[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-4243-g5e77cca
Jeremy Allison
jra at samba.org
Thu Oct 9 16:49:56 GMT 2008
The branch, v3-3-test has been updated
via 5e77ccaa866d422e56c28af610692b8167d630e8 (commit)
from 723fe06bf20e5f6e9c2075f66de01475ff8bfc68 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 5e77ccaa866d422e56c28af610692b8167d630e8
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 9 09:49:18 2008 -0700
Remove SEC_ACCESS. It's a uint32_t.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/include/proto.h | 3 +--
source/include/rpc_secdes.h | 3 ---
source/lib/display_sec.c | 2 +-
source/lib/secace.c | 2 +-
source/lib/secdesc.c | 13 +------------
source/lib/sharesec.c | 8 ++++----
source/lib/util_seaccess.c | 14 +++++++-------
source/libgpo/gpo_reg.c | 14 +++++++-------
source/libsmb/libsmb_xattr.c | 2 +-
source/modules/nfs4_acls.c | 4 ++--
source/modules/vfs_afsacl.c | 6 ++----
source/printing/nt_printing.c | 10 +++++-----
source/registry/reg_dispatcher.c | 10 +++-------
source/rpc_server/srv_lsa_nt.c | 10 +++-------
source/rpc_server/srv_samr_nt.c | 19 +++++++++----------
source/rpc_server/srv_svcctl_nt.c | 9 ++++-----
source/services/services_db.c | 16 ++++++++--------
source/smbd/posix_acls.c | 26 +++++++-------------------
source/utils/sharesec.c | 2 +-
source/utils/smbcacls.c | 2 +-
20 files changed, 68 insertions(+), 107 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/proto.h b/source/include/proto.h
index cd24bf8..490bf74 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -499,7 +499,7 @@ TALLOC_CTX *debug_ctx(void);
/* The following definitions come from lib/display_sec.c */
char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type);
-void display_sec_access(SEC_ACCESS *info);
+void display_sec_access(uint32_t *info);
void display_sec_ace_flags(uint8_t flags);
void display_sec_ace(SEC_ACE *ace);
void display_sec_acl(SEC_ACL *sec_acl);
@@ -794,7 +794,6 @@ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask);
NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size);
SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
bool child_container);
-void init_sec_access(uint32 *t, uint32 mask);
/* The following definitions come from lib/select.c */
diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h
index 83103b7..71fba41 100644
--- a/source/include/rpc_secdes.h
+++ b/source/include/rpc_secdes.h
@@ -70,9 +70,6 @@
PROTECTED_SACL_SECURITY_INFORMATION|\
PROTECTED_DACL_SECURITY_INFORMATION)
-/* SEC_ACCESS */
-typedef uint32 SEC_ACCESS;
-
/* SEC_ACE */
typedef struct security_ace SEC_ACE;
#define SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32))
diff --git a/source/lib/display_sec.c b/source/lib/display_sec.c
index 67392e4..5427a81 100644
--- a/source/lib/display_sec.c
+++ b/source/lib/display_sec.c
@@ -118,7 +118,7 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
/****************************************************************************
display sec_access structure
****************************************************************************/
-void display_sec_access(SEC_ACCESS *info)
+void display_sec_access(uint32_t *info)
{
char *mask_str = get_sec_mask_str(NULL, *info);
printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
diff --git a/source/lib/secace.c b/source/lib/secace.c
index 8760a61..9f5a0c0 100644
--- a/source/lib/secace.c
+++ b/source/lib/secace.c
@@ -55,7 +55,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
********************************************************************/
void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type,
- uint32 mask, uint8 flag)
+ uint32_t mask, uint8 flag)
{
t->type = type;
t->flags = flag;
diff --git a/source/lib/secdesc.c b/source/lib/secdesc.c
index 44ae232..0e66c4d 100644
--- a/source/lib/secdesc.c
+++ b/source/lib/secdesc.c
@@ -512,7 +512,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
if (!inherit)
continue;
- init_sec_access(&new_ace->access_mask, ace->access_mask);
+ new_ace->access_mask = ace->access_mask;
init_sec_ace(new_ace, &ace->trustee, ace->type,
new_ace->access_mask, new_flags);
@@ -546,14 +546,3 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
return sdb;
}
-
-/*******************************************************************
- Sets up a SEC_ACCESS structure.
