[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4243-g5e77cca

Jeremy Allison jra at samba.org
Thu Oct 9 16:49:56 GMT 2008


The branch, v3-3-test has been updated
       via  5e77ccaa866d422e56c28af610692b8167d630e8 (commit)
      from  723fe06bf20e5f6e9c2075f66de01475ff8bfc68 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit 5e77ccaa866d422e56c28af610692b8167d630e8
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Oct 9 09:49:18 2008 -0700

    Remove SEC_ACCESS. It's a uint32_t.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/include/proto.h            |    3 +--
 source/include/rpc_secdes.h       |    3 ---
 source/lib/display_sec.c          |    2 +-
 source/lib/secace.c               |    2 +-
 source/lib/secdesc.c              |   13 +------------
 source/lib/sharesec.c             |    8 ++++----
 source/lib/util_seaccess.c        |   14 +++++++-------
 source/libgpo/gpo_reg.c           |   14 +++++++-------
 source/libsmb/libsmb_xattr.c      |    2 +-
 source/modules/nfs4_acls.c        |    4 ++--
 source/modules/vfs_afsacl.c       |    6 ++----
 source/printing/nt_printing.c     |   10 +++++-----
 source/registry/reg_dispatcher.c  |   10 +++-------
 source/rpc_server/srv_lsa_nt.c    |   10 +++-------
 source/rpc_server/srv_samr_nt.c   |   19 +++++++++----------
 source/rpc_server/srv_svcctl_nt.c |    9 ++++-----
 source/services/services_db.c     |   16 ++++++++--------
 source/smbd/posix_acls.c          |   26 +++++++-------------------
 source/utils/sharesec.c           |    2 +-
 source/utils/smbcacls.c           |    2 +-
 20 files changed, 68 insertions(+), 107 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/include/proto.h b/source/include/proto.h
index cd24bf8..490bf74 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -499,7 +499,7 @@ TALLOC_CTX *debug_ctx(void);
 /* The following definitions come from lib/display_sec.c  */
 
 char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type);
-void display_sec_access(SEC_ACCESS *info);
+void display_sec_access(uint32_t *info);
 void display_sec_ace_flags(uint8_t flags);
 void display_sec_ace(SEC_ACE *ace);
 void display_sec_acl(SEC_ACL *sec_acl);
@@ -794,7 +794,6 @@ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask);
 NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size);
 SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, 
 				      bool child_container);
-void init_sec_access(uint32 *t, uint32 mask);
 
 /* The following definitions come from lib/select.c  */
 
diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h
index 83103b7..71fba41 100644
--- a/source/include/rpc_secdes.h
+++ b/source/include/rpc_secdes.h
@@ -70,9 +70,6 @@
 					PROTECTED_SACL_SECURITY_INFORMATION|\
 					PROTECTED_DACL_SECURITY_INFORMATION)
 
-/* SEC_ACCESS */
-typedef uint32 SEC_ACCESS;
-
 /* SEC_ACE */
 typedef struct security_ace SEC_ACE;
 #define  SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32))
diff --git a/source/lib/display_sec.c b/source/lib/display_sec.c
index 67392e4..5427a81 100644
--- a/source/lib/display_sec.c
+++ b/source/lib/display_sec.c
@@ -118,7 +118,7 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
 /****************************************************************************
  display sec_access structure
  ****************************************************************************/
-void display_sec_access(SEC_ACCESS *info)
+void display_sec_access(uint32_t *info)
 {
 	char *mask_str = get_sec_mask_str(NULL, *info);
 	printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
diff --git a/source/lib/secace.c b/source/lib/secace.c
index 8760a61..9f5a0c0 100644
--- a/source/lib/secace.c
+++ b/source/lib/secace.c
@@ -55,7 +55,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
 ********************************************************************/
 
 void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type,
-		  uint32 mask, uint8 flag)
+		  uint32_t mask, uint8 flag)
 {
 	t->type = type;
 	t->flags = flag;
diff --git a/source/lib/secdesc.c b/source/lib/secdesc.c
index 44ae232..0e66c4d 100644
--- a/source/lib/secdesc.c
+++ b/source/lib/secdesc.c
@@ -512,7 +512,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 		if (!inherit)
 			continue;
 
-		init_sec_access(&new_ace->access_mask, ace->access_mask);
+		new_ace->access_mask = ace->access_mask;
 		init_sec_ace(new_ace, &ace->trustee, ace->type,
 			     new_ace->access_mask, new_flags);
 
