ace 101 libcli/security/secace.c NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, struct dom_sid *sid, uint32_t mask) ace 105 libcli/security/secace.c if (!ace || !sid) return NT_STATUS_INVALID_PARAMETER; ace 108 libcli/security/secace.c if (dom_sid_equal(&ace[i].trustee, sid)) { ace 109 libcli/security/secace.c ace[i].access_mask = mask; ace 31 libcli/security/secace.h NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, struct dom_sid *sid, uint32_t mask); ace 33 librpc/ndr/ndr_sec_helper.c size_t ndr_size_security_ace(const struct security_ace *ace, struct smb_iconv_convenience *ic, int flags) ace 37 librpc/ndr/ndr_sec_helper.c if (!ace) return 0; ace 39 librpc/ndr/ndr_sec_helper.c ret = 8 + ndr_size_dom_sid(&ace->trustee, ic, flags); ace 41 librpc/ndr/ndr_sec_helper.c switch (ace->type) { ace 47 librpc/ndr/ndr_sec_helper.c if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) { ace 50 librpc/ndr/ndr_sec_helper.c if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) { ace 488 source3/include/proto.h void display_sec_ace(SEC_ACE *ace); ace 1242 source3/include/proto.h bool token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace); ace 173 source3/lib/display_sec.c void display_sec_ace(SEC_ACE *ace) ace 178 source3/lib/display_sec.c switch (ace->type) { ace 211 source3/lib/display_sec.c printf(" (%d) flags: 0x%02x ", ace->type, ace->flags); ace 212 source3/lib/display_sec.c display_sec_ace_flags(ace->flags); ace 213 source3/lib/display_sec.c display_sec_access(&ace->access_mask); ace 214 source3/lib/display_sec.c sid_to_fstring(sid_str, &ace->trustee); ace 217 source3/lib/display_sec.c if (sec_ace_object(ace->type)) { ace 218 source3/lib/display_sec.c disp_sec_ace_object(&ace->object.object); ace 445 source3/lib/secdesc.c SEC_ACE *ace = 0; ace 453 source3/lib/secdesc.c status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask); ace 458 source3/lib/secdesc.c if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) ace 497 source3/lib/secdesc.c SEC_ACE *ace = 0; ace 505 source3/lib/secdesc.c status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid); ace 510 source3/lib/secdesc.c if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) ace 526 source3/lib/secdesc.c static bool is_inheritable_ace(const SEC_ACE *ace, ace 530 source3/lib/secdesc.c return ((ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) != 0); ace 533 source3/lib/secdesc.c if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) { ace 537 source3/lib/secdesc.c if ((ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) && ace 538 source3/lib/secdesc.c !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { ace 584 source3/lib/secdesc.c const SEC_ACE *ace = &the_acl->aces[i]; ace 586 source3/lib/secdesc.c const DOM_SID *ptrustee = &ace->trustee; ace 588 source3/lib/secdesc.c uint8 new_flags = ace->flags; ace 590 source3/lib/secdesc.c if (!is_inheritable_ace(ace, container)) { ace 621 source3/lib/secdesc.c init_sec_ace(new_ace, ptrustee, ace->type, ace 622 source3/lib/secdesc.c ace->access_mask, 0); ace 626 source3/lib/secdesc.c sid_string_dbg(&ace->trustee), ace 627 source3/lib/secdesc.c ace->type, ace->flags, ace->access_mask, ace 640 source3/lib/secdesc.c !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { ace 641 source3/lib/secdesc.c ptrustee = &ace->trustee; ace 644 source3/lib/secdesc.c init_sec_ace(new_ace, ptrustee, ace->type, ace 645 source3/lib/secdesc.c ace->access_mask, new_flags); ace 649 source3/lib/secdesc.c sid_string_dbg(&ace->trustee), ace 650 source3/lib/secdesc.c ace->type, ace->flags, ace->access_mask, ace 651 source3/lib/secdesc.c sid_string_dbg(&ace->trustee), ace 128 source3/lib/sharesec.c SEC_ACE ace; ace 136 source3/lib/sharesec.c init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); ace 138 source3/lib/sharesec.c if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { ace 123 source3/lib/util_nttoken.c bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace) ace 128 source3/lib/util_nttoken.c if (sid_equal(&ace->trustee, &token->user_sids[i])) ace 125 source3/lib/util_seaccess.c struct security_ace *ace = &sd->dacl->aces[i]; ace 127 source3/lib/util_seaccess.c if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { ace 131 source3/lib/util_seaccess.c if (!is_sid_in_token(token, &ace->trustee)) { ace 135 source3/lib/util_seaccess.c switch (ace->type) { ace 137 source3/lib/util_seaccess.c granted |= ace->access_mask; ace 141 source3/lib/util_seaccess.c denied |= ace->access_mask; ace 216 source3/lib/util_seaccess.c struct security_ace *ace = &sd->dacl->aces[i]; ace 218 source3/lib/util_seaccess.c if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { ace 222 source3/lib/util_seaccess.c if (!is_sid_in_token(token, &ace->trustee)) { ace 226 source3/lib/util_seaccess.c switch (ace->type) { ace 228 source3/lib/util_seaccess.c bits_remaining &= ~ace->access_mask; ace 232 source3/lib/util_seaccess.c if (bits_remaining & ace->access_mask) { ace 259 source3/lib/util_seaccess.c SEC_ACE ace[3]; ace 270 source3/lib/util_seaccess.c init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 274 source3/lib/util_seaccess.c init_sec_ace(&ace[1], &adm_sid, ace 276 source3/lib/util_seaccess.c init_sec_ace(&ace[2], &act_sid, ace 279 source3/lib/util_seaccess.c if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) ace 691 source3/libgpo/gpo_reg.c SEC_ACE ace[6]; ace 699 source3/libgpo/gpo_reg.c init_sec_ace(&ace[0], ace 705 source3/libgpo/gpo_reg.c init_sec_ace(&ace[1], ace 711 source3/libgpo/gpo_reg.c init_sec_ace(&ace[2], ace 721 source3/libgpo/gpo_reg.c init_sec_ace(&ace[3], ace 727 source3/libgpo/gpo_reg.c init_sec_ace(&ace[4], ace 733 source3/libgpo/gpo_reg.c init_sec_ace(&ace[5], ace 738 source3/libgpo/gpo_reg.c theacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace); ace 61 source3/libgpo/gpo_sec.c static bool gpo_sd_check_agp_object(const SEC_ACE *ace) ace 63 source3/libgpo/gpo_sec.c if (!sec_ace_object(ace->type)) { ace 67 source3/libgpo/gpo_sec.c return gpo_sd_check_agp_object_guid(&ace->object.object); ace 95 source3/libgpo/gpo_sec.c static NTSTATUS gpo_sd_check_ace_denied_object(const SEC_ACE *ace, ace 98 source3/libgpo/gpo_sec.c if (gpo_sd_check_agp_object(ace) && ace 99 source3/libgpo/gpo_sec.c gpo_sd_check_agp_access_bits(ace->access_mask) && ace 100 source3/libgpo/gpo_sec.c nt_token_check_sid(&ace->trustee, token)) { ace 103 source3/libgpo/gpo_sec.c sid_string_dbg(&ace->trustee))); ace 113 source3/libgpo/gpo_sec.c static NTSTATUS gpo_sd_check_ace_allowed_object(const SEC_ACE *ace, ace 116 source3/libgpo/gpo_sec.c if (gpo_sd_check_agp_object(ace) && ace 117 source3/libgpo/gpo_sec.c gpo_sd_check_agp_access_bits(ace->access_mask) && ace 118 source3/libgpo/gpo_sec.c nt_token_check_sid(&ace->trustee, token)) { ace 121 source3/libgpo/gpo_sec.c sid_string_dbg(&ace->trustee))); ace 131 source3/libgpo/gpo_sec.c static NTSTATUS gpo_sd_check_ace(const SEC_ACE *ace, ace 134 source3/libgpo/gpo_sec.c switch (ace->type) { ace 136 source3/libgpo/gpo_sec.c return gpo_sd_check_ace_denied_object(ace, token); ace 138 source3/libgpo/gpo_sec.c return gpo_sd_check_ace_allowed_object(ace, token); ace 259 source3/libsmb/libsmb_xattr.c SEC_ACE *ace, ace 297 source3/libsmb/libsmb_xattr.c ZERO_STRUCTP(ace); ace 388 source3/libsmb/libsmb_xattr.c init_sec_ace(ace, &sid, atype, mask, aflags); ace 396 source3/libsmb/libsmb_xattr.c SEC_ACE *ace, ace 403 source3/libsmb/libsmb_xattr.c (*the_acl) = make_sec_acl(ctx, 3, 1, ace); ace 412 source3/libsmb/libsmb_xattr.c memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); ace 510 source3/libsmb/libsmb_xattr.c SEC_ACE ace; ace 511 source3/libsmb/libsmb_xattr.c if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) { ace 515 source3/libsmb/libsmb_xattr.c if(!add_ace(&dacl, &ace, ctx)) { ace 523 source3/libsmb/libsmb_xattr.c SEC_ACE ace; ace 524 source3/libsmb/libsmb_xattr.c if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) { ace 528 source3/libsmb/libsmb_xattr.c if(!add_ace(&dacl, &ace, ctx)) { ace 1063 source3/libsmb/libsmb_xattr.c SEC_ACE *ace = &sd->dacl->aces[i]; ace 1066 source3/libsmb/libsmb_xattr.c &ace->trustee); ace 1075 source3/libsmb/libsmb_xattr.c ace->type, ace 1076 source3/libsmb/libsmb_xattr.c ace->flags, ace 1077 source3/libsmb/libsmb_xattr.c ace->access_mask); ace 1088 source3/libsmb/libsmb_xattr.c ace->type, ace 1089 source3/libsmb/libsmb_xattr.c ace->flags, ace 1090 source3/libsmb/libsmb_xattr.c ace->access_mask); ace 1100 source3/libsmb/libsmb_xattr.c ace->type, ace 1101 source3/libsmb/libsmb_xattr.c ace->flags, ace 1102 source3/libsmb/libsmb_xattr.c ace->access_mask); ace 1111 source3/libsmb/libsmb_xattr.c ace->type, ace 1112 source3/libsmb/libsmb_xattr.c ace->flags, ace 1113 source3/libsmb/libsmb_xattr.c ace->access_mask); ace 1122 source3/libsmb/libsmb_xattr.c ace->type, ace 1123 source3/libsmb/libsmb_xattr.c ace->flags, ace 1124 source3/libsmb/libsmb_xattr.c ace->access_mask); ace 1135 source3/libsmb/libsmb_xattr.c ace->type, ace 1136 source3/libsmb/libsmb_xattr.c ace->flags, ace 1137 source3/libsmb/libsmb_xattr.c ace->access_mask); ace 65 source3/modules/nfs4_acls.c static SMB_ACE4_INT_T *get_validated_aceint(SMB4ACE_T *ace) ace 67 source3/modules/nfs4_acls.c SMB_ACE4_INT_T *aceint = (SMB_ACE4_INT_T *)ace; ace 68 source3/modules/nfs4_acls.c if (ace==NULL) ace 102 source3/modules/nfs4_acls.c SMB_ACE4_INT_T *ace; ace 104 source3/modules/nfs4_acls.c ace = (SMB_ACE4_INT_T *)TALLOC_ZERO_SIZE(mem_ctx, sizeof(SMB_ACE4_INT_T)); ace 105 source3/modules/nfs4_acls.c if (ace==NULL) ace 111 source3/modules/nfs4_acls.c ace->magic = SMB_ACE4_INT_MAGIC; ace 113 source3/modules/nfs4_acls.c memcpy(&ace->prop, prop, sizeof(SMB_ACE4PROP_T)); ace 117 source3/modules/nfs4_acls.c aclint->first = ace; ace 118 source3/modules/nfs4_acls.c aclint->last = ace; ace 120 source3/modules/nfs4_acls.c aclint->last->next = (void *)ace; ace 121 source3/modules/nfs4_acls.c aclint->last = ace; ace 125 source3/modules/nfs4_acls.c return (SMB4ACE_T *)ace; ace 128 source3/modules/nfs4_acls.c SMB_ACE4PROP_T *smb_get_ace4(SMB4ACE_T *ace) ace 130 source3/modules/nfs4_acls.c SMB_ACE4_INT_T *aceint = get_validated_aceint(ace); ace 137 source3/modules/nfs4_acls.c SMB4ACE_T *smb_next_ace4(SMB4ACE_T *ace) ace 139 source3/modules/nfs4_acls.c SMB_ACE4_INT_T *aceint = get_validated_aceint(ace); ace 233 source3/modules/nfs4_acls.c SMB_ACE4PROP_T *ace = &aceint->prop; ace 236 source3/modules/nfs4_acls.c "who: %d\n", aceint->magic, ace->aceType, ace->flags, ace 237 source3/modules/nfs4_acls.c ace->aceFlags, ace->aceMask, ace->who.id)); ace 241 source3/modules/nfs4_acls.c if (ace->flags & SMB_ACE4_ID_SPECIAL) { ace 242 source3/modules/nfs4_acls.c switch (ace->who.special_id) { ace 254 source3/modules/nfs4_acls.c "ignored\n", ace->who.special_id)); ace 257 source3/modules/nfs4_acls.c if (ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) { ace 258 source3/modules/nfs4_acls.c gid_to_sid(&sid, ace->who.gid); ace 260 source3/modules/nfs4_acls.c uid_to_sid(&sid, ace->who.uid); ace 263 source3/modules/nfs4_acls.c DEBUG(10, ("mapped %d to %s\n", ace->who.id, ace 266 source3/modules/nfs4_acls.c if (is_directory && (ace->aceMask & SMB_ACE4_ADD_FILE)) { ace 267 source3/modules/nfs4_acls.c ace->aceMask |= SMB_ACE4_DELETE_CHILD; ace 270 source3/modules/nfs4_acls.c mask = ace->aceMask; ace 272 source3/modules/nfs4_acls.c ace->aceType, mask, ace 273 source3/modules/nfs4_acls.c ace->aceFlags & 0xf); ace 416 source3/modules/nfs4_acls.c SMB_ACE4PROP_T *ace = &aceint->prop; ace 419 source3/modules/nfs4_acls.c ace->aceType, ace 420 source3/modules/nfs4_acls.c ace->aceFlags, ace->flags, ace 421 source3/modules/nfs4_acls.c ace->aceMask, ace 422 source3/modules/nfs4_acls.c ace->who.id)); ace 439 source3/modules/nfs4_acls.c SMB_ACE4PROP_T *ace = &aceint->prop; ace 441 source3/modules/nfs4_acls.c if (ace->flags == aceNew->flags && ace 442 source3/modules/nfs4_acls.c ace->aceType==aceNew->aceType && ace 443 source3/modules/nfs4_acls.c (ace->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)== ace 447 source3/modules/nfs4_acls.c if (ace->flags & SMB_ACE4_ID_SPECIAL) ace 449 source3/modules/nfs4_acls.c if (ace->who.special_id==aceNew->who.special_id) ace 450 source3/modules/nfs4_acls.c return ace; ace 452 source3/modules/nfs4_acls.c if (ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) ace 454 source3/modules/nfs4_acls.c if (ace->who.gid==aceNew->who.gid) ace 455 source3/modules/nfs4_acls.c return ace; ace 457 source3/modules/nfs4_acls.c if (ace->who.uid==aceNew->who.uid) ace 458 source3/modules/nfs4_acls.c return ace; ace 628 source3/modules/nfs4_acls.c SMB_ACE4PROP_T *ace, /* the "new" ACE */ ace 634 source3/modules/nfs4_acls.c SMB_ACE4PROP_T *ace4found = smbacl4_find_equal_special(theacl, ace); ace 641 source3/modules/nfs4_acls.c ace4found->aceFlags |= ace->aceFlags; ace 642 source3/modules/nfs4_acls.c ace4found->aceMask |= ace->aceMask; ace 122 source3/modules/nfs4_acls.h SMB_ACE4PROP_T *smb_get_ace4(SMB4ACE_T *ace); ace 128 source3/modules/nfs4_acls.h SMB4ACE_T *smb_next_ace4(SMB4ACE_T *ace); ace 170 source3/modules/onefs_acl.c onefs_samba_ace_to_ace(SEC_ACE * samba_ace, struct ifs_ace * ace, ace 175 source3/modules/onefs_acl.c SMB_ASSERT(ace); ace 220 source3/modules/onefs_acl.c if (aclu_initialize_ace(ace, samba_ace->type, ace 225 source3/modules/onefs_acl.c if ((ace->trustee.type == IFS_ID_TYPE_CREATOR_OWNER || ace 226 source3/modules/onefs_acl.c