summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/headermap.txt2
-rw-r--r--source4/libcli/security/dom_sid.c17
-rw-r--r--source4/libcli/security/sddl.c1
-rw-r--r--source4/libcli/security/security_descriptor.c20
-rw-r--r--source4/librpc/config.mk13
-rw-r--r--source4/librpc/idl/dom_sid.idl30
-rw-r--r--source4/librpc/ndr/ndr_dom_sid.c217
-rw-r--r--source4/torture/unix/whoami.c5
8 files changed, 5 insertions, 300 deletions
diff --git a/source4/headermap.txt b/source4/headermap.txt
index b6edaac414..c906282a31 100644
--- a/source4/headermap.txt
+++ b/source4/headermap.txt
@@ -50,7 +50,7 @@ rpc_server/dcerpc_server.h: dcerpc_server.h
rpc_server/common/common.h: dcerpc_server/common.h
libcli/auth/credentials.h: domain_credentials.h
../lib/util/charset/charset.h: charset.h
-libcli/ldap/ldap.h: ldap.h
+libcli/ldap/ldap.h: ldap-util.h
../lib/torture/torture.h: torture.h
libcli/libcli.h: client.h
librpc/gen_ndr/nbt.h: gen_ndr/nbt.h
diff --git a/source4/libcli/security/dom_sid.c b/source4/libcli/security/dom_sid.c
index 1a7519e362..d8a83f2abb 100644
--- a/source4/libcli/security/dom_sid.c
+++ b/source4/libcli/security/dom_sid.c
@@ -122,11 +122,6 @@ struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
return NULL;
}
- ret->sub_auths = talloc_array(ret, uint32_t, num_sub_auths);
- if (!ret->sub_auths) {
- return NULL;
- }
-
ret->sid_rev_num = rev;
ret->id_auth[0] = 0;
ret->id_auth[1] = 0;
@@ -183,11 +178,6 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
return NULL;
}
- ret->sub_auths = talloc_array(ret, uint32_t, dom_sid->num_auths);
- if (!ret->sub_auths) {
- return NULL;
- }
-
ret->sid_rev_num = dom_sid->sid_rev_num;
ret->id_auth[0] = dom_sid->id_auth[0];
ret->id_auth[1] = dom_sid->id_auth[1];
@@ -206,7 +196,7 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
/*
add a rid to a domain dom_sid to make a full dom_sid. This function
- returns a new sid in the suppplied memory context
+ returns a new sid in the supplied memory context
*/
struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
const struct dom_sid *domain_sid,
@@ -219,11 +209,6 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
*sid = *domain_sid;
- sid->sub_auths = talloc_array(sid, uint32_t, sid->num_auths+1);
- if (!sid->sub_auths) {
- return NULL;
- }
- memcpy(sid->sub_auths, domain_sid->sub_auths, sid->num_auths*sizeof(uint32_t));
sid->sub_auths[sid->num_auths] = rid;
sid->num_auths++;
diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c
index 09522f182a..a8d893f085 100644
--- a/source4/libcli/security/sddl.c
+++ b/source4/libcli/security/sddl.c
@@ -249,7 +249,6 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
return false;
}
ace->trustee = *sid;
- talloc_steal(mem_ctx, sid->sub_auths);
talloc_free(sid);
return true;
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c
index 882284dd9b..2bce8e8b08 100644
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -65,18 +65,6 @@ static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx,
goto failed;
}
- /* remapping array in trustee dom_sid from old acl to new acl */
-
- for (i = 0; i < oacl->num_aces; i++) {
- nacl->aces[i].trustee.sub_auths =
- (uint32_t *)talloc_memdup(nacl->aces, nacl->aces[i].trustee.sub_auths,
- sizeof(uint32_t) * nacl->aces[i].trustee.num_auths);
-
- if ((nacl->aces[i].trustee.sub_auths == NULL) && (nacl->aces[i].trustee.num_auths > 0)) {
- goto failed;
- }
- }
-
nacl->revision = oacl->revision;
nacl->size = oacl->size;
nacl->num_aces = oacl->num_aces;
@@ -175,14 +163,6 @@ static NTSTATUS security_descriptor_acl_add(struct security_descriptor *sd,
}
acl->aces[acl->num_aces] = *ace;
- acl->aces[acl->num_aces].trustee.sub_auths =
- (uint32_t *)talloc_memdup(acl->aces,
- acl->aces[acl->num_aces].trustee.sub_auths,
- sizeof(uint32_t) *
- acl->aces[acl->num_aces].trustee.num_auths);
- if (acl->aces[acl->num_aces].trustee.sub_auths == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
