Changeset 740 for vendor/current/libcli/security
- Timestamp:
- Nov 14, 2012, 12:59:34 PM (13 years ago)
- Location:
- vendor/current/libcli/security
- Files:
-
- 18 added
- 1 deleted
- 9 edited
-
access_check.c (added)
-
access_check.h (added)
-
config.mk (deleted)
-
create_descriptor.c (added)
-
display_sec.c (modified) (3 diffs)
-
display_sec.h (added)
-
dom_sid.c (modified) (5 diffs)
-
dom_sid.h (modified) (2 diffs)
-
object_tree.c (added)
-
privileges.c (added)
-
privileges.h (added)
-
privileges_private.h (added)
-
pysecurity.c (added)
-
sddl.c (added)
-
sddl.h (added)
-
secace.c (modified) (12 diffs)
-
secace.h (modified) (1 diff)
-
secacl.c (modified) (2 diffs)
-
secacl.h (modified) (1 diff)
-
security.h (added)
-
security_descriptor.c (modified) (5 diffs)
-
security_descriptor.h (modified) (1 diff)
-
security_token.c (added)
-
security_token.h (added)
-
session.c (added)
-
session.h (added)
-
util_sid.c (added)
-
wscript_build (added)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/libcli/security/display_sec.c
r414 r740 20 20 21 21 #include "includes.h" 22 #include "librpc/gen_ndr/security.h" 23 #include "libcli/security/secace.h" 24 #include "libcli/security/dom_sid.h" 22 #include "libcli/security/security.h" 25 23 #include "librpc/ndr/libndr.h" 24 #include "libcli/security/display_sec.h" 26 25 27 26 /**************************************************************************** … … 160 159 static void disp_sec_ace_object(struct security_ace_object *object) 161 160 { 161 char *str; 162 162 if (object->flags & SEC_ACE_OBJECT_TYPE_PRESENT) { 163 str = GUID_string(NULL, &object->type.type); 164 if (str == NULL) return; 163 165 printf("Object type: SEC_ACE_OBJECT_TYPE_PRESENT\n"); 164 printf("Object GUID: %s\n", GUID_string(talloc_tos(),165 &object->type.type));166 printf("Object GUID: %s\n", str); 167 talloc_free(str); 166 168 } 167 169 if (object->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) { 170 str = GUID_string(NULL, &object->inherited_type.inherited_type); 171 if (str == NULL) return; 168 172 printf("Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT\n"); 169 printf("Object GUID: %s\n", GUID_string(talloc_tos(),170 &object->inherited_type.inherited_type));173 printf("Object GUID: %s\n", str); 174 talloc_free(str); 171 175 } 172 176 } … … 231 235 void display_sec_acl(struct security_acl *sec_acl) 232 236 { 233 int i;234 235 printf("\tACL\tNum ACEs:\t% d\trevision:\t%x\n",237 uint32_t i; 238 239 printf("\tACL\tNum ACEs:\t%u\trevision:\t%x\n", 236 240 sec_acl->num_aces, sec_acl->revision); 237 241 printf("\t---\n"); -
vendor/current/libcli/security/dom_sid.c
r581 r740 29 29 *****************************************************************/ 30 30 31 staticint dom_sid_compare_auth(const struct dom_sid *sid1,32 31 int dom_sid_compare_auth(const struct dom_sid *sid1, 32 const struct dom_sid *sid2) 33 33 { 34 34 int i; … … 86 86 } 87 87 88 /* Yes, I did think about multibyte issues here, and for all I can see there's 89 * none of those for parsing a SID. */ 90 #undef strncasecmp 88 /***************************************************************** 89 Add a rid to the end of a sid 90 *****************************************************************/ 91 92 bool sid_append_rid(struct dom_sid *sid, uint32_t rid) 93 { 94 if (sid->num_auths < ARRAY_SIZE(sid->sub_auths)) { 95 sid->sub_auths[sid->num_auths++] = rid; 96 return true; 97 } 98 return false; 99 } 100 101 /* 102 See if 2 SIDs are in the same domain 103 this just compares the leading sub-auths 104 */ 105 int dom_sid_compare_domain(const struct dom_sid *sid1, 106 const struct dom_sid *sid2) 107 { 108 int