diff options
Diffstat (limited to 'librpc/gen_ndr')
-rw-r--r-- | librpc/gen_ndr/ndr_security.c | 50 | ||||
-rw-r--r-- | librpc/gen_ndr/ndr_security.h | 3 | ||||
-rw-r--r-- | librpc/gen_ndr/security.h | 13 |
3 files changed, 66 insertions, 0 deletions
diff --git a/librpc/gen_ndr/ndr_security.c b/librpc/gen_ndr/ndr_security.c index c227170779..0bc039d967 100644 --- a/librpc/gen_ndr/ndr_security.c +++ b/librpc/gen_ndr/ndr_security.c @@ -850,6 +850,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_token(struct ndr_push *ndr, int ndr NDR_CHECK(ndr_push_unique_ptr(ndr, r->sids[cntr_sids_0])); } NDR_CHECK(ndr_push_udlong(ndr, NDR_SCALARS, r->privilege_mask)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->default_dacl)); } if (ndr_flags & NDR_BUFFERS) { if (r->user_sid) { @@ -863,6 +864,9 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_token(struct ndr_push *ndr, int ndr NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0])); } } + if (r->default_dacl) { + NDR_CHECK(ndr_push_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->default_dacl)); + } } return NDR_ERR_SUCCESS; } @@ -877,6 +881,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr uint32_t cntr_sids_0; TALLOC_CTX *_mem_save_sids_0; TALLOC_CTX *_mem_save_sids_1; + uint32_t _ptr_default_dacl; + TALLOC_CTX *_mem_save_default_dacl_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user_sid)); @@ -906,6 +912,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, 0); NDR_CHECK(ndr_pull_udlong(ndr, NDR_SCALARS, &r->privilege_mask)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_default_dacl)); + if (_ptr_default_dacl) { + NDR_PULL_ALLOC(ndr, r->default_dacl); + } else { + r->default_dacl = NULL; + } if (r->sids) { NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->sids, r->num_sids)); } @@ -934,6 +946,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr } } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, 0); + if (r->default_dacl) { + _mem_save_default_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->default_dacl, 0); + NDR_CHECK(ndr_pull_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->default_dacl)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_default_dacl_0, 0); + } } return NDR_ERR_SUCCESS; } @@ -972,6 +990,12 @@ _PUBLIC_ void ndr_print_security_token(struct ndr_print *ndr, const char *name, } ndr->depth--; ndr_print_udlong(ndr, "privilege_mask", r->privilege_mask); + ndr_print_ptr(ndr, "default_dacl", r->default_dacl); + ndr->depth++; + if (r->default_dacl) { + ndr_print_security_acl(ndr, "default_dacl", r->default_dacl); + } + ndr->depth--; ndr->depth--; } @@ -1030,3 +1054,29 @@ _PUBLIC_ void ndr_print_kerb_EncTypes(struct ndr_print *ndr, const char *name, u ndr->depth--; } +_PUBLIC_ enum ndr_err_code ndr_push_security_autoinherit(struct ndr_push *ndr, int ndr_flags, uint32_t r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_security_autoinherit(struct ndr_pull *ndr, int ndr_flags, uint32_t *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_security_autoinherit(struct ndr_print *ndr, const char *name, uint32_t r) +{ + ndr_print_uint32(ndr, name, r); + ndr->depth++; + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_DACL_AUTO_INHERIT", SEC_DACL_AUTO_INHERIT, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_SACL_AUTO_INHERIT", SEC_SACL_AUTO_INHERIT, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_DEFAULT_DESCRIPTOR", SEC_DEFAULT_DESCRIPTOR, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_OWNER_FROM_PARENT", SEC_OWNER_FROM_PARENT, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_GROUP_FROM_PARENT", SEC_GROUP_FROM_PARENT, r); + ndr->depth--; +} + diff --git a/librpc/gen_ndr/ndr_security.h b/librpc/gen_ndr/ndr_security.h index eddd3c3507..b900d54742 100644 --- a/librpc/gen_ndr/ndr_security.h +++ b/librpc/gen_ndr/ndr_security.h @@ -51,4 +51,7 @@ void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name, uint32_ enum ndr_err_code ndr_push_kerb_EncTypes(struct ndr_push *ndr, int ndr_flags, uint32_t r); enum ndr_err_code ndr_pull_kerb_EncTypes(struct ndr_pull *ndr, int ndr_flags, uint32_t *r); void ndr_print_kerb_EncTypes(struct ndr_print *ndr, const char *name, uint32_t r); +enum ndr_err_code ndr_push_security_autoinherit(struct ndr_push *ndr, int ndr_flags, uint32_t r); +enum ndr_err_code ndr_pull_security_autoinherit(struct ndr_pull *ndr, int ndr_flags, uint32_t *r); +void ndr_print_security_autoinherit(struct ndr_print *ndr, const char *name, uint32_t r); #endif /* _HEADER_NDR_security */ diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h index d1dcbe552a..e0a3528251 100644 --- a/librpc/gen_ndr/security.h +++ b/librpc/gen_ndr/security.h @@ -76,6 +76,11 @@ #define STANDARD_RIGHTS_READ_ACCESS ( SEC_STD_READ_CONTROL ) #define STANDARD_RIGHTS_WRITE_ACCESS ( (SEC_STD_WRITE_OWNER|SEC_STD_WRITE_DAC|SEC_STD_DELETE) ) #define STANDARD_RIGHTS_REQUIRED_ACCESS ( (SEC_STD_DELETE|SEC_STD_READ_CONTROL|SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER) ) +#define SEC_ADS_GENERIC_ALL_DS ( (SEC_STD_DELETE|SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER|SEC_ADS_CREATE_CHILD|SEC_ADS_DELETE_CHILD|SEC_ADS_DELETE_TREE|SEC_ADS_CONTROL_ACCESS) ) +#define SEC_ADS_GENERIC_EXECUTE ( SEC_STD_READ_CONTROL|SEC_ADS_LIST ) +#define SEC_ADS_GENERIC_WRITE ( (SEC_STD_READ_CONTROL|SEC_ADS_SELF_WRITE|SEC_ADS_WRITE_PROP) ) +#define SEC_ADS_GENERIC_READ ( (SEC_STD_READ_CONTROL|SEC_ADS_LIST|SEC_ADS_READ_PROP|SEC_ADS_LIST_OBJECT) ) +#define SEC_ADS_GENERIC_ALL ( (SEC_ADS_GENERIC_EXECUTE|SEC_ADS_GENERIC_WRITE|SEC_ADS_GENERIC_READ|SEC_ADS_GENERIC_ALL_DS) ) #define SID_NULL ( "S-1-0-0" ) #define NAME_WORLD ( "WORLD" ) #define SID_WORLD_DOMAIN ( "S-1-1" ) @@ -341,6 +346,7 @@ struct security_token { uint32_t num_sids; struct dom_sid **sids;/* [unique,size_is(num_sids)] */ uint64_t privilege_mask; + struct security_acl *default_dacl;/* [unique] */ }/* [public] */; /* bitmap security_secinfo */ @@ -360,4 +366,11 @@ struct security_token { #define KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 ( 0x00000008 ) #define KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 ( 0x00000010 ) +/* bitmap security_autoinherit */ +#define SEC_DACL_AUTO_INHERIT ( 0x00000001 ) +#define SEC_SACL_AUTO_INHERIT ( 0x00000002 ) +#define SEC_DEFAULT_DESCRIPTOR ( 0x00000004 ) +#define SEC_OWNER_FROM_PARENT ( 0x00000008 ) +#define SEC_GROUP_FROM_PARENT ( 0x00000010 ) + #endif /* _HEADER_security */ |