diff options
Diffstat (limited to 'source4/librpc/ndr/ndr_sec.c')
-rw-r--r-- | source4/librpc/ndr/ndr_sec.c | 354 |
1 files changed, 9 insertions, 345 deletions
diff --git a/source4/librpc/ndr/ndr_sec.c b/source4/librpc/ndr/ndr_sec.c index 06abbd355e..5a959b9b47 100644 --- a/source4/librpc/ndr/ndr_sec.c +++ b/source4/librpc/ndr/ndr_sec.c @@ -25,296 +25,28 @@ #include "includes.h" /* - parse a security_ace -*/ -NTSTATUS ndr_pull_security_ace(struct ndr_pull *ndr, struct security_ace *ace) -{ - uint16 size; - struct ndr_pull_save save; - - ndr_pull_save(ndr, &save); - - NDR_CHECK(ndr_pull_uint8(ndr, &ace->type)); - NDR_CHECK(ndr_pull_uint8(ndr, &ace->flags)); - NDR_CHECK(ndr_pull_uint16(ndr, &size)); - NDR_CHECK(ndr_pull_limit_size(ndr, size, 4)); - - NDR_CHECK(ndr_pull_uint32(ndr, &ace->access_mask)); - - if (sec_ace_object(ace->type)) { - NDR_ALLOC(ndr, ace->obj); - NDR_CHECK(ndr_pull_uint32(ndr, &ace->obj->flags)); - if (ace->obj->flags & SEC_ACE_OBJECT_PRESENT) { - NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &ace->obj->object_guid)); - } - if (ace->obj->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) { - NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &ace->obj->inherit_guid)); - } - } else { - ace->obj = NULL; - } - - - NDR_CHECK(ndr_pull_dom_sid(ndr, &ace->trustee)); - - ndr_pull_restore(ndr, &save); - NDR_CHECK(ndr_pull_advance(ndr, size)); - - return NT_STATUS_OK; -} - -/* - parse a security_acl -*/ -NTSTATUS ndr_pull_security_acl(struct ndr_pull *ndr, struct security_acl *acl) -{ - int i; - uint16 size; - struct ndr_pull_save save; - - ndr_pull_save(ndr, &save); - - NDR_CHECK(ndr_pull_uint16(ndr, &acl->revision)); - NDR_CHECK(ndr_pull_uint16(ndr, &size)); - NDR_CHECK(ndr_pull_limit_size(ndr, size, 4)); - NDR_CHECK(ndr_pull_uint32(ndr, &acl->num_aces)); - - NDR_ALLOC_N(ndr, acl->aces, acl->num_aces); - - for (i=0;i<acl->num_aces;i++) { - NDR_CHECK(ndr_pull_security_ace(ndr, &acl->aces[i])); - } - - ndr_pull_restore(ndr, &save); - NDR_CHECK(ndr_pull_advance(ndr, size)); - - return NT_STATUS_OK; -} - -/* - parse a security_acl offset and structure -*/ -NTSTATUS ndr_pull_security_acl_ofs(struct ndr_pull *ndr, struct security_acl **acl) -{ - uint32 ofs; - struct ndr_pull_save save; - - NDR_CHECK(ndr_pull_uint32(ndr, &ofs)); - if (ofs == 0) { - /* it is valid for an acl ptr to be NULL */ - *acl = NULL; - return NT_STATUS_OK; - } - - ndr_pull_save(ndr, &save); - NDR_CHECK(ndr_pull_set_offset(ndr, ofs)); - NDR_ALLOC(ndr, *acl); - NDR_CHECK(ndr_pull_security_acl(ndr, *acl)); - ndr_pull_restore(ndr, &save); - - return NT_STATUS_OK; -} - - -/* - parse a dom_sid -*/ -NTSTATUS ndr_pull_dom_sid(struct ndr_pull *ndr, struct dom_sid *sid) -{ - int i; - - NDR_CHECK(ndr_pull_uint8(ndr, &sid->sid_rev_num)); - NDR_CHECK(ndr_pull_uint8(ndr, &sid->num_auths)); - for (i=0;i<6;i++) { - NDR_CHECK(ndr_pull_uint8(ndr, &sid->id_auth[i])); - } - - NDR_ALLOC_N(ndr, sid->sub_auths, sid->num_auths); - - for (i=0;i<sid->num_auths;i++) { - NDR_CHECK(ndr_pull_uint32(ndr, &sid->sub_auths[i])); - } - - return NT_STATUS_OK; -} - -/* parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field */ -NTSTATUS ndr_pull_dom_sid2(struct ndr_pull *ndr, struct dom_sid *sid) +NTSTATUS ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) { uint32 num_auths; - NDR_CHECK(ndr_pull_uint32(ndr, &num_auths)); - return ndr_pull_dom_sid(ndr, sid); -} - -/* - parse a dom_sid offset and structure -*/ -NTSTATUS ndr_pull_dom_sid_ofs(struct ndr_pull *ndr, struct dom_sid **sid) -{ - uint32 ofs; - struct ndr_pull_save save; - - NDR_CHECK(ndr_pull_uint32(ndr, &ofs)); - if (ofs == 0) { - /* it is valid for a dom_sid ptr to be NULL */ - *sid = NULL; + if (!