summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2008-12-12 20:20:01 +0100
committerJelmer Vernooij <jelmer@samba.org>2008-12-12 20:20:01 +0100
commitcd25b6245f8185e36a365dcf4c28e7df13090d3e (patch)
tree4ee68b9d5ea6cb4633f73146963640cb6a2781c9
parentc4fc0b49f05f56174dc904a19d9e4dfc6d3ef523 (diff)
downloadsamba-cd25b6245f8185e36a365dcf4c28e7df13090d3e.tar.gz
samba-cd25b6245f8185e36a365dcf4c28e7df13090d3e.tar.bz2
samba-cd25b6245f8185e36a365dcf4c28e7df13090d3e.zip
Move dom_sid to the Samba 3 IDL file, remove the old definition.
-rw-r--r--librpc/idl/security.idl29
-rw-r--r--librpc/ndr/ndr_sec_helper.c224
-rw-r--r--source3/include/proto.h8
-rw-r--r--source3/include/smb.h13
-rw-r--r--source3/librpc/gen_ndr/lsa.h2
-rw-r--r--source3/librpc/gen_ndr/misc.h2
-rw-r--r--source3/librpc/gen_ndr/ndr_drsblobs.c10
-rw-r--r--source3/librpc/gen_ndr/ndr_security.c21
-rw-r--r--source3/librpc/gen_ndr/ndr_security.h4
-rw-r--r--source3/librpc/gen_ndr/ndr_srvsvc.c8
-rw-r--r--source3/librpc/gen_ndr/ndr_srvsvc.h4
-rw-r--r--source3/librpc/gen_ndr/security.h10
-rw-r--r--source3/librpc/gen_ndr/srvsvc.h4
-rw-r--r--source3/librpc/gen_ndr/winreg.h2
-rw-r--r--source3/librpc/ndr/sid.c224
-rw-r--r--source4/librpc/config.mk13
-rw-r--r--source4/librpc/idl/dom_sid.idl26
-rw-r--r--source4/librpc/ndr/ndr_dom_sid.c248
18 files changed, 296 insertions, 556 deletions
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 3f70e2c36e..d88931fc69 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -7,12 +7,40 @@
import "misc.idl";
import "dom_sid.idl";
+/*
+ use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
+ just a dom sid, but with the sub_auths represented as a conformant
+ array. As with all in-structure conformant arrays, the array length
+ is placed before the start of the structure. That's what gives rise
+ to the extra num_auths elemenent. We don't want the Samba code to
+ have to bother with such esoteric NDR details, so its easier to just
+ define it as a dom_sid and use pidl magic to make it all work. It
+ just means you need to mark a sid as a "dom_sid2" in the IDL when you
+ know it is of the conformant array variety
+*/
+cpp_quote("#define dom_sid2 dom_sid")
+
+/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
+cpp_quote("#define dom_sid28 dom_sid")
+
+/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
+cpp_quote("#define dom_sid0 dom_sid")
+
+
+
[
helper("librpc/gen_ndr/ndr_dom_sid.h"),
pointer_default(unique)
]
interface security
{
+
+ typedef [public,gensize,noprint,nosize,nopull,nopush] struct {
+ uint8 sid_rev_num; /**< SID revision number */
+ [range(0,15)] int8 num_auths; /**< Number of sub-authorities */
+ uint8 id_auth[6]; /**< Identifier Authority */
+ uint32 sub_auths[15];
+ } dom_sid;
/*
access masks are divided up like this:
0xabccdddd
@@ -388,4 +416,5 @@ interface security
KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008,
KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010
} kerb_EncTypes;
+
}
diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index 4b135505d8..898a4287ea 100644
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -23,6 +23,9 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
+#if _SAMBA_BUILD_ == 4
+#include "libcli/security/security.h"
+#endif
/*
return the wire size of a security_ace
@@ -116,3 +119,224 @@ size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int fl
return ret;
}
+/*
+ return the wire size of a dom_sid
+*/
+size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
+{
+ if (!sid) return 0;
+ return 8 + 4*sid->num_auths;
+}
+
+size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags)
+{
+ struct dom_sid zero_sid;
+
+ if (!sid) return 0;
+
+ ZERO_STRUCT(zero_sid);
+
+ if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
+ return 0;
+ }
+
+ return 8 + 4*sid->num_auths;
+}
+
+size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags)
+{
+ return ndr_size_dom_sid28(sid, flags);
+}
+
+/*
+ print a dom_sid
+*/
+void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
+{
+ ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
+}
+
+void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
+{
+ ndr_print_dom_sid(ndr, name, sid);
+}
+
+void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
+{
+ ndr_print_dom_sid(ndr, name, sid);
+}
+
+void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
