[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed May 28 12:19:04 MDT 2014
The branch, master has been updated
via 8605564 s3/profiles: improve copy_registry_tree() errors
via 58b8c87 libcli/secdesc: remove dup_sec_desc()
via 23a9593 libcli/secdesc: replace dup_sec_desc() usage
via b7caabd libgpo: replace dup_sec_desc() usage
via b82d436 s3/rpc_server/lsa: replace dup_sec_desc() usage
via 4be7800 s3/rpc_server/spoolss: replace dup_sec_desc() usage
via 0c5911f s3/posix_acls: replace dup_sec_desc() usage
via 40bca3b s3/net_rpc_printer: replace dup_sec_desc() usage
via aef195d s3/profiles: replace dup_sec_desc() usage
via 21b03f4 s3/rpc_server/spoolss: remove SETUP_SPOOLSS_NOTIFY_DATA_SECDESC
via f6e5af0 sharesec: remove unused security descriptor print fns
via 4a9d64e sharesec: use NDR security descriptor print fns
via e3e01de libcli/sd: remove redundant sec_ace_add_sid()
via d735a4a libcli/sd: remove redundant sec_desc_add_sid()
from c1deb87 ctdb-tools-ctdb: scriptstatus should not count disabled scripts
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8605564f41f8f87dc4f2777294fb5abd9285e6e0
Author: David Disseldorp <ddiss at samba.org>
Date: Tue May 27 11:04:11 2014 +0200
s3/profiles: improve copy_registry_tree() errors
The current error logic doesn't distinguish between a NULL source
security descriptor and ENOMEM.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May 28 20:18:21 CEST 2014 on sn-devel-104
commit 58b8c87d0f56b7f868594357d014e4c662644b22
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 16:25:31 2014 +0200
libcli/secdesc: remove dup_sec_desc()
With all callers converted to use security_descriptor_copy(), this
function can be removed.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 23a95931d3b868c6e6bcda0c214be6a12434ae8b
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 15:48:34 2014 +0200
libcli/secdesc: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit b7caabdb9e21974159e8a99e9741fafd8e7bdf2d
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 15:48:34 2014 +0200
libgpo: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b82d43658654fcfb65111b425f563b7a57ca91af
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 15:48:34 2014 +0200
s3/rpc_server/lsa: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 4be7800801586eb404e5f96e853fe6dbe7c3f82f
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 15:48:34 2014 +0200
s3/rpc_server/spoolss: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 0c5911fc78beb788ad43e59f1722a734e9e6bb7e
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 15:46:52 2014 +0200
s3/posix_acls: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 40bca3bdd56b58aa5e6117f08dfd3ceb9d113316
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 15:46:00 2014 +0200
s3/net_rpc_printer: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit aef195d0b3a4111206e9b13b27c135367976974a
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 15:41:41 2014 +0200
s3/profiles: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 21b03f4e6223f9823cc667b352ba325d721e30d7
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 15:20:13 2014 +0200
s3/rpc_server/spoolss: remove SETUP_SPOOLSS_NOTIFY_DATA_SECDESC
The macro is only used once, and is broken in two ways:
- it relies on an externally defined mem_ctx
- _data->data.sd.sd_size is set zero twice for a NULL sd
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit f6e5af03d446f3979ce706cd950571d83cf9284b
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 14:39:41 2014 +0200
sharesec: remove unused security descriptor print fns
IDL generated NDR routines are now used, so the old hand rolled
functions can be removed.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 4a9d64e37a72cd1384c1e8db54532b8e850715cd
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 14:38:24 2014 +0200
sharesec: use NDR security descriptor print fns
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit e3e01de345ec2ef65417769527a1fffee5df353c
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 12:34:38 2014 +0200
libcli/sd: remove redundant sec_ace_add_sid()
This function adds a new allow-type ACE to an existing ACE list. With
the removal of sec_desc_add_sid(), this is no longer used internally.
The same behaviour can be achieved via the much cleaner
security_ace_create() function.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit d735a4a9beb01e6a7260852fd7c7d8f2fa94ae4d
Author: David Disseldorp <ddiss at samba.org>
Date: Mon May 26 12:23:47 2014 +0200
libcli/sd: remove redundant sec_desc_add_sid()
This function adds an ACE to a security descriptor DACL. The same can be
achieved via the more flexible and much cleaner security_ace_create()
and security_descriptor_dacl_add() functions.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/security/secace.c | 26 -------
libcli/security/secace.h | 1 -
libcli/security/secdesc.c | 56 ++--------------
libcli/security/secdesc.h | 10 ---
libgpo/gpo_util.c | 8 ++-
source3/rpc_server/lsa/srv_lsa_nt.c | 6 +-
source3/rpc_server/spoolss/srv_spoolss_nt.c | 28 ++++---
source3/smbd/posix_acls.c | 6 +-
source3/utils/net_rpc_printer.c | 12 +++-
source3/utils/profiles.c | 11 +++-
source3/utils/sharesec.c | 101 +++-----------------------
11 files changed, 66 insertions(+), 199 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/secace.c b/libcli/security/secace.c
index 1577550..4e55110 100644
--- a/libcli/security/secace.c
+++ b/libcli/security/secace.c
@@ -70,32 +70,6 @@ void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum securi
}
/*******************************************************************
- adds new SID with its permissions to ACE list
-********************************************************************/
-
-NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, const struct dom_sid *sid, uint32_t mask)
-{
- unsigned int i = 0;
-
- if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER;
-
- *num += 1;
-
- if((pp_new[0] = talloc_zero_array(ctx, struct security_ace, *num )) == 0)
- return NT_STATUS_NO_MEMORY;
-
- for (i = 0; i < *num - 1; i ++)
- sec_ace_copy(&(*pp_new)[i], &old[i]);
-
- (*pp_new)[i].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
- (*pp_new)[i].flags = 0;
- (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + ndr_size_dom_sid(sid, 0);
- (*pp_new)[i].access_mask = mask;
- (*pp_new)[i].trustee = *sid;
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
modify SID's permissions at ACL
********************************************************************/
diff --git a/libcli/security/secace.h b/libcli/security/secace.h
index 1322177..4f8d358 100644
--- a/libcli/security/secace.h
+++ b/libcli/security/secace.h
@@ -27,7 +27,6 @@ bool sec_ace_object(uint8_t type);
void sec_ace_copy(struct security_ace *ace_dest, const struct security_ace *ace_src);
void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type,
uint32_t mask, uint8_t flag);
-NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, const struct dom_sid *sid, uint32_t mask);
NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, const struct dom_sid *sid, uint32_t mask);
NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, uint32_t *num, const struct dom_sid *sid);
bool sec_ace_equal(const struct security_ace *s1, const struct security_ace *s2);
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index 90bf480..44897b5 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -242,22 +242,6 @@ error_exit:
}
/*******************************************************************
- Duplicate a struct security_descriptor structure.
-********************************************************************/
-
-struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_descriptor *src)
-{
- size_t dummy;
-
- if(src == NULL)
- return NULL;
-
- return make_sec_desc( ctx, src->revision, src->type,
- src->owner_sid, src->group_sid, src->sacl,
- src->dacl, &dummy);
-}
-
-/*******************************************************************
Convert a secdesc into a byte stream
********************************************************************/
NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx,
@@ -405,8 +389,11 @@ struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct secur
/* max buffer size (allocated size) */
dst->sd_size = (uint32_t)len;
- if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) {
- return NULL;
+ if (sec_desc != NULL) {
+ dst->sd = security_descriptor_copy(ctx, sec_desc);
+ if (dst->sd == NULL) {
+ return NULL;
+ }
}
return dst;
@@ -425,39 +412,6 @@ struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src)
}
/*******************************************************************
- Add a new SID with its permissions to struct security_descriptor.
