svn commit: samba r20801 - in branches/SAMBA_4_0/source/libcli/security: .

Mon, 15 Jan 2007 02:48:00 -0800 

Author: metze
Date: 2007-01-15 10:47:22 +0000 (Mon, 15 Jan 2007)
New Revision: 20801

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20801

Log:
try to always fix up the acl revision when we add or remove
an ace

metze
Modified:
   branches/SAMBA_4_0/source/libcli/security/security_descriptor.c


Changeset:
Modified: branches/SAMBA_4_0/source/libcli/security/security_descriptor.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/security_descriptor.c     
2007-01-15 10:39:17 UTC (rev 20800)
+++ branches/SAMBA_4_0/source/libcli/security/security_descriptor.c     
2007-01-15 10:47:22 UTC (rev 20801)
@@ -150,7 +150,7 @@
                if (sd->dacl == NULL) {
                        return NT_STATUS_NO_MEMORY;
                }
-               sd->dacl->revision = NT4_ACL_REVISION;
+               sd->dacl->revision = SECURITY_ACL_REVISION_NT4;
                sd->dacl->size     = 0;
                sd->dacl->num_aces = 0;
                sd->dacl->aces     = NULL;
@@ -171,7 +171,18 @@
        if (sd->dacl->aces[sd->dacl->num_aces].trustee.sub_auths == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
-       
+
+       switch (sd->dacl->aces[sd->dacl->num_aces].type) {
+       case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+       case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+       case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+       case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+               sd->dacl->revision = SECURITY_ACL_REVISION_ADS;
+               break;
+       default:
+               break;
+       }
+
        sd->dacl->num_aces++;
 
        sd->type |= SEC_DESC_DACL_PRESENT;
@@ -187,11 +198,13 @@
                                      struct dom_sid *trustee)
 {
        int i;
+       bool found = false;
 
        if (sd->dacl == NULL) {
                return NT_STATUS_OBJECT_NAME_NOT_FOUND;
        }
-       
+
+       /* there can be multiple ace's for one trustee */
        for (i=0;i<sd->dacl->num_aces;i++) {
                if (dom_sid_equal(trustee, &sd->dacl->aces[i].trustee)) {
                        memmove(&sd->dacl->aces[i], &sd->dacl->aces[i+1],
@@ -200,10 +213,30 @@
                        if (sd->dacl->num_aces == 0) {
                                sd->dacl->aces = NULL;
                        }
+                       found = true;
+               }
+       }
+
+       if (!found) {
+               return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+       }
+
+       sd->dacl->revision = SECURITY_ACL_REVISION_NT4;
+
+       for (i=0;i<sd->dacl->num_aces;i++) {
+               switch (sd->dacl->aces[i].type) {
+               case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+               case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+               case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+               case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+                       sd->dacl->revision = SECURITY_ACL_REVISION_ADS;
                        return NT_STATUS_OK;
+               default:
+                       break; /* only for the switch statement */
                }
        }
-       return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+
+       return NT_STATUS_OK;
 }

Reply via email to