From 748fe7a383e50079493648839cf0ab69aa2223a0 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 9 Nov 1998 16:40:38 +0000 Subject: split socket util functions into util_sock.c. util.c NOT committed and util_sock.c NOT included in Makefile.in. registry commands added to rpcclient. waiting for 2_0_0 split before committing modified files. these files are new modules, and are not referenced in the Makefile.in (This used to be commit 373f60256fc6dc800f73d88ea9a302933a4a3246) --- source3/rpc_parse/parse_sec.c | 176 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 source3/rpc_parse/parse_sec.c (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c new file mode 100644 index 0000000000..bedf042b7f --- /dev/null +++ b/source3/rpc_parse/parse_sec.c @@ -0,0 +1,176 @@ + +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + + +#include "includes.h" + +extern int DEBUGLEVEL; + + +/******************************************************************* +reads or writes a structure. +********************************************************************/ +void sec_io_info(char *desc, SEC_INFO *t, prs_struct *ps, int depth) +{ + if (t == NULL) return; + + prs_debug(ps, depth, desc, "sec_io_info"); + depth++; + + prs_align(ps); + + prs_uint32("perms", ps, depth, &(t->perms)); +} + +/******************************************************************* +reads or writes a structure. +********************************************************************/ +void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) +{ + uint32 old_offset; + uint32 offset_ace_size; + if (t == NULL) return; + + prs_debug(ps, depth, desc, "sec_io_ace"); + depth++; + + prs_align(ps); + + old_offset = ps->offset; + + prs_uint16("unknown_1", ps, depth, &(t->unknown_1)); + prs_uint16_pre("ace_size ", ps, depth, &(t->ace_size ), &offset_ace_size); + + sec_io_info ("info", &t->info, ps, depth); + prs_align(ps); + smb_io_dom_sid("sid ", &t->sid , ps, depth); + + prs_uint16_post("ace_size ", ps, depth, offset_ace_size, old_offset); + if (ps->io) + { + ps->offset = old_offset + t->ace_size; + } +} + +/******************************************************************* +reads or writes a structure. this is one of those retrospective jobs, +which i hate. why do we have to do this? what's it all about? +********************************************************************/ +void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) +{ + int i; + uint32 old_offset; + uint32 offset_acl_size; + + if (t == NULL) return; + + prs_debug(ps, depth, desc, "sec_io_acl"); + depth++; + + prs_align(ps); + + old_offset = ps->offset; + + prs_uint16("unknown_1", ps, depth, &(t->unknown_1)); + prs_uint16_pre("acl_size ", ps, depth, &(t->acl_size ), &offset_acl_size); + prs_uint32("num_aces ", ps, depth, &(t->num_aces )); + + for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) + { + fstring tmp; + snprintf(tmp, sizeof(tmp), "ace[%02d]: ", i); + sec_io_ace(tmp, &t->ace[i], ps, depth); + } + + prs_align(ps); + + prs_uint16_post("acl_size ", ps, depth, offset_acl_size, old_offset); + if (ps->io) + { + ps->offset = old_offset + t->acl_size; + } +} + + +/******************************************************************* +reads or writes a structure. +********************************************************************/ +void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) +{ + if (t == NULL) return; + + prs_debug(ps, depth, desc, "sec_io_desc"); + depth++; + + prs_align(ps); + + prs_uint16("unknown_1", ps, depth, &(t->unknown_1)); + prs_uint16("unknown_2", ps, depth, &(t->unknown_2)); + + prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid)); + prs_uint32("off_pnt_sid ", ps, depth, &(t->off_pnt_sid )); + prs_uint32("off_unknown ", ps, depth, &(t->off_unknown )); + prs_uint32("off_acl ", ps, depth, &(t->off_acl )); + + sec_io_acl ("acl" , &t->acl , ps, depth); + smb_io_dom_sid("owner_sid ", &t->owner_sid , ps, depth); + prs_align(ps); + smb_io_dom_sid("parent_sid", &t->parent_sid, ps, depth); + prs_align(ps); +} + +/******************************************************************* +creates a SEC_DESC_BUF structure. +********************************************************************/ +void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, uint32 buf_ptr) +{ + ZERO_STRUCTP(buf); + + /* max buffer size (allocated size) */ + buf->max_len = len; + buf->undoc = 0; + buf->len = buf_ptr != 0 ? len : 0; +} + +/******************************************************************* +reads or writes a SEC_DESC_BUF structure. +********************************************************************/ +void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) +{ + if (sec == NULL) return; + + prs_debug(ps, depth, desc, "sec_io_desc_buf"); + depth++; + + prs_align(ps); + + prs_uint32("max_len", ps, depth, &(sec->max_len)); + prs_uint32("undoc ", ps, depth, &(sec->undoc )); + prs_uint32("len ", ps, depth, &(sec->len )); + + if (sec->len != 0) + { + sec_io_desc("sec ", &sec->sec, ps, depth); + } +} -- cgit From 60a91a1dca12e675e4498062f33ed773ddd5600a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 11 Nov 1998 19:22:08 +0000 Subject: clearing up security descriptor (This used to be commit abdc9d790b7d27b70aaf88451f5c82c99c94ca6e) --- source3/rpc_parse/parse_sec.c | 72 +++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 34 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index bedf042b7f..af5da93bfb 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -66,11 +66,7 @@ void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) prs_align(ps); smb_io_dom_sid("sid ", &t->sid , ps, depth); - prs_uint16_post("ace_size ", ps, depth, offset_ace_size, old_offset); - if (ps->io) - { - ps->offset = old_offset + t->ace_size; - } + prs_uint16_post("ace_size ", ps, depth, &t->ace_size, offset_ace_size, old_offset); } /******************************************************************* @@ -105,11 +101,7 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) prs_align(ps); - prs_uint16_post("acl_size ", ps, depth, offset_acl_size, old_offset); - if (ps->io) - { - ps->offset = old_offset + t->acl_size; - } + prs_uint16_post("acl_size ", ps, depth, &t->acl_size, offset_acl_size, old_offset); } @@ -118,6 +110,12 @@ reads or writes a structure. ********************************************************************/ void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { + uint32 off_owner_sid; + uint32 off_pnt_sid ; + uint32 off_unknown ; + uint32 off_acl ; + uint32 old_offset; + if (t == NULL) return; prs_debug(ps, depth, desc, "sec_io_desc"); @@ -125,39 +123,39 @@ void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) prs_align(ps); - prs_uint16("unknown_1", ps, depth, &(t->unknown_1)); - prs_uint16("unknown_2", ps, depth, &(t->unknown_2)); + /* start of security descriptor stored for back-calc offset purposes */ + old_offset = ps->offset; + + prs_uint32("unknown_1", ps, depth, &(t->unknown_1)); - prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid)); - prs_uint32("off_pnt_sid ", ps, depth, &(t->off_pnt_sid )); - prs_uint32("off_unknown ", ps, depth, &(t->off_unknown )); - prs_uint32("off_acl ", ps, depth, &(t->off_acl )); + prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), &off_owner_sid); + prs_uint32_pre("off_pnt_sid ", ps, depth, &(t->off_pnt_sid ), &off_pnt_sid ); + prs_uint32_pre("off_unknown ", ps, depth, &(t->off_unknown ), &off_unknown ); + prs_uint32_pre("off_acl ", ps, depth, &(t->off_acl ), &off_acl ); + prs_uint32_post("off_acl ", ps, depth, &(t->off_acl ), off_acl , old_offset); sec_io_acl ("acl" , &t->acl , ps, depth); + prs_align(ps); + + prs_uint32_post("off_unknown ", ps, depth, &(t->off_unknown ), off_unknown , ps->offset); + + prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, old_offset); smb_io_dom_sid("owner_sid ", &t->owner_sid , ps, depth); prs_align(ps); + + prs_uint32_post("off_pnt_sid ", ps, depth, &(t->off_pnt_sid ), off_pnt_sid , old_offset); smb_io_dom_sid("parent_sid", &t->parent_sid, ps, depth); prs_align(ps); } -/******************************************************************* -creates a SEC_DESC_BUF structure. -********************************************************************/ -void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, uint32 buf_ptr) -{ - ZERO_STRUCTP(buf); - - /* max buffer size (allocated size) */ - buf->max_len = len; - buf->undoc = 0; - buf->len = buf_ptr != 0 ? len : 0; -} - /******************************************************************* reads or writes a SEC_DESC_BUF structure. ********************************************************************/ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) { + uint32 off_len; + uint32 old_offset; + if (sec == NULL) return; prs_debug(ps, depth, desc, "sec_io_desc_buf"); @@ -165,12 +163,18 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) prs_align(ps); - prs_uint32("max_len", ps, depth, &(sec->max_len)); - prs_uint32("undoc ", ps, depth, &(sec->undoc )); - prs_uint32("len ", ps, depth, &(sec->len )); + prs_uint32 ("max_len", ps, depth, &(sec->max_len)); + prs_uint32 ("undoc ", ps, depth, &(sec->undoc )); + prs_uint32_pre("len ", ps, depth, &(sec->len ), &off_len); + + old_offset = ps->offset; - if (sec->len != 0) + /* reading, length is non-zero; writing, descriptor is non-NULL */ + if ((sec->len != 0 || (!ps->io)) && sec->sec != NULL) { - sec_io_desc("sec ", &sec->sec, ps, depth); + sec_io_desc("sec ", sec->sec, ps, depth); } + + prs_uint32_post("len ", ps, depth, &(sec->len ), off_len , old_offset); } + -- cgit From e35207f28de89cb3da88b47f4e70224e6b7f78e9 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 11 Nov 1998 21:44:02 +0000 Subject: security descriptor info, provided by jean-francois (This used to be commit 719382a5579e8798812bbccd14a4c1ffd9003f7a) --- source3/rpc_parse/parse_sec.c | 89 +++++++++++++++++++++++++++++++------------ 1 file changed, 64 insertions(+), 25 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index af5da93bfb..e94a2a32dd 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -59,14 +59,15 @@ void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) old_offset = ps->offset; - prs_uint16("unknown_1", ps, depth, &(t->unknown_1)); - prs_uint16_pre("ace_size ", ps, depth, &(t->ace_size ), &offset_ace_size); + prs_uint8 ("type ", ps, depth, &(t->type)); + prs_uint8 ("flags", ps, depth, &(t->flags)); + prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_ace_size); - sec_io_info ("info", &t->info, ps, depth); + sec_io_info ("info ", &t->info, ps, depth); prs_align(ps); - smb_io_dom_sid("sid ", &t->sid , ps, depth); + smb_io_dom_sid("sid ", &t->sid , ps, depth); - prs_uint16_post("ace_size ", ps, depth, &t->ace_size, offset_ace_size, old_offset); + prs_uint16_post("size ", ps, depth, &t->size, offset_ace_size, old_offset); } /******************************************************************* @@ -88,8 +89,8 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) old_offset = ps->offset; - prs_uint16("unknown_1", ps, depth, &(t->unknown_1)); - prs_uint16_pre("acl_size ", ps, depth, &(t->acl_size ), &offset_acl_size); + prs_uint16("revision", ps, depth, &(t->revision)); + prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_acl_size); prs_uint32("num_aces ", ps, depth, &(t->num_aces )); for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) @@ -101,19 +102,19 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) prs_align(ps); - prs_uint16_post("acl_size ", ps, depth, &t->acl_size, offset_acl_size, old_offset); + prs_uint16_post("size ", ps, depth, &t->size , offset_acl_size, old_offset); } /******************************************************************* reads or writes a structure. ********************************************************************/ -void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) +static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { uint32 off_owner_sid; - uint32 off_pnt_sid ; - uint32 off_unknown ; - uint32 off_acl ; + uint32 off_grp_sid ; + uint32 off_sacl ; + uint32 off_dacl ; uint32 old_offset; if (t == NULL) return; @@ -126,28 +127,66 @@ void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) /* start of security descriptor stored for back-calc offset purposes */ old_offset = ps->offset; - prs_uint32("unknown_1", ps, depth, &(t->unknown_1)); + prs_uint16("revision ", ps, depth, &(t->revision )); + prs_uint16("type ", ps, depth, &(t->type )); prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), &off_owner_sid); - prs_uint32_pre("off_pnt_sid ", ps, depth, &(t->off_pnt_sid ), &off_pnt_sid ); - prs_uint32_pre("off_unknown ", ps, depth, &(t->off_unknown ), &off_unknown ); - prs_uint32_pre("off_acl ", ps, depth, &(t->off_acl ), &off_acl ); + prs_uint32_pre("off_grp_sid ", ps, depth, &(t->off_grp_sid ), &off_grp_sid ); + prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl ), &off_sacl ); + prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl ), &off_dacl ); - prs_uint32_post("off_acl ", ps, depth, &(t->off_acl ), off_acl , old_offset); - sec_io_acl ("acl" , &t->acl , ps, depth); - prs_align(ps); + if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) + { + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , old_offset); + sec_io_acl ("dacl" , &t->dacl , ps, depth); + prs_align(ps); + } + else + { + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , old_offset); + } - prs_uint32_post("off_unknown ", ps, depth, &(t->off_unknown ), off_unknown , ps->offset); + if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) + { + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , old_offset); + sec_io_acl ("sacl" , &t->sacl , ps, depth); + prs_align(ps); + } + else + { + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset); + } prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, old_offset); - smb_io_dom_sid("owner_sid ", &t->owner_sid , ps, depth); - prs_align(ps); + if (t->off_owner_sid != 0) + { + smb_io_dom_sid("owner_sid ", &t->owner_sid , ps, depth); + prs_align(ps); + } - prs_uint32_post("off_pnt_sid ", ps, depth, &(t->off_pnt_sid ), off_pnt_sid , old_offset); - smb_io_dom_sid("parent_sid", &t->parent_sid, ps, depth); - prs_align(ps); + prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , old_offset); + if (t->off_grp_sid != 0) + { + smb_io_dom_sid("grp_sid", &t->grp_sid, ps, depth); + prs_align(ps); + } } +/******************************************************************* +creates a SEC_DESC_BUF structure. +********************************************************************/ +void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data) +{ + ZERO_STRUCTP(buf); + + /* max buffer size (allocated size) */ + buf->max_len = len; + buf->undoc = 0; + buf->len = data != NULL ? len : 0; + buf->sec = data; +} + + /******************************************************************* reads or writes a SEC_DESC_BUF structure. ********************************************************************/ -- cgit From 597c5a6caa871b724ee1337f14467950b0707b34 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 12 Nov 1998 19:21:20 +0000 Subject: jean-f. sent me some S-1-3-0,1,2,3 SIDs and names. S-1-3 doesn't exist. security descriptor testing. hey wow, you can get a SD then send it back! (This used to be commit 7466c3113ef8f8a89b8496efadfeb611c9f3e069) --- source3/rpc_parse/parse_sec.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index e94a2a32dd..7ef6914108 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -137,36 +137,46 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) { - prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , old_offset); + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , ps->offset - old_offset); + ps->offset = old_offset + t->off_dacl; sec_io_acl ("dacl" , &t->dacl , ps, depth); prs_align(ps); } else { - prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , old_offset); + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , 0); } if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) { - prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , old_offset); + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset - old_offset); + ps->offset = old_offset + t->off_sacl; sec_io_acl ("sacl" , &t->sacl , ps, depth); prs_align(ps); } else { - prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset); + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , 0); } - prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, old_offset); + prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, ps->offset - old_offset); if (t->off_owner_sid != 0) { + if (ps->io) + { + ps->offset = old_offset + t->off_owner_sid; + } smb_io_dom_sid("owner_sid ", &t->owner_sid , ps, depth); prs_align(ps); } - prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , old_offset); + prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , ps->offset - old_offset); if (t->off_grp_sid != 0) { + if (ps->io) + { + ps->offset = old_offset + t->off_grp_sid; + } smb_io_dom_sid("grp_sid", &t->grp_sid, ps, depth); prs_align(ps); } @@ -193,7 +203,9 @@ reads or writes a SEC_DESC_BUF structure. void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) { uint32 off_len; + uint32 off_max_len; uint32 old_offset; + uint32 size; if (sec == NULL) return; @@ -202,7 +214,7 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) prs_align(ps); - prs_uint32 ("max_len", ps, depth, &(sec->max_len)); + prs_uint32_pre("max_len", ps, depth, &(sec->max_len), &off_max_len); prs_uint32 ("undoc ", ps, depth, &(sec->undoc )); prs_uint32_pre("len ", ps, depth, &(sec->len ), &off_len); @@ -214,6 +226,8 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) sec_io_desc("sec ", sec->sec, ps, depth); } - prs_uint32_post("len ", ps, depth, &(sec->len ), off_len , old_offset); + size = ps->offset - old_offset; + prs_uint32_post("max_len", ps, depth, &(sec->max_len), off_max_len, size == 0 ? sec->max_len : size); + prs_uint32_post("len ", ps, depth, &(sec->len ), off_len , size); } -- cgit From 2c7f6da1fa95ff77d6c60fcd109205847519434f Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Thu, 12 Nov 1998 23:35:05 +0000 Subject: security descriptors. kanji const char* warnings. (This used to be commit 06abdfd68e1d7fa8741afc3f56ec7a13b5fa4ccc) --- source3/rpc_parse/parse_sec.c | 270 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 255 insertions(+), 15 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 7ef6914108..b3c75fb0dc 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -1,11 +1,11 @@ - /* * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Paul Ashton 1997. + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Jeremy R. Allison 1995-1998 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Paul Ashton 1997-1998. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,19 +28,41 @@ extern int DEBUGLEVEL; +/******************************************************************* +makes a structure. +********************************************************************/ +void make_sec_access(SEC_ACCESS *t, uint32 mask) +{ + t->mask = mask; +} + /******************************************************************* reads or writes a structure. ********************************************************************/ -void sec_io_info(char *desc, SEC_INFO *t, prs_struct *ps, int depth) +void sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) { if (t == NULL) return; - prs_debug(ps, depth, desc, "sec_io_info"); + prs_debug(ps, depth, desc, "sec_io_access"); depth++; prs_align(ps); - prs_uint32("perms", ps, depth, &(t->perms)); + prs_uint32("mask", ps, depth, &(t->mask)); +} + + +/******************************************************************* +makes a structure. +********************************************************************/ +void make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) +{ + t->type = type; + t->flags = flag; + t->size = sid_size(sid) + 8; + t->info = mask; + + sid_copy(&t->sid, sid); } /******************************************************************* @@ -63,7 +85,7 @@ void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) prs_uint8 ("flags", ps, depth, &(t->flags)); prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_ace_size); - sec_io_info ("info ", &t->info, ps, depth); + sec_io_access ("info ", &t->info, ps, depth); prs_align(ps); smb_io_dom_sid("sid ", &t->sid , ps, depth); @@ -71,8 +93,38 @@ void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) } /******************************************************************* -reads or writes a structure. this is one of those retrospective jobs, -which i hate. why do we have to do this? what's it all about? +makes a structure. +********************************************************************/ +void make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace) +{ + int i; + t->revision = revision; + t->num_aces = num_aces; + t->size = 4; + t->ace = ace; + + for (i = 0; i < num_aces; i++) + { + t->size += ace[i].size; + } +} + +/******************************************************************* +frees a structure. +********************************************************************/ +void free_sec_acl(SEC_ACL *t) +{ + if (t->ace != NULL) + { + free(t->ace); + } +} + +/******************************************************************* +reads or writes a structure. + +first of the xx_io_xx functions that allocates its data structures +for you as it reads them. ********************************************************************/ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) { @@ -93,6 +145,20 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_acl_size); prs_uint32("num_aces ", ps, depth, &(t->num_aces )); + if (ps->io && t->num_aces != 0) + { + /* reading */ + t->ace = malloc(sizeof(t->ace[0]) * t->num_aces); + ZERO_STRUCTPN(t->ace); + } + + if (t->ace == NULL && t->num_aces != 0) + { + DEBUG(0,("INVALID ACL\n")); + ps->offset = 0xfffffffe; + return; + } + for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) { fstring tmp; @@ -106,6 +172,85 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) } +/******************************************************************* +makes a structure +********************************************************************/ +int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type, + DOM_SID *owner_sid, DOM_SID *grp_sid, + SEC_ACL *sacl, SEC_ACL *dacl) +{ + uint32 offset; + + t->revision = revision; + t->type = type; + + t->off_owner_sid = 0; + t->off_grp_sid = 0; + t->off_sacl = 0; + t->off_dacl = 0; + + t->dacl = dacl; + t->sacl = sacl; + t->owner_sid = owner_sid; + t->grp_sid = grp_sid; + + offset = 0x14; + + if (dacl != NULL) + { + t->off_dacl = offset; + offset += dacl->size; + } + + if (sacl != NULL) + { + t->off_dacl = offset; + offset += dacl->size; + } + + if (owner_sid != NULL) + { + t->off_owner_sid = offset; + offset += sid_size(owner_sid); + } + + if (grp_sid != NULL) + { + t->off_grp_sid = offset; + offset += sid_size(grp_sid); + } + + return offset; +} + + +/******************************************************************* +frees a structure +********************************************************************/ +void free_sec_desc(SEC_DESC *t) +{ + if (t->dacl != NULL) + { + free_sec_acl(t->dacl); + } + + if (t->sacl != NULL) + { + free_sec_acl(t->dacl); + } + + if (t->owner_sid != NULL) + { + free(t->owner_sid); + } + + if (t->grp_sid != NULL) + { + free(t->grp_sid); + } +} + + /******************************************************************* reads or writes a structure. ********************************************************************/ @@ -114,8 +259,9 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) uint32 off_owner_sid; uint32 off_grp_sid ; uint32 off_sacl ; - uint32 off_dacl ; + uint32 off_dacl ; uint32 old_offset; + uint32 max_offset = 0; /* after we're done, move offset to end */ if (t == NULL) return; @@ -135,11 +281,27 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl ), &off_sacl ); prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl ), &off_dacl ); + max_offset = MAX(max_offset, ps->offset); + if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) { prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , ps->offset - old_offset); ps->offset = old_offset + t->off_dacl; - sec_io_acl ("dacl" , &t->dacl , ps, depth); + if (ps->io) + { + /* reading */ + t->dacl = malloc(sizeof(*t->dacl)); + ZERO_STRUCTPN(t->dacl); + } + + if (t->dacl == NULL) + { + DEBUG(0,("INVALID DACL\n")); + ps->offset = 0xfffffffe; + return; + } + + sec_io_acl ("dacl" , t->dacl , ps, depth); prs_align(ps); } else @@ -147,11 +309,27 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , 0); } + max_offset = MAX(max_offset, ps->offset); + if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) { prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset - old_offset); ps->offset = old_offset + t->off_sacl; - sec_io_acl ("sacl" , &t->sacl , ps, depth); + if (ps->io) + { + /* reading */ + t->sacl = malloc(sizeof(*t->sacl)); + ZERO_STRUCTPN(t->sacl); + } + + if (t->sacl == NULL) + { + DEBUG(0,("INVALID SACL\n")); + ps->offset = 0xfffffffe; + return; + } + + sec_io_acl ("sacl" , t->sacl , ps, depth); prs_align(ps); } else @@ -159,6 +337,8 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , 0); } + max_offset = MAX(max_offset, ps->offset); + prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, ps->offset - old_offset); if (t->off_owner_sid != 0) { @@ -166,10 +346,26 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { ps->offset = old_offset + t->off_owner_sid; } - smb_io_dom_sid("owner_sid ", &t->owner_sid , ps, depth); + if (ps->io) + { + /* reading */ + t->owner_sid = malloc(sizeof(*t->owner_sid)); + ZERO_STRUCTPN(t->owner_sid); + } + + if (t->owner_sid == NULL) + { + DEBUG(0,("INVALID OWNER SID\n")); + ps->offset = 0xfffffffe; + return; + } + + smb_io_dom_sid("owner_sid ", t->owner_sid , ps, depth); prs_align(ps); } + max_offset = MAX(max_offset, ps->offset); + prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , ps->offset - old_offset); if (t->off_grp_sid != 0) { @@ -177,9 +373,27 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { ps->offset = old_offset + t->off_grp_sid; } - smb_io_dom_sid("grp_sid", &t->grp_sid, ps, depth); + if (ps->io) + { + /* reading */ + t->grp_sid = malloc(sizeof(*t->grp_sid)); + ZERO_STRUCTPN(t->grp_sid); + } + + if (t->grp_sid == NULL) + { + DEBUG(0,("INVALID GROUP SID\n")); + ps->offset = 0xfffffffe; + return; + } + + smb_io_dom_sid("grp_sid", t->grp_sid, ps, depth); prs_align(ps); } + + max_offset = MAX(max_offset, ps->offset); + + ps->offset = max_offset; } /******************************************************************* @@ -196,6 +410,18 @@ void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data) buf->sec = data; } +/******************************************************************* +frees a SEC_DESC_BUF structure. +********************************************************************/ +void free_sec_desc_buf(SEC_DESC_BUF *buf) +{ + if (buf->sec != NULL) + { + free_sec_desc(buf->sec); + free(buf->sec); + } +} + /******************************************************************* reads or writes a SEC_DESC_BUF structure. @@ -220,6 +446,20 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) old_offset = ps->offset; + if (sec->len != 0 && ps->io) + { + /* reading */ + sec->sec = malloc(sizeof(*sec->sec)); + ZERO_STRUCTPN(sec->sec); + + if (sec->sec == NULL) + { + DEBUG(0,("INVALID SEC_DESC\n")); + ps->offset = 0xfffffffe; + return; + } + } + /* reading, length is non-zero; writing, descriptor is non-NULL */ if ((sec->len != 0 || (!ps->io)) && sec->sec != NULL) { -- cgit From cb265dbb8b73a177d9e7fd52e53f1eba487b94d4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 13 Nov 1998 01:38:41 +0000 Subject: security descriptors (This used to be commit 9412edfd4c11a26e4ef290839375e3959cf70a7e) --- source3/rpc_parse/parse_sec.c | 41 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index b3c75fb0dc..0b0c08fe13 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -194,33 +194,49 @@ int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type, t->owner_sid = owner_sid; t->grp_sid = grp_sid; - offset = 0x14; + offset = 0x0; if (dacl != NULL) { + if (offset == 0) + { + offset = 0x14; + } t->off_dacl = offset; offset += dacl->size; } if (sacl != NULL) { + if (offset == 0) + { + offset = 0x14; + } t->off_dacl = offset; offset += dacl->size; } if (owner_sid != NULL) { + if (offset == 0) + { + offset = 0x14; + } t->off_owner_sid = offset; offset += sid_size(owner_sid); } if (grp_sid != NULL) { + if (offset == 0) + { + offset = 0x14; + } t->off_grp_sid = offset; offset += sid_size(grp_sid); } - return offset; + return (offset == 0) ? 0x14 : offset; } @@ -256,10 +272,12 @@ reads or writes a structure. ********************************************************************/ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { +#if 0 uint32 off_owner_sid; uint32 off_grp_sid ; uint32 off_sacl ; uint32 off_dacl ; +#endif uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ @@ -276,16 +294,23 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) prs_uint16("revision ", ps, depth, &(t->revision )); prs_uint16("type ", ps, depth, &(t->type )); + prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid)); + prs_uint32("off_grp_sid ", ps, depth, &(t->off_grp_sid )); + prs_uint32("off_sacl ", ps, depth, &(t->off_sacl )); + prs_uint32("off_dacl ", ps, depth, &(t->off_dacl )); +#if 0 prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), &off_owner_sid); prs_uint32_pre("off_grp_sid ", ps, depth, &(t->off_grp_sid ), &off_grp_sid ); prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl ), &off_sacl ); prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl ), &off_dacl ); - +#endif max_offset = MAX(max_offset, ps->offset); if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) { +#if 0 prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , ps->offset - old_offset); +#endif ps->offset = old_offset + t->off_dacl; if (ps->io) { @@ -304,16 +329,20 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) sec_io_acl ("dacl" , t->dacl , ps, depth); prs_align(ps); } +#if 0 else { prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , 0); } +#endif max_offset = MAX(max_offset, ps->offset); if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) { +#if 0 prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset - old_offset); +#endif ps->offset = old_offset + t->off_sacl; if (ps->io) { @@ -332,14 +361,18 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) sec_io_acl ("sacl" , t->sacl , ps, depth); prs_align(ps); } +#if 0 else { prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , 0); } +#endif max_offset = MAX(max_offset, ps->offset); +#if 0 prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, ps->offset - old_offset); +#endif if (t->off_owner_sid != 0) { if (ps->io) @@ -366,7 +399,9 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) max_offset = MAX(max_offset, ps->offset); +#if 0 prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , ps->offset - old_offset); +#endif if (t->off_grp_sid != 0) { if (ps->io) -- cgit From 2164685b9f959814af2067aa0dcac2d1b2ac0bc5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Nov 1998 02:07:07 +0000 Subject: include/smb.h: Re-added zero pointer protection to ZERO_STRUCTP. lib/util_sock.c: Added strerror() calls to getpeername failures (which seem to be giving IRIX trouble at the moment). rpc_parse/parse_sec.c: Changed use of ZERO_STRUCTPN to ZERO_STRUCTP which again does zero pointer protection. smbd/quotas.c: Fixed typo. Jeremy. (This used to be commit b62f008974c96e0302d6c146cf49bc2045bef005) --- source3/rpc_parse/parse_sec.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 0b0c08fe13..c802f9c2d1 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -149,7 +149,7 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) { /* reading */ t->ace = malloc(sizeof(t->ace[0]) * t->num_aces); - ZERO_STRUCTPN(t->ace); + ZERO_STRUCTP(t->ace); } if (t->ace == NULL && t->num_aces != 0) @@ -316,7 +316,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->dacl = malloc(sizeof(*t->dacl)); - ZERO_STRUCTPN(t->dacl); + ZERO_STRUCTP(t->dacl); } if (t->dacl == NULL) @@ -348,7 +348,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->sacl = malloc(sizeof(*t->sacl)); - ZERO_STRUCTPN(t->sacl); + ZERO_STRUCTP(t->sacl); } if (t->sacl == NULL) @@ -383,7 +383,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->owner_sid = malloc(sizeof(*t->owner_sid)); - ZERO_STRUCTPN(t->owner_sid); + ZERO_STRUCTP(t->owner_sid); } if (t->owner_sid == NULL) @@ -412,7 +412,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->grp_sid = malloc(sizeof(*t->grp_sid)); - ZERO_STRUCTPN(t->grp_sid); + ZERO_STRUCTP(t->grp_sid); } if (t->grp_sid == NULL) @@ -485,7 +485,7 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) { /* reading */ sec->sec = malloc(sizeof(*sec->sec)); - ZERO_STRUCTPN(sec->sec); + ZERO_STRUCTP(sec->sec); if (sec->sec == NULL) { -- cgit From d90063493c5e1ecd650e83797831ffe4cd83795e Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 13 Nov 1998 17:36:42 +0000 Subject: use ZERO_STRUCTPN (checks for NULL) not ZERO_STRUCTP (doesn't check for NULL) (This used to be commit 70ac9dbcecdf4be92638a24f096e4a8807997498) --- source3/rpc_parse/parse_sec.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index c802f9c2d1..0b0c08fe13 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -149,7 +149,7 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) { /* reading */ t->ace = malloc(sizeof(t->ace[0]) * t->num_aces); - ZERO_STRUCTP(t->ace); + ZERO_STRUCTPN(t->ace); } if (t->ace == NULL && t->num_aces != 0) @@ -316,7 +316,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->dacl = malloc(sizeof(*t->dacl)); - ZERO_STRUCTP(t->dacl); + ZERO_STRUCTPN(t->dacl); } if (t->dacl == NULL) @@ -348,7 +348,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->sacl = malloc(sizeof(*t->sacl)); - ZERO_STRUCTP(t->sacl); + ZERO_STRUCTPN(t->sacl); } if (t->sacl == NULL) @@ -383,7 +383,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->owner_sid = malloc(sizeof(*t->owner_sid)); - ZERO_STRUCTP(t->owner_sid); + ZERO_STRUCTPN(t->owner_sid); } if (t->owner_sid == NULL) @@ -412,7 +412,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->grp_sid = malloc(sizeof(*t->grp_sid)); - ZERO_STRUCTP(t->grp_sid); + ZERO_STRUCTPN(t->grp_sid); } if (t->grp_sid == NULL) @@ -485,7 +485,7 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) { /* reading */ sec->sec = malloc(sizeof(*sec->sec)); - ZERO_STRUCTP(sec->sec); + ZERO_STRUCTPN(sec->sec); if (sec->sec == NULL) { -- cgit From d3e6aa666de239546787adc500c6633666bd8d84 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 13 Nov 1998 19:07:28 +0000 Subject: ZERO_STRUCTP not PN (This used to be commit ff8667c8801a59c80c33b43f033d23f3a0fd8313) --- source3/rpc_parse/parse_sec.