-********************************************************************/
-
-NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32_t mask, size_t *sd_size)
-{
- struct security_descriptor *sd = 0;
- struct security_acl *dacl = 0;
- struct security_ace *ace = 0;
- NTSTATUS status;
-
- if (!ctx || !psd || !sid || !sd_size)
- return NT_STATUS_INVALID_PARAMETER;
-
- *sd_size = 0;
-
- status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask);
-
- if (!NT_STATUS_IS_OK(status))
- return status;
-
- if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
- psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
- return NT_STATUS_UNSUCCESSFUL;
-
- *psd = sd;
- sd = 0;
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
Modify a SID's permissions in a struct security_descriptor.
********************************************************************/
diff --git a/libcli/security/secdesc.h b/libcli/security/secdesc.h
index b8190a1..4cef9be 100644
--- a/libcli/security/secdesc.h
+++ b/libcli/security/secdesc.h
@@ -48,11 +48,6 @@ struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx,
struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size);
/*******************************************************************
- Duplicate a struct security_descriptor structure.
-********************************************************************/
-struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_descriptor *src);
-
-/*******************************************************************
Convert a secdesc into a byte stream
********************************************************************/
NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx,
@@ -95,11 +90,6 @@ struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct secur
struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src);
/*******************************************************************
- Add a new SID with its permissions to struct security_descriptor.
-********************************************************************/
-NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32_t mask, size_t *sd_size);
-
-/*******************************************************************
Modify a SID's permissions in a struct security_descriptor.
********************************************************************/
NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32_t mask);
diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c
index 5b801c4..e90b9a3 100644
--- a/libgpo/gpo_util.c
+++ b/libgpo/gpo_util.c
@@ -773,7 +773,13 @@ NTSTATUS gpo_copy(TALLOC_CTX *mem_ctx,
}
}
- gpo->security_descriptor = dup_sec_desc(gpo, gpo_src->security_descriptor);
+ if (gpo_src->security_descriptor == NULL) {
+ /* existing SD assumed */
+ TALLOC_FREE(gpo);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ gpo->security_descriptor = security_descriptor_copy(gpo,
+ gpo_src->security_descriptor);
if (gpo->security_descriptor == NULL) {
TALLOC_FREE(gpo);
return NT_STATUS_NO_MEMORY;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index f4dc4af..68a2a2c 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -406,9 +406,9 @@ static NTSTATUS create_lsa_policy_handle(TALLOC_CTX *mem_ctx,
info->name = talloc_strdup(info, name);
- if (sd) {
- info->sd = dup_sec_desc(info, sd);
- if (!info->sd) {
+ if (sd != NULL) {
+ info->sd = security_descriptor_copy(info, sd);
+ if (info->sd == NULL) {
talloc_free(info);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 1305b10..760c924 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -846,14 +846,6 @@ static bool is_monitoring_event(struct printer_handle *p, uint16_t notify_type,
#define SETUP_SPOOLSS_NOTIFY_DATA_DEVMODE(_data, _devmode) \