@@ -546,14 +546,3 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 
 	return sdb;
 }
-
-/*******************************************************************
- Sets up a SEC_ACCESS structure.
-********************************************************************/
-
-void init_sec_access(uint32 *t, uint32 mask)
-{
-	*t = mask;
-}
-
-
diff --git a/source/lib/sharesec.c b/source/lib/sharesec.c
index 4380000..95745e2 100644
--- a/source/lib/sharesec.c
+++ b/source/lib/sharesec.c
@@ -129,7 +129,7 @@ static bool share_info_db_init(void)
 
 SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
 {
-	SEC_ACCESS sa;
+	uint32_t sa;
 	SEC_ACE ace;
 	SEC_ACL *psa = NULL;
 	SEC_DESC *psd = NULL;
@@ -137,7 +137,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def
 
 	se_map_generic(&spec_access, &file_generic_mapping);
 
-	init_sec_access(&sa, def_access | spec_access );
+	sa = (def_access | spec_access );
 	init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
 
 	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
@@ -337,7 +337,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
 	}
 
 	for (i = 0; i < num_aces; i++) {
-		SEC_ACCESS sa;
+		uint32_t sa;
 		uint32 g_access;
 		uint32 s_access;
 		DOM_SID sid;
@@ -385,7 +385,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
 		pacl++; /* Go past any ',' */
 
 		se_map_generic(&s_access, &file_generic_mapping);
-		init_sec_access(&sa, g_access | s_access );
+		sa = (g_access | s_access);
 		init_sec_ace(&ace_list[i], &sid, type, sa, 0);
 	}
 
diff --git a/source/lib/util_seaccess.c b/source/lib/util_seaccess.c
index cab4261..7e46155 100644
--- a/source/lib/util_seaccess.c
+++ b/source/lib/util_seaccess.c
@@ -30,7 +30,7 @@ extern NT_USER_TOKEN anonymous_token;
 static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, 
 			NTSTATUS *status)
 {
-	uint32 mask = ace->access_mask;
+	uint32_t mask = ace->access_mask;
 
 	/*
 	 * Inherit only is ignored.
@@ -346,7 +346,6 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
 	DOM_SID act_sid;
 
 	SEC_ACE ace[3];
-	SEC_ACCESS mask;
 
 	SEC_ACL *psa = NULL;
 
@@ -357,13 +356,14 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
 	sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
 
 	/*basic access for every one*/
-	init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ);
-	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0);
 
 	/*full access for builtin aliases Administrators and Account Operators*/
-	init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS);
-	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-	init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[1], &adm_sid,
+		SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
+	init_sec_ace(&ace[2], &act_sid,
+		SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
 
 	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
 		return NT_STATUS_NO_MEMORY;
diff --git a/source/libgpo/gpo_reg.c b/source/libgpo/gpo_reg.c
index 920deeb..d493150 100644
--- a/source/libgpo/gpo_reg.c
+++ b/source/libgpo/gpo_reg.c
@@ -689,25 +689,25 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
 				 size_t *sd_size)
 {
 	SEC_ACE ace[6];
-	SEC_ACCESS mask;
+	uint32_t mask;
 
 	SEC_ACL *acl = NULL;
 
 	uint8_t inherit_flags;
 
-	init_sec_access(&mask, REG_KEY_ALL);
+	mask = REG_KEY_ALL;
 	init_sec_ace(&ace[0],
 		     &global_sid_System,
 		     SEC_ACE_TYPE_ACCESS_ALLOWED,
 		     mask, 0);
 
-	init_sec_access(&mask, REG_KEY_ALL);
+	mask = REG_KEY_ALL;
 	init_sec_ace(&ace[1],
 		     &global_sid_Builtin_Administrators,
 		     SEC_ACE_TYPE_ACCESS_ALLOWED,
 		     mask, 0);
 
-	init_sec_access(&mask, REG_KEY_READ);
+	mask = REG_KEY_READ;
 	init_sec_ace(&ace[2],
 		     sid ? sid : &global_sid_Authenticated_Users,
 		     SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -717,19 +717,19 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx,
 			SEC_ACE_FLAG_CONTAINER_INHERIT |
 			SEC_ACE_FLAG_INHERIT_ONLY;
 
-	init_sec_access(&mask, REG_KEY_ALL);
+	mask = REG_KEY_ALL;
 	init_sec_ace(&ace[3],
 		     &global_sid_System,
 		     SEC_ACE_TYPE_ACCESS_ALLOWED,
 		     mask, inherit_flags);
 
-	init_sec_access(&mask, REG_KEY_ALL);
+	mask = REG_KEY_ALL;
 	init_sec_ace(&ace[4],
 		     &global_sid_Builtin_Administrators,
 		     SEC_ACE_TYPE_ACCESS_ALLOWED,
 		     mask, inherit_flags);
 
