diff --git a/libcli/security/secace.c b/libcli/security/secace.c index 7d87b1c..6329d68 100644 --- a/libcli/security/secace.c +++ b/libcli/security/secace.c @@ -58,7 +58,8 @@ void sec_ace_copy(struct security_ace *ace_dest, struct security_ace *ace_src) ********************************************************************/ void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type, - uint32_t mask, uint8_t flag) + uint32_t mask, uint8_t flag, + const union security_ace_object_ctr *obj_ctr) { t->type = type; t->flags = flag; @@ -66,6 +67,11 @@ void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum securi t->access_mask = mask; t->trustee = *sid; + + if ((type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || + type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) && obj_ctr) { + t->object = *obj_ctr; + } } /******************************************************************* diff --git a/libcli/security/secace.h b/libcli/security/secace.h index 8b6625d..7827f48 100644 --- a/libcli/security/secace.h +++ b/libcli/security/secace.h @@ -26,7 +26,8 @@ bool sec_ace_object(uint8_t type); void sec_ace_copy(struct security_ace *ace_dest, struct security_ace *ace_src); void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type, - uint32_t mask, uint8_t flag); + uint32_t mask, uint8_t flag, + const union security_ace_object_ctr *obj_ctr); NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, struct dom_sid *sid, uint32_t mask); NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, struct dom_sid *sid, uint32_t mask); NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, uint32_t *num, struct dom_sid *sid); diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index d45be00..50800df 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -571,7 +571,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, /* First add the regular ACE entry. */ init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, 0); + ace->access_mask, 0, NULL); DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x" " inherited as %s:%d/0x%02x/0x%08x\n", @@ -594,7 +594,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } init_sec_ace(new_ace, ptrustee, ace->type, - ace->access_mask, new_flags); + ace->access_mask, new_flags, &ace->object); DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " " inherited as %s:%d/0x%02x/0x%08x\n", diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 799d983..75defa5 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -133,7 +133,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def se_map_generic(&spec_access, &file_generic_mapping); sa = (def_access | spec_access ); - init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); + init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0, NULL); if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, @@ -384,7 +384,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) se_map_generic(&s_access, &file_generic_mapping); sa = (g_access | s_access); - init_sec_ace(&ace_list[i], &sid, type, sa, 0); + init_sec_ace(&ace_list[i], &sid, type, sa, 0, NULL); } if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, num_aces, ace_list)) != NULL) { diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 058bf32..06e2fbe 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -262,13 +262,15 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) /*basic access for every one*/ init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, - GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0); + GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0, NULL); /*full access for builtin aliases Administrators and Account Operators*/ init_sec_ace(&ace[1], &adm_sid, - SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0, + NULL); init_sec_ace(&ace[2], &act_sid, - SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0, + NULL); if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; diff --git a/source3/libgpo/gpo_reg.c b/source3/libgpo/gpo_reg.c index 9367bca..4bd6edb 100644 --- a/source3/libgpo/gpo_reg.c +++ b/source3/libgpo/gpo_reg.c @@ -699,19 +699,19 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx, init_sec_ace(&ace[0], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, 0); + mask, 0, NULL); mask = REG_KEY_ALL; init_sec_ace(&ace[1], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, 0); + mask, 0, NULL); mask = REG_KEY_READ; init_sec_ace(&ace[2], sid ? sid : &global_sid_Authenticated_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, 0); + mask, 0, NULL); inherit_flags = SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_CONTAINER_INHERIT | @@ -721,19 +721,19 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx, init_sec_ace(&ace[3], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, inherit_flags); + mask, inherit_flags, NULL); mask = REG_KEY_ALL; init_sec_ace(&ace[4], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, inherit_flags); + mask, inherit_flags, NULL); mask = REG_KEY_READ; init_sec_ace(&ace[5], sid ? sid : &global_sid_Authenticated_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, inherit_flags); + mask, inherit_flags, NULL); theacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace); W_ERROR_HAVE_NO_MEMORY(theacl); diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c