diff options
-rw-r--r-- | librpc/idl/security.idl | 29 | ||||
-rw-r--r-- | librpc/ndr/ndr_sec_helper.c | 224 | ||||
-rw-r--r-- | source3/include/proto.h | 8 | ||||
-rw-r--r-- | source3/include/smb.h | 13 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/lsa.h | 2 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/misc.h | 2 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_drsblobs.c | 10 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_security.c | 21 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_security.h | 4 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_srvsvc.c | 8 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_srvsvc.h | 4 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/security.h | 10 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/srvsvc.h | 4 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/winreg.h | 2 | ||||
-rw-r--r-- | source3/librpc/ndr/sid.c | 224 | ||||
-rw-r--r-- | source4/librpc/config.mk | 13 | ||||
-rw-r--r-- | source4/librpc/idl/dom_sid.idl | 26 | ||||
-rw-r--r-- | source4/librpc/ndr/ndr_dom_sid.c | 248 |
18 files changed, 296 insertions, 556 deletions
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 3f70e2c36e..d88931fc69 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -7,12 +7,40 @@ import "misc.idl"; import "dom_sid.idl"; +/* + use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really + just a dom sid, but with the sub_auths represented as a conformant + array. As with all in-structure conformant arrays, the array length + is placed before the start of the structure. That's what gives rise + to the extra num_auths elemenent. We don't want the Samba code to + have to bother with such esoteric NDR details, so its easier to just + define it as a dom_sid and use pidl magic to make it all work. It + just means you need to mark a sid as a "dom_sid2" in the IDL when you + know it is of the conformant array variety +*/ +cpp_quote("#define dom_sid2 dom_sid") + +/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ +cpp_quote("#define dom_sid28 dom_sid") + +/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ +cpp_quote("#define dom_sid0 dom_sid") + + + [ helper("librpc/gen_ndr/ndr_dom_sid.h"), pointer_default(unique) ] interface security { + + typedef [public,gensize,noprint,nosize,nopull,nopush] struct { + uint8 sid_rev_num; /**< SID revision number */ + [range(0,15)] int8 num_auths; /**< Number of sub-authorities */ + uint8 id_auth[6]; /**< Identifier Authority */ + uint32 sub_auths[15]; + } dom_sid; /* access masks are divided up like this: 0xabccdddd @@ -388,4 +416,5 @@ interface security KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008, KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010 } kerb_EncTypes; + } diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c index 4b135505d8..898a4287ea 100644 --- a/librpc/ndr/ndr_sec_helper.c +++ b/librpc/ndr/ndr_sec_helper.c @@ -23,6 +23,9 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_security.h" +#if _SAMBA_BUILD_ == 4 +#include "libcli/security/security.h" +#endif /* return the wire size of a security_ace @@ -116,3 +119,224 @@ size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int fl return ret; } +/* + return the wire size of a dom_sid +*/ +size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) +{ + if (!sid) return 0; + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) +{ + struct dom_sid zero_sid; + + if (!sid) return 0; + + ZERO_STRUCT(zero_sid); + + if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + return 0; + } + + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) +{ + return ndr_size_dom_sid28(sid, flags); +} + +/* + print a dom_sid +*/ +void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); +} + +void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + + +/* + parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field +*/ +enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + uint32_t num_auths; + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); + NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); + if (sid->num_auths != num_auths) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, + "Bad array size %u should exceed %u", + num_auths, sid->num_auths); + } + return NDR_ERR_SUCCESS; +} + +/* + parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field +*/ +enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); + return ndr_push_dom_sid(ndr, ndr_flags, sid); +} + +/* + parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth +*/ +enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + enum ndr_err_code status; + struct ndr_pull *subndr; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + subndr = talloc_zero(ndr, struct ndr_pull); + NDR_ERR_HAVE_NO_MEMORY(subndr); + subndr->flags = ndr->flags; + subndr->current_mem_ctx = ndr->current_mem_ctx; + + subndr->data = ndr->data + ndr->offset; + subndr->data_size = 28; + subndr->offset = 0; + + NDR_CHECK(ndr_pull_advance(ndr, 28)); + + status = ndr_pull_dom_sid(subndr, ndr_flags, sid); + if (!NDR_ERR_CODE_IS_SUCCESS(status)) { + /* handle a w2k bug which send random data in the buffer */ + ZERO_STRUCTP(sid); + } else if (sid->num_auths == 0 && sid->sub_auths) { + ZERO_STRUCT(sid->sub_auths); + } + + return NDR_ERR_SUCCESS; +} + +/* + push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer +*/ +enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + uint32_t old_offset; + uint32_t padding; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (sid->num_auths > 5) { + return ndr_push_error(ndr, NDR_ERR_RANGE, + "dom_sid28 allows only upto 5 sub auth [%u]", + sid->num_auths); + } + + old_offset = ndr->offset; + NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); + + padding = 28 - (ndr->offset - old_offset); + + if (padding > 0) { + NDR_CHECK(ndr_push_zero(ndr, padding)); + } + + return NDR_ERR_SUCCESS; +} + +/* + parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty +*/ +enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (ndr->data_size == ndr->offset) { + ZERO_STRUCTP(sid); + return NDR_ERR_SUCCESS; + } + + return ndr_pull_dom_sid(ndr, ndr_flags, sid); +} + +/* + push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty +*/ +enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + struct dom_sid zero_sid; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (!sid) { + return NDR_ERR_SUCCESS; + } + + ZERO_STRUCT(zero_sid); + + if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + return NDR_ERR_SUCCESS; + } + + return ndr_push_dom_sid(ndr, ndr_flags, sid); +} + +_PUBLIC_ enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r) +{ + uint32_t cntr_sub_auths_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num)); + NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths)); + NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); + for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0])); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r) +{ + uint32_t cntr_sub_auths_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num)); + NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths)); + if (r->num_auths < 0 || r->num_auths > 15) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); + for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0])); + } + } + return NDR_ERR_SUCCESS; +} diff --git a/source3/include/proto.h b/source3/include/proto.h index 4028f6de52..c813fafff5 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2315,15 +2315,7 @@ void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct do /* The following definitions come from librpc/ndr/sid.c */ -enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r); -enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r); char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); /* The following definitions come from librpc/rpc/binding.c */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 112b4e0f91..891bd4aaf7 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -209,18 +209,7 @@ typedef uint32 codepoint_t; * * @sa http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/accctrl_38yn.asp **/ -typedef struct dom_sid { - uint8 sid_rev_num; /**< SID revision number */ - uint8 num_auths; /**< Number of sub-authorities */ - uint8 id_auth[6]; /**< Identifier Authority */ - /* - * Pointer to sub-authorities. - * - * @note The values in these uint32's are in *native* byteorder, not - * neccessarily little-endian...... JRA. - */ - uint32 sub_auths[MAXSUBAUTHS]; -} DOM_SID; +typedef struct dom_sid DOM_SID; enum id_mapping { ID_UNKNOWN = 0, diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h index 0ccbcdf5b0..ee8a31138d 100644 --- a/source3/librpc/gen_ndr/lsa.h +++ b/source3/librpc/gen_ndr/lsa.h @@ -17,7 +17,7 @@ struct lsa_String { uint16_t length;/* [value(2*strlen_m(string))] */ uint16_t size;/* [value(2*strlen_m(string))] */ const char *string;/* [unique,charset(UTF16),length_is(length/2),size_is(size/2)] */ -}/* [public,noejs] */; +}/* [public] */; struct lsa_StringLarge { uint16_t length;/* [value(2*strlen_m(string))] */ diff --git a/source3/librpc/gen_ndr/misc.h b/source3/librpc/gen_ndr/misc.h index d1cf64e0eb..de4abdcae5 100644 --- a/source3/librpc/gen_ndr/misc.h +++ b/source3/librpc/gen_ndr/misc.h @@ -11,7 +11,7 @@ struct GUID { uint16_t time_hi_and_version; uint8_t clock_seq[2]; uint8_t node[6]; -}/* [noprint,gensize,public,noejs] */; +}/* [noprint,gensize,public] */; struct ndr_syntax_id { struct GUID uuid; diff --git a/source3/librpc/gen_ndr/ndr_drsblobs.c b/source3/librpc/gen_ndr/ndr_drsblobs.c index dd8d77ea15..d965e40bd2 100644 --- a/source3/librpc/gen_ndr/ndr_drsblobs.c +++ b/source3/librpc/gen_ndr/ndr_drsblobs.c @@ -2351,7 +2351,6 @@ static enum ndr_err_code ndr_push_AuthInfoNT4Owf(struct ndr_push *ndr, int ndr_f NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->password)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->password)); } return