+{
+ ndr_print_dom_sid(ndr, name, sid);
+}
+
+
+/*
+ parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
+*/
+enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
+{
+ uint32_t num_auths;
+ if (!(ndr_flags & NDR_SCALARS)) {
+ return NDR_ERR_SUCCESS;
+ }
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
+ if (sid->num_auths != num_auths) {
+ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
+ "Bad array size %u should exceed %u",
+ num_auths, sid->num_auths);
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+/*
+ parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
+*/
+enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
+{
+ if (!(ndr_flags & NDR_SCALARS)) {
+ return NDR_ERR_SUCCESS;
+ }
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths));
+ return ndr_push_dom_sid(ndr, ndr_flags, sid);
+}
+
+/*
+ parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth
+*/
+enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
+{
+ enum ndr_err_code status;
+ struct ndr_pull *subndr;
+
+ if (!(ndr_flags & NDR_SCALARS)) {
+ return NDR_ERR_SUCCESS;
+ }
+
+ subndr = talloc_zero(ndr, struct ndr_pull);
+ NDR_ERR_HAVE_NO_MEMORY(subndr);
+ subndr->flags = ndr->flags;
+ subndr->current_mem_ctx = ndr->current_mem_ctx;
+
+ subndr->data = ndr->data + ndr->offset;
+ subndr->data_size = 28;
+ subndr->offset = 0;
+
+ NDR_CHECK(ndr_pull_advance(ndr, 28));
+
+ status = ndr_pull_dom_sid(subndr, ndr_flags, sid);
+ if (!NDR_ERR_CODE_IS_SUCCESS(status)) {
+ /* handle a w2k bug which send random data in the buffer */
+ ZERO_STRUCTP(sid);
+ } else if (sid->num_auths == 0 && sid->sub_auths) {
+ ZERO_STRUCT(sid->sub_auths);
+ }
+
+ return NDR_ERR_SUCCESS;
+}
+
+/*
+ push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer
+*/
+enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
+{
+ uint32_t old_offset;
+ uint32_t padding;
+
+ if (!(ndr_flags & NDR_SCALARS)) {
+ return NDR_ERR_SUCCESS;
+ }
+
+ if (sid->num_auths > 5) {
+ return ndr_push_error(ndr, NDR_ERR_RANGE,
+ "dom_sid28 allows only upto 5 sub auth [%u]",
+ sid->num_auths);
+ }
+
+ old_offset = ndr->offset;
+ NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid));
+
+ padding = 28 - (ndr->offset - old_offset);
+
+ if (padding > 0) {
+ NDR_CHECK(ndr_push_zero(ndr, padding));
+ }
+
+ return NDR_ERR_SUCCESS;
+}
+
+/*
+ parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
+*/
+enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
+{
+ if (!(ndr_flags & NDR_SCALARS)) {
+ return NDR_ERR_SUCCESS;
+ }
+
+ if (ndr->data_size == ndr->offset) {
+ ZERO_STRUCTP(sid);
+ return NDR_ERR_SUCCESS;
+ }
+
+ return ndr_pull_dom_sid(ndr, ndr_flags, sid);
+}
+
+/*
+ push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
+*/
+enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
+{
+ struct dom_sid zero_sid;
+
+ if (!(ndr_flags & NDR_SCALARS)) {
+ return NDR_ERR_SUCCESS;
+ }
+
+ if (!sid) {
+ return NDR_ERR_SUCCESS;
+ }
+
+ ZERO_STRUCT(zero_sid);
+
+ if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
+ return NDR_ERR_SUCCESS;
+ }
+
+ return ndr_push_dom_sid(ndr, ndr_flags, sid);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r)
+{
+ uint32_t cntr_sub_auths_0;
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_push_align(ndr, 4));
+ NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num));
+ NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths));
+ NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
+ for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0]));
+ }
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r)
+{
+ uint32_t cntr_sub_auths_0;
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_pull_align(ndr, 4));
+ NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num));
+ NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths));
+ if (r->num_auths < 0 || r->num_auths > 15) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
+ for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0]));
+ }
+ }
+ return NDR_ERR_SUCCESS;
+}
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 4028f6de52..c813fafff5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2315,15 +2315,7 @@ void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct do
/* The following definitions come from librpc/ndr/sid.c */
-enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r);
-enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r);
char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
-enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid);
-enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid);
-enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid);
-enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid);
-enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid);
-enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid);
/* The following definitions come from librpc/rpc/binding.c */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 112b4e0f91..891bd4aaf7 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -209,18 +209,7 @@ typedef uint32 codepoint_t;
*
* @sa http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/accctrl_38yn.asp
**/
-typedef struct dom_sid {
- uint8 sid_rev_num; /**< SID revision number */
- uint8 num_auths; /**< Number of sub-authorities */
- uint8 id_auth[6]; /**< Identifier Authority */
- /*
- * Pointer to sub-authorities.
- *
- * @note The values in these uint32's are in *native* byteorder, not
- * neccessarily little-endian...... JRA.
- */
- uint32 sub_auths[MAXSUBAUTHS];
-} DOM_SID;
+typedef struct dom_sid DOM_SID;
enum id_mapping {
ID_UNKNOWN = 0,
diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h
index 0ccbcdf5b0..ee8a31138d 100644
--- a/source3/librpc/gen_ndr/lsa.h
+++ b/source3/librpc/gen_ndr/lsa.h
@@ -17,7 +17,7 @@ struct lsa_String {
uint16_t length;/* [value(2*strlen_m(string))] */
uint16_t size;/* [value(2*strlen_m(string))] */
const char *string;/* [unique,charset(UTF16),length_is(length/2),size_is(size/2)] */
-}/* [public,noejs] */;
+}/* [public] */;
struct lsa_StringLarge {
uint16_t length;/* [value(2*strlen_m(string))] */
diff --git a/source3/librpc/gen_ndr/misc.h b/source3/librpc/gen_ndr/misc.h
index d1cf64e0eb..de4abdcae5 100644
--- a/source3/librpc/gen_ndr/misc.h
+++ b/source3/librpc/gen_ndr/misc.h
@@ -11,7 +11,7 @@ struct GUID {
uint16_t time_hi_and_version;
uint8_t clock_seq[2];
uint8_t node[6];
-}/* [noprint,gensize,public,noejs] */;
+}/* [noprint,gensize,public] */;
struct ndr_syntax_id {
struct GUID uuid;
diff --git a/source3/librpc/gen_ndr/ndr_drsblobs.c b/source3/librpc/gen_ndr/ndr_drsblobs.c
index dd8d77ea15..d965e40bd2 100644
--- a/source3/librpc/gen_ndr/ndr_drsblobs.c
+++ b/source3/librpc/gen_ndr/ndr_drsblobs.c
@@ -2351,7 +2351,6 @@ static enum ndr_err_code ndr_push_AuthInfoNT4Owf(struct ndr_push *ndr, int ndr_f
NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->password));
}
if (ndr_flags & NDR_BUFFERS) {
- NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->password));
}
return NDR_ERR_SUCCESS;
}
@@ -2364,7 +2363,6 @@ static enum ndr_err_code ndr_pull_AuthInfoNT4Owf(struct ndr_pull *ndr, int ndr_f
NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->password));
}
if (ndr_flags & NDR_BUFFERS) {
- NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->password));
}
return NDR_ERR_SUCCESS;
}
@@ -2477,7 +2475,6 @@ static enum ndr_err_code ndr_push_AuthInfo(struct ndr_push *ndr, int ndr_flags,
break;
case TRUST_AUTH_TYPE_NT4OWF:
- NDR_CHECK(ndr_push_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf));
break;
case TRUST_AUTH_TYPE_CLEAR:
@@ -2525,7 +2522,6 @@ static enum ndr_err_code ndr_pull_AuthInfo(struct ndr_pull *ndr, int ndr_flags,
break;
case TRUST_AUTH_TYPE_NT4OWF:
- NDR_CHECK(ndr_pull_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf));
break;
case TRUST_AUTH_TYPE_CLEAR:
@@ -2584,7 +2580,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_AuthenticationInformation(struct ndr_push *n
}
}
if (ndr_flags & NDR_BUFFERS) {
- NDR_CHECK(ndr_push_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo));
}
return NDR_ERR_SUCCESS;
}
@@ -2605,7 +2600,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_AuthenticationInformation(struct ndr_pull *n
}
}
if (ndr_flags & NDR_BUFFERS) {
- NDR_CHECK(ndr_pull_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo));
}
return NDR_ERR_SUCCESS;
}
@@ -2641,7 +2635,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_trustCurrentPasswords(struct ndr_push *ndr,
for (cntr_current_0 = 0; cntr_current_0 < r->count; cntr_current_0++) {
if (r->current[cntr_current_0]) {
NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current[cntr_current_0]));
- NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0]));
+ NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0]));
}
}
}
@@ -2681,7 +2675,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_trustCurrentPasswords(struct ndr_pull *ndr,
NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current[cntr_current_0]));
_mem_save_current_1 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->current[cntr_current_0], 0);
- NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0]));
+ NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0]));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_1, 0);
ndr->offset = _relative_save_offset;
}
diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c
index 108f2f689c..8339a40d40 100644
--- a/source3/librpc/gen_ndr/ndr_security.c
+++ b/source3/librpc/gen_ndr/ndr_security.c
@@ -427,7 +427,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_f
}
if (ndr_flags & NDR_BUFFERS) {
NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
- NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->trustee));
}
return NDR_ERR_SUCCESS;
}
@@ -621,11 +620,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_descriptor(struct ndr_push *ndr, in
if (ndr_flags & NDR_BUFFERS) {
if (r->owner_sid) {
NDR_CHECK(ndr_push_relative_ptr2(ndr, r->owner_sid));
- NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid));
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
}
if (r->group_sid) {
NDR_CHECK(ndr_push_relative_ptr2(ndr, r->group_sid));
- NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid));
}
if (r->sacl) {
NDR_CHECK(ndr_push_relative_ptr2(ndr, r->sacl));
@@ -694,7 +693,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in
NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
_mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
ndr->offset = _relative_save_offset;
}
@@ -704,7 +703,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in
NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
_mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
ndr->offset = _relative_save_offset;
}
@@ -855,14 +854,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_token(struct ndr_push *ndr, int ndr
}
if (ndr_flags & NDR_BUFFERS) {
if (r->user_sid) {
- NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid));
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->user_sid));
}
if (r->group_sid) {
- NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid));
}
for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) {
if (r->sids[cntr_sids_0]) {
- NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0]));
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0]));
}
}
}
@@ -916,13 +915,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr
if (r->user_sid) {
_mem_save_user_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->user_sid, 0);
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->user_sid));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_sid_0, 0);
}
if (r->group_sid) {
_mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
}
_mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr);
@@ -931,7 +930,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr
if (r->sids[cntr_sids_0]) {
_mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_0], 0);
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0]));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0]));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0);
}
}
diff --git a/source3/librpc/gen_ndr/ndr_security.h b/source3/librpc/gen_ndr/ndr_security.h
index bddf1bd2b7..f8cbf4afa8 100644
--- a/source3/librpc/gen_ndr/ndr_security.h
+++ b/source3/librpc/gen_ndr/ndr_security.h
@@ -8,6 +8,10 @@
#include "librpc/gen_ndr/ndr_dom_sid.h"
#define NDR_SECURITY_CALL_COUNT (0)
+enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r);
+enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r);
+void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *r);
+size_t ndr_size_dom_sid(const struct dom_sid *r, int flags);
enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r);
enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r);
void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r);
diff --git a/source3/librpc/gen_ndr/ndr_srvsvc.c b/source3/librpc/gen_ndr/ndr_srvsvc.c
index 9ac3aa82c9..125542d14a 100644
--- a/source3/librpc/gen_ndr/ndr_srvsvc.c
+++ b/source3/librpc/gen_ndr/ndr_srvsvc.c
