From e24a59f932897888cadae31469366663aca1a414 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 2 Jun 2010 23:29:16 +0200 Subject: [PATCH] s3-security: use shared SECINFO_SACL define. Guenther --- source3/include/rpc_secdes.h | 3 +-- source3/lib/secdesc.c | 2 +- source3/modules/onefs_acl.c | 10 +++++----- source3/modules/vfs_acl_common.c | 4 ++-- source3/rpc_server/srv_srvsvc_nt.c | 2 +- source3/rpc_server/srv_svcctl_nt.c | 2 +- source3/smbd/nttrans.c | 2 +- source3/smbd/open.c | 2 +- 8 files changed, 13 insertions(+), 14 deletions(-) diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 652c229fd4e..f4eb22cfef0 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -26,7 +26,6 @@ /* security information */ #define DACL_SECURITY_INFORMATION 0x00000004 -#define SACL_SECURITY_INFORMATION 0x00000008 /* Extra W2K flags. */ #define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000 #define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000 @@ -34,7 +33,7 @@ #define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000 #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\ - DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\ + DACL_SECURITY_INFORMATION|SECINFO_SACL|\ UNPROTECTED_SACL_SECURITY_INFORMATION|\ UNPROTECTED_DACL_SECURITY_INFORMATION|\ PROTECTED_SACL_SECURITY_INFORMATION|\ diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 7624c3c590f..b1e12c3f2bf 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -49,7 +49,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd) sec_info &= ~SECINFO_GROUP; } if (sd->sacl == NULL) { - sec_info &= ~SACL_SECURITY_INFORMATION; + sec_info &= ~SECINFO_SACL; } if (sd->dacl == NULL) { sec_info &= ~DACL_SECURITY_INFORMATION; diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c index 51c6a233f9c..4fa2e79c7bd 100644 --- a/source3/modules/onefs_acl.c +++ b/source3/modules/onefs_acl.c @@ -629,7 +629,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, if (lp_parm_bool(SNUM(fsp->conn), PARM_ONEFS_TYPE, PARM_IGNORE_SACLS, PARM_IGNORE_SACLS_DEFAULT)) { DEBUG(5, ("Ignoring SACL on %s.\n", fsp_str_dbg(fsp))); - security_info &= ~SACL_SECURITY_INFORMATION; + security_info &= ~SECINFO_SACL; } if (fsp->fh->fd == -1) { @@ -733,7 +733,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, } /* Copy SACL into ppdesc */ - if (security_info & SACL_SECURITY_INFORMATION) { + if (security_info & SECINFO_SACL) { if (!onefs_acl_to_samba_acl(sd->sacl, &sacl)) { status = NT_STATUS_INVALID_PARAMETER; goto out; @@ -870,12 +870,12 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent, } /* Setup SACL */ - if (security_info_sent & SACL_SECURITY_INFORMATION) { + if (security_info_sent & SECINFO_SACL) { if (lp_parm_bool(snum, PARM_ONEFS_TYPE, PARM_IGNORE_SACLS, PARM_IGNORE_SACLS_DEFAULT)) { DEBUG(5, ("Ignoring SACL.\n")); - *security_info_effective &= ~SACL_SECURITY_INFORMATION; + *security_info_effective &= ~SECINFO_SACL; } else { if (psd->sacl) { if (!onefs_samba_acl_to_acl(psd->sacl, @@ -884,7 +884,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent, if (ignore_aces == true) { *security_info_effective &= - ~SACL_SECURITY_INFORMATION; + ~SECINFO_SACL; } } } diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 08b4fbaf4d3..59aa70310f2 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -39,7 +39,7 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, #define HASH_SECURITY_INFO (SECINFO_OWNER | \ SECINFO_GROUP | \ DACL_SECURITY_INFORMATION | \ - SACL_SECURITY_INFORMATION) + SECINFO_SACL) /******************************************************************* Hash a security descriptor. @@ -380,7 +380,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, if (!(security_info & DACL_SECURITY_INFORMATION)) { psd->dacl = NULL; } - if (!(security_info & SACL_SECURITY_INFORMATION)) { + if (!(security_info & SECINFO_SACL)) { psd->sacl = NULL; } diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 08180a4f769..bdf7018147e 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2286,7 +2286,7 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, security_info_sent &= ~SECINFO_GROUP; } if (psd->sacl==0) { - security_info_sent &= ~SACL_SECURITY_INFORMATION; + security_info_sent &= ~SECINFO_SACL; } if (psd->dacl==0) { security_info_sent &= ~DACL_SECURITY_INFORMATION; diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 0e63fa8e6e8..b8dcfbe1c6a 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -931,7 +931,7 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, required_access = STD_RIGHT_WRITE_OWNER_ACCESS; break; - case SACL_SECURITY_INFORMATION: + case SECINFO_SACL: return WERR_INVALID_PARAM; default: return WERR_INVALID_PARAM; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 85b005f376b..1b34b6ce803 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1806,7 +1806,7 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, /* If the SACL/DACL is NULL, but was requested, we mark that it is * present in the reply to match Windows behavior */ if (psd->sacl == NULL && - security_info_wanted & SACL_SECURITY_INFORMATION) + security_info_wanted & SECINFO_SACL) psd->type |= SEC_DESC_SACL_PRESENT; if (psd->dacl == NULL && security_info_wanted & DACL_SECURITY_INFORMATION) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 8c9df72cbcb..f6905eaaa10 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3212,7 +3212,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, if (sec_info_sent & (SECINFO_OWNER| SECINFO_GROUP| DACL_SECURITY_INFORMATION| - SACL_SECURITY_INFORMATION)) { + SECINFO_SACL)) { status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd); }