diff options
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/headermap.txt | 2 | ||||
| -rw-r--r-- | source4/libcli/security/dom_sid.c | 17 | ||||
| -rw-r--r-- | source4/libcli/security/sddl.c | 1 | ||||
| -rw-r--r-- | source4/libcli/security/security_descriptor.c | 20 | ||||
| -rw-r--r-- | source4/librpc/config.mk | 13 | ||||
| -rw-r--r-- | source4/librpc/idl/dom_sid.idl | 30 | ||||
| -rw-r--r-- | source4/librpc/ndr/ndr_dom_sid.c | 217 | ||||
| -rw-r--r-- | source4/torture/unix/whoami.c | 5 |
8 files changed, 5 insertions, 300 deletions
diff --git a/source4/headermap.txt b/source4/headermap.txt index b6edaac414..c906282a31 100644 --- a/source4/headermap.txt +++ b/source4/headermap.txt @@ -50,7 +50,7 @@ rpc_server/dcerpc_server.h: dcerpc_server.h rpc_server/common/common.h: dcerpc_server/common.h libcli/auth/credentials.h: domain_credentials.h ../lib/util/charset/charset.h: charset.h -libcli/ldap/ldap.h: ldap.h +libcli/ldap/ldap.h: ldap-util.h ../lib/torture/torture.h: torture.h libcli/libcli.h: client.h librpc/gen_ndr/nbt.h: gen_ndr/nbt.h diff --git a/source4/libcli/security/dom_sid.c b/source4/libcli/security/dom_sid.c index 1a7519e362..d8a83f2abb 100644 --- a/source4/libcli/security/dom_sid.c +++ b/source4/libcli/security/dom_sid.c @@ -122,11 +122,6 @@ struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr) return NULL; } - ret->sub_auths = talloc_array(ret, uint32_t, num_sub_auths); - if (!ret->sub_auths) { - return NULL; - } - ret->sid_rev_num = rev; ret->id_auth[0] = 0; ret->id_auth[1] = 0; @@ -183,11 +178,6 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid) return NULL; } - ret->sub_auths = talloc_array(ret, uint32_t, dom_sid->num_auths); - if (!ret->sub_auths) { - return NULL; - } - ret->sid_rev_num = dom_sid->sid_rev_num; ret->id_auth[0] = dom_sid->id_auth[0]; ret->id_auth[1] = dom_sid->id_auth[1]; @@ -206,7 +196,7 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid) /* add a rid to a domain dom_sid to make a full dom_sid. This function - returns a new sid in the suppplied memory context + returns a new sid in the supplied memory context */ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid, @@ -219,11 +209,6 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, *sid = *domain_sid; - sid->sub_auths = talloc_array(sid, uint32_t, sid->num_auths+1); - if (!sid->sub_auths) { - return NULL; - } - memcpy(sid->sub_auths, domain_sid->sub_auths, sid->num_auths*sizeof(uint32_t)); sid->sub_auths[sid->num_auths] = rid; sid->num_auths++; diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c index 09522f182a..a8d893f085 100644 --- a/source4/libcli/security/sddl.c +++ b/source4/libcli/security/sddl.c @@ -249,7 +249,6 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char return false; } ace->trustee = *sid; - talloc_steal(mem_ctx, sid->sub_auths); talloc_free(sid); return true; diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c index 882284dd9b..2bce8e8b08 100644 --- a/source4/libcli/security/security_descriptor.c +++ b/source4/libcli/security/security_descriptor.c @@ -65,18 +65,6 @@ static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx, goto failed; } - /* remapping array in trustee dom_sid from old acl to new acl */ - - for (i = 0; i < oacl->num_aces; i++) { - nacl->aces[i].trustee.sub_auths = - (uint32_t *)talloc_memdup(nacl->aces, nacl->aces[i].trustee.sub_auths, - sizeof(uint32_t) * nacl->aces[i].trustee.num_auths); - - if ((nacl->aces[i].trustee.sub_auths == NULL) && (nacl->aces[i].trustee.num_auths > 0)) { - goto failed; - } - } - nacl->revision = oacl->revision; nacl->size = oacl->size; nacl->num_aces = oacl->num_aces; @@ -175,14 +163,6 @@ static NTSTATUS security_descriptor_acl_add(struct security_descriptor *sd, } acl->aces[acl->num_aces] = *ace; - acl->aces[acl->num_aces].trustee.sub_auths = - (uint32_t *)talloc_memdup(acl->aces, - acl->aces[acl->num_aces].trustee.sub_auths, - sizeof(uint32_t) * - acl->aces[acl->num_aces].trustee.num_auths); - if (acl->aces[acl->num_aces].trustee.sub_auths == NULL) { - return NT_STATUS_NO_MEMORY; - } switch (acl->aces[acl->num_aces].type) { case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index adea071185..65c473779f 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -54,10 +54,9 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \ ../librpc/ndr/ndr_sec_helper.o \ - $(gen_ndrsrcdir)/ndr_dom_sid.o \ - $(ndrsrcdir)/ndr_dom_sid.o + $(gen_ndrsrcdir)/ndr_dom_sid.o -PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h dom_sid.h) +PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h) [SUBSYSTEM::NDR_AUDIOSRV] @@ -737,15 +736,9 @@ PRIVATE_DEPENDENCIES = RPC_NDR_DRSUAPI PYTALLOC param swig_credentials python_dc python_drsuapi_OBJ_FILES = $(gen_ndrsrcdir)/py_drsuapi.o -[PYTHON::python_dcerpc_dom_sid] -LIBRARY_REALNAME = samba/dcerpc/dom_sid.$(SHLIBEXT) -PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc - -python_dcerpc_dom_sid_OBJ_FILES = $(gen_ndrsrcdir)/py_dom_sid.o - [PYTHON::python_dcerpc_security] LIBRARY_REALNAME = samba/dcerpc/security.