2024-12-22 13:34:15 +03:00 · 2010-06-02 23:35:44 +02:00 · 2010-06-02 23:35:44 +02:00 · a75436e3ee
commit a75436e3ee
parent e24a59f932
17 changed files with 40 additions and 42 deletions
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@ -485,7 +485,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
 		"ntSecurityDescriptor",
 		"versionNumber",
 		NULL};
-	uint32_t sd_flags = DACL_SECURITY_INFORMATION;
+	uint32_t sd_flags = SECINFO_DACL;

 	ZERO_STRUCTP(gpo);

--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@ -24,8 +24,6 @@
 /* for ADS */
 #define SEC_RIGHTS_FULL_CTRL		0xf01ff

-/* security information */
-#define DACL_SECURITY_INFORMATION	0x00000004
 /* Extra W2K flags. */
 #define UNPROTECTED_SACL_SECURITY_INFORMATION	0x10000000
 #define UNPROTECTED_DACL_SECURITY_INFORMATION	0x20000000
@ -33,7 +31,7 @@
 #define PROTECTED_DACL_SECURITY_INFORMATION	0x80000000

 #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
-					DACL_SECURITY_INFORMATION|SECINFO_SACL|\
+					SECINFO_DACL|SECINFO_SACL|\
 					UNPROTECTED_SACL_SECURITY_INFORMATION|\
 					UNPROTECTED_DACL_SECURITY_INFORMATION|\
 					PROTECTED_SACL_SECURITY_INFORMATION|\
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@ -52,7 +52,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd)
 		sec_info &= ~SECINFO_SACL;
 	}
 	if (sd->dacl == NULL) {
-		sec_info &= ~DACL_SECURITY_INFORMATION;
+		sec_info &= ~SECINFO_DACL;
 	}

 	return sec_info;
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@ -91,7 +91,7 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr
 	SIVAL(param, 0, fnum);

 	if (sd->dacl)
-		sec_info |= DACL_SECURITY_INFORMATION;
+		sec_info |= SECINFO_DACL;
 	if (sd->owner_sid)
 		sec_info |= SECINFO_OWNER;
 	if (sd->group_sid)
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@ -734,7 +734,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,

 	DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));

-	if ((security_info_sent & (DACL_SECURITY_INFORMATION |
+	if ((security_info_sent & (SECINFO_DACL |
 		SECINFO_GROUP | SECINFO_OWNER)) == 0)
 	{
 		DEBUG(9, ("security_info_sent (0x%x) ignored\n",
@ -784,7 +784,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
 		}
 	}

-	if (!(security_info_sent & DACL_SECURITY_INFORMATION) || psd->dacl ==NULL) {
+	if (!(security_info_sent & SECINFO_DACL) || psd->dacl ==NULL) {
 		DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent));
 		return NT_STATUS_OK;
 	}
--- a/source3/modules/onefs_acl.c
+++ b/source3/modules/onefs_acl.c
@ -725,7 +725,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 	}

 	/* Copy DACL into ppdesc */
-	if (security_info & DACL_SECURITY_INFORMATION) {
+	if (security_info & SECINFO_DACL) {
 		if (!onefs_acl_to_samba_acl(sd->dacl, &dacl)) {
 			status = NT_STATUS_INVALID_PARAMETER;
 			goto out;
@ -860,13 +860,13 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent,
 	}

 	/* Setup DACL */
-	if ((security_info_sent & DACL_SECURITY_INFORMATION) && (psd->dacl)) {
+	if ((security_info_sent & SECINFO_DACL) && (psd->dacl)) {
 		if (!onefs_samba_acl_to_acl(psd->dacl, &daclp, &ignore_aces,
 			snum))
 			return NT_STATUS_ACCESS_DENIED;

 		if (ignore_aces == true)
-			*security_info_effective &= ~DACL_SECURITY_INFORMATION;
+			*security_info_effective &= ~SECINFO_DACL;
 	}

 	/* Setup SACL */
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@ -38,7 +38,7 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,

 #define HASH_SECURITY_INFO (SECINFO_OWNER | \
 				SECINFO_GROUP | \
-				DACL_SECURITY_INFORMATION | \
+				SECINFO_DACL | \
 				SECINFO_SACL)

 /*******************************************************************
@ -377,7 +377,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
 	if (!(security_info & SECINFO_GROUP)) {
 		psd->group_sid = NULL;
 	}
-	if (!(security_info & DACL_SECURITY_INFORMATION)) {
+	if (!(security_info & SECINFO_DACL)) {
 		psd->dacl = NULL;
 	}
 	if (!(security_info & SECINFO_SACL)) {
@ -438,7 +438,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 	return SMB_VFS_FSET_NT_ACL(fsp,
 				(SECINFO_OWNER |
 				 SECINFO_GROUP |
-				 DACL_SECURITY_INFORMATION),
+				 SECINFO_DACL),
 				psd);
 }