-	init_sec_access(&mask, REG_KEY_READ);
+	mask = REG_KEY_READ;
 	init_sec_ace(&ace[5],
 		     sid ? sid : &global_sid_Authenticated_Users,
 		     SEC_ACE_TYPE_ACCESS_ALLOWED,
diff --git a/source/libsmb/libsmb_xattr.c b/source/libsmb/libsmb_xattr.c
index f1b3d14..ea2c469 100644
--- a/source/libsmb/libsmb_xattr.c
+++ b/source/libsmb/libsmb_xattr.c
@@ -266,7 +266,7 @@ parse_ace(struct cli_state *ipc_cli,
         unsigned int aflags;
         unsigned int amask;
 	DOM_SID sid;
-	SEC_ACCESS mask;
+	uint32_t mask;
 	const struct perm_value *v;
         struct perm_value {
                 const char *perm;
diff --git a/source/modules/nfs4_acls.c b/source/modules/nfs4_acls.c
index f1b8cff..f411176 100644
--- a/source/modules/nfs4_acls.c
+++ b/source/modules/nfs4_acls.c
@@ -221,7 +221,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
 	}
 
 	for (aceint=aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
-		SEC_ACCESS mask;
+		uint32_t mask;
 		DOM_SID sid;
 		SMB_ACE4PROP_T	*ace = &aceint->prop;
 
@@ -256,7 +256,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
 		DEBUG(10, ("mapped %d to %s\n", ace->who.id,
 			   sid_string_dbg(&sid)));
 
-		init_sec_access(&mask, ace->aceMask);
+		mask = ace->aceMask;
 		init_sec_ace(&nt_ace_list[good_aces++], &sid,
 			ace->aceType, mask,
 			ace->aceFlags & 0xf);
diff --git a/source/modules/vfs_afsacl.c b/source/modules/vfs_afsacl.c
index c78369a..8c89d2f 100644
--- a/source/modules/vfs_afsacl.c
+++ b/source/modules/vfs_afsacl.c
@@ -592,7 +592,6 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
 {
 	SEC_ACE *nt_ace_list;
 	DOM_SID owner_sid, group_sid;
-	SEC_ACCESS mask;
 	SEC_ACL *psa = NULL;
 	int good_aces;
 	size_t sd_size;
@@ -616,7 +615,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
 	good_aces = 0;
 
 	while (afs_ace != NULL) {
-		uint32 nt_rights;
+		uint32_t nt_rights;
 		uint8 flag = SEC_ACE_FLAG_OBJECT_INHERIT |
 			SEC_ACE_FLAG_CONTAINER_INHERIT;
 
@@ -633,9 +632,8 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
 		else
 			nt_rights = afs_to_nt_file_rights(afs_ace->rights);
 
-		init_sec_access(&mask, nt_rights);
 		init_sec_ace(&nt_ace_list[good_aces++], &(afs_ace->sid),
-			     SEC_ACE_TYPE_ACCESS_ALLOWED, mask, flag);
+			     SEC_ACE_TYPE_ACCESS_ALLOWED, nt_rights, flag);
 		afs_ace = afs_ace->next;
 	}
 
diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c
index 19c44d1..850375e 100644
--- a/source/printing/nt_printing.c
+++ b/source/printing/nt_printing.c
@@ -5493,7 +5493,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
 {
 	SEC_ACE ace[5];	/* max number of ace entries */
 	int i = 0;
-	SEC_ACCESS sa;
+	uint32_t sa;
 	SEC_ACL *psa = NULL;
 	SEC_DESC_BUF *sdb = NULL;
 	SEC_DESC *psd = NULL;
@@ -5502,7 +5502,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
 
 	/* Create an ACE where Everyone is allowed to print */
 
-	init_sec_access(&sa, PRINTER_ACE_PRINT);
+	sa = PRINTER_ACE_PRINT;
 	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
 		     sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
 
@@ -5514,7 +5514,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
 		sid_copy(&domadmins_sid, get_global_sam_sid());
 		sid_append_rid(&domadmins_sid, DOMAIN_GROUP_RID_ADMINS);
 		
-		init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+		sa = PRINTER_ACE_FULL_CONTROL;
 		init_sec_ace(&ace[i++], &domadmins_sid, 
 			SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 
 			SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
@@ -5524,7 +5524,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
 	else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) {
 		sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN);
 
-		init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+		sa = PRINTER_ACE_FULL_CONTROL;
 		init_sec_ace(&ace[i++], &adm_sid, 
 			SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 
 			SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
@@ -5534,7 +5534,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
 
