From 415d3d5fe7637e8f9a649665497d3972391750b6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Wed, 2 Jun 2010 23:22:12 +0200 Subject: [PATCH] s3-security: use shared SECINFO_OWNER define. Guenther --- source3/include/rpc_secdes.h | 3 +-- source3/lib/secdesc.c | 2 +- source3/libsmb/clisecdesc.c | 2 +- source3/modules/nfs4_acls.c | 4 ++-- source3/modules/onefs_acl.c | 4 ++-- source3/modules/vfs_acl_common.c | 20 ++++++++++---------- source3/modules/vfs_afsacl.c | 2 +- source3/rpc_server/srv_srvsvc_nt.c | 4 ++-- source3/rpc_server/srv_svcctl_nt.c | 2 +- source3/smbd/file_access.c | 2 +- source3/smbd/nttrans.c | 2 +- source3/smbd/open.c | 6 +++--- source3/smbd/posix_acls.c | 4 ++-- 13 files changed, 28 insertions(+), 29 deletions(-) diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 0badd0a4788..0fcab46a661 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -25,7 +25,6 @@ #define SEC_RIGHTS_FULL_CTRL 0xf01ff /* security information */ -#define OWNER_SECURITY_INFORMATION 0x00000001 #define GROUP_SECURITY_INFORMATION 0x00000002 #define DACL_SECURITY_INFORMATION 0x00000004 #define SACL_SECURITY_INFORMATION 0x00000008 @@ -35,7 +34,7 @@ #define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000 #define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000 -#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\ +#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|GROUP_SECURITY_INFORMATION|\ DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\ UNPROTECTED_SACL_SECURITY_INFORMATION|\ UNPROTECTED_DACL_SECURITY_INFORMATION|\ diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index fc40b9ebf8c..2cd6b980168 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -43,7 +43,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd) SMB_ASSERT(sd); if (sd->owner_sid == NULL) { - sec_info &= ~OWNER_SECURITY_INFORMATION; + sec_info &= ~SECINFO_OWNER; } if (sd->group_sid == NULL) { sec_info &= ~GROUP_SECURITY_INFORMATION; diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c index b6eff394c6b..5f404d97b33 100644 --- a/source3/libsmb/clisecdesc.c +++ b/source3/libsmb/clisecdesc.c @@ -93,7 +93,7 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr if (sd->dacl) sec_info |= DACL_SECURITY_INFORMATION; if (sd->owner_sid) - sec_info |= OWNER_SECURITY_INFORMATION; + sec_info |= SECINFO_OWNER; if (sd->group_sid) sec_info |= GROUP_SECURITY_INFORMATION; SSVAL(param, 4, sec_info); diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 875f18c3b36..122fa9294f7 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -322,7 +322,7 @@ static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf, DEBUG(10,("after make sec_acl\n")); *ppdesc = make_sec_desc(mem_ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE, - (security_info & OWNER_SECURITY_INFORMATION) ? &sid_owner : NULL, + (security_info & SECINFO_OWNER) ? &sid_owner : NULL, (security_info & GROUP_SECURITY_INFORMATION) ? &sid_group : NULL, NULL, psa, &sd_size); if (*ppdesc==NULL) { @@ -735,7 +735,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp))); if ((security_info_sent & (DACL_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION)) == 0) + GROUP_SECURITY_INFORMATION | SECINFO_OWNER)) == 0) { DEBUG(9, ("security_info_sent (0x%x) ignored\n", security_info_sent)); diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c index 3337dea2551..65e58e17970 100644 --- a/source3/modules/onefs_acl.c +++ b/source3/modules/onefs_acl.c @@ -705,7 +705,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, sacl = NULL; /* Copy owner into ppdesc */ - if (security_info & OWNER_SECURITY_INFORMATION) { + if (security_info & SECINFO_OWNER) { if (!onefs_identity_to_sid(sd->owner, &owner_sid)) { status = NT_STATUS_INVALID_PARAMETER; goto out; @@ -840,7 +840,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent, *security_info_effective = security_info_sent; /* Setup owner */ - if (security_info_sent & OWNER_SECURITY_INFORMATION) { + if (security_info_sent & SECINFO_OWNER) { if (!onefs_og_to_identity(psd->owner_sid, &owner, false, snum)) return NT_STATUS_ACCESS_DENIED; diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index a3f207738e8..0e408d85af8 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -36,7 +36,7 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, files_struct *fsp, DATA_BLOB *pblob); -#define HASH_SECURITY_INFO (OWNER_SECURITY_INFORMATION | \ +#define HASH_SECURITY_INFO (SECINFO_OWNER | \ GROUP_SECURITY_INFORMATION | \ DACL_SECURITY_INFORMATION | \ SACL_SECURITY_INFORMATION) @@ -371,7 +371,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, } } - if (!(security_info & OWNER_SECURITY_INFORMATION)) { + if (!(security_info & SECINFO_OWNER)) { psd->owner_sid = NULL; } if (!