return True;
if (!(pass = sys_getpwuid(uid_ace->unix_ug.uid))) if (!(pass = sys_getpwuid(uid_ace->unix_ug.uid)))
@ -1067,7 +1067,7 @@ static void process_deny_list( canon_ace **pp_ace_list )
continue; continue;
} }
if (!sid_equal(&curr_ace->sid, &global_sid_World)) if (!sid_equal(&curr_ace->trustee, &global_sid_World))
continue; continue;
/* JRATEST - assert. */ /* JRATEST - assert. */
@ -1518,7 +1518,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
ace->type = tagtype; ace->type = tagtype;
ace->perms = convert_permset_to_mode_t(permset); ace->perms = convert_permset_to_mode_t(permset);
ace->attr = ALLOW_ACE; ace->attr = ALLOW_ACE;
ace->sid = sid; ace->trustee = sid;
ace->unix_ug = unix_ug; ace->unix_ug = unix_ug;
ace->owner_type = owner_type; ace->owner_type = owner_type;
@ -1937,14 +1937,14 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
for (i = 0; i < num_acls; i++, ace = ace->next) { for (i = 0; i < num_acls; i++, ace = ace->next) {
SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace ); SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
init_sec_ace(&nt_ace_list[num_aces++], &ace->sid, nt_acl_type, acc, 0); init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, 0);
} }
ace = dir_ace; ace = dir_ace;
for (i = 0; i < num_dir_acls; i++, ace = ace->next) { for (i = 0; i < num_dir_acls; i++, ace = ace->next) {
SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace ); SEC_ACCESS acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
init_sec_ace(&nt_ace_list[num_aces++], &ace->sid, nt_acl_type, acc, init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc,
SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY); SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
} }

View File

@ -163,7 +163,7 @@ static void print_ace(FILE *f, SEC_ACE *ace)
int do_print = 0; int do_print = 0;
uint32 got_mask; uint32 got_mask;
SidToString(sidstr, &ace->sid); SidToString(sidstr, &ace->trustee);
fprintf(f, "%s:", sidstr); fprintf(f, "%s:", sidstr);
@ -525,12 +525,24 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2) static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2)
{ {
if (sec_ace_equal(ace1, ace2)) return 0; if (sec_ace_equal(ace1, ace2))
if (ace1->type != ace2->type) return ace2->type - ace1->type; return 0;
if (sid_compare(&ace1->sid, &ace2->sid)) return sid_compare(&ace1->sid, &ace2->sid);
if (ace1->flags != ace2->flags) return ace1->flags - ace2->flags; if (ace1->type != ace2->type)
if (ace1->info.mask != ace2->info.mask) return ace1->info.mask - ace2->info.mask; return ace2->type - ace1->type;
if (ace1->size != ace2->size) return ace1->size - ace2->size;
if (sid_compare(&ace1->trustee, &ace2->trustee))
return sid_compare(&ace1->trustee, &ace2->trustee);
if (ace1->flags != ace2->flags)
return ace1->flags - ace2->flags;
if (ace1->info.mask != ace2->info.mask)
return ace1->info.mask - ace2->info.mask;
if (ace1->size != ace2->size)
return ace1->size - ace2->size;
return memcmp(ace1, ace2, sizeof(SEC_ACE)); return memcmp(ace1, ace2, sizeof(SEC_ACE));
} }
@ -627,8 +639,8 @@ static int cacl_set(struct cli_state *cli, char *filename,
BOOL found = False; BOOL found = False;
for (j=0;old->dacl && j<old->dacl->num_aces;j++) { for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
if (sid_equal(&sd->dacl->ace[i].sid, if (sid_equal(&sd->dacl->ace[i].trustee,
&old->dacl->ace[j].sid)) { &old->dacl->ace[j].trustee)) {
old->dacl->ace[j] = sd->dacl->ace[i]; old->dacl->ace[j] = sd->dacl->ace[i];
found = True; found = True;
} }
@ -637,7 +649,7 @@ static int cacl_set(struct cli_state *cli, char *filename,
if (!found) { if (!found) {
fstring str; fstring str;
SidToString(str, &sd->dacl->ace[i].sid); SidToString(str, &sd->dacl->ace[i].trustee);
printf("ACL for SID %s not found\n", str); printf("ACL for SID %s not found\n", str);
} }
} }