@@ -6358,7 +6358,7 @@ _PUBLIC_ void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *nam
ndr_print_enum(ndr, name, "ENUM", val, r);
}
-static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r)
+_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r)
{
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_push_align(ndr, 4));
@@ -6376,7 +6376,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int
return NDR_ERR_SUCCESS;
}
-static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r)
{
uint32_t _ptr_server_name;
TALLOC_CTX *_mem_save_server_name_0;
@@ -6421,7 +6421,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char *
ndr->depth--;
}
-static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r)
+_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r)
{
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_push_align(ndr, 4));
@@ -6449,7 +6449,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int
return NDR_ERR_SUCCESS;
}
-static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r)
{
uint32_t _ptr_server_name;
TALLOC_CTX *_mem_save_server_name_0;
diff --git a/source3/librpc/gen_ndr/ndr_srvsvc.h b/source3/librpc/gen_ndr/ndr_srvsvc.h
index 33569d1870..126680cad0 100644
--- a/source3/librpc/gen_ndr/ndr_srvsvc.h
+++ b/source3/librpc/gen_ndr/ndr_srvsvc.h
@@ -186,7 +186,11 @@ void ndr_print_srvsvc_NetShareInfoCtr(struct ndr_print *ndr, const char *name, c
enum ndr_err_code ndr_push_srvsvc_PlatformId(struct ndr_push *ndr, int ndr_flags, enum srvsvc_PlatformId r);
enum ndr_err_code ndr_pull_srvsvc_PlatformId(struct ndr_pull *ndr, int ndr_flags, enum srvsvc_PlatformId *r);
void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *name, enum srvsvc_PlatformId r);
+enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r);
+enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r);
void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo100 *r);
+enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r);
+enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r);
void ndr_print_srvsvc_NetSrvInfo101(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo101 *r);
void ndr_print_srvsvc_NetSrvInfo102(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo102 *r);
void ndr_print_srvsvc_NetSrvInfo402(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo402 *r);
diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h
index fe23347fdf..99e1f4b1c9 100644
--- a/source3/librpc/gen_ndr/security.h
+++ b/source3/librpc/gen_ndr/security.h
@@ -4,6 +4,9 @@
#include "librpc/gen_ndr/misc.h"
#include "librpc/gen_ndr/dom_sid.h"
+#define dom_sid2 dom_sid
+#define dom_sid28 dom_sid
+#define dom_sid0 dom_sid
#ifndef _HEADER_security
#define _HEADER_security
@@ -129,6 +132,13 @@
#define DOMAIN_RID_ENTERPRISE_ADMINS ( 519 )
#define NT4_ACL_REVISION ( SECURITY_ACL_REVISION_NT4 )
#define SD_REVISION ( SECURITY_DESCRIPTOR_REVISION_1 )
+struct dom_sid {
+ uint8_t sid_rev_num;
+ int8_t num_auths;/* [range(0,15)] */
+ uint8_t id_auth[6];
+ uint32_t sub_auths[15];
+}/* [noprint,gensize,nopull,public,nopush,nosize] */;
+
enum sec_privilege
#ifndef USE_UINT_ENUMS
{
diff --git a/source3/librpc/gen_ndr/srvsvc.h b/source3/librpc/gen_ndr/srvsvc.h
index b50213bb96..6467f72a5b 100644
--- a/source3/librpc/gen_ndr/srvsvc.h
+++ b/source3/librpc/gen_ndr/srvsvc.h
@@ -431,7 +431,7 @@ enum srvsvc_PlatformId
struct srvsvc_NetSrvInfo100 {
enum srvsvc_PlatformId platform_id;
const char *server_name;/* [unique,charset(UTF16)] */
-};
+}/* [public] */;
struct srvsvc_NetSrvInfo101 {
enum srvsvc_PlatformId platform_id;
@@ -440,7 +440,7 @@ struct srvsvc_NetSrvInfo101 {
uint32_t version_minor;
uint32_t server_type;
const char *comment;/* [unique,charset(UTF16)] */
-};
+}/* [public] */;
struct srvsvc_NetSrvInfo102 {
enum srvsvc_PlatformId platform_id;
diff --git a/source3/librpc/gen_ndr/winreg.h b/source3/librpc/gen_ndr/winreg.h
index fbbab33c8d..a98120ccf5 100644
--- a/source3/librpc/gen_ndr/winreg.h
+++ b/source3/librpc/gen_ndr/winreg.h
@@ -54,7 +54,7 @@ struct winreg_String {
uint16_t name_len;/* [value(strlen_m_term(name)*2)] */
uint16_t name_size;/* [value(strlen_m_term(name)*2)] */
const char *name;/* [unique,charset(UTF16)] */
-}/* [public,noejs] */;
+}/* [public] */;
struct KeySecurityData {
uint8_t *data;/* [unique,length_is(len),size_is(size)] */
diff --git a/source3/librpc/ndr/sid.c b/source3/librpc/ndr/sid.c