@ -461,7 +461,7 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle,
 					parent_name,
 					(SECINFO_OWNER |
 					 SECINFO_GROUP |
-					 DACL_SECURITY_INFORMATION),
+					 SECINFO_DACL),
 					&parent_desc);

 	if (!NT_STATUS_IS_OK(status)) {
@ -534,7 +534,7 @@ static int open_acl_common(vfs_handle_struct *handle,
 				fname,
 				(SECINFO_OWNER |
 				 SECINFO_GROUP |
-				 DACL_SECURITY_INFORMATION),
+				 SECINFO_DACL),
 				&pdesc);
        if (NT_STATUS_IS_OK(status)) {
 		/* See if we can access it. */
@ -680,10 +680,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,

 	if ((security_info_sent & (SECINFO_OWNER|
 				SECINFO_GROUP|
-				DACL_SECURITY_INFORMATION)) !=
+				SECINFO_DACL)) !=
 				(SECINFO_OWNER|
 				 SECINFO_GROUP|
-				 DACL_SECURITY_INFORMATION)) {
+				 SECINFO_DACL)) {
 		/* No we don't - read from the existing SD. */
 		struct security_descriptor *nc_psd = NULL;

@ -691,7 +691,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 				NULL,
 				(SECINFO_OWNER|
 				 SECINFO_GROUP|
-				 DACL_SECURITY_INFORMATION),
+				 SECINFO_DACL),
 				&nc_psd);

 		if (!NT_STATUS_IS_OK(status)) {
@ -709,13 +709,13 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 		}
 		security_info_sent |= SECINFO_GROUP;

-		if (security_info_sent & DACL_SECURITY_INFORMATION) {
+		if (security_info_sent & SECINFO_DACL) {
 			nc_psd->dacl = dup_sec_acl(talloc_tos(), psd->dacl);
 			if (nc_psd->dacl == NULL) {
 				return NT_STATUS_NO_MEMORY;
 			}
 		}
-		security_info_sent |= DACL_SECURITY_INFORMATION;
+		security_info_sent |= SECINFO_DACL;
 		psd = nc_psd;
 	}

--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@ -731,7 +731,7 @@ static bool nt_to_afs_acl(const char *filename,

 	/* Currently we *only* look at the dacl */

-	if (((security_info_sent & DACL_SECURITY_INFORMATION) == 0) ||
+	if (((security_info_sent & SECINFO_DACL) == 0) ||
 	    (psd->dacl == NULL))
 		return True;

--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@ -2148,7 +2148,7 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p,
 	nt_status = SMB_VFS_FGET_NT_ACL(fsp,
 				       (SECINFO_OWNER
 					|SECINFO_GROUP
-					|DACL_SECURITY_INFORMATION), &psd);
+					|SECINFO_DACL), &psd);

 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL "
@ -2289,7 +2289,7 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
 		security_info_sent &= ~SECINFO_SACL;
 	}
 	if (psd->dacl==0) {
-		security_info_sent &= ~DACL_SECURITY_INFORMATION;
+		security_info_sent &= ~SECINFO_DACL;
 	}

 	/* Convert all the generic bits. */
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@ -872,9 +872,9 @@ WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p,
 	if ( !(info->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
 		return WERR_ACCESS_DENIED;

-	/* TODO: handle something besides DACL_SECURITY_INFORMATION */
+	/* TODO: handle something besides SECINFO_DACL */

-	if ( (r->in.security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
+	if ( (r->in.security_flags & SECINFO_DACL) != SECINFO_DACL )
 		return WERR_INVALID_PARAM;

 	/* lookup the security descriptor and marshall it up for a reply */
@ -922,7 +922,7 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
 	/* check the access on the open handle */

 	switch ( r->in.security_flags ) {
-		case DACL_SECURITY_INFORMATION:
+		case SECINFO_DACL:
 			required_access = STD_RIGHT_WRITE_DAC_ACCESS;
 			break;

--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@ -1040,7 +1040,7 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
 	struct policy_handle pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	struct sec_desc_buf *sdb;
-	uint32 sec_info = DACL_SECURITY_INFORMATION;
+	uint32 sec_info = SECINFO_DACL;