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 0b0c08fe13..c802f9c2d1 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -149,7 +149,7 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) { /* reading */ t->ace = malloc(sizeof(t->ace[0]) * t->num_aces); - ZERO_STRUCTPN(t->ace); + ZERO_STRUCTP(t->ace); } if (t->ace == NULL && t->num_aces != 0) @@ -316,7 +316,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->dacl = malloc(sizeof(*t->dacl)); - ZERO_STRUCTPN(t->dacl); + ZERO_STRUCTP(t->dacl); } if (t->dacl == NULL) @@ -348,7 +348,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->sacl = malloc(sizeof(*t->sacl)); - ZERO_STRUCTPN(t->sacl); + ZERO_STRUCTP(t->sacl); } if (t->sacl == NULL) @@ -383,7 +383,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->owner_sid = malloc(sizeof(*t->owner_sid)); - ZERO_STRUCTPN(t->owner_sid); + ZERO_STRUCTP(t->owner_sid); } if (t->owner_sid == NULL) @@ -412,7 +412,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { /* reading */ t->grp_sid = malloc(sizeof(*t->grp_sid)); - ZERO_STRUCTPN(t->grp_sid); + ZERO_STRUCTP(t->grp_sid); } if (t->grp_sid == NULL) @@ -485,7 +485,7 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) { /* reading */ sec->sec = malloc(sizeof(*sec->sec)); - ZERO_STRUCTPN(sec->sec); + ZERO_STRUCTP(sec->sec); if (sec->sec == NULL) { -- cgit From 8fc1504ff8204dd1ca735f31c769f6dadf0f88cb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Nov 1998 21:41:01 +0000 Subject: Makefile.in configure configure.in include/config.h.in: Changes for DGUX and UNIXWARE. groupdb/aliasdb.c groupdb/aliasfile.c groupdb/groupfile.c: Don't use snprinf, use slprintf. include/includes.h: Fix YP problem. include/smb.h: Fix ZERO_STRUCTP. lib/util_sock.c: Added strerror() in debugs. passdb/ldap.c: Don't use snprinf, use slprintf. rpc_client/cli_lsarpc.c rpc_client/cli_pipe.c rpc_parse/parse_sec.c rpc_server/srv_pipe.c: Don't use snprinf, use slprintf. script/installman.sh: DGUX changes. smbd/open.c smbd/oplock.c: Fixed gcc warnings. web/swat.c: Changes USER to SWAT_USER. (This used to be commit 4c2b5a00983501e5d4aad1456ba8b5ab0dfd9b4c) --- source3/rpc_parse/parse_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index c802f9c2d1..409146901d 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -162,7 +162,7 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) { fstring tmp; - snprintf(tmp, sizeof(tmp), "ace[%02d]: ", i); + slprintf(tmp, sizeof(tmp)-1, "ace[%02d]: ", i); sec_io_ace(tmp, &t->ace[i], ps, depth); } -- cgit From 1e71ecdcb21f24e70ee5edbbc05de0284fa588f4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 23 Feb 1999 22:39:54 +0000 Subject: added jeremy's new c++-like code for parsing of security descriptors. (This used to be commit ec1b7000fd88c5a08e438c7033f60e49b9ec44a8) --- source3/rpc_parse/parse_sec.c | 610 ++++++++++++++++++++++++++---------------- 1 file changed, 378 insertions(+), 232 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 409146901d..886b3f334a 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -2,10 +2,10 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Jeremy R. Allison 1995-1998 - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, - * Copyright (C) Paul Ashton 1997-1998. + * Copyright (C) Andrew Tridgell 1992-1999, + * Copyright (C) Jeremy R. Allison 1995-1999 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, + * Copyright (C) Paul Ashton 1997-1999. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,19 +29,24 @@ extern int DEBUGLEVEL; /******************************************************************* -makes a structure. + Sets up a SEC_ACCESS structure. ********************************************************************/ -void make_sec_access(SEC_ACCESS *t, uint32 mask) + +void init_sec_access(SEC_ACCESS *t, uint32 mask) { t->mask = mask; } /******************************************************************* -reads or writes a structure. + Reads or writes a SEC_ACCESS structure. ********************************************************************/ -void sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) + +BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) { - if (t == NULL) return; + if (t == NULL) + { + return False; + } prs_debug(ps, depth, desc, "sec_io_access"); depth++; @@ -49,30 +54,39 @@ void sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_align(ps); prs_uint32("mask", ps, depth, &(t->mask)); + return True; } /******************************************************************* -makes a structure. + Sets up a SEC_ACE structure. ********************************************************************/ -void make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) + +void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, + uint8 flag) { t->type = type; t->flags = flag; t->size = sid_size(sid) + 8; t->info = mask; + ZERO_STRUCTP(&t->sid); sid_copy(&t->sid, sid); } /******************************************************************* -reads or writes a structure. + Reads or writes a SEC_ACE structure. ********************************************************************/ -void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) + +BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; - if (t == NULL) return; + + if (psa == NULL) + { + return False; + } prs_debug(ps, depth, desc, "sec_io_ace"); depth++; @@ -81,58 +95,132 @@ void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) old_offset = ps->offset; - prs_uint8 ("type ", ps, depth, &(t->type)); - prs_uint8 ("flags", ps, depth, &(t->flags)); - prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_ace_size); + prs_uint8 ("type ", ps, depth, &psa->type); + prs_uint8 ("flags", ps, depth, &psa->flags); + prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size); + + if (!sec_io_access("info ", &psa->info, ps, depth)) + { + return False; + } - sec_io_access ("info ", &t->info, ps, depth); prs_align(ps); - smb_io_dom_sid("sid ", &t->sid , ps, depth); + if (!smb_io_dom_sid("sid ", &psa->sid , ps, depth)) + { + return False; + } - prs_uint16_post("size ", ps, depth, &t->size, offset_ace_size, old_offset); + + prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset); + return True; } /******************************************************************* -makes a structure. + Create a SEC_ACL structure. ********************************************************************/ -void make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace) + +SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list) { + SEC_ACL *dst; int i; - t->revision = revision; - t->num_aces = num_aces; - t->size = 4; - t->ace = ace; + + dst = (SEC_ACL *)malloc(sizeof(SEC_ACL)); + if (dst == NULL) + { + return NULL; + } + + ZERO_STRUCTP(dst); + + dst->revision = revision; + dst->num_aces = num_aces; + dst->size = 4; + + if ((dst->ace_list = (SEC_ACE *)malloc( sizeof(SEC_ACE) * num_aces )) == NULL) { + free_sec_acl(&dst); + return NULL; + } for (i = 0; i < num_aces; i++) { - t->size += ace[i].size; + dst->ace_list[i] = ace_list[i]; /* Structure copy. */ + dst->size += ace_list[i].size; } + + return dst; } /******************************************************************* -frees a structure. + Duplicate a SEC_ACL structure. ********************************************************************/ -void free_sec_acl(SEC_ACL *t) + +SEC_ACL *dup_sec_acl( SEC_ACL *src) { - if (t->ace != NULL) + if (src == NULL) { - free(t->ace); + return NULL; } + + return make_sec_acl( src->revision, src->num_aces, src->ace_list); } /******************************************************************* -reads or writes a structure. + Delete a SEC_ACL structure. +********************************************************************/ -first of the xx_io_xx functions that allocates its data structures -for you as it reads them. +void free_sec_acl(SEC_ACL **ppsa) +{ + SEC_ACL *psa; + + if (ppsa == NULL || *ppsa == NULL) + { + return; + } + + psa = *ppsa; + if (psa->ace_list != NULL) + { + free(psa->ace_list); + } + + free(psa); + *ppsa = NULL; +} + +/******************************************************************* + Reads or writes a SEC_ACL structure. + + First of the xx_io_xx functions that allocates its data structures + for you as it reads them. ********************************************************************/ -void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) + +BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) { int i; uint32 old_offset; uint32 offset_acl_size; + SEC_ACL *psa; - if (t == NULL) return; + if (ppsa == NULL) + { + return False; + } + + psa = *ppsa; + + if (ps->io && psa == NULL) + { + /* + * This is a read and we must allocate the stuct to read into. + */ + psa = (SEC_ACL *)malloc(sizeof(SEC_ACL)); + if (psa == NULL) + { + return False; + } + ZERO_STRUCTP(psa); + *ppsa = psa; + } prs_debug(ps, depth, desc, "sec_io_acl"); depth++; @@ -141,147 +229,216 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) old_offset = ps->offset; - prs_uint16("revision", ps, depth, &(t->revision)); - prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_acl_size); - prs_uint32("num_aces ", ps, depth, &(t->num_aces )); + prs_uint16("revision", ps, depth, &psa->revision); + prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size); + prs_uint32("num_aces ", ps, depth, &psa->num_aces); - if (ps->io && t->num_aces != 0) + if (ps->io && psa->num_aces != 0) { /* reading */ - t->ace = malloc(sizeof(t->ace[0]) * t->num_aces); - ZERO_STRUCTP(t->ace); - } - - if (t->ace == NULL && t->num_aces != 0) - { - DEBUG(0,("INVALID ACL\n")); - ps->offset = 0xfffffffe; - return; + psa->ace_list = malloc(sizeof(psa->ace_list[0]) * psa->num_aces); + if (psa->ace_list == NULL) + { + return False; + } + ZERO_STRUCTP(psa->ace_list); } - for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) + for (i = 0; i < MIN(psa->num_aces, MAX_SEC_ACES); i++) { fstring tmp; - slprintf(tmp, sizeof(tmp)-1, "ace[%02d]: ", i); - sec_io_ace(tmp, &t->ace[i], ps, depth); + slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); + if (!sec_io_ace(tmp, &psa->ace_list[i], ps, depth)) + { + return False; + } } prs_align(ps); - prs_uint16_post("size ", ps, depth, &t->size , offset_acl_size, old_offset); + prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset); + + return True; } /******************************************************************* -makes a structure + Creates a SEC_DESC structure ********************************************************************/ -int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type, - DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl) + +SEC_DESC *make_sec_desc(uint16 revision, uint16 type, + DOM_SID *owner_sid, DOM_SID *grp_sid, + SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size) { + SEC_DESC *dst; uint32 offset; - t->revision = revision; - t->type = type; + *sec_desc_size = 0; + + dst = (SEC_DESC *)malloc(sizeof(SEC_DESC)); + + if (dst == NULL) + { + return NULL; + } - t->off_owner_sid = 0; - t->off_grp_sid = 0; - t->off_sacl = 0; - t->off_dacl = 0; + ZERO_STRUCTP(dst); - t->dacl = dacl; - t->sacl = sacl; - t->owner_sid = owner_sid; - t->grp_sid = grp_sid; + dst->revision = revision; + dst->type = type; + + dst->off_owner_sid = 0; + dst->off_grp_sid = 0; + dst->off_sacl = 0; + dst->off_dacl = 0; + + /* duplicate sids and acls as necessary */ + + if (dacl != NULL) dst->dacl = dup_sec_acl(dacl); + if (sacl != NULL) dst->sacl = dup_sec_acl(sacl); + if (owner_sid != NULL) dst->owner_sid = sid_dup(owner_sid); + if (grp_sid != NULL) dst->grp_sid = sid_dup(grp_sid); + + /* having duplicated sids and acls as necessary, check success */ + + if ((dacl != NULL && dst->dacl == NULL) || + (sacl != NULL && dst->sacl == NULL) || + (owner_sid != NULL && dst->owner_sid == NULL) || + (grp_sid != NULL && dst->grp_sid == NULL)) + { + *sec_desc_size = 0; + free_sec_desc(&dst); + + return NULL; + } offset = 0x0; - if (dacl != NULL) + /* + * Work out the linearization sizes. + */ + + if (dst->dacl != NULL) { if (offset == 0) { offset = 0x14; } - t->off_dacl = offset; + dst->off_dacl = offset; offset += dacl->size; } - if (sacl != NULL) + if (dst->sacl != NULL) { if (offset == 0) { offset = 0x14; } - t->off_dacl = offset; - offset += dacl->size; + dst->off_sacl = offset; + offset += sacl->size; } - if (owner_sid != NULL) + if (dst->owner_sid != NULL) { if (offset == 0) { offset = 0x14; } - t->off_owner_sid = offset; - offset += sid_size(owner_sid); + dst->off_owner_sid = offset; + offset += sid_size(dst->owner_sid); } - if (grp_sid != NULL) + if (dst->grp_sid != NULL) { if (offset == 0) { offset = 0x14; } - t->off_grp_sid = offset; - offset += sid_size(grp_sid); + dst->off_grp_sid = offset; + offset += sid_size(dst->grp_sid); } - return (offset == 0) ? 0x14 : offset; + *sec_desc_size = (size_t)((offset == 0) ? 0x14 : offset); + return dst; } +/******************************************************************* + Duplicate a SEC_DESC structure. +********************************************************************/ + +SEC_DESC *dup_sec_desc( SEC_DESC *src) +{ + size_t dummy; + + if (src == NULL) + return NULL; + + return make_sec_desc( src->revision, src->type, + src->owner_sid, src->grp_sid, src->sacl, + src->dacl, &dummy); +} /******************************************************************* -frees a structure + Deletes a SEC_DESC structure ********************************************************************/ -void free_sec_desc(SEC_DESC *t) + +void free_sec_desc(SEC_DESC **ppsd) { - if (t->dacl != NULL) - { - free_sec_acl(t->dacl); - } + SEC_DESC *psd; - if (t->sacl != NULL) + if (ppsd == NULL || *ppsd == NULL) { - free_sec_acl(t->dacl); + return; } - if (t->owner_sid != NULL) - { - free(t->owner_sid); - } + psd = *ppsd; - if (t->grp_sid != NULL) - { - free(t->grp_sid); - } + free_sec_acl(&psd->dacl); + free_sec_acl(&psd->dacl); + free(psd->owner_sid); + free(psd->grp_sid); + free(psd); + *ppsd = NULL; +} + +/******************************************************************* + Creates a SEC_DESC structure with typical defaults. +********************************************************************/ + +SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, + SEC_ACL *dacl, size_t *sec_desc_size) +{ + return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + owner_sid, grp_sid, NULL, dacl, sec_desc_size); } /******************************************************************* -reads or writes a structure. + Reads or writes a SEC_DESC structure. + If reading and the *ppsd = NULL, allocates the structure. ********************************************************************/ -static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) + +BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) { -#if 0 - uint32 off_owner_sid; - uint32 off_grp_sid ; - uint32 off_sacl ; - uint32 off_dacl ; -#endif uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ + SEC_DESC *psd; + + if (ppsd == NULL) + return False; + + psd = *ppsd; - if (t == NULL) return; + if (ps->io && psd == NULL) + { + psd = (SEC_DESC *)malloc(sizeof(SEC_DESC)); + if (psd == NULL) + { + return False; + } + ZERO_STRUCTP(psd); + *ppsd = psd; + } prs_debug(ps, depth, desc, "sec_io_desc"); depth++; @@ -291,218 +448,207 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) /* start of security descriptor stored for back-calc offset purposes */ old_offset = ps->offset; - prs_uint16("revision ", ps, depth, &(t->revision )); - prs_uint16("type ", ps, depth, &(t->type )); - - prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid)); - prs_uint32("off_grp_sid ", ps, depth, &(t->off_grp_sid )); - prs_uint32("off_sacl ", ps, depth, &(t->off_sacl )); - prs_uint32("off_dacl ", ps, depth, &(t->off_dacl )); -#if 0 - prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), &off_owner_sid); - prs_uint32_pre("off_grp_sid ", ps, depth, &(t->off_grp_sid ), &off_grp_sid ); - prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl ), &off_sacl ); - prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl ), &off_dacl ); -#endif + prs_uint16("revision ", ps, depth, &psd->revision); + prs_uint16("type ", ps, depth, &psd->type); + + prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid); + prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid); + prs_uint32("off_sacl ", ps, depth, &psd->off_sacl); + prs_uint32("off_dacl ", ps, depth, &psd->off_dacl); + max_offset = MAX(max_offset, ps->offset); - if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) + if (IS_BITS_SET_ALL(psd->type, SEC_DESC_DACL_PRESENT) && psd->dacl) { -#if 0 - prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , ps->offset - old_offset); -#endif - ps->offset = old_offset + t->off_dacl; - if (ps->io) + ps->offset = old_offset + psd->off_dacl; + if (!sec_io_acl("dacl", &psd->dacl, ps, depth)) { - /* reading */ - t->dacl = malloc(sizeof(*t->dacl)); - ZERO_STRUCTP(t->dacl); - } - - if (t->dacl == NULL) - { - DEBUG(0,("INVALID DACL\n")); - ps->offset = 0xfffffffe; - return; + return False; } - - sec_io_acl ("dacl" , t->dacl , ps, depth); prs_align(ps); } -#if 0 - else - { - prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , 0); - } -#endif max_offset = MAX(max_offset, ps->offset); - if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) + if (IS_BITS_SET_ALL(psd->type, SEC_DESC_SACL_PRESENT) && psd->sacl) { -#if 0 - prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset - old_offset); -#endif - ps->offset = old_offset + t->off_sacl; - if (ps->io) + ps->offset = old_offset + psd->off_sacl; + if (!sec_io_acl("sacl", &psd->sacl, ps, depth)) { - /* reading */ - t->sacl = malloc(sizeof(*t->sacl)); - ZERO_STRUCTP(t->sacl); + return False; } - - if (t->sacl == NULL) - { - DEBUG(0,("INVALID SACL\n")); - ps->offset = 0xfffffffe; - return; - } - - sec_io_acl ("sacl" , t->sacl , ps, depth); prs_align(ps); } -#if 0 - else - { - prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , 0); - } -#endif max_offset = MAX(max_offset, ps->offset); -#if 0 - prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, ps->offset - old_offset); -#endif - if (t->off_owner_sid != 0) + if (psd->off_owner_sid != 0) { if (ps->io) { - ps->offset = old_offset + t->off_owner_sid; - } - if (ps->io) - { + ps->offset = old_offset + psd->off_owner_sid; /* reading */ - t->owner_sid = malloc(sizeof(*t->owner_sid)); - ZERO_STRUCTP(t->owner_sid); + psd->owner_sid = malloc(sizeof(*psd->owner_sid)); + if (psd->owner_sid == NULL) + { + return False; + } + ZERO_STRUCTP(psd->owner_sid); } - if (t->owner_sid == NULL) + if (!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) { - DEBUG(0,("INVALID OWNER SID\n")); - ps->offset = 0xfffffffe; - return; + return False; } - - smb_io_dom_sid("owner_sid ", t->owner_sid , ps, depth); prs_align(ps); } max_offset = MAX(max_offset, ps->offset); -#if 0 - prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , ps->offset - old_offset); -#endif - if (t->off_grp_sid != 0) + if (psd->off_grp_sid != 0) { - if (ps->io) - { - ps->offset = old_offset + t->off_grp_sid; - } if (ps->io) { /* reading */ - t->grp_sid = malloc(sizeof(*t->grp_sid)); - ZERO_STRUCTP(t->grp_sid); + ps->offset = old_offset + psd->off_grp_sid; + psd->grp_sid = malloc(sizeof(*psd->grp_sid)); + if (psd->grp_sid == NULL) + { + return False; + } + ZERO_STRUCTP(psd->grp_sid); } - if (t->grp_sid == NULL) + if (!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) { - DEBUG(0,("INVALID GROUP SID\n")); - ps->offset = 0xfffffffe; - return; + return False; } - - smb_io_dom_sid("grp_sid", t->grp_sid, ps, depth); prs_align(ps); } max_offset = MAX(max_offset, ps->offset); ps->offset = max_offset; + return True; } /******************************************************************* -creates a SEC_DESC_BUF structure. + Creates a SEC_DESC_BUF structure. ********************************************************************/ -void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data) + +SEC_DESC_BUF *make_sec_desc_buf(int len, SEC_DESC *sec_desc) { - ZERO_STRUCTP(buf); + SEC_DESC_BUF *dst; + + dst = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF)); + if (dst == NULL) + { + return NULL; + } + + ZERO_STRUCTP(dst); /* max buffer size (allocated size) */ - buf->max_len = len; - buf->undoc = 0; - buf->len = data != NULL ? len : 0; - buf->sec = data; + dst->max_len = len; + dst->len = len; + + if (sec_desc && ((dst->sec = dup_sec_desc(sec_desc)) == NULL)) + { + free_sec_desc_buf(&dst); + return NULL; + } + + return dst; } /******************************************************************* -frees a SEC_DESC_BUF structure. + Duplicates a SEC_DESC_BUF structure. ********************************************************************/ -void free_sec_desc_buf(SEC_DESC_BUF *buf) + +SEC_DESC_BUF *dup_sec_desc_buf(SEC_DESC_BUF *src) { - if (buf->sec != NULL) + if (src == NULL) { - free_sec_desc(buf->sec); - free(buf->sec); + return NULL; } + + return make_sec_desc_buf( src->len, src->sec); +} + +/******************************************************************* + Deletes a SEC_DESC_BUF structure. +********************************************************************/ + +void free_sec_desc_buf(SEC_DESC_BUF **ppsdb) +{ + SEC_DESC_BUF *psdb; + + if (ppsdb == NULL || *ppsdb == NULL) + { + return; + } + + psdb = *ppsdb; + free_sec_desc(&psdb->sec); + free(psdb); + *ppsdb = NULL; } /******************************************************************* -reads or writes a SEC_DESC_BUF structure. + Reads or writes a SEC_DESC_BUF structure. ********************************************************************/ -void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) + +BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) { uint32 off_len; uint32 off_max_len; uint32 old_offset; uint32 size; + SEC_DESC_BUF *psdb; + + if (ppsdb == NULL) + { + return False; + } + + psdb = *ppsdb; - if (sec == NULL) return; + if (ps->io && psdb == NULL) + { + psdb = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF)); + if (psdb == NULL) + { + return False; + } + ZERO_STRUCTP(psdb); + *ppsdb = psdb; + } prs_debug(ps, depth, desc, "sec_io_desc_buf"); depth++; prs_align(ps); - prs_uint32_pre("max_len", ps, depth, &(sec->max_len), &off_max_len); - prs_uint32 ("undoc ", ps, depth, &(sec->undoc )); - prs_uint32_pre("len ", ps, depth, &(sec->len ), &off_len); + prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len); + prs_uint32 ("undoc ", ps, depth, &psdb->undoc); + prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len); old_offset = ps->offset; - if (sec->len != 0 && ps->io) + /* reading, length is non-zero; writing, descriptor is non-NULL */ + if ((psdb->len != 0 || (!ps->io)) && psdb->sec != NULL) { - /* reading */ - sec->sec = malloc(sizeof(*sec->sec)); - ZERO_STRUCTP(sec->sec); - - if (sec->sec == NULL) + if (!sec_io_desc("sec ", &psdb->sec, ps, depth)) { - DEBUG(0,("INVALID SEC_DESC\n")); - ps->offset = 0xfffffffe; - return; + return False; } } - /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((sec->len != 0 || (!ps->io)) && sec->sec != NULL) - { - sec_io_desc("sec ", sec->sec, ps, depth); - } - size = ps->offset - old_offset; - prs_uint32_post("max_len", ps, depth, &(sec->max_len), off_max_len, size == 0 ? sec->max_len : size); - prs_uint32_post("len ", ps, depth, &(sec->len ), off_len , size); + prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size); + prs_uint32_post("len ", ps, depth, &psdb->len, off_len, size); + + return True; } -- cgit From 8598bf2a7f0f71ae7a023aac054c4df42b969ce6 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Tue, 3 Aug 1999 20:30:25 +0000 Subject: reverted jeremy's c++-like security descriptor modifications as the simplest method to get rpcclient's reggetsec command working. the buffers passed as arguments in do_reg_get_key_sec() do need to be locally allocated not dynamically allocated, as two calls to reg_get_key_sec() are needed. on the first, the server fills in the size of the security descriptor buffer needed. on the second, the server fills in the security descriptor buffer. (This used to be commit b2d9cbef6f65bb696df8d8f49aa0c240e0bb1f50) --- source3/rpc_parse/parse_sec.c | 598 ++++++++++++++++-------------------------- 1 file changed, 226 insertions(+), 372 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 886b3f334a..2840070edc 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -2,10 +2,10 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1999, - * Copyright (C) Jeremy R. Allison 1995-1999 - * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, - * Copyright (C) Paul Ashton 1997-1999. + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Jeremy R. Allison 1995-1998 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Paul Ashton 1997-1998. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,24 +29,19 @@ extern int DEBUGLEVEL; /******************************************************************* - Sets up a SEC_ACCESS structure. +makes a structure. ********************************************************************/ - -void init_sec_access(SEC_ACCESS *t, uint32 mask) +void make_sec_access(SEC_ACCESS *t, uint32 mask) { t->mask = mask; } /******************************************************************* - Reads or writes a SEC_ACCESS structure. +reads or writes a structure. ********************************************************************/ - -BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) -{ - if (t == NULL) +void sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) { - return False; - } + if (t == NULL) return; prs_debug(ps, depth, desc, "sec_io_access"); depth++; @@ -54,39 +49,30 @@ BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_align(ps); prs_uint32("mask", ps, depth, &(t->mask)); - return True; } /******************************************************************* - Sets up a SEC_ACE structure. +makes a structure. ********************************************************************/ - -void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, - uint8 flag) +void make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) { t->type = type; t->flags = flag; t->size = sid_size(sid) + 8; t->info = mask; - ZERO_STRUCTP(&t->sid); sid_copy(&t->sid, sid); } /******************************************************************* - Reads or writes a SEC_ACE structure. +reads or writes a structure. ********************************************************************/ - -BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) +void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; - - if (psa == NULL) - { - return False; - } + if (t == NULL) return; prs_debug(ps, depth, desc, "sec_io_ace"); depth++; @@ -95,132 +81,58 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) old_offset = ps->offset; - prs_uint8 ("type ", ps, depth, &psa->type); - prs_uint8 ("flags", ps, depth, &psa->flags); - prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size); - - if (!sec_io_access("info ", &psa->info, ps, depth)) - { - return False; - } + prs_uint8 ("type ", ps, depth, &(t->type)); + prs_uint8 ("flags", ps, depth, &(t->flags)); + prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_ace_size); + sec_io_access ("info ", &t->info, ps, depth); prs_align(ps); - if (!smb_io_dom_sid("sid ", &psa->sid , ps, depth)) - { - return False; - } - + smb_io_dom_sid("sid ", &t->sid , ps, depth); - prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset); - return True; + prs_uint16_post("size ", ps, depth, &t->size, offset_ace_size, old_offset); } /******************************************************************* - Create a SEC_ACL structure. +makes a structure. ********************************************************************/ - -SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list) +void make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace) { - SEC_ACL *dst; int i; - - dst = (SEC_ACL *)malloc(sizeof(SEC_ACL)); - if (dst == NULL) - { - return NULL; - } - - ZERO_STRUCTP(dst); - - dst->revision = revision; - dst->num_aces = num_aces; - dst->size = 4; - - if ((dst->ace_list = (SEC_ACE *)malloc( sizeof(SEC_ACE) * num_aces )) == NULL) { - free_sec_acl(&dst); - return NULL; - } + t->revision = revision; + t->num_aces = num_aces; + t->size = 4; + t->ace = ace; for (i = 0; i < num_aces; i++) { - dst->ace_list[i] = ace_list[i]; /* Structure copy. */ - dst->size += ace_list[i].size; - } - - return dst; -} - -/******************************************************************* - Duplicate a SEC_ACL structure. -********************************************************************/ - -SEC_ACL *dup_sec_acl( SEC_ACL *src) -{ - if (src == NULL) - { - return NULL; + t->size += ace[i].size; } - - return make_sec_acl( src->revision, src->num_aces, src->ace_list); } /******************************************************************* - Delete a SEC_ACL structure. +frees a structure. ********************************************************************/ - -void free_sec_acl(SEC_ACL **ppsa) +void free_sec_acl(SEC_ACL *t) { - SEC_ACL *psa; - - if (ppsa == NULL || *ppsa == NULL) + if (t->ace != NULL) { - return; + free(t->ace); } - - psa = *ppsa; - if (psa->ace_list != NULL) - { - free(psa->ace_list); - } - - free(psa); - *ppsa = NULL; } /******************************************************************* - Reads or writes a SEC_ACL structure. +reads or writes a structure. - First of the xx_io_xx functions that allocates its data structures +first of the xx_io_xx functions that allocates its data structures for you as it reads them. ********************************************************************/ - -BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) +void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) { int i; uint32 old_offset; uint32 offset_acl_size; - SEC_ACL *psa; - - if (ppsa == NULL) - { - return False; - } - - psa = *ppsa; - if (ps->io && psa == NULL) - { - /* - * This is a read and we must allocate the stuct to read into. - */ - psa = (SEC_ACL *)malloc(sizeof(SEC_ACL)); - if (psa == NULL) - { - return False; - } - ZERO_STRUCTP(psa); - *ppsa = psa; - } + if (t == NULL) return; prs_debug(ps, depth, desc, "sec_io_acl"); depth++; @@ -229,216 +141,147 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) old_offset = ps->offset; - prs_uint16("revision", ps, depth, &psa->revision); - prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size); - prs_uint32("num_aces ", ps, depth, &psa->num_aces); + prs_uint16("revision", ps, depth, &(t->revision)); + prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_acl_size); + prs_uint32("num_aces ", ps, depth, &(t->num_aces )); - if (ps->io && psa->num_aces != 0) + if (ps->io && t->num_aces != 0) { /* reading */ - psa->ace_list = malloc(sizeof(psa->ace_list[0]) * psa->num_aces); - if (psa->ace_list == NULL) - { - return False; + t->ace = malloc(sizeof(t->ace[0]) * t->num_aces); + ZERO_STRUCTP(t->ace); } - ZERO_STRUCTP(psa->ace_list); + + if (t->ace == NULL && t->num_aces != 0) + { + DEBUG(0,("INVALID ACL\n")); + ps->offset = 0xfffffffe; + return; } - for (i = 0; i < MIN(psa->num_aces, MAX_SEC_ACES); i++) + for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) { fstring tmp; - slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); - if (!sec_io_ace(tmp, &psa->ace_list[i], ps, depth)) - { - return False; - } + slprintf(tmp, sizeof(tmp)-1, "ace[%02d]: ", i); + sec_io_ace(tmp, &t->ace[i], ps, depth); } prs_align(ps); - prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset); - - return True; + prs_uint16_post("size ", ps, depth, &t->size , offset_acl_size, old_offset); } /******************************************************************* - Creates a SEC_DESC structure +makes a structure ********************************************************************/ - -SEC_DESC *make_sec_desc(uint16 revision, uint16 type, +int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type, DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size) + SEC_ACL *sacl, SEC_ACL *dacl) { - SEC_DESC *dst; uint32 offset; - *sec_desc_size = 0; - - dst = (SEC_DESC *)malloc(sizeof(SEC_DESC)); - - if (dst == NULL) - { - return NULL; - } - - ZERO_STRUCTP(dst); - - dst->revision = revision; - dst->type = type; - - dst->off_owner_sid = 0; - dst->off_grp_sid = 0; - dst->off_sacl = 0; - dst->off_dacl = 0; - - /* duplicate sids and acls as necessary */ + t->revision = revision; + t->type = type; - if (dacl != NULL) dst->dacl = dup_sec_acl(dacl); - if (sacl != NULL) dst->sacl = dup_sec_acl(sacl); - if (owner_sid != NULL) dst->owner_sid = sid_dup(owner_sid); - if (grp_sid != NULL) dst->grp_sid = sid_dup(grp_sid); + t->off_owner_sid = 0; + t->off_grp_sid = 0; + t->off_sacl = 0; + t->off_dacl = 0; - /* having duplicated sids and acls as necessary, check success */ - - if ((dacl != NULL && dst->dacl == NULL) || - (sacl != NULL && dst->sacl == NULL) || - (owner_sid != NULL && dst->owner_sid == NULL) || - (grp_sid != NULL && dst->grp_sid == NULL)) - { - *sec_desc_size = 0; - free_sec_desc(&dst); - - return NULL; - } + t->dacl = dacl; + t->sacl = sacl; + t->owner_sid = owner_sid; + t->grp_sid = grp_sid; offset = 0x0; - /* - * Work out the linearization sizes. - */ - - if (dst->dacl != NULL) + if (dacl != NULL) { if (offset == 0) { offset = 0x14; } - dst->off_dacl = offset; + t->off_dacl = offset; offset += dacl->size; } - if (dst->sacl != NULL) + if (sacl != NULL) { if (offset == 0) { offset = 0x14; } - dst->off_sacl = offset; - offset += sacl->size; + t->off_dacl = offset; + offset += dacl->size; } - if (dst->owner_sid != NULL) + if (owner_sid != NULL) { if (offset == 0) { offset = 0x14; } - dst->off_owner_sid = offset; - offset += sid_size(dst->owner_sid); + t->off_owner_sid = offset; + offset += sid_size(owner_sid); } - if (dst->grp_sid != NULL) + if (grp_sid != NULL) { if (offset == 0) { offset = 0x14; } - dst->off_grp_sid = offset; - offset += sid_size(dst->grp_sid); + t->off_grp_sid = offset; + offset += sid_size(grp_sid); } - *sec_desc_size = (size_t)((offset == 0) ? 0x14 : offset); - return dst; + return (offset == 0) ? 0x14 : offset; } -/******************************************************************* - Duplicate a SEC_DESC structure. -********************************************************************/ - -SEC_DESC *dup_sec_desc( SEC_DESC *src) -{ - size_t dummy; - - if (src == NULL) - return NULL; - - return make_sec_desc( src->revision, src->type, - src->owner_sid, src->grp_sid, src->sacl, - src->dacl, &dummy); -} /******************************************************************* - Deletes a SEC_DESC structure +frees a structure ********************************************************************/ - -void free_sec_desc(SEC_DESC **ppsd) +void free_sec_desc(SEC_DESC *t) { - SEC_DESC *psd; - - if (ppsd == NULL || *ppsd == NULL) + if (t->dacl != NULL) { - return; + free_sec_acl(t->dacl); } - psd = *ppsd; - - free_sec_acl(&psd->dacl); - free_sec_acl(&psd->dacl); - free(psd->owner_sid); - free(psd->grp_sid); - free(psd); - *ppsd = NULL; + if (t->sacl != NULL) + { + free_sec_acl(t->dacl); } -/******************************************************************* - Creates a SEC_DESC structure with typical defaults. -********************************************************************/ + if (t->owner_sid != NULL) + { + free(t->owner_sid); + } -SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *dacl, size_t *sec_desc_size) + if (t->grp_sid != NULL) { - return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, - owner_sid, grp_sid, NULL, dacl, sec_desc_size); + free(t->grp_sid); + } } /******************************************************************* - Reads or writes a SEC_DESC structure. - If reading and the *ppsd = NULL, allocates the structure. +reads or writes a structure. ********************************************************************/ - -BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) +static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { +#if 0 + uint32 off_owner_sid; + uint32 off_grp_sid ; + uint32 off_sacl ; + uint32 off_dacl ; +#endif uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ - SEC_DESC *psd; - - if (ppsd == NULL) - return False; - psd = *ppsd; - - if (ps->io && psd == NULL) - { - psd = (SEC_DESC *)malloc(sizeof(SEC_DESC)); - if (psd == NULL) - { - return False; - } - ZERO_STRUCTP(psd); - *ppsd = psd; - } + if (t == NULL) return; prs_debug(ps, depth, desc, "sec_io_desc"); depth++; @@ -448,207 +291,218 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) /* start of security descriptor stored for back-calc offset purposes */ old_offset = ps->offset; - prs_uint16("revision ", ps, depth, &psd->revision); - prs_uint16("type ", ps, depth, &psd->type); - - prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid); - prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid); - prs_uint32("off_sacl ", ps, depth, &psd->off_sacl); - prs_uint32("off_dacl ", ps, depth, &psd->off_dacl); - + prs_uint16("revision ", ps, depth, &(t->revision )); + prs_uint16("type ", ps, depth, &(t->type )); + + prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid)); + prs_uint32("off_grp_sid ", ps, depth, &(t->off_grp_sid )); + prs_uint32("off_sacl ", ps, depth, &(t->off_sacl )); + prs_uint32("off_dacl ", ps, depth, &(t->off_dacl )); +#if 0 + prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), &off_owner_sid); + prs_uint32_pre("off_grp_sid ", ps, depth, &(t->off_grp_sid ), &off_grp_sid ); + prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl ), &off_sacl ); + prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl ), &off_dacl ); +#endif max_offset = MAX(max_offset, ps->offset); - if (IS_BITS_SET_ALL(psd->type, SEC_DESC_DACL_PRESENT) && psd->dacl) + if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) { - ps->offset = old_offset + psd->off_dacl; - if (!sec_io_acl("dacl", &psd->dacl, ps, depth)) +#if 0 + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , ps->offset - old_offset); +#endif + ps->offset = old_offset + t->off_dacl; + if (ps->io) { - return False; - } - prs_align(ps); + /* reading */ + t->dacl = malloc(sizeof(*t->dacl)); + ZERO_STRUCTP(t->dacl); } - max_offset = MAX(max_offset, ps->offset); - - if (IS_BITS_SET_ALL(psd->type, SEC_DESC_SACL_PRESENT) && psd->sacl) - { - ps->offset = old_offset + psd->off_sacl; - if (!sec_io_acl("sacl", &psd->sacl, ps, depth)) + if (t->dacl == NULL) { - return False; + DEBUG(0,("INVALID DACL\n")); + ps->offset = 0xfffffffe; + return; } + + sec_io_acl ("dacl" , t->dacl , ps, depth); prs_align(ps); } +#if 0 + else + { + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , 0); + } +#endif max_offset = MAX(max_offset, ps->offset); - if (psd->off_owner_sid != 0) + if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) { +#if 0 + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset - old_offset); +#endif + ps->offset = old_offset + t->off_sacl; if (ps->io) { - ps->offset = old_offset + psd->off_owner_sid; /* reading */ - psd->owner_sid = malloc(sizeof(*psd->owner_sid)); - if (psd->owner_sid == NULL) - { - return False; - } - ZERO_STRUCTP(psd->owner_sid); + t->sacl = malloc(sizeof(*t->sacl)); + ZERO_STRUCTP(t->sacl); } - if (!