From 7e7d0598c61424210ad98d22aa575d285a5bc529 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 6 Jul 2000 07:12:13 +0000 Subject: se_access_check() tests. (This used to be commit bba912cad8dfcef3dbc1db020304ab29fd71d5cb) --- testsuite/smbd/se_access_check_utils.c | 158 +++++++++++++++++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 testsuite/smbd/se_access_check_utils.c (limited to 'testsuite/smbd/se_access_check_utils.c') diff --git a/testsuite/smbd/se_access_check_utils.c b/testsuite/smbd/se_access_check_utils.c new file mode 100644 index 0000000000..316bb5d905 --- /dev/null +++ b/testsuite/smbd/se_access_check_utils.c @@ -0,0 +1,158 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Security context tests + Copyright (C) Tim Potter 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "se_access_check_utils.h" + +void char_to_sid(DOM_SID *sid, char *sid_str) +{ + /* If it looks like a SID, call string_to_sid() else look it up + using wbinfo. */ + + if (strncmp(sid_str, "S-", 2) == 0) { + string_to_sid(sid, sid_str); + } else { + struct winbindd_request request; + struct winbindd_response response; + + /* Send off request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + fstrcpy(request.data.name, sid_str); + if (winbindd_request(WINBINDD_LOOKUPNAME, &request, + &response) != NSS_STATUS_SUCCESS) { + printf("FAIL: unable to look up sid for name %s\n", + sid_str); + exit(1); + } + + string_to_sid(sid, response.data.sid.sid); + printf("converted char %s to sid %s\n", sid_str, + response.data.sid.sid); + } +} + +/* Construct an ACL from a list of ace_entry structures */ + +SEC_ACL *build_acl(struct ace_entry *ace_list) +{ + SEC_ACE *aces = NULL; + SEC_ACL *result; + int num_aces = 0; + + if (ace_list == NULL) return NULL; + + /* Create aces */ + + while(ace_list->sid) { + SEC_ACCESS sa; + DOM_SID sid; + + /* Create memory for new ACE */ + + if (!(aces = Realloc(aces, + sizeof(SEC_ACE) * (num_aces + 1)))) { + return NULL; + } + + /* Create ace */ + + init_sec_access(&sa, ace_list->mask); + + char_to_sid(&sid, ace_list->sid); + init_sec_ace(&aces[num_aces], &sid, ace_list->type, + sa, ace_list->flags); + + num_aces++; + ace_list++; + } + + /* Create ACL from list of ACEs */ + + result = make_sec_acl(ACL_REVISION, num_aces, aces); + free(aces); + + return result; +} + +/* Make a security descriptor */ + +SEC_DESC *build_sec_desc(struct ace_entry *dacl, struct ace_entry *sacl, + char *owner_sid, char *group_sid) +{ + DOM_SID the_owner_sid, the_group_sid; + SEC_ACL *the_dacl, *the_sacl; + SEC_DESC *result; + size_t size; + + /* Build up bits of security descriptor */ + + char_to_sid(&the_owner_sid, owner_sid); + char_to_sid(&the_group_sid, group_sid); + + the_dacl = build_acl(dacl); + the_sacl = build_acl(sacl); + + result = make_sec_desc(SEC_DESC_REVISION, + SEC_DESC_SELF_RELATIVE | SEC_DESC_DACL_PRESENT, + &the_owner_sid, &the_group_sid, + the_sacl, the_dacl, &size); + + free_sec_acl(&the_dacl); + free_sec_acl(&the_sacl); + + return result; +} + +/* Iterate over password database and call a user-specified function */ + +void visit_pwdb(BOOL (*fn)(struct passwd *pw, int ngroups, gid_t *groups)) +{ + struct passwd *pw; + int ngroups; + gid_t *groups; + + setpwent(); + + while ((pw = getpwent())) { + BOOL result; + + /* Get grouplist */ + + ngroups = getgroups(0, NULL); + + groups = malloc(sizeof(gid_t) * ngroups); + getgroups(ngroups, groups); + + /* Call function */ + + result = fn(pw, ngroups, groups); + if (!result) break; + + /* Clean up */ + + free(groups); + } + + endpwent(); +} -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- testsuite/smbd/se_access_check_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'testsuite/smbd/se_access_check_utils.c') diff --git a/testsuite/smbd/se_access_check_utils.c b/testsuite/smbd/se_access_check_utils.c index 316bb5d905..ce7bef16e5 100644 --- a/testsuite/smbd/se_access_check_utils.c +++ b/testsuite/smbd/se_access_check_utils.c @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 58e9534300430fa4f2bcb50fb2d1d2990bdbe636 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:57:11 +0000 Subject: r23785: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit d0e89d246d8e5e64196d6c1d16d39a70579ca42f) --- testsuite/smbd/se_access_check_utils.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'testsuite/smbd/se_access_check_utils.c') diff --git a/testsuite/smbd/se_access_check_utils.c b/testsuite/smbd/se_access_check_utils.c index ce7bef16e5..fbd2dab465 100644 --- a/testsuite/smbd/se_access_check_utils.c +++ b/testsuite/smbd/se_access_check_utils.c @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit