Author: gd Date: 2007-10-10 13:12:53 +0000 (Wed, 10 Oct 2007) New Revision: 25607
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25607 Log: Allow to set security descriptor type flags at creation time with security_descriptor_create(). Guenther Modified: branches/SAMBA_4_0/source/lib/registry/tests/registry.c branches/SAMBA_4_0/source/libcli/security/security_descriptor.c branches/SAMBA_4_0/source/libnet/libnet_become_dc.c branches/SAMBA_4_0/source/torture/raw/acls.c branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c branches/SAMBA_4_0/source/torture/rpc/winreg.c Changeset: Modified: branches/SAMBA_4_0/source/lib/registry/tests/registry.c =================================================================== --- branches/SAMBA_4_0/source/lib/registry/tests/registry.c 2007-10-10 12:55:07 UTC (rev 25606) +++ branches/SAMBA_4_0/source/lib/registry/tests/registry.c 2007-10-10 13:12:53 UTC (rev 25607) @@ -400,6 +400,7 @@ return false; osd = security_descriptor_create(tctx, + 0, NULL, NULL, SID_NT_AUTHENTICATED_USERS, SEC_ACE_TYPE_ACCESS_ALLOWED, Modified: branches/SAMBA_4_0/source/libcli/security/security_descriptor.c =================================================================== --- branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2007-10-10 12:55:07 UTC (rev 25606) +++ branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2007-10-10 13:12:53 UTC (rev 25607) @@ -327,6 +327,7 @@ a typical call would be: sd = security_descriptor_create(mem_ctx, + sd_type_flags, mysid, mygroup, SID_NT_AUTHENTICATED_USERS, @@ -379,6 +380,7 @@ } struct security_descriptor *security_descriptor_create(TALLOC_CTX *mem_ctx, + uint16_t sd_type, const char *owner_sid, const char *group_sid, ...) @@ -390,6 +392,8 @@ sd = security_descriptor_initialise(mem_ctx); if (sd == NULL) return NULL; + sd->type |= sd_type; + if (owner_sid) { sd->owner_sid = dom_sid_parse_talloc(sd, owner_sid); if (sd->owner_sid == NULL) { Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c =================================================================== --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2007-10-10 12:55:07 UTC (rev 25606) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2007-10-10 13:12:53 UTC (rev 25607) @@ -1737,6 +1737,7 @@ if (composite_nomem(domain_admins_sid_str, c)) return; v = security_descriptor_create(vd, + 0, /* owner: domain admins */ domain_admins_sid_str, /* owner group: domain admins */ Modified: branches/SAMBA_4_0/source/torture/raw/acls.c =================================================================== --- branches/SAMBA_4_0/source/torture/raw/acls.c 2007-10-10 12:55:07 UTC (rev 25606) +++ branches/SAMBA_4_0/source/torture/raw/acls.c 2007-10-10 13:12:53 UTC (rev 25607) @@ -298,7 +298,7 @@ printf("set a sec desc allowing no write by CREATOR_OWNER\n"); sd = security_descriptor_create(tctx, - NULL, NULL, + 0, NULL, NULL, SID_CREATOR_OWNER, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_READ | SEC_STD_ALL, @@ -335,7 +335,7 @@ printf("set a sec desc allowing no write by owner\n"); sd = security_descriptor_create(tctx, - owner_sid, NULL, + 0, owner_sid, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_READ | SEC_STD_ALL, @@ -390,7 +390,7 @@ printf("set a sec desc allowing generic read by owner\n"); sd = security_descriptor_create(tctx, - NULL, NULL, + 0, NULL, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_GENERIC_READ | SEC_STD_ALL, @@ -403,7 +403,7 @@ printf("check that generic read has been mapped correctly\n"); sd2 = security_descriptor_create(tctx, - owner_sid, NULL, + 0, owner_sid, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_READ | SEC_STD_ALL, @@ -568,7 +568,7 @@ printf("testing generic bits 0x%08x\n", file_mappings[i].gen_bits); sd = security_descriptor_create(tctx, - owner_sid, NULL, + 0, owner_sid, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, file_mappings[i].gen_bits, @@ -584,7 +584,7 @@ CHECK_STATUS(status, NT_STATUS_OK); sd2 = security_descriptor_create(tctx, - owner_sid, NULL, + 0, owner_sid, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, file_mappings[i].specific_bits, @@ -616,7 +616,7 @@ printf("testing generic bits 0x%08x (anonymous)\n", file_mappings[i].gen_bits); sd = security_descriptor_create(tctx, - SID_NT_ANONYMOUS, NULL, + 0, SID_NT_ANONYMOUS, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, file_mappings[i].gen_bits, @@ -632,7 +632,7 @@ CHECK_STATUS(status, NT_STATUS_OK); sd2 = security_descriptor_create(tctx, - SID_NT_ANONYMOUS, NULL, + 0, SID_NT_ANONYMOUS, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, file_mappings[i].specific_bits, @@ -733,7 +733,7 @@ printf("testing generic bits 0x%08x\n", file_mappings[i].gen_bits); sd = security_descriptor_create(tctx, - owner_sid, NULL, + 0, owner_sid, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, dir_mappings[i].gen_bits, @@ -749,7 +749,7 @@ CHECK_STATUS(status, NT_STATUS_OK); sd2 = security_descriptor_create(tctx, - owner_sid, NULL, + 0, owner_sid, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, dir_mappings[i].specific_bits, @@ -781,7 +781,7 @@ printf("testing generic bits 0x%08x (anonymous)\n", file_mappings[i].gen_bits); sd = security_descriptor_create(tctx, - SID_NT_ANONYMOUS, NULL, + 0, SID_NT_ANONYMOUS, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, file_mappings[i].gen_bits, @@ -797,7 +797,7 @@ CHECK_STATUS(status, NT_STATUS_OK); sd2 = security_descriptor_create(tctx, - SID_NT_ANONYMOUS, NULL, + 0, SID_NT_ANONYMOUS, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, file_mappings[i].specific_bits, @@ -908,7 +908,7 @@ printf("SEC_PRIV_TAKE_OWNERSHIP - %s\n", has_take_ownership_privilege?"Yes":"No"); sd = security_descriptor_create(tctx, - NULL, NULL, + 0, NULL, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_FILE_WRITE_DATA, @@ -1115,7 +1115,7 @@ printf("owner_sid is %s\n", owner_sid); sd_def = security_descriptor_create(tctx, - owner_sid, NULL, + 0, owner_sid, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, @@ -1130,7 +1130,7 @@ for (i=0;i<ARRAY_SIZE(test_flags);i++) { sd = security_descriptor_create(tctx, - NULL, NULL, + 0, NULL, NULL, SID_CREATOR_OWNER, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_FILE_WRITE_DATA, @@ -1263,7 +1263,7 @@ printf("testing access checks on inherited create with %s\n", fname1); sd = security_descriptor_create(tctx, - NULL, NULL, + 0, NULL, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC, @@ -1296,7 +1296,7 @@ smbcli_close(cli->tree, fnum2); sd2 = security_descriptor_create(tctx, - owner_sid, NULL, + 0, owner_sid, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_FILE_WRITE_DATA | SEC_STD_WRITE_DAC, @@ -1432,7 +1432,7 @@ printf("owner_sid is %s\n", owner_sid); sd = security_descriptor_create(tctx, - NULL, NULL, + 0, NULL, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE, @@ -1472,7 +1472,7 @@ printf("update parent sd\n"); sd = security_descriptor_create(tctx, - NULL, NULL, + 0, NULL, NULL, owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_FILE_WRITE_DATA | SEC_STD_DELETE | SEC_FILE_READ_ATTRIBUTE | SEC_FILE_EXECUTE, @@ -1587,7 +1587,7 @@ /* first create a file with full access for everyone */ sd = security_descriptor_create(tctx, - SID_NT_ANONYMOUS, SID_BUILTIN_USERS, + 0, SID_NT_ANONYMOUS, SID_BUILTIN_USERS, SID_WORLD, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_GENERIC_ALL, Modified: branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c =================================================================== --- branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2007-10-10 12:55:07 UTC (rev 25606) +++ branches/SAMBA_4_0/source/torture/rpc/samba3rpc.c 2007-10-10 13:12:53 UTC (rev 25607) @@ -2004,7 +2004,7 @@ } sd = security_descriptor_create( - tmp_ctx, "S-1-5-32-544", + tmp_ctx, 0, "S-1-5-32-544", dom_sid_string(mem_ctx, dom_sid_add_rid(mem_ctx, domain_sid, DOMAIN_RID_USERS)), dom_sid_string(mem_ctx, user_sid), Modified: branches/SAMBA_4_0/source/torture/rpc/winreg.c =================================================================== --- branches/SAMBA_4_0/source/torture/rpc/winreg.c 2007-10-10 12:55:07 UTC (rev 25606) +++ branches/SAMBA_4_0/source/torture/rpc/winreg.c 2007-10-10 13:12:53 UTC (rev 25607) @@ -138,6 +138,7 @@ struct winreg_SecBuf secbuf; sd = security_descriptor_create(tctx, + 0, NULL, NULL, SID_NT_AUTHENTICATED_USERS, SEC_ACE_TYPE_ACCESS_ALLOWED,