switch (acl->aces[acl->num_aces].type) {
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index adea071185..65c473779f 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -54,10 +54,9 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY
NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \
../librpc/ndr/ndr_sec_helper.o \
- $(gen_ndrsrcdir)/ndr_dom_sid.o \
- $(ndrsrcdir)/ndr_dom_sid.o
+ $(gen_ndrsrcdir)/ndr_dom_sid.o
-PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h dom_sid.h)
+PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h)
[SUBSYSTEM::NDR_AUDIOSRV]
@@ -737,15 +736,9 @@ PRIVATE_DEPENDENCIES = RPC_NDR_DRSUAPI PYTALLOC param swig_credentials python_dc
python_drsuapi_OBJ_FILES = $(gen_ndrsrcdir)/py_drsuapi.o
-[PYTHON::python_dcerpc_dom_sid]
-LIBRARY_REALNAME = samba/dcerpc/dom_sid.$(SHLIBEXT)
-PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc
-
-python_dcerpc_dom_sid_OBJ_FILES = $(gen_ndrsrcdir)/py_dom_sid.o
-
[PYTHON::python_dcerpc_security]
LIBRARY_REALNAME = samba/dcerpc/security.$(SHLIBEXT)
-PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc_dom_sid python_dcerpc
+PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc
python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o
diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl
index 1fc8ee2165..172dda4fae 100644
--- a/source4/librpc/idl/dom_sid.idl
+++ b/source4/librpc/idl/dom_sid.idl
@@ -1,42 +1,12 @@
-/*
- use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
- just a dom sid, but with the sub_auths represented as a conformant
- array. As with all in-structure conformant arrays, the array length
- is placed before the start of the structure. That's what gives rise
- to the extra num_auths elemenent. We don't want the Samba code to
- have to bother with such esoteric NDR details, so its easier to just
- define it as a dom_sid and use pidl magic to make it all work. It
- just means you need to mark a sid as a "dom_sid2" in the IDL when you
- know it is of the conformant array variety
-*/
-cpp_quote("#define dom_sid2 dom_sid")
-
-/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
-cpp_quote("#define dom_sid28 dom_sid")
-
-/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
-cpp_quote("#define dom_sid0 dom_sid")
-
[
pointer_default(unique)
]
interface dom_sid
{
- /* a domain SID. Note that unlike Samba3 this contains a pointer,
- so you can't copy them using assignment */
- typedef [public,gensize,noprint,nosize] struct {
- uint8 sid_rev_num; /**< SID revision number */
- [range(0,15)] int8 num_auths; /**< Number of sub-authorities */
- uint8 id_auth[6]; /**< Identifier Authority */
- uint32 sub_auths[num_auths];
- } dom_sid;
-
/* id used to identify a endpoint, possibly in a cluster */
typedef [public] struct {
hyper id;
uint32 id2;
uint32 node;
} server_id;
-
}
-
diff --git a/source4/librpc/ndr/ndr_dom_sid.c b/source4/librpc/ndr/ndr_dom_sid.c
deleted file mode 100644
index b986231b4f..0000000000
--- a/source4/librpc/ndr/ndr_dom_sid.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
-
- fast routines for getting the wire size of security objects
-
- Copyright (C) Andrew Tridgell 2003
- Copyright (C) Stefan Metzmacher 2006-2008
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include "includes.h"
-#include "librpc/gen_ndr/ndr_security.h"
-#include "libcli/security/security.h"
-
-/*
- return the wire size of a dom_sid
-*/
-size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
-{
- if (!sid) return 0;
- return 8 + 4*sid->num_auths;
-}
-
-size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags)
-{
- struct dom_sid zero_sid;
-
- if (!sid) return 0;
-
- ZERO_STRUCT(zero_sid);
-
- if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
- return 0;
- }
-
- return 8 + 4*sid->num_auths;
-}
-
-size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags)
-{