-********************************************************************/
-
-void init_sec_access(uint32 *t, uint32 mask)
-{
- *t = mask;
-}
-
-
diff --git a/source/lib/sharesec.c b/source/lib/sharesec.c
index 4380000..95745e2 100644
--- a/source/lib/sharesec.c
+++ b/source/lib/sharesec.c
@@ -129,7 +129,7 @@ static bool share_info_db_init(void)
SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
{
- SEC_ACCESS sa;
+ uint32_t sa;
SEC_ACE ace;
SEC_ACL *psa = NULL;
SEC_DESC *psd = NULL;
@@ -137,7 +137,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def
se_map_generic(&spec_access, &file_generic_mapping);
- init_sec_access(&sa, def_access | spec_access );
+ sa = (def_access | spec_access );
init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
@@ -337,7 +337,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
}
for (i = 0; i < num_aces; i++) {
- SEC_ACCESS sa;
+ uint32_t sa;
uint32 g_access;
uint32 s_access;
DOM_SID sid;
@@ -385,7 +385,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
pacl++; /* Go past any ',' */
se_map_generic(&s_access, &file_generic_mapping);
- init_sec_access(&sa, g_access | s_access );
+ sa = (g_access | s_access);
init_sec_ace(&ace_list[i], &sid, type, sa, 0);
}
diff --git a/source/lib/util_seaccess.c b/source/lib/util_seaccess.c
index cab4261..7e46155 100644
--- a/source/lib/util_seaccess.c
+++ b/source/lib/util_seaccess.c
@@ -30,7 +30,7 @@ extern NT_USER_TOKEN anonymous_token;
static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired,
NTSTATUS *status)
{
- uint32 mask = ace->access_mask;
+ uint32_t mask = ace->access_mask;
/*
* Inherit only is ignored.
@@ -346,7 +346,6 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
DOM_SID act_sid;
SEC_ACE ace[3];
- SEC_ACCESS mask;
SEC_ACL *psa = NULL;
@@ -357,13 +356,14 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ);
- init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS);
- init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
- init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[1], &adm_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
+ init_sec_ace(&ace[2], &act_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
diff --git a/source/libgpo/gpo_reg.c b/source/libgpo/gpo_reg.c
index 920deeb..d493150 100644
--- a/source/libgpo/gpo_reg.c
+++ b/source/libgpo/gpo_reg.c
@@ -689,25 +689,25 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
size_t *sd_size)
{
SEC_ACE ace[6];
- SEC_ACCESS mask;
+ uint32_t mask;
SEC_ACL *acl = NULL;
uint8_t inherit_flags;
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[0],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, 0);
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[1],
&global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, 0);
- init_sec_access(&mask, REG_KEY_READ);
+ mask = REG_KEY_READ;
init_sec_ace(&ace[2],
sid ? sid : &global_sid_Authenticated_Users,
SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -717,19 +717,19 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
SEC_ACE_FLAG_CONTAINER_INHERIT |
SEC_ACE_FLAG_INHERIT_ONLY;
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[3],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, inherit_flags);
- init_sec_access(&mask, REG_KEY_ALL);
+ mask = REG_KEY_ALL;
init_sec_ace(&ace[4],
&global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED,
mask, inherit_flags);
- init_sec_access(&mask, REG_KEY_READ);
+ mask = REG_KEY_READ;
init_sec_ace(&ace[5],
sid ? sid : &global_sid_Authenticated_Users,
SEC_ACE_TYPE_ACCESS_ALLOWED,
diff --git a/source/libsmb/libsmb_xattr.c b/source/libsmb/libsmb_xattr.c
index f1b3d14..ea2c469 100644
--- a/source/libsmb/libsmb_xattr.c
+++ b/source/libsmb/libsmb_xattr.c
@@ -266,7 +266,7 @@ parse_ace(struct cli_state *ipc_cli,
unsigned int aflags;
unsigned int amask;
DOM_SID sid;
- SEC_ACCESS mask;
+ uint32_t mask;
const struct perm_value *v;
