svn commit: samba r25607 - in branches/SAMBA_4_0/source:
lib/registry/tests libcli/security libnet torture/raw torture/rpc
gd at samba.org
gd at samba.org
Wed Oct 10 13:12:54 GMT 2007
Author: gd
Date: 2007-10-10 13:12:53 +0000 (Wed, 10 Oct 2007)
New Revision: 25607
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25607
Log:
Allow to set security descriptor type flags at creation time with
security_descriptor_create().
Guenther
Modified:
branches/SAMBA_4_0/source/lib/registry/tests/registry.c
branches/SAMBA_4_0/source/libcli/security/security_descriptor.c
branches/SAMBA_4_0/source/libnet/libnet_become_dc.c
branches/SAMBA_4_0/source/torture/raw/acls.c
branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c
branches/SAMBA_4_0/source/torture/rpc/winreg.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/registry/tests/registry.c
===================================================================
--- branches/SAMBA_4_0/source/lib/registry/tests/registry.c 2007-10-10 12:55:07 UTC (rev 25606)
+++ branches/SAMBA_4_0/source/lib/registry/tests/registry.c 2007-10-10 13:12:53 UTC (rev 25607)
@@ -400,6 +400,7 @@
return false;
osd = security_descriptor_create(tctx,
+ 0,
NULL, NULL,
SID_NT_AUTHENTICATED_USERS,
SEC_ACE_TYPE_ACCESS_ALLOWED,
Modified: branches/SAMBA_4_0/source/libcli/security/security_descriptor.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2007-10-10 12:55:07 UTC (rev 25606)
+++ branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2007-10-10 13:12:53 UTC (rev 25607)
@@ -327,6 +327,7 @@
a typical call would be:
sd = security_descriptor_create(mem_ctx,
+ sd_type_flags,
mysid,
mygroup,
SID_NT_AUTHENTICATED_USERS,
@@ -379,6 +380,7 @@
}
struct security_descriptor *security_descriptor_create(TALLOC_CTX *mem_ctx,
+ uint16_t sd_type,
const char *owner_sid,
const char *group_sid,
...)
@@ -390,6 +392,8 @@
sd = security_descriptor_initialise(mem_ctx);
if (sd == NULL) return NULL;
+ sd->type |= sd_type;
+
if (owner_sid) {
sd->owner_sid = dom_sid_parse_talloc(sd, owner_sid);
if (sd->owner_sid == NULL) {
Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c
===================================================================
--- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2007-10-10 12:55:07 UTC (rev 25606)
+++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2007-10-10 13:12:53 UTC (rev 25607)
@@ -1737,6 +1737,7 @@
if (composite_nomem(domain_admins_sid_str, c)) return;
v = security_descriptor_create(vd,
+ 0,
/* owner: domain admins */
domain_admins_sid_str,
/* owner group: domain admins */
Modified: branches/SAMBA_4_0/source/torture/raw/acls.c
===================================================================
--- branches/SAMBA_4_0/source/torture/raw/acls.c 2007-10-10 12:55:07 UTC (rev 25606)
+++ branches/SAMBA_4_0/source/torture/raw/acls.c 2007-10-10 13:12:53 UTC (rev 25607)
@@ -298,7 +298,7 @@
printf("set a sec desc allowing no write by CREATOR_OWNER\n");
sd = security_descriptor_create(tctx,
- NULL, NULL,
+ 0, NULL, NULL,
SID_CREATOR_OWNER,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
@@ -335,7 +335,7 @@
printf("set a sec desc allowing no write by owner\n");
sd = security_descriptor_create(tctx,
- owner_sid, NULL,
+ 0, owner_sid, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
@@ -390,7 +390,7 @@
printf("set a sec desc allowing generic read by owner\n");
sd = security_descriptor_create(tctx,
- NULL, NULL,
+ 0, NULL, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_GENERIC_READ | SEC_STD_ALL,
@@ -403,7 +403,7 @@
printf("check that generic read has been mapped correctly\n");
sd2 = security_descriptor_create(tctx,
- owner_sid, NULL,
+ 0, owner_sid, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_RIGHTS_FILE_READ | SEC_STD_ALL,
@@ -568,7 +568,7 @@
printf("testing generic bits 0x%08x\n",
file_mappings[i].gen_bits);
sd = security_descriptor_create(tctx,
- owner_sid, NULL,
+ 0, owner_sid, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
file_mappings[i].gen_bits,
@@ -584,7 +584,7 @@
CHECK_STATUS(status, NT_STATUS_OK);
sd2 = security_descriptor_create(tctx,
- owner_sid, NULL,
