diff options
author | Günther Deschner <gd@samba.org> | 2010-06-02 23:25:18 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-06-03 10:59:38 +0200 |
commit | 630c27bdad32086f16dbafdeab94d34fbc3b9b5e (patch) | |
tree | 91a031718d84014cdfe71dac8f938970a3946d4a | |
parent | 415d3d5fe7637e8f9a649665497d3972391750b6 (diff) | |
download | samba-630c27bdad32086f16dbafdeab94d34fbc3b9b5e.tar.gz |
s3-security: use shared SECINFO_GROUP define.
Guenther
-rw-r--r-- | source3/include/rpc_secdes.h | 3 | ||||
-rw-r--r-- | source3/lib/secdesc.c | 2 | ||||
-rw-r--r-- | source3/libsmb/clisecdesc.c | 2 | ||||
-rw-r--r-- | source3/modules/nfs4_acls.c | 4 | ||||
-rw-r--r-- | source3/modules/onefs_acl.c | 4 | ||||
-rw-r--r-- | source3/modules/vfs_acl_common.c | 20 | ||||
-rw-r--r-- | source3/modules/vfs_afsacl.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_svcctl_nt.c | 2 | ||||
-rw-r--r-- | source3/smbd/file_access.c | 2 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 2 | ||||
-rw-r--r-- | source3/smbd/open.c | 6 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 4 |
13 files changed, 28 insertions, 29 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 0fcab46a66..652c229fd4 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -25,7 +25,6 @@ #define SEC_RIGHTS_FULL_CTRL 0xf01ff /* security information */ -#define GROUP_SECURITY_INFORMATION 0x00000002 #define DACL_SECURITY_INFORMATION 0x00000004 #define SACL_SECURITY_INFORMATION 0x00000008 /* Extra W2K flags. */ @@ -34,7 +33,7 @@ #define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000 #define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000 -#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|GROUP_SECURITY_INFORMATION|\ +#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\ DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION|\ UNPROTECTED_SACL_SECURITY_INFORMATION|\ UNPROTECTED_DACL_SECURITY_INFORMATION|\ diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 2cd6b98016..7624c3c590 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -46,7 +46,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd) sec_info &= ~SECINFO_OWNER; } if (sd->group_sid == NULL) { - sec_info &= ~GROUP_SECURITY_INFORMATION; + sec_info &= ~SECINFO_GROUP; } if (sd->sacl == NULL) { sec_info &= ~SACL_SECURITY_INFORMATION; diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c index 5f404d97b3..bddf3895a0 100644 --- a/source3/libsmb/clisecdesc.c +++ b/source3/libsmb/clisecdesc.c @@ -95,7 +95,7 @@ bool cli_set_secdesc(struct cli_state *cli, uint16_t fnum, struct security_descr if (sd->owner_sid) sec_info |= SECINFO_OWNER; if (sd->group_sid) - sec_info |= GROUP_SECURITY_INFORMATION; + sec_info |= SECINFO_GROUP; SSVAL(param, 4, sec_info); if (!cli_send_nt_trans(cli, diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 122fa9294f..9f383cfc16 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -323,7 +323,7 @@ static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf, DEBUG(10,("after make sec_acl\n")); *ppdesc = make_sec_desc(mem_ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE, (security_info & SECINFO_OWNER) ? &sid_owner : NULL, - (security_info & GROUP_SECURITY_INFORMATION) ? &sid_group : NULL, + (security_info & SECINFO_GROUP) ? &sid_group : NULL, NULL, psa, &sd_size); if (*ppdesc==NULL) { DEBUG(2,("make_sec_desc failed\n")); @@ -735,7 +735,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp))); if ((security_info_sent & (DACL_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | SECINFO_OWNER)) == 0) + SECINFO_GROUP | SECINFO_OWNER)) == 0) { DEBUG(9, ("security_info_sent (0x%x) ignored\n", security_info_sent)); diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c index 65e58e1797..51c6a233f9 100644 --- a/source3/modules/onefs_acl.c +++ b/source3/modules/onefs_acl.c @@ -715,7 +715,7 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, } /* Copy group into ppdesc */ - if (security_info & GROUP_SECURITY_INFORMATION) { + if (security_info & SECINFO_GROUP) { if (!onefs_identity_to_sid(sd->group, &group_sid)) { status = NT_STATUS_INVALID_PARAMETER; goto out; @@ -850,7 +850,7 @@ NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent, } /* Setup group */ - if (security_info_sent & GROUP_SECURITY_INFORMATION) { + if (security_info_sent & SECINFO_GROUP) { if (!onefs_og_to_identity(psd->group_sid, &group, true, snum)) return NT_STATUS_ACCESS_DENIED; diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 0e408d85af..08b4fbaf4d 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -37,7 +37,7 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, DATA_BLOB *pblob); #define HASH_SECURITY_INFO (SECINFO_OWNER | \ - GROUP_SECURITY_INFORMATION | \ + SECINFO_GROUP | \ DACL_SECURITY_INFORMATION | \ SACL_SECURITY_INFORMATION) @@ -374,7 +374,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, if (!(security_info & SECINFO_OWNER)) { psd->owner_sid = NULL; } - if (!(security_info & GROUP_SECURITY_INFORMATION)) { + if (!(security_info & SECINFO_GROUP)) { psd->group_sid = NULL; } if (!