 	if (argc < 1 || argc > 2) {
 		printf("Usage: %s [sec_info]\n", argv[0]);
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@ -2160,7 +2160,7 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
 {
 	struct policy_handle connect_pol, domain_pol, user_pol, *pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 sec_info = DACL_SECURITY_INFORMATION;
+	uint32 sec_info = SECINFO_DACL;
 	uint32 user_rid = 0;
 	TALLOC_CTX *ctx = NULL;
 	struct sec_desc_buf *sec_desc_buf=NULL;
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@ -44,7 +44,7 @@ bool can_access_file_acl(struct connection_struct *conn,
 	status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
 				    (SECINFO_OWNER |
 				     SECINFO_GROUP |
-				     DACL_SECURITY_INFORMATION),
+				     SECINFO_DACL),
 				    &secdesc);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(5, ("Could not get acl: %s\n", nt_errstr(status)));
@ -252,7 +252,7 @@ bool directory_has_default_acl(connection_struct *conn, const char *fname)
 	struct security_descriptor *secdesc = NULL;
 	unsigned int i;
 	NTSTATUS status = SMB_VFS_GET_NT_ACL(conn, fname,
-				DACL_SECURITY_INFORMATION, &secdesc);
+				SECINFO_DACL, &secdesc);

 	if (!NT_STATUS_IS_OK(status) || secdesc == NULL) {
 		return false;
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@ -1809,7 +1809,7 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
 	    security_info_wanted & SECINFO_SACL)
 		psd->type |= SEC_DESC_SACL_PRESENT;
 	if (psd->dacl == NULL &&
-	    security_info_wanted & DACL_SECURITY_INFORMATION)
+	    security_info_wanted & SECINFO_DACL)
 		psd->type |= SEC_DESC_DACL_PRESENT;

 	*psd_size = ndr_size_security_descriptor(psd, 0);
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@ -91,7 +91,7 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
 	status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
 			(SECINFO_OWNER |
 			SECINFO_GROUP |
-			DACL_SECURITY_INFORMATION),&sd);
+			SECINFO_DACL),&sd);

 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(10, ("smbd_check_open_rights: Could not get acl "
@ -1415,7 +1415,7 @@ static NTSTATUS calculate_access_mask(connection_struct *conn,
 			status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
 					(SECINFO_OWNER |
 					SECINFO_GROUP |
-					DACL_SECURITY_INFORMATION),&sd);
+					SECINFO_DACL),&sd);

 			if (!NT_STATUS_IS_OK(status)) {
 				DEBUG(10, ("calculate_access_mask: Could not get acl "
@ -3211,7 +3211,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,

 		if (sec_info_sent & (SECINFO_OWNER|
 					SECINFO_GROUP|
-					DACL_SECURITY_INFORMATION|
+					SECINFO_DACL|
 					SECINFO_SACL)) {
 			status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
 		}
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@ -2337,7 +2337,7 @@ static bool unpack_canon_ace(files_struct *fsp,
 	 * If no DACL then this is a chown only security descriptor.
 	 */

-	if(!(security_info_sent & DACL_SECURITY_INFORMATION) || !psd->dacl)
+	if(!(security_info_sent & SECINFO_DACL) || !psd->dacl)
 		return True;

 	/*
@ -3206,7 +3206,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
 		num_profile_acls = 3;
 	}

-	if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
+	if ((security_info & SECINFO_DACL) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {

 		/*
 		 * In the optimum case Creator Owner and Creator Group would be used for
@ -3385,7 +3385,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
 				goto done;
 			}
 		}
-	} /* security_info & DACL_SECURITY_INFORMATION */
+	} /* security_info & SECINFO_DACL */

 	psd = make_standard_sec_desc( talloc_tos(),
 			(security_info & SECINFO_OWNER) ? &owner_sid : NULL,
@ -3682,7 +3682,7 @@ NTSTATUS append_parent_acl(files_struct *fsp,
 	}

 	status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, smb_dname->base_name,
-				    DACL_SECURITY_INFORMATION, &parent_sd );
+				    SECINFO_DACL, &parent_sd );

 	close_file(NULL, parent_fsp, NORMAL_CLOSE);
 	TALLOC_FREE(smb_dname);
@ -3937,7 +3937,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
 	 * Only change security if we got a DACL.
 	 */

-	if(!(security_info_sent & DACL_SECURITY_INFORMATION) || (psd->dacl == NULL)) {
+	if(!(security_info_sent & SECINFO_DACL) || (psd->dacl == NULL)) {
 		free_canon_ace_list(file_ace_list);
 		free_canon_ace_list(dir_ace_list);
 		return NT_STATUS_OK;
@ -4747,7 +4747,7 @@ struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fna
 		return NULL;
 	}

-	if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, DACL_SECURITY_INFORMATION, &psd))) {
+	if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, SECINFO_DACL, &psd))) {
 		DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
 		TALLOC_FREE(finfo.fsp_name);
 		conn_free(conn);
--- a/source3/utils/net_ads_gpo.c
+++ b/source3/utils/net_ads_gpo.c
@ -248,7 +248,7 @@ static int net_ads_gpo_list_all(struct net_context *c, int argc, const char **ar
 					    LDAP_SCOPE_SUBTREE,
 					    "(objectclass=groupPolicyContainer)",
 					    attrs,
-					    DACL_SECURITY_INFORMATION,
+					    SECINFO_DACL,
 					    &res);

 	if (!ADS_ERR_OK(status)) {