ace->trustee.type == IFS_ID_TYPE_CREATOR_GROUP) && ace 228 source3/modules/onefs_acl.c ace->flags |= SEC_ACE_FLAG_INHERIT_ONLY; ace 88 source3/modules/vfs_afsacl.c static struct afs_ace *clone_afs_ace(TALLOC_CTX *mem_ctx, struct afs_ace *ace) ace 95 source3/modules/vfs_afsacl.c *result = *ace; ace 98 source3/modules/vfs_afsacl.c result->name = talloc_strdup(mem_ctx, ace->name); ace 194 source3/modules/vfs_afsacl.c struct afs_ace *ace; ace 196 source3/modules/vfs_afsacl.c for (ace = acl->acelist; ace != NULL; ace = ace->next) { ace 197 source3/modules/vfs_afsacl.c if ((ace->positive == positive) && ace 198 source3/modules/vfs_afsacl.c (strequal(ace->name, name))) { ace 199 source3/modules/vfs_afsacl.c ace->rights |= rights; ace 204 source3/modules/vfs_afsacl.c ace = new_afs_ace(acl->ctx, positive, name, rights); ace 206 source3/modules/vfs_afsacl.c ace->next = acl->acelist; ace 207 source3/modules/vfs_afsacl.c acl->acelist = ace; ace 212 source3/modules/vfs_afsacl.c ace->positive?"positive":"negative", ace 213 source3/modules/vfs_afsacl.c ace->name, ace->rights)); ace 303 source3/modules/vfs_afsacl.c struct afs_ace *ace = acl->acelist; ace 305 source3/modules/vfs_afsacl.c while (ace != NULL) { ace 306 source3/modules/vfs_afsacl.c if (ace->positive) ace 310 source3/modules/vfs_afsacl.c ace = ace->next; ace 319 source3/modules/vfs_afsacl.c ace = acl->acelist; ace 321 source3/modules/vfs_afsacl.c while (ace != NULL) { ace 322 source3/modules/vfs_afsacl.c fstr_sprintf(line, "%s\t%d\n", ace->name, ace->rights); ace 324 source3/modules/vfs_afsacl.c ace = ace->next; ace 398 source3/modules/vfs_afsacl.c struct afs_ace *ace; ace 403 source3/modules/vfs_afsacl.c for (ace = acl->acelist; ace != NULL; ace = ace->next) { ace 404 source3/modules/vfs_afsacl.c if (ace->rights & AFS_FILE_RIGHTS) { ace 405 source3/modules/vfs_afsacl.c add_afs_ace(file_acl, ace->positive, ace->name, ace 406 source3/modules/vfs_afsacl.c ace->rights & AFS_FILE_RIGHTS); ace 409 source3/modules/vfs_afsacl.c if (ace->rights & AFS_DIR_RIGHTS) { ace 410 source3/modules/vfs_afsacl.c add_afs_ace(dir_acl, ace->positive, ace->name, ace 411 source3/modules/vfs_afsacl.c ace->rights & AFS_DIR_RIGHTS); ace 427 source3/modules/vfs_afsacl.c struct afs_ace *ace; ace 431 source3/modules/vfs_afsacl.c for (ace = dir_acl->acelist; ace != NULL; ace = ace->next) { ace 438 source3/modules/vfs_afsacl.c if (!same_principal(ace, file_ace)) ace 441 source3/modules/vfs_afsacl.c add_afs_ace(target, ace->positive, ace->name, ace 442 source3/modules/vfs_afsacl.c ace->rights | file_ace->rights); ace 447 source3/modules/vfs_afsacl.c add_afs_ace(target, ace->positive, ace->name, ace 448 source3/modules/vfs_afsacl.c ace->rights); ace 451 source3/modules/vfs_afsacl.c for (ace = file_acl->acelist; ace != NULL; ace = ace->next) { ace 458 source3/modules/vfs_afsacl.c if (!same_principal(ace, dir_ace)) ace 464 source3/modules/vfs_afsacl.c add_afs_ace(target, ace->positive, ace->name, ace 465 source3/modules/vfs_afsacl.c ace->rights); ace 531 source3/modules/vfs_afsacl.c static uint32 nt_to_afs_dir_rights(const char *filename, const SEC_ACE *ace) ace 534 source3/modules/vfs_afsacl.c uint32 rights = ace->access_mask; ace 535 source3/modules/vfs_afsacl.c uint8 flags = ace->flags; ace 540 source3/modules/vfs_afsacl.c if ( (ace->type == m->type) && ace 541 source3/modules/vfs_afsacl.c (ace->flags == m->flags) && ace 542 source3/modules/vfs_afsacl.c (ace->access_mask == m->mask) ) ace 547 source3/modules/vfs_afsacl.c ace->type, ace->flags, ace->access_mask, filename, rights)); ace 572 source3/modules/vfs_afsacl.c static uint32 nt_to_afs_file_rights(const char *filename, const SEC_ACE *ace) ace 575 source3/modules/vfs_afsacl.c uint32 rights = ace->access_mask; ace 726 source3/modules/vfs_afsacl.c const SEC_ACE *ace), ace 744 source3/modules/vfs_afsacl.c const SEC_ACE *ace = &(dacl->aces[i]); ace 749 source3/modules/vfs_afsacl.c if (ace->type != SEC_ACE_TYPE_ACCESS_ALLOWED) { ace 754 source3/modules/vfs_afsacl.c if (!mappable_sid(&ace->trustee)) { ace 756 source3/modules/vfs_afsacl.c sid_string_dbg(&ace->trustee))); ace 760 source3/modules/vfs_afsacl.c if (sid_compare(&ace->trustee, ace 765 source3/modules/vfs_afsacl.c } else if (sid_compare(&ace->trustee, ace 770 source3/modules/vfs_afsacl.c } else if (sid_compare(&ace->trustee, ace 775 source3/modules/vfs_afsacl.c } else if (sid_compare(&ace->trustee, ace 783 source3/modules/vfs_afsacl.c if (!lookup_sid(talloc_tos(), &ace->trustee, ace 786 source3/modules/vfs_afsacl.c sid_string_dbg(&ace->trustee), ace 809 source3/modules/vfs_afsacl.c sid_string_tos(&ace->trustee)); ace 820 source3/modules/vfs_afsacl.c nt_to_afs_rights(filename, ace)); ace 865 source3/modules/vfs_afsacl.c struct afs_ace *ace; ace 867 source3/modules/vfs_afsacl.c for (ace = src->acelist; ace != NULL; ace = ace->next) ace 871 source3/modules/vfs_afsacl.c if (ace->type != SID_NAME_UNKNOWN) { ace 873 source3/modules/vfs_afsacl.c ace->name)); ace 877 source3/modules/vfs_afsacl.c DEBUG(10, ("Merging unknown ACE for %s\n", ace->name)); ace 879 source3/modules/vfs_afsacl.c copy = clone_afs_ace(dst->ctx, ace); ace 882 source3/modules/vfs_afsacl.c DEBUG(0, ("Could not clone ACE for %s\n", ace->name)); ace 28 source3/modules/vfs_aixacl_util.c struct smb_acl_entry *ace; ace 75 source3/modules/vfs_aixacl_util.c ace = &result->acl[result->count]; ace 77 source3/modules/vfs_aixacl_util.c ace->a_type = idp->id_type; ace 79 source3/modules/vfs_aixacl_util.c switch(ace->a_type) { ace 81 source3/modules/vfs_aixacl_util.c ace->uid = idp->id_data[0]; ace 82 source3/modules/vfs_aixacl_util.c DEBUG(10,("case ACEID_USER ace->uid is %d\n",ace->uid)); ace 83 source3/modules/vfs_aixacl_util.c ace->a_type = SMB_ACL_USER; ace 88 source3/modules/vfs_aixacl_util.c ace->gid = idp->id_data[0]; ace 89 source3/modules/vfs_aixacl_util.c DEBUG(10,("case ACEID_GROUP ace->gid is %d\n",ace->gid)); ace 90 source3/modules/vfs_aixacl_util.c ace->a_type = SMB_ACL_GROUP; ace 103 source3/modules/vfs_aixacl_util.c ace->a_perm = acl_entry->ace_access; ace 104 source3/modules/vfs_aixacl_util.c ace->a_perm <<= 6; ace 105 source3/modules/vfs_aixacl_util.c DEBUG(10,("ace->a_perm is %d\n",ace->a_perm)); ace 111 source3/modules/vfs_aixacl_util.c ace->a_perm = ~acl_entry->ace_access & 7; ace 112 source3/modules/vfs_aixacl_util.c DEBUG(10,("ace->a_perm is %d\n",ace->a_perm)); ace 113 source3/modules/vfs_aixacl_util.c ace->a_perm <<= 6; ace 122 source3/modules/vfs_aixacl_util.c ace->a_perm |= (ace->a_perm & S_IRUSR) ? SMB_ACL_READ : 0; ace 123 source3/modules/vfs_aixacl_util.c ace->a_perm |= (ace->a_perm & S_IWUSR) ? SMB_ACL_WRITE : 0; ace 124 source3/modules/vfs_aixacl_util.c ace->a_perm |= (ace->a_perm & S_IXUSR) ? SMB_ACL_EXECUTE : 0; ace 125 source3/modules/vfs_aixacl_util.c DEBUG(10,("ace->a_perm is %d\n",ace->a_perm)); ace 151 source3/modules/vfs_aixacl_util.c ace = &result->acl[result->count]; ace 153 source3/modules/vfs_aixacl_util.c ace->uid = 0; ace 154 source3/modules/vfs_aixacl_util.c ace->gid = 0; ace 155 source3/modules/vfs_aixacl_util.c DEBUG(10,("ace->uid = %d\n",ace->uid)); ace 159 source3/modules/vfs_aixacl_util.c ace->a_perm = file_acl->g_access << 6; ace 160 source3/modules/vfs_aixacl_util.c ace->a_type = SMB_ACL_GROUP_OBJ; ace 164 source3/modules/vfs_aixacl_util.c ace->a_perm = file_acl->o_access << 6; ace 165 source3/modules/vfs_aixacl_util.c ace->a_type = SMB_ACL_OTHER; ace 169 source3/modules/vfs_aixacl_util.c ace->a_perm = file_acl->u_access << 6; ace 170 source3/modules/vfs_aixacl_util.c ace->a_type = SMB_ACL_USER_OBJ; ace 177 source3/modules/vfs_aixacl_util.c ace->a_perm |= ((ace->a_perm & S_IRUSR) ? SMB_ACL_READ : 0); ace 178 source3/modules/vfs_aixacl_util.c ace->a_perm |= ((ace->a_perm & S_IWUSR) ? SMB_ACL_WRITE : 0); ace 179 source3/modules/vfs_aixacl_util.c ace->a_perm |= ((ace->a_perm & S_IXUSR) ? SMB_ACL_EXECUTE : 0); ace 181 source3/modules/vfs_aixacl_util.c memcpy(&result->acl[result->count],ace,sizeof(struct smb_acl_entry)); ace 183 source3/modules/vfs_aixacl_util.c DEBUG(10,("ace->a_perm = %d\n",ace->a_perm)); ace 184 source3/modules/vfs_aixacl_util.c DEBUG(10,("ace->a_type = %d\n",ace->a_type)); ace 477 source3/modules/vfs_gpfs.c struct smb_acl_entry *ace = &result->acl[i]; ace 486 source3/modules/vfs_gpfs.c ace->a_type = SMB_ACL_USER; ace 487 source3/modules/vfs_gpfs.c ace->uid = (uid_t)g_ace->ace_who; ace 490 source3/modules/vfs_gpfs.c ace->a_type = SMB_ACL_USER_OBJ; ace 493 source3/modules/vfs_gpfs.c ace->a_type = SMB_ACL_GROUP; ace 494 source3/modules/vfs_gpfs.c ace->gid = (gid_t)g_ace->ace_who; ace 497 source3/modules/vfs_gpfs.c ace->a_type = SMB_ACL_GROUP_OBJ; ace 500 source3/modules/vfs_gpfs.c ace->a_type = SMB_ACL_OTHER; ace 503 source3/modules/vfs_gpfs.c ace->a_type = SMB_ACL_MASK; ace 513 source3/modules/vfs_gpfs.c ace->a_perm = 0; ace 514 source3/modules/vfs_gpfs.c ace->a_perm |= (g_ace->ace_perm & ACL_PERM_READ) ? ace 516 source3/modules/vfs_gpfs.c ace->a_perm |= (g_ace->ace_perm & ACL_PERM_WRITE) ? ace 518 source3/modules/vfs_gpfs.c ace->a_perm |= (g_ace->ace_perm & ACL_PERM_EXECUTE) ? ace 522 source3/modules/vfs_gpfs.c ace->a_type, ace->a_perm)); ace 626 source3/modules/vfs_gpfs.c const struct smb_acl_entry *ace = &pacl->acl[i]; ace 630 source3/modules/vfs_gpfs.c (int)ace->a_type, (int)ace->a_perm)); ace 634 source3/modules/vfs_gpfs.c switch(ace->a_type) { ace 637 source3/modules/vfs_gpfs.c g_ace->ace_who = (gpfs_uid_t)ace->uid; ace 646 source3/modules/vfs_gpfs.c g_ace->ace_who = (gpfs_uid_t)ace->gid; ace 662 source3/modules/vfs_gpfs.c DEBUG(10, ("Got invalid ace_type: %d\n", ace->a_type)); ace 668 source3/modules/vfs_gpfs.c g_ace->ace_perm |= (ace->a_perm & SMB_ACL_READ) ? ace 670 source3/modules/vfs_gpfs.c g_ace->ace_perm |= (ace->a_perm & SMB_ACL_WRITE) ? ace 672 source3/modules/vfs_gpfs.c g_ace->ace_perm |= (ace->a_perm & SMB_ACL_EXECUTE) ? ace 774 source3/modules/vfs_gpfs.c SMB_ACE4PROP_T *ace = smb_get_ace4(smbace); ace 775 source3/modules/vfs_gpfs.c uint32_t specid = ace->who.special_id; ace 777 source3/modules/vfs_gpfs.c if (ace->flags&SMB_ACE4_ID_SPECIAL && ace 778 source3/modules/vfs_gpfs.c ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE && ace 783 source3/modules/vfs_gpfs.c if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) ace 788 source3/modules/vfs_gpfs.c newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask, ace 790 source3/modules/vfs_gpfs.c if (ace->aceMask!=newMask) { ace 792 source3/modules/vfs_gpfs.c path, ace->aceMask, newMask, specid)); ace 794 source3/modules/vfs_gpfs.c ace->aceMask = newMask; ace 803 source3/modules/vfs_gpfs.c SMB_ACE4PROP_T ace; ace 808 source3/modules/vfs_gpfs.c ZERO_STRUCT(ace); ace 809 source3/modules/vfs_gpfs.c ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE; ace 810 source3/modules/vfs_gpfs.c ace.flags |= SMB_ACE4_ID_SPECIAL; ace 811 source3/modules/vfs_gpfs.c ace.who.special_id = i; ace 814 source3/modules/vfs_gpfs.c ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP; ace 816 source3/modules/vfs_gpfs.c ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask, ace 820 source3/modules/vfs_gpfs.c if (!ace.aceMask) ace 824 source3/modules/vfs_gpfs.c smb_add_ace4(pacl, &ace); ace 826 source3/modules/vfs_gpfs.c path, mode, i, ace.aceMask)); ace 96 source3/modules/vfs_hpuxacl.c #define _IS_DEFAULT(ace) ((ace).a_type & ACL_DEFAULT) ace 97 source3/modules/vfs_hpuxacl.c #define _IS_OF_TYPE(ace, type) ( \ ace 98 source3/modules/vfs_hpuxacl.c (((type) == SMB_ACL_TYPE_ACCESS) && !_IS_DEFAULT(ace)) \ ace 100 source3/modules/vfs_hpuxacl.c (((type) == SMB_ACL_TYPE_DEFAULT) && _IS_DEFAULT(ace)) \ ace 26 source3/modules/vfs_posixacl.c struct smb_acl_entry *ace); ace 138 source3/modules/vfs_posixacl.c struct smb_acl_entry *ace) ace 150 source3/modules/vfs_posixacl.c ace->a_type = SMB_ACL_USER; ace 153 source3/modules/vfs_posixacl.c ace->a_type = SMB_ACL_USER_OBJ; ace 156 source3/modules/vfs_posixacl.c ace->a_type = SMB_ACL_GROUP; ace 159 source3/modules/vfs_posixacl.c ace->a_type = SMB_ACL_GROUP_OBJ; ace 162 source3/modules/vfs_posixacl.c ace->a_type = SMB_ACL_OTHER; ace 165 source3/modules/vfs_posixacl.c ace->a_type = SMB_ACL_MASK; ace 171 source3/modules/vfs_posixacl.c switch(ace->a_type) { ace 178 source3/modules/vfs_posixacl.c ace->uid = *puid; ace 189 source3/modules/vfs_posixacl.c ace->gid = *pgid; ace 200 source3/modules/vfs_posixacl.c ace->a_perm = 0; ace 202 source3/modules/vfs_posixacl.c ace->a_perm |= (acl_get_perm_np(permset, ACL_READ) ? SMB_ACL_READ : 0); ace 203 source3/modules/vfs_posixacl.c ace->a_perm |= (acl_get_perm_np(permset, ACL_WRITE) ? SMB_ACL_WRITE : 0); ace 204 source3/modules/vfs_posixacl.c ace->a_perm |= (acl_get_perm_np(permset, ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0); ace 206 source3/modules/vfs_posixacl.c ace->a_perm |= (acl_get_perm(permset, ACL_READ) ? SMB_ACL_READ : 0); ace 207 source3/modules/vfs_posixacl.c ace->a_perm |= (acl_get_perm(permset, ACL_WRITE) ? SMB_ACL_WRITE : 0); ace 208 source3/modules/vfs_posixacl.c ace->a_perm |= (acl_get_perm(permset, ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0); ace 31 source3/modules/vfs_solarisacl.c #define _IS_DEFAULT(ace) ((ace).a_type & ACL_DEFAULT) ace 32 source3/modules/vfs_solarisacl.c #define _IS_OF_TYPE(ace, type) ( \ ace 33 source3/modules/vfs_solarisacl.c (((type) == SMB_ACL_TYPE_ACCESS) && !