NDR_ERR_SUCCESS; } @@ -2364,7 +2363,6 @@ static enum ndr_err_code ndr_pull_AuthInfoNT4Owf(struct ndr_pull *ndr, int ndr_f NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->password)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->password)); } return NDR_ERR_SUCCESS; } @@ -2477,7 +2475,6 @@ static enum ndr_err_code ndr_push_AuthInfo(struct ndr_push *ndr, int ndr_flags, break; case TRUST_AUTH_TYPE_NT4OWF: - NDR_CHECK(ndr_push_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf)); break; case TRUST_AUTH_TYPE_CLEAR: @@ -2525,7 +2522,6 @@ static enum ndr_err_code ndr_pull_AuthInfo(struct ndr_pull *ndr, int ndr_flags, break; case TRUST_AUTH_TYPE_NT4OWF: - NDR_CHECK(ndr_pull_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf)); break; case TRUST_AUTH_TYPE_CLEAR: @@ -2584,7 +2580,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_AuthenticationInformation(struct ndr_push *n } } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo)); } return NDR_ERR_SUCCESS; } @@ -2605,7 +2600,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_AuthenticationInformation(struct ndr_pull *n } } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo)); } return NDR_ERR_SUCCESS; } @@ -2641,7 +2635,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_trustCurrentPasswords(struct ndr_push *ndr, for (cntr_current_0 = 0; cntr_current_0 < r->count; cntr_current_0++) { if (r->current[cntr_current_0]) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current[cntr_current_0])); - NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0])); + NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0])); } } } @@ -2681,7 +2675,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_trustCurrentPasswords(struct ndr_pull *ndr, NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current[cntr_current_0])); _mem_save_current_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->current[cntr_current_0], 0); - NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0])); + NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0])); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_1, 0); ndr->offset = _relative_save_offset; } diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c index 108f2f689c..8339a40d40 100644 --- a/source3/librpc/gen_ndr/ndr_security.c +++ b/source3/librpc/gen_ndr/ndr_security.c @@ -427,7 +427,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_f } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object)); - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->trustee)); } return NDR_ERR_SUCCESS; } @@ -621,11 +620,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_descriptor(struct ndr_push *ndr, in if (ndr_flags & NDR_BUFFERS) { if (r->owner_sid) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->owner_sid)); - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->owner_sid)); } if (r->group_sid) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->group_sid)); - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid)); } if (r->sacl) { NDR_CHECK(ndr_push_relative_ptr2(ndr, r->sacl)); @@ -694,7 +693,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid)); _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0); ndr->offset = _relative_save_offset; } @@ -704,7 +703,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid)); _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); ndr->offset = _relative_save_offset; } @@ -855,14 +854,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_token(struct ndr_push *ndr, int ndr } if (ndr_flags & NDR_BUFFERS) { if (r->user_sid) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->user_sid)); } if (r->group_sid) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid)); } for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) { if (r->sids[cntr_sids_0]) { - NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0])); + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0])); } } } @@ -916,13 +915,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr if (r->user_sid) { _mem_save_user_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->user_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->user_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_sid_0, 0); } if (r->group_sid) { _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0); } _mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr); @@ -931,7 +930,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr if (r->sids[cntr_sids_0]) { _mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_0], 0); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0])); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0])); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0); } } diff --git a/source3/librpc/gen_ndr/ndr_security.h b/source3/librpc/gen_ndr/ndr_security.h index bddf1bd2b7..f8cbf4afa8 100644 --- a/source3/librpc/gen_ndr/ndr_security.h +++ b/source3/librpc/gen_ndr/ndr_security.h @@ -8,6 +8,10 @@ #include "librpc/gen_ndr/ndr_dom_sid.h" #define NDR_SECURITY_CALL_COUNT (0) +enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r); +enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r); +void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *r); +size_t ndr_size_dom_sid(const struct dom_sid *r, int flags); enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r); enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r); void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r); diff --git a/source3/librpc/gen_ndr/ndr_srvsvc.c b/source3/librpc/gen_ndr/ndr_srvsvc.c index 9ac3aa82c9..125542d14a 100644 --- a/source3/librpc/gen_ndr/ndr_srvsvc.c +++ b/source3/librpc/gen_ndr/ndr_srvsvc.c @@ -6358,7 +6358,7 @@ _PUBLIC_ void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *nam ndr_print_enum(ndr, name, "ENUM", val, r); } -static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r) +_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r) { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); @@ -6376,7 +6376,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r) +_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r) { uint32_t _ptr_server_name; TALLOC_CTX *_mem_save_server_name_0; @@ -6421,7 +6421,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char * ndr->depth--; } -static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r) +_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r) { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); @@ -6449,7 +6449,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r) +_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r) { uint32_t _ptr_server_name; TALLOC_CTX *_mem_save_server_name_0; diff --git a/source3/librpc/gen_ndr/ndr_srvsvc.h b/source3/librpc/gen_ndr/ndr_srvsvc.h index 33569d1870..126680cad0 100644 --- a/source3/librpc/gen_ndr/ndr_srvsvc.h +++ b/source3/librpc/gen_ndr/ndr_srvsvc.h @@ -186,7 +186,11 @@ void ndr_print_srvsvc_NetShareInfoCtr(struct ndr_print *ndr, const char *name, c enum ndr_err_code ndr_push_srvsvc_PlatformId(struct ndr_push *ndr, int ndr_flags, enum srvsvc_PlatformId r); enum ndr_err_code ndr_pull_srvsvc_PlatformId(struct ndr_pull *ndr, int ndr_flags, enum srvsvc_PlatformId *r); void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *name, enum srvsvc_PlatformId r); +enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r); +enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r); void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo100 *r); +enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r); +enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r); void ndr_print_srvsvc_NetSrvInfo101(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo101 *r); void ndr_print_srvsvc_NetSrvInfo102(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo102 *r); void ndr_print_srvsvc_NetSrvInfo402(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo402 *r); diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h index fe23347fdf..99e1f4b1c9 100644 --- a/source3/librpc/gen_ndr/security.h +++ b/source3/librpc/gen_ndr/security.h @@ -4,6 +4,9 @@ #include "librpc/gen_ndr/misc.h" #include "librpc/gen_ndr/dom_sid.h" +#define dom_sid2 dom_sid +#define dom_sid28 dom_sid +#define dom_sid0 dom_sid #ifndef _HEADER_security #define _HEADER_security @@ -129,6 +132,13 @@ #define DOMAIN_RID_ENTERPRISE_ADMINS ( 519 ) #define NT4_ACL_REVISION ( SECURITY_ACL_REVISION_NT4 ) #define SD_REVISION ( SECURITY_DESCRIPTOR_REVISION_1 ) +struct dom_sid { + uint8_t sid_rev_num; + int8_t num_auths;/* [range(0,15)] */ + uint8_t id_auth[6]; + uint32_t sub_auths[15]; +}/* [noprint,gensize,nopull,public,nopush,nosize] */; + enum sec_privilege #ifndef USE_UINT_ENUMS { diff --git a/source3/librpc/gen_ndr/srvsvc.h b/source3/librpc/gen_ndr/srvsvc.h index b50213bb96..6467f72a5b 100644 --- a/source3/librpc/gen_ndr/srvsvc.h +++ b/source3/librpc/gen_ndr/srvsvc.h @@ -431,7 +431,7 @@ enum srvsvc_PlatformId struct srvsvc_NetSrvInfo100 { enum srvsvc_PlatformId platform_id; const char *server_name;/* [unique,charset(UTF16)] */ -}; +}/* [public] */; struct srvsvc_NetSrvInfo101 { enum srvsvc_PlatformId platform_id; @@ -440,7 +440,7 @@ struct srvsvc_NetSrvInfo101 { uint32_t version_minor; uint32_t server_type; const char *comment;/* [unique,charset(UTF16)] */ -}; +}/* [public] */; struct srvsvc_NetSrvInfo102 { enum srvsvc_PlatformId platform_id; diff --git a/source3/librpc/gen_ndr/winreg.h b/source3/librpc/gen_ndr/winreg.h index fbbab33c8d..a98120ccf5 100644 --- a/source3/librpc/gen_ndr/winreg.h +++ b/source3/librpc/gen_ndr/winreg.h @@ -54,7 +54,7 @@ struct winreg_String { uint16_t name_len;/* [value(strlen_m_term(name)*2)] */ uint16_t name_size;/* [value(strlen_m_term(name)*2)] */ const char *name;/* [unique,charset(UTF16)] */ -}/* [public,noejs] */; +}/* [public] */; struct KeySecurityData { uint8_t *data;/* [unique,length_is(len),size_is(size)] */ diff --git