(ndr_flags & NDR_SCALARS)) { return NT_STATUS_OK; } - - ndr_pull_save(ndr, &save); - NDR_CHECK(ndr_pull_set_offset(ndr, ofs)); - NDR_ALLOC(ndr, *sid); - NDR_CHECK(ndr_pull_dom_sid(ndr, *sid)); - ndr_pull_restore(ndr, &save); - - return NT_STATUS_OK; -} - -/* - parse a security descriptor -*/ -NTSTATUS ndr_pull_security_descriptor(struct ndr_pull *ndr, - struct security_descriptor *sd) -{ - NDR_CHECK(ndr_pull_uint8(ndr, &sd->revision)); - NDR_CHECK(ndr_pull_uint16(ndr, &sd->type)); - NDR_CHECK(ndr_pull_dom_sid_ofs(ndr, &sd->owner_sid)); - NDR_CHECK(ndr_pull_dom_sid_ofs(ndr, &sd->group_sid)); - NDR_CHECK(ndr_pull_security_acl_ofs(ndr, &sd->sacl)); - NDR_CHECK(ndr_pull_security_acl_ofs(ndr, &sd->dacl)); - - return NT_STATUS_OK; -} - - -/* - parse a security_ace -*/ -NTSTATUS ndr_push_security_ace(struct ndr_push *ndr, struct security_ace *ace) -{ - struct ndr_push_save save1, save2; - - NDR_CHECK(ndr_push_uint8(ndr, ace->type)); - NDR_CHECK(ndr_push_uint8(ndr, ace->flags)); - ndr_push_save(ndr, &save1); - NDR_CHECK(ndr_push_uint16(ndr, 0)); - NDR_CHECK(ndr_push_uint32(ndr, ace->access_mask)); - - if (sec_ace_object(ace->type)) { - NDR_CHECK(ndr_push_uint32(ndr, ace->obj->flags)); - if (ace->obj->flags & SEC_ACE_OBJECT_PRESENT) { - NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &ace->obj->object_guid)); - } - if (ace->obj->flags & SEC_ACE_OBJECT_INHERITED_PRESENT) { - NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &ace->obj->inherit_guid)); - } - } - - NDR_CHECK(ndr_push_dom_sid(ndr, &ace->trustee)); - - ndr_push_save(ndr, &save2); - ndr_push_restore(ndr, &save1); - NDR_CHECK(ndr_push_uint16(ndr, 2 + save2.offset - save1.offset)); - ndr_push_restore(ndr, &save2); - - return NT_STATUS_OK; -} - - -/* - push a security_acl -*/ -NTSTATUS ndr_push_security_acl(struct ndr_push *ndr, struct security_acl *acl) -{ - int i; - struct ndr_push_save save1, save2; - - NDR_CHECK(ndr_push_uint16(ndr, acl->revision)); - ndr_push_save(ndr, &save1); - NDR_CHECK(ndr_push_uint16(ndr, 0)); - NDR_CHECK(ndr_push_uint32(ndr, acl->num_aces)); - for (i=0;i<acl->num_aces;i++) { - NDR_CHECK(ndr_push_security_ace(ndr, &acl->aces[i])); - } - ndr_push_save(ndr, &save2); - ndr_push_restore(ndr, &save1); - NDR_CHECK(ndr_push_uint16(ndr, 2 + save2.offset - save1.offset)); - ndr_push_restore(ndr, &save2); - - return NT_STATUS_OK; -} - -/* - push a dom_sid -*/ -NTSTATUS ndr_push_dom_sid(struct ndr_push *ndr, struct dom_sid *sid) -{ - int i; - - NDR_CHECK(ndr_push_uint8(ndr, sid->sid_rev_num)); - NDR_CHECK(ndr_push_uint8(ndr, sid->num_auths)); - for (i=0;i<6;i++) { - NDR_CHECK(ndr_push_uint8(ndr, sid->id_auth[i])); - } - for (i=0;i<sid->num_auths;i++) { - NDR_CHECK(ndr_push_uint32(ndr, sid->sub_auths[i])); - } - - return NT_STATUS_OK; + NDR_CHECK(ndr_pull_uint32(ndr, &num_auths)); + return ndr_pull_dom_sid(ndr, ndr_flags, sid); } /* parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field */ -NTSTATUS ndr_push_dom_sid2(struct ndr_push *ndr, struct dom_sid *sid) +NTSTATUS ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, struct dom_sid *sid) { - NDR_CHECK(ndr_push_uint32(ndr, sid->num_auths)); - return ndr_push_dom_sid(ndr, sid); -} - - -/* - generate a ndr security descriptor -*/ -NTSTATUS ndr_push_security_descriptor(struct ndr_push *ndr, - struct security_descriptor *sd) -{ - struct ndr_push_save save; - struct ndr_push_save ofs1, ofs2, ofs3, ofs4; - - ndr_push_save(ndr, &save); - - NDR_CHECK(ndr_push_uint8(ndr, sd->revision)); - NDR_CHECK(ndr_push_uint16(ndr, sd->type)); - - NDR_CHECK(ndr_push_offset(ndr, &ofs1)); - NDR_CHECK(ndr_push_offset(ndr, &ofs2)); - NDR_CHECK(ndr_push_offset(ndr, &ofs3)); - NDR_CHECK(ndr_push_offset(ndr, &ofs4)); - - if (sd->owner_sid) { - NDR_CHECK(ndr_push_offset_ptr(ndr, &ofs1, &save)); - NDR_CHECK(ndr_push_dom_sid(ndr, sd->owner_sid)); - } - - if (sd->group_sid) { - NDR_CHECK(ndr_push_offset_ptr(ndr, &ofs2, &save)); - NDR_CHECK(ndr_push_dom_sid(ndr, sd->group_sid)); - } - - if (sd->sacl) { - NDR_CHECK(ndr_push_offset_ptr(ndr, &ofs3, &save)); - NDR_CHECK(ndr_push_security_acl(ndr, sd->sacl)); - } - - if (sd->dacl) { - NDR_CHECK(ndr_push_offset_ptr(ndr, &ofs4, &save)); - NDR_CHECK(ndr_push_security_acl(ndr, sd->dacl)); + if (!(ndr_flags & NDR_SCALARS)) { + return NT_STATUS_OK; } - - return NT_STATUS_OK; + NDR_CHECK(ndr_push_uint32(ndr, sid->num_auths)); + return ndr_push_dom_sid(ndr, ndr_flags, sid); } @@ -356,71 +88,3 @@ void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, struct dom_sid2 ndr_print_dom_sid(ndr, name, sid); } - -/* - print a security_ace -*/ -void ndr_print_security_ace(struct ndr_print *ndr, const char *name, struct security_ace *ace) -{ - ndr_print_struct(ndr, name, "security_ace"); - ndr->depth++; - ndr_print_uint8(ndr, "type", ace->type); - ndr_print_uint8(ndr, "flags", ace->flags); - ndr_print_uint32(ndr, "access_mask", ace->access_mask); - if (ace->obj) { - ndr_print_struct(ndr, name, "security_ace_obj"); - ndr->depth++; - ndr_print_uint32(ndr, "flags", ace->obj->flags); - ndr_print_GUID(ndr, "object_guid", &ace->obj->object_guid); - ndr_print_GUID(ndr, "inherit_guid", &ace->obj->inherit_guid); - ndr->depth--; - } - ndr_print_dom_sid(ndr, "trustee", &ace->trustee); - ndr->depth--; -} - -/* - print a security_acl -*/ -void ndr_print_security_acl(struct ndr_print *ndr, const char *name, struct security_acl *acl) -{ - ndr_print_struct(ndr, name, "security_acl"); - ndr->depth++; - ndr_print_uint16(ndr, "revision", acl->revision); - ndr_print_uint32(ndr, "num_aces", acl->num_aces); - ndr_print_array(ndr, "aces", acl->aces, - sizeof(acl->aces[0]), acl->num_aces, - (ndr_print_fn_t) ndr_print_security_ace); - ndr->depth--; -} - -/* - print a security descriptor -*/ -void ndr_print_security_descriptor(struct ndr_print *ndr, - const char *name, - struct security_descriptor *sd) -{ - ndr_print_struct(ndr, name, "security_descriptor"); - ndr->depth++; - ndr_print_uint8(ndr, "revision", sd->revision); - ndr_print_uint16(ndr, "type", sd->type); - ndr_print_ptr(ndr, "owner_sid", sd->owner_sid); - if (sd->owner_sid) { - ndr_print_dom_sid(ndr, "owner_sid", sd->owner_sid); - } - ndr_print_ptr(ndr, "group_sid", sd->group_sid); - if (sd->group_sid) { - ndr_print_dom_sid(ndr, "group_sid", sd->group_sid); - } - ndr_print_ptr(ndr, "sacl", sd->sacl); - if (sd->sacl) { - ndr_print_security_acl(ndr, "sacl", sd->sacl); - } - ndr_print_ptr(ndr, "dacl", sd->dacl); - if (sd->dacl) { - ndr_print_security_acl(ndr, "dacl", sd->dacl); - } - ndr->depth--; -} - |