index 39b7e3cd59..252da85929 100644
--- a/source3/librpc/ndr/sid.c
+++ b/source3/librpc/ndr/sid.c
@@ -22,72 +22,6 @@
#include "includes.h"
/*
- return the wire size of a dom_sid
-*/
-size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
-{
- if (!sid) return 0;
- return 8 + 4*sid->num_auths;
-}
-
-size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags)
-{
- struct dom_sid zero_sid;
-
- if (!sid) return 0;
-
- ZERO_STRUCT(zero_sid);
-
- if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
- return 0;
- }
-
- return 8 + 4*sid->num_auths;
-}
-
-size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags)
-{
- return ndr_size_dom_sid28(sid, flags);
-}
-
-enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r)
-{
- uint32_t cntr_sub_auths_0;
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_push_align(ndr, 4));
- NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num));
- NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths));
- NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
- for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0]));
- }
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r)
-{
- uint32_t cntr_sub_auths_0;
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_pull_align(ndr, 4));
- NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num));
- NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_auths));
- if (r->num_auths > 15) {
- return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
- }
- NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
- for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0]));
- }
- }
- if (ndr_flags & NDR_BUFFERS) {
- }
- return NDR_ERR_SUCCESS;
-}
-
-/*
convert a dom_sid to a string
*/
char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
@@ -123,161 +57,3 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
return ret;
}
-
-/*
- parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
-*/
-enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
-{
- uint32_t num_auths;
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths));
- NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
- if (sid->num_auths != num_auths) {
- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
- "Bad array size %u should exceed %u",
- num_auths, sid->num_auths);
- }
- return NDR_ERR_SUCCESS;
-}
-
-/*
- parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
-*/
-enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
-{
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths));
- return ndr_push_dom_sid(ndr, ndr_flags, sid);
-}
-
-/*
- parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth
-*/
-enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
-{
- enum ndr_err_code status;
- struct ndr_pull *subndr;
-
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- subndr = talloc_zero(ndr, struct ndr_pull);
- NDR_ERR_HAVE_NO_MEMORY(subndr);
- subndr->flags = ndr->flags;
- subndr->current_mem_ctx = ndr->current_mem_ctx;
-
- subndr->data = ndr->data + ndr->offset;
- subndr->data_size = 28;
- subndr->offset = 0;
-
- NDR_CHECK(ndr_pull_advance(ndr, 28));
-
- status = ndr_pull_dom_sid(subndr, ndr_flags, sid);
- if (!NDR_ERR_CODE_IS_SUCCESS(status)) {
- /* handle a w2k bug which send random data in the buffer */
- ZERO_STRUCTP(sid);
- }
-
- return NDR_ERR_SUCCESS;
-}
-
-/*
- push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer
-*/
-enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
-{
- uint32_t old_offset;
- uint32_t padding;
-
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- if (sid->num_auths > 5) {
- return ndr_push_error(ndr, NDR_ERR_RANGE,
- "dom_sid28 allows only upto 5 sub auth [%u]",
- sid->num_auths);
- }
-
- old_offset = ndr->offset;
- NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid));
-
- padding = 28 - (ndr->offset - old_offset);
-
- if (padding > 0) {
- NDR_CHECK(ndr_push_zero(ndr, padding));
- }
-
- return NDR_ERR_SUCCESS;
-}
-
-/*
- parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
-*/
-enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
-{
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- if (ndr->data_size == ndr->offset) {
- ZERO_STRUCTP(sid);
- return NDR_ERR_SUCCESS;
- }
-
- return ndr_pull_dom_sid(ndr, ndr_flags, sid);
-}
-
-/*
- push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
-*/
-enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
-{
- struct dom_sid zero_sid;
-
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- if (!sid) {
- return NDR_ERR_SUCCESS;
- }
-
- ZERO_STRUCT(zero_sid);
-
- if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
- return NDR_ERR_SUCCESS;
- }
-
- return ndr_push_dom_sid(ndr, ndr_flags, sid);
-}
-
-/*
- print a dom_sid
-*/
-void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
-}
-
-void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr_print_dom_sid(ndr, name, sid);
-}
-
-void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr_print_dom_sid(ndr, name, sid);
-}
-
-void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr_print_dom_sid(ndr, name, sid);
-}
-
diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index adea071185..65c473779f 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -54,10 +54,9 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY
NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \
../librpc/ndr/ndr_sec_helper.o \
- $(gen_ndrsrcdir)/ndr_dom_sid.o \
- $(ndrsrcdir)/ndr_dom_sid.o
+ $(gen_ndrsrcdir)/ndr_dom_sid.o
-PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h dom_sid.h)
+PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h)
[SUBSYSTEM::NDR_AUDIOSRV]
@@ -737,15 +736,9 @@ PRIVATE_DEPENDENCIES = RPC_NDR_DRSUAPI PYTALLOC param swig_credentials python_dc
python_drsuapi_OBJ_FILES = $(gen_ndrsrcdir)/py_drsuapi.o
-[PYTHON::python_dcerpc_dom_sid]
-LIBRARY_REALNAME = samba/dcerpc/dom_sid.$(SHLIBEXT)
-PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc
-
-python_dcerpc_dom_sid_OBJ_FILES = $(gen_ndrsrcdir)/py_dom_sid.o
-
[PYTHON::python_dcerpc_security]
LIBRARY_REALNAME = samba/dcerpc/security.$(SHLIBEXT)
-PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc_dom_sid python_dcerpc
+PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc
python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o
diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl
index 40712fc371..172dda4fae 100644
--- a/source4/librpc/idl/dom_sid.idl
+++ b/source4/librpc/idl/dom_sid.idl
@@ -1,34 +1,8 @@
-/*
- use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
- just a dom sid, but with the sub_auths represented as a conformant
- array. As with all in-structure conformant arrays, the array length
- is placed before the start of the structure. That's what gives rise
- to the extra num_auths elemenent. We don't want the Samba code to
- have to bother with such esoteric NDR details, so its easier to just
- define it as a dom_sid and use pidl magic to make it all work. It
- just means you need to mark a sid as a "dom_sid2" in the IDL when you
- know it is of the conformant array variety
-*/
-cpp_quote("#define dom_sid2 dom_sid")
-
-/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
-cpp_quote("#define dom_sid28 dom_sid")
-
-/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
-cpp_quote("#define dom_sid0 dom_sid")
-
[
pointer_default(unique)
]
interface dom_sid
{
- typedef [public,gensize,noprint,nosize,nopull,nopush] struct {
- uint8 sid_rev_num; /**< SID revision number */
- [range(0,15)] int8 num_auths; /**< Number of sub-authorities */
- uint8 id_auth[6]; /**< Identifier Authority */
- uint32 sub_auths[15];
- } dom_sid;
-
/* id used to identify a endpoint, possibly in a cluster */
typedef [public] struct {
hyper id;
diff --git a/source4/librpc/ndr/ndr_dom_sid.c b/source4/librpc/ndr/ndr_dom_sid.c
deleted file mode 100644
index 9b2118f56a..0000000000
--- a/source4/librpc/ndr/ndr_dom_sid.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- fast routines for getting the wire size of security objects
-
- Copyright (C) Andrew Tridgell 2003
- Copyright (C) Stefan Metzmacher 2006-2008
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include "includes.h"
-#include "librpc/gen_ndr/ndr_security.h"
-#include "libcli/security/security.h"
-
-/*
- return the wire size of a dom_sid
-*/
-size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
-{
- if (!sid) return 0;
- return 8 + 4*sid->num_auths;
-}
-
-size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags)
-{
- struct dom_sid zero_sid;
-
- if (!sid) return 0;
-
- ZERO_STRUCT(zero_sid);
-
- if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
- return 0;
- }
-
- return 8 + 4*sid->num_auths;
-}
-
-size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags)