_IS_DEFAULT(ace)) \ ace 35 source3/modules/vfs_solarisacl.c (((type) == SMB_ACL_TYPE_DEFAULT) && _IS_DEFAULT(ace)) \ ace 5398 source3/printing/nt_printing.c SEC_ACE ace[5]; /* max number of ace entries */ ace 5410 source3/printing/nt_printing.c init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 5422 source3/printing/nt_printing.c init_sec_ace(&ace[i++], &domadmins_sid, ace 5425 source3/printing/nt_printing.c init_sec_ace(&ace[i++], &domadmins_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 5432 source3/printing/nt_printing.c init_sec_ace(&ace[i++], &adm_sid, ace 5435 source3/printing/nt_printing.c init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 5442 source3/printing/nt_printing.c init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, ace 5445 source3/printing/nt_printing.c init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, ace 5456 source3/printing/nt_printing.c if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) != NULL) { ace 39 source3/registry/reg_dispatcher.c SEC_ACE ace[3]; ace 47 source3/registry/reg_dispatcher.c init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 52 source3/registry/reg_dispatcher.c init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, ace 57 source3/registry/reg_dispatcher.c init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 62 source3/registry/reg_dispatcher.c theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace); ace 295 source3/rpc_server/srv_lsa_nt.c SEC_ACE ace[5]; ace 302 source3/rpc_server/srv_lsa_nt.c init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 307 source3/rpc_server/srv_lsa_nt.c init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, ace 309 source3/rpc_server/srv_lsa_nt.c init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, ace 315 source3/rpc_server/srv_lsa_nt.c init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 321 source3/rpc_server/srv_lsa_nt.c init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 325 source3/rpc_server/srv_lsa_nt.c if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, i, ace)) == NULL) ace 117 source3/rpc_server/srv_samr_nt.c SEC_ACE ace[5]; /* at most 5 entries */ ace 124 source3/rpc_server/srv_samr_nt.c init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, ace 129 source3/rpc_server/srv_samr_nt.c init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, ace 131 source3/rpc_server/srv_samr_nt.c init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, ace 139 source3/rpc_server/srv_samr_nt.c init_sec_ace(&ace[i++], &domadmin_sid, ace 146 source3/rpc_server/srv_samr_nt.c init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0); ace 151 source3/rpc_server/srv_samr_nt.c if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) == NULL) ace 137 source3/rpc_server/srv_svcctl_nt.c SEC_ACE ace[2]; ace 145 source3/rpc_server/srv_svcctl_nt.c init_sec_ace(&ace[i++], &global_sid_World, ace 150 source3/rpc_server/srv_svcctl_nt.c init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, ace 156 source3/rpc_server/srv_svcctl_nt.c if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) ) ace 91 source3/services/services_db.c SEC_ACE ace[4]; ace 99 source3/services/services_db.c init_sec_ace(&ace[i++], &global_sid_World, ace 102 source3/services/services_db.c init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, ace 105 source3/services/services_db.c init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, ace 107 source3/services/services_db.c init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, ace 112 source3/services/services_db.c if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) ) ace 726 source3/smbd/posix_acls.c canon_ace *ace; ace 728 source3/smbd/posix_acls.c for (ace = l_head; ace; ace = ace->next) ace 1464 source3/smbd/posix_acls.c static void check_owning_objs(canon_ace *ace, DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid) ace 1470 source3/smbd/posix_acls.c entries = count_canon_ace_list(ace); ace 1474 source3/smbd/posix_acls.c for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) { ace 1485 source3/smbd/posix_acls.c for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) { ace 2332 source3/smbd/posix_acls.c canon_ace *ace = NULL; ace 2334 source3/smbd/posix_acls.c for (ace = l_head; ace; ace = ace->next) { ace 2335 source3/smbd/posix_acls.c if (ace->type == SMB_ACL_USER_OBJ) ace 2336 source3/smbd/posix_acls.c owner_ace = ace; ace 2337 source3/smbd/posix_acls.c else if (ace->type == SMB_ACL_OTHER) { ace 2339 source3/smbd/posix_acls.c other_ace = ace; ace 2378 source3/smbd/posix_acls.c canon_ace *ace = NULL; ace 2469 source3/smbd/posix_acls.c if ((ace = SMB_MALLOC_P(canon_ace)) == NULL) ace 2472 source3/smbd/posix_acls.c ZERO_STRUCTP(ace); ace 2473 source3/smbd/posix_acls.c ace->type = tagtype; ace 2474 source3/smbd/posix_acls.c ace->perms = convert_permset_to_mode_t(conn, permset); ace 2475 source3/smbd/posix_acls.c ace->attr = ALLOW_ACE; ace 2476 source3/smbd/posix_acls.c ace->trustee = sid; ace 2477 source3/smbd/posix_acls.c ace->unix_ug = unix_ug; ace 2478 source3/smbd/posix_acls.c ace->owner_type = owner_type; ace 2479 source3/smbd/posix_acls.c ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT)); ace 2481 source3/smbd/posix_acls.c DLIST_ADD(l_head, ace); ace 2500 source3/smbd/posix_acls.c for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) { ace 2501 source3/smbd/posix_acls.c next_ace = ace->next; ace 2504 source3/smbd/posix_acls.c if (ace->type != SMB_ACL_OTHER && ace->type != SMB_ACL_USER_OBJ) ace 2505 source3/smbd/posix_acls.c ace->perms &= acl_mask; ace 2507 source3/smbd/posix_acls.c if (ace->perms == 0) { ace 2508 source3/smbd/posix_acls.c DLIST_PROMOTE(l_head, ace); ace 2512 source3/smbd/posix_acls.c print_canon_ace(ace, ace_count); ace 3111 source3/smbd/posix_acls.c canon_ace *ace; ace 3127 source3/smbd/posix_acls.c ace = canon_ace_entry_for(dir_ace, SMB_ACL_OTHER, NULL); ace 3128 source3/smbd/posix_acls.c if (ace && !ace->perms) { ace 3129 source3/smbd/posix_acls.c DLIST_REMOVE(dir_ace, ace); ace 3130 source3/smbd/posix_acls.c SAFE_FREE(ace); ace 3132 source3/smbd/posix_acls.c ace = canon_ace_entry_for(file_ace, SMB_ACL_OTHER, NULL); ace 3133 source3/smbd/posix_acls.c if (ace && !ace->perms) { ace 3134 source3/smbd/posix_acls.c DLIST_REMOVE(file_ace, ace); ace 3135 source3/smbd/posix_acls.c SAFE_FREE(ace); ace 3149 source3/smbd/posix_acls.c ace = canon_ace_entry_for(dir_ace, SMB_ACL_GROUP_OBJ, NULL); ace 3150 source3/smbd/posix_acls.c if (ace && !ace->perms) { ace 3151 source3/smbd/posix_acls.c DLIST_REMOVE(dir_ace, ace); ace 3152 source3/smbd/posix_acls.c SAFE_FREE(ace); ace 3156 source3/smbd/posix_acls.c ace = canon_ace_entry_for(file_ace, SMB_ACL_GROUP_OBJ, NULL); ace 3157 source3/smbd/posix_acls.c if (ace && !ace->perms) { ace 