]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1cc8888)
libcli/security/create_descriptor: calc_inherited handles new types
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Fri, 21 Jul 2023 02:36:20 +0000 (14:36 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 26 Sep 2023 23:45:35 +0000 (23:45 +0000)
*_CALLBACK_OBJECT types inherit like other _OBJECT types.
*_CALLBACK types do nothing, like other non-OBJECT types.

We also explicitly throw unused alarm callback types and
SEC_ACE_TYPE_SYSTEM_MANDATORY_LABEL and
SEC_ACE_TYPE_SYSTEM_SCOPED_POLICY_ID into the fire.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security/create_descriptor.c patch | blob | blame | history

diff --git a/libcli/security/create_descriptor.c b/libcli/security/create_descriptor.c
index ab304a59a1cce2777533f182ee8a900aa97f4a84..d9e1c05f31ba8da93eda57aeb63762ba1f1e07b5 100644 (file)
--- a/libcli/security/create_descriptor.c
+++ b/libcli/security/create_descriptor.c
@@ -199,6 +199,9 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx,
                case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
                case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
                case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+               case SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT:
+               case SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK_OBJECT:
+               case SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK_OBJECT:
                        if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
                                inherited_property = &ace->object.object.type.type;
                        }
@@ -216,6 +219,16 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx,
 
                        break;
 
+               case SEC_ACE_TYPE_ACCESS_DENIED_CALLBACK:
+               case SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK:
+               case SEC_ACE_TYPE_SYSTEM_AUDIT_CALLBACK:
+                       break;
+               case SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE:
+                       break;
+               case SEC_ACE_TYPE_SYSTEM_ALARM_CALLBACK:
+               case SEC_ACE_TYPE_SYSTEM_ALARM_CALLBACK_OBJECT:
+               case SEC_ACE_TYPE_SYSTEM_MANDATORY_LABEL:
+               case SEC_ACE_TYPE_SYSTEM_SCOPED_POLICY_ID:
                default:
                        DBG_WARNING("ACE type %d is not handled\n", ace->type);
                        TALLOC_FREE(tmp_acl);
Mirror of https://github.com/samba-team/samba.git