source: vendor/current/libcli/security/object_tree.c

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago

Samba Server: update vendor to version 4.4.3
File size: 3.6 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3
4 security access checking routines
5
6 Copyright (C) Nadezhda Ivanova 2009
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20*/
21
22/*
23 * Description: Contains data handler functions for
24 * the object tree that must be constructed to perform access checks.
25 * The object tree is an unbalanced tree of depth 3, indexed by
26 * object type guid. Perhaps a different data structure
27 * should be concidered later to improve performance
28 *
29 * Author: Nadezhda Ivanova
30 */
31#include "includes.h"
32#include "libcli/security/security.h"
33#include "librpc/ndr/libndr.h"
34
35/* Adds a new node to the object tree. If attributeSecurityGUID is not zero and
36 * has already been added to the tree, the new node is added as a child of that node
37 * In all other cases as a child of the root
38 */
39
40bool insert_in_object_tree(TALLOC_CTX *mem_ctx,
41 const struct GUID *guid,
42 uint32_t init_access,
43 struct object_tree *root,
44 struct object_tree **new_node_out)
45{
46 struct object_tree *new_node;
47
48 if (!guid || GUID_all_zero(guid)){
49 return true;
50 }
51
52 if (!root) {
53 root = talloc_zero(mem_ctx, struct object_tree);
54 if (!root) {
55 return false;
56 }
57 new_node = root;
58 } else {
59 int i;
60
61 for (i = 0; i < root->num_of_children; i++) {
62 if (GUID_equal(&root->children[i].guid, guid)) {
63 new_node = &root->children[i];
64 new_node->remaining_access |= init_access;
65 *new_node_out = new_node;
66 return true;
67 }
68 }
69
70 root->children = talloc_realloc(mem_ctx, root->children,
71 struct object_tree,
72 root->num_of_children + 1);
73 if (!root->children) {
74 return false;
75 }
76 new_node = &root->children[root->num_of_children];
77 root->num_of_children++;
78 }
79
80 new_node->children = NULL;
81 new_node->guid = *guid;
82 new_node->remaining_access = init_access;
83 new_node->num_of_children = 0;
84
85 *new_node_out = new_node;
86 return true;
87}
88
89/* search by GUID */
90struct object_tree *get_object_tree_by_GUID(struct object_tree *root,
91 const struct GUID *guid)
92{
93 struct object_tree *result = NULL;
94 int i;
95
96 if (!root || GUID_equal(&root->guid, guid)) {
97 result = root;
98 return result;
99 }
100 for (i = 0; i < root->num_of_children; i++) {
101 if ((result = get_object_tree_by_GUID(&root->children[i], guid)))
102 break;
103 }
104 return result;
105}
106
107/**
108 * @brief Modify the tree to mark specified access rights as granted
109 *
110 * This function will modify the root and the child of the tree pointed by
111 * root, so that for each tree element the bits set in access_mask are
112 * marked as granted.
113 *
114 * @param[in] root An object_tree structure that we want to modify
115 *
116 * @param[in] access_mask A bitfield of access right that we want to mark as
117 * granted in the whole tree.
118 */
119void object_tree_modify_access(struct object_tree *root,
120 uint32_t access_mask)
121{
122 int i;
123 root->remaining_access &= ~access_mask;
124 for (i = 0; i < root->num_of_children; i++) {
125 object_tree_modify_access(&root->children[i], access_mask);
126 }
127}
Note: See TracBrowser for help on using the repository browser.