svn commit: samba r12139 - in branches/SAMBA_4_0/source/libcli/security: .

tridge at samba.org tridge at samba.org
Fri Dec 9 06:22:10 GMT 2005 

Author: tridge
Date: 2005-12-09 06:22:09 +0000 (Fri, 09 Dec 2005)
New Revision: 12139

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12139

Log:

- fixed up the ace object flags checking

- allow for arbitrary access masks in sddl_encode_ace()


Modified:
   branches/SAMBA_4_0/source/libcli/security/sddl.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/security/sddl.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/sddl.c	2005-12-09 05:21:47 UTC (rev 12138)
+++ branches/SAMBA_4_0/source/libcli/security/sddl.c	2005-12-09 06:22:09 UTC (rev 12139)
@@ -221,6 +221,7 @@
 		if (!NT_STATUS_IS_OK(status)) {
 			return False;
 		}
+		ace->object.object.flags |= SEC_ACE_OBJECT_TYPE_PRESENT;
 	}
 
 	/* inherit object */
@@ -230,6 +231,7 @@
 		if (!NT_STATUS_IS_OK(status)) {
 			return False;
 		}
+		ace->object.object.flags |= SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT;
 	}
 
 	/* trustee */
@@ -460,18 +462,21 @@
 	if (s_flags == NULL) goto failed;
 
 	s_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask, ace->access_mask, True);
-	if (s_mask == NULL) goto failed;
+	if (s_mask == NULL) {
+		s_mask = talloc_asprintf(tmp_ctx, "0x%08x", ace->access_mask);
+		if (s_mask == NULL) goto failed;
+	}
 
 	if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
 	    ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
 	    ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
 	    ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
-		if (!GUID_all_zero(&ace->object.object.type.type)) {
+		if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
 			s_object = GUID_string(tmp_ctx, &ace->object.object.type.type);
 			if (s_object == NULL) goto failed;
 		}
 
-		if (!GUID_all_zero(&ace->object.object.inherited_type.inherited_type)) {
+		if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
 			s_iobject = GUID_string(tmp_ctx, &ace->object.object.inherited_type.inherited_type);
 			if (s_iobject == NULL) goto failed;
 		}

More information about the samba-cvs mailing list