- return ndr_size_dom_sid28(sid, flags);
-}
-
-/*
- print a dom_sid
-*/
-void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
-}
-
-void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr_print_dom_sid(ndr, name, sid);
-}
-
-void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr_print_dom_sid(ndr, name, sid);
-}
-
-void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
-{
- ndr_print_dom_sid(ndr, name, sid);
-}
-
-
-/*
- parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
-*/
-enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
-{
- uint32_t num_auths;
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths));
- NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
- if (sid->num_auths != num_auths) {
- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
- "Bad array size %u should exceed %u",
- num_auths, sid->num_auths);
- }
- return NDR_ERR_SUCCESS;
-}
-
-/*
- parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
-*/
-enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
-{
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths));
- return ndr_push_dom_sid(ndr, ndr_flags, sid);
-}
-
-/*
- parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth
-*/
-enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
-{
- enum ndr_err_code status;
- struct ndr_pull *subndr;
-
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- subndr = talloc_zero(ndr, struct ndr_pull);
- NDR_ERR_HAVE_NO_MEMORY(subndr);
- subndr->flags = ndr->flags;
- subndr->current_mem_ctx = ndr->current_mem_ctx;
-
- subndr->data = ndr->data + ndr->offset;
- subndr->data_size = 28;
- subndr->offset = 0;
-
- NDR_CHECK(ndr_pull_advance(ndr, 28));
-
- status = ndr_pull_dom_sid(subndr, ndr_flags, sid);
- if (!NDR_ERR_CODE_IS_SUCCESS(status)) {
- /* handle a w2k bug which send random data in the buffer */
- ZERO_STRUCTP(sid);
- } else if (sid->num_auths == 0 && sid->sub_auths) {
- talloc_free(sid->sub_auths);
- sid->sub_auths = NULL;
- }
-
- return NDR_ERR_SUCCESS;
-}
-
-/*
- push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer
-*/
-enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
-{
- uint32_t old_offset;
- uint32_t padding;
-
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- if (sid->num_auths > 5) {
- return ndr_push_error(ndr, NDR_ERR_RANGE,
- "dom_sid28 allows only upto 5 sub auth [%u]",
- sid->num_auths);
- }
-
- old_offset = ndr->offset;
- NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid));
-
- padding = 28 - (ndr->offset - old_offset);
-
- if (padding > 0) {
- NDR_CHECK(ndr_push_zero(ndr, padding));
- }
-
- return NDR_ERR_SUCCESS;
-}
-
-/*
- parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
-*/
-enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
-{
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- if (ndr->data_size == ndr->offset) {
- ZERO_STRUCTP(sid);
- return NDR_ERR_SUCCESS;
- }
-
- return ndr_pull_dom_sid(ndr, ndr_flags, sid);
-}
-
-/*
- push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
-*/
-enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
-{
- struct dom_sid zero_sid;
-
- if (!(ndr_flags & NDR_SCALARS)) {
- return NDR_ERR_SUCCESS;
- }
-
- if (!sid) {
- return NDR_ERR_SUCCESS;
- }
-
- ZERO_STRUCT(zero_sid);
-
- if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
- return NDR_ERR_SUCCESS;
- }
-
- return ndr_push_dom_sid(ndr, ndr_flags, sid);
-}
-
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 5e5a5e81cd..b72b9fcb09 100644
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -127,11 +127,6 @@ static bool sid_parse(void *mem_ctx,
torture_assert(torture, (*psid)->num_auths <= 15,
"invalid sub_auth value");
- (*psid)->sub_auths = talloc_array(mem_ctx, uint32_t,
- (*psid)->num_auths);
- torture_assert(torture, (*psid)->sub_auths != NULL,
- "out of memory");
-
for (i = 0; i < (*psid)->num_auths; i++) {
(*psid)->sub_auths[i] = IVAL(data->data, *offset);
(*offset) += 4;