mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3-security: use shared SECINFO_SACL define.
Guenther
This commit is contained in:
parent
630c27bdad
commit
e24a59f932
@ -26,7 +26,6 @@
|
|||||||
|
|
||||||
/* security information */
|
/* security information */
|
||||||
#define DACL_SECURITY_INFORMATION 0x00000004
|
#define DACL_SECURITY_INFORMATION 0x00000004
|
||||||
#define SACL_SECURITY_INFORMATION 0x00000008
|
|
||||||
/* Extra W2K flags. */
|
/* Extra W2K flags. */
|
||||||
#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
|
#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
|
||||||
#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
|
#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
|
||||||
@ -34,7 +33,7 @@
|
|||||||
#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
|
#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
|
||||||
|
|
||||||
#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
|
#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
|
||||||
DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\
|
DACL_SECURITY_INFORMATION|SECINFO_SACL|\
|
||||||
UNPROTECTED_SACL_SECURITY_INFORMATION|\
|
UNPROTECTED_SACL_SECURITY_INFORMATION|\
|
||||||
UNPROTECTED_DACL_SECURITY_INFORMATION|\
|
UNPROTECTED_DACL_SECURITY_INFORMATION|\
|
||||||
PROTECTED_SACL_SECURITY_INFORMATION|\
|
PROTECTED_SACL_SECURITY_INFORMATION|\
|
||||||
|
@ -49,7 +49,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd)
|
|||||||
sec_info &= ~SECINFO_GROUP;
|
sec_info &= ~SECINFO_GROUP;
|
||||||
}
|
}
|
||||||
if (sd->sacl == NULL) {
|
if (sd->sacl == NULL) {
|
||||||
sec_info &= ~SACL_SECURITY_INFORMATION;
|
sec_info &= ~SECINFO_SACL;
|
||||||
}
|
}
|
||||||
if (sd->dacl == NULL) {
|
if (sd->dacl == NULL) {
|
||||||
sec_info &= ~DACL_SECURITY_INFORMATION;
|
sec_info &= ~DACL_SECURITY_INFORMATION;
|
||||||
|
@ -629,7 +629,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
|
|||||||
if (lp_parm_bool(SNUM(fsp->conn), PARM_ONEFS_TYPE,
|
if (lp_parm_bool(SNUM(fsp->conn), PARM_ONEFS_TYPE,
|
||||||
PARM_IGNORE_SACLS, PARM_IGNORE_SACLS_DEFAULT)) {
|
PARM_IGNORE_SACLS, PARM_IGNORE_SACLS_DEFAULT)) {
|
||||||
DEBUG(5, ("Ignoring SACL on %s.\n", fsp_str_dbg(fsp)));
|
DEBUG(5, ("Ignoring SACL on %s.\n", fsp_str_dbg(fsp)));
|
||||||
security_info &= ~SACL_SECURITY_INFORMATION;
|
security_info &= ~SECINFO_SACL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (fsp->fh->fd == -1) {
|
if (fsp->fh->fd == -1) {
|
||||||
@ -733,7 +733,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Copy SACL into ppdesc */
|
/* Copy SACL into ppdesc */
|
||||||
if (security_info & SACL_SECURITY_INFORMATION) {
|
if (security_info & SECINFO_SACL) {
|
||||||
if (!onefs_acl_to_samba_acl(sd->sacl, &sacl)) {
|
if (!onefs_acl_to_samba_acl(sd->sacl, &sacl)) {
|
||||||
status = NT_STATUS_INVALID_PARAMETER;
|
status = NT_STATUS_INVALID_PARAMETER;
|
||||||
goto out;
|
goto out;
|
||||||
@ -870,12 +870,12 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Setup SACL */
|
/* Setup SACL */
|
||||||
if (security_info_sent & SACL_SECURITY_INFORMATION) {
|
if (security_info_sent & SECINFO_SACL) {
|
||||||
|
|
||||||
if (lp_parm_bool(snum, PARM_ONEFS_TYPE,
|
if (lp_parm_bool(snum, PARM_ONEFS_TYPE,
|
||||||
PARM_IGNORE_SACLS, PARM_IGNORE_SACLS_DEFAULT)) {
|
PARM_IGNORE_SACLS, PARM_IGNORE_SACLS_DEFAULT)) {
|
||||||
DEBUG(5, ("Ignoring SACL.\n"));
|
DEBUG(5, ("Ignoring SACL.\n"));
|
||||||
*security_info_effective &= ~SACL_SECURITY_INFORMATION;
|
*security_info_effective &= ~SECINFO_SACL;
|
||||||
} else {
|
} else {
|
||||||
if (psd->sacl) {
|
if (psd->sacl) {
|
||||||
if (!onefs_samba_acl_to_acl(psd->sacl,
|
if (!onefs_samba_acl_to_acl(psd->sacl,
|
||||||
@ -884,7 +884,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent,
|
|||||||
|
|
||||||
if (ignore_aces == true) {
|
if (ignore_aces == true) {
|
||||||
*security_info_effective &=
|
*security_info_effective &=
|
||||||
~SACL_SECURITY_INFORMATION;
|
~SECINFO_SACL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -39,7 +39,7 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
|
|||||||
#define HASH_SECURITY_INFO (SECINFO_OWNER | \
|
#define HASH_SECURITY_INFO (SECINFO_OWNER | \
|
||||||
SECINFO_GROUP | \
|
SECINFO_GROUP | \
|
||||||
DACL_SECURITY_INFORMATION | \
|
DACL_SECURITY_INFORMATION | \
|
||||||
SACL_SECURITY_INFORMATION)
|
SECINFO_SACL)
|
||||||
|
|
||||||
/*******************************************************************
|
/*******************************************************************
|
||||||
Hash a security descriptor.