index 0e2ffda..a530264 100644 --- a/source3/libsmb/libsmb_xattr.c +++ b/source3/libsmb/libsmb_xattr.c @@ -385,7 +385,7 @@ parse_ace(struct cli_state *ipc_cli, done: mask = amask; - init_sec_ace(ace, &sid, atype, mask, aflags); + init_sec_ace(ace, &sid, atype, mask, aflags, NULL); TALLOC_FREE(frame); return true; } diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index ecc889a..ba1a606 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -212,7 +212,8 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, access_mask, SEC_ACE_FLAG_CONTAINER_INHERIT| SEC_ACE_FLAG_OBJECT_INHERIT| - SEC_ACE_FLAG_INHERIT_ONLY); + SEC_ACE_FLAG_INHERIT_ONLY, + NULL); access_mask = map_canon_ace_perms(SNUM(conn), &acltype, (mode << 3) & 0700, false); init_sec_ace(&new_ace_list[num_aces+1], @@ -221,7 +222,8 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, access_mask, SEC_ACE_FLAG_CONTAINER_INHERIT| SEC_ACE_FLAG_OBJECT_INHERIT| - SEC_ACE_FLAG_INHERIT_ONLY); + SEC_ACE_FLAG_INHERIT_ONLY, + NULL); access_mask = map_canon_ace_perms(SNUM(conn), &acltype, (mode << 6) & 0700, false); init_sec_ace(&new_ace_list[num_aces+2], @@ -230,7 +232,8 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, access_mask, SEC_ACE_FLAG_CONTAINER_INHERIT| SEC_ACE_FLAG_OBJECT_INHERIT| - SEC_ACE_FLAG_INHERIT_ONLY); + SEC_ACE_FLAG_INHERIT_ONLY, + NULL); psd->dacl->aces = new_ace_list; psd->dacl->num_aces += 3; } diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index beaa9e5..7723654 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -5403,7 +5403,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) sa = PRINTER_ACE_PRINT; init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, - sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + sa, SEC_ACE_FLAG_CONTAINER_INHERIT, NULL); /* Add the domain admins group if we are a DC */ @@ -5416,9 +5416,11 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &domadmins_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, - SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); + SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY, + NULL); init_sec_ace(&ace[i++], &domadmins_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, - sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + sa, SEC_ACE_FLAG_CONTAINER_INHERIT, + NULL); } else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) { sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN); @@ -5426,9 +5428,10 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, - SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); + SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY, + NULL); init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, - sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + sa, SEC_ACE_FLAG_CONTAINER_INHERIT, NULL); } /* add BUILTIN\Administrators as FULL CONTROL */ @@ -5436,10 +5439,10 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, - SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); + SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY, NULL); init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, - sa, SEC_ACE_FLAG_CONTAINER_INHERIT); + sa, SEC_ACE_FLAG_CONTAINER_INHERIT, NULL); /* Make the security descriptor owned by the BUILTIN\Administrators */ diff --git a/source3/registry/reg_dispatcher.c b/source3/registry/reg_dispatcher.c index cc6d95f..b4f311b 100644 --- a/source3/registry/reg_dispatcher.c +++ b/source3/registry/reg_dispatcher.c @@ -45,17 +45,17 @@ static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd) /* basic access for Everyone */ init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, - REG_KEY_READ, 0); + REG_KEY_READ, 0, NULL); /* Full Access 'BUILTIN\Administrators' */ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, - SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0, NULL); /* Full Access 'NT Authority\System' */ init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, - REG_KEY_ALL, 0); + REG_KEY_ALL, 0, NULL); /* create the security descriptor */ diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index e903f0e..f5e5fb5 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -325,26 +325,26 @@ static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s /* READ|EXECUTE access for Everyone */ init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, - map->generic_execute | map->generic_read, 0); + map->generic_execute | map->generic_read, 0, NULL); /* Add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, - SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, - SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); /* Add Full Access for Domain Admins */ sid_copy(&adm_sid, get_global_sam_sid()); sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS); init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, - map->generic_all, 0); + map->generic_all, 0, NULL); /* If we have a sid, give it some special access */ if (sid) { init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, - sid_access, 0); + sid_access, 0, NULL); } if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, i, ace)) == NULL) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 