$(SHLIBEXT) -PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc_dom_sid python_dcerpc +PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl index 1fc8ee2165..172dda4fae 100644 --- a/source4/librpc/idl/dom_sid.idl +++ b/source4/librpc/idl/dom_sid.idl @@ -1,42 +1,12 @@ -/* - use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really - just a dom sid, but with the sub_auths represented as a conformant - array. As with all in-structure conformant arrays, the array length - is placed before the start of the structure. That's what gives rise - to the extra num_auths elemenent. We don't want the Samba code to - have to bother with such esoteric NDR details, so its easier to just - define it as a dom_sid and use pidl magic to make it all work. It - just means you need to mark a sid as a "dom_sid2" in the IDL when you - know it is of the conformant array variety -*/ -cpp_quote("#define dom_sid2 dom_sid") - -/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ -cpp_quote("#define dom_sid28 dom_sid") - -/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ -cpp_quote("#define dom_sid0 dom_sid") - [ pointer_default(unique) ] interface dom_sid { - /* a domain SID. Note that unlike Samba3 this contains a pointer, - so you can't copy them using assignment */ - typedef [public,gensize,noprint,nosize] struct { - uint8 sid_rev_num; /**< SID revision number */ - [range(0,15)] int8 num_auths; /**< Number of sub-authorities */ - uint8 id_auth[6]; /**< Identifier Authority */ - uint32 sub_auths[num_auths]; - } dom_sid; - /* id used to identify a endpoint, possibly in a cluster */ typedef [public] struct { hyper id; uint32 id2; uint32 node; } server_id; - } - diff --git a/source4/librpc/ndr/ndr_dom_sid.c b/source4/librpc/ndr/ndr_dom_sid.c deleted file mode 100644 index b986231b4f..0000000000 --- a/source4/librpc/ndr/ndr_dom_sid.c +++ /dev/null @@ -1,217 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - fast routines for getting the wire size of security objects - - Copyright (C) Andrew Tridgell 2003 - Copyright (C) Stefan Metzmacher 2006-2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - - -#include "includes.h" -#include "librpc/gen_ndr/ndr_security.h" -#include "libcli/security/security.h" - -/* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) -{ - struct dom_sid zero_sid; - - if (!sid) return 0; - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return 0; - } - - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) -{ - return ndr_size_dom_sid28(sid, flags); -} - -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - uint32_t num_auths; - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); - NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); - if (sid->num_auths != num_auths) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, - "Bad array size %u should exceed %u", - num_auths, sid->num_auths); - } - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth -*/ -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - enum ndr_err_code status; - struct ndr_pull *subndr; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - subndr = talloc_zero(ndr, struct ndr_pull); - NDR_ERR_HAVE_NO_MEMORY(subndr); - subndr->flags = ndr->flags; - subndr->current_mem_ctx = ndr->current_mem_ctx; - - subndr->data = ndr->data + ndr->offset; - subndr->data_size = 28; - subndr->offset = 0; - - NDR_CHECK(ndr_pull_advance(ndr, 28)); - - status = ndr_pull_dom_sid(subndr, ndr_flags, sid); - if (!NDR_ERR_CODE_IS_SUCCESS(status)) { - /* handle a w2k bug which send random data in the buffer */ - ZERO_STRUCTP(sid); - } else if (sid->num_auths == 0 && sid->sub_auths) { - talloc_free(sid->sub_auths); - sid->sub_auths = NULL; - } - - return NDR_ERR_SUCCESS; -} - -/* - push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer -*/ -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - uint32_t old_offset; - uint32_t padding; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (sid->num_auths > 5) { - return ndr_push_error(ndr, NDR_ERR_RANGE, - "dom_sid28 allows only upto 5 sub auth [%u]", - sid->num_auths); - } - - old_offset = ndr->offset; - NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); - - padding = 28 - (ndr->offset - old_offset); - - if (padding > 0) { - NDR_CHECK(ndr_push_zero(ndr, padding)); - } - - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (ndr->data_size == ndr->offset) { - ZERO_STRUCTP(sid); - return NDR_ERR_SUCCESS; - } - - return ndr_pull_dom_sid(ndr, ndr_flags, sid); -} - -/* - push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - struct dom_sid zero_sid; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (!sid) { - return NDR_ERR_SUCCESS; - } - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return NDR_ERR_SUCCESS; - } - - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c index 5e5a5e81cd..b72b9fcb09 100644 --- a/source4/torture/unix/whoami.c +++ b/source4/torture/unix/whoami.c @@ -127,11 +127,6 @@ static bool sid_parse(void *mem_ctx, torture_assert(torture, (*psid)->num_auths <= 15, "invalid sub_auth value"); - (*psid)->sub_auths = talloc_array(mem_ctx, uint32_t, - (*psid)->num_auths); - torture_assert(torture, (*psid)->sub_auths != NULL, - "out of memory"); - for (i = 0; i < (*psid)->num_auths; i++) { (*psid)->sub_auths[i] = IVAL(data->data, *offset); (*offset) += 4; |