struct perm_value {
const char *perm;
diff --git a/source/modules/nfs4_acls.c b/source/modules/nfs4_acls.c
index f1b8cff..f411176 100644
--- a/source/modules/nfs4_acls.c
+++ b/source/modules/nfs4_acls.c
@@ -221,7 +221,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
}
for (aceint=aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
- SEC_ACCESS mask;
+ uint32_t mask;
DOM_SID sid;
SMB_ACE4PROP_T *ace = &aceint->prop;
@@ -256,7 +256,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
DEBUG(10, ("mapped %d to %s\n", ace->who.id,
sid_string_dbg(&sid)));
- init_sec_access(&mask, ace->aceMask);
+ mask = ace->aceMask;
init_sec_ace(&nt_ace_list[good_aces++], &sid,
ace->aceType, mask,
ace->aceFlags & 0xf);
diff --git a/source/modules/vfs_afsacl.c b/source/modules/vfs_afsacl.c
index c78369a..8c89d2f 100644
--- a/source/modules/vfs_afsacl.c
+++ b/source/modules/vfs_afsacl.c
@@ -592,7 +592,6 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
{
SEC_ACE *nt_ace_list;
DOM_SID owner_sid, group_sid;
- SEC_ACCESS mask;
SEC_ACL *psa = NULL;
int good_aces;
size_t sd_size;
@@ -616,7 +615,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
good_aces = 0;
while (afs_ace != NULL) {
- uint32 nt_rights;
+ uint32_t nt_rights;
uint8 flag = SEC_ACE_FLAG_OBJECT_INHERIT |
SEC_ACE_FLAG_CONTAINER_INHERIT;
@@ -633,9 +632,8 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
else
nt_rights = afs_to_nt_file_rights(afs_ace->rights);
- init_sec_access(&mask, nt_rights);
init_sec_ace(&nt_ace_list[good_aces++], &(afs_ace->sid),
- SEC_ACE_TYPE_ACCESS_ALLOWED, mask, flag);
+ SEC_ACE_TYPE_ACCESS_ALLOWED, nt_rights, flag);
afs_ace = afs_ace->next;
}
diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c
index 19c44d1..850375e 100644
--- a/source/printing/nt_printing.c
+++ b/source/printing/nt_printing.c
@@ -5493,7 +5493,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
{
SEC_ACE ace[5]; /* max number of ace entries */
int i = 0;
- SEC_ACCESS sa;
+ uint32_t sa;
SEC_ACL *psa = NULL;
SEC_DESC_BUF *sdb = NULL;
SEC_DESC *psd = NULL;
@@ -5502,7 +5502,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
/* Create an ACE where Everyone is allowed to print */
- init_sec_access(&sa, PRINTER_ACE_PRINT);
+ sa = PRINTER_ACE_PRINT;
init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
@@ -5514,7 +5514,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
sid_copy(&domadmins_sid, get_global_sam_sid());
sid_append_rid(&domadmins_sid, DOMAIN_GROUP_RID_ADMINS);
- init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+ sa = PRINTER_ACE_FULL_CONTROL;
init_sec_ace(&ace[i++], &domadmins_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
@@ -5524,7 +5524,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) {
sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN);
- init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+ sa = PRINTER_ACE_FULL_CONTROL;
init_sec_ace(&ace[i++], &adm_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
@@ -5534,7 +5534,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
/* add BUILTIN\Administrators as FULL CONTROL */
- init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+ sa = PRINTER_ACE_FULL_CONTROL;
init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
diff --git a/source/registry/reg_dispatcher.c b/source/registry/reg_dispatcher.c
index c68ecde..d06410a 100644
--- a/source/registry/reg_dispatcher.c
+++ b/source/registry/reg_dispatcher.c
@@ -37,7 +37,6 @@ static const struct generic_mapping reg_generic_map =
static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
{
SEC_ACE ace[3];
- SEC_ACCESS mask;
size_t i = 0;
SEC_DESC *sd;
SEC_ACL *acl;
@@ -45,21 +44,18 @@ static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
/* basic access for Everyone */
- init_sec_access(&mask, REG_KEY_READ);
init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
- mask, 0);