-{
- return ndr_size_dom_sid28(sid, flags);
-}
-
-/*
- print a dom_sid
-*/
-void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
-}
-
-void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr_print_dom_sid(ndr, name, sid);
-}
-
-void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr_print_dom_sid(ndr, name, sid);
-}
-
-void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr_print_dom_sid(ndr, name, sid);
-}
-
-
-/*
- parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
-*/
-enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
-{
- uint32_t num_auths;
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths));
- NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
- if (sid->num_auths != num_auths) {
- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
- "Bad array size %u should exceed %u",
- num_auths, sid->num_auths);
- }
- return NDR_ERR_SUCCESS;
-}
-
-/*
- parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
-*/
-enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
-{
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths));
- return ndr_push_dom_sid(ndr, ndr_flags, sid);
-}
-
-/*
- parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth
-*/
-enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
-{
- enum ndr_err_code status;
- struct ndr_pull *subndr;
-
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- subndr = talloc_zero(ndr, struct ndr_pull);
- NDR_ERR_HAVE_NO_MEMORY(subndr);
- subndr->flags = ndr->flags;
- subndr->current_mem_ctx = ndr->current_mem_ctx;
-
- subndr->data = ndr->data + ndr->offset;
- subndr->data_size = 28;
- subndr->offset = 0;
-
- NDR_CHECK(ndr_pull_advance(ndr, 28));
-
- status = ndr_pull_dom_sid(subndr, ndr_flags, sid);
- if (!NDR_ERR_CODE_IS_SUCCESS(status)) {
- /* handle a w2k bug which send random data in the buffer */
- ZERO_STRUCTP(sid);
- } else if (sid->num_auths == 0 && sid->sub_auths) {
- ZERO_STRUCT(sid->sub_auths);
- }
-
- return NDR_ERR_SUCCESS;
-}
-
-/*
- push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer
-*/
-enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
-{
- uint32_t old_offset;
- uint32_t padding;
-
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- if (sid->num_auths > 5) {
- return ndr_push_error(ndr, NDR_ERR_RANGE,
- "dom_sid28 allows only upto 5 sub auth [%u]",
- sid->num_auths);
- }
-
- old_offset = ndr->offset;
- NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid));
-
- padding = 28 - (ndr->offset - old_offset);
-
- if (padding > 0) {
- NDR_CHECK(ndr_push_zero(ndr, padding));
- }
-
- return NDR_ERR_SUCCESS;
-}
-
-/*
- parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
-*/
-enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
-{
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- if (ndr->data_size == ndr->offset) {
- ZERO_STRUCTP(sid);
- return NDR_ERR_SUCCESS;
- }
-
- return ndr_pull_dom_sid(ndr, ndr_flags, sid);
-}
-
-/*
- push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
-*/
-enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
-{
- struct dom_sid zero_sid;
-
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- if (!sid) {
- return NDR_ERR_SUCCESS;
- }
-
- ZERO_STRUCT(zero_sid);
-
- if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
- return NDR_ERR_SUCCESS;
- }
-
- return ndr_push_dom_sid(ndr, ndr_flags, sid);
-}
-
-_PUBLIC_ enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r)
-{
- uint32_t cntr_sub_auths_0;
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_push_align(ndr, 4));
- NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num));
- NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths));
- NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
- for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0]));
- }
- }
- return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r)
-{
- uint32_t cntr_sub_auths_0;
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_pull_align(ndr, 4));
- NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num));
- NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths));
- if (r->num_auths < 0 || r->num_auths > 15) {
- return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
- }
- NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
- for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0]));
- }
- }
- return NDR_ERR_SUCCESS;
-}