_data->data.devmode.devmode = _devmode;
-#define SETUP_SPOOLSS_NOTIFY_DATA_SECDESC(_data, _sd) \
- _data->data.sd.sd = dup_sec_desc(mem_ctx, _sd); \
- if (!_data->data.sd.sd) { \
- _data->data.sd.sd_size = 0; \
- } \
- _data->data.sd.sd_size = \
- ndr_size_security_descriptor(_data->data.sd.sd, 0);
-
static void init_systemtime_buffer(TALLOC_CTX *mem_ctx,
struct tm *t,
const char **pp,
@@ -2943,7 +2935,14 @@ static void spoolss_notify_security_desc(struct messaging_context *msg_ctx,
struct spoolss_PrinterInfo2 *pinfo2,
TALLOC_CTX *mem_ctx)
{
- SETUP_SPOOLSS_NOTIFY_DATA_SECDESC(data, pinfo2->secdesc);
+ if (pinfo2->secdesc == NULL) {
+ data->data.sd.sd = NULL;
+ } else {
+ data->data.sd.sd = security_descriptor_copy(mem_ctx,
+ pinfo2->secdesc);
+ }
+ data->data.sd.sd_size = ndr_size_security_descriptor(data->data.sd.sd,
+ 0);
}
/*******************************************************************
@@ -4077,7 +4076,10 @@ static WERROR construct_printer_info2(TALLOC_CTX *mem_ctx,
/* don't use talloc_steal() here unless you do a deep steal of all
the SEC_DESC members */
- r->secdesc = dup_sec_desc(mem_ctx, info2->secdesc);
+ r->secdesc = security_descriptor_copy(mem_ctx, info2->secdesc);
+ if (r->secdesc == NULL) {
+ return WERR_NOMEM;
+ }
}
return WERR_OK;
@@ -4100,8 +4102,10 @@ static WERROR construct_printer_info3(TALLOC_CTX *mem_ctx,
/* don't use talloc_steal() here unless you do a deep steal of all
the SEC_DESC members */
- r->secdesc = dup_sec_desc(mem_ctx, info2->secdesc);
- W_ERROR_HAVE_NO_MEMORY(r->secdesc);
+ r->secdesc = security_descriptor_copy(mem_ctx, info2->secdesc);
+ if (r->secdesc == NULL) {
+ return WERR_NOMEM;
+ }
}
return WERR_OK;
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 621457e..9584451 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3670,12 +3670,12 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
return NT_STATUS_MEDIA_WRITE_PROTECTED;
}
- if (!psd_orig) {
+ if (psd_orig == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
- psd = dup_sec_desc(talloc_tos(), psd_orig);
- if (!psd) {
+ psd = security_descriptor_copy(talloc_tos(), psd_orig);
+ if (psd == NULL) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c
index 3cdac62..f5247b2 100644
--- a/source3/utils/net_rpc_printer.c
+++ b/source3/utils/net_rpc_printer.c
@@ -1643,7 +1643,17 @@ NTSTATUS rpc_printer_migrate_security_internals(struct net_context *c,
/* copy secdesc (info level 2) */
info_dst.info2.devmode = NULL;
- info_dst.info2.secdesc = dup_sec_desc(mem_ctx, info_src.info3.secdesc);
+ if (info_src.info3.secdesc == NULL) {
+ info_dst.info2.secdesc = NULL;
+ } else {
+ info_dst.info2.secdesc
+ = security_descriptor_copy(mem_ctx,
+ info_src.info3.secdesc);
+ if (info_dst.info2.secdesc == NULL) {
+ nt_status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ }
if (c->opt_verbose)
display_sec_desc(info_dst.info2.secdesc);
diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c
index 442a7de..0f274ad 100644
--- a/source3/utils/profiles.c
+++ b/source3/utils/profiles.c
@@ -129,8 +129,15 @@ static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
/* swap out the SIDs in the security descriptor */
- if ( !(new_sd = dup_sec_desc( outfile->mem_ctx, nk->sec_desc->sec_desc )) ) {
- fprintf( stderr, "Failed to copy security descriptor!\n" );
+ if (nk->sec_desc->sec_desc == NULL) {
+ fprintf(stderr, "Invalid (NULL) security descriptor!\n");
+ return false;
+ }
+
+ new_sd = security_descriptor_copy(outfile->mem_ctx,
+ nk->sec_desc->sec_desc);
+ if (new_sd == NULL) {
+ fprintf(stderr, "Failed to copy security descriptor!\n");
return False;
}
diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c
index 2b1e435..67e3991 100644