+ REG_KEY_READ, 0);
/* Full Access 'BUILTIN\Administrators' */
- init_sec_access(&mask, REG_KEY_ALL);
init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
- SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
/* Full Access 'NT Authority\System' */
- init_sec_access(&mask, REG_KEY_ALL );
init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
- mask, 0);
+ REG_KEY_ALL, 0);
/* create the security descriptor */
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index 94517f3..0e9d121 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -290,22 +290,18 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
DOM_SID adm_sid;
SEC_ACE ace[3];
- SEC_ACCESS mask;
SEC_ACL *psa = NULL;
- init_sec_access(&mask, LSA_POLICY_EXECUTE);
- init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_EXECUTE, 0);
sid_copy(&adm_sid, get_global_sam_sid());
sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
- init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
- init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_ALL_ACCESS, 0);
sid_copy(&local_adm_sid, &global_sid_Builtin);
sid_append_rid(&local_adm_sid, BUILTIN_ALIAS_RID_ADMINS);
- init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
- init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_ALL_ACCESS, 0);
if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
return NT_STATUS_NO_MEMORY;
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 1b1e98c..6455f02 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -113,36 +113,35 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
{
DOM_SID domadmin_sid;
SEC_ACE ace[5]; /* at most 5 entries */
- SEC_ACCESS mask;
size_t i = 0;
SEC_ACL *psa = NULL;
/* basic access for Everyone */
- init_sec_access(&mask, map->generic_execute | map->generic_read );
- init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+ map->generic_execute | map->generic_read, 0);
/* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
- init_sec_access(&mask, map->generic_all);
-
- init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
- init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
/* Add Full Access for Domain Admins if we are a DC */
if ( IS_DC ) {
sid_copy( &domadmin_sid, get_global_sam_sid() );
sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
- init_sec_ace(&ace[i++], &domadmin_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &domadmin_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
}
/* if we have a sid, give it some special access */
if ( sid ) {
- init_sec_access( &mask, sid_access );
- init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0);
}
/* create the security descriptor */
diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c
index 6bb538a..a57d0ff 100644
--- a/source/rpc_server/srv_svcctl_nt.c
+++ b/source/rpc_server/srv_svcctl_nt.c
@@ -140,7 +140,6 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
{
SEC_ACE ace[2];
- SEC_ACCESS mask;
size_t i = 0;
SEC_DESC *sd;
SEC_ACL *acl;
@@ -148,13 +147,13 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
/* basic access for Everyone */
- init_sec_access(&mask, SC_MANAGER_READ_ACCESS );
- init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_World,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0);
/* Full Access 'BUILTIN\Administrators' */
- init_sec_access(&mask,SC_MANAGER_ALL_ACCESS );
- init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0);
/* create the security descriptor */
diff --git a/source/services/services_db.c b/source/services/services_db.c
index 8f58c2d..0f5264b 100644
--- a/source/services/services_db.c
+++ b/source/services/services_db.c
@@ -89,7 +89,6 @@ struct service_display_info common_unix_svcs[] = {
static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx )
{
SEC_ACE ace[4];
- SEC_ACCESS mask;
size_t i = 0;
--
Samba Shared Repository
More information about the samba-cvs
mailing list