n, i; 109 110 n = MIN(sid1->num_auths, sid2->num_auths); 111 112 for (i = n-1; i >= 0; --i) 113 if (sid1->sub_auths[i] != sid2->sub_auths[i]) 114 return sid1->sub_auths[i] - sid2->sub_auths[i]; 115 116 return dom_sid_compare_auth(sid1, sid2); 117 } 118 119 /***************************************************************** 120 Convert a string to a SID. Returns True on success, False on fail. 121 Return the first character not parsed in endp. 122 *****************************************************************/ 123 124 bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, 125 const char **endp) 126 { 127 const char *p; 128 char *q; 129 /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ 130 uint32_t conv; 131 132 ZERO_STRUCTP(sidout); 133 134 if ((sidstr[0] != 'S' && sidstr[0] != 's') || sidstr[1] != '-') { 135 goto format_error; 136 } 137 138 /* Get the revision number. */ 139 p = sidstr + 2; 140 141 if (!isdigit(*p)) { 142 goto format_error; 143 } 144 145 conv = (uint32_t) strtoul(p, &q, 10); 146 if (!q || (*q != '-')) { 147 goto format_error; 148 } 149 sidout->sid_rev_num = (uint8_t) conv; 150 q++; 151 152 if (!isdigit(*q)) { 153 goto format_error; 154 } 155 156 /* get identauth */ 157 conv = (uint32_t) strtoul(q, &q, 10); 158 if (!q) { 159 goto format_error; 160 } 161 162 /* identauth in decimal should be < 2^32 */ 163 /* NOTE - the conv value is in big-endian format. */ 164 sidout->id_auth[0] = 0; 165 sidout->id_auth[1] = 0; 166 sidout->id_auth[2] = (conv & 0xff000000) >> 24; 167 sidout->id_auth[3] = (conv & 0x00ff0000) >> 16; 168 sidout->id_auth[4] = (conv & 0x0000ff00) >> 8; 169 sidout->id_auth[5] = (conv & 0x000000ff); 170 171 sidout->num_auths = 0; 172 if (*q != '-') { 173 /* Just id_auth, no subauths */ 174 return true; 175 } 176 177 q++; 178 179 while (true) { 180 char *end; 181 182 if (!isdigit(*q)) { 183 goto format_error; 184 } 185 186 conv = strtoul(q, &end, 10); 187 if (end == q) { 188 goto format_error; 189 } 190 191 if (!sid_append_rid(sidout, conv)) { 192 DEBUG(3, ("Too many sid auths in %s\n", sidstr)); 193 return false; 194 } 195 196 q = end; 197 if (*q != '-') { 198 break; 199 } 200 q += 1; 201 } 202 if (endp != NULL) { 203 *endp = q; 204 } 205 return true; 206 207 format_error: 208 DEBUG(3, ("string_to_sid: SID %s is not in a valid format\n", sidstr)); 209 return false; 210 } 211 212 bool string_to_sid(struct dom_sid *sidout, const char *sidstr) 213 { 214 return dom_sid_parse(sidstr, sidout); 215 } 91 216 92 217 bool dom_sid_parse(const char *sidstr, struct dom_sid *ret) 93 218 { 94 uint_t rev, ia, num_sub_auths, i; 95 char *p; 96 97 if (strncasecmp(sidstr, "S-", 2)) { 98 return false; 99 } 100 101 sidstr += 2; 102 103 rev = strtol(sidstr, &p, 10); 104 if (*p != '-') { 105 return false; 106 } 107 sidstr = p+1; 108 109 ia = strtol(sidstr, &p, 10); 110 if (p == sidstr) { 111 return false; 112 } 113 sidstr = p; 114 115 num_sub_auths = 0; 116 for (i=0;sidstr[i];i++) { 117 if (sidstr[i] == '-') num_sub_auths++; 118 } 119 120 if (num_sub_auths > MAXSUBAUTHS) { 121 return false; 122 } 123 124 ret->sid_rev_num = rev; 125 ret->id_auth[0] = 0; 126 ret->id_auth[1] = 0; 127 ret->id_auth[2] = ia >> 24; 128 ret->id_auth[3] = ia >> 16; 129 ret->id_auth[4] = ia >> 8; 130 ret->id_auth[5] = ia; 131 ret->num_auths = num_sub_auths; 132 133 for (i=0;i<num_sub_auths;i++) { 134 if (sidstr[0] != '-') { 135 return false; 136 } 137 sidstr++; 138 ret->sub_auths[i] = strtoul(sidstr, &p, 10); 139 if (p == sidstr) { 140 return false; 141 } 142 sidstr = p; 143 } 144 145 return true; 219 return dom_sid_parse_endp(sidstr, ret, NULL); 146 220 } 147 221 … … 222 296 struct dom_sid *sid; 