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) + if (t->sacl == NULL) { - return False; + DEBUG(0,("INVALID SACL\n")); + ps->offset = 0xfffffffe; + return; } + + sec_io_acl ("sacl" , t->sacl , ps, depth); prs_align(ps); } +#if 0 + else + { + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , 0); + } +#endif max_offset = MAX(max_offset, ps->offset); - if (psd->off_grp_sid != 0) +#if 0 + prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, ps->offset - old_offset); +#endif + if (t->off_owner_sid != 0) { if (ps->io) { - /* reading */ - ps->offset = old_offset + psd->off_grp_sid; - psd->grp_sid = malloc(sizeof(*psd->grp_sid)); - if (psd->grp_sid == NULL) - { - return False; + ps->offset = old_offset + t->off_owner_sid; } - ZERO_STRUCTP(psd->grp_sid); + if (ps->io) + { + /* reading */ + t->owner_sid = malloc(sizeof(*t->owner_sid)); + ZERO_STRUCTP(t->owner_sid); } - if (!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) + if (t->owner_sid == NULL) { - return False; + DEBUG(0,("INVALID OWNER SID\n")); + ps->offset = 0xfffffffe; + return; } + + smb_io_dom_sid("owner_sid ", t->owner_sid , ps, depth); prs_align(ps); } max_offset = MAX(max_offset, ps->offset); - ps->offset = max_offset; - return True; +#if 0 + prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , ps->offset - old_offset); +#endif + if (t->off_grp_sid != 0) + { + if (ps->io) + { + ps->offset = old_offset + t->off_grp_sid; } - -/******************************************************************* - Creates a SEC_DESC_BUF structure. -********************************************************************/ - -SEC_DESC_BUF *make_sec_desc_buf(int len, SEC_DESC *sec_desc) + if (ps->io) { - SEC_DESC_BUF *dst; + /* reading */ + t->grp_sid = malloc(sizeof(*t->grp_sid)); + ZERO_STRUCTP(t->grp_sid); + } - dst = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF)); - if (dst == NULL) + if (t->grp_sid == NULL) { - return NULL; + DEBUG(0,("INVALID GROUP SID\n")); + ps->offset = 0xfffffffe; + return; } - ZERO_STRUCTP(dst); - - /* max buffer size (allocated size) */ - dst->max_len = len; - dst->len = len; - - if (sec_desc && ((dst->sec = dup_sec_desc(sec_desc)) == NULL)) - { - free_sec_desc_buf(&dst); - return NULL; + smb_io_dom_sid("grp_sid", t->grp_sid, ps, depth); + prs_align(ps); } - return dst; + max_offset = MAX(max_offset, ps->offset); + + ps->offset = max_offset; } /******************************************************************* - Duplicates a SEC_DESC_BUF structure. +creates a SEC_DESC_BUF structure. ********************************************************************/ - -SEC_DESC_BUF *dup_sec_desc_buf(SEC_DESC_BUF *src) -{ - if (src == NULL) +void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data) { - return NULL; - } + ZERO_STRUCTP(buf); - return make_sec_desc_buf( src->len, src->sec); + /* max buffer size (allocated size) */ + buf->max_len = len; + buf->undoc = 0; + buf->len = data != NULL ? len : 0; + buf->sec = data; } /******************************************************************* - Deletes a SEC_DESC_BUF structure. +frees a SEC_DESC_BUF structure. ********************************************************************/ - -void free_sec_desc_buf(SEC_DESC_BUF **ppsdb) +void free_sec_desc_buf(SEC_DESC_BUF *buf) { - SEC_DESC_BUF *psdb; - - if (ppsdb == NULL || *ppsdb == NULL) + if (buf->sec != NULL) { - return; + free_sec_desc(buf->sec); + free(buf->sec); } - - psdb = *ppsdb; - free_sec_desc(&psdb->sec); - free(psdb); - *ppsdb = NULL; } /******************************************************************* - Reads or writes a SEC_DESC_BUF structure. +reads or writes a SEC_DESC_BUF structure. ********************************************************************/ - -BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) +void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) { uint32 off_len; uint32 off_max_len; uint32 old_offset; uint32 size; - SEC_DESC_BUF *psdb; - - if (ppsdb == NULL) - { - return False; - } - - psdb = *ppsdb; - if (ps->io && psdb == NULL) - { - psdb = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF)); - if (psdb == NULL) - { - return False; - } - ZERO_STRUCTP(psdb); - *ppsdb = psdb; - } + if (sec == NULL) return; prs_debug(ps, depth, desc, "sec_io_desc_buf"); depth++; prs_align(ps); - prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len); - prs_uint32 ("undoc ", ps, depth, &psdb->undoc); - prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len); + prs_uint32_pre("max_len", ps, depth, &(sec->max_len), &off_max_len); + prs_uint32 ("undoc ", ps, depth, &(sec->undoc )); + prs_uint32_pre("len ", ps, depth, &(sec->len ), &off_len); old_offset = ps->offset; - /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((psdb->len != 0 || (!ps->io)) && psdb->sec != NULL) + if (sec->len != 0 && ps->io) { - if (!sec_io_desc("sec ", &psdb->sec, ps, depth)) + /* reading */ + sec->sec = malloc(sizeof(*sec->sec)); + ZERO_STRUCTP(sec->sec); + + if (sec->sec == NULL) { - return False; + DEBUG(0,("INVALID SEC_DESC\n")); + ps->offset = 0xfffffffe; + return; } } - size = ps->offset - old_offset; - prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size); - prs_uint32_post("len ", ps, depth, &psdb->len, off_len, size); + /* reading, length is non-zero; writing, descriptor is non-NULL */ + if ((sec->len != 0 || (!ps->io)) && sec->sec != NULL) + { + sec_io_desc("sec ", sec->sec, ps, depth); + } - return True; + size = ps->offset - old_offset; + prs_uint32_post("max_len", ps, depth, &(sec->max_len), off_max_len, size == 0 ? sec->max_len : size); + prs_uint32_post("len ", ps, depth, &(sec->len ), off_len , size); } -- cgit From 896ecb48cab1d928224387f06ec63584bc6c6e99 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Fri, 15 Oct 1999 18:46:22 +0000 Subject: return results on prs_xxxxx() and all xxx_io_xxx() routines. the whole task is not complete, yet. xxx_io_xxx() routines that _call_ xxx_io_xxx() routines not done. prs_xxxx() covered by macros. considering doing xxx_io_xxxx in the same way. (This used to be commit 3b583f7be51434af98bc52b48dfa42c4602a3094) --- source3/rpc_parse/parse_sec.c | 86 ++++++++++++++++++++++++++----------------- 1 file changed, 53 insertions(+), 33 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 2840070edc..c7d4d09612 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -2,10 +2,10 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Jeremy R. Allison 1995-1998 - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, - * Copyright (C) Paul Ashton 1997-1998. + * Copyright (C) Andrew Tridgell 1992-1999, + * Copyright (C) Jeremy R. Allison 1995-1999 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, + * Copyright (C) Paul Ashton 1997-1999. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,17 +31,19 @@ extern int DEBUGLEVEL; /******************************************************************* makes a structure. ********************************************************************/ -void make_sec_access(SEC_ACCESS *t, uint32 mask) +BOOL make_sec_access(SEC_ACCESS *t, uint32 mask) { t->mask = mask; + + return True; } /******************************************************************* reads or writes a structure. ********************************************************************/ -void sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) - { - if (t == NULL) return; +BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) +{ + if (t == NULL) return False; prs_debug(ps, depth, desc, "sec_io_access"); depth++; @@ -49,13 +51,15 @@ void sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_align(ps); prs_uint32("mask", ps, depth, &(t->mask)); + + return True; } /******************************************************************* makes a structure. ********************************************************************/ -void make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) +BOOL make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) { t->type = type; t->flags = flag; @@ -63,16 +67,18 @@ void make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 f t->info = mask; sid_copy(&t->sid, sid); + + return True; } /******************************************************************* reads or writes a structure. ********************************************************************/ -void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) +BOOL sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; - if (t == NULL) return; + if (t == NULL) return False; prs_debug(ps, depth, desc, "sec_io_ace"); depth++; @@ -90,12 +96,14 @@ void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) smb_io_dom_sid("sid ", &t->sid , ps, depth); prs_uint16_post("size ", ps, depth, &t->size, offset_ace_size, old_offset); + + return True; } /******************************************************************* makes a structure. ********************************************************************/ -void make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace) +BOOL make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace) { int i; t->revision = revision; @@ -107,6 +115,8 @@ void make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace) { t->size += ace[i].size; } + + return True; } /******************************************************************* @@ -126,13 +136,13 @@ reads or writes a structure. first of the xx_io_xx functions that allocates its data structures for you as it reads them. ********************************************************************/ -void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) +BOOL sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) { int i; uint32 old_offset; uint32 offset_acl_size; - if (t == NULL) return; + if (t == NULL) return False; prs_debug(ps, depth, desc, "sec_io_acl"); depth++; @@ -156,7 +166,7 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) { DEBUG(0,("INVALID ACL\n")); ps->offset = 0xfffffffe; - return; + return False; } for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) @@ -169,6 +179,8 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) prs_align(ps); prs_uint16_post("size ", ps, depth, &t->size , offset_acl_size, old_offset); + + return True; } @@ -253,7 +265,8 @@ void free_sec_desc(SEC_DESC *t) if (t->sacl != NULL) { free_sec_acl(t->dacl); -} + + } if (t->owner_sid != NULL) { @@ -261,7 +274,7 @@ void free_sec_desc(SEC_DESC *t) } if (t->grp_sid != NULL) -{ + { free(t->grp_sid); } } @@ -270,7 +283,7 @@ void free_sec_desc(SEC_DESC *t) /******************************************************************* reads or writes a structure. ********************************************************************/ -static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) +static BOOL sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { #if 0 uint32 off_owner_sid; @@ -281,7 +294,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ - if (t == NULL) return; + if (t == NULL) return False; prs_debug(ps, depth, desc, "sec_io_desc"); depth++; @@ -317,13 +330,13 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) /* reading */ t->dacl = malloc(sizeof(*t->dacl)); ZERO_STRUCTP(t->dacl); - } + } if (t->dacl == NULL) { DEBUG(0,("INVALID DACL\n")); ps->offset = 0xfffffffe; - return; + return False; } sec_io_acl ("dacl" , t->dacl , ps, depth); @@ -355,7 +368,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { DEBUG(0,("INVALID SACL\n")); ps->offset = 0xfffffffe; - return; + return False; } sec_io_acl ("sacl" , t->sacl , ps, depth); @@ -390,7 +403,7 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) { DEBUG(0,("INVALID OWNER SID\n")); ps->offset = 0xfffffffe; - return; + return False; } smb_io_dom_sid("owner_sid ", t->owner_sid , ps, depth); @@ -407,20 +420,21 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) if (ps->io) { ps->offset = old_offset + t->off_grp_sid; -} + + } if (ps->io) -{ + { /* reading */ t->grp_sid = malloc(sizeof(*t->grp_sid)); ZERO_STRUCTP(t->grp_sid); } if (t->grp_sid == NULL) - { + { DEBUG(0,("INVALID GROUP SID\n")); ps->offset = 0xfffffffe; - return; - } + return False; + } smb_io_dom_sid("grp_sid", t->grp_sid, ps, depth); prs_align(ps); @@ -429,13 +443,15 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) max_offset = MAX(max_offset, ps->offset); ps->offset = max_offset; + + return True; } /******************************************************************* creates a SEC_DESC_BUF structure. ********************************************************************/ -void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data) - { +BOOL make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data) +{ ZERO_STRUCTP(buf); /* max buffer size (allocated size) */ @@ -443,6 +459,8 @@ void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data) buf->undoc = 0; buf->len = data != NULL ? len : 0; buf->sec = data; + + return True; } /******************************************************************* @@ -461,14 +479,14 @@ void free_sec_desc_buf(SEC_DESC_BUF *buf) /******************************************************************* reads or writes a SEC_DESC_BUF structure. ********************************************************************/ -void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) +BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) { uint32 off_len; uint32 off_max_len; uint32 old_offset; uint32 size; - if (sec == NULL) return; + if (sec == NULL) return False; prs_debug(ps, depth, desc, "sec_io_desc_buf"); depth++; @@ -491,7 +509,7 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) { DEBUG(0,("INVALID SEC_DESC\n")); ps->offset = 0xfffffffe; - return; + return False; } } @@ -504,5 +522,7 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) size = ps->offset - old_offset; prs_uint32_post("max_len", ps, depth, &(sec->max_len), off_max_len, size == 0 ? sec->max_len : size); prs_uint32_post("len ", ps, depth, &(sec->len ), off_len , size); + + return True; } -- cgit From 56128244261f8e4c6e1144da66c736fbc2104665 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Mon, 25 Oct 1999 19:03:27 +0000 Subject: - typecast malloc / Realloc issues. - signed / unsigned issues. (This used to be commit c8fd555179314baf1672a23db34dc8ad9f2d02bf) --- source3/rpc_parse/parse_sec.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index c7d4d09612..161e42c9ff 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -138,7 +138,7 @@ first of the xx_io_xx functions that allocates its data structures ********************************************************************/ BOOL sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) { - int i; + uint32 i; uint32 old_offset; uint32 offset_acl_size; @@ -158,7 +158,7 @@ BOOL sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) if (ps->io && t->num_aces != 0) { /* reading */ - t->ace = malloc(sizeof(t->ace[0]) * t->num_aces); + t->ace = (SEC_ACE*)malloc(sizeof(t->ace[0]) * t->num_aces); ZERO_STRUCTP(t->ace); } @@ -328,7 +328,7 @@ static BOOL sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) if (ps->io) { /* reading */ - t->dacl = malloc(sizeof(*t->dacl)); + t->dacl = (SEC_ACL*)malloc(sizeof(*t->dacl)); ZERO_STRUCTP(t->dacl); } @@ -360,7 +360,7 @@ static BOOL sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) if (ps->io) { /* reading */ - t->sacl = malloc(sizeof(*t->sacl)); + t->sacl = (SEC_ACL*)malloc(sizeof(*t->sacl)); ZERO_STRUCTP(t->sacl); } @@ -395,7 +395,7 @@ static BOOL sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) if (ps->io) { /* reading */ - t->owner_sid = malloc(sizeof(*t->owner_sid)); + t->owner_sid = (DOM_SID*)malloc(sizeof(*t->owner_sid)); ZERO_STRUCTP(t->owner_sid); } @@ -425,7 +425,7 @@ static BOOL sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) if (ps->io) { /* reading */ - t->grp_sid = malloc(sizeof(*t->grp_sid)); + t->grp_sid = (DOM_SID*)malloc(sizeof(*t->grp_sid)); ZERO_STRUCTP(t->grp_sid); } @@ -502,7 +502,7 @@ BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) if (sec->len != 0 && ps->io) { /* reading */ - sec->sec = malloc(sizeof(*sec->sec)); + sec->sec = (SEC_DESC*)malloc(sizeof(*sec->sec)); ZERO_STRUCTP(sec->sec); if (sec->sec == NULL) -- cgit From d7889cd22347e7acd4effb7682d442eef7a666e4 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 24 Nov 1999 18:09:33 +0000 Subject: rewrote policy handle code to be generic (it's needed for client-side too) attempted to fix regsetsec command (This used to be commit eaac0923e0e5e3f4c3d944272a71f3235ac2a741) --- source3/rpc_parse/parse_sec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 161e42c9ff..d4f4f8185f 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -94,6 +94,7 @@ BOOL sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) sec_io_access ("info ", &t->info, ps, depth); prs_align(ps); smb_io_dom_sid("sid ", &t->sid , ps, depth); + prs_align(ps); prs_uint16_post("size ", ps, depth, &t->size, offset_ace_size, old_offset); @@ -519,9 +520,11 @@ BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) sec_io_desc("sec ", sec->sec, ps, depth); } + prs_align(ps); + size = ps->offset - old_offset; - prs_uint32_post("max_len", ps, depth, &(sec->max_len), off_max_len, size == 0 ? sec->max_len : size); - prs_uint32_post("len ", ps, depth, &(sec->len ), off_len , size); + prs_uint32_post("max_len", ps, depth, &(sec->max_len), off_max_len, size == 0 ? sec->max_len : size + 8); + prs_uint32_post("len ", ps, depth, &(sec->len ), off_len , size == 0 ? 0 : size + 8); return True; } -- cgit From 3db52feb1f3b2c07ce0b06ad4a7099fa6efe3fc7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 13 Dec 1999 13:27:58 +0000 Subject: first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154) --- source3/rpc_parse/parse_sec.c | 704 ++++++++++++++++++++++++------------------ 1 file changed, 396 insertions(+), 308 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index d4f4f8185f..541949e51e 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -2,10 +2,10 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1999, - * Copyright (C) Jeremy R. Allison 1995-1999 - * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, - * Copyright (C) Paul Ashton 1997-1999. + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Jeremy R. Allison 1995-1998 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Paul Ashton 1997-1998. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,505 +27,593 @@ extern int DEBUGLEVEL; +#define SD_HEADER_SIZE 0x14 /******************************************************************* -makes a structure. + Sets up a SEC_ACCESS structure. ********************************************************************/ -BOOL make_sec_access(SEC_ACCESS *t, uint32 mask) + +void init_sec_access(SEC_ACCESS *t, uint32 mask) { t->mask = mask; - - return True; } /******************************************************************* -reads or writes a structure. + Reads or writes a SEC_ACCESS structure. ********************************************************************/ + BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) { - if (t == NULL) return False; + if (t == NULL) + return False; prs_debug(ps, depth, desc, "sec_io_access"); depth++; - prs_align(ps); + if(!prs_align(ps)) + return False; - prs_uint32("mask", ps, depth, &(t->mask)); + if(!prs_uint32("mask", ps, depth, &(t->mask))) + return False; return True; } /******************************************************************* -makes a structure. + Sets up a SEC_ACE structure. ********************************************************************/ -BOOL make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) + +void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) { t->type = type; t->flags = flag; t->size = sid_size(sid) + 8; t->info = mask; + ZERO_STRUCTP(&t->sid); sid_copy(&t->sid, sid); - - return True; } /******************************************************************* -reads or writes a structure. + Reads or writes a SEC_ACE structure. ********************************************************************/ -BOOL sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth) + +BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; - if (t == NULL) return False; + + if (psa == NULL) + return False; prs_debug(ps, depth, desc, "sec_io_ace"); depth++; - prs_align(ps); + if(!prs_align(ps)) + return False; - old_offset = ps->offset; + old_offset = prs_offset(ps); + + if(!prs_uint8("type ", ps, depth, &psa->type)) + return False; + + if(!prs_uint8("flags", ps, depth, &psa->flags)) + return False; - prs_uint8 ("type ", ps, depth, &(t->type)); - prs_uint8 ("flags", ps, depth, &(t->flags)); - prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_ace_size); + if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size)) + return False; + + if(!sec_io_access("info ", &psa->info, ps, depth)) + return False; - sec_io_access ("info ", &t->info, ps, depth); - prs_align(ps); - smb_io_dom_sid("sid ", &t->sid , ps, depth); - prs_align(ps); + if(!prs_align(ps)) + return False; - prs_uint16_post("size ", ps, depth, &t->size, offset_ace_size, old_offset); + if(!smb_io_dom_sid("sid ", &psa->sid , ps, depth)) + return False; + + if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) + return False; return True; } /******************************************************************* -makes a structure. + Create a SEC_ACL structure. ********************************************************************/ -BOOL make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace) + +SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list) { + SEC_ACL *dst; int i; - t->revision = revision; - t->num_aces = num_aces; - t->size = 4; - t->ace = ace; - - for (i = 0; i < num_aces; i++) - { - t->size += ace[i].size; + + if((dst = (SEC_ACL *)malloc(sizeof(SEC_ACL))) == NULL) + return NULL; + + ZERO_STRUCTP(dst); + + dst->revision = revision; + dst->num_aces = num_aces; + dst->size = 8; + + if((dst->ace_list = (SEC_ACE *)malloc( sizeof(SEC_ACE) * num_aces )) == NULL) { + free_sec_acl(&dst); + return NULL; } - return True; + for (i = 0; i < num_aces; i++) { + dst->ace_list[i] = ace_list[i]; /* Structure copy. */ + dst->size += ace_list[i].size; + } + + return dst; } /******************************************************************* -frees a structure. + Duplicate a SEC_ACL structure. ********************************************************************/ -void free_sec_acl(SEC_ACL *t) + +SEC_ACL *dup_sec_acl( SEC_ACL *src) { - if (t->ace != NULL) - { - free(t->ace); - } + if(src == NULL) + return NULL; + + return make_sec_acl( src->revision, src->num_aces, src->ace_list); } /******************************************************************* -reads or writes a structure. + Delete a SEC_ACL structure. +********************************************************************/ + +void free_sec_acl(SEC_ACL **ppsa) +{ + SEC_ACL *psa; -first of the xx_io_xx functions that allocates its data structures + if(ppsa == NULL || *ppsa == NULL) + return; + + psa = *ppsa; + if (psa->ace_list != NULL) + free(psa->ace_list); + + free(psa); + *ppsa = NULL; +} + +/******************************************************************* + Reads or writes a SEC_ACL structure. + + First of the xx_io_xx functions that allocates its data structures for you as it reads them. ********************************************************************/ -BOOL sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth) + +BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) { - uint32 i; + int i; uint32 old_offset; uint32 offset_acl_size; + SEC_ACL *psa; - if (t == NULL) return False; + if (ppsa == NULL) + return False; + + psa = *ppsa; + + if(UNMARSHALLING(ps) && psa == NULL) { + /* + * This is a read and we must allocate the stuct to read into. + */ + if((psa = (SEC_ACL *)malloc(sizeof(SEC_ACL))) == NULL) + return False; + ZERO_STRUCTP(psa); + *ppsa = psa; + } prs_debug(ps, depth, desc, "sec_io_acl"); depth++; - prs_align(ps); + if(!prs_align(ps)) + return False; - old_offset = ps->offset; + old_offset = prs_offset(ps); - prs_uint16("revision", ps, depth, &(t->revision)); - prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_acl_size); - prs_uint32("num_aces ", ps, depth, &(t->num_aces )); + if(!prs_uint16("revision", ps, depth, &psa->revision)) + return False; - if (ps->io && t->num_aces != 0) - { - /* reading */ - t->ace = (SEC_ACE*)malloc(sizeof(t->ace[0]) * t->num_aces); - ZERO_STRUCTP(t->ace); - } + if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size)) + return False; - if (t->ace == NULL && t->num_aces != 0) - { - DEBUG(0,("INVALID ACL\n")); - ps->offset = 0xfffffffe; + if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces)) return False; + + if (UNMARSHALLING(ps) && psa->num_aces != 0) { + /* reading */ + if((psa->ace_list = malloc(sizeof(psa->ace_list[0]) * psa->num_aces)) == NULL) + return False; + ZERO_STRUCTP(psa->ace_list); } - for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) - { + for (i = 0; i < psa->num_aces; i++) { fstring tmp; - slprintf(tmp, sizeof(tmp)-1, "ace[%02d]: ", i); - sec_io_ace(tmp, &t->ace[i], ps, depth); + slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); + if(!sec_io_ace(tmp, &psa->ace_list[i], ps, depth)) + return False; } - prs_align(ps); + if(!prs_align(ps)) + return False; - prs_uint16_post("size ", ps, depth, &t->size , offset_acl_size, old_offset); + if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset)) + return False; return True; } - /******************************************************************* -makes a structure + Creates a SEC_DESC structure ********************************************************************/ -int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type, + +SEC_DESC *make_sec_desc(uint16 revision, uint16 type, DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl) + SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size) { + SEC_DESC *dst; uint32 offset; - t->revision = revision; - t->type = type; + *sec_desc_size = 0; + + if(( dst = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) + return NULL; + + ZERO_STRUCTP(dst); + + dst->revision = revision; + dst->type = type; + + dst->off_owner_sid = 0; + dst->off_grp_sid = 0; + dst->off_sacl = 0; + dst->off_dacl = 0; + + if(owner_sid && ((dst->owner_sid = sid_dup(owner_sid)) == NULL)) + goto error_exit; - t->off_owner_sid = 0; - t->off_grp_sid = 0; - t->off_sacl = 0; - t->off_dacl = 0; + if(grp_sid && ((dst->grp_sid = sid_dup(grp_sid)) == NULL)) + goto error_exit; - t->dacl = dacl; - t->sacl = sacl; - t->owner_sid = owner_sid; - t->grp_sid = grp_sid; + if(sacl && ((dst->sacl = dup_sec_acl(sacl)) == NULL)) + goto error_exit; + if(dacl && ((dst->dacl = dup_sec_acl(dacl)) == NULL)) + goto error_exit; + offset = 0x0; - if (dacl != NULL) - { + /* + * Work out the linearization sizes. + */ + + if (dst->owner_sid != NULL) { + if (offset == 0) - { - offset = 0x14; - } - t->off_dacl = offset; - offset += dacl->size; + offset = SD_HEADER_SIZE; + + dst->off_owner_sid = offset; + offset += ((sid_size(dst->owner_sid) + 3) & ~3); } - if (sacl != NULL) - { + if (dst->grp_sid != NULL) { + if (offset == 0) - { - offset = 0x14; - } - t->off_dacl = offset; - offset += dacl->size; + offset = SD_HEADER_SIZE; + + dst->off_grp_sid = offset; + offset += ((sid_size(dst->grp_sid) + 3) & ~3); } - if (owner_sid != NULL) - { + if (dst->sacl != NULL) { + if (offset == 0) - { - offset = 0x14; - } - t->off_owner_sid = offset; - offset += sid_size(owner_sid); + offset = SD_HEADER_SIZE; + + dst->off_sacl = offset; + offset += ((sacl->size + 3) & ~3); } - if (grp_sid != NULL) - { + if (dst->dacl != NULL) { + if (offset == 0) - { - offset = 0x14; - } - t->off_grp_sid = offset; - offset += sid_size(grp_sid); + offset = SD_HEADER_SIZE; + + dst->off_dacl = offset; + offset += ((dacl->size + 3) & ~3); } - return (offset == 0) ? 0x14 : offset; + *sec_desc_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset); + return dst; + +error_exit: + + *sec_desc_size = 0; + free_sec_desc(&dst); + return NULL; } +/******************************************************************* + Duplicate a SEC_DESC structure. +********************************************************************/ + +SEC_DESC *dup_sec_desc( SEC_DESC *src) +{ + size_t dummy; + + if(src == NULL) + return NULL; + + return make_sec_desc( src->revision, src->type, + src->owner_sid, src->grp_sid, src->sacl, + src->dacl, &dummy); +} /******************************************************************* -frees a structure + Deletes a SEC_DESC structure ********************************************************************/ -void free_sec_desc(SEC_DESC *t) + +void free_sec_desc(SEC_DESC **ppsd) { - if (t->dacl != NULL) - { - free_sec_acl(t->dacl); - } + SEC_DESC *psd; - if (t->sacl != NULL) - { - free_sec_acl(t->dacl); + if(ppsd == NULL || *ppsd == NULL) + return; - } + psd = *ppsd; - if (t->owner_sid != NULL) - { - free(t->owner_sid); - } + free_sec_acl(&psd->dacl); + free_sec_acl(&psd->dacl); + free(psd->owner_sid); + free(psd->grp_sid); + free(psd); + *ppsd = NULL; +} - if (t->grp_sid != NULL) - { - free(t->grp_sid); - } +/******************************************************************* + Creates a SEC_DESC structure with typical defaults. +********************************************************************/ + +SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, + SEC_ACL *dacl, size_t *sec_desc_size) +{ + return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + owner_sid, grp_sid, NULL, dacl, sec_desc_size); } /******************************************************************* -reads or writes a structure. + Reads or writes a SEC_DESC structure. + If reading and the *ppsd = NULL, allocates the structure. ********************************************************************/ -static BOOL sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth) + +BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) { -#if 0 - uint32 off_owner_sid; - uint32 off_grp_sid ; - uint32 off_sacl ; - uint32 off_dacl ; -#endif uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ + SEC_DESC *psd; + + if (ppsd == NULL) + return False; - if (t == NULL) return False; + psd = *ppsd; + + if(UNMARSHALLING(ps) && psd == NULL) { + if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) + return False; + ZERO_STRUCTP(psd); + *ppsd = psd; + } prs_debug(ps, depth, desc, "sec_io_desc"); depth++; - prs_align(ps); + if(!prs_align(ps)) + return False; /* start of security descriptor stored for back-calc offset purposes */ - old_offset = ps->offset; - - prs_uint16("revision ", ps, depth, &(t->revision )); - prs_uint16("type ", ps, depth, &(t->type )); - - prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid)); - prs_uint32("off_grp_sid ", ps, depth, &(t->off_grp_sid )); - prs_uint32("off_sacl ", ps, depth, &(t->off_sacl )); - prs_uint32("off_dacl ", ps, depth, &(t->off_dacl )); -#if 0 - prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), &off_owner_sid); - prs_uint32_pre("off_grp_sid ", ps, depth, &(t->off_grp_sid ), &off_grp_sid ); - prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl ), &off_sacl ); - prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl ), &off_dacl ); -#endif - max_offset = MAX(max_offset, ps->offset); - - if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) - { -#if 0 - prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , ps->offset - old_offset); -#endif - ps->offset = old_offset + t->off_dacl; - if (ps->io) - { - /* reading */ - t->dacl = (SEC_ACL*)malloc(sizeof(*t->dacl)); - ZERO_STRUCTP(t->dacl); - } + old_offset = prs_offset(ps); - if (t->dacl == NULL) - { - DEBUG(0,("INVALID DACL\n")); - ps->offset = 0xfffffffe; - return False; - } + if(!prs_uint16("revision ", ps, depth, &psd->revision)) + return False; - sec_io_acl ("dacl" , t->dacl , ps, depth); - prs_align(ps); - } -#if 0 - else - { - prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , 0); - } -#endif - - max_offset = MAX(max_offset, ps->offset); - - if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) - { -#if 0 - prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset - old_offset); -#endif - ps->offset = old_offset + t->off_sacl; - if (ps->io) - { - /* reading */ - t->sacl = (SEC_ACL*)malloc(sizeof(*t->sacl)); - ZERO_STRUCTP(t->sacl); - } + if(!prs_uint16("type ", ps, depth, &psd->type)) + return False; - if (t->sacl == NULL) - { - DEBUG(0,("INVALID SACL\n")); - ps->offset = 0xfffffffe; - return False; - } + if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)) + return False; - sec_io_acl ("sacl" , t->sacl , ps, depth); - prs_align(ps); - } -#if 0 - else - { - prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , 0); - } -#endif - - max_offset = MAX(max_offset, ps->offset); - -#if 0 - prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, ps->offset - old_offset); -#endif - if (t->off_owner_sid != 0) - { - if (ps->io) - { - ps->offset = old_offset + t->off_owner_sid; - } - if (ps->io) - { + if(!prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid)) + return False; + + if(!prs_uint32("off_sacl ", ps, depth, &psd->off_sacl)) + return False; + + if(!prs_uint32("off_dacl ", ps, depth, &psd->off_dacl)) + return False; + + max_offset = MAX(max_offset, prs_offset(ps)); + + if (psd->off_owner_sid != 0) { + + if (UNMARSHALLING(ps)) { + if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) + return False; /* reading */ - t->owner_sid = (DOM_SID*)malloc(sizeof(*t->owner_sid)); - ZERO_STRUCTP(t->owner_sid); + if((psd->owner_sid = malloc(sizeof(*psd->owner_sid))) == NULL) + return False; + ZERO_STRUCTP(psd->owner_sid); } - if (t->owner_sid == NULL) - { - DEBUG(0,("INVALID OWNER SID\n")); - ps->offset = 0xfffffffe; + if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) + return False; + if(!prs_align(ps)) return False; - } - - smb_io_dom_sid("owner_sid ", t->owner_sid , ps, depth); - prs_align(ps); } - max_offset = MAX(max_offset, ps->offset); + max_offset = MAX(max_offset, prs_offset(ps)); -#if 0 - prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , ps->offset - old_offset); -#endif - if (t->off_grp_sid != 0) - { - if (ps->io) - { - ps->offset = old_offset + t->off_grp_sid; + if (psd->off_grp_sid != 0) { - } - if (ps->io) - { + if (UNMARSHALLING(ps)) { /* reading */ - t->grp_sid = (DOM_SID*)malloc(sizeof(*t->grp_sid)); - ZERO_STRUCTP(t->grp_sid); + if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) + return False; + if((psd->grp_sid = malloc(sizeof(*psd->grp_sid))) == NULL) + return False; + ZERO_STRUCTP(psd->grp_sid); } - if (t->grp_sid == NULL) - { - DEBUG(0,("INVALID GROUP SID\n")); - ps->offset = 0xfffffffe; + if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) return False; - } + if(!prs_align(ps)) + return False; + } + + max_offset = MAX(max_offset, prs_offset(ps)); - smb_io_dom_sid("grp_sid", t->grp_sid, ps, depth); - prs_align(ps); + if (IS_BITS_SET_ALL(psd->type, SEC_DESC_SACL_PRESENT) && psd->off_sacl) { + if(!prs_set_offset(ps, old_offset + psd->off_sacl)) + return False; + if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) + return False; + if(!prs_align(ps)) + return False; } - max_offset = MAX(max_offset, ps->offset); + max_offset = MAX(max_offset, prs_offset(ps)); + + if (IS_BITS_SET_ALL(psd->type, SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { + if(!prs_set_offset(ps, old_offset + psd->off_dacl)) + return False; + if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) + return False; + if(!prs_align(ps)) + return False; + } - ps->offset = max_offset; + max_offset = MAX(max_offset, prs_offset(ps)); + if(!prs_set_offset(ps, max_offset)) + return False; return True; } /******************************************************************* -creates a SEC_DESC_BUF structure. + Creates a SEC_DESC_BUF structure. ********************************************************************/ -BOOL make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data) + +SEC_DESC_BUF *make_sec_desc_buf(int len, SEC_DESC *sec_desc) { - ZERO_STRUCTP(buf); + SEC_DESC_BUF *dst; + + if((dst = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF))) == NULL) + return NULL; + + ZERO_STRUCTP(dst); /* max buffer size (allocated size) */ - buf->max_len = len; - buf->undoc = 0; - buf->len = data != NULL ? len : 0; - buf->sec = data; + dst->max_len = len; + dst->len = len; - return True; + if(sec_desc && ((dst->sec = dup_sec_desc(sec_desc)) == NULL)) { + free_sec_desc_buf(&dst); + return NULL; + } + + return dst; } /******************************************************************* -frees a SEC_DESC_BUF structure. + Duplicates a SEC_DESC_BUF structure. ********************************************************************/ -void free_sec_desc_buf(SEC_DESC_BUF *buf) + +SEC_DESC_BUF *dup_sec_desc_buf(SEC_DESC_BUF *src) { - if (buf->sec != NULL) - { - free_sec_desc(buf->sec); - free(buf->sec); - } + if(src == NULL) + return NULL; + + return make_sec_desc_buf( src->len, src->sec); +} + +/******************************************************************* + Deletes a SEC_DESC_BUF structure. +********************************************************************/ + +void free_sec_desc_buf(SEC_DESC_BUF **ppsdb) +{ + SEC_DESC_BUF *psdb; + + if(ppsdb == NULL || *ppsdb == NULL) + return; + + psdb = *ppsdb; + free_sec_desc(&psdb->sec); + free(psdb); + *ppsdb = NULL; } /******************************************************************* -reads or writes a SEC_DESC_BUF structure. + Reads or writes a SEC_DESC_BUF structure. ********************************************************************/ -BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth) + +BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) { uint32 off_len; uint32 off_max_len; uint32 old_offset; uint32 size; + SEC_DESC_BUF *psdb; + + if (ppsdb == NULL) + return False; - if (sec == NULL) return False; + psdb = *ppsdb; + + if (UNMARSHALLING(ps) && psdb == NULL) { + if((psdb = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF))) == NULL) + return False; + ZERO_STRUCTP(psdb); + *ppsdb = psdb; + } prs_debug(ps, depth, desc, "sec_io_desc_buf"); depth++; - prs_align(ps); + if(!prs_align(ps)) + return False; - prs_uint32_pre("max_len", ps, depth, &(sec->max_len), &off_max_len); - prs_uint32 ("undoc ", ps, depth, &(sec->undoc )); - prs_uint32_pre("len ", ps, depth, &(sec->len ), &off_len); + if(!prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len)) + return False; - old_offset = ps->offset; + if(!prs_uint32 ("undoc ", ps, depth, &psdb->undoc)) + return False; - if (sec->len != 0 && ps->io) - { - /* reading */ - sec->sec = (SEC_DESC*)malloc(sizeof(*sec->sec)); - ZERO_STRUCTP(sec->sec); + if(!prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len)) + return False; - if (sec->sec == NULL) - { - DEBUG(0,("INVALID SEC_DESC\n")); - ps->offset = 0xfffffffe; - return False; - } - } + old_offset = prs_offset(ps); /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((sec->len != 0 || (!ps->io)) && sec->sec != NULL) - { - sec_io_desc("sec ", sec->sec, ps, depth); + if ((psdb->len != 0 || MARSHALLING(ps)) && psdb->sec != NULL) { + if(!sec_io_desc("sec ", &psdb->sec, ps, depth)) + return False; } - prs_align(ps); - - size = ps->offset - old_offset; - prs_uint32_post("max_len", ps, depth, &(sec->max_len), off_max_len, size == 0 ? sec->max_len : size + 8); - prs_uint32_post("len ", ps, depth, &(sec->len ), off_len , size == 0 ? 0 : size + 8); + size = prs_offset(ps) - old_offset; + if(!prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size)) + return False; + + if(!prs_uint32_post("len ", ps, depth, &psdb->len, off_len, size)) + return False; return True; } - -- cgit From b89b75a368c5245c38ebe467b2d3820b3df59c6a Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 22 Mar 2000 10:26:09 +0000 Subject: added the following message to all dce/rpc client/server code, except the spoolss code (it's cut from TNG) and the smb-dce/rpc interface code that jeremy has been working up to TNG-functionality. i also want this message to go into SAMBA_2_0 and SAMBA_2_0_RELEASE, because it is intolerable that potentially good modifications be made to code that is going to be thrown away, and people waste their time fixing bugs and adding enhancements that have already been carried out already, up to two years ago in the TNG branch. /* * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. * * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. * * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH * * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT * MAY BE LOST. * * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. * * THANK YOU. * * lkcl@samba.org */ (This used to be commit cfaea90529be222f8df0e20a7ca1289f99c29e09) --- source3/rpc_parse/parse_sec.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 541949e51e..877745308d 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -1,3 +1,29 @@ + +/* + * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, + * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE + * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. + * + * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. + * + * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT + * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT + * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH + * + * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT + * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. + * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG + * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO + * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT + * MAY BE LOST. + * + * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. + * + * THANK YOU. + * + * lkcl@samba.org + */ + /* * Unix SMB/Netbios implementation. * Version 1.9. -- cgit From 8f1620125dcb9c29c223f4efb6485528ece70f11 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 22 Mar 2000 19:03:12 +0000 Subject: acconfig.h configure configure.in: Added check for UT_SYSLEN for utmp code. include/byteorder.h: Added alignment macros. include/nameserv.h: Added defines for msg_type field options - from rfc1002. lib/time.c: Typo fix. lib/util_unistr.c: Updates from UNICODE branch. printing/nt_printing.c: bzero -> memset. smbd/connection.c: Added check for UT_SYSLEN for utmp code. Other fixes : Rollback of unapproved commit from Luke. Please *ask* next time before doing large changes to HEAD. Jeremy. (This used to be commit f02999dbf7971b4ea05050d7206205d7737a78b2) --- source3/rpc_parse/parse_sec.c | 26 -------------------------- 1 file changed, 26 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 877745308d..541949e51e 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -1,29 +1,3 @@ - -/* - * THIS CODE IS OUT-OF-DATE BY TWO YEARS, IS LEGACY DESIGN AND VERY, VERY, - * INCOMPLETE. PLEASE DO NOT MAKE ANY FURTHER ENHANCEMENTS TO THIS CODE - * UNLESS THEY ARE ALSO CARRIED OUT IN THE SAMBA_TNG BRANCH. - * - * PLEASE DO NOT TREAT THIS CODE AS AUTHORITATIVE IN *ANY* WAY. - * - * REPEAT, PLEASE DO NOT MAKE ANY MODIFICATIONS TO THIS CODE WITHOUT - * FIRST CHECKING THE EQUIVALENT MODULE IN SAMBA_TNG, UPDATING THAT - * FIRST, *THEN* CONSIDER MAKING THE SAME MODIFICATION IN THIS BRANCH - * - * YOU WILL, ALMOST GUARANTEED, FIND THAT THE BUG-FIX OR ENHANCEMENT THAT - * YOU THINK IS NECESSARY, HAS ALREADY BEEN IMPLEMENTED IN SAMBA_TNG. - * IF IT HAS NOT, YOUR BUG-FIX OR ENHANCEMENT *MUST* GO INTO SAMBA_TNG - * AS THE SAMBA_TNG CODE WILL REPLACE THIS MODULE WITHOUT REFERENCE TO - * ANYTHING IN IT, WITH THE POSSIBLE RISK THAT THE BUG-FIX OR ENHANCEMENT - * MAY BE LOST. - * - * PLEASE OBSERVE AND RESPECT THIS SIMPLE REQUEST. - * - * THANK YOU. - * - * lkcl@samba.org - */ - /* * Unix SMB/Netbios implementation. * Version 1.9. -- cgit From ddc9b8b40642c90fe7c34b088eae4f8075f4033a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 10 May 2000 09:49:55 +0000 Subject: more merging it is now at the stage that winbindd can compile in the head branch, but not link (This used to be commit d178c00aae77710ae6ff20a7f54a30e3bd8232bb) --- source3/rpc_parse/parse_sec.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 541949e51e..5d4b56d745 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -137,13 +137,13 @@ SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list) dst->num_aces = num_aces; dst->size = 8; - if((dst->ace_list = (SEC_ACE *)malloc( sizeof(SEC_ACE) * num_aces )) == NULL) { + if((dst->ace = (SEC_ACE *)malloc( sizeof(SEC_ACE) * num_aces )) == NULL) { free_sec_acl(&dst); return NULL; } for (i = 0; i < num_aces; i++) { - dst->ace_list[i] = ace_list[i]; /* Structure copy. */ + dst->ace[i] = ace_list[i]; /* Structure copy. */ dst->size += ace_list[i].size; } @@ -159,7 +159,7 @@ SEC_ACL *dup_sec_acl( SEC_ACL *src) if(src == NULL) return NULL; - return make_sec_acl( src->revision, src->num_aces, src->ace_list); + return make_sec_acl( src->revision, src->num_aces, src->ace); } /******************************************************************* @@ -174,8 +174,8 @@ void free_sec_acl(SEC_ACL **ppsa) return; psa = *ppsa; - if (psa->ace_list != NULL) - free(psa->ace_list); + if (psa->ace != NULL) + free(psa->ace); free(psa); *ppsa = NULL; @@ -229,15 +229,15 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) if (UNMARSHALLING(ps) && psa->num_aces != 0) { /* reading */ - if((psa->ace_list = malloc(sizeof(psa->ace_list[0]) * psa->num_aces)) == NULL) + if((psa->ace = malloc(sizeof(psa->ace[0]) * psa->num_aces)) == NULL) return False; - ZERO_STRUCTP(psa->ace_list); + ZERO_STRUCTP(psa->ace); } for (i = 0; i < psa->num_aces; i++) { fstring tmp; slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); - if(!sec_io_ace(tmp, &psa->ace_list[i], ps, depth)) + if(!sec_io_ace(tmp, &psa->ace[i], ps, depth)) return False; } -- cgit From a65dead017b3f52d7c2f753ce8ca876371183629 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Sat, 27 May 2000 01:26:34 +0000 Subject: security descs in spoolss. needs parse_sec.c nttrans.c broken. (This used to be commit f9f2a04fdb7b2af1cfe5bf26ec6f0d955ea948b9) --- source3/rpc_parse/parse_sec.c | 697 +++++++++++++++++++++--------------------- 1 file changed, 341 insertions(+), 356 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 5d4b56d745..57fd04e05d 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -2,10 +2,10 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Jeremy R. Allison 1995-1998 - * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, - * Copyright (C) Paul Ashton 1997-1998. + * Copyright (C) Andrew Tridgell 1992-1999, + * Copyright (C) Jeremy R. Allison 1995-1999 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, + * Copyright (C) Paul Ashton 1997-1999. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,18 +24,20 @@ #include "includes.h" +#include "rpc_parse.h" extern int DEBUGLEVEL; -#define SD_HEADER_SIZE 0x14 /******************************************************************* Sets up a SEC_ACCESS structure. ********************************************************************/ -void init_sec_access(SEC_ACCESS *t, uint32 mask) +BOOL make_sec_access(SEC_ACCESS * t, uint32 mask) { + ZERO_STRUCTP(t); t->mask = mask; + return True; } /******************************************************************* @@ -50,11 +52,9 @@ BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_access"); depth++; - if(!prs_align(ps)) - return False; - - if(!prs_uint32("mask", ps, depth, &(t->mask))) - return False; + prs_align(ps); + + prs_uint32("mask", ps, depth, &(t->mask)); return True; } @@ -64,555 +64,540 @@ BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) Sets up a SEC_ACE structure. ********************************************************************/ -void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) +static size_t sec_ace_get_size(const SEC_ACE *ace) +{ + if (ace == NULL) + return 0; + return sid_size(&ace->sid) + 8; +} + +BOOL make_sec_ace(SEC_ACE * t, const DOM_SID *sid, uint8 type, + SEC_ACCESS mask, uint8 flag) { + ZERO_STRUCTP(t); + t->type = type; t->flags = flag; - t->size = sid_size(sid) + 8; t->info = mask; - - ZERO_STRUCTP(&t->sid); sid_copy(&t->sid, sid); + + t->size = sec_ace_get_size(t); + + return True; } /******************************************************************* Reads or writes a SEC_ACE structure. ********************************************************************/ -BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) +static BOOL sec_io_ace(char *desc, SEC_ACE * t, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; - - if (psa == NULL) + if (t == NULL) return False; prs_debug(ps, depth, desc, "sec_io_ace"); depth++; - if(!prs_align(ps)) - return False; - - old_offset = prs_offset(ps); - - if(!prs_uint8("type ", ps, depth, &psa->type)) - return False; - - if(!prs_uint8("flags", ps, depth, &psa->flags)) - return False; - - if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size)) - return False; + prs_align(ps); - if(!sec_io_access("info ", &psa->info, ps, depth)) - return False; + old_offset = prs_offset(ps); - if(!prs_align(ps)) - return False; + prs_uint8("type ", ps, depth, &(t->type)); + prs_uint8("flags", ps, depth, &(t->flags)); + prs_uint16_pre("size ", ps, depth, &(t->size), &offset_ace_size); - if(!smb_io_dom_sid("sid ", &psa->sid , ps, depth)) - return False; + sec_io_access("info ", &t->info, ps, depth); + prs_align(ps); + smb_io_dom_sid("sid ", &t->sid, ps, depth); + prs_align(ps); - if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) - return False; + prs_uint16_post("size ", ps, depth, &t->size, offset_ace_size, + old_offset); return True; } /******************************************************************* - Create a SEC_ACL structure. + Create a SEC_ACL structure. ********************************************************************/ - -SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list) +BOOL make_sec_acl(SEC_ACL * t, uint16 revision, int num_aces, SEC_ACE * ace) { - SEC_ACL *dst; int i; - if((dst = (SEC_ACL *)malloc(sizeof(SEC_ACL))) == NULL) - return NULL; + ZERO_STRUCTP(t); - ZERO_STRUCTP(dst); + t->revision = revision; + t->num_aces = num_aces; + t->size = 8; + t->ace = ace; - dst->revision = revision; - dst->num_aces = num_aces; - dst->size = 8; - - if((dst->ace = (SEC_ACE *)malloc( sizeof(SEC_ACE) * num_aces )) == NULL) { - free_sec_acl(&dst); - return NULL; + for (i = 0; i < num_aces; i++) + { + t->size += sec_ace_get_size(&ace[i]); } - for (i = 0; i < num_aces; i++) { - dst->ace[i] = ace_list[i]; /* Structure copy. */ - dst->size += ace_list[i].size; - } - - return dst; + return True; } /******************************************************************* - Duplicate a SEC_ACL structure. + Duplicate a SEC_ACL structure. ********************************************************************/ - SEC_ACL *dup_sec_acl( SEC_ACL *src) { if(src == NULL) return NULL; - return make_sec_acl( src->revision, src->num_aces, src->ace); + return NULL; } /******************************************************************* - Delete a SEC_ACL structure. +frees a structure. ********************************************************************/ - -void free_sec_acl(SEC_ACL **ppsa) +void free_sec_acl(SEC_ACL * t) { - SEC_ACL *psa; - - if(ppsa == NULL || *ppsa == NULL) + if (t == NULL) return; - - psa = *ppsa; - if (psa->ace != NULL) - free(psa->ace); - - free(psa); - *ppsa = NULL; + if (t->ace != NULL) + { + free(t->ace); + t->ace = NULL; + } + t->num_aces = 0; } /******************************************************************* - Reads or writes a SEC_ACL structure. + Reads or writes a structure. First of the xx_io_xx functions that allocates its data structures for you as it reads them. ********************************************************************/ -BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) +static BOOL sec_io_acl(char *desc, SEC_ACL * t, prs_struct *ps, int depth) { - int i; + uint32 i; uint32 old_offset; uint32 offset_acl_size; - SEC_ACL *psa; - if (ppsa == NULL) + if (t == NULL) return False; - psa = *ppsa; - - if(UNMARSHALLING(ps) && psa == NULL) { - /* - * This is a read and we must allocate the stuct to read into. - */ - if((psa = (SEC_ACL *)malloc(sizeof(SEC_ACL))) == NULL) - return False; - ZERO_STRUCTP(psa); - *ppsa = psa; - } - prs_debug(ps, depth, desc, "sec_io_acl"); depth++; - if(!prs_align(ps)) - return False; - + prs_align(ps); + old_offset = prs_offset(ps); - if(!prs_uint16("revision", ps, depth, &psa->revision)) - return False; + prs_uint16("revision", ps, depth, &(t->revision)); + prs_uint16_pre("size ", ps, depth, &(t->size), &offset_acl_size); + prs_uint32("num_aces ", ps, depth, &(t->num_aces)); - if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size)) - return False; + if (ps->io && t->num_aces != 0) + { + /* reading */ + t->ace = (SEC_ACE *) malloc(sizeof(t->ace[0]) * t->num_aces); + ZERO_STRUCTP(t->ace); + } - if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces)) + if (t->ace == NULL && t->num_aces != 0) + { + DEBUG(0, ("INVALID ACL\n")); + prs_set_offset(ps, 0xfffffffe); return False; - - if (UNMARSHALLING(ps) && psa->num_aces != 0) { - /* reading */ - if((psa->ace = malloc(sizeof(psa->ace[0]) * psa->num_aces)) == NULL) - return False; - ZERO_STRUCTP(psa->ace); } - for (i = 0; i < psa->num_aces; i++) { + for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) + { fstring tmp; - slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); - if(!sec_io_ace(tmp, &psa->ace[i], ps, depth)) + slprintf(tmp, sizeof(tmp) - 1, "ace[%02d]: ", i); + if(!sec_io_ace(tmp, &t->ace[i], ps, depth)) return False; } - if(!prs_align(ps)) - return False; + prs_align(ps); - if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset)) - return False; + prs_uint16_post("size ", ps, depth, &t->size, offset_acl_size, + old_offset); return True; } + /******************************************************************* Creates a SEC_DESC structure ********************************************************************/ - -SEC_DESC *make_sec_desc(uint16 revision, uint16 type, - DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size) +int make_sec_desc(SEC_DESC * t, uint16 revision, uint16 type, + DOM_SID *owner_sid, DOM_SID *grp_sid, + SEC_ACL * sacl, SEC_ACL * dacl) { - SEC_DESC *dst; uint32 offset; - *sec_desc_size = 0; - - if(( dst = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) - return NULL; + ZERO_STRUCTP(t); - ZERO_STRUCTP(dst); - - dst->revision = revision; - dst->type = type; - - dst->off_owner_sid = 0; - dst->off_grp_sid = 0; - dst->off_sacl = 0; - dst->off_dacl = 0; - - if(owner_sid && ((dst->owner_sid = sid_dup(owner_sid)) == NULL)) - goto error_exit; + t->revision = revision; + t->type = type; - if(grp_sid && ((dst->grp_sid = sid_dup(grp_sid)) == NULL)) - goto error_exit; + t->off_owner_sid = 0; + t->off_grp_sid = 0; + t->off_sacl = 0; + t->off_dacl = 0; - if(sacl && ((dst->sacl = dup_sec_acl(sacl)) == NULL)) - goto error_exit; + t->dacl = dacl; + t->sacl = sacl; + t->owner_sid = owner_sid; + t->grp_sid = grp_sid; - if(dacl && ((dst->dacl = dup_sec_acl(dacl)) == NULL)) - goto error_exit; - offset = 0x0; - /* - * Work out the linearization sizes. - */ - - if (dst->owner_sid != NULL) { - + if (dacl != NULL) + { if (offset == 0) - offset = SD_HEADER_SIZE; - - dst->off_owner_sid = offset; - offset += ((sid_size(dst->owner_sid) + 3) & ~3); + { + offset = 0x14; + } + t->off_dacl = offset; + offset += dacl->size; + offset = ((offset + 3) & ~3); } - if (dst->grp_sid != NULL) { - + if (sacl != NULL) + { if (offset == 0) - offset = SD_HEADER_SIZE; - - dst->off_grp_sid = offset; - offset += ((sid_size(dst->grp_sid) + 3) & ~3); + { + offset = 0x14; + } + t->off_sacl = offset; + offset += sacl->size; + offset = ((offset + 3) & ~3); } - if (dst->sacl != NULL) { - + if (owner_sid != NULL) + { if (offset == 0) - offset = SD_HEADER_SIZE; - - dst->off_sacl = offset; - offset += ((sacl->size + 3) & ~3); + { + offset = 0x14; + } + t->off_owner_sid = offset; + offset += sid_size(owner_sid); + offset = ((offset + 3) & ~3); } - if (dst->dacl != NULL) { - + if (grp_sid != NULL) + { if (offset == 0) - offset = SD_HEADER_SIZE; - - dst->off_dacl = offset; - offset += ((dacl->size + 3) & ~3); + { + offset = 0x14; + } + t->off_grp_sid = offset; + offset += sid_size(grp_sid); } - *sec_desc_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset); - return dst; - -error_exit: - - *sec_desc_size = 0; - free_sec_desc(&dst); - return NULL; + return (offset == 0) ? 0x14 : offset; } -/******************************************************************* - Duplicate a SEC_DESC structure. -********************************************************************/ - -SEC_DESC *dup_sec_desc( SEC_DESC *src) -{ - size_t dummy; - - if(src == NULL) - return NULL; - - return make_sec_desc( src->revision, src->type, - src->owner_sid, src->grp_sid, src->sacl, - src->dacl, &dummy); -} /******************************************************************* - Deletes a SEC_DESC structure +frees a structure ********************************************************************/ - -void free_sec_desc(SEC_DESC **ppsd) +void free_sec_desc(SEC_DESC * t) { - SEC_DESC *psd; - - if(ppsd == NULL || *ppsd == NULL) - return; + if (t->dacl != NULL) + { + free_sec_acl(t->dacl); + } - psd = *ppsd; + if (t->sacl != NULL) + { + free_sec_acl(t->dacl); - free_sec_acl(&psd->dacl); - free_sec_acl(&psd->dacl); - free(psd->owner_sid); - free(psd->grp_sid); - free(psd); - *ppsd = NULL; -} + } -/******************************************************************* - Creates a SEC_DESC structure with typical defaults. -********************************************************************/ + if (t->owner_sid != NULL) + { + free(t->owner_sid); + t->owner_sid = NULL; + } -SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *dacl, size_t *sec_desc_size) -{ - return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, - owner_sid, grp_sid, NULL, dacl, sec_desc_size); + if (t->grp_sid != NULL) + { + free(t->grp_sid); + t->grp_sid = NULL; + } } /******************************************************************* - Reads or writes a SEC_DESC structure. - If reading and the *ppsd = NULL, allocates the structure. +reads or writes a structure. ********************************************************************/ - -BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) +BOOL sec_io_desc(char *desc, SEC_DESC * t, prs_struct *ps, int depth) { +#if 0 + uint32 off_owner_sid; + uint32 off_grp_sid; + uint32 off_sacl; + uint32 off_dacl; +#endif uint32 old_offset; - uint32 max_offset = 0; /* after we're done, move offset to end */ - SEC_DESC *psd; + uint32 max_offset = 0; /* after we're done, move offset to end */ - if (ppsd == NULL) + if (t == NULL) return False; - psd = *ppsd; - - if(UNMARSHALLING(ps) && psd == NULL) { - if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) - return False; - ZERO_STRUCTP(psd); - *ppsd = psd; - } - prs_debug(ps, depth, desc, "sec_io_desc"); depth++; - if(!prs_align(ps)) - return False; - + prs_align(ps); + /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); - - if(!prs_uint16("revision ", ps, depth, &psd->revision)) - return False; - - if(!prs_uint16("type ", ps, depth, &psd->type)) - return False; - - if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)) - return False; - - if(!prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid)) - return False; - - if(!prs_uint32("off_sacl ", ps, depth, &psd->off_sacl)) - return False; - - if(!prs_uint32("off_dacl ", ps, depth, &psd->off_dacl)) - return False; - + max_offset = old_offset; + + prs_uint16("revision ", ps, depth, &(t->revision)); + prs_uint16("type ", ps, depth, &(t->type)); + + prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid)); + prs_uint32("off_grp_sid ", ps, depth, &(t->off_grp_sid)); + prs_uint32("off_sacl ", ps, depth, &(t->off_sacl)); + prs_uint32("off_dacl ", ps, depth, &(t->off_dacl)); +#if 0 + prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), + &off_owner_sid); + prs_uint32_pre("off_grp_sid ", ps, depth, &(t->off_grp_sid), + &off_grp_sid); + prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl), &off_sacl); + prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl), &off_dacl); +#endif max_offset = MAX(max_offset, prs_offset(ps)); - if (psd->off_owner_sid != 0) { - - if (UNMARSHALLING(ps)) { - if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) - return False; + if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) + { +#if 0 + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl), + off_dacl, prs_offset(ps) - old_offset); +#endif + if(!prs_set_offset(ps, old_offset + t->off_dacl)) + return False; + if (ps->io) + { /* reading */ - if((psd->owner_sid = malloc(sizeof(*psd->owner_sid))) == NULL) - return False; - ZERO_STRUCTP(psd->owner_sid); + t->dacl = (SEC_ACL *) malloc(sizeof(*t->dacl)); + ZERO_STRUCTP(t->dacl); } - if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) + if (t->dacl == NULL) + { + DEBUG(0, ("INVALID DACL\n")); + prs_set_offset(ps, 0xfffffffe); return False; - if(!prs_align(ps)) + } + + if(!sec_io_acl("dacl", t->dacl, ps, depth)) return False; + prs_align(ps); } +#if 0 + else + { + prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl), + off_dacl, 0); + } +#endif max_offset = MAX(max_offset, prs_offset(ps)); - if (psd->off_grp_sid != 0) { - - if (UNMARSHALLING(ps)) { + if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) + { +#if 0 + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl), + off_sacl, prs_offset(ps) - old_offset); +#endif + if(!prs_set_offset(ps, old_offset + t->off_sacl)) + return False; + if (ps->io) + { /* reading */ - if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) - return False; - if((psd->grp_sid = malloc(sizeof(*psd->grp_sid))) == NULL) - return False; - ZERO_STRUCTP(psd->grp_sid); + t->sacl = (SEC_ACL *) malloc(sizeof(*t->sacl)); + ZERO_STRUCTP(t->sacl); } - if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) + if (t->sacl == NULL) + { + DEBUG(0, ("INVALID SACL\n")); + prs_set_offset(ps, 0xfffffffe); return False; - if(!prs_align(ps)) + } + + if(!sec_io_acl("sacl", t->sacl, ps, depth)) return False; + prs_align(ps); + } +#if 0 + else + { + prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl), + off_sacl, 0); } +#endif max_offset = MAX(max_offset, prs_offset(ps)); - if (IS_BITS_SET_ALL(psd->type, SEC_DESC_SACL_PRESENT) && psd->off_sacl) { - if(!prs_set_offset(ps, old_offset + psd->off_sacl)) - return False; - if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) - return False; - if(!prs_align(ps)) +#if 0 + prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), + off_owner_sid, prs_offset(ps) - old_offset); +#endif + if (t->off_owner_sid != 0) + { + if (ps->io) + { + if(!prs_set_offset(ps, old_offset + t->off_owner_sid)) + return False; + } + if (ps->io) + { + /* reading */ + t->owner_sid = + (DOM_SID *)malloc(sizeof(*t->owner_sid)); + ZERO_STRUCTP(t->owner_sid); + } + + if (t->owner_sid == NULL) + { + DEBUG(0, ("INVALID OWNER SID\n")); + prs_set_offset(ps, 0xfffffffe); return False; + } + + smb_io_dom_sid("owner_sid ", t->owner_sid, ps, depth); + prs_align(ps); } max_offset = MAX(max_offset, prs_offset(ps)); - if (IS_BITS_SET_ALL(psd->type, SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { - if(!prs_set_offset(ps, old_offset + psd->off_dacl)) - return False; - if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) - return False; - if(!prs_align(ps)) +#if 0 + prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid), + off_grp_sid, prs_offset(ps) - old_offset); +#endif + if (t->off_grp_sid != 0) + { + if (ps->io) + { + if(!prs_set_offset(ps, old_offset + t->off_grp_sid)) + return False; + } + if (ps->io) + { + /* reading */ + t->grp_sid = (DOM_SID *)malloc(sizeof(*t->grp_sid)); + ZERO_STRUCTP(t->grp_sid); + } + + if (t->grp_sid == NULL) + { + DEBUG(0, ("INVALID GROUP SID\n")); + prs_set_offset(ps, 0xfffffffe); return False; + } + + smb_io_dom_sid("grp_sid", t->grp_sid, ps, depth); + prs_align(ps); } max_offset = MAX(max_offset, prs_offset(ps)); if(!prs_set_offset(ps, max_offset)) return False; + return True; } /******************************************************************* - Creates a SEC_DESC_BUF structure. +creates a SEC_DESC_BUF structure. ********************************************************************/ - -SEC_DESC_BUF *make_sec_desc_buf(int len, SEC_DESC *sec_desc) +BOOL make_sec_desc_buf(SEC_DESC_BUF * buf, int len, SEC_DESC * data) { - SEC_DESC_BUF *dst; - - if((dst = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF))) == NULL) - return NULL; - - ZERO_STRUCTP(dst); + ZERO_STRUCTP(buf); /* max buffer size (allocated size) */ - dst->max_len = len; - dst->len = len; - - if(sec_desc && ((dst->sec = dup_sec_desc(sec_desc)) == NULL)) { - free_sec_desc_buf(&dst); - return NULL; - } - - return dst; -} - -/******************************************************************* - Duplicates a SEC_DESC_BUF structure. -********************************************************************/ - -SEC_DESC_BUF *dup_sec_desc_buf(SEC_DESC_BUF *src) -{ - if(src == NULL) - return NULL; + buf->max_len = len; + buf->undoc = 0; + buf->len = data != NULL ? len : 0; + buf->sec = data; - return make_sec_desc_buf( src->len, src->sec); + return True; } /******************************************************************* - Deletes a SEC_DESC_BUF structure. +frees a SEC_DESC_BUF structure. ********************************************************************/ - -void free_sec_desc_buf(SEC_DESC_BUF **ppsdb) +void free_sec_desc_buf(SEC_DESC_BUF * buf) { - SEC_DESC_BUF *psdb; - - if(ppsdb == NULL || *ppsdb == NULL) + if (buf == NULL) return; - - psdb = *ppsdb; - free_sec_desc(&psdb->sec); - free(psdb); - *ppsdb = NULL; + if (buf->sec != NULL) + { + free_sec_desc(buf->sec); + free(buf->sec); + buf->sec = NULL; + } } /******************************************************************* - Reads or writes a SEC_DESC_BUF structure. +reads or writes a SEC_DESC_BUF structure. ********************************************************************/ - -BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) +BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF * sec, prs_struct *ps, + int depth) { uint32 off_len; uint32 off_max_len; uint32 old_offset; uint32 size; - SEC_DESC_BUF *psdb; - if (ppsdb == NULL) + if (sec == NULL) return False; - psdb = *ppsdb; - - if (UNMARSHALLING(ps) && psdb == NULL) { - if((psdb = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF))) == NULL) - return False; - ZERO_STRUCTP(psdb); - *ppsdb = psdb; - } - prs_debug(ps, depth, desc, "sec_io_desc_buf"); depth++; - if(!prs_align(ps)) - return False; - - if(!prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len)) - return False; - - if(!prs_uint32 ("undoc ", ps, depth, &psdb->undoc)) - return False; + prs_align(ps); - if(!prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len)) - return False; + prs_uint32_pre("max_len", ps, depth, &(sec->max_len), &off_max_len); + prs_uint32("undoc ", ps, depth, &(sec->undoc)); + prs_uint32_pre("len ", ps, depth, &(sec->len), &off_len); old_offset = prs_offset(ps); - /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((psdb->len != 0 || MARSHALLING(ps)) && psdb->sec != NULL) { - if(!sec_io_desc("sec ", &psdb->sec, ps, depth)) + if (sec->len != 0 && ps->io) + { + /* reading */ + sec->sec = (SEC_DESC *) malloc(sizeof(*sec->sec)); + ZERO_STRUCTP(sec->sec); + + if (sec->sec == NULL) + { + DEBUG(0, ("INVALID SEC_DESC\n")); + prs_set_offset(ps, 0xfffffffe); return False; + } } - size = prs_offset(ps) - old_offset; - if(!prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size)) - return False; + /* reading, length is non-zero; writing, descriptor is non-NULL */ + if ((sec->len != 0 || (!ps->io)) && sec->sec != NULL) + { + sec_io_desc("sec ", sec->sec, ps, depth); + } + + prs_align(ps); + + size = prs_offset(ps) - old_offset - 8; + prs_uint32_post("max_len", ps, depth, &(sec->max_len), off_max_len, + size == 0 ? sec->max_len : size + 8); + prs_uint32_post("len ", ps, depth, &(sec->len), off_len, + size == 0 ? 0 : size + 8); - if(!prs_uint32_post("len ", ps, depth, &psdb->len, off_len, size)) + if(!prs_set_offset(ps, old_offset + size + 8)) return False; return True; -- cgit From f0080e5a3979fac94d6668cf6ee9d9f61302839c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Jun 2000 17:01:34 +0000 Subject: Getting back to a compilable state (not there yet but close). Added patches for random -> sys_random. Added set_effective_xxx patches for AFS code. Memory allocation changes in spoolss code. Jeremy. (This used to be commit c2099cfb033c2cdb6035f4f7f50ce21b98e1584d) --- source3/rpc_parse/parse_sec.c | 700 ++++++++++++++++++++++-------------------- 1 file changed, 359 insertions(+), 341 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 57fd04e05d..76e246ca9e 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -2,10 +2,10 @@ * Unix SMB/Netbios implementation. * Version 1.9. * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-1999, - * Copyright (C) Jeremy R. Allison 1995-1999 - * Copyright (C) Luke Kenneth Casson Leighton 1996-1999, - * Copyright (C) Paul Ashton 1997-1999. + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Jeremy R. Allison 1995-1998 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Paul Ashton 1997-1998. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,20 +24,18 @@ #include "includes.h" -#include "rpc_parse.h" extern int DEBUGLEVEL; +#define SD_HEADER_SIZE 0x14 /******************************************************************* Sets up a SEC_ACCESS structure. ********************************************************************/ -BOOL make_sec_access(SEC_ACCESS * t, uint32 mask) +void init_sec_access(SEC_ACCESS *t, uint32 mask) { - ZERO_STRUCTP(t); t->mask = mask; - return True; } /******************************************************************* @@ -52,9 +50,11 @@ BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_access"); depth++; - prs_align(ps); - - prs_uint32("mask", ps, depth, &(t->mask)); + if(!prs_align(ps)) + return False; + + if(!prs_uint32("mask", ps, depth, &(t->mask))) + return False; return True; } @@ -64,540 +64,558 @@ BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) Sets up a SEC_ACE structure. ********************************************************************/ -static size_t sec_ace_get_size(const SEC_ACE *ace) -{ - if (ace == NULL) - return 0; - return sid_size(&ace->sid) + 8; -} - -BOOL make_sec_ace(SEC_ACE * t, const DOM_SID *sid, uint8 type, - SEC_ACCESS mask, uint8 flag) +void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) { - ZERO_STRUCTP(t); - t->type = type; t->flags = flag; + t->size = sid_size(sid) + 8; t->info = mask; - sid_copy(&t->sid, sid); - - t->size = sec_ace_get_size(t); - return True; + ZERO_STRUCTP(&t->sid); + sid_copy(&t->sid, sid); } /******************************************************************* Reads or writes a SEC_ACE structure. ********************************************************************/ -static BOOL sec_io_ace(char *desc, SEC_ACE * t, prs_struct *ps, int depth) +BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; - if (t == NULL) + + if (psa == NULL) return False; prs_debug(ps, depth, desc, "sec_io_ace"); depth++; - prs_align(ps); - + if(!prs_align(ps)) + return False; + old_offset = prs_offset(ps); - prs_uint8("type ", ps, depth, &(t->type)); - prs_uint8("flags", ps, depth, &(t->flags)); - prs_uint16_pre("size ", ps, depth, &(t->size), &offset_ace_size); + if(!prs_uint8("type ", ps, depth, &psa->type)) + return False; + + if(!prs_uint8("flags", ps, depth, &psa->flags)) + return False; + + if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size)) + return False; + + if(!sec_io_access("info ", &psa->info, ps, depth)) + return False; + + if(!prs_align(ps)) + return False; - sec_io_access("info ", &t->info, ps, depth); - prs_align(ps); - smb_io_dom_sid("sid ", &t->sid, ps, depth); - prs_align(ps); + if(!smb_io_dom_sid("sid ", &psa->sid , ps, depth)) + return False; - prs_uint16_post("size ", ps, depth, &t->size, offset_ace_size, - old_offset); + if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) + return False; return True; } /******************************************************************* - Create a SEC_ACL structure. + Create a SEC_ACL structure. ********************************************************************/ -BOOL make_sec_acl(SEC_ACL * t, uint16 revision, int num_aces, SEC_ACE * ace) + +SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list) { + SEC_ACL *dst; int i; - ZERO_STRUCTP(t); + if((dst = (SEC_ACL *)malloc(sizeof(SEC_ACL))) == NULL) + return NULL; - t->revision = revision; - t->num_aces = num_aces; - t->size = 8; - t->ace = ace; + ZERO_STRUCTP(dst); - for (i = 0; i < num_aces; i++) - { - t->size += sec_ace_get_size(&ace[i]); + dst->revision = revision; + dst->num_aces = num_aces; + dst->size = 8; + + if((dst->ace = (SEC_ACE *)malloc( sizeof(SEC_ACE) * num_aces )) == NULL) { + free_sec_acl(&dst); + return NULL; } - return True; + for (i = 0; i < num_aces; i++) { + dst->ace[i] = ace_list[i]; /* Structure copy. */ + dst->size += ace_list[i].size; + } + + return dst; } /******************************************************************* - Duplicate a SEC_ACL structure. + Duplicate a SEC_ACL structure. ********************************************************************/ + SEC_ACL *dup_sec_acl( SEC_ACL *src) { if(src == NULL) return NULL; - return NULL; + return make_sec_acl( src->revision, src->num_aces, src->ace); } /******************************************************************* -frees a structure. + Delete a SEC_ACL structure. ********************************************************************/ -void free_sec_acl(SEC_ACL * t) + +void free_sec_acl(SEC_ACL **ppsa) { - if (t == NULL) + SEC_ACL *psa; + + if(ppsa == NULL || *ppsa == NULL) return; - if (t->ace != NULL) - { - free(t->ace); - t->ace = NULL; - } - t->num_aces = 0; + + psa = *ppsa; + if (psa->ace != NULL) + free(psa->ace); + + free(psa); + *ppsa = NULL; } /******************************************************************* - Reads or writes a structure. + Reads or writes a SEC_ACL structure. First of the xx_io_xx functions that allocates its data structures for you as it reads them. ********************************************************************/ -static BOOL sec_io_acl(char *desc, SEC_ACL * t, prs_struct *ps, int depth) +BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) { - uint32 i; + int i; uint32 old_offset; uint32 offset_acl_size; + SEC_ACL *psa; - if (t == NULL) + if (ppsa == NULL) return False; + psa = *ppsa; + + if(UNMARSHALLING(ps) && psa == NULL) { + /* + * This is a read and we must allocate the stuct to read into. + */ + if((psa = (SEC_ACL *)malloc(sizeof(SEC_ACL))) == NULL) + return False; + ZERO_STRUCTP(psa); + *ppsa = psa; + } + prs_debug(ps, depth, desc, "sec_io_acl"); depth++; - prs_align(ps); - + if(!prs_align(ps)) + return False; + old_offset = prs_offset(ps); - prs_uint16("revision", ps, depth, &(t->revision)); - prs_uint16_pre("size ", ps, depth, &(t->size), &offset_acl_size); - prs_uint32("num_aces ", ps, depth, &(t->num_aces)); + if(!prs_uint16("revision", ps, depth, &psa->revision)) + return False; - if (ps->io && t->num_aces != 0) - { - /* reading */ - t->ace = (SEC_ACE *) malloc(sizeof(t->ace[0]) * t->num_aces); - ZERO_STRUCTP(t->ace); - } + if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size)) + return False; - if (t->ace == NULL && t->num_aces != 0) - { - DEBUG(0, ("INVALID ACL\n")); - prs_set_offset(ps, 0xfffffffe); + if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces)) return False; + + if (UNMARSHALLING(ps) && psa->num_aces != 0) { + /* reading */ + if((psa->ace = malloc(sizeof(psa->ace[0]) * psa->num_aces)) == NULL) + return False; + ZERO_STRUCTP(psa->ace); } - for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++) - { + for (i = 0; i < psa->num_aces; i++) { fstring tmp; - slprintf(tmp, sizeof(tmp) - 1, "ace[%02d]: ", i); - if(!sec_io_ace(tmp, &t->ace[i], ps, depth)) + slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); + if(!sec_io_ace(tmp, &psa->ace[i], ps, depth)) return False; } - prs_align(ps); + if(!prs_align(ps)) + return False; - prs_uint16_post("size ", ps, depth, &t->size, offset_acl_size, - old_offset); + if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset)) + return False; return True; } - /******************************************************************* Creates a SEC_DESC structure ********************************************************************/ -int make_sec_desc(SEC_DESC * t, uint16 revision, uint16 type, - DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL * sacl, SEC_ACL * dacl) + +SEC_DESC *make_sec_desc(uint16 revision, uint16 type, + DOM_SID *owner_sid, DOM_SID *grp_sid, + SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size) { + SEC_DESC *dst; uint32 offset; - ZERO_STRUCTP(t); + *sec_desc_size = 0; - t->revision = revision; - t->type = type; + if(( dst = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) + return NULL; - t->off_owner_sid = 0; - t->off_grp_sid = 0; - t->off_sacl = 0; - t->off_dacl = 0; + ZERO_STRUCTP(dst); - t->dacl = dacl; - t->sacl = sacl; - t->owner_sid = owner_sid; - t->grp_sid = grp_sid; + dst->revision = revision; + dst->type = type; + dst->off_owner_sid = 0; + dst->off_grp_sid = 0; + dst->off_sacl = 0; + dst->off_dacl = 0; + + if(owner_sid && ((dst->owner_sid = sid_dup(owner_sid)) == NULL)) + goto error_exit; + + if(grp_sid && ((dst->grp_sid = sid_dup(grp_sid)) == NULL)) + goto error_exit; + + if(sacl && ((dst->sacl = dup_sec_acl(sacl)) == NULL)) + goto error_exit; + + if(dacl && ((dst->dacl = dup_sec_acl(dacl)) == NULL)) + goto error_exit; + offset = 0x0; - if (dacl != NULL) - { + /* + * Work out the linearization sizes. + */ + + if (dst->owner_sid != NULL) { + if (offset == 0) - { - offset = 0x14; - } - t->off_dacl = offset; - offset += dacl->size; - offset = ((offset + 3) & ~3); + offset = SD_HEADER_SIZE; + + dst->off_owner_sid = offset; + offset += ((sid_size(dst->owner_sid) + 3) & ~3); } - if (sacl != NULL) - { + if (dst->grp_sid != NULL) { + if (offset == 0) - { - offset = 0x14; - } - t->off_sacl = offset; - offset += sacl->size; - offset = ((offset + 3) & ~3); + offset = SD_HEADER_SIZE; + + dst->off_grp_sid = offset; + offset += ((sid_size(dst->grp_sid) + 3) & ~3); } - if (owner_sid != NULL) - { + if (dst->sacl != NULL) { + if (offset == 0) - { - offset = 0x14; - } - t->off_owner_sid = offset; - offset += sid_size(owner_sid); - offset = ((offset + 3) & ~3); + offset = SD_HEADER_SIZE; + + dst->off_sacl = offset; + offset += ((sacl->size + 3) & ~3); } - if (grp_sid != NULL) - { + if (dst->dacl != NULL) { + if (offset == 0) - { - offset = 0x14; - } - t->off_grp_sid = offset; - offset += sid_size(grp_sid); + offset = SD_HEADER_SIZE; + + dst->off_dacl = offset; + offset += ((dacl->size + 3) & ~3); } - return (offset == 0) ? 0x14 : offset; + *sec_desc_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset); + return dst; + +error_exit: + + *sec_desc_size = 0; + free_sec_desc(&dst); + return NULL; } +/******************************************************************* + Duplicate a SEC_DESC structure. +********************************************************************/ + +SEC_DESC *dup_sec_desc( SEC_DESC *src) +{ + size_t dummy; + + if(src == NULL) + return NULL; + + return make_sec_desc( src->revision, src->type, + src->owner_sid, src->grp_sid, src->sacl, + src->dacl, &dummy); +} /******************************************************************* -frees a structure + Deletes a SEC_DESC structure ********************************************************************/ -void free_sec_desc(SEC_DESC * t) + +void free_sec_desc(SEC_DESC **ppsd) { - if (t->dacl != NULL) - { - free_sec_acl(t->dacl); - } + SEC_DESC *psd; - if (t->sacl != NULL) - { - free_sec_acl(t->dacl); + if(ppsd == NULL || *ppsd == NULL) + return; - } + psd = *ppsd; - if (t->owner_sid != NULL) - { - free(t->owner_sid); - t->owner_sid = NULL; - } + free_sec_acl(&psd->dacl); + free_sec_acl(&psd->dacl); + free(psd->owner_sid); + free(psd->grp_sid); + free(psd); + *ppsd = NULL; +} - if (t->grp_sid != NULL) - { - free(t->grp_sid); - t->grp_sid = NULL; - } +/******************************************************************* + Creates a SEC_DESC structure with typical defaults. +********************************************************************/ + +SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, + SEC_ACL *dacl, size_t *sec_desc_size) +{ + return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + owner_sid, grp_sid, NULL, dacl, sec_desc_size); } /******************************************************************* -reads or writes a structure. + Reads or writes a SEC_DESC structure. + If reading and the *ppsd = NULL, allocates the structure. ********************************************************************/ -BOOL sec_io_desc(char *desc, SEC_DESC * t, prs_struct *ps, int depth) + +BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) { -#if 0 - uint32 off_owner_sid; - uint32 off_grp_sid; - uint32 off_sacl; - uint32 off_dacl; -#endif uint32 old_offset; - uint32 max_offset = 0; /* after we're done, move offset to end */ + uint32 max_offset = 0; /* after we're done, move offset to end */ + SEC_DESC *psd; - if (t == NULL) + if (ppsd == NULL) return False; + psd = *ppsd; + + if(UNMARSHALLING(ps) && psd == NULL) { + if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) + return False; + ZERO_STRUCTP(psd); + *ppsd = psd; + } + prs_debug(ps, depth, desc, "sec_io_desc"); depth++; - prs_align(ps); - + if(!prs_align(ps)) + return False; + /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); - max_offset = old_offset; - - prs_uint16("revision ", ps, depth, &(t->revision)); - prs_uint16("type ", ps, depth, &(t->type)); - - prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid)); - prs_uint32("off_grp_sid ", ps, depth, &(t->off_grp_sid)); - prs_uint32("off_sacl ", ps, depth, &(t->off_sacl)); - prs_uint32("off_dacl ", ps, depth, &(t->off_dacl)); -#if 0 - prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), - &off_owner_sid); - prs_uint32_pre("off_grp_sid ", ps, depth, &(t->off_grp_sid), - &off_grp_sid); - prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl), &off_sacl); - prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl), &off_dacl); -#endif + + if(!prs_uint16("revision ", ps, depth, &psd->revision)) + return False; + + if(!prs_uint16("type ", ps, depth, &psd->type)) + return False; + + if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)) + return False; + + if(!prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid)) + return False; + + if(!prs_uint32("off_sacl ", ps, depth, &psd->off_sacl)) + return False; + + if(!prs_uint32("off_dacl ", ps, depth, &psd->off_dacl)) + return False; + max_offset = MAX(max_offset, prs_offset(ps)); - if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT)) - { -#if 0 - prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl), - off_dacl, prs_offset(ps) - old_offset); -#endif - if(!prs_set_offset(ps, old_offset + t->off_dacl)) - return False; - if (ps->io) - { + if (psd->off_owner_sid != 0) { + + if (UNMARSHALLING(ps)) { + if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) + return False; /* reading */ - t->dacl = (SEC_ACL *) malloc(sizeof(*t->dacl)); - ZERO_STRUCTP(t->dacl); + if((psd->owner_sid = malloc(sizeof(*psd->owner_sid))) == NULL) + return False; + ZERO_STRUCTP(psd->owner_sid); } - if (t->dacl == NULL) - { - DEBUG(0, ("INVALID DACL\n")); - prs_set_offset(ps, 0xfffffffe); + if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) return False; - } - - if(!sec_io_acl("dacl", t->dacl, ps, depth)) + if(!prs_align(ps)) return False; - prs_align(ps); - } -#if 0 - else - { - prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl), - off_dacl, 0); } -#endif max_offset = MAX(max_offset, prs_offset(ps)); - if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT)) - { -#if 0 - prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl), - off_sacl, prs_offset(ps) - old_offset); -#endif - if(!prs_set_offset(ps, old_offset + t->off_sacl)) - return False; - if (ps->io) - { + if (psd->off_grp_sid != 0) { + + if (UNMARSHALLING(ps)) { /* reading */ - t->sacl = (SEC_ACL *) malloc(sizeof(*t->sacl)); - ZERO_STRUCTP(t->sacl); + if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) + return False; + if((psd->grp_sid = malloc(sizeof(*psd->grp_sid))) == NULL) + return False; + ZERO_STRUCTP(psd->grp_sid); } - if (t->sacl == NULL) - { - DEBUG(0, ("INVALID SACL\n")); - prs_set_offset(ps, 0xfffffffe); + if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) return False; - } - - if(!sec_io_acl("sacl", t->sacl, ps, depth)) + if(!prs_align(ps)) return False; - prs_align(ps); } -#if 0 - else - { - prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl), - off_sacl, 0); - } -#endif max_offset = MAX(max_offset, prs_offset(ps)); -#if 0 - prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), - off_owner_sid, prs_offset(ps) - old_offset); -#endif - if (t->off_owner_sid != 0) - { - if (ps->io) - { - if(!prs_set_offset(ps, old_offset + t->off_owner_sid)) - return False; - } - if (ps->io) - { - /* reading */ - t->owner_sid = - (DOM_SID *)malloc(sizeof(*t->owner_sid)); - ZERO_STRUCTP(t->owner_sid); - } - - if (t->owner_sid == NULL) - { - DEBUG(0, ("INVALID OWNER SID\n")); - prs_set_offset(ps, 0xfffffffe); + if (IS_BITS_SET_ALL(psd->type, SEC_DESC_SACL_PRESENT) && psd->off_sacl) { + if(!prs_set_offset(ps, old_offset + psd->off_sacl)) + return False; + if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) + return False; + if(!prs_align(ps)) return False; - } - - smb_io_dom_sid("owner_sid ", t->owner_sid, ps, depth); - prs_align(ps); } max_offset = MAX(max_offset, prs_offset(ps)); -#if 0 - prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid), - off_grp_sid, prs_offset(ps) - old_offset); -#endif - if (t->off_grp_sid != 0) - { - if (ps->io) - { - if(!prs_set_offset(ps, old_offset + t->off_grp_sid)) - return False; - } - if (ps->io) - { - /* reading */ - t->grp_sid = (DOM_SID *)malloc(sizeof(*t->grp_sid)); - ZERO_STRUCTP(t->grp_sid); - } - - if (t->grp_sid == NULL) - { - DEBUG(0, ("INVALID GROUP SID\n")); - prs_set_offset(ps, 0xfffffffe); + if (IS_BITS_SET_ALL(psd->type, SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { + if(!prs_set_offset(ps, old_offset + psd->off_dacl)) + return False; + if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) + return False; + if(!prs_align(ps)) return False; - } - - smb_io_dom_sid("grp_sid", t->grp_sid, ps, depth); - prs_align(ps); } max_offset = MAX(max_offset, prs_offset(ps)); if(!prs_set_offset(ps, max_offset)) return False; - return True; } /******************************************************************* -creates a SEC_DESC_BUF structure. + Creates a SEC_DESC_BUF structure. ********************************************************************/ -BOOL make_sec_desc_buf(SEC_DESC_BUF * buf, int len, SEC_DESC * data) + +SEC_DESC_BUF *make_sec_desc_buf(size_t len, SEC_DESC *sec_desc) { - ZERO_STRUCTP(buf); + SEC_DESC_BUF *dst; + + if((dst = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF))) == NULL) + return NULL; + + ZERO_STRUCTP(dst); /* max buffer size (allocated size) */ - buf->max_len = len; - buf->undoc = 0; - buf->len = data != NULL ? len : 0; - buf->sec = data; + dst->max_len = (uint32)len; + dst->len = (uint32)len; - return True; + if(sec_desc && ((dst->sec = dup_sec_desc(sec_desc)) == NULL)) { + free_sec_desc_buf(&dst); + return NULL; + } + + return dst; } /******************************************************************* -frees a SEC_DESC_BUF structure. + Duplicates a SEC_DESC_BUF structure. ********************************************************************/ -void free_sec_desc_buf(SEC_DESC_BUF * buf) + +SEC_DESC_BUF *dup_sec_desc_buf(SEC_DESC_BUF *src) { - if (buf == NULL) + if(src == NULL) + return NULL; + + return make_sec_desc_buf( src->len, src->sec); +} + +/******************************************************************* + Deletes a SEC_DESC_BUF structure. +********************************************************************/ + +void free_sec_desc_buf(SEC_DESC_BUF **ppsdb) +{ + SEC_DESC_BUF *psdb; + + if(ppsdb == NULL || *ppsdb == NULL) return; - if (buf->sec != NULL) - { - free_sec_desc(buf->sec); - free(buf->sec); - buf->sec = NULL; - } + + psdb = *ppsdb; + free_sec_desc(&psdb->sec); + free(psdb); + *ppsdb = NULL; } /******************************************************************* -reads or writes a SEC_DESC_BUF structure. + Reads or writes a SEC_DESC_BUF structure. ********************************************************************/ -BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF * sec, prs_struct *ps, - int depth) + +BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) { uint32 off_len; uint32 off_max_len; uint32 old_offset; uint32 size; + SEC_DESC_BUF *psdb; - if (sec == NULL) + if (ppsdb == NULL) return False; + psdb = *ppsdb; + + if (UNMARSHALLING(ps) && psdb == NULL) { + if((psdb = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF))) == NULL) + return False; + ZERO_STRUCTP(psdb); + *ppsdb = psdb; + } + prs_debug(ps, depth, desc, "sec_io_desc_buf"); depth++; - prs_align(ps); - - prs_uint32_pre("max_len", ps, depth, &(sec->max_len), &off_max_len); - prs_uint32("undoc ", ps, depth, &(sec->undoc)); - prs_uint32_pre("len ", ps, depth, &(sec->len), &off_len); + if(!prs_align(ps)) + return False; + + if(!prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len)) + return False; - old_offset = prs_offset(ps); + if(!prs_uint32 ("undoc ", ps, depth, &psdb->undoc)) + return False; - if (sec->len != 0 && ps->io) - { - /* reading */ - sec->sec = (SEC_DESC *) malloc(sizeof(*sec->sec)); - ZERO_STRUCTP(sec->sec); + if(!prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len)) + return False; - if (sec->sec == NULL) - { - DEBUG(0, ("INVALID SEC_DESC\n")); - prs_set_offset(ps, 0xfffffffe); - return False; - } - } + old_offset = prs_offset(ps); /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((sec->len != 0 || (!ps->io)) && sec->sec != NULL) - { - sec_io_desc("sec ", sec->sec, ps, depth); + if ((psdb->len != 0 || MARSHALLING(ps)) && psdb->sec != NULL) { + if(!sec_io_desc("sec ", &psdb->sec, ps, depth)) + return False; } - prs_align(ps); - - size = prs_offset(ps) - old_offset - 8; - prs_uint32_post("max_len", ps, depth, &(sec->max_len), off_max_len, - size == 0 ? sec->max_len : size + 8); - prs_uint32_post("len ", ps, depth, &(sec->len), off_len, - size == 0 ? 0 : size + 8); + if(!prs_align(ps)) + return False; + + size = prs_offset(ps) - old_offset; + if(!prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size)) + return False; - if(!prs_set_offset(ps, old_offset + size + 8)) + if(!prs_uint32_post("len ", ps, depth, &psdb->len, off_len, size)) return False; return True; -- cgit From 61ab5b46cfb93939651b4426016845a035315bf7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Jun 2000 18:17:22 +0000 Subject: Back to building. Now to test with insure. Added some frees needed to stop memory leaks. Jeremy. (This used to be commit eba31e4e802120c9eb8c4688f521b4de9cb91f5c) --- source3/rpc_parse/parse_sec.c | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 76e246ca9e..2aba894834 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -250,18 +250,41 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) return True; } +/******************************************************************* + Works out the linearization size of a SEC_DESC. +********************************************************************/ + +size_t sec_desc_size(SEC_DESC *psd) +{ + size_t offset = SD_HEADER_SIZE; + + if (psd->owner_sid != NULL) + offset += ((sid_size(psd->owner_sid) + 3) & ~3); + + if (psd->grp_sid != NULL) + offset += ((sid_size(psd->grp_sid) + 3) & ~3); + + if (psd->sacl != NULL) + offset += ((psd->sacl->size + 3) & ~3); + + if (psd->dacl != NULL) + offset += ((psd->dacl->size + 3) & ~3); + + return offset; +} + /******************************************************************* Creates a SEC_DESC structure ********************************************************************/ SEC_DESC *make_sec_desc(uint16 revision, uint16 type, DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size) + SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { SEC_DESC *dst; uint32 offset; - *sec_desc_size = 0; + *sd_size = 0; if(( dst = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) return NULL; @@ -288,7 +311,7 @@ SEC_DESC *make_sec_desc(uint16 revision, uint16 type, if(dacl && ((dst->dacl = dup_sec_acl(dacl)) == NULL)) goto error_exit; - offset = 0x0; + offset = 0; /* * Work out the linearization sizes. @@ -330,12 +353,12 @@ SEC_DESC *make_sec_desc(uint16 revision, uint16 type, offset += ((dacl->size + 3) & ~3); } - *sec_desc_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset); + *sd_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset); return dst; error_exit: - *sec_desc_size = 0; + *sd_size = 0; free_sec_desc(&dst); return NULL; } @@ -382,10 +405,10 @@ void free_sec_desc(SEC_DESC **ppsd) ********************************************************************/ SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *dacl, size_t *sec_desc_size) + SEC_ACL *dacl, size_t *sd_size) { return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, - owner_sid, grp_sid, NULL, dacl, sec_desc_size); + owner_sid, grp_sid, NULL, dacl, sd_size); } -- cgit From 3ca34cc49f41aa2fd7c9d5ecb7264d48b5c2c0a6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 4 Jun 2000 23:34:11 +0000 Subject: sec_desc_size() needs to handle a null secdesc (This used to be commit b152d75ea677d4025dcaaf3ae9009db0979dc402) --- source3/rpc_parse/parse_sec.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 2aba894834..51cf52f706 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -256,7 +256,11 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) size_t sec_desc_size(SEC_DESC *psd) { - size_t offset = SD_HEADER_SIZE; + size_t offset; + + if (!psd) return 0; + + offset = SD_HEADER_SIZE; if (psd->owner_sid != NULL) offset += ((sid_size(psd->owner_sid) + 3) & ~3); @@ -411,7 +415,6 @@ SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, owner_sid, grp_sid, NULL, dacl, sd_size); } - /******************************************************************* Reads or writes a SEC_DESC structure. If reading and the *ppsd = NULL, allocates the structure. -- cgit From 0164047afbd082b0003147845a72ca08b4781b81 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 7 Jun 2000 01:49:23 +0000 Subject: Fixing get/set of security descriptors. Removed ugly hack for NT printing. Fixed up tdb parse stuff memory leaks. Jeremy. (This used to be commit 8ef41f31c53e14ad057d883810a1cd2301fede2a) --- source3/rpc_parse/parse_sec.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 51cf52f706..25450e0b19 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -431,11 +431,16 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) psd = *ppsd; - if(UNMARSHALLING(ps) && psd == NULL) { - if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) - return False; - ZERO_STRUCTP(psd); - *ppsd = psd; + if (psd == NULL) { + if(UNMARSHALLING(ps)) { + if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) + return False; + ZERO_STRUCTP(psd); + *ppsd = psd; + } else { + /* Marshalling - just ignore. */ + return True; + } } prs_debug(ps, depth, desc, "sec_io_desc"); @@ -629,7 +634,7 @@ BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth old_offset = prs_offset(ps); /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((psdb->len != 0 || MARSHALLING(ps)) && psdb->sec != NULL) { + if ((UNMARSHALLING(ps) && psdb->len != 0) || (MARSHALLING(ps) && psdb->sec != NULL)) { if(!sec_io_desc("sec ", &psdb->sec, ps, depth)) return False; } -- cgit From b2eef912cfaf768fd26b3b2acbcfc0be2951a197 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 8 Jun 2000 00:17:05 +0000 Subject: Cause printer SD's to be displayed correctly (full control). Jeremy. (This used to be commit 341d07c516865bdd9be99f98cd0754d12b25f9c0) --- source3/rpc_parse/parse_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 25450e0b19..4a7db6d7c2 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -411,7 +411,7 @@ void free_sec_desc(SEC_DESC **ppsd) SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *dacl, size_t *sd_size) { - return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + return make_sec_desc(SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, owner_sid, grp_sid, NULL, dacl, sd_size); } -- cgit From 7f36df301e28dc8ca0e5bfadc109d6e907d9ba2b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 1 Aug 2000 18:32:34 +0000 Subject: Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a) --- source3/rpc_parse/parse_sec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 4a7db6d7c2..00a1532470 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -510,7 +510,7 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) max_offset = MAX(max_offset, prs_offset(ps)); - if (IS_BITS_SET_ALL(psd->type, SEC_DESC_SACL_PRESENT) && psd->off_sacl) { + if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) { if(!prs_set_offset(ps, old_offset + psd->off_sacl)) return False; if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) @@ -521,7 +521,7 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) max_offset = MAX(max_offset, prs_offset(ps)); - if (IS_BITS_SET_ALL(psd->type, SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { + if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { if(!prs_set_offset(ps, old_offset + psd->off_dacl)) return False; if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) -- cgit From 8a190a9e46db3907bd389af68b393adeb6e1ca3d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 7 Nov 2000 02:54:50 +0000 Subject: Merge of printer security descriptor, info level and printerdata comparison changes from appliance branch. (This used to be commit ae087bdf312806e08848695cad70a943bb3d71b9) --- source3/rpc_parse/parse_sec.c | 157 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 00a1532470..39ead58126 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -277,6 +277,163 @@ size_t sec_desc_size(SEC_DESC *psd) return offset; } +/******************************************************************* + Compares two SEC_ACE structures +********************************************************************/ + +BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) +{ + /* Trivial case */ + + if (!s1 && !s2) return True; + + /* Check top level stuff */ + + if (s1->type != s2->type || s1->flags != s2->flags || + s1->info.mask != s2->info.mask) { + return False; + } + + /* Check SID */ + + if (!sid_equal(&s1->sid, &s2->sid)) { + return False; + } + + return True; +} + +/******************************************************************* + Compares two SEC_ACL structures +********************************************************************/ + +BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) +{ + int i, j; + + /* Trivial case */ + + if (!s1 && !s2) return True; + + /* Check top level stuff */ + + if (s1->revision != s2->revision || s1->num_aces != s2->num_aces) { + return False; + } + + /* The ACEs could be in any order so check each ACE in s1 against + each ACE in s2. */ + + for (i = 0; i < s1->num_aces; i++) { + BOOL found = False; + + for (j = 0; j < s2->num_aces; j++) { + if (sec_ace_equal(&s1->ace[i], &s2->ace[j])) { + found = True; + break; + } + } + + if (!found) return False; + } + + return True; +} + +/******************************************************************* + Compares two SEC_DESC structures +********************************************************************/ + +BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) +{ + /* Trivial case */ + + if (!s1 && !s2) return True; + + /* Check top level stuff */ + + if (s1->revision != s2->revision || s1->type != s2->type) { + return False; + } + + /* Check owner and group */ + + if (!sid_equal(s1->owner_sid, s2->owner_sid) || + !sid_equal(s1->grp_sid, s2->grp_sid)) { + return False; + } + + /* Check ACLs present in one but not the other */ + + if ((s1->dacl && !s2->dacl) || (!s1->dacl && s2->dacl) || + (s1->sacl && !s2->sacl) || (!s1->sacl && s2->sacl)) { + return False; + } + + /* Sigh - we have to do it the hard way by iterating over all + the ACEs in the ACLs */ + + if (!sec_acl_equal(s1->dacl, s2->dacl) || + !sec_acl_equal(s1->sacl, s2->sacl)) { + return False; + } + + return True; +} + +/******************************************************************* + Merge part of security descriptor old_sec in to the empty sections of + security descriptor new_sec. +********************************************************************/ + +SEC_DESC_BUF *sec_desc_merge(SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb) +{ + DOM_SID *owner_sid, *group_sid; + SEC_DESC_BUF *return_sdb; + SEC_ACL *dacl, *sacl; + SEC_DESC *psd = NULL; + uint16 secdesc_type; + size_t secdesc_size; + + /* Copy over owner and group sids. There seems to be no flag for + this so just check the pointer values. */ + + owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid : + old_sdb->sec->owner_sid; + + group_sid = new_sdb->sec->grp_sid ? new_sdb->sec->grp_sid : + old_sdb->sec->grp_sid; + + secdesc_type = new_sdb->sec->type; + + /* Ignore changes to the system ACL. This has the effect of making + changes through the security tab audit button not sticking. + Perhaps in future Samba could implement these settings somehow. */ + + sacl = NULL; + secdesc_type &= ~SEC_DESC_SACL_PRESENT; + + /* Copy across discretionary ACL */ + + if (secdesc_type & SEC_DESC_DACL_PRESENT) { + dacl = new_sdb->sec->dacl; + } else { + dacl = old_sdb->sec->dacl; + secdesc_type |= SEC_DESC_DACL_PRESENT; + } + + /* Create new security descriptor from bits */ + + psd = make_sec_desc(new_sdb->sec->revision, secdesc_type, + owner_sid, group_sid, sacl, dacl, &secdesc_size); + + return_sdb = make_sec_desc_buf(secdesc_size, psd); + + free_sec_desc(&psd); + + return(return_sdb); +} + /******************************************************************* Creates a SEC_DESC structure ********************************************************************/ -- cgit From 0e494d7ec6793968337c753fc312b6e56efa2114 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 4 Dec 2000 01:58:22 +0000 Subject: no longer pass the type to make_sec_desc(), instead the type is derived from the other arguments (This used to be commit 9ec4b1fa48fbae937fdf78db06005a7b0cd52d89) --- source3/rpc_parse/parse_sec.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 39ead58126..2d4f745380 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -419,12 +419,11 @@ SEC_DESC_BUF *sec_desc_merge(SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb) dacl = new_sdb->sec->dacl; } else { dacl = old_sdb->sec->dacl; - secdesc_type |= SEC_DESC_DACL_PRESENT; } /* Create new security descriptor from bits */ - psd = make_sec_desc(new_sdb->sec->revision, secdesc_type, + psd = make_sec_desc(new_sdb->sec->revision, owner_sid, group_sid, sacl, dacl, &secdesc_size); return_sdb = make_sec_desc_buf(secdesc_size, psd); @@ -438,7 +437,7 @@ SEC_DESC_BUF *sec_desc_merge(SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb) Creates a SEC_DESC structure ********************************************************************/ -SEC_DESC *make_sec_desc(uint16 revision, uint16 type, +SEC_DESC *make_sec_desc(uint16 revision, DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { @@ -453,7 +452,10 @@ SEC_DESC *make_sec_desc(uint16 revision, uint16 type, ZERO_STRUCTP(dst); dst->revision = revision; - dst->type = type; + dst->type = SEC_DESC_SELF_RELATIVE; + + if (sacl) dst->type |= SEC_DESC_SACL_PRESENT; + if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; dst->off_owner_sid = 0; dst->off_grp_sid = 0; @@ -535,7 +537,7 @@ SEC_DESC *dup_sec_desc( SEC_DESC *src) if(src == NULL) return NULL; - return make_sec_desc( src->revision, src->type, + return make_sec_desc( src->revision, src->owner_sid, src->grp_sid, src->sacl, src->dacl, &dummy); } @@ -568,7 +570,7 @@ void free_sec_desc(SEC_DESC **ppsd) SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *dacl, size_t *sd_size) { - return make_sec_desc(SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + return make_sec_desc(SEC_DESC_REVISION, owner_sid, grp_sid, NULL, dacl, sd_size); } -- cgit From 1fc3e43f9b9b431e8499d2ebd7f557b9bf2ff14c Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Thu, 14 Dec 2000 19:31:24 +0000 Subject: Changes from APPLIANCE_HEAD: - add some debugs for comparing two security descriptors. (source/rpc_parse/parse_sec.c) (This used to be commit 505a8a2277f2bc761bd2b170fafbcb3afd982d92) --- source3/rpc_parse/parse_sec.