(security_info & DACL_SECURITY_INFORMATION)) { @@ -437,7 +437,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return SMB_VFS_FSET_NT_ACL(fsp, (SECINFO_OWNER | - GROUP_SECURITY_INFORMATION | + SECINFO_GROUP | DACL_SECURITY_INFORMATION), psd); } @@ -460,7 +460,7 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle, NULL, parent_name, (SECINFO_OWNER | - GROUP_SECURITY_INFORMATION | + SECINFO_GROUP | DACL_SECURITY_INFORMATION), &parent_desc); @@ -533,7 +533,7 @@ static int open_acl_common(vfs_handle_struct *handle, NULL, fname, (SECINFO_OWNER | - GROUP_SECURITY_INFORMATION | + SECINFO_GROUP | DACL_SECURITY_INFORMATION), &pdesc); if (NT_STATUS_IS_OK(status)) { @@ -679,10 +679,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, /* Ensure we have OWNER/GROUP/DACL set. */ if ((security_info_sent & (SECINFO_OWNER| - GROUP_SECURITY_INFORMATION| + SECINFO_GROUP| DACL_SECURITY_INFORMATION)) != (SECINFO_OWNER| - GROUP_SECURITY_INFORMATION| + SECINFO_GROUP| DACL_SECURITY_INFORMATION)) { /* No we don't - read from the existing SD. */ struct security_descriptor *nc_psd = NULL; @@ -690,7 +690,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, status = get_nt_acl_internal(handle, fsp, NULL, (SECINFO_OWNER| - GROUP_SECURITY_INFORMATION| + SECINFO_GROUP| DACL_SECURITY_INFORMATION), &nc_psd); @@ -704,10 +704,10 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, } security_info_sent |= SECINFO_OWNER; - if (security_info_sent & GROUP_SECURITY_INFORMATION) { + if (security_info_sent & SECINFO_GROUP) { nc_psd->group_sid = psd->group_sid; } - security_info_sent |= GROUP_SECURITY_INFORMATION; + security_info_sent |= SECINFO_GROUP; if (security_info_sent & DACL_SECURITY_INFORMATION) { nc_psd->dacl = dup_sec_acl(talloc_tos(), psd->dacl); diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 7ea0eafd21..f2ff474f06 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -646,7 +646,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl, SEC_DESC_SELF_RELATIVE, (security_info & SECINFO_OWNER) ? &owner_sid : NULL, - (security_info & GROUP_SECURITY_INFORMATION) + (security_info & SECINFO_GROUP) ? &group_sid : NULL, NULL, psa, &sd_size); diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 1271971ac6..08180a4f76 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2147,7 +2147,7 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, nt_status = SMB_VFS_FGET_NT_ACL(fsp, (SECINFO_OWNER - |GROUP_SECURITY_INFORMATION + |SECINFO_GROUP |DACL_SECURITY_INFORMATION), &psd); if (!NT_STATUS_IS_OK(nt_status)) { @@ -2283,7 +2283,7 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, security_info_sent &= ~SECINFO_OWNER; } if (psd->group_sid==0) { - security_info_sent &= ~GROUP_SECURITY_INFORMATION; + security_info_sent &= ~SECINFO_GROUP; } if (psd->sacl==0) { security_info_sent &= ~SACL_SECURITY_INFORMATION; diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index e67ab8e8ce..0e63fa8e6e 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -927,7 +927,7 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, break; case SECINFO_OWNER: - case GROUP_SECURITY_INFORMATION: + case SECINFO_GROUP: required_access = STD_RIGHT_WRITE_OWNER_ACCESS; break; diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 2404bacc38..bd0a725e9d 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -43,7 +43,7 @@ bool can_access_file_acl(struct connection_struct *conn, status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, (SECINFO_OWNER | - GROUP_SECURITY_INFORMATION | + SECINFO_GROUP | DACL_SECURITY_INFORMATION), &secdesc); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 9b838a616d..85b005f376 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -849,7 +849,7 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len, security_info_sent &= ~SECINFO_OWNER; } if (psd->group_sid == NULL) { - security_info_sent &= ~GROUP_SECURITY_INFORMATION; + security_info_sent &= ~SECINFO_GROUP; } /* Convert all the generic bits. */ diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 0bec72582a..8c9df72cbc 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -90,7 +90,7 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, (SECINFO_OWNER | - GROUP_SECURITY_INFORMATION | + SECINFO_GROUP | DACL_SECURITY_INFORMATION),&sd); if (!NT_STATUS_IS_OK(status)) { @@ -1414,7 +1414,7 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, (SECINFO_OWNER | - GROUP_SECURITY_INFORMATION | + SECINFO_GROUP | DACL_SECURITY_INFORMATION),&sd); if (!NT_STATUS_IS_OK(status)) { @@ -3210,7 +3210,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, security_acl_map_generic(sd->sacl, &file_generic_mapping); if (sec_info_sent & (SECINFO_OWNER| - GROUP_SECURITY_INFORMATION| + SECINFO_GROUP| DACL_SECURITY_INFORMATION| SACL_SECURITY_INFORMATION)) { status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd); diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 5fa8f6dc67..c6b0cfdeeb 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1220,7 +1220,7 @@ NTSTATUS unpack_nt_owners(struct connection_struct *conn, * This may be an owner chown only set. */ - if (security_info_sent & GROUP_SECURITY_INFORMATION) { + if (security_info_sent & SECINFO_GROUP) { sid_copy(&grp_sid, psd->group_sid); if (!sid_to_gid( &grp_sid, pgrp)) { if (lp_force_unknown_acl_user(SNUM(conn))) { @@ -3389,7 +3389,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, psd = make_standard_sec_desc( talloc_tos(), (security_info & SECINFO_OWNER) ? &owner_sid : NULL, - (security_info & GROUP_SECURITY_INFORMATION) ? &group_sid : NULL, + (security_info & SECINFO_GROUP) ? &group_sid : NULL, psa, &sd_size); |