223 297 224 sid = talloc(mem_ctx, struct dom_sid);298 sid = dom_sid_dup(mem_ctx, domain_sid); 225 299 if (!sid) return NULL; 226 300 227 *sid = *domain_sid;228 229 sid->sub_auths[sid->num_auths] = rid;230 sid->num_auths++;301 if (!sid_append_rid(sid, rid)) { 302 talloc_free(sid); 303 return NULL; 304 } 231 305 232 306 return sid; … … 284 358 285 359 /* 286 convert a dom_sid to a string 287 */ 288 char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) 289 { 290 int i, ofs, maxlen; 360 Convert a dom_sid to a string, printing into a buffer. Return the 361 string length. If it overflows, return the string length that would 362 result (buflen needs to be +1 for the terminating 0). 363 */ 364 int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen) 365 { 366 int i, ofs; 291 367 uint32_t ia; 292 char *ret;293 368 294 369 if (!sid) { 295 return talloc_strdup(mem_ctx, "(NULL SID)"); 296 } 297 298 maxlen = sid->num_auths * 11 + 25; 299 ret = talloc_array(mem_ctx, char, maxlen); 300 if (!ret) return talloc_strdup(mem_ctx, "(SID ERR)"); 370 strlcpy(buf, "(NULL SID)", buflen); 371 return 10; /* strlen("(NULL SID)") */ 372 } 301 373 302 374 ia = (sid->id_auth[5]) + … … 305 377 (sid->id_auth[2] << 24); 306 378 307 ofs = snprintf( ret, maxlen, "S-%u-%lu",379 ofs = snprintf(buf, buflen, "S-%u-%lu", 308 380 (unsigned int)sid->sid_rev_num, (unsigned long)ia); 309 381 310 382 for (i = 0; i < sid->num_auths; i++) { 311 ofs += snprintf( ret + ofs, maxlen - ofs, "-%lu",383 ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "-%lu", 312 384 (unsigned long)sid->sub_auths[i]); 313 385 } 314 315 return ret; 316 } 386 return ofs; 387 } 388 389 /* 390 convert a dom_sid to a string 391 */ 392 char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) 393 { 394 char buf[DOM_SID_STR_BUFLEN]; 395 char *result; 396 int len; 397 398 len = dom_sid_string_buf(sid, buf, sizeof(buf)); 399 400 if (len+1 > sizeof(buf)) { 401 return talloc_strdup(mem_ctx, "(SID ERR)"); 402 } 403 404 /* 405 * Avoid calling strlen (via talloc_strdup), we already have 406 * the length 407 */ 408 result = (char *)talloc_memdup(mem_ctx, buf, len+1); 409 410 /* 411 * beautify the talloc_report output 412 */ 413 talloc_set_name_const(result, result); 414 return result; 415 } -
vendor/current/libcli/security/dom_sid.h
r581 r740 26 26 #include "librpc/gen_ndr/security.h" 27 27 28 /* Some well-known SIDs */ 29 extern const struct dom_sid global_sid_World_Domain; 30 extern const struct dom_sid global_sid_World; 31 extern const struct dom_sid global_sid_Creator_Owner_Domain; 32 extern const struct dom_sid global_sid_NT_Authority; 33 extern const struct dom_sid global_sid_Enterprise_DCs; 34 extern const struct dom_sid global_sid_System; 35 extern const struct dom_sid global_sid_NULL; 36 extern const struct dom_sid global_sid_Authenticated_Users; 37 extern const struct dom_sid global_sid_Network; 38 extern const struct dom_sid global_sid_Creator_Owner; 39 extern const struct dom_sid global_sid_Creator_Group; 40 extern const struct dom_sid global_sid_Anonymous; 41 extern const struct dom_sid global_sid_Builtin; 42 extern const struct dom_sid global_sid_Builtin_Administrators; 43 extern const struct dom_sid global_sid_Builtin_Users; 44 extern const struct dom_sid global_sid_Builtin_Guests; 45 extern const struct dom_sid global_sid_Builtin_Power_Users; 46 extern const struct dom_sid global_sid_Builtin_Account_Operators; 47 extern const struct dom_sid global_sid_Builtin_Server_Operators; 48 extern const struct dom_sid global_sid_Builtin_Print_Operators; 49 extern const struct dom_sid global_sid_Builtin_Backup_Operators; 50 extern const struct dom_sid global_sid_Builtin_Replicator; 51 extern const struct dom_sid global_sid_Builtin_PreWin2kAccess; 52 extern const struct dom_sid global_sid_Unix_Users; 53 extern const struct dom_sid global_sid_Unix_Groups; 54 55 int dom_sid_compare_auth(const struct dom_sid *sid1, 56 const struct dom_sid *sid2); 28 57 int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2); 58 int dom_sid_compare_domain(const struct dom_sid *sid1, 59 const struct dom_sid *sid2); 29 60 bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2); 61 bool sid_append_rid(struct dom_sid *sid, uint32_t rid); 62 bool string_to_sid(struct dom_sid *sidout, const char *sidstr); 63 bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, 64 const char **endp); 30 65 bool dom_sid_parse(const char *sidstr, struct dom_sid *ret); 31 66 struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr); … … 39 74 bool dom_sid_in_domain(const struct dom_sid *domain_sid, 40 75 const struct dom_sid *sid); 76 77 #define DOM_SID_STR_BUFLEN (15*11+25) 78 int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen); 41 79 char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); 42 80 43 #ifndef MAXSUBAUTHS 44 #define MAXSUBAUTHS 15 /* max sub authorities in a SID */ 45 #endif 81 82 const char *sid_type_lookup(uint32_t sid_type); 83 const struct security_token *get_system_token(void); 84 bool sid_compose(struct dom_sid *dst, const struct dom_sid *domain_sid, uint32_t rid); 85 bool sid_split_rid(struct dom_sid *sid, uint32_t *rid); 86 bool sid_peek_rid(const struct dom_sid *sid, uint32_t *rid); 87 bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32_t *rid); 88 void sid_copy(struct dom_sid *dst, const struct dom_sid *src); 89 bool sid_blob_parse(DATA_BLOB in, struct dom_sid *sid); 90 bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid); 91 int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2); 92 bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2); 93 NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, 94 struct dom_sid **sids, uint32_t *num); 95 NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, 96 struct dom_sid **sids, uint32_t *num_sids); 97 void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, 98 uint32_t *num); 99 bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx, 100 uint32_t rid, uint32_t **pp_rids, size_t *p_num); 101 bool is_null_sid(const struct dom_sid *sid); 46 102 47 103 #endif /*_DOM_SID_H_*/ -
vendor/current/libcli/security/secace.c
r414 r740 23 23 #include "includes.h" 24 24 #include "librpc/gen_ndr/ndr_security.h" 25 #include "libcli/security/dom_sid.h" 25 #include "libcli/security/security.h" 26 #include "lib/util/tsort.h" 26 27 27 28 #define SEC_ACE_HEADER_SIZE (2 * sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint32_t)) … … 44 45 * copy a struct security_ace structure. 45 46 */ 46 void sec_ace_copy(struct security_ace *ace_dest, struct security_ace *ace_src)47 void sec_ace_copy(struct security_ace *ace_dest, const struct security_ace *ace_src) 47 48 { 48 49 ace_dest->type = ace_src->type; … … 63 64 t->type = type; 64 65 t->flags = flag; 65 t->size = ndr_size_dom_sid(sid, NULL,0) + 8;66 t->size = ndr_size_dom_sid(sid, 0) + 8; 66 67 t->access_mask = mask; 67 68 … … 73 74 ********************************************************************/ 74 75 75 NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, struct dom_sid *sid, uint32_t mask)76 NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, const struct dom_sid *sid, uint32_t mask) 76 77 { 77 78 unsigned int i = 0; … … 89 90 (*pp_new)[i].type = SEC_ACE_TYPE_ACCESS_ALLOWED; 90 91 (*pp_new)[i].flags = 0; 91 (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + ndr_size_dom_sid(sid, NULL,0);92 (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + ndr_size_dom_sid(sid, 0); 92 93 (*pp_new)[i].access_mask = mask; 93 94 (*pp_new)[i].trustee = *sid; … … 99 100 ********************************************************************/ 100 101 101 NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, struct dom_sid *sid, uint32_t mask)102 NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, const struct dom_sid *sid, uint32_t mask) 102 103 { 103 104 unsigned int i = 0; … … 118 119 ********************************************************************/ 119 120 120 NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, uint32_t *num, struct dom_sid *sid)121 NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, uint32_t *num, const struct dom_sid *sid) 121 122 { 122 123 unsigned int i = 0; … … 150 151 ********************************************************************/ 151 152 152 bool sec_ace_equal( struct security_ace *s1,struct security_ace *s2)153 bool sec_ace_equal(const struct security_ace *s1, const struct security_ace *s2) 153 154 { 154 155 /* Trivial case */ … … 178 179 } 179 180 180 int nt_ace_inherit_comp( struct security_ace *a1,struct security_ace *a2)181 int nt_ace_inherit_comp(const struct security_ace *a1, const struct security_ace *a2) 181 182 { 182 183 int a1_inh = a1->flags & SEC_ACE_FLAG_INHERITED_ACE; … … 195 196 *******************************************************************/ 196 197 197 int nt_ace_canon_comp( struct security_ace *a1,struct security_ace *a2)198 int nt_ace_canon_comp( const struct security_ace *a1, const struct security_ace *a2) 198 199 { 199 200 if ((a1->type == SEC_ACE_TYPE_ACCESS_DENIED) && … … 258 259 259 260 /* Sort so that non-inherited ACE's come first. */ 260 qsort( srclist, num_aces, sizeof(srclist[0]), QSORT_CASTnt_ace_inherit_comp);261 TYPESAFE_QSORT(srclist, num_aces, nt_ace_inherit_comp); 261 262 262 263 /* Find the boundary between non-inherited ACEs. */ … … 271 272 272 273 /* Sort the non-inherited ACEs. */ 273 if (i) 274 qsort( srclist, i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); 274 TYPESAFE_QSORT(srclist, i, nt_ace_canon_comp); 275 275 276 276 /* Now sort the inherited ACEs. */ 277 if (num_aces - i) 278 qsort( &srclist[i], num_aces - i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); 279 } 280 281 277 TYPESAFE_QSORT(&srclist[i], num_aces - i, nt_ace_canon_comp); 278 } 279 280 -
vendor/current/libcli/security/secace.h
r414 r740 25 25 26 26 bool sec_ace_object(uint8_t type); 27 void sec_ace_copy(struct security_ace *ace_dest, struct security_ace *ace_src);27 void sec_ace_copy(struct security_ace *ace_dest, const struct security_ace *ace_src); 28 28 void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type, 29 29 uint32_t mask, uint8_t flag); 30 NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, struct dom_sid *sid, uint32_t mask);31 NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, struct dom_sid *sid, uint32_t mask);32 NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, uint32_t *num, struct dom_sid *sid);33 bool sec_ace_equal( struct security_ace *s1,struct security_ace *s2);34 int nt_ace_inherit_comp( struct security_ace *a1,struct security_ace *a2);35 int nt_ace_canon_comp( struct security_ace *a1,struct security_ace *a2);30 NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, const struct dom_sid *sid, uint32_t mask); 31 NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, const struct dom_sid *sid, uint32_t mask); 32 NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, uint32_t *num, const struct dom_sid *sid); 33 bool sec_ace_equal(const struct security_ace *s1, const struct security_ace *s2); 34 int nt_ace_inherit_comp( const struct security_ace *a1, const struct security_ace *a2); 35 int nt_ace_canon_comp( const struct security_ace *a1, const struct security_ace *a2); 36 36 void dacl_sort_into_canonical_order(struct security_ace *srclist, unsigned int num_aces); 37 37 -
vendor/current/libcli/security/secacl.c
r414 r740 24 24 #include "librpc/gen_ndr/ndr_security.h" 25 25 #include "libcli/security/secace.h" 26 #include "libcli/security/secacl.h" 26 27 27 28 #define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16_t) + sizeof(uint32_t)) … … 76 77 return make_sec_acl(ctx, src->revision, src->num_aces, src->aces); 77 78 } 78 79 /*******************************************************************80 Compares two SEC_ACL structures81 ********************************************************************/82 83 bool sec_acl_equal(struct security_acl *s1, struct security_acl *s2)84 {85 unsigned int i, j;86 87 /* Trivial cases */88 89 if (!s1 && !s2) return true;90 if (!s1 || !s2) return false;91 92 /* Check top level stuff */93 94 if (s1->revision != s2->revision) {95 DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n",96 s1->revision, s2->revision));97 return false;98 }99 100 if (s1->num_aces != s2->num_aces) {101 DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n",102 s1->revision, s2->revision));103 return false;104 }105 106 /* The ACEs could be in any order so check each ACE in s1 against107 each ACE in s2. */108 109 for (i = 0; i < s1->num_aces; i++) {110 bool found = false;111 112 for (j = 0; j < s2->num_aces; j++) {113 if (sec_ace_equal(&s1->aces[i], &s2->aces[j])) {114 found = true;115 break;116 }117 }118 119 if (!found) return false;120 }121 122 return true;123 } -
vendor/current/libcli/security/secacl.h
r414 r740 27 27 int num_aces, struct security_ace *ace_list); 28 28 struct security_acl *dup_sec_acl(TALLOC_CTX *ctx, struct security_acl *src); 29 bool sec_acl_equal(struct security_acl *s1, struct security_acl *s2);30 29 31 30 -
vendor/current/libcli/security/security_descriptor.c
r414 r740 21 21 22 22 #include "includes.h" 23 #include "libcli/security/security_descriptor.h" 24 #include "libcli/security/dom_sid.h" 23 #include "libcli/security/security.h" 25 24 26 25 /* … … 56 55 struct security_acl *nacl; 57 56 57 if (oacl == NULL) { 58 return NULL; 59 } 60 58 61 nacl = talloc (mem_ctx, struct security_acl); 59 62 if (nacl == NULL) { … … 83 86 { 84 87 struct security_acl *nacl; 85 int i;88 uint32_t i; 86 89 87 90 if (!acl1 && !acl2) … … 268 271 const struct dom_sid *trustee) 269 272 { 270 int i;273 uint32_t i; 271 274 bool found = false; 272 275 struct security_acl *acl = NULL; … … 362 365 const struct security_acl *acl2) 363 366 { 364 int i;367 uint32_t i; 365 368 366 369 if (acl1 == acl2) return true; -
vendor/current/libcli/security/security_descriptor.h
r414 r740 69 69 const struct security_acl *acl2); 70 70 71 uint32_t map_generic_rights_ds(uint32_t access_mask); 72 73 struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx, 74 struct security_descriptor *parent_sd, 75 struct security_descriptor *creator_sd, 76 bool is_container, 77 struct GUID *object_list, 78 uint32_t inherit_flags, 79 struct security_token *token, 80 struct dom_sid *default_owner, /* valid only for DS, NULL for the other RSs */ 81 struct dom_sid *default_group, /* valid only for DS, NULL for the other RSs */ 82 uint32_t (*generic_map)(uint32_t access_mask)); 83 71 84 #endif /* __SECURITY_DESCRIPTOR_H__ */
Note:
See TracChangeset
for help on using the changeset viewer.