3158 source3/smbd/posix_acls.c DLIST_REMOVE(file_ace, ace); ace 3159 source3/smbd/posix_acls.c SAFE_FREE(ace); ace 3178 source3/smbd/posix_acls.c for (ace = file_ace; ace != NULL; ace = ace->next) { ace 3181 source3/smbd/posix_acls.c ace->perms, ace 3184 source3/smbd/posix_acls.c &ace->trustee, ace 3187 source3/smbd/posix_acls.c ace->ace_flags); ace 3199 source3/smbd/posix_acls.c for (ace = dir_ace; ace != NULL; ace = ace->next) { ace 3202 source3/smbd/posix_acls.c ace->perms, ace 3205 source3/smbd/posix_acls.c &ace->trustee, ace 3208 source3/smbd/posix_acls.c ace->ace_flags | ace 67 source3/utils/sharesec.c static void print_ace(FILE *f, SEC_ACE *ace) ace 73 source3/utils/sharesec.c fprintf(f, "%s:", sid_string_tos(&ace->trustee)); ace 77 source3/utils/sharesec.c if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) { ace 79 source3/utils/sharesec.c } else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) { ace 82 source3/utils/sharesec.c fprintf(f, "%d", ace->type); ace 87 source3/utils/sharesec.c fprintf(f, "/%d/", ace->flags); ace 92 source3/utils/sharesec.c if (ace->access_mask == v->mask) { ace 101 source3/utils/sharesec.c got_mask = ace->access_mask; ace 105 source3/utils/sharesec.c if ((ace->access_mask & v->mask) == v->mask) { ace 115 source3/utils/sharesec.c fprintf(f, "0x%08x", ace->access_mask); ace 141 source3/utils/sharesec.c SEC_ACE *ace = &sd->dacl->aces[i]; ace 143 source3/utils/sharesec.c print_ace(f, ace); ace 152 source3/utils/sharesec.c static bool parse_ace(SEC_ACE *ace, const char *orig_str) ace 171 source3/utils/sharesec.c ZERO_STRUCTP(ace); ace 287 source3/utils/sharesec.c init_sec_ace(ace, &sid, atype, mask, aflags); ace 300 source3/utils/sharesec.c SEC_ACE *ace; ace 312 source3/utils/sharesec.c if ( !(ace = TALLOC_ZERO_ARRAY( mem_ctx, SEC_ACE, num_ace )) ) ace 322 source3/utils/sharesec.c if ( !parse_ace( &ace[i], acl_string ) ) ace 329 source3/utils/sharesec.c if ( !(theacl = make_sec_acl( mem_ctx, NT4_ACL_REVISION, num_ace, ace )) ) ace 339 source3/utils/sharesec.c static bool add_ace(TALLOC_CTX *mem_ctx, SEC_ACL **the_acl, SEC_ACE *ace) ace 344 source3/utils/sharesec.c return (((*the_acl) = make_sec_acl(mem_ctx, 3, 1, ace)) != NULL); ace 351 source3/utils/sharesec.c memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); ace 265 source3/utils/smbcacls.c static void print_ace(struct cli_state *cli, FILE *f, SEC_ACE *ace) ace 272 source3/utils/smbcacls.c SidToString(cli, sidstr, &ace->trustee); ace 278 source3/utils/smbcacls.c ace->type, ace->flags, ace->access_mask); ace 284 source3/utils/smbcacls.c if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) { ace 286 source3/utils/smbcacls.c } else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) { ace 289 source3/utils/smbcacls.c fprintf(f, "%d", ace->type); ace 292 source3/utils/smbcacls.c print_ace_flags(f, ace->flags); ace 297 source3/utils/smbcacls.c if (ace->access_mask == v->mask) { ace 306 source3/utils/smbcacls.c got_mask = ace->access_mask; ace 310 source3/utils/smbcacls.c if ((ace->access_mask & v->mask) == v->mask) { ace 320 source3/utils/smbcacls.c fprintf(f, "0x%08x", ace->access_mask); ace 361 source3/utils/smbcacls.c static bool parse_ace(struct cli_state *cli, SEC_ACE *ace, ace 381 source3/utils/smbcacls.c ZERO_STRUCTP(ace); ace 521 source3/utils/smbcacls.c init_sec_ace(ace, &sid, atype, mask, aflags); ace 528 source3/utils/smbcacls.c static bool add_ace(SEC_ACL **the_acl, SEC_ACE *ace) ace 533 source3/utils/smbcacls.c return (((*the_acl) = make_sec_acl(talloc_tos(), 3, 1, ace)) ace 541 source3/utils/smbcacls.c memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); ace 594 source3/utils/smbcacls.c SEC_ACE ace; ace 595 source3/utils/smbcacls.c if (!parse_ace(cli, &ace, tok+4)) { ace 598 source3/utils/smbcacls.c if(!add_ace(&dacl, &ace)) { ace 649 source3/utils/smbcacls.c SEC_ACE *ace = &sd->dacl->aces[i]; ace 651 source3/utils/smbcacls.c print_ace(cli, f, ace); ace 46 source4/libcli/security/access_check.c struct security_ace *ace = &sd->dacl->aces[i]; ace 48 source4/libcli/security/access_check.c if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { ace 52 source4/libcli/security/access_check.c if (!security_token_has_sid(token, &ace->trustee)) { ace 56 source4/libcli/security/access_check.c switch (ace->type) { ace 58 source4/libcli/security/access_check.c granted |= ace->access_mask; ace 62 source4/libcli/security/access_check.c denied |= ace->access_mask; ace 124 source4/libcli/security/access_check.c struct security_ace *ace = &sd->dacl->aces[i]; ace 126 source4/libcli/security/access_check.c if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) { ace 130 source4/libcli/security/access_check.c if (!security_token_has_sid(token, &ace->trustee)) { ace 134 source4/libcli/security/access_check.c switch (ace->type) { ace 136 source4/libcli/security/access_check.c bits_remaining &= ~ace->access_mask; ace 140 source4/libcli/security/access_check.c if (bits_remaining & ace->access_mask) { ace 182 source4/libcli/security/sddl.c static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char *str, ace 191 source4/libcli/security/sddl.c ZERO_STRUCTP(ace); ace 207 source4/libcli/security/sddl.c ace->type = v; ace 213 source4/libcli/security/sddl.c ace->flags = v; ace 217 source4/libcli/security/sddl.c ace->access_mask = strtol(tok[2], NULL, 16); ace 222 source4/libcli/security/sddl.c ace->access_mask = v; ace 228 source4/libcli/security/sddl.c &ace->object.object.type.type); ace 232 source4/libcli/security/sddl.c ace->object.object.flags |= SEC_ACE_OBJECT_TYPE_PRESENT; ace 238 source4/libcli/security/sddl.c &ace->object.object.inherited_type.inherited_type); ace 242 source4/libcli/security/sddl.c ace->object.object.flags |= SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT; ace 251 source4/libcli/security/sddl.c ace->trustee = *sid; ace 465 source4/libcli/security/sddl.c static char *sddl_encode_ace(TALLOC_CTX *mem_ctx, const struct security_ace *ace, ace 479 source4/libcli/security/sddl.c s_type = sddl_flags_to_string(tmp_ctx, ace_types, ace->type, true); ace 482 source4/libcli/security/sddl.c s_flags = sddl_flags_to_string(tmp_ctx, ace_flags, ace->flags, true); ace 485 source4/libcli/security/sddl.c s_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask, ace->access_mask, true); ace 487 source4/libcli/security/sddl.c s_mask = talloc_asprintf(tmp_ctx, "0x%08x", ace->access_mask); ace 491 source4/libcli/security/sddl.c if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || ace 492 source4/libcli/security/sddl.c ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || ace 493 source4/libcli/security/sddl.c ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || ace 