diff options
| author | Simo Sorce <idra@samba.org> | 2008-02-01 14:24:31 -0500 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2008-02-01 14:24:31 -0500 |
| commit | 2fffc9a1b1fe2a1490e867bb38462e50c282d2b3 (patch) | |
| tree | 428e09c9b35138db8b7ca7161c659a71aa129d29 /source3/lib/secdesc.c | |
| parent | 93a3c5b3f9927973b4ad1496f593ea147052d1e1 (diff) | |
| parent | b708005a7106db26d7df689b887b419c9f2ea41c (diff) | |
| download | samba-2fffc9a1b1fe2a1490e867bb38462e50c282d2b3.tar.gz samba-2fffc9a1b1fe2a1490e867bb38462e50c282d2b3.tar.bz2 samba-2fffc9a1b1fe2a1490e867bb38462e50c282d2b3.zip | |
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
(This used to be commit 7dbfc7bdc65314466a83e8121b35c9bcb24b2631)
Diffstat (limited to 'source3/lib/secdesc.c')
| -rw-r--r-- | source3/lib/secdesc.c | 99 |
1 files changed, 39 insertions, 60 deletions
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 4a9785009b..44ae23271e 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -32,35 +32,6 @@ const struct generic_mapping file_generic_mapping = { }; /******************************************************************* - Works out the linearization size of a SEC_DESC. -********************************************************************/ - -size_t sec_desc_size(SEC_DESC *psd) -{ - size_t offset; - - if (!psd) return 0; - - offset = SEC_DESC_HEADER_SIZE; - - /* don't align */ - - if (psd->owner_sid != NULL) - offset += sid_size(psd->owner_sid); - - if (psd->group_sid != NULL) - offset += sid_size(psd->group_sid); - - if (psd->sacl != NULL) - offset += psd->sacl->size; - - if (psd->dacl != NULL) - offset += psd->dacl->size; - - return offset; -} - -/******************************************************************* Compares two SEC_DESC structures ********************************************************************/ @@ -182,7 +153,9 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU Creates a SEC_DESC structure ********************************************************************/ -SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, +SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, + enum security_descriptor_revision revision, + uint16 type, const DOM_SID *owner_sid, const DOM_SID *grp_sid, SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { @@ -233,11 +206,11 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, } if (dst->owner_sid != NULL) { - offset += sid_size(dst->owner_sid); + offset += ndr_size_dom_sid(dst->owner_sid, 0); } if (dst->group_sid != NULL) { - offset += sid_size(dst->group_sid); + offset += ndr_size_dom_sid(dst->group_sid, 0); } *sd_size = (size_t)offset; @@ -272,25 +245,21 @@ NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx, struct security_descriptor *secdesc, uint8 **data, size_t *len) { - prs_struct ps; - - if (!prs_init(&ps, sec_desc_size(secdesc), mem_ctx, MARSHALL)) { - return NT_STATUS_NO_MEMORY; - } + DATA_BLOB blob; + enum ndr_err_code ndr_err; - if (!sec_io_desc("security_descriptor", &secdesc, &ps, 1)) { - prs_mem_free(&ps); - return NT_STATUS_INVALID_PARAMETER; - } + ndr_err = ndr_push_struct_blob( + &blob, mem_ctx, secdesc, + (ndr_push_flags_fn_t)ndr_push_security_descriptor); - if (!(*data = (uint8 *)talloc_memdup(mem_ctx, ps.data_p, - prs_offset(&ps)))) { - prs_mem_free(&ps); - return NT_STATUS_NO_MEMORY; + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(0, ("ndr_push_security_descriptor failed: %s\n", + ndr_errstr(ndr_err))); + return ndr_map_error2ntstatus(ndr_err);; } - *len = prs_offset(&ps); - prs_mem_free(&ps); + *data = blob.data; + *len = blob.length; return NT_STATUS_OK; } @@ -300,25 +269,33 @@ NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx, NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len, struct security_descriptor **psecdesc) { - prs_struct ps; - struct security_descriptor *secdesc = NULL; + DATA_BLOB blob; + enum ndr_err_code ndr_err; + struct security_descriptor *result; - if (!(secdesc = TALLOC_ZERO_P(mem_ctx, struct security_descriptor))) { - return NT_STATUS_NO_MEMORY; + if ((data == NULL) || (len == 0)) { + return NT_STATUS_INVALID_PARAMETER; } - if (!prs_init(&ps, 0, secdesc, UNMARSHALL)) { + result = TALLOC_ZERO_P(mem_ctx, struct security_descriptor); + if (result == NULL) { return NT_STATUS_NO_MEMORY; } - prs_give_memory(&ps, (char *)data, len, False); + blob = data_blob_const(data, len); - if (!sec_io_desc("security_descriptor", &secdesc, &ps, 1)) { - return NT_STATUS_INVALID_PARAMETER; + ndr_err = ndr_pull_struct_blob( + &blob, result, result, + (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(0, ("ndr_pull_security_descriptor failed: %s\n", + ndr_errstr(ndr_err))); + TALLOC_FREE(result); + return ndr_map_error2ntstatus(ndr_err);; } - prs_mem_free(&ps); - *psecdesc = secdesc; + *psecdesc = result; return NT_STATUS_OK; } @@ -329,8 +306,9 @@ NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len, SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *grp_sid, SEC_ACL *dacl, size_t *sd_size) { - return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, - owner_sid, grp_sid, NULL, dacl, sd_size); + return make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, NULL, + dacl, sd_size); } /******************************************************************* @@ -557,7 +535,8 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, correct. Perhaps the user and group should be passed in as parameters by the caller? */ - sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, + sd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE, parent_ctr->owner_sid, parent_ctr->group_sid, parent_ctr->sacl, |