diff options
Diffstat (limited to 'source3/librpc/ndr/sid.c')
-rw-r--r-- | source3/librpc/ndr/sid.c | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/source3/librpc/ndr/sid.c b/source3/librpc/ndr/sid.c index f8c284e93c..af48063dfa 100644 --- a/source3/librpc/ndr/sid.c +++ b/source3/librpc/ndr/sid.c @@ -90,3 +90,163 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) return ret; } + +/* + parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field +*/ +NTSTATUS ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + uint32_t num_auths; + if (!(ndr_flags & NDR_SCALARS)) { + return NT_STATUS_OK; + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); + NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); + if (sid->num_auths != num_auths) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, + "Bad array size %u should exceed %u", + num_auths, sid->num_auths); + } + return NT_STATUS_OK; +} + +/* + parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field +*/ +NTSTATUS ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + if (!(ndr_flags & NDR_SCALARS)) { + return NT_STATUS_OK; + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); + return ndr_push_dom_sid(ndr, ndr_flags, sid); +} + +/* + parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth +*/ +NTSTATUS ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + NTSTATUS status; + struct ndr_pull *subndr; + + if (!(ndr_flags & NDR_SCALARS)) { + return NT_STATUS_OK; + } + + subndr = talloc_zero(ndr, struct ndr_pull); + NT_STATUS_HAVE_NO_MEMORY(subndr); + subndr->flags = ndr->flags; + subndr->current_mem_ctx = ndr->current_mem_ctx; + + subndr->data = ndr->data + ndr->offset; + subndr->data_size = 28; + subndr->offset = 0; + + NDR_CHECK(ndr_pull_advance(ndr, 28)); + + status = ndr_pull_dom_sid(subndr, ndr_flags, sid); + if (!NT_STATUS_IS_OK(status)) { + /* handle a w2k bug which send random data in the buffer */ + ZERO_STRUCTP(sid); + } + + return NT_STATUS_OK; +} + +/* + push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer +*/ +NTSTATUS ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + uint32_t old_offset; + uint32_t padding; + + if (!(ndr_flags & NDR_SCALARS)) { + return NT_STATUS_OK; + } + + if (sid->num_auths > 5) { + return ndr_push_error(ndr, NDR_ERR_RANGE, + "dom_sid28 allows only upto 5 sub auth [%u]", + sid->num_auths); + } + + old_offset = ndr->offset; + NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); + + padding = 28 - (ndr->offset - old_offset); + + if (padding > 0) { + NDR_CHECK(ndr_push_zero(ndr, padding)); + } + + return NT_STATUS_OK; +} + +NTSTATUS ndr_push_sec_desc_buf(struct ndr_push *ndr, int ndr_flags, const struct sec_desc_buf *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_size_security_descriptor(r->sd,ndr->flags))); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd)); + } + if (ndr_flags & NDR_BUFFERS) { + if (r->sd) { + { + struct ndr_push *_ndr_sd; + NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_sd, 4, -1)); + NDR_CHECK(ndr_push_security_descriptor(_ndr_sd, NDR_SCALARS|NDR_BUFFERS, r->sd)); + NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_sd, 4, -1)); + } + } + } + return NT_STATUS_OK; +} + +NTSTATUS ndr_pull_sec_desc_buf(struct ndr_pull *ndr, int ndr_flags, struct sec_desc_buf *r) +{ + uint32_t _ptr_sd; + TALLOC_CTX *_mem_save_sd_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sd_size)); + if (r->sd_size < 0 || r->sd_size > 0x40000) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd)); + if (_ptr_sd) { + NDR_PULL_ALLOC(ndr, r->sd); + } else { + r->sd = NULL; + } + } + if (ndr_flags & NDR_BUFFERS) { + if (r->sd) { + _mem_save_sd_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->sd, 0); + { + struct ndr_pull *_ndr_sd; + NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_sd, 4, -1)); + NDR_CHECK(ndr_pull_security_descriptor(_ndr_sd, NDR_SCALARS|NDR_BUFFERS, r->sd)); + NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_sd, 4, -1)); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_0, 0); + } + } + return NT_STATUS_OK; +} + +void ndr_print_sec_desc_buf(struct ndr_print *ndr, const char *name, const struct sec_desc_buf *r) +{ + ndr_print_struct(ndr, name, "sec_desc_buf"); + ndr->depth++; + ndr_print_uint32(ndr, "sd_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_descriptor(r->sd,ndr->flags):r->sd_size); + ndr_print_ptr(ndr, "sd", r->sd); + ndr->depth++; + if (r->sd) { + ndr_print_security_descriptor(ndr, "sd", r->sd); + } + ndr->depth--; + ndr->depth--; +} |