|
Hash a security descriptor.
|
||||||
@ -380,7 +380,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
|
|||||||
if (!(security_info & DACL_SECURITY_INFORMATION)) {
|
if (!(security_info & DACL_SECURITY_INFORMATION)) {
|
||||||
psd->dacl = NULL;
|
psd->dacl = NULL;
|
||||||
}
|
}
|
||||||
if (!(security_info & SACL_SECURITY_INFORMATION)) {
|
if (!(security_info & SECINFO_SACL)) {
|
||||||
psd->sacl = NULL;
|
psd->sacl = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2286,7 +2286,7 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
|
|||||||
security_info_sent &= ~SECINFO_GROUP;
|
security_info_sent &= ~SECINFO_GROUP;
|
||||||
}
|
}
|
||||||
if (psd->sacl==0) {
|
if (psd->sacl==0) {
|
||||||
security_info_sent &= ~SACL_SECURITY_INFORMATION;
|
security_info_sent &= ~SECINFO_SACL;
|
||||||
}
|
}
|
||||||
if (psd->dacl==0) {
|
if (psd->dacl==0) {
|
||||||
security_info_sent &= ~DACL_SECURITY_INFORMATION;
|
security_info_sent &= ~DACL_SECURITY_INFORMATION;
|
||||||
|
@ -931,7 +931,7 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
|
|||||||
required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
|
required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SACL_SECURITY_INFORMATION:
|
case SECINFO_SACL:
|
||||||
return WERR_INVALID_PARAM;
|
return WERR_INVALID_PARAM;
|
||||||
default:
|
default:
|
||||||
return WERR_INVALID_PARAM;
|
return WERR_INVALID_PARAM;
|
||||||
|
@ -1806,7 +1806,7 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
|
|||||||
/* If the SACL/DACL is NULL, but was requested, we mark that it is
|
/* If the SACL/DACL is NULL, but was requested, we mark that it is
|
||||||
* present in the reply to match Windows behavior */
|
* present in the reply to match Windows behavior */
|
||||||
if (psd->sacl == NULL &&
|
if (psd->sacl == NULL &&
|
||||||
security_info_wanted & SACL_SECURITY_INFORMATION)
|
security_info_wanted & SECINFO_SACL)
|
||||||
psd->type |= SEC_DESC_SACL_PRESENT;
|
psd->type |= SEC_DESC_SACL_PRESENT;
|
||||||
if (psd->dacl == NULL &&
|
if (psd->dacl == NULL &&
|
||||||
security_info_wanted & DACL_SECURITY_INFORMATION)
|
security_info_wanted & DACL_SECURITY_INFORMATION)
|
||||||
|
@ -3212,7 +3212,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
|
|||||||
if (sec_info_sent & (SECINFO_OWNER|
|
if (sec_info_sent & (SECINFO_OWNER|
|
||||||
SECINFO_GROUP|
|
SECINFO_GROUP|
|
||||||
DACL_SECURITY_INFORMATION|
|
DACL_SECURITY_INFORMATION|
|
||||||
SACL_SECURITY_INFORMATION)) {
|
SECINFO_SACL)) {
|
||||||
status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
|
status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user