svn commit: samba r12139 - in
branches/SAMBA_4_0/source/libcli/security: .
tridge at samba.org
tridge at samba.org
Fri Dec 9 06:22:10 GMT 2005
Author: tridge
Date: 2005-12-09 06:22:09 +0000 (Fri, 09 Dec 2005)
New Revision: 12139
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12139
Log:
- fixed up the ace object flags checking
- allow for arbitrary access masks in sddl_encode_ace()
Modified:
branches/SAMBA_4_0/source/libcli/security/sddl.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/security/sddl.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/sddl.c 2005-12-09 05:21:47 UTC (rev 12138)
+++ branches/SAMBA_4_0/source/libcli/security/sddl.c 2005-12-09 06:22:09 UTC (rev 12139)
@@ -221,6 +221,7 @@
if (!NT_STATUS_IS_OK(status)) {
return False;
}
+ ace->object.object.flags |= SEC_ACE_OBJECT_TYPE_PRESENT;
}
/* inherit object */
@@ -230,6 +231,7 @@
if (!NT_STATUS_IS_OK(status)) {
return False;
}
+ ace->object.object.flags |= SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT;
}
/* trustee */
@@ -460,18 +462,21 @@
if (s_flags == NULL) goto failed;
s_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask, ace->access_mask, True);
- if (s_mask == NULL) goto failed;
+ if (s_mask == NULL) {
+ s_mask = talloc_asprintf(tmp_ctx, "0x%08x", ace->access_mask);
+ if (s_mask == NULL) goto failed;
+ }
if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
- if (!GUID_all_zero(&ace->object.object.type.type)) {
+ if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
s_object = GUID_string(tmp_ctx, &ace->object.object.type.type);
if (s_object == NULL) goto failed;
}
- if (!GUID_all_zero(&ace->object.object.inherited_type.inherited_type)) {
+ if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
s_iobject = GUID_string(tmp_ctx, &ace->object.object.inherited_type.inherited_type);
if (s_iobject == NULL) goto failed;
}
More information about the samba-cvs
mailing list