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 2d4f745380..eac00d8372 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -348,11 +348,14 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) { /* Trivial case */ - if (!s1 && !s2) return True; + if (!s1 && !s2) { + goto done; + } /* Check top level stuff */ if (s1->revision != s2->revision || s1->type != s2->type) { + DEBUG(10, ("sec_desc_equal(): revision/type not equal\n")); return False; } @@ -360,6 +363,7 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) if (!sid_equal(s1->owner_sid, s2->owner_sid) || !sid_equal(s1->grp_sid, s2->grp_sid)) { + DEBUG(10, ("sec_desc_equal(): owner/group not equal\n")); return False; } @@ -367,6 +371,7 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) if ((s1->dacl && !s2->dacl) || (!s1->dacl && s2->dacl) || (s1->sacl && !s2->sacl) || (!s1->sacl && s2->sacl)) { + DEBUG(10, ("sec_desc_equal(): dacl/sacl not equal\n")); return False; } @@ -375,9 +380,12 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) if (!sec_acl_equal(s1->dacl, s2->dacl) || !sec_acl_equal(s1->sacl, s2->sacl)) { + DEBUG(10, ("sec_desc_equal(): dacl/dacl list not equal\n")); return False; } + done: + DEBUG(10, ("sec_equal(): secdescs are identical\n")); return True; } -- cgit From 452102deb4b8aecb45569239685ec73e2e9282ec Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 18 Dec 2000 06:02:31 +0000 Subject: Merged Tim's fixes from appliance-head. Jeremy. (This used to be commit 26f873540c2299600cb80eb059fcdaf70ec82473) --- source3/rpc_parse/parse_sec.c | 47 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 8 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index eac00d8372..e2ca2202e1 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -317,7 +317,15 @@ BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) /* Check top level stuff */ - if (s1->revision != s2->revision || s1->num_aces != s2->num_aces) { + if (s1->revision != s2->revision) { + DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n", + s1->revision, s2->revision)); + return False; + } + + if (s1->num_aces != s2->num_aces) { + DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n", + s1->revision, s2->revision)); return False; } @@ -354,16 +362,39 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) /* Check top level stuff */ - if (s1->revision != s2->revision || s1->type != s2->type) { - DEBUG(10, ("sec_desc_equal(): revision/type not equal\n")); + if (s1->revision != s2->revision) { + DEBUG(10, ("sec_desc_equal(): revision differs (%d != %d)\n", + s1->revision, s2->revision)); + return False; + } + + if (s1->type!= s2->type) { + DEBUG(10, ("sec_desc_equal(): type differs (%d != %d)\n", + s1->type, s2->type)); return False; } /* Check owner and group */ - if (!sid_equal(s1->owner_sid, s2->owner_sid) || - !sid_equal(s1->grp_sid, s2->grp_sid)) { - DEBUG(10, ("sec_desc_equal(): owner/group not equal\n")); + if (!sid_equal(s1->owner_sid, s2->owner_sid)) { + fstring str1, str2; + + sid_to_string(str1, s1->owner_sid); + sid_to_string(str2, s2->owner_sid); + + DEBUG(10, ("sec_desc_equal(): owner differs (%s != %s)\n", + str1, str2)); + return False; + } + + if (!sid_equal(s1->grp_sid, s2->grp_sid)) { + fstring str1, str2; + + sid_to_string(str1, s1->grp_sid); + sid_to_string(str2, s2->grp_sid); + + DEBUG(10, ("sec_desc_equal(): group differs (%s != %s)\n", + str1, str2)); return False; } @@ -371,7 +402,7 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) if ((s1->dacl && !s2->dacl) || (!s1->dacl && s2->dacl) || (s1->sacl && !s2->sacl) || (!s1->sacl && s2->sacl)) { - DEBUG(10, ("sec_desc_equal(): dacl/sacl not equal\n")); + DEBUG(10, ("sec_desc_equal(): dacl or sacl not present\n")); return False; } @@ -380,7 +411,7 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) if (!sec_acl_equal(s1->dacl, s2->dacl) || !sec_acl_equal(s1->sacl, s2->sacl)) { - DEBUG(10, ("sec_desc_equal(): dacl/dacl list not equal\n")); + DEBUG(10, ("sec_desc_equal(): dacl/sacl list not equal\n")); return False; } -- cgit From 3380ffae9c231a34406dd694c9ab03bb0b6d8070 Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Thu, 11 Jan 2001 20:41:19 +0000 Subject: Changes from APPLIANCE_HEAD: testsuite/printing/psec.c - Use lock directory from smb.conf parameter when peeking at the ntdrivers.tdb file. source/rpc_parse/parse_sec.c - fix typo in debug message source/script/installbin.sh - create private directory as part of 'make install'. source/nsswitch/winbindd_cache.c source/nsswitch/winbindd_idmap.c source/passdb/secrets.c source/smbd/connection.c - always convert tdb key to unix code-page when generating. source/printing/nt_printing.c - always convert tdb key to unix code-page when generating. - don't prepend path to a filename that is NULL in add_a_printer_driver_3(). source/rpc_server/srv_spoolss_nt.c - always convert tdb key to unix code-page when generating. - don't prepend server name to a path/filename that is NULL in the fill_printer_driver_info functions. source/printing/printing.c - always convert tdb key to unix code-page when generating. - move access check for print_queue_purge() outside of job delete loop. source/smbd/unix_acls.c - fix for setting ACLs (this got missed earlier) source/lib/messages.c - trivial sync with appliance_head (This used to be commit 376601d17d53ef7bfaafa576bd770e554516e808) --- source3/rpc_parse/parse_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index e2ca2202e1..c2c8ad120c 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -416,7 +416,7 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) } done: - DEBUG(10, ("sec_equal(): secdescs are identical\n")); + DEBUG(10, ("sec_desc_equal(): secdescs are identical\n")); return True; } -- cgit From 92e347379a989f2700aed3fc1c4ce1a269dd020b Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 31 Jan 2001 17:16:09 +0000 Subject: Fixed duplicate free_sec_acl() call in free_sec_desc() function. From "Richard Bollinger" (This used to be commit 5b38513cef0cfeff09f54f855f9ace292050375c) --- source3/rpc_parse/parse_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index c2c8ad120c..1e83b175cc 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -595,7 +595,7 @@ void free_sec_desc(SEC_DESC **ppsd) psd = *ppsd; free_sec_acl(&psd->dacl); - free_sec_acl(&psd->dacl); + free_sec_acl(&psd->sacl); free(psd->owner_sid); free(psd->grp_sid); free(psd); -- cgit From 538fbb7ad0fab7c36259038ab4a7e937b4d85c36 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 27 Feb 2001 02:18:37 +0000 Subject: As prs_alloc_mem now zeros memory, remove superfluous memsets after it. Jeremy. (This used to be commit 94fdffb3557fa68d634d6c402751f5bcb1f6a656) --- source3/rpc_parse/parse_sec.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 1e83b175cc..fa0be04cba 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -206,7 +206,6 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) */ if((psa = (SEC_ACL *)malloc(sizeof(SEC_ACL))) == NULL) return False; - ZERO_STRUCTP(psa); *ppsa = psa; } @@ -231,7 +230,6 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) /* reading */ if((psa->ace = malloc(sizeof(psa->ace[0]) * psa->num_aces)) == NULL) return False; - ZERO_STRUCTP(psa->ace); } for (i = 0; i < psa->num_aces; i++) { @@ -633,7 +631,6 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if(UNMARSHALLING(ps)) { if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) return False; - ZERO_STRUCTP(psd); *ppsd = psd; } else { /* Marshalling - just ignore. */ @@ -678,7 +675,6 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) /* reading */ if((psd->owner_sid = malloc(sizeof(*psd->owner_sid))) == NULL) return False; - ZERO_STRUCTP(psd->owner_sid); } if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) @@ -697,7 +693,6 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; if((psd->grp_sid = malloc(sizeof(*psd->grp_sid))) == NULL) return False; - ZERO_STRUCTP(psd->grp_sid); } if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) @@ -810,7 +805,6 @@ BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth if (UNMARSHALLING(ps) && psdb == NULL) { if((psdb = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF))) == NULL) return False; - ZERO_STRUCTP(psdb); *ppsdb = psdb; } -- cgit From 0f2799aaf1e33aa474a12b9389728d57af926cb3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 28 Feb 2001 00:51:02 +0000 Subject: Move to talloc control of SPOOL_XXX structs. Move to talloc control of security descriptors and pointers. Syncup with 2.2 tree. Jeremy. (This used to be commit 14d5997dc841e78a619e865288486d50c245896d) --- source3/rpc_parse/parse_sec.c | 151 ++++++++++++++---------------------------- 1 file changed, 51 insertions(+), 100 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index fa0be04cba..e5d3a6ce43 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -123,22 +123,19 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) Create a SEC_ACL structure. ********************************************************************/ -SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list) +SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list) { SEC_ACL *dst; int i; - if((dst = (SEC_ACL *)malloc(sizeof(SEC_ACL))) == NULL) + if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL) return NULL; - ZERO_STRUCTP(dst); - dst->revision = revision; dst->num_aces = num_aces; dst->size = 8; - if((dst->ace = (SEC_ACE *)malloc( sizeof(SEC_ACE) * num_aces )) == NULL) { - free_sec_acl(&dst); + if((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces )) == NULL) { return NULL; } @@ -154,31 +151,12 @@ SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list) Duplicate a SEC_ACL structure. ********************************************************************/ -SEC_ACL *dup_sec_acl( SEC_ACL *src) +SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) { if(src == NULL) return NULL; - return make_sec_acl( src->revision, src->num_aces, src->ace); -} - -/******************************************************************* - Delete a SEC_ACL structure. -********************************************************************/ - -void free_sec_acl(SEC_ACL **ppsa) -{ - SEC_ACL *psa; - - if(ppsa == NULL || *ppsa == NULL) - return; - - psa = *ppsa; - if (psa->ace != NULL) - free(psa->ace); - - free(psa); - *ppsa = NULL; + return make_sec_acl(ctx, src->revision, src->num_aces, src->ace); } /******************************************************************* @@ -204,7 +182,7 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) /* * This is a read and we must allocate the stuct to read into. */ - if((psa = (SEC_ACL *)malloc(sizeof(SEC_ACL))) == NULL) + if((psa = (SEC_ACL *)prs_alloc_mem(ps, sizeof(SEC_ACL))) == NULL) return False; *ppsa = psa; } @@ -228,7 +206,7 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) if (UNMARSHALLING(ps) && psa->num_aces != 0) { /* reading */ - if((psa->ace = malloc(sizeof(psa->ace[0]) * psa->num_aces)) == NULL) + if((psa->ace = (SEC_ACE *)prs_alloc_mem(ps,sizeof(psa->ace[0]) * psa->num_aces)) == NULL) return False; } @@ -423,7 +401,7 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) security descriptor new_sec. ********************************************************************/ -SEC_DESC_BUF *sec_desc_merge(SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb) +SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb) { DOM_SID *owner_sid, *group_sid; SEC_DESC_BUF *return_sdb; @@ -460,21 +438,37 @@ SEC_DESC_BUF *sec_desc_merge(SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb) /* Create new security descriptor from bits */ - psd = make_sec_desc(new_sdb->sec->revision, + psd = make_sec_desc(ctx, new_sdb->sec->revision, owner_sid, group_sid, sacl, dacl, &secdesc_size); - return_sdb = make_sec_desc_buf(secdesc_size, psd); - - free_sec_desc(&psd); + return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd); return(return_sdb); } +/******************************************************************* + Tallocs a duplicate SID. +********************************************************************/ + +static DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src) +{ + DOM_SID *dst; + + if(!src) + return NULL; + + if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) { + sid_copy( dst, src); + } + + return dst; +} + /******************************************************************* Creates a SEC_DESC structure ********************************************************************/ -SEC_DESC *make_sec_desc(uint16 revision, +SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { @@ -483,11 +477,9 @@ SEC_DESC *make_sec_desc(uint16 revision, *sd_size = 0; - if(( dst = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) + if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL) return NULL; - ZERO_STRUCTP(dst); - dst->revision = revision; dst->type = SEC_DESC_SELF_RELATIVE; @@ -499,16 +491,16 @@ SEC_DESC *make_sec_desc(uint16 revision, dst->off_sacl = 0; dst->off_dacl = 0; - if(owner_sid && ((dst->owner_sid = sid_dup(owner_sid)) == NULL)) + if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) goto error_exit; - if(grp_sid && ((dst->grp_sid = sid_dup(grp_sid)) == NULL)) + if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL)) goto error_exit; - if(sacl && ((dst->sacl = dup_sec_acl(sacl)) == NULL)) + if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) goto error_exit; - if(dacl && ((dst->dacl = dup_sec_acl(dacl)) == NULL)) + if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) goto error_exit; offset = 0; @@ -559,7 +551,6 @@ SEC_DESC *make_sec_desc(uint16 revision, error_exit: *sd_size = 0; - free_sec_desc(&dst); return NULL; } @@ -567,47 +558,26 @@ error_exit: Duplicate a SEC_DESC structure. ********************************************************************/ -SEC_DESC *dup_sec_desc( SEC_DESC *src) +SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) { size_t dummy; if(src == NULL) return NULL; - return make_sec_desc( src->revision, + return make_sec_desc( ctx, src->revision, src->owner_sid, src->grp_sid, src->sacl, src->dacl, &dummy); } -/******************************************************************* - Deletes a SEC_DESC structure -********************************************************************/ - -void free_sec_desc(SEC_DESC **ppsd) -{ - SEC_DESC *psd; - - if(ppsd == NULL || *ppsd == NULL) - return; - - psd = *ppsd; - - free_sec_acl(&psd->dacl); - free_sec_acl(&psd->sacl); - free(psd->owner_sid); - free(psd->grp_sid); - free(psd); - *ppsd = NULL; -} - /******************************************************************* Creates a SEC_DESC structure with typical defaults. ********************************************************************/ -SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, +SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *dacl, size_t *sd_size) { - return make_sec_desc(SEC_DESC_REVISION, + return make_sec_desc(ctx, SEC_DESC_REVISION, owner_sid, grp_sid, NULL, dacl, sd_size); } @@ -629,7 +599,7 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (psd == NULL) { if(UNMARSHALLING(ps)) { - if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) + if((psd = (SEC_DESC *)prs_alloc_mem(ps,sizeof(SEC_DESC))) == NULL) return False; *ppsd = psd; } else { @@ -673,7 +643,7 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) return False; /* reading */ - if((psd->owner_sid = malloc(sizeof(*psd->owner_sid))) == NULL) + if((psd->owner_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->owner_sid))) == NULL) return False; } @@ -691,7 +661,7 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) /* reading */ if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) return False; - if((psd->grp_sid = malloc(sizeof(*psd->grp_sid))) == NULL) + if((psd->grp_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->grp_sid))) == NULL) return False; } @@ -734,24 +704,23 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) Creates a SEC_DESC_BUF structure. ********************************************************************/ -SEC_DESC_BUF *make_sec_desc_buf(size_t len, SEC_DESC *sec_desc) +SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc) { SEC_DESC_BUF *dst; - if((dst = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF))) == NULL) + if((dst = (SEC_DESC_BUF *)talloc_zero(ctx, sizeof(SEC_DESC_BUF))) == NULL) return NULL; - ZERO_STRUCTP(dst); - /* max buffer size (allocated size) */ dst->max_len = (uint32)len; dst->len = (uint32)len; - - if(sec_desc && ((dst->sec = dup_sec_desc(sec_desc)) == NULL)) { - free_sec_desc_buf(&dst); + + if(sec_desc && ((dst->sec = dup_sec_desc(ctx, sec_desc)) == NULL)) { return NULL; } + dst->ptr = 0x1; + return dst; } @@ -759,32 +728,14 @@ SEC_DESC_BUF *make_sec_desc_buf(size_t len, SEC_DESC *sec_desc) Duplicates a SEC_DESC_BUF structure. ********************************************************************/ -SEC_DESC_BUF *dup_sec_desc_buf(SEC_DESC_BUF *src) +SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src) { if(src == NULL) return NULL; - return make_sec_desc_buf( src->len, src->sec); -} - -/******************************************************************* - Deletes a SEC_DESC_BUF structure. -********************************************************************/ - -void free_sec_desc_buf(SEC_DESC_BUF **ppsdb) -{ - SEC_DESC_BUF *psdb; - - if(ppsdb == NULL || *ppsdb == NULL) - return; - - psdb = *ppsdb; - free_sec_desc(&psdb->sec); - free(psdb); - *ppsdb = NULL; + return make_sec_desc_buf( ctx, src->len, src->sec); } - /******************************************************************* Reads or writes a SEC_DESC_BUF structure. ********************************************************************/ @@ -803,7 +754,7 @@ BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth psdb = *ppsdb; if (UNMARSHALLING(ps) && psdb == NULL) { - if((psdb = (SEC_DESC_BUF *)malloc(sizeof(SEC_DESC_BUF))) == NULL) + if((psdb = (SEC_DESC_BUF *)prs_alloc_mem(ps,sizeof(SEC_DESC_BUF))) == NULL) return False; *ppsdb = psdb; } @@ -817,7 +768,7 @@ BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth if(!prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len)) return False; - if(!prs_uint32 ("undoc ", ps, depth, &psdb->undoc)) + if(!prs_uint32 ("ptr ", ps, depth, &psdb->ptr)) return False; if(!prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len)) -- cgit From 742609a21d4354d12ffee275acccd854e29520bd Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 26 Jun 2001 06:11:40 +0000 Subject: Fixed bug introduced by changeover of security descriptor code from malloc() to talloc(). Previously, creating an ACL containing zero ACEs would return a non-NULL pointer to zero bytes of memory. The talloc() code would return a NULL pointer making the ACL a NULL ACL instead of an empty one. The difference is a NULL ACL allows all access and an empty ACL denies all access. We solve this by calling talloc(ctx, sizeof(SEC_ACE) * num_aces + 1). Heh. (This used to be commit 89eaaafe7d266788609fab6951fd912c441b3a26) --- source3/rpc_parse/parse_sec.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index e5d3a6ce43..7cc4d054fa 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -135,7 +135,14 @@ SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *a dst->num_aces = num_aces; dst->size = 8; - if((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces )) == NULL) { + /* Now we need to return a non-NULL address for the ace list even + if the number of aces required is zero. This is because there + is a distinct difference between a NULL ace and an ace with zero + entries in it. This is achieved by always making the number of + bytes allocated by talloc() positive. Heh. */ + + if((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces + 1)) + == NULL) { return NULL; } -- cgit From 96ff4b8ee260079038cd87bf0aa35fcfe498666b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 26 Jun 2001 06:31:55 +0000 Subject: Ensure we always have a valid pointer on unmarshalling an SD with zero ace entries. Jeremy. (This used to be commit 274c0f5028d41175222dfaaf446e3ed8f5687a5f) --- source3/rpc_parse/parse_sec.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 7cc4d054fa..b202c2a356 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -211,9 +211,13 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces)) return False; - if (UNMARSHALLING(ps) && psa->num_aces != 0) { - /* reading */ - if((psa->ace = (SEC_ACE *)prs_alloc_mem(ps,sizeof(psa->ace[0]) * psa->num_aces)) == NULL) + if (UNMARSHALLING(ps)) { + /* + * Even if the num_aces is zero, allocate memory as there's a difference + * between a non-present DACL (allow all access) and a DACL with no ACE's + * (allow no access). + */ + if((psa->ace = (SEC_ACE *)prs_alloc_mem(ps,sizeof(psa->ace[0]) * (psa->num_aces+1))) == NULL) return False; } -- cgit From a2bac4d2caa0a6533798abc194e4cc837d816d39 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 7 Aug 2001 00:01:41 +0000 Subject: A collection of fixes/cleanups to the security descriptor code by matt_zinkevicius@hp.com (This used to be commit ce22267ec840aaa3cc8f9b88a62b45c723a06b01) --- source3/rpc_parse/parse_sec.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index b202c2a356..3d79c12cdb 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -22,7 +22,6 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - #include "includes.h" extern int DEBUGLEVEL; @@ -138,14 +137,15 @@ SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *a /* Now we need to return a non-NULL address for the ace list even if the number of aces required is zero. This is because there is a distinct difference between a NULL ace and an ace with zero - entries in it. This is achieved by always making the number of - bytes allocated by talloc() positive. Heh. */ + entries in it. This is achieved by checking that num_aces is a + positive number. */ - if((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces + 1)) - == NULL) { + if ((num_aces) && + ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces)) + == NULL)) { return NULL; } - + for (i = 0; i < num_aces; i++) { dst->ace[i] = ace_list[i]; /* Structure copy. */ dst->size += ace_list[i].size; @@ -298,9 +298,10 @@ BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) { int i, j; - /* Trivial case */ + /* Trivial cases */ if (!s1 && !s2) return True; + if (!s1 || !s2) return False; /* Check top level stuff */ @@ -544,7 +545,7 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, offset = SD_HEADER_SIZE; dst->off_sacl = offset; - offset += ((sacl->size + 3) & ~3); + offset += ((dst->sacl->size + 3) & ~3); } if (dst->dacl != NULL) { @@ -553,7 +554,7 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, offset = SD_HEADER_SIZE; dst->off_dacl = offset; - offset += ((dacl->size + 3) & ~3); + offset += ((dst->dacl->size + 3) & ~3); } *sd_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset); -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/rpc_parse/parse_sec.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 3d79c12cdb..98f076c1e3 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -24,8 +24,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - #define SD_HEADER_SIZE 0x14 /******************************************************************* -- cgit From 6d9adfe73c04132ff162d05b0c309395c4a54485 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 30 Nov 2001 01:04:15 +0000 Subject: Renamed sid field in SEC_ACE to trustee to be more in line with MS's definitions. (This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301) --- source3/rpc_parse/parse_sec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 98f076c1e3..0e6f9e2879 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -68,8 +68,8 @@ void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 f t->size = sid_size(sid) + 8; t->info = mask; - ZERO_STRUCTP(&t->sid); - sid_copy(&t->sid, sid); + ZERO_STRUCTP(&t->trustee); + sid_copy(&t->trustee, sid); } /******************************************************************* @@ -107,7 +107,7 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if(!prs_align(ps)) return False; - if(!smb_io_dom_sid("sid ", &psa->sid , ps, depth)) + if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) return False; if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) @@ -281,7 +281,7 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) /* Check SID */ - if (!sid_equal(&s1->sid, &s2->sid)) { + if (!sid_equal(&s1->trustee, &s2->trustee)) { return False; } -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/rpc_parse/parse_sec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 0e6f9e2879..8237ccf95d 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -1,6 +1,5 @@ /* - * Unix SMB/Netbios implementation. - * Version 1.9. + * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, * Copyright (C) Jeremy R. Allison 1995-1998 -- cgit From cfbbf736777aca366e388882a389a214b87ca612 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Mar 2002 01:54:44 +0000 Subject: yipee! Finally put in the patch from Alexey Kotovich that adds the security decsriptor code for ADS workstation accounts thanks for your patience Cat, and thanks to Andrew Bartlett for extensive reviews and suggestions about this code. (This used to be commit 6891393b5db868246fe52ff62b3dc6aa5ca6f726) --- source3/rpc_parse/parse_sec.c | 266 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 243 insertions(+), 23 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 8237ccf95d..4f093b2422 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -23,8 +23,6 @@ #include "includes.h" -#define SD_HEADER_SIZE 0x14 - /******************************************************************* Sets up a SEC_ACCESS structure. ********************************************************************/ @@ -55,6 +53,35 @@ BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) return True; } +/******************************************************************* + Check if ACE has OBJECT type. +********************************************************************/ + +BOOL sec_ace_object(uint8 type) +{ + if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || + type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || + type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || + type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) { + return True; + } + return False; +} + +/******************************************************************* + copy a SEC_ACE structure. +********************************************************************/ +void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) +{ + ace_dest->type = ace_src->type; + ace_dest->flags = ace_src->flags; + ace_dest->size = ace_src->size; + ace_dest->info.mask = ace_src->info.mask; + ace_dest->obj_flags = ace_src->obj_flags; + memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE); + memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE); + sid_copy(&ace_dest->trustee, &ace_src->trustee); +} /******************************************************************* Sets up a SEC_ACE structure. @@ -106,15 +133,104 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if(!prs_align(ps)) return False; - if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) - return False; + /* check whether object access is present */ + if (!sec_ace_object(psa->type)) { + if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) + return False; + } else { + if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags)) + return False; + + if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT) + if (!prs_uint8s(False, "obj_guid", ps, depth, psa->obj_guid.info, GUID_SIZE)) + return False; + + if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT) + if (!prs_uint8s(False, "inh_guid", ps, depth, psa->inh_guid.info, GUID_SIZE)) + return False; + + if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) + return False; + } if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) return False; - return True; } +/******************************************************************* + adds new SID with its permissions to ACE list +********************************************************************/ + +NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, size_t *num, DOM_SID *sid, uint32 mask) +{ + int i = 0; + + if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; + + *num += 1; + + if((new[0] = (SEC_ACE *) talloc_zero(ctx, *num * sizeof(SEC_ACE))) == 0) + return NT_STATUS_NO_MEMORY; + + for (i = 0; i < *num - 1; i ++) + sec_ace_copy(&(*new)[i], &old[i]); + + (*new)[i].type = 0; + (*new)[i].flags = 0; + (*new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); + (*new)[i].info.mask = mask; + sid_copy(&(*new)[i].trustee, sid); + return NT_STATUS_OK; +} + +/******************************************************************* + modify SID's permissions at ACL +********************************************************************/ + +NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) +{ + int i = 0; + + if (!ace || !sid) return NT_STATUS_INVALID_PARAMETER; + + for (i = 0; i < num; i ++) { + if (sid_compare(&ace[i].trustee, sid) == 0) { + ace[i].info.mask = mask; + return NT_STATUS_OK; + } + } + return NT_STATUS_NOT_FOUND; +} + +/******************************************************************* + delete SID from ACL +********************************************************************/ + +NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, size_t *num, DOM_SID *sid) +{ + int i = 0; + int n_del = 0; + + if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; + + if((new[0] = (SEC_ACE *) talloc_zero(ctx, *num * sizeof(SEC_ACE))) == 0) + return NT_STATUS_NO_MEMORY; + + for (i = 0; i < *num; i ++) { + if (sid_compare(&old[i].trustee, sid) != 0) + sec_ace_copy(&(*new)[i], &old[i]); + else + n_del ++; + } + if (n_del == 0) + return NT_STATUS_NOT_FOUND; + else { + *num -= n_del; + return NT_STATUS_OK; + } +} + /******************************************************************* Create a SEC_ACL structure. ********************************************************************/ @@ -129,7 +245,7 @@ SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *a dst->revision = revision; dst->num_aces = num_aces; - dst->size = 8; + dst->size = SEC_ACL_HEADER_SIZE; /* Now we need to return a non-NULL address for the ace list even if the number of aces required is zero. This is because there @@ -244,7 +360,7 @@ size_t sec_desc_size(SEC_DESC *psd) if (!psd) return 0; - offset = SD_HEADER_SIZE; + offset = SEC_DESC_HEADER_SIZE; if (psd->owner_sid != NULL) offset += ((sid_size(psd->owner_sid) + 3) & ~3); @@ -482,7 +598,9 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { SEC_DESC *dst; - uint32 offset; + uint32 offset = 0; + uint32 offset_sid = SEC_DESC_HEADER_SIZE; + uint32 offset_acl = 0; *sd_size = 0; @@ -511,50 +629,58 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) goto error_exit; - + offset = 0; /* * Work out the linearization sizes. */ - if (dst->owner_sid != NULL) { if (offset == 0) - offset = SD_HEADER_SIZE; + offset = SEC_DESC_HEADER_SIZE; - dst->off_owner_sid = offset; offset += ((sid_size(dst->owner_sid) + 3) & ~3); } if (dst->grp_sid != NULL) { if (offset == 0) - offset = SD_HEADER_SIZE; + offset = SEC_DESC_HEADER_SIZE; - dst->off_grp_sid = offset; offset += ((sid_size(dst->grp_sid) + 3) & ~3); } if (dst->sacl != NULL) { - if (offset == 0) - offset = SD_HEADER_SIZE; + offset_acl = SEC_DESC_HEADER_SIZE; - dst->off_sacl = offset; - offset += ((dst->sacl->size + 3) & ~3); + dst->off_sacl = offset_acl; + offset_acl += ((dst->sacl->size + 3) & ~3); + offset += dst->sacl->size; + offset_sid += dst->sacl->size; } if (dst->dacl != NULL) { - if (offset == 0) - offset = SD_HEADER_SIZE; + if (offset_acl == 0) + offset_acl = SEC_DESC_HEADER_SIZE; - dst->off_dacl = offset; - offset += ((dst->dacl->size + 3) & ~3); + dst->off_dacl = offset_acl; + offset_acl += ((dst->dacl->size + 3) & ~3); + offset += dst->dacl->size; + offset_sid += dst->dacl->size; } - *sd_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset); + *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset); + + dst->off_owner_sid = offset_sid; + + if (dst->owner_sid != NULL) + dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid); + else + dst->off_grp_sid = offset_sid; + return dst; error_exit: @@ -599,6 +725,8 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) { uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ + uint32 tmp_offset = 0; + SEC_DESC *psd; if (ppsd == NULL) @@ -656,10 +784,15 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } + tmp_offset = ps->data_offset; + ps->data_offset = psd->off_owner_sid; + if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) return False; if(!prs_align(ps)) return False; + + ps->data_offset = tmp_offset; } max_offset = MAX(max_offset, prs_offset(ps)); @@ -674,10 +807,15 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } + tmp_offset = ps->data_offset; + ps->data_offset = psd->off_grp_sid; + if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) return False; if(!prs_align(ps)) return False; + + ps->data_offset = tmp_offset; } max_offset = MAX(max_offset, prs_offset(ps)); @@ -803,3 +941,85 @@ BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth return True; } + +/******************************************************************* + adds new SID with its permissions to SEC_DESC +********************************************************************/ + +NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 mask, size_t *sd_size) +{ + SEC_DESC *sd = 0; + SEC_ACL *dacl = 0; + SEC_ACE *ace = 0; + NTSTATUS status; + + *sd_size = 0; + + if (!ctx || !psd || !sid || !sd_size) return NT_STATUS_INVALID_PARAMETER; + + status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask); + + if (!NT_STATUS_IS_OK(status)) + return status; + + if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) + return NT_STATUS_UNSUCCESSFUL; + + if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid, + psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) + return NT_STATUS_UNSUCCESSFUL; + + *psd = sd; + sd = 0; + return NT_STATUS_OK; +} + +/******************************************************************* + modify SID's permissions at SEC_DESC +********************************************************************/ + +NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask) +{ + NTSTATUS status; + + if (!sd || !sid) return NT_STATUS_INVALID_PARAMETER; + + status = sec_ace_mod_sid(sd->dacl->ace, sd->dacl->num_aces, sid, mask); + + if (!NT_STATUS_IS_OK(status)) + return status; + + return NT_STATUS_OK; +} + +/******************************************************************* + delete SID from SEC_DESC +********************************************************************/ + +NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size) +{ + SEC_DESC *sd = 0; + SEC_ACL *dacl = 0; + SEC_ACE *ace = 0; + NTSTATUS status; + + *sd_size = 0; + + if (!ctx || !psd[0] || !sid || !sd_size) return NT_STATUS_INVALID_PARAMETER; + + status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid); + + if (!NT_STATUS_IS_OK(status)) + return status; + + if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) + return NT_STATUS_UNSUCCESSFUL; + + if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid, + psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) + return NT_STATUS_UNSUCCESSFUL; + + *psd = sd; + sd = 0; + return NT_STATUS_OK; +} -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/rpc_parse/parse_sec.c | 109 ++++++++++++++++++++++-------------------- 1 file changed, 56 insertions(+), 53 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 4f093b2422..56eaf4c5b5 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -1,5 +1,6 @@ /* - * Unix SMB/CIFS implementation. + * Unix SMB/Netbios implementation. + * Version 1.9. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, * Copyright (C) Jeremy R. Allison 1995-1998 @@ -23,6 +24,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_PARSE + /******************************************************************* Sets up a SEC_ACCESS structure. ********************************************************************/ @@ -43,9 +47,6 @@ BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_access"); depth++; - - if(!prs_align(ps)) - return False; if(!prs_uint32("mask", ps, depth, &(t->mask))) return False; @@ -112,9 +113,6 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_ace"); depth++; - - if(!prs_align(ps)) - return False; old_offset = prs_offset(ps); @@ -130,9 +128,6 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if(!sec_io_access("info ", &psa->info, ps, depth)) return False; - if(!prs_align(ps)) - return False; - /* check whether object access is present */ if (!sec_ace_object(psa->type)) { if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) @@ -293,6 +288,13 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) uint32 offset_acl_size; SEC_ACL *psa; + /* + * Note that the size is always a multiple of 4 bytes due to the + * nature of the data structure. Therefore the prs_align() calls + * have been removed as they through us off when doing two-layer + * marshalling such as in the printing code (NEW_BUFFER). --jerry + */ + if (ppsa == NULL) return False; @@ -309,9 +311,6 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_acl"); depth++; - - if(!prs_align(ps)) - return False; old_offset = prs_offset(ps); @@ -341,9 +340,6 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) return False; } - if(!prs_align(ps)) - return False; - if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset)) return False; @@ -362,17 +358,19 @@ size_t sec_desc_size(SEC_DESC *psd) offset = SEC_DESC_HEADER_SIZE; + /* don't align */ + if (psd->owner_sid != NULL) - offset += ((sid_size(psd->owner_sid) + 3) & ~3); + offset += sid_size(psd->owner_sid); if (psd->grp_sid != NULL) - offset += ((sid_size(psd->grp_sid) + 3) & ~3); + offset += sid_size(psd->grp_sid); if (psd->sacl != NULL) - offset += ((psd->sacl->size + 3) & ~3); + offset += psd->sacl->size; if (psd->dacl != NULL) - offset += ((psd->dacl->size + 3) & ~3); + offset += psd->dacl->size; return offset; } @@ -640,7 +638,7 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, if (offset == 0) offset = SEC_DESC_HEADER_SIZE; - offset += ((sid_size(dst->owner_sid) + 3) & ~3); + offset += sid_size(dst->owner_sid); } if (dst->grp_sid != NULL) { @@ -648,7 +646,7 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, if (offset == 0) offset = SEC_DESC_HEADER_SIZE; - offset += ((sid_size(dst->grp_sid) + 3) & ~3); + offset += sid_size(dst->grp_sid); } if (dst->sacl != NULL) { @@ -656,7 +654,7 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, offset_acl = SEC_DESC_HEADER_SIZE; dst->off_sacl = offset_acl; - offset_acl += ((dst->sacl->size + 3) & ~3); + offset_acl += dst->sacl->size; offset += dst->sacl->size; offset_sid += dst->sacl->size; } @@ -667,19 +665,20 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, offset_acl = SEC_DESC_HEADER_SIZE; dst->off_dacl = offset_acl; - offset_acl += ((dst->dacl->size + 3) & ~3); + offset_acl += dst->dacl->size; offset += dst->dacl->size; offset_sid += dst->dacl->size; } *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset); - dst->off_owner_sid = offset_sid; - if (dst->owner_sid != NULL) + dst->off_owner_sid = offset_sid; + + /* sid_size() returns 0 if the sid is NULL so this is ok */ + + if (dst->grp_sid != NULL) dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid); - else - dst->off_grp_sid = offset_sid; return dst; @@ -748,8 +747,15 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_desc"); depth++; +#if 0 + /* + * if alignment is needed, should be done by the the + * caller. Not here. This caused me problems when marshalling + * printer info into a buffer. --jerry + */ if(!prs_align(ps)) return False; +#endif /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); @@ -776,72 +782,69 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (psd->off_owner_sid != 0) { + tmp_offset = ps->data_offset; + if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) + return False; + if (UNMARSHALLING(ps)) { - if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) - return False; /* reading */ if((psd->owner_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->owner_sid))) == NULL) return False; } - tmp_offset = ps->data_offset; - ps->data_offset = psd->off_owner_sid; - if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) return False; - if(!prs_align(ps)) - return False; - ps->data_offset = tmp_offset; - } + max_offset = MAX(max_offset, prs_offset(ps)); - max_offset = MAX(max_offset, prs_offset(ps)); + if (!prs_set_offset(ps,tmp_offset)) + return False; + } if (psd->off_grp_sid != 0) { + tmp_offset = ps->data_offset; + if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) + return False; + if (UNMARSHALLING(ps)) { /* reading */ - if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) - return False; if((psd->grp_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->grp_sid))) == NULL) return False; } - tmp_offset = ps->data_offset; - ps->data_offset = psd->off_grp_sid; - if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) return False; - if(!prs_align(ps)) - return False; + + max_offset = MAX(max_offset, prs_offset(ps)); - ps->data_offset = tmp_offset; + if (!prs_set_offset(ps,tmp_offset)) + return False; } - max_offset = MAX(max_offset, prs_offset(ps)); - if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) { + tmp_offset = ps->data_offset; if(!prs_set_offset(ps, old_offset + psd->off_sacl)) return False; if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) return False; - if(!prs_align(ps)) + max_offset = MAX(max_offset, prs_offset(ps)); + if (!prs_set_offset(ps,tmp_offset)) return False; } - max_offset = MAX(max_offset, prs_offset(ps)); if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { + tmp_offset = ps->data_offset; if(!prs_set_offset(ps, old_offset + psd->off_dacl)) return False; if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) return False; - if(!prs_align(ps)) + max_offset = MAX(max_offset, prs_offset(ps)); + if (!prs_set_offset(ps,tmp_offset)) return False; } - max_offset = MAX(max_offset, prs_offset(ps)); - if(!prs_set_offset(ps, max_offset)) return False; return True; -- cgit From b0b28531c8cd76d3fcd95da08389d8a4d2e631a3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 11:16:26 +0000 Subject: more bug updates from head (This used to be commit 8b769bf5bbbe54b1a39fd85cc24db09c1ab7faab) --- source3/rpc_parse/parse_sec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 56eaf4c5b5..cec37348b8 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -157,7 +157,7 @@ BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) adds new SID with its permissions to ACE list ********************************************************************/ -NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, size_t *num, DOM_SID *sid, uint32 mask) +NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask) { int i = 0; @@ -165,7 +165,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, size_t *n *num += 1; - if((new[0] = (SEC_ACE *) talloc_zero(ctx, *num * sizeof(SEC_ACE))) == 0) + if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0) return NT_STATUS_NO_MEMORY; for (i = 0; i < *num - 1; i ++) -- cgit From 634c54310c92c48dd4eceec602e230a021bdcfc5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Jan 2003 08:28:12 +0000 Subject: Merge from HEAD - make Samba compile with -Wwrite-strings without additional warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c) --- source3/rpc_parse/parse_sec.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index cec37348b8..a49a34139e 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -40,7 +40,7 @@ void init_sec_access(SEC_ACCESS *t, uint32 mask) Reads or writes a SEC_ACCESS structure. ********************************************************************/ -BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) +BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) { if (t == NULL) return False; @@ -103,7 +103,7 @@ void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 f Reads or writes a SEC_ACE structure. ********************************************************************/ -BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth) +BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; @@ -281,7 +281,7 @@ SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) for you as it reads them. ********************************************************************/ -BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) +BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) { int i; uint32 old_offset; @@ -720,7 +720,7 @@ SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *g If reading and the *ppsd = NULL, allocates the structure. ********************************************************************/ -BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) +BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) { uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ @@ -890,7 +890,7 @@ SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src) Reads or writes a SEC_DESC_BUF structure. ********************************************************************/ -BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) +BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) { uint32 off_len; uint32 off_max_len; -- cgit From 8fc1f1aead6db996a6d96efdc5f81779afc9c8d2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 14 Feb 2003 22:55:46 +0000 Subject: Ensure that only parse_prs.c access internal members of the prs_struct. Needed to move to disk based i/o later. Jeremy. (This used to be commit a823fee5b41a5b6cd4ef05aa1f85f7725bd272a5) --- source3/rpc_parse/parse_sec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index a49a34139e..dbd72e5250 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -782,7 +782,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (psd->off_owner_sid != 0) { - tmp_offset = ps->data_offset; + tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) return False; @@ -803,7 +803,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (psd->off_grp_sid != 0) { - tmp_offset = ps->data_offset; + tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) return False; @@ -823,7 +823,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) } if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) { - tmp_offset = ps->data_offset; + tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd->off_sacl)) return False; if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) @@ -835,7 +835,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { - tmp_offset = ps->data_offset; + tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd->off_dacl)) return False; if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) -- cgit From e88eab35bc03a2d108b27f2209ec4cfb395dcdba Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 17 Mar 2003 23:04:03 +0000 Subject: Merge from HEAD: signed/unsigned (mostly i counters) a little bit of const. Andrew Bartlett (This used to be commit 50f0ca752e5058c4051f42a9337361373ba1f727) --- source3/rpc_parse/parse_sec.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index dbd72e5250..47300e083a 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -159,7 +159,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask) { - int i = 0; + unsigned int i = 0; if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; @@ -185,7 +185,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) { - int i = 0; + unsigned int i = 0; if (!ace || !sid) return NT_STATUS_INVALID_PARAMETER; @@ -202,14 +202,14 @@ NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) delete SID from ACL ********************************************************************/ -NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, size_t *num, DOM_SID *sid) +static NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, uint32 *num, DOM_SID *sid) { - int i = 0; - int n_del = 0; + unsigned int i = 0; + unsigned int n_del = 0; if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; - if((new[0] = (SEC_ACE *) talloc_zero(ctx, *num * sizeof(SEC_ACE))) == 0) + if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0) return NT_STATUS_NO_MEMORY; for (i = 0; i < *num; i ++) { @@ -283,7 +283,7 @@ SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) { - int i; + unsigned int i; uint32 old_offset; uint32 offset_acl_size; SEC_ACL *psa; @@ -407,7 +407,7 @@ BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) { - int i, j; + unsigned int i, j; /* Trivial cases */ -- cgit From ca103a076a53f4da083f3eb7f1b12ac95cb14fe1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 25 Apr 2003 05:29:55 +0000 Subject: This function is a duplicate. (This used to be commit fd0cd6200b4b9b4b002dc5b640620c3fb533873b) --- source3/rpc_parse/parse_sec.c | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 47300e083a..081173cf8d 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -569,24 +569,6 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU return(return_sdb); } -/******************************************************************* - Tallocs a duplicate SID. -********************************************************************/ - -static DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src) -{ - DOM_SID *dst; - - if(!src) - return NULL; - - if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) { - sid_copy( dst, src); - } - - return dst; -} - /******************************************************************* Creates a SEC_DESC structure ********************************************************************/ -- cgit From 545e8d499947fec55832352d741e8a904122d564 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 29 May 2003 23:49:31 +0000 Subject: Change get_nt_acl() to include security_info wanted. Only return this. This gets us closer to W2k+ in what we return for file ACLs. Fix horribly broken make_sec_desc() that screwed up the size when given a SD with no owner or group (how did it get this bad... ?). Jeremy. (This used to be commit 183c9ed4052ab14e269ed1234ca557053f77e77a) --- source3/rpc_parse/parse_sec.c | 57 ++++++++++++------------------------------- 1 file changed, 15 insertions(+), 42 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 081173cf8d..870402db5d 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -48,7 +48,7 @@ BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_access"); depth++; - if(!prs_uint32("mask", ps, depth, &(t->mask))) + if(!prs_uint32("mask", ps, depth, &t->mask)) return False; return True; @@ -579,8 +579,6 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, { SEC_DESC *dst; uint32 offset = 0; - uint32 offset_sid = SEC_DESC_HEADER_SIZE; - uint32 offset_acl = 0; *sd_size = 0; @@ -610,58 +608,33 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) goto error_exit; - offset = 0; + offset = SEC_DESC_HEADER_SIZE; /* * Work out the linearization sizes. */ - if (dst->owner_sid != NULL) { - - if (offset == 0) - offset = SEC_DESC_HEADER_SIZE; - - offset += sid_size(dst->owner_sid); - } - - if (dst->grp_sid != NULL) { - - if (offset == 0) - offset = SEC_DESC_HEADER_SIZE; - - offset += sid_size(dst->grp_sid); - } if (dst->sacl != NULL) { - - offset_acl = SEC_DESC_HEADER_SIZE; - - dst->off_sacl = offset_acl; - offset_acl += dst->sacl->size; - offset += dst->sacl->size; - offset_sid += dst->sacl->size; + dst->off_sacl = offset; + offset += dst->sacl->size; } if (dst->dacl != NULL) { - - if (offset_acl == 0) - offset_acl = SEC_DESC_HEADER_SIZE; - - dst->off_dacl = offset_acl; - offset_acl += dst->dacl->size; - offset += dst->dacl->size; - offset_sid += dst->dacl->size; + dst->off_dacl = offset; + offset += dst->dacl->size; } - *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset); + if (dst->owner_sid != NULL) { + dst->off_owner_sid = offset; + offset += sid_size(dst->owner_sid); + } - if (dst->owner_sid != NULL) - dst->off_owner_sid = offset_sid; - - /* sid_size() returns 0 if the sid is NULL so this is ok */ - - if (dst->grp_sid != NULL) - dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid); + if (dst->grp_sid != NULL) { + dst->off_grp_sid = offset; + offset += sid_size(dst->grp_sid); + } + *sd_size = (size_t)offset; return dst; error_exit: -- cgit From 9fda812d01d899603f7a6f7470e57de53f5c0593 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 30 Jun 2003 18:53:48 +0000 Subject: Finally ! Fixed the ACL ordering bug reported by jcmd. I realised we were not sorting returned ACE's correctly w.r.t. W2K - implemented the correct algorithm. Jeremy. (This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee) --- source3/rpc_parse/parse_sec.c | 122 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 115 insertions(+), 7 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 870402db5d..3848bd7051 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -3,7 +3,7 @@ * Version 1.9. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Jeremy R. Allison 1995-1998 + * Copyright (C) Jeremy R. Allison 1995-2003. * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, * Copyright (C) Paul Ashton 1997-1998. * @@ -901,7 +901,7 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int } /******************************************************************* - adds new SID with its permissions to SEC_DESC + Add a new SID with its permissions to SEC_DESC. ********************************************************************/ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 mask, size_t *sd_size) @@ -913,7 +913,8 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 *sd_size = 0; - if (!ctx || !psd || !sid || !sd_size) return NT_STATUS_INVALID_PARAMETER; + if (!ctx || !psd || !sid || !sd_size) + return NT_STATUS_INVALID_PARAMETER; status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask); @@ -933,14 +934,15 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 } /******************************************************************* - modify SID's permissions at SEC_DESC + Modify a SID's permissions in a SEC_DESC. ********************************************************************/ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask) { NTSTATUS status; - if (!sd || !sid) return NT_STATUS_INVALID_PARAMETER; + if (!sd || !sid) + return NT_STATUS_INVALID_PARAMETER; status = sec_ace_mod_sid(sd->dacl->ace, sd->dacl->num_aces, sid, mask); @@ -951,7 +953,7 @@ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask) } /******************************************************************* - delete SID from SEC_DESC + Delete a SID from a SEC_DESC. ********************************************************************/ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size) @@ -963,7 +965,8 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size = 0; - if (!ctx || !psd[0] || !sid || !sd_size) return NT_STATUS_INVALID_PARAMETER; + if (!ctx || !psd[0] || !sid || !sd_size) + return NT_STATUS_INVALID_PARAMETER; status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid); @@ -981,3 +984,108 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t sd = 0; return NT_STATUS_OK; } + +/******************************************************************* + Comparison function to sort non-inherited first. +*******************************************************************/ + +static int nt_ace_inherit_comp( SEC_ACE *a1, SEC_ACE *a2) +{ + int a1_inh = a1->flags & SEC_ACE_FLAG_INHERITED_ACE; + int a2_inh = a2->flags & SEC_ACE_FLAG_INHERITED_ACE; + + if (a1_inh == a2_inh) + return 0; + + if (!a1_inh && a2_inh) + return -1; + return 1; +} + +/******************************************************************* + Comparison function to apply the order explained below in a group. +*******************************************************************/ + +static int nt_ace_canon_comp( SEC_ACE *a1, SEC_ACE *a2) +{ + if ((a1->type == SEC_ACE_TYPE_ACCESS_DENIED) && + (a2->type != SEC_ACE_TYPE_ACCESS_DENIED)) + return -1; + + if ((a2->type == SEC_ACE_TYPE_ACCESS_DENIED) && + (a1->type != SEC_ACE_TYPE_ACCESS_DENIED)) + return 1; + + /* Both access denied or access allowed. */ + + /* 1. ACEs that apply to the object itself */ + + if (!(a1->flags & SEC_ACE_FLAG_INHERIT_ONLY) && + (a2->flags & SEC_ACE_FLAG_INHERIT_ONLY)) + return -1; + else if (!(a2->flags & SEC_ACE_FLAG_INHERIT_ONLY) && + (a1->flags & SEC_ACE_FLAG_INHERIT_ONLY)) + return 1; + + /* 2. ACEs that apply to a subobject of the object, such as + * a property set or property. */ + + if (a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) && + !(a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT))) + return -1; + else if (a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) && + !(a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT))) + return 1; + + return 0; +} + +/******************************************************************* + Functions to convert a SEC_DESC ACE DACL list into canonical order. + JRA. + +--- from http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/order_of_aces_in_a_dacl.asp + +The following describes the preferred order: + + To ensure that noninherited ACEs have precedence over inherited ACEs, + place all noninherited ACEs in a group before any inherited ACEs. + This ordering ensures, for example, that a noninherited access-denied ACE + is enforced regardless of any inherited ACE that allows access. + + Within the groups of noninherited ACEs and inherited ACEs, order ACEs according to ACE type, as the following shows: + 1. Access-denied ACEs that apply to the object itself + 2. Access-denied ACEs that apply to a subobject of the object, such as a property set or property + 3. Access-allowed ACEs that apply to the object itself + 4. Access-allowed ACEs that apply to a subobject of the object" + +********************************************************************/ + +void dacl_sort_into_canonical_order(SEC_ACE *srclist, unsigned int num_aces) +{ + unsigned int i; + + if (!srclist || num_aces == 0) + return; + + /* Sort so that non-inherited ACE's come first. */ + qsort( srclist, num_aces, sizeof(srclist[0]), QSORT_CAST nt_ace_inherit_comp); + + /* Find the boundary between non-inherited ACEs. */ + for (i = 0; i < num_aces; i++ ) { + SEC_ACE *curr_ace = &srclist[i]; + + if (curr_ace->flags & SEC_ACE_FLAG_INHERITED_ACE) + break; + } + + /* i now points at entry number of the first inherited ACE. */ + + /* Sort the non-inherited ACEs. */ + if (i) + qsort( srclist, i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); + + /* Now sort the inherited ACEs. */ + if (num_aces - i) + qsort( &srclist[i], num_aces - i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); +} -- cgit From 0551426657167c676f1b88443602f9268d21784e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 19 Sep 2003 21:57:43 +0000 Subject: Ensure that dup_sec_desc copies the 'type' field correctly. This caused me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 28b315a7501f42928d73efaa75f74146ba95cf2d) --- source3/rpc_parse/parse_sec.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 3848bd7051..0ed930c08d 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -561,7 +561,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU /* Create new security descriptor from bits */ - psd = make_sec_desc(ctx, new_sdb->sec->revision, + psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type, owner_sid, group_sid, sacl, dacl, &secdesc_size); return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd); @@ -573,7 +573,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU Creates a SEC_DESC structure ********************************************************************/ -SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, +SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { @@ -586,10 +586,12 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, return NULL; dst->revision = revision; - dst->type = SEC_DESC_SELF_RELATIVE; + dst->type = type; - if (sacl) dst->type |= SEC_DESC_SACL_PRESENT; - if (dacl) dst->type |= SEC_DESC_DACL_PRESENT; + if (sacl) + dst->type |= SEC_DESC_SACL_PRESENT; + if (dacl) + dst->type |= SEC_DESC_DACL_PRESENT; dst->off_owner_sid = 0; dst->off_grp_sid = 0; @@ -654,7 +656,7 @@ SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) if(src == NULL) return NULL; - return make_sec_desc( ctx, src->revision, + return make_sec_desc( ctx, src->revision, src->type, src->owner_sid, src->grp_sid, src->sacl, src->dacl, &dummy); } @@ -666,7 +668,7 @@ SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *grp_sid, SEC_ACL *dacl, size_t *sd_size) { - return make_sec_desc(ctx, SEC_DESC_REVISION, + return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, NULL, dacl, sd_size); } @@ -924,7 +926,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) return NT_STATUS_UNSUCCESSFUL; - if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid, + if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; @@ -976,7 +978,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) return NT_STATUS_UNSUCCESSFUL; - if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid, + if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) return NT_STATUS_UNSUCCESSFUL; -- cgit From b1f610ebb1ba1e6ae0f0e9fbbc703f6a4af68b67 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 6 Oct 2003 01:38:46 +0000 Subject: split some security related functions in their own files. (no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1) --- source3/rpc_parse/parse_sec.c | 727 ------------------------------------------ 1 file changed, 727 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 0ed930c08d..bf43ef288a 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -27,15 +27,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_PARSE -/******************************************************************* - Sets up a SEC_ACCESS structure. -********************************************************************/ - -void init_sec_access(SEC_ACCESS *t, uint32 mask) -{ - t->mask = mask; -} - /******************************************************************* Reads or writes a SEC_ACCESS structure. ********************************************************************/ @@ -54,51 +45,6 @@ BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) return True; } -/******************************************************************* - Check if ACE has OBJECT type. -********************************************************************/ - -BOOL sec_ace_object(uint8 type) -{ - if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || - type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || - type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || - type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) { - return True; - } - return False; -} - -/******************************************************************* - copy a SEC_ACE structure. -********************************************************************/ -void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) -{ - ace_dest->type = ace_src->type; - ace_dest->flags = ace_src->flags; - ace_dest->size = ace_src->size; - ace_dest->info.mask = ace_src->info.mask; - ace_dest->obj_flags = ace_src->obj_flags; - memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE); - memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE); - sid_copy(&ace_dest->trustee, &ace_src->trustee); -} - -/******************************************************************* - Sets up a SEC_ACE structure. -********************************************************************/ - -void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) -{ - t->type = type; - t->flags = flag; - t->size = sid_size(sid) + 8; - t->info = mask; - - ZERO_STRUCTP(&t->trustee); - sid_copy(&t->trustee, sid); -} - /******************************************************************* Reads or writes a SEC_ACE structure. ********************************************************************/ @@ -153,127 +99,6 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) return True; } -/******************************************************************* - adds new SID with its permissions to ACE list -********************************************************************/ - -NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask) -{ - unsigned int i = 0; - - if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; - - *num += 1; - - if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0) - return NT_STATUS_NO_MEMORY; - - for (i = 0; i < *num - 1; i ++) - sec_ace_copy(&(*new)[i], &old[i]); - - (*new)[i].type = 0; - (*new)[i].flags = 0; - (*new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); - (*new)[i].info.mask = mask; - sid_copy(&(*new)[i].trustee, sid); - return NT_STATUS_OK; -} - -/******************************************************************* - modify SID's permissions at ACL -********************************************************************/ - -NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) -{ - unsigned int i = 0; - - if (!ace || !sid) return NT_STATUS_INVALID_PARAMETER; - - for (i = 0; i < num; i ++) { - if (sid_compare(&ace[i].trustee, sid) == 0) { - ace[i].info.mask = mask; - return NT_STATUS_OK; - } - } - return NT_STATUS_NOT_FOUND; -} - -/******************************************************************* - delete SID from ACL -********************************************************************/ - -static NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, uint32 *num, DOM_SID *sid) -{ - unsigned int i = 0; - unsigned int n_del = 0; - - if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; - - if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0) - return NT_STATUS_NO_MEMORY; - - for (i = 0; i < *num; i ++) { - if (sid_compare(&old[i].trustee, sid) != 0) - sec_ace_copy(&(*new)[i], &old[i]); - else - n_del ++; - } - if (n_del == 0) - return NT_STATUS_NOT_FOUND; - else { - *num -= n_del; - return NT_STATUS_OK; - } -} - -/******************************************************************* - Create a SEC_ACL structure. -********************************************************************/ - -SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list) -{ - SEC_ACL *dst; - int i; - - if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL) - return NULL; - - dst->revision = revision; - dst->num_aces = num_aces; - dst->size = SEC_ACL_HEADER_SIZE; - - /* Now we need to return a non-NULL address for the ace list even - if the number of aces required is zero. This is because there - is a distinct difference between a NULL ace and an ace with zero - entries in it. This is achieved by checking that num_aces is a - positive number. */ - - if ((num_aces) && - ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces)) - == NULL)) { - return NULL; - } - - for (i = 0; i < num_aces; i++) { - dst->ace[i] = ace_list[i]; /* Structure copy. */ - dst->size += ace_list[i].size; - } - - return dst; -} - -/******************************************************************* - Duplicate a SEC_ACL structure. -********************************************************************/ - -SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src) -{ - if(src == NULL) - return NULL; - - return make_sec_acl(ctx, src->revision, src->num_aces, src->ace); -} - /******************************************************************* Reads or writes a SEC_ACL structure. @@ -346,332 +171,6 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) return True; } -/******************************************************************* - Works out the linearization size of a SEC_DESC. -********************************************************************/ - -size_t sec_desc_size(SEC_DESC *psd) -{ - size_t offset; - - if (!psd) return 0; - - offset = SEC_DESC_HEADER_SIZE; - - /* don't align */ - - if (psd->owner_sid != NULL) - offset += sid_size(psd->owner_sid); - - if (psd->grp_sid != NULL) - offset += sid_size(psd->grp_sid); - - if (psd->sacl != NULL) - offset += psd->sacl->size; - - if (psd->dacl != NULL) - offset += psd->dacl->size; - - return offset; -} - -/******************************************************************* - Compares two SEC_ACE structures -********************************************************************/ - -BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2) -{ - /* Trivial case */ - - if (!s1 && !s2) return True; - - /* Check top level stuff */ - - if (s1->type != s2->type || s1->flags != s2->flags || - s1->info.mask != s2->info.mask) { - return False; - } - - /* Check SID */ - - if (!sid_equal(&s1->trustee, &s2->trustee)) { - return False; - } - - return True; -} - -/******************************************************************* - Compares two SEC_ACL structures -********************************************************************/ - -BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) -{ - unsigned int i, j; - - /* Trivial cases */ - - if (!s1 && !s2) return True; - if (!s1 || !s2) return False; - - /* Check top level stuff */ - - if (s1->revision != s2->revision) { - DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n", - s1->revision, s2->revision)); - return False; - } - - if (s1->num_aces != s2->num_aces) { - DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n", - s1->revision, s2->revision)); - return False; - } - - /* The ACEs could be in any order so check each ACE in s1 against - each ACE in s2. */ - - for (i = 0; i < s1->num_aces; i++) { - BOOL found = False; - - for (j = 0; j < s2->num_aces; j++) { - if (sec_ace_equal(&s1->ace[i], &s2->ace[j])) { - found = True; - break; - } - } - - if (!found) return False; - } - - return True; -} - -/******************************************************************* - Compares two SEC_DESC structures -********************************************************************/ - -BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) -{ - /* Trivial case */ - - if (!s1 && !s2) { - goto done; - } - - /* Check top level stuff */ - - if (s1->revision != s2->revision) { - DEBUG(10, ("sec_desc_equal(): revision differs (%d != %d)\n", - s1->revision, s2->revision)); - return False; - } - - if (s1->type!