a/source3/librpc/ndr/sid.c b/source3/librpc/ndr/sid.c index 39b7e3cd59..252da85929 100644 --- a/source3/librpc/ndr/sid.c +++ b/source3/librpc/ndr/sid.c @@ -22,72 +22,6 @@ #include "includes.h" /* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) -{ - struct dom_sid zero_sid; - - if (!sid) return 0; - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return 0; - } - - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) -{ - return ndr_size_dom_sid28(sid, flags); -} - -enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r) -{ - uint32_t cntr_sub_auths_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num)); - NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths)); - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0])); - } - } - if (ndr_flags & NDR_BUFFERS) { - } - return NDR_ERR_SUCCESS; -} - -enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r) -{ - uint32_t cntr_sub_auths_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_auths)); - if (r->num_auths > 15) { - return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); - } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0])); - } - } - if (ndr_flags & NDR_BUFFERS) { - } - return NDR_ERR_SUCCESS; -} - -/* convert a dom_sid to a string */ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) @@ -123,161 +57,3 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) return ret; } - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - uint32_t num_auths; - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); - NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); - if (sid->num_auths != num_auths) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, - "Bad array size %u should exceed %u", - num_auths, sid->num_auths); - } - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth -*/ -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - enum ndr_err_code status; - struct ndr_pull *subndr; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - subndr = talloc_zero(ndr, struct ndr_pull); - NDR_ERR_HAVE_NO_MEMORY(subndr); - subndr->flags = ndr->flags; - subndr->current_mem_ctx = ndr->current_mem_ctx; - - subndr->data = ndr->data + ndr->offset; - subndr->data_size = 28; - subndr->offset = 0; - - NDR_CHECK(ndr_pull_advance(ndr, 28)); - - status = ndr_pull_dom_sid(subndr, ndr_flags, sid); - if (!NDR_ERR_CODE_IS_SUCCESS(status)) { - /* handle a w2k bug which send random data in the buffer */ - ZERO_STRUCTP(sid); - } - - return NDR_ERR_SUCCESS; -} - -/* - push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer -*/ -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - uint32_t old_offset; - uint32_t padding; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (sid->num_auths > 5) { - return ndr_push_error(ndr, NDR_ERR_RANGE, - "dom_sid28 allows only upto 5 sub auth [%u]", - sid->num_auths); - } - - old_offset = ndr->offset; - NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); - - padding = 28 - (ndr->offset - old_offset); - - if (padding > 0) { - NDR_CHECK(ndr_push_zero(ndr, padding)); - } - - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (ndr->data_size == ndr->offset) { - ZERO_STRUCTP(sid); - return NDR_ERR_SUCCESS; - } - - return ndr_pull_dom_sid(ndr, ndr_flags, sid); -} - -/* - push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - struct dom_sid zero_sid; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (!sid) { - return NDR_ERR_SUCCESS; - } - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return NDR_ERR_SUCCESS; - } - - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index adea071185..65c473779f 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -54,10 +54,9 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \ ../librpc/ndr/ndr_sec_helper.o \ - $(gen_ndrsrcdir)/ndr_dom_sid.o \ - $(ndrsrcdir)/ndr_dom_sid.o + $(gen_ndrsrcdir)/ndr_dom_sid.o -PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h dom_sid.h) +PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h) [SUBSYSTEM::NDR_AUDIOSRV] @@ -737,15 +736,9 @@ PRIVATE_DEPENDENCIES = RPC_NDR_DRSUAPI PYTALLOC param swig_credentials python_dc python_drsuapi_OBJ_FILES = $(gen_ndrsrcdir)/py_drsuapi.o -[PYTHON::python_dcerpc_dom_sid] -LIBRARY_REALNAME = samba/dcerpc/dom_sid.$(SHLIBEXT) -PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc - -python_dcerpc_dom_sid_OBJ_FILES = $(gen_ndrsrcdir)/py_dom_sid.o - [PYTHON::python_dcerpc_security] LIBRARY_REALNAME = samba/dcerpc/security.