494 source4/libcli/security/sddl.c ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) { ace 495 source4/libcli/security/sddl.c if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) { ace 496 source4/libcli/security/sddl.c s_object = GUID_string(tmp_ctx, &ace->object.object.type.type); ace 500 source4/libcli/security/sddl.c if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) { ace 501 source4/libcli/security/sddl.c s_iobject = GUID_string(tmp_ctx, &ace->object.object.inherited_type.inherited_type); ace 506 source4/libcli/security/sddl.c s_trustee = sddl_encode_sid(tmp_ctx, &ace->trustee, domain_sid); ace 532 source4/libcli/security/sddl.c char *ace = sddl_encode_ace(sddl, &acl->aces[i], domain_sid); ace 533 source4/libcli/security/sddl.c if (ace == NULL) goto failed; ace 534 source4/libcli/security/sddl.c sddl = talloc_asprintf_append_buffer(sddl, "(%s)", ace); ace 536 source4/libcli/security/sddl.c talloc_free(ace); ace 137 source4/libcli/security/security_descriptor.c const struct security_ace *ace) ace 164 source4/libcli/security/security_descriptor.c acl->aces[acl->num_aces] = *ace; ace 195 source4/libcli/security/security_descriptor.c const struct security_ace *ace) ace 197 source4/libcli/security/security_descriptor.c return security_descriptor_acl_add(sd, true, ace); ace 205 source4/libcli/security/security_descriptor.c const struct security_ace *ace) ace 207 source4/libcli/security/security_descriptor.c return security_descriptor_acl_add(sd, false, ace); ace 375 source4/libcli/security/security_descriptor.c struct security_ace *ace = talloc(sd, struct security_ace); ace 378 source4/libcli/security/security_descriptor.c if (ace == NULL) { ace 382 source4/libcli/security/security_descriptor.c ace->type = va_arg(ap, unsigned int); ace 383 source4/libcli/security/security_descriptor.c ace->access_mask = va_arg(ap, unsigned int); ace 384 source4/libcli/security/security_descriptor.c ace->flags = va_arg(ap, unsigned int); ace 385 source4/libcli/security/security_descriptor.c sid = dom_sid_parse_talloc(ace, sidstr); ace 390 source4/libcli/security/security_descriptor.c ace->trustee = *sid; ace 392 source4/libcli/security/security_descriptor.c status = security_descriptor_sacl_add(sd, ace); ace 394 source4/libcli/security/security_descriptor.c status = security_descriptor_dacl_add(sd, ace); ace 514 source4/libcli/security/security_descriptor.c struct security_ace *ace; ace 516 source4/libcli/security/security_descriptor.c ace = talloc_zero(mem_ctx, struct security_ace); ace 517 source4/libcli/security/security_descriptor.c if (ace == NULL) { ace 521 source4/libcli/security/security_descriptor.c sid = dom_sid_parse_talloc(ace, sid_str); ace 523 source4/libcli/security/security_descriptor.c talloc_free(ace); ace 527 source4/libcli/security/security_descriptor.c ace->trustee = *sid; ace 528 source4/libcli/security/security_descriptor.c ace->type = type; ace 529 source4/libcli/security/security_descriptor.c ace->access_mask = access_mask; ace 530 source4/libcli/security/security_descriptor.c ace->flags = flags; ace 532 source4/libcli/security/security_descriptor.c return ace; ace 103 source4/librpc/ndr/py_security.c struct security_ace *ace; ace 109 source4/librpc/ndr/py_security.c ace = py_talloc_get_ptr(py_ace); ace 110 source4/librpc/ndr/py_security.c status = security_descriptor_sacl_add(desc, ace); ace 119 source4/librpc/ndr/py_security.c struct security_ace *ace; ace 125 source4/librpc/ndr/py_security.c ace = py_talloc_get_ptr(py_ace); ace 127 source4/librpc/ndr/py_security.c status = security_descriptor_dacl_add(desc, ace); ace 133 source4/ntvfs/posix/pvfs_acl.c struct security_ace *ace = &acl->aces[i]; ace 134 source4/ntvfs/posix/pvfs_acl.c ace->access_mask = pvfs_translate_mask(ace->access_mask); ace 149 source4/ntvfs/posix/pvfs_acl.c struct security_ace ace; ace 201 source4/ntvfs/posix/pvfs_acl.c ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace 202 source4/ntvfs/posix/pvfs_acl.c ace.flags = 0; ace 203 source4/ntvfs/posix/pvfs_acl.c ace.trustee = *sd->owner_sid; ace 204 source4/ntvfs/posix/pvfs_acl.c ace.access_mask = 0; ace 208 source4/ntvfs/posix/pvfs_acl.c ace.access_mask |= SEC_RIGHTS_FILE_ALL; ace 210 source4/ntvfs/posix/pvfs_acl.c ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; ace 214 source4/ntvfs/posix/pvfs_acl.c ace.access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE; ace 216 source4/ntvfs/posix/pvfs_acl.c if (ace.access_mask) { ace 217 source4/ntvfs/posix/pvfs_acl.c security_descriptor_dacl_add(sd, &ace); ace 222 source4/ntvfs/posix/pvfs_acl.c ace.trustee = *sd->group_sid; ace 223 source4/ntvfs/posix/pvfs_acl.c ace.access_mask = 0; ace 225 source4/ntvfs/posix/pvfs_acl.c ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; ace 229 source4/ntvfs/posix/pvfs_acl.c ace.access_mask |= SEC_RIGHTS_FILE_WRITE; ace 231 source4/ntvfs/posix/pvfs_acl.c if (ace.access_mask) { ace 232 source4/ntvfs/posix/pvfs_acl.c security_descriptor_dacl_add(sd, &ace); ace 236 source4/ntvfs/posix/pvfs_acl.c ace.trustee = *dom_sid_parse_talloc(req, SID_WORLD); ace 237 source4/ntvfs/posix/pvfs_acl.c ace.access_mask = 0; ace 239 source4/ntvfs/posix/pvfs_acl.c ace.access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; ace 242 source4/ntvfs/posix/pvfs_acl.c ace.access_mask |= SEC_RIGHTS_FILE_WRITE; ace 244 source4/ntvfs/posix/pvfs_acl.c if (ace.access_mask) { ace 245 source4/ntvfs/posix/pvfs_acl.c security_descriptor_dacl_add(sd, &ace); ace 249 source4/ntvfs/posix/pvfs_acl.c ace.trustee = *dom_sid_parse_talloc(req, SID_NT_SYSTEM); ace 250 source4/ntvfs/posix/pvfs_acl.c ace.access_mask = SEC_RIGHTS_FILE_ALL; ace 251 source4/ntvfs/posix/pvfs_acl.c security_descriptor_dacl_add(sd, &ace); ace 634 source4/ntvfs/posix/pvfs_acl.c const struct security_ace *ace, ace 638 source4/ntvfs/posix/pvfs_acl.c return (ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) != 0; ace 641 source4/ntvfs/posix/pvfs_acl.c if (ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) { ace 645 source4/ntvfs/posix/pvfs_acl.c if ((ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT) && ace 646 source4/ntvfs/posix/pvfs_acl.c !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { ace 666 source4/ntvfs/posix/pvfs_acl.c struct security_ace ace = parent_sd->dacl->aces[i]; ace 671 source4/ntvfs/posix/pvfs_acl.c if (!pvfs_inheritable_ace(pvfs, &ace, container)) { ace 675 source4/ntvfs/posix/pvfs_acl.c orig_flags = ace.flags; ace 679 source4/ntvfs/posix/pvfs_acl.c ace.flags = 0; ace 681 source4/ntvfs/posix/pvfs_acl.c ace.flags &= ~SEC_ACE_FLAG_INHERIT_ONLY; ace 683 source4/ntvfs/posix/pvfs_acl.c if (!