+ 0, owner_sid, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
file_mappings[i].specific_bits,
@@ -616,7 +616,7 @@
printf("testing generic bits 0x%08x (anonymous)\n",
file_mappings[i].gen_bits);
sd = security_descriptor_create(tctx,
- SID_NT_ANONYMOUS, NULL,
+ 0, SID_NT_ANONYMOUS, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
file_mappings[i].gen_bits,
@@ -632,7 +632,7 @@
CHECK_STATUS(status, NT_STATUS_OK);
sd2 = security_descriptor_create(tctx,
- SID_NT_ANONYMOUS, NULL,
+ 0, SID_NT_ANONYMOUS, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
file_mappings[i].specific_bits,
@@ -733,7 +733,7 @@
printf("testing generic bits 0x%08x\n",
file_mappings[i].gen_bits);
sd = security_descriptor_create(tctx,
- owner_sid, NULL,
+ 0, owner_sid, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
dir_mappings[i].gen_bits,
@@ -749,7 +749,7 @@
CHECK_STATUS(status, NT_STATUS_OK);
sd2 = security_descriptor_create(tctx,
- owner_sid, NULL,
+ 0, owner_sid, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
dir_mappings[i].specific_bits,
@@ -781,7 +781,7 @@
printf("testing generic bits 0x%08x (anonymous)\n",
file_mappings[i].gen_bits);
sd = security_descriptor_create(tctx,
- SID_NT_ANONYMOUS, NULL,
+ 0, SID_NT_ANONYMOUS, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
file_mappings[i].gen_bits,
@@ -797,7 +797,7 @@
CHECK_STATUS(status, NT_STATUS_OK);
sd2 = security_descriptor_create(tctx,
- SID_NT_ANONYMOUS, NULL,
+ 0, SID_NT_ANONYMOUS, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
file_mappings[i].specific_bits,
@@ -908,7 +908,7 @@
printf("SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No");
sd = security_descriptor_create(tctx,
- NULL, NULL,
+ 0, NULL, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_FILE_WRITE_DATA,
@@ -1115,7 +1115,7 @@
printf("owner_sid is %s\n", owner_sid);
sd_def = security_descriptor_create(tctx,
- owner_sid, NULL,
+ 0, owner_sid, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_RIGHTS_FILE_ALL,
@@ -1130,7 +1130,7 @@
for (i=0;i<ARRAY_SIZE(test_flags);i++) {
sd = security_descriptor_create(tctx,
- NULL, NULL,
+ 0, NULL, NULL,
SID_CREATOR_OWNER,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_FILE_WRITE_DATA,
@@ -1263,7 +1263,7 @@
printf("testing access checks on inherited create with %s\n", fname1);
sd = security_descriptor_create(tctx,
- NULL, NULL,
+ 0, NULL, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
@@ -1296,7 +1296,7 @@
smbcli_close(cli->tree, fnum2);
sd2 = security_descriptor_create(tctx,
- owner_sid, NULL,
+ 0, owner_sid, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC,
@@ -1432,7 +1432,7 @@
printf("owner_sid is %s\n", owner_sid);
sd = security_descriptor_create(tctx,
- NULL, NULL,
+ 0, NULL, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE,
@@ -1472,7 +1472,7 @@
printf("update parent sd\n");
sd = security_descriptor_create(tctx,
- NULL, NULL,
+ 0, NULL, NULL,
owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE,
@@ -1587,7 +1587,7 @@
/* first create a file with full access for everyone */
sd = security_descriptor_create(tctx,
- SID_NT_ANONYMOUS, SID_BUILTIN_USERS,
+ 0, SID_NT_ANONYMOUS, SID_BUILTIN_USERS,
SID_WORLD,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_GENERIC_ALL,
Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2007-10-10 12:55:07 UTC (rev 25606)
+++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2007-10-10 13:12:53 UTC (rev 25607)
@@ -2004,7 +2004,7 @@
}
sd = security_descriptor_create(
- tmp_ctx, "S-1-5-32-544",
+ tmp_ctx, 0, "S-1-5-32-544",
dom_sid_string(mem_ctx, dom_sid_add_rid(mem_ctx, domain_sid,
DOMAIN_RID_USERS)),
dom_sid_string(mem_ctx, user_sid),
Modified: branches/SAMBA_4_0/source/torture/rpc/winreg.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/winreg.c 2007-10-10 12:55:07 UTC (rev 25606)
+++ branches/SAMBA_4_0/source/torture/rpc/winreg.c 2007-10-10 13:12:53 UTC (rev 25607)
@@ -138,6 +138,7 @@
struct winreg_SecBuf secbuf;
sd = security_descriptor_create(tctx,
+ 0,
NULL, NULL,
SID_NT_AUTHENTICATED_USERS,
SEC_ACE_TYPE_ACCESS_ALLOWED,
More information about the samba-cvs
mailing list