$(SHLIBEXT) -PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc_dom_sid python_dcerpc +PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl index 40712fc371..172dda4fae 100644 --- a/source4/librpc/idl/dom_sid.idl +++ b/source4/librpc/idl/dom_sid.idl @@ -1,34 +1,8 @@ -/* - use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really - just a dom sid, but with the sub_auths represented as a conformant - array. As with all in-structure conformant arrays, the array length - is placed before the start of the structure. That's what gives rise - to the extra num_auths elemenent. We don't want the Samba code to - have to bother with such esoteric NDR details, so its easier to just - define it as a dom_sid and use pidl magic to make it all work. It - just means you need to mark a sid as a "dom_sid2" in the IDL when you - know it is of the conformant array variety -*/ -cpp_quote("#define dom_sid2 dom_sid") - -/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ -cpp_quote("#define dom_sid28 dom_sid") - -/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ -cpp_quote("#define dom_sid0 dom_sid") - [ pointer_default(unique) ] interface dom_sid { - typedef [public,gensize,noprint,nosize,nopull,nopush] struct { - uint8 sid_rev_num; /**< SID revision number */ - [range(0,15)] int8 num_auths; /**< Number of sub-authorities */ - uint8 id_auth[6]; /**< Identifier Authority */ - uint32 sub_auths[15]; - } dom_sid; - /* id used to identify a endpoint, possibly in a cluster */ typedef [public] struct { hyper id; diff --git a/source4/librpc/ndr/ndr_dom_sid.c b/source4/librpc/ndr/ndr_dom_sid.c deleted file mode 100644 index 9b2118f56a..0000000000 --- a/source4/librpc/ndr/ndr_dom_sid.c +++ /dev/null @@ -1,248 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - fast routines for getting the wire size of security objects - - Copyright (C) Andrew Tridgell 2003 - Copyright (C) Stefan Metzmacher 2006-2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - - -#include "includes.h" -#include "librpc/gen_ndr/ndr_security.h" -#include "libcli/security/security.h" - -/* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) -{ - struct dom_sid zero_sid; - - if (!sid) return 0; - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return 0; - } - - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) -{ - return ndr_size_dom_sid28(sid, flags); -} - -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - uint32_t num_auths; - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); - NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); - if (sid->num_auths != num_auths) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, - "Bad array size %u should exceed %u", - num_auths, sid->num_auths); - } - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth -*/ -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - enum ndr_err_code status; - struct ndr_pull *subndr; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - subndr = talloc_zero(ndr, struct ndr_pull); - NDR_ERR_HAVE_NO_MEMORY(subndr); - subndr->flags = ndr->flags; - subndr->current_mem_ctx = ndr->current_mem_ctx; - - subndr->data = ndr->data + ndr->offset; - subndr->data_size = 28; - subndr->offset = 0; - - NDR_CHECK(ndr_pull_advance(ndr, 28)); - - status = ndr_pull_dom_sid(subndr, ndr_flags, sid); - if (!NDR_ERR_CODE_IS_SUCCESS(status)) { - /* handle a w2k bug which send random data in the buffer */ - ZERO_STRUCTP(sid); - } else if (sid->num_auths == 0 && sid->sub_auths) { - ZERO_STRUCT(sid->sub_auths); - } - - return NDR_ERR_SUCCESS; -} - -/* - push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer -*/ -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - uint32_t old_offset; - uint32_t padding; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (sid->num_auths > 5) { - return ndr_push_error(ndr, NDR_ERR_RANGE, - "dom_sid28 allows only upto 5 sub auth [%u]", - sid->num_auths); - } - - old_offset = ndr->offset; - NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); - - padding = 28 - (ndr->offset - old_offset); - - if (padding > 0) { - NDR_CHECK(ndr_push_zero(ndr, padding)); - } - - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (ndr->data_size == ndr->offset) { - ZERO_STRUCTP(sid); - return NDR_ERR_SUCCESS; - } - - return ndr_pull_dom_sid(ndr, ndr_flags, sid); -} - -/* - push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - struct dom_sid zero_sid; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (!sid) { - return NDR_ERR_SUCCESS; - } - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return NDR_ERR_SUCCESS; - } - - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -_PUBLIC_ enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r) -{ - uint32_t cntr_sub_auths_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num)); - NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths)); - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0])); - } - } - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r) -{ - uint32_t cntr_sub_auths_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num)); - NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths)); - if (r->num_auths < 0 || r->num_auths > 15) { - return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); - } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); - for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) { - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0])); - } - } - return NDR_ERR_SUCCESS; -} |