 	/* add BUILTIN\Administrators as FULL CONTROL */
 
-	init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);
+	sa = PRINTER_ACE_FULL_CONTROL;
 	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, 
 		SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 
 		SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
diff --git a/source/registry/reg_dispatcher.c b/source/registry/reg_dispatcher.c
index c68ecde..d06410a 100644
--- a/source/registry/reg_dispatcher.c
+++ b/source/registry/reg_dispatcher.c
@@ -37,7 +37,6 @@ static const struct generic_mapping reg_generic_map =
 static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
 {
 	SEC_ACE ace[3];
-	SEC_ACCESS mask;
 	size_t i = 0;
 	SEC_DESC *sd;
 	SEC_ACL *acl;
@@ -45,21 +44,18 @@ static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
 
 	/* basic access for Everyone */
 
-	init_sec_access(&mask, REG_KEY_READ);
 	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
-		     mask, 0);
+		     REG_KEY_READ, 0);
 
 	/* Full Access 'BUILTIN\Administrators' */
 
-	init_sec_access(&mask, REG_KEY_ALL);
 	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
-		     SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+		     SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0);
 
 	/* Full Access 'NT Authority\System' */
 
-	init_sec_access(&mask, REG_KEY_ALL );
 	init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
-		     mask, 0);
+		     REG_KEY_ALL, 0);
 
 	/* create the security descriptor */
 
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index 94517f3..0e9d121 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -290,22 +290,18 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
 	DOM_SID adm_sid;
 
 	SEC_ACE ace[3];
-	SEC_ACCESS mask;
 
 	SEC_ACL *psa = NULL;
 
-	init_sec_access(&mask, LSA_POLICY_EXECUTE);
-	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_EXECUTE, 0);
 
 	sid_copy(&adm_sid, get_global_sam_sid());
 	sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
-	init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
-	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_ALL_ACCESS, 0);
 
 	sid_copy(&local_adm_sid, &global_sid_Builtin);
 	sid_append_rid(&local_adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-	init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
-	init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_ALL_ACCESS, 0);
 
 	if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
 		return NT_STATUS_NO_MEMORY;
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 1b1e98c..6455f02 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -113,36 +113,35 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
 {
 	DOM_SID domadmin_sid;
 	SEC_ACE ace[5];		/* at most 5 entries */
-	SEC_ACCESS mask;
 	size_t i = 0;
 
 	SEC_ACL *psa = NULL;
 
 	/* basic access for Everyone */
 
-	init_sec_access(&mask, map->generic_execute | map->generic_read );
-	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+			map->generic_execute | map->generic_read, 0);
 
 	/* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
 
-	init_sec_access(&mask, map->generic_all);
-
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+			SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
+	init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators,
+			SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
 
 	/* Add Full Access for Domain Admins if we are a DC */
 
 	if ( IS_DC ) {
 		sid_copy( &domadmin_sid, get_global_sam_sid() );
 		sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
-		init_sec_ace(&ace[i++], &domadmin_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+		init_sec_ace(&ace[i++], &domadmin_sid,
+			SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
 	}
 
 	/* if we have a sid, give it some special access */
 
 	if ( sid ) {
-		init_sec_access( &mask, sid_access );
-		init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+		init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0);
 	}
 
 	/* create the security descriptor */
diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c
index 6bb538a..a57d0ff 100644
--- a/source/rpc_server/srv_svcctl_nt.c
+++ b/source/rpc_server/srv_svcctl_nt.c
@@ -140,7 +140,6 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
 static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
 {
 	SEC_ACE ace[2];
-	SEC_ACCESS mask;
 	size_t i = 0;
 	SEC_DESC *sd;
 	SEC_ACL *acl;
@@ -148,13 +147,13 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
 
 	/* basic access for Everyone */
 
-	init_sec_access(&mask, SC_MANAGER_READ_ACCESS );
-	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[i++], &global_sid_World,
+		SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0);
 
 	/* Full Access 'BUILTIN\Administrators' */
 
-	init_sec_access(&mask,SC_MANAGER_ALL_ACCESS );
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+		SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0);
 
 
 	/* create the security descriptor */
diff --git a/source/services/services_db.c b/source/services/services_db.c
index 8f58c2d..0f5264b 100644
--- a/source/services/services_db.c
+++ b/source/services/services_db.c
@@ -89,7 +89,6 @@ struct service_display_info common_unix_svcs[] = {
 static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx )
 {
 	SEC_ACE ace[4];
-	SEC_ACCESS mask;
 	size_t i = 0;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list