From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Sun, 30 Jul 2023 22:55:42 +0000 (+1200)
Subject: libcli/security: Handle new ACE types with sec_ace_object()
X-Git-Tag: tevent-0.16.0~293
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bbb259e1d0685a4db6bb88b0f1aef16144502551;p=thirdparty%2Fsamba.git

libcli/security: Handle new ACE types with sec_ace_object()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/security_descriptor.c b/libcli/security/security_descriptor.c
index 8dca5892869..9b9f16c6d2e 100644
--- a/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
@@ -312,15 +312,8 @@ static NTSTATUS security_descriptor_acl_add(struct security_descriptor *sd,
 	ARRAY_INSERT_ELEMENT(acl->aces, acl->num_aces, *ace, idx);
 	acl->num_aces++;
 
-	switch (acl->aces[idx].type) {
-	case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
-	case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
-	case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
-	case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+	if (sec_ace_object(acl->aces[idx].type)) {
 		acl->revision = SECURITY_ACL_REVISION_ADS;
-		break;
-	default:
-		break;
 	}
 
 	if (add_to_sacl) {
@@ -425,15 +418,9 @@ static NTSTATUS security_descriptor_acl_del(struct security_descriptor *sd,
 	acl->revision = SECURITY_ACL_REVISION_NT4;
 
 	for (i=0;i<acl->num_aces;i++) {
-		switch (acl->aces[i].type) {
-		case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
-		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
-		case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
-		case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+		if (sec_ace_object(acl->aces[i].type)) {
 			acl->revision = SECURITY_ACL_REVISION_ADS;
-			return NT_STATUS_OK;
-		default:
-			break; /* only for the switch statement */
+			break;
 		}
 	}
 
@@ -502,15 +489,9 @@ static NTSTATUS security_descriptor_acl_del_ace(struct security_descriptor *sd,
 	acl->revision = SECURITY_ACL_REVISION_NT4;
 
 	for (i=0;i<acl->num_aces;i++) {
-		switch (acl->aces[i].type) {
-		case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
-		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
-		case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
-		case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+		if (sec_ace_object(acl->aces[i].type)) {
 			acl->revision = SECURITY_ACL_REVISION_ADS;
-			return NT_STATUS_OK;
-		default:
-			break; /* only for the switch statement */
+			break;
 		}
 	}