--- a/source3/utils/sharesec.c
+++ b/source3/utils/sharesec.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include "popt_common.h"
#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/ndr_security.h"
#include "passdb/machine_sid.h"
static TALLOC_CTX *ctx;
@@ -67,91 +68,6 @@ static const struct perm_value standard_values[] = {
};
/********************************************************************
- print an ACE on a FILE
-********************************************************************/
-
-static void print_ace(FILE *f, struct security_ace *ace)
-{
- const struct perm_value *v;
- int do_print = 0;
- uint32 got_mask;
-
- fprintf(f, "%s:", sid_string_tos(&ace->trustee));
-
- /* Ace type */
-
- if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
- fprintf(f, "ALLOWED");
- } else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
- fprintf(f, "DENIED");
- } else {
- fprintf(f, "%d", ace->type);
- }
-
- /* Not sure what flags can be set in a file ACL */
-
- fprintf(f, "/%d/", ace->flags);
-
- /* Standard permissions */
-
- for (v = standard_values; v->perm; v++) {
- if (ace->access_mask == v->mask) {
- fprintf(f, "%s", v->perm);
- return;
- }
- }
-
- /* Special permissions. Print out a hex value if we have
- leftover bits in the mask. */
-
- got_mask = ace->access_mask;
-
- again:
- for (v = special_values; v->perm; v++) {
- if ((ace->access_mask & v->mask) == v->mask) {
- if (do_print) {
- fprintf(f, "%s", v->perm);
- }
- got_mask &= ~v->mask;
- }
- }
-
- if (!do_print) {
- if (got_mask != 0) {
- fprintf(f, "0x%08x", ace->access_mask);
- } else {
- do_print = 1;
- goto again;
- }
- }
-}
-
-/********************************************************************
- print an ascii version of a security descriptor on a FILE handle
-********************************************************************/
-
-static void sec_desc_print(FILE *f, struct security_descriptor *sd)
-{
- uint32 i;
-
- fprintf(f, "REVISION:%d\n", sd->revision);
-
- /* Print owner and group sid */
-
- fprintf(f, "OWNER:%s\n", sid_string_tos(sd->owner_sid));
-
- fprintf(f, "GROUP:%s\n", sid_string_tos(sd->group_sid));
-
- /* Print aces */
- for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
- struct security_ace *ace = &sd->dacl->aces[i];
- fprintf(f, "ACL:");
- print_ace(f, ace);
- fprintf(f, "\n");
- }
-}
-
-/********************************************************************
parse an ACE in the same format as print_ace()
********************************************************************/
@@ -417,6 +333,7 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
struct security_descriptor *old = NULL;
size_t sd_size = 0;
uint32 i, j;
+ char *sd_str;
if (mode != SMB_ACL_SET && mode != SMB_SD_DELETE) {
if (!(old = get_share_security( mem_ctx, sharename, &sd_size )) ) {
@@ -437,7 +354,11 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
/* should not happen */
return 0;
case SMB_ACL_VIEW:
- sec_desc_print( stdout, old);
+ sd_str = ndr_print_struct_string(mem_ctx,
+ (ndr_print_fn_t)ndr_print_security_descriptor,
+ "", old);
+ fprintf(stdout, "%s\n", sd_str);
+ talloc_free(sd_str);
return 0;
case SMB_ACL_DELETE:
for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
@@ -456,9 +377,11 @@ static int change_share_sec(TALLOC_CTX *mem_ctx, const char *sharename, char *th
}
if (!found) {
- printf("ACL for ACE:");
- print_ace(stdout, &sd->dacl->aces[i]);
- printf(" not found\n");
+ sd_str = ndr_print_struct_string(mem_ctx,
+ (ndr_print_fn_t)ndr_print_security_ace,
+ "", &sd->dacl->aces[i]);
+ printf("ACL for ACE: %s not found\n", sd_str);
+ talloc_free(sd_str);
}
}
break;
--
Samba Shared Repository
More information about the samba-cvs
mailing list