(security_info & GROUP_SECURITY_INFORMATION)) { @@ -436,7 +436,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, } return SMB_VFS_FSET_NT_ACL(fsp, - (OWNER_SECURITY_INFORMATION | + (SECINFO_OWNER | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION), psd); @@ -459,7 +459,7 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle, status = get_nt_acl_internal(handle, NULL, parent_name, - (OWNER_SECURITY_INFORMATION | + (SECINFO_OWNER | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION), &parent_desc); @@ -532,7 +532,7 @@ static int open_acl_common(vfs_handle_struct *handle, status = get_nt_acl_internal(handle, NULL, fname, - (OWNER_SECURITY_INFORMATION | + (SECINFO_OWNER | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION), &pdesc); @@ -678,10 +678,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, /* Ensure we have OWNER/GROUP/DACL set. */ - if ((security_info_sent & (OWNER_SECURITY_INFORMATION| + if ((security_info_sent & (SECINFO_OWNER| GROUP_SECURITY_INFORMATION| DACL_SECURITY_INFORMATION)) != - (OWNER_SECURITY_INFORMATION| + (SECINFO_OWNER| GROUP_SECURITY_INFORMATION| DACL_SECURITY_INFORMATION)) { /* No we don't - read from the existing SD. */ @@ -689,7 +689,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, status = get_nt_acl_internal(handle, fsp, NULL, - (OWNER_SECURITY_INFORMATION| + (SECINFO_OWNER| GROUP_SECURITY_INFORMATION| DACL_SECURITY_INFORMATION), &nc_psd); @@ -699,10 +699,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, } /* This is safe as nc_psd is discarded at fn exit. */ - if (security_info_sent & OWNER_SECURITY_INFORMATION) { + if (security_info_sent & SECINFO_OWNER) { nc_psd->owner_sid = psd->owner_sid; } - security_info_sent |= OWNER_SECURITY_INFORMATION; + security_info_sent |= SECINFO_OWNER; if (security_info_sent & GROUP_SECURITY_INFORMATION) { nc_psd->group_sid = psd->group_sid; diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 1f495d94480..7ea0eafd213 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -644,7 +644,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl, *ppdesc = make_sec_desc(mem_ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE, - (security_info & OWNER_SECURITY_INFORMATION) + (security_info & SECINFO_OWNER) ? &owner_sid : NULL, (security_info & GROUP_SECURITY_INFORMATION) ? &group_sid : NULL, diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 40c26f68096..1271971ac68 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2146,7 +2146,7 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, } nt_status = SMB_VFS_FGET_NT_ACL(fsp, - (OWNER_SECURITY_INFORMATION + (SECINFO_OWNER |GROUP_SECURITY_INFORMATION |DACL_SECURITY_INFORMATION), &psd); @@ -2280,7 +2280,7 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, security_info_sent = r->in.securityinformation; if (psd->owner_sid==0) { - security_info_sent &= ~OWNER_SECURITY_INFORMATION; + security_info_sent &= ~SECINFO_OWNER; } if (psd->group_sid==0) { security_info_sent &= ~GROUP_SECURITY_INFORMATION; diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index bc751e79b8d..e67ab8e8ce8 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -926,7 +926,7 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, required_access = STD_RIGHT_WRITE_DAC_ACCESS; break; - case OWNER_SECURITY_INFORMATION: + case SECINFO_OWNER: case GROUP_SECURITY_INFORMATION: required_access = STD_RIGHT_WRITE_OWNER_ACCESS; break; diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index b487afb5e8d..2404bacc38a 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -42,7 +42,7 @@ bool can_access_file_acl(struct connection_struct *conn, } status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, - (OWNER_SECURITY_INFORMATION | + (SECINFO_OWNER | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION), &secdesc); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 577a7e4076e..9b838a616dc 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -846,7 +846,7 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len, } if (psd->owner_sid == NULL) { - security_info_sent &= ~OWNER_SECURITY_INFORMATION; + security_info_sent &= ~SECINFO_OWNER; } if (psd->group_sid == NULL) { security_info_sent &= ~GROUP_SECURITY_INFORMATION; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ca5b133ec66..0bec72582a6 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -89,7 +89,7 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, struct security_descriptor *sd = NULL; status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, - (OWNER_SECURITY_INFORMATION | + (SECINFO_OWNER | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION),&sd); @@ -1413,7 +1413,7 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, uint32_t access_granted = 0; status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, - (OWNER_SECURITY_INFORMATION | + (SECINFO_OWNER | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION),&sd); @@ -3209,7 +3209,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, security_acl_map_generic(sd->dacl, &file_generic_mapping); security_acl_map_generic(sd->sacl, &file_generic_mapping); - if (sec_info_sent & (OWNER_SECURITY_INFORMATION| + if (sec_info_sent & (SECINFO_OWNER| GROUP_SECURITY_INFORMATION| DACL_SECURITY_INFORMATION| SACL_SECURITY_INFORMATION)) { diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 36d18b013c0..5fa8f6dc674 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1197,7 +1197,7 @@ NTSTATUS unpack_nt_owners(struct connection_struct *conn, * This may be a group chown only set. */ - if (security_info_sent & OWNER_SECURITY_INFORMATION) { + if (security_info_sent & SECINFO_OWNER) { sid_copy(&owner_sid, psd->owner_sid); if (!sid_to_uid(&owner_sid, puser)) { if (lp_force_unknown_acl_user(SNUM(conn))) { @@ -3388,7 +3388,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, } /* security_info & DACL_SECURITY_INFORMATION */ psd = make_standard_sec_desc( talloc_tos(), - (security_info & OWNER_SECURITY_INFORMATION) ? &owner_sid : NULL, + (security_info & SECINFO_OWNER) ? &owner_sid : NULL, (security_info & GROUP_SECURITY_INFORMATION) ? &group_sid : NULL, psa, &sd_size); -- 2.11.4.GIT