diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-02 04:34:11 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:06:16 -0500 |
commit | 81476cd9fad32f5629de44d45c3a9c58d67e5864 (patch) | |
tree | f1c173c1e6bf6dbeaad609a052cce2bbcac04f39 /source4/libcli | |
parent | 450368c83365020fd8b5f4c2c6eafa23aa1aa2aa (diff) | |
download | samba-81476cd9fad32f5629de44d45c3a9c58d67e5864.tar.gz samba-81476cd9fad32f5629de44d45c3a9c58d67e5864.tar.bz2 samba-81476cd9fad32f5629de44d45c3a9c58d67e5864.zip |
r4034: add a function security_descriptor_create() which can be used to
easily create complex security descriptors for testing. This greatly
simplifies the smbtorture code I am writing for testing our
new access_check code.
(This used to be commit 891a8bc16af3c6ce5800e793ce4ec8b0078e444f)
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/security/security_descriptor.c | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c index 1783c62f37..1c63478ab2 100644 --- a/source4/libcli/security/security_descriptor.c +++ b/source4/libcli/security/security_descriptor.c @@ -100,6 +100,8 @@ NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd, sd->dacl->num_aces++; + sd->type |= SEC_DESC_DACL_PRESENT; + return NT_STATUS_OK; } @@ -206,3 +208,80 @@ BOOL security_descriptor_mask_equal(const struct security_descriptor *sd1, return True; } + + +/* + create a security descriptor using string SIDs. This is used by the + torture code to allow the easy creation of complex ACLs + This is a varargs function. The list of ACEs ends with a NULL sid. + + a typical call would be: + + sd = security_descriptor_create(mem_ctx, + mysid, + mygroup, + SID_AUTHENTICATED_USERS, + SEC_ACE_TYPE_ACCESS_ALLOWED, + SEC_FILE_ALL, + NULL); + that would create a sd with one ACE +*/ +struct security_descriptor *security_descriptor_create(TALLOC_CTX *mem_ctx, + const char *owner_sid, + const char *group_sid, + ...) +{ + va_list ap; + struct security_descriptor *sd; + const char *sidstr; + + sd = security_descriptor_initialise(mem_ctx); + if (sd == NULL) return NULL; + + if (owner_sid) { + sd->owner_sid = dom_sid_parse_talloc(mem_ctx, owner_sid); + if (sd->owner_sid == NULL) { + talloc_free(sd); + return NULL; + } + } + if (group_sid) { + sd->group_sid = dom_sid_parse_talloc(mem_ctx, group_sid); + if (sd->group_sid == NULL) { + talloc_free(sd); + return NULL; + } + } + + va_start(ap, group_sid); + while ((sidstr = va_arg(ap, const char *))) { + struct dom_sid *sid; + struct security_ace *ace = talloc_p(sd, struct security_ace); + NTSTATUS status; + + if (ace == NULL) { + talloc_free(sd); + va_end(ap); + return NULL; + } + ace->type = va_arg(ap, unsigned int); + ace->access_mask = va_arg(ap, unsigned int); + ace->flags = 0; + sid = dom_sid_parse_talloc(ace, sidstr); + if (sid == NULL) { + va_end(ap); + talloc_free(sd); + return NULL; + } + ace->trustee = *sid; + status = security_descriptor_dacl_add(sd, ace); + if (!NT_STATUS_IS_OK(status)) { + va_end(ap); + talloc_free(sd); + return NULL; + } + } + va_end(ap); + + return sd; +} |