From da6721e3231fb93b934440c2d92abab834289c82 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 1 Mar 2009 18:15:36 +0100 Subject: Move secacl to top-level. --- libcli/security/secacl.c | 122 ++++++++++++++++++++++++++++++++++++++ source3/Makefile.in | 2 +- source3/include/rpc_secdes.h | 1 - source3/lib/secacl.c | 118 ------------------------------------ source4/libcli/security/config.mk | 3 +- 5 files changed, 125 insertions(+), 121 deletions(-) create mode 100644 libcli/security/secacl.c delete mode 100644 source3/lib/secacl.c diff --git a/libcli/security/secacl.c b/libcli/security/secacl.c new file mode 100644 index 0000000000..45640773b0 --- /dev/null +++ b/libcli/security/secacl.c @@ -0,0 +1,122 @@ +/* + * Unix SMB/Netbios implementation. + * SEC_ACL handling routines + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Jeremy R. Allison 1995-2003. + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Paul Ashton 1997-1998. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include "includes.h" +#include "libcli/security/security.h" + +#define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16_t) + sizeof(uint32_t)) + +/******************************************************************* + Create a SEC_ACL structure. +********************************************************************/ + +struct security_acl *make_sec_acl(TALLOC_CTX *ctx, + enum security_acl_revision revision, + int num_aces, struct security_ace *ace_list) +{ + struct security_acl *dst; + int i; + + if((dst = talloc_zero(ctx, struct security_acl)) == NULL) + return NULL; + + dst->revision = revision; + dst->num_aces = num_aces; + dst->size = SEC_ACL_HEADER_SIZE; + + /* Now we need to return a non-NULL address for the ace list even + if the number of aces required is zero. This is because there + is a distinct difference between a NULL ace and an ace with zero + entries in it. This is achieved by checking that num_aces is a + positive number. */ + + if ((num_aces) && + ((dst->aces = talloc_array(ctx, struct security_ace, num_aces)) + == NULL)) { + return NULL; + } + + for (i = 0; i < num_aces; i++) { + dst->aces[i] = ace_list[i]; /* Structure copy. */ + dst->size += ace_list[i].size; + } + + return dst; +} + +/******************************************************************* + Duplicate a SEC_ACL structure. +********************************************************************/ + +struct security_acl *dup_sec_acl(TALLOC_CTX *ctx, struct security_acl *src) +{ + if(src == NULL) + return NULL; + + return make_sec_acl(ctx, src->revision, src->num_aces, src->aces); +} + +/******************************************************************* + Compares two SEC_ACL structures +********************************************************************/ + +bool sec_acl_equal(struct security_acl *s1, struct security_acl *s2) +{ + unsigned int i, j; + + /* Trivial cases */ + + if (!s1 && !s2) return true; + if (!s1 || !s2) return false; + + /* Check top level stuff */ + + if (s1->revision != s2->revision) { + DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n", + s1->revision, s2->revision)); + return false; + } + + if (s1->num_aces != s2->num_aces) { + DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n", + s1->revision, s2->revision)); + return false; + } + + /* The ACEs could be in any order so check each ACE in s1 against + each ACE in s2. */ + + for (i = 0; i < s1->num_aces; i++) { + bool found = false; + + for (j = 0; j < s2->num_aces; j++) { + if (sec_ace_equal(&s1->aces[i], &s2->aces[j])) { + found = true; + break; + } + } + + if (!found) return false; + } + + return true; +} diff --git a/source3/Makefile.in b/source3/Makefile.in index 30990f4c54..f1272559b7 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -371,7 +371,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \ lib/module.o lib/events.o @LIBTEVENT_OBJ0@ \ lib/ldap_escape.o @CHARSET_STATIC@ \ lib/secdesc.o lib/util_seaccess.o ../libcli/security/secace.o \ - lib/secacl.o \ + ../libcli/security/secacl.o \ libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \ lib/file_id.o lib/idmap_cache.o \ ../libcli/security/dom_sid.o diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 37f7464a4a..c74d621f35 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -77,7 +77,6 @@ typedef struct security_ace SEC_ACE; #ifndef _SEC_ACL /* SEC_ACL */ typedef struct security_acl SEC_ACL; -#define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16) + sizeof(uint32)) #define _SEC_ACL #endif diff --git a/source3/lib/secacl.c b/source3/lib/secacl.c deleted file mode 100644 index 5e82242e1b..0000000000 --- a/source3/lib/secacl.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Unix SMB/Netbios implementation. - * SEC_ACL handling routines - * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Jeremy R. Allison 1995-2003. - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, - * Copyright (C) Paul Ashton 1997-1998. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include "includes.h" - -/******************************************************************* - Create a SEC_ACL structure. -********************************************************************/ - -SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, enum security_acl_revision revision, - int num_aces, SEC_ACE *ace_list) -{ - SEC_ACL *dst; - int i; - - if((dst = TALLOC_ZERO_P(ctx,SEC_ACL)) == NULL) - return NULL; - - dst->revision = revision; - dst->num_aces = num_aces; - dst->size = SEC_ACL_HEADER_SIZE; - - /* Now we need to return a non-NULL address for the ace list even - if the number of aces required is zero. This is because there - is a distinct difference between a NULL ace and an ace with zero - entries in it. This is achieved by checking that num_aces is a - positive number. */ - - if ((num_aces) && - ((dst->aces = TALLOC_ARRAY(ctx, SEC_ACE, num_aces)) - == NULL)) { - return NULL; - } - - for (i = 0; i < num_aces; i++) { - dst->aces[i] = ace_list[i]; /* Structure copy. */ - dst->size += ace_list[i].size; - } - - return dst; -} - -/******************************************************************* - Duplicate a SEC_ACL structure. -********************************************************************/ - -SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) -{ - if(src == NULL) - return NULL; - - return make_sec_acl(ctx, src->revision, src->num_aces, src->aces); -} - -/******************************************************************* - Compares two SEC_ACL structures -********************************************************************/ - -bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) -{ - unsigned int i, j; - - /* Trivial cases */ - - if (!s1 && !s2) return True; - if (!s1 || !s2) return False; - - /* Check top level stuff */ - - if (s1->revision != s2->revision) { - DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n", - s1->revision, s2->revision)); - return False; - } - - if (s1->num_aces != s2->num_aces) { - DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n", - s1->revision, s2->revision)); - return False; - } - - /* The ACEs could be in any order so check each ACE in s1 against - each ACE in s2. */ - - for (i = 0; i < s1->num_aces; i++) { - bool found = False; - - for (j = 0; j < s2->num_aces; j++) { - if (sec_ace_equal(&s1->aces[i], &s2->aces[j])) { - found = True; - break; - } - } - - if (!found) return False; - } - - return True; -} diff --git a/source4/libcli/security/config.mk b/source4/libcli/security/config.mk index d99b83c2b5..d6d9ad5545 100644 --- a/source4/libcli/security/config.mk +++ b/source4/libcli/security/config.mk @@ -4,6 +4,7 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY_COMMON LIBSECURITY_OBJ_FILES = $(addprefix $(libclisrcdir)/security/, \ security_token.o security_descriptor.o \ access_check.o privilege.o sddl.o) \ - ../libcli/security/secace.o + ../libcli/security/secace.o \ + ../libcli/security/secacl.o $(eval $(call proto_header_template,$(libclisrcdir)/security/proto.h,$(LIBSECURITY_OBJ_FILES:.o=.c))) -- cgit