= s2->type) { - DEBUG(10, ("sec_desc_equal(): type differs (%d != %d)\n", - s1->type, s2->type)); - return False; - } - - /* Check owner and group */ - - if (!sid_equal(s1->owner_sid, s2->owner_sid)) { - fstring str1, str2; - - sid_to_string(str1, s1->owner_sid); - sid_to_string(str2, s2->owner_sid); - - DEBUG(10, ("sec_desc_equal(): owner differs (%s != %s)\n", - str1, str2)); - return False; - } - - if (!sid_equal(s1->grp_sid, s2->grp_sid)) { - fstring str1, str2; - - sid_to_string(str1, s1->grp_sid); - sid_to_string(str2, s2->grp_sid); - - DEBUG(10, ("sec_desc_equal(): group differs (%s != %s)\n", - str1, str2)); - return False; - } - - /* Check ACLs present in one but not the other */ - - if ((s1->dacl && !s2->dacl) || (!s1->dacl && s2->dacl) || - (s1->sacl && !s2->sacl) || (!s1->sacl && s2->sacl)) { - DEBUG(10, ("sec_desc_equal(): dacl or sacl not present\n")); - return False; - } - - /* Sigh - we have to do it the hard way by iterating over all - the ACEs in the ACLs */ - - if (!sec_acl_equal(s1->dacl, s2->dacl) || - !sec_acl_equal(s1->sacl, s2->sacl)) { - DEBUG(10, ("sec_desc_equal(): dacl/sacl list not equal\n")); - return False; - } - - done: - DEBUG(10, ("sec_desc_equal(): secdescs are identical\n")); - return True; -} - -/******************************************************************* - Merge part of security descriptor old_sec in to the empty sections of - security descriptor new_sec. -********************************************************************/ - -SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb) -{ - DOM_SID *owner_sid, *group_sid; - SEC_DESC_BUF *return_sdb; - SEC_ACL *dacl, *sacl; - SEC_DESC *psd = NULL; - uint16 secdesc_type; - size_t secdesc_size; - - /* Copy over owner and group sids. There seems to be no flag for - this so just check the pointer values. */ - - owner_sid = new_sdb->sec->owner_sid ? new_sdb->sec->owner_sid : - old_sdb->sec->owner_sid; - - group_sid = new_sdb->sec->grp_sid ? new_sdb->sec->grp_sid : - old_sdb->sec->grp_sid; - - secdesc_type = new_sdb->sec->type; - - /* Ignore changes to the system ACL. This has the effect of making - changes through the security tab audit button not sticking. - Perhaps in future Samba could implement these settings somehow. */ - - sacl = NULL; - secdesc_type &= ~SEC_DESC_SACL_PRESENT; - - /* Copy across discretionary ACL */ - - if (secdesc_type & SEC_DESC_DACL_PRESENT) { - dacl = new_sdb->sec->dacl; - } else { - dacl = old_sdb->sec->dacl; - } - - /* Create new security descriptor from bits */ - - psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type, - owner_sid, group_sid, sacl, dacl, &secdesc_size); - - return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd); - - return(return_sdb); -} - -/******************************************************************* - Creates a SEC_DESC structure -********************************************************************/ - -SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type, - DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) -{ - SEC_DESC *dst; - uint32 offset = 0; - - *sd_size = 0; - - if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL) - return NULL; - - dst->revision = revision; - dst->type = type; - - if (sacl) - dst->type |= SEC_DESC_SACL_PRESENT; - if (dacl) - dst->type |= SEC_DESC_DACL_PRESENT; - - dst->off_owner_sid = 0; - dst->off_grp_sid = 0; - dst->off_sacl = 0; - dst->off_dacl = 0; - - if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL)) - goto error_exit; - - if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL)) - goto error_exit; - - if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL)) - goto error_exit; - - if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL)) - goto error_exit; - - offset = SEC_DESC_HEADER_SIZE; - - /* - * Work out the linearization sizes. - */ - - if (dst->sacl != NULL) { - dst->off_sacl = offset; - offset += dst->sacl->size; - } - - if (dst->dacl != NULL) { - dst->off_dacl = offset; - offset += dst->dacl->size; - } - - if (dst->owner_sid != NULL) { - dst->off_owner_sid = offset; - offset += sid_size(dst->owner_sid); - } - - if (dst->grp_sid != NULL) { - dst->off_grp_sid = offset; - offset += sid_size(dst->grp_sid); - } - - *sd_size = (size_t)offset; - return dst; - -error_exit: - - *sd_size = 0; - return NULL; -} - -/******************************************************************* - Duplicate a SEC_DESC structure. -********************************************************************/ - -SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src) -{ - size_t dummy; - - if(src == NULL) - return NULL; - - return make_sec_desc( ctx, src->revision, src->type, - src->owner_sid, src->grp_sid, src->sacl, - src->dacl, &dummy); -} - -/******************************************************************* - Creates a SEC_DESC structure with typical defaults. -********************************************************************/ - -SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *dacl, size_t *sd_size) -{ - return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, - owner_sid, grp_sid, NULL, dacl, sd_size); -} - /******************************************************************* Reads or writes a SEC_DESC structure. If reading and the *ppsd = NULL, allocates the structure. @@ -807,42 +306,6 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return True; } -/******************************************************************* - Creates a SEC_DESC_BUF structure. -********************************************************************/ - -SEC_DESC_BUF *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, SEC_DESC *sec_desc) -{ - SEC_DESC_BUF *dst; - - if((dst = (SEC_DESC_BUF *)talloc_zero(ctx, sizeof(SEC_DESC_BUF))) == NULL) - return NULL; - - /* max buffer size (allocated size) */ - dst->max_len = (uint32)len; - dst->len = (uint32)len; - - if(sec_desc && ((dst->sec = dup_sec_desc(ctx, sec_desc)) == NULL)) { - return NULL; - } - - dst->ptr = 0x1; - - return dst; -} - -/******************************************************************* - Duplicates a SEC_DESC_BUF structure. -********************************************************************/ - -SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src) -{ - if(src == NULL) - return NULL; - - return make_sec_desc_buf( ctx, src->len, src->sec); -} - /******************************************************************* Reads or writes a SEC_DESC_BUF structure. ********************************************************************/ @@ -901,193 +364,3 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int return True; } - -/******************************************************************* - Add a new SID with its permissions to SEC_DESC. -********************************************************************/ - -NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 mask, size_t *sd_size) -{ - SEC_DESC *sd = 0; - SEC_ACL *dacl = 0; - SEC_ACE *ace = 0; - NTSTATUS status; - - *sd_size = 0; - - if (!ctx || !psd || !sid || !sd_size) - return NT_STATUS_INVALID_PARAMETER; - - status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid, mask); - - if (!NT_STATUS_IS_OK(status)) - return status; - - if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) - return NT_STATUS_UNSUCCESSFUL; - - if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, - psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) - return NT_STATUS_UNSUCCESSFUL; - - *psd = sd; - sd = 0; - return NT_STATUS_OK; -} - -/******************************************************************* - Modify a SID's permissions in a SEC_DESC. -********************************************************************/ - -NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask) -{ - NTSTATUS status; - - if (!sd || !sid) - return NT_STATUS_INVALID_PARAMETER; - - status = sec_ace_mod_sid(sd->dacl->ace, sd->dacl->num_aces, sid, mask); - - if (!NT_STATUS_IS_OK(status)) - return status; - - return NT_STATUS_OK; -} - -/******************************************************************* - Delete a SID from a SEC_DESC. -********************************************************************/ - -NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size) -{ - SEC_DESC *sd = 0; - SEC_ACL *dacl = 0; - SEC_ACE *ace = 0; - NTSTATUS status; - - *sd_size = 0; - - if (!ctx || !psd[0] || !sid || !sd_size) - return NT_STATUS_INVALID_PARAMETER; - - status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->ace, &psd[0]->dacl->num_aces, sid); - - if (!NT_STATUS_IS_OK(status)) - return status; - - if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace))) - return NT_STATUS_UNSUCCESSFUL; - - if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, - psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size))) - return NT_STATUS_UNSUCCESSFUL; - - *psd = sd; - sd = 0; - return NT_STATUS_OK; -} - -/******************************************************************* - Comparison function to sort non-inherited first. -*******************************************************************/ - -static int nt_ace_inherit_comp( SEC_ACE *a1, SEC_ACE *a2) -{ - int a1_inh = a1->flags & SEC_ACE_FLAG_INHERITED_ACE; - int a2_inh = a2->flags & SEC_ACE_FLAG_INHERITED_ACE; - - if (a1_inh == a2_inh) - return 0; - - if (!a1_inh && a2_inh) - return -1; - return 1; -} - -/******************************************************************* - Comparison function to apply the order explained below in a group. -*******************************************************************/ - -static int nt_ace_canon_comp( SEC_ACE *a1, SEC_ACE *a2) -{ - if ((a1->type == SEC_ACE_TYPE_ACCESS_DENIED) && - (a2->type != SEC_ACE_TYPE_ACCESS_DENIED)) - return -1; - - if ((a2->type == SEC_ACE_TYPE_ACCESS_DENIED) && - (a1->type != SEC_ACE_TYPE_ACCESS_DENIED)) - return 1; - - /* Both access denied or access allowed. */ - - /* 1. ACEs that apply to the object itself */ - - if (!(a1->flags & SEC_ACE_FLAG_INHERIT_ONLY) && - (a2->flags & SEC_ACE_FLAG_INHERIT_ONLY)) - return -1; - else if (!(a2->flags & SEC_ACE_FLAG_INHERIT_ONLY) && - (a1->flags & SEC_ACE_FLAG_INHERIT_ONLY)) - return 1; - - /* 2. ACEs that apply to a subobject of the object, such as - * a property set or property. */ - - if (a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) && - !(a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT))) - return -1; - else if (a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) && - !(a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT))) - return 1; - - return 0; -} - -/******************************************************************* - Functions to convert a SEC_DESC ACE DACL list into canonical order. - JRA. - ---- from http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/order_of_aces_in_a_dacl.asp - -The following describes the preferred order: - - To ensure that noninherited ACEs have precedence over inherited ACEs, - place all noninherited ACEs in a group before any inherited ACEs. - This ordering ensures, for example, that a noninherited access-denied ACE - is enforced regardless of any inherited ACE that allows access. - - Within the groups of noninherited ACEs and inherited ACEs, order ACEs according to ACE type, as the following shows: - 1. Access-denied ACEs that apply to the object itself - 2. Access-denied ACEs that apply to a subobject of the object, such as a property set or property - 3. Access-allowed ACEs that apply to the object itself - 4. Access-allowed ACEs that apply to a subobject of the object" - -********************************************************************/ - -void dacl_sort_into_canonical_order(SEC_ACE *srclist, unsigned int num_aces) -{ - unsigned int i; - - if (!srclist || num_aces == 0) - return; - - /* Sort so that non-inherited ACE's come first. */ - qsort( srclist, num_aces, sizeof(srclist[0]), QSORT_CAST nt_ace_inherit_comp); - - /* Find the boundary between non-inherited ACEs. */ - for (i = 0; i < num_aces; i++ ) { - SEC_ACE *curr_ace = &srclist[i]; - - if (curr_ace->flags & SEC_ACE_FLAG_INHERITED_ACE) - break; - } - - /* i now points at entry number of the first inherited ACE. */ - - /* Sort the non-inherited ACEs. */ - if (i) - qsort( srclist, i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); - - /* Now sort the inherited ACEs. */ - if (num_aces - i) - qsort( &srclist[i], num_aces - i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); -} -- cgit From 8ad3d8c9b065f3a2040beff801bdc9dceac868a8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 13 Apr 2004 14:39:48 +0000 Subject: r196: merging struct uuid from trunk (This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb) --- source3/rpc_parse/parse_sec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index bf43ef288a..a78627650a 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -83,11 +83,11 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) return False; if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT) - if (!prs_uint8s(False, "obj_guid", ps, depth, psa->obj_guid.info, GUID_SIZE)) + if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth)) return False; if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT) - if (!prs_uint8s(False, "inh_guid", ps, depth, psa->inh_guid.info, GUID_SIZE)) + if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth)) return False; if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/rpc_parse/parse_sec.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index a78627650a..8656b8f5d8 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -129,7 +129,7 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) /* * This is a read and we must allocate the stuct to read into. */ - if((psa = (SEC_ACL *)prs_alloc_mem(ps, sizeof(SEC_ACL))) == NULL) + if((psa = PRS_ALLOC_MEM(ps, SEC_ACL, 1)) == NULL) return False; *ppsa = psa; } @@ -154,7 +154,7 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) * between a non-present DACL (allow all access) and a DACL with no ACE's * (allow no access). */ - if((psa->ace = (SEC_ACE *)prs_alloc_mem(ps,sizeof(psa->ace[0]) * (psa->num_aces+1))) == NULL) + if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) return False; } @@ -191,7 +191,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (psd == NULL) { if(UNMARSHALLING(ps)) { - if((psd = (SEC_DESC *)prs_alloc_mem(ps,sizeof(SEC_DESC))) == NULL) + if((psd = PRS_ALLOC_MEM(ps,SEC_DESC,1)) == NULL) return False; *ppsd = psd; } else { @@ -244,7 +244,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (UNMARSHALLING(ps)) { /* reading */ - if((psd->owner_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->owner_sid))) == NULL) + if((psd->owner_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) return False; } @@ -265,7 +265,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (UNMARSHALLING(ps)) { /* reading */ - if((psd->grp_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->grp_sid))) == NULL) + if((psd->grp_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) return False; } @@ -324,7 +324,7 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int psdb = *ppsdb; if (UNMARSHALLING(ps) && psdb == NULL) { - if((psdb = (SEC_DESC_BUF *)prs_alloc_mem(ps,sizeof(SEC_DESC_BUF))) == NULL) + if((psdb = PRS_ALLOC_MEM(ps,SEC_DESC_BUF,1)) == NULL) return False; *ppsdb = psdb; } -- cgit From b3b315078e747c37b5330def90f2103ab1a549fb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 20 Jan 2005 18:31:11 +0000 Subject: r4875: Fix for bugid #221, inspired by Mrinal Kalakrishnan . NT sometimes send garbage bytes in NT security descriptor linearizations when sending well-known sids. Cope with these. Jeremy. (This used to be commit 51b34bb536fdb18c99da1e151eba03ea634e0449) --- source3/rpc_parse/parse_sec.c | 82 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 69 insertions(+), 13 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 8656b8f5d8..f6fdf10292 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -3,7 +3,7 @@ * Version 1.9. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-1998, - * Copyright (C) Jeremy R. Allison 1995-2003. + * Copyright (C) Jeremy R. Allison 1995-2005. * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, * Copyright (C) Paul Ashton 1997-1998. * @@ -94,8 +94,24 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) return False; } + /* Theorectically an ACE can have a size greater than the + sum of its components. When marshalling, pad with extra null bytes up to the + correct size. */ + + if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) { + uint32 extra_len = psa->size - (prs_offset(ps) - old_offset); + uint32 i; + uint8 c = 0; + + for (i = 0; i < extra_len; i++) { + if (!prs_uint8("ace extra space", ps, depth, &c)) + return False; + } + } + if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) return False; + return True; } @@ -165,6 +181,20 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) return False; } + /* Theorectically an ACL can have a size greater than the + sum of its components. When marshalling, pad with extra null bytes up to the + correct size. */ + + if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) { + uint32 extra_len = psa->size - (prs_offset(ps) - old_offset); + uint8 c = 0; + + for (i = 0; i < extra_len; i++) { + if (!prs_uint8("acl extra space", ps, depth, &c)) + return False; + } + } + if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset)) return False; @@ -181,7 +211,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ uint32 tmp_offset = 0; - + SEC_DESC *psd; if (ppsd == NULL) @@ -203,16 +233,6 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_desc"); depth++; -#if 0 - /* - * if alignment is needed, should be done by the the - * caller. Not here. This caused me problems when marshalling - * printer info into a buffer. --jerry - */ - if(!prs_align(ps)) - return False; -#endif - /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); @@ -222,6 +242,42 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if(!prs_uint16("type ", ps, depth, &psd->type)) return False; + if (MARSHALLING(ps)) { + uint32 offset = SEC_DESC_HEADER_SIZE; + + /* + * Work out the offsets here, as we write it out. + */ + + if (psd->sacl != NULL) { + psd->off_sacl = offset; + offset += psd->sacl->size; + } else { + psd->off_sacl = 0; + } + + if (psd->dacl != NULL) { + psd->off_dacl = offset; + offset += psd->dacl->size; + } else { + psd->off_dacl = 0; + } + + if (psd->owner_sid != NULL) { + psd->off_owner_sid = offset; + offset += sid_size(psd->owner_sid); + } else { + psd->off_owner_sid = 0; + } + + if (psd->grp_sid != NULL) { + psd->off_grp_sid = offset; + offset += sid_size(psd->grp_sid); + } else { + psd->off_grp_sid = 0; + } + } + if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)) return False; @@ -289,7 +345,6 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { tmp_offset = prs_offset(ps); if(!prs_set_offset(ps, old_offset + psd->off_dacl)) @@ -303,6 +358,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if(!prs_set_offset(ps, max_offset)) return False; + return True; } -- cgit From 61dfab9f705cb38e552dcec1822974433997543c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 15 Mar 2005 19:43:44 +0000 Subject: r5805: merging spoolss parsing changes from trunk and cleaning up resulting segvs (This used to be commit 25121547caaaed0d60f4db7458570c14e7d21b2a) --- source3/rpc_parse/parse_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index f6fdf10292..6a752688a0 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -133,7 +133,7 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) * Note that the size is always a multiple of 4 bytes due to the * nature of the data structure. Therefore the prs_align() calls * have been removed as they through us off when doing two-layer - * marshalling such as in the printing code (NEW_BUFFER). --jerry + * marshalling such as in the printing code (RPC_BUFFER). --jerry */ if (ppsa == NULL) -- cgit From 4db7642caa99c1b054322a8971c4b673556487ce Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 20 Sep 2006 22:23:12 +0000 Subject: r18745: Use the Samba4 data structures for security descriptors and security descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366) --- source3/rpc_parse/parse_sec.c | 91 +++++++++++++++++++++++-------------------- 1 file changed, 48 insertions(+), 43 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 6a752688a0..32a8a8cd32 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -39,7 +39,7 @@ BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "sec_io_access"); depth++; - if(!prs_uint32("mask", ps, depth, &t->mask)) + if(!prs_uint32("mask", ps, depth, t)) return False; return True; @@ -62,7 +62,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) old_offset = prs_offset(ps); - if(!prs_uint8("type ", ps, depth, &psa->type)) + if(!prs_uint8("type ", ps, depth, (uint8*)&psa->type)) return False; if(!prs_uint8("flags", ps, depth, &psa->flags)) @@ -71,7 +71,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size)) return False; - if(!sec_io_access("info ", &psa->info, ps, depth)) + if(!prs_uint32("access_mask", ps, depth, &psa->access_mask)) return False; /* check whether object access is present */ @@ -79,15 +79,15 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) return False; } else { - if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags)) + if (!prs_uint32("obj_flags", ps, depth, &psa->object.object.flags)) return False; - if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT) - if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth)) + if (psa->object.object.flags & SEC_ACE_OBJECT_PRESENT) + if (!smb_io_uuid("obj_guid", &psa->object.object.type.type, ps,depth)) return False; - if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT) - if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth)) + if (psa->object.object.flags & SEC_ACE_OBJECT_INHERITED_PRESENT) + if (!smb_io_uuid("inh_guid", &psa->object.object.inherited_type.inherited_type, ps,depth)) return False; if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) @@ -155,7 +155,7 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) old_offset = prs_offset(ps); - if(!prs_uint16("revision", ps, depth, &psa->revision)) + if(!prs_uint16("revision", ps, depth, (uint16 *)&psa->revision)) return False; if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size)) @@ -170,14 +170,14 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) * between a non-present DACL (allow all access) and a DACL with no ACE's * (allow no access). */ - if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) + if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) return False; } for (i = 0; i < psa->num_aces; i++) { fstring tmp; slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); - if(!sec_io_ace(tmp, &psa->ace[i], ps, depth)) + if(!sec_io_ace(tmp, &psa->aces[i], ps, depth)) return False; } @@ -211,6 +211,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ uint32 tmp_offset = 0; + uint32 off_sacl, off_dacl, off_owner_sid, off_grp_sid; SEC_DESC *psd; @@ -236,7 +237,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); - if(!prs_uint16("revision ", ps, depth, &psd->revision)) + if(!prs_uint16("revision ", ps, depth, (uint16*)&psd->revision)) return False; if(!prs_uint16("type ", ps, depth, &psd->type)) @@ -250,52 +251,52 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) */ if (psd->sacl != NULL) { - psd->off_sacl = offset; + off_sacl = offset; offset += psd->sacl->size; } else { - psd->off_sacl = 0; + off_sacl = 0; } if (psd->dacl != NULL) { - psd->off_dacl = offset; + off_dacl = offset; offset += psd->dacl->size; } else { - psd->off_dacl = 0; + off_dacl = 0; } if (psd->owner_sid != NULL) { - psd->off_owner_sid = offset; + off_owner_sid = offset; offset += sid_size(psd->owner_sid); } else { - psd->off_owner_sid = 0; + off_owner_sid = 0; } - if (psd->grp_sid != NULL) { - psd->off_grp_sid = offset; - offset += sid_size(psd->grp_sid); + if (psd->group_sid != NULL) { + off_grp_sid = offset; + offset += sid_size(psd->group_sid); } else { - psd->off_grp_sid = 0; + off_grp_sid = 0; } } - if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)) + if(!prs_uint32("off_owner_sid", ps, depth, &off_owner_sid)) return False; - if(!prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid)) + if(!prs_uint32("off_grp_sid ", ps, depth, &off_grp_sid)) return False; - if(!prs_uint32("off_sacl ", ps, depth, &psd->off_sacl)) + if(!prs_uint32("off_sacl ", ps, depth, &off_sacl)) return False; - if(!prs_uint32("off_dacl ", ps, depth, &psd->off_dacl)) + if(!prs_uint32("off_dacl ", ps, depth, &off_dacl)) return False; max_offset = MAX(max_offset, prs_offset(ps)); - if (psd->off_owner_sid != 0) { + if (off_owner_sid != 0) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) + if(!prs_set_offset(ps, old_offset + off_owner_sid)) return False; if (UNMARSHALLING(ps)) { @@ -313,19 +314,19 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if (psd->off_grp_sid != 0) { + if (psd->group_sid != 0) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) + if(!prs_set_offset(ps, old_offset + off_grp_sid)) return False; if (UNMARSHALLING(ps)) { /* reading */ - if((psd->grp_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) + if((psd->group_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL) return False; } - if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) + if(!smb_io_dom_sid("grp_sid", psd->group_sid, ps, depth)) return False; max_offset = MAX(max_offset, prs_offset(ps)); @@ -334,9 +335,9 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) { + if ((psd->type & SEC_DESC_SACL_PRESENT) && off_sacl) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_sacl)) + if(!prs_set_offset(ps, old_offset + off_sacl)) return False; if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) return False; @@ -345,9 +346,9 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; } - if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) { + if ((psd->type & SEC_DESC_DACL_PRESENT) && off_dacl != 0) { tmp_offset = prs_offset(ps); - if(!prs_set_offset(ps, old_offset + psd->off_dacl)) + if(!prs_set_offset(ps, old_offset + off_dacl)) return False; if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) return False; @@ -372,7 +373,9 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int uint32 off_max_len; uint32 old_offset; uint32 size; + uint32 len; SEC_DESC_BUF *psdb; + uint32 ptr; if (ppsdb == NULL) return False; @@ -391,20 +394,22 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int if(!prs_align(ps)) return False; - if(!prs_uint32_pre("max_len", ps, depth, &psdb->max_len, &off_max_len)) + if(!prs_uint32_pre("max_len", ps, depth, &psdb->sd_size, &off_max_len)) return False; - if(!prs_uint32 ("ptr ", ps, depth, &psdb->ptr)) + ptr = 1; + if(!prs_uint32 ("ptr ", ps, depth, &ptr)) return False; - if(!prs_uint32_pre("len ", ps, depth, &psdb->len, &off_len)) + len = sec_desc_size(psdb->sd); + if(!prs_uint32_pre("len ", ps, depth, &len, &off_len)) return False; old_offset = prs_offset(ps); /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((UNMARSHALLING(ps) && psdb->len != 0) || (MARSHALLING(ps) && psdb->sec != NULL)) { - if(!sec_io_desc("sec ", &psdb->sec, ps, depth)) + if ((UNMARSHALLING(ps) && psdb->sd_size != 0) || (MARSHALLING(ps) && psdb->sd != NULL)) { + if(!sec_io_desc("sec ", &psdb->sd, ps, depth)) return False; } @@ -412,10 +417,10 @@ BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int return False; size = prs_offset(ps) - old_offset; - if(!prs_uint32_post("max_len", ps, depth, &psdb->max_len, off_max_len, size == 0 ? psdb->max_len : size)) + if(!prs_uint32_post("max_len", ps, depth, &psdb->sd_size, off_max_len, size == 0 ? psdb->sd_size : size)) return False; - if(!prs_uint32_post("len ", ps, depth, &psdb->len, off_len, size)) + if(!prs_uint32_post("len ", ps, depth, &len, off_len, size)) return False; return True; -- cgit From 35a852150198e057b7e8a6463db16443d9ff2e40 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 23 Sep 2006 17:59:52 +0000 Subject: r18845: Fix a type-punned warning that turned out to be a real bug: The secdesc revision is now an enum that might be represented as anything, in particular as an int. It's definitely not a uint16 :-) Volker (This used to be commit 7c5d66c97111389b679aadb7b8b6721f07496bda) --- source3/rpc_parse/parse_sec.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 32a8a8cd32..be789b2ef5 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -128,6 +128,7 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) uint32 old_offset; uint32 offset_acl_size; SEC_ACL *psa; + uint16 revision; /* * Note that the size is always a multiple of 4 bytes due to the @@ -155,9 +156,17 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) old_offset = prs_offset(ps); - if(!prs_uint16("revision", ps, depth, (uint16 *)&psa->revision)) + if (MARSHALLING(ps)) { + revision = (uint16)psa->revision; + } + + if(!prs_uint16("revision", ps, depth, &revision)) return False; + if (UNMARSHALLING(ps)) { + psa->revision = (enum security_acl_revision)revision; + } + if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size)) return False; @@ -212,6 +221,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) uint32 max_offset = 0; /* after we're done, move offset to end */ uint32 tmp_offset = 0; uint32 off_sacl, off_dacl, off_owner_sid, off_grp_sid; + uint16 revision; SEC_DESC *psd; @@ -237,9 +247,17 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) /* start of security descriptor stored for back-calc offset purposes */ old_offset = prs_offset(ps); - if(!prs_uint16("revision ", ps, depth, (uint16*)&psd->revision)) + if (MARSHALLING(ps)) { + revision = (uint16)psd->revision; + } + + if(!prs_uint16("revision", ps, depth, &revision)) return False; + if (UNMARSHALLING(ps)) { + psd->revision = (enum security_acl_revision)revision; + } + if(!prs_uint16("type ", ps, depth, &psd->type)) return False; -- cgit From b9b964a360b3319a2170bf3ed8ca94190195a691 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 23 Sep 2006 18:24:03 +0000 Subject: r18846: Fix the same bug Volker noticed when marshalling/unmarshalling SEC_ACE. "type" is also an enum that may be any size. Treat as a uint8. Jeremy. (This used to be commit fd97f48ba38cb6a737302dac5cf23239ce7059cc) --- source3/rpc_parse/parse_sec.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index be789b2ef5..bc33062264 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -53,6 +53,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; + uint8 type; if (psa == NULL) return False; @@ -62,9 +63,17 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) old_offset = prs_offset(ps); - if(!prs_uint8("type ", ps, depth, (uint8*)&psa->type)) + if (MARSHALLING(ps)) { + type = (uint8)psa->type; + } + + if(!prs_uint8("type ", ps, depth, &type)) return False; + if (UNMARSHALLING(ps)) { + psa->type = (enum security_ace_type)type; + } + if(!prs_uint8("flags", ps, depth, &psa->flags)) return False; -- cgit From d34f6bb969092166c961e328229b1b05a30f6930 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 14 May 2007 14:23:51 +0000 Subject: r22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all branches (This used to be commit f65214be68c1a59d9598bfb9f3b19e71cc3fa07b) --- source3/rpc_parse/parse_sec.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index bc33062264..72accad1b6 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -183,13 +183,12 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) return False; if (UNMARSHALLING(ps)) { - /* - * Even if the num_aces is zero, allocate memory as there's a difference - * between a non-present DACL (allow all access) and a DACL with no ACE's - * (allow no access). - */ - if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL) - return False; + if (psa->num_aces) { + if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces)) == NULL) + return False; + } else { + psa->aces = NULL; + } } for (i = 0; i < psa->num_aces; i++) { -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/rpc_parse/parse_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 72accad1b6..7a6787867e 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -9,7 +9,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/rpc_parse/parse_sec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 7a6787867e..d9c12bf3da 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -18,8 +18,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #include "includes.h" -- cgit From 84058d493355927cd884d1a8848a4497a473db2a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 28 Jul 2007 18:52:28 +0000 Subject: r24067: Fix a type mismatch found by the IBM checker (This used to be commit 411a1a2037886f934c6522ddef7a04d5c4a1fa69) --- source3/rpc_parse/parse_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index d9c12bf3da..378d1920a4 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -262,7 +262,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) return False; if (UNMARSHALLING(ps)) { - psd->revision = (enum security_acl_revision)revision; + psd->revision = (enum security_descriptor_revision)revision; } if(!prs_uint16("type ", ps, depth, &psd->type)) -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/rpc_parse/parse_sec.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 378d1920a4..6198a78de0 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -30,7 +30,7 @@ Reads or writes a SEC_ACCESS structure. ********************************************************************/ -BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) +bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) { if (t == NULL) return False; @@ -48,7 +48,7 @@ BOOL sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) Reads or writes a SEC_ACE structure. ********************************************************************/ -BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) +bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) { uint32 old_offset; uint32 offset_ace_size; @@ -130,7 +130,7 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) for you as it reads them. ********************************************************************/ -BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) +bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) { unsigned int i; uint32 old_offset; @@ -222,7 +222,7 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) If reading and the *ppsd = NULL, allocates the structure. ********************************************************************/ -BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) +bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) { uint32 old_offset; uint32 max_offset = 0; /* after we're done, move offset to end */ @@ -392,7 +392,7 @@ BOOL sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) Reads or writes a SEC_DESC_BUF structure. ********************************************************************/ -BOOL sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) +bool sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth) { uint32 off_len; uint32 off_max_len; -- cgit From a59280792cab616f5b269960ab68bc44ccc1fd38 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 29 Dec 2007 22:16:31 +0100 Subject: Remove tiny code duplication sid_size did the same as ndr_size_dom_sid (This used to be commit 8aec5d09ba023413bd8ecbdfbc7d23904df94389) --- source3/rpc_parse/parse_sec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 6198a78de0..36bd5825bd 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -291,14 +291,14 @@ bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) if (psd->owner_sid != NULL) { off_owner_sid = offset; - offset += sid_size(psd->owner_sid); + offset += ndr_size_dom_sid(psd->owner_sid, 0); } else { off_owner_sid = 0; } if (psd->group_sid != NULL) { off_grp_sid = offset; - offset += sid_size(psd->group_sid); + offset += ndr_size_dom_sid(psd->group_sid, 0); } else { off_grp_sid = 0; } -- cgit From 7cbdb48475b0340154fad60cb4b7cc53dc2bbcfd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 29 Dec 2007 23:00:49 +0100 Subject: Remove tiny code duplication ndr_size_security_descriptor does the same as sec_desc_size (This used to be commit bc3bd7a8e7c6e9e27acb195c86abb92c0f53112f) --- source3/rpc_parse/parse_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 36bd5825bd..6ea128d3a4 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -426,7 +426,7 @@ bool sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int if(!prs_uint32 ("ptr ", ps, depth, &ptr)) return False; - len = sec_desc_size(psdb->sd); + len = ndr_size_security_descriptor(psdb->sd, 0); if(!prs_uint32_pre("len ", ps, depth, &len, &off_len)) return False; -- cgit From 44bf22911a785c8d28caa26f40bd35ae84cef3f4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 16 Feb 2008 20:29:49 +0100 Subject: Remove unused code, make fns static (This used to be commit 5c762c6d57dce1016ebe2613a75b492eeac84c3d) --- source3/rpc_parse/parse_sec.c | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) (limited to 'source3/rpc_parse/parse_sec.c') diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 6ea128d3a4..c71b31086a 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -26,29 +26,12 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_PARSE -/******************************************************************* - Reads or writes a SEC_ACCESS structure. -********************************************************************/ - -bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) -{ - if (t == NULL) - return False; - - prs_debug(ps, depth, desc, "sec_io_access"); - depth++; - - if(!prs_uint32("mask", ps, depth, t)) - return False; - - return True; -} - /******************************************************************* Reads or writes a SEC_ACE structure. ********************************************************************/ -bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) +static bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, + int depth) { uint32 old_offset; uint32 offset_ace_size; @@ -130,7 +113,8 @@ bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) for you as it reads them. ********************************************************************/ -bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) +static bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, + int depth) { unsigned int i; uint32 old_offset; -- cgit