Author: metze Date: 2007-01-15 10:47:22 +0000 (Mon, 15 Jan 2007) New Revision: 20801
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20801 Log: try to always fix up the acl revision when we add or remove an ace metze Modified: branches/SAMBA_4_0/source/libcli/security/security_descriptor.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/security/security_descriptor.c =================================================================== --- branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2007-01-15 10:39:17 UTC (rev 20800) +++ branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2007-01-15 10:47:22 UTC (rev 20801) @@ -150,7 +150,7 @@ if (sd->dacl == NULL) { return NT_STATUS_NO_MEMORY; } - sd->dacl->revision = NT4_ACL_REVISION; + sd->dacl->revision = SECURITY_ACL_REVISION_NT4; sd->dacl->size = 0; sd->dacl->num_aces = 0; sd->dacl->aces = NULL; @@ -171,7 +171,18 @@ if (sd->dacl->aces[sd->dacl->num_aces].trustee.sub_auths == NULL) { return NT_STATUS_NO_MEMORY; } - + + switch (sd->dacl->aces[sd->dacl->num_aces].type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: + case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: + sd->dacl->revision = SECURITY_ACL_REVISION_ADS; + break; + default: + break; + } + sd->dacl->num_aces++; sd->type |= SEC_DESC_DACL_PRESENT; @@ -187,11 +198,13 @@ struct dom_sid *trustee) { int i; + bool found = false; if (sd->dacl == NULL) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - + + /* there can be multiple ace's for one trustee */ for (i=0;i<sd->dacl->num_aces;i++) { if (dom_sid_equal(trustee, &sd->dacl->aces[i].trustee)) { memmove(&sd->dacl->aces[i], &sd->dacl->aces[i+1], @@ -200,10 +213,30 @@ if (sd->dacl->num_aces == 0) { sd->dacl->aces = NULL; } + found = true; + } + } + + if (!found) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + sd->dacl->revision = SECURITY_ACL_REVISION_NT4; + + for (i=0;i<sd->dacl->num_aces;i++) { + switch (sd->dacl->aces[i].type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: + case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: + sd->dacl->revision = SECURITY_ACL_REVISION_ADS; return NT_STATUS_OK; + default: + break; /* only for the switch statement */ } } - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_OK; }