(ace.flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) { ace 684 source4/ntvfs/posix/pvfs_acl.c ace.flags |= SEC_ACE_FLAG_INHERIT_ONLY; ace 686 source4/ntvfs/posix/pvfs_acl.c if (ace.flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { ace 687 source4/ntvfs/posix/pvfs_acl.c ace.flags = 0; ace 692 source4/ntvfs/posix/pvfs_acl.c if (dom_sid_equal(&ace.trustee, pvfs->sid_cache.creator_owner)) { ace 695 source4/ntvfs/posix/pvfs_acl.c } else if (dom_sid_equal(&ace.trustee, pvfs->sid_cache.creator_group)) { ace 699 source4/ntvfs/posix/pvfs_acl.c new_id = &ace.trustee; ace 703 source4/ntvfs/posix/pvfs_acl.c (ace.flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) { ace 704 source4/ntvfs/posix/pvfs_acl.c uint32_t flags = ace.flags; ace 706 source4/ntvfs/posix/pvfs_acl.c ace.trustee = *new_id; ace 707 source4/ntvfs/posix/pvfs_acl.c ace.flags = 0; ace 708 source4/ntvfs/posix/pvfs_acl.c status = security_descriptor_dacl_add(sd, &ace); ace 713 source4/ntvfs/posix/pvfs_acl.c ace.trustee = *creator; ace 714 source4/ntvfs/posix/pvfs_acl.c ace.flags = flags | SEC_ACE_FLAG_INHERIT_ONLY; ace 715 source4/ntvfs/posix/pvfs_acl.c status = security_descriptor_dacl_add(sd, &ace); ace 718 source4/ntvfs/posix/pvfs_acl.c status = security_descriptor_dacl_add(sd, &ace); ace 720 source4/ntvfs/posix/pvfs_acl.c ace.trustee = *new_id; ace 721 source4/ntvfs/posix/pvfs_acl.c status = security_descriptor_dacl_add(sd, &ace); ace 83 source4/ntvfs/posix/pvfs_acl_nfs4.c struct nfs4ace *a = &acl->ace[i]; ace 107 source4/ntvfs/posix/pvfs_acl_nfs4.c struct nfs4ace *a = &acl->ace[i]; ace 108 source4/ntvfs/posix/pvfs_acl_nfs4.c struct security_ace ace; ace 109 source4/ntvfs/posix/pvfs_acl_nfs4.c ace.type = a->e_type; ace 110 source4/ntvfs/posix/pvfs_acl_nfs4.c ace.flags = a->e_flags; ace 111 source4/ntvfs/posix/pvfs_acl_nfs4.c ace.access_mask = a->e_mask; ace 112 source4/ntvfs/posix/pvfs_acl_nfs4.c ace.trustee = *ids[i+2].sid; ace 113 source4/ntvfs/posix/pvfs_acl_nfs4.c security_descriptor_dacl_add(sd, &ace); ace 143 source4/ntvfs/posix/pvfs_acl_nfs4.c acl.ace = talloc_array(tmp_ctx, struct nfs4ace, acl.a_count); ace 144 source4/ntvfs/posix/pvfs_acl_nfs4.c if (!acl.ace) { ace 156 source4/ntvfs/posix/pvfs_acl_nfs4.c struct security_ace *ace = &sd->dacl->aces[i]; ace 158 source4/ntvfs/posix/pvfs_acl_nfs4.c ids[i].sid = dom_sid_dup(ids, &ace->trustee); ace 178 source4/ntvfs/posix/pvfs_acl_nfs4.c struct nfs4ace *a = &acl.ace[i]; ace 179 source4/ntvfs/posix/pvfs_acl_nfs4.c struct security_ace *ace = &sd->dacl->aces[i]; ace 180 source4/ntvfs/posix/pvfs_acl_nfs4.c a->e_type = ace->type; ace 181 source4/ntvfs/posix/pvfs_acl_nfs4.c a->e_flags = ace->flags; ace 182 source4/ntvfs/posix/pvfs_acl_nfs4.c a->e_mask = ace->access_mask; ace 53 source4/torture/raw/acls.c struct security_ace ace; ace 91 source4/torture/raw/acls.c ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace 92 source4/torture/raw/acls.c ace.flags = 0; ace 93 source4/torture/raw/acls.c ace.access_mask = SEC_STD_ALL; ace 94 source4/torture/raw/acls.c ace.trustee = *test_sid; ace 96 source4/torture/raw/acls.c status = security_descriptor_dacl_add(sd, &ace); ace 157 source4/torture/raw/acls.c struct security_ace ace; ace 204 source4/torture/raw/acls.c ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace 205 source4/torture/raw/acls.c ace.flags = 0; ace 206 source4/torture/raw/acls.c ace.access_mask = SEC_STD_ALL; ace 207 source4/torture/raw/acls.c ace.trustee = *test_sid; ace 209 source4/torture/raw/acls.c status = security_descriptor_dacl_add(sd, &ace); ace 231 source4/torture/raw/composite.c struct security_ace *ace; ace 272 source4/torture/raw/composite.c ace = talloc_zero(tctx, struct security_ace); ace 274 source4/torture/raw/composite.c ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace 275 source4/torture/raw/composite.c ace->flags = 0; ace 276 source4/torture/raw/composite.c ace->access_mask = SEC_STD_ALL; ace 277 source4/torture/raw/composite.c ace->trustee = *test_sid; ace 279 source4/torture/raw/composite.c status = security_descriptor_dacl_add(test_sd, ace); ace 320 source4/torture/raw/composite.c security_descriptor_dacl_add(io_orig[i]->out.sd, ace); ace 328 source4/torture/raw/composite.c talloc_free (ace); ace 245 source4/torture/rpc/samr_accessmask.c struct security_ace ace; ace 281 source4/torture/rpc/samr_accessmask.c ace.type = SEC_ACE_TYPE_ACCESS_DENIED; ace 282 source4/torture/rpc/samr_accessmask.c ace.flags = 0; ace 283 source4/torture/rpc/samr_accessmask.c ace.access_mask = SAMR_ACCESS_CONNECT_TO_SERVER; ace 284 source4/torture/rpc/samr_accessmask.c ace.trustee = *test_sid; ace 285 source4/torture/rpc/samr_accessmask.c status = security_descriptor_dacl_add(sd, &ace); ace 681 source4/torture/rpc/winreg.c const struct security_ace *ace) ace 695 source4/torture/rpc/winreg.c if (security_ace_equal(&sd->dacl->aces[i], ace)) { ace 774 source4/torture/rpc/winreg.c struct security_ace *ace = NULL; ace 794 source4/torture/rpc/winreg.c ace = security_ace_create(tctx, ace 800 source4/torture/rpc/winreg.c status = security_descriptor_dacl_add(sd, ace); ace 814 source4/torture/rpc/winreg.c if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) { ace 833 source4/torture/rpc/winreg.c if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) { ace 850 source4/torture/rpc/winreg.c if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) { ace 884 source4/torture/rpc/winreg.c struct security_ace *ace = NULL; ace 906 source4/torture/rpc/winreg.c ace = security_ace_create(tctx, ace 913 source4/torture/rpc/winreg.c status = security_descriptor_dacl_add(sd, ace); ace 923 source4/torture/rpc/winreg.c if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) { ace 941 source4/torture/rpc/winreg.c if (test_dacl_ace_present(p, tctx, &new_handle, ace)) { ace 965 source4/torture/rpc/winreg.c if (test_dacl_ace_present(p, tctx, &new_handle, ace)) { ace 379 source4/torture/smb2/create.c struct security_ace ace; ace 421 source4/torture/smb2/create.c ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace 422 source4/torture/smb2/create.c ace.flags = 0; ace 423 source4/torture/smb2/create.c ace.access_mask = SEC_STD_ALL; ace 424 source4/torture/smb2/create.c ace.trustee = *test_sid; ace 426 source4/torture/smb2/create.c status = security_descriptor_dacl_add(sd, &ace); ace 48 source4/torture/smb2/setinfo.c struct security_ace ace; ace 247 source4/torture/smb2/setinfo.c ZERO_STRUCT(ace); ace 248 source4/torture/smb2/setinfo.c ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; ace 249 source4/torture/smb2/setinfo.c ace.flags = 0; ace 250 source4/torture/smb2/setinfo.c ace.access_mask = SEC_STD_ALL; ace 251 source4/torture/smb2/setinfo.c ace.trustee = *test_sid; ace 252 source4/torture/smb2/setinfo.c status = security_descriptor_dacl_add(sd, &ace);