487fb3d..870a9ab 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -133,14 +133,14 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd /* basic access for Everyone */ init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, - map->generic_execute | map->generic_read, 0); + map->generic_execute | map->generic_read, 0, NULL); /* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, - SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, - SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); /* Add Full Access for Domain Admins if we are a DC */ @@ -148,13 +148,13 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd sid_copy( &domadmin_sid, get_global_sam_sid() ); sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS ); init_sec_ace(&ace[i++], &domadmin_sid, - SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); } /* if we have a sid, give it some special access */ if ( sid ) { - init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0); + init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0, NULL); } /* create the security descriptor */ diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 26dc09e..5f66483 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -144,12 +144,12 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx ) /* basic access for Everyone */ init_sec_ace(&ace[i++], &global_sid_World, - SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0, NULL); /* Full Access 'BUILTIN\Administrators' */ init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, - SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0, NULL); /* create the security descriptor */ diff --git a/source3/services/services_db.c b/source3/services/services_db.c index b610c92..967ba6f 100644 --- a/source3/services/services_db.c +++ b/source3/services/services_db.c @@ -97,15 +97,16 @@ static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx ) /* basic access for Everyone */ init_sec_ace(&ace[i++], &global_sid_World, - SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0, NULL); init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, - SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0, + NULL); init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, - SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0, NULL); init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, - SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0, NULL); /* create the security descriptor */ diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 555f9c0..0f28ff7 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3072,7 +3072,7 @@ static void add_or_replace_ace(SEC_ACE *nt_ace_list, size_t *num_aces, } /* not found, append it */ - init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags); + init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags, NULL); } @@ -3233,7 +3233,8 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, &ace->trustee, nt_acl_type, acc, - ace->ace_flags); + ace->ace_flags, + NULL); } /* The User must have access to a profile share - even @@ -3257,7 +3258,8 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, ace->ace_flags | SEC_ACE_FLAG_OBJECT_INHERIT| SEC_ACE_FLAG_CONTAINER_INHERIT| - SEC_ACE_FLAG_INHERIT_ONLY); + SEC_ACE_FLAG_INHERIT_ONLY, + NULL); } /* The User must have access to a profile share - even @@ -3862,17 +3864,20 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC &file_owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_ALL_ACCESS, - 0); + 0, + NULL); init_sec_ace(&ace[1], &file_grp_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_ALL_ACCESS, - 0); + 0, + NULL); init_sec_ace(&ace[2], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_ALL_ACCESS, - 0); + 0, + NULL); psd->dacl = make_sec_acl(talloc_tos(), NT4_ACL_REVISION, 3, @@ -4772,7 +4777,8 @@ NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, access_mask, - 0); + 0, + NULL); idx++; access_mask = 0; @@ -4788,7 +4794,8 @@ NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, &group_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, access_mask, - 0); + 0, + NULL); idx++; } @@ -4804,7 +4811,8 @@ NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, access_mask, - 0); + 0, + NULL); idx++; } @@ -4812,7 +4820,8 @@ NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, - 0); + 0, + NULL); idx++; new_dacl = make_sec_acl(ctx, diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c index 4be77ec..756ab28 100644 --- a/source3/utils/sharesec.c +++ b/source3/utils/sharesec.c @@ -284,7 +284,7 @@ static bool parse_ace(SEC_ACE *ace, const char *orig_str) done: mask = amask; - init_sec_ace(ace, &sid, atype, mask, aflags); + init_sec_ace(ace, &sid, atype, mask, aflags, NULL); SAFE_FREE(str); TALLOC_FREE(frame); return True; diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index eefe4fe..b09d5d8 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -520,7 +520,7 @@ static bool parse_ace(struct cli_state *cli, SEC_ACE *ace, done: mask = amask; - init_sec_ace(ace, &sid, atype, mask, aflags); + init_sec_ace(ace, &sid, atype, mask, aflags, NULL); TALLOC_FREE(frame); SAFE_FREE(str); return True;