mirror of
https://github.com/altlinux/admc.git
synced 2024-10-26 08:55:21 +03:00
Update ace compare samba source
Update libsmb_xattr source with ace_compare() method for samba 4.20 compatibility
This commit is contained in:
parent
0aeaa43e1c
commit
27f0f14c04
1
.gitignore
vendored
1
.gitignore
vendored
@ -9,4 +9,5 @@ src/adldap/samba/dom_sid.c
|
||||
src/adldap/samba/dom_sid.h
|
||||
src/adldap/samba/ndr_security.c
|
||||
src/adldap/samba/ndr_security.h
|
||||
src/adldap/samba/libsmb_xattr.c
|
||||
|
||||
|
138
src/adldap/samba/src_4_20/libsmb_xattr.c
Normal file
138
src/adldap/samba/src_4_20/libsmb_xattr.c
Normal file
@ -0,0 +1,138 @@
|
||||
/*
|
||||
Unix SMB/Netbios implementation.
|
||||
SMB client library implementation
|
||||
Copyright (C) Andrew Tridgell 1998
|
||||
Copyright (C) Richard Sharpe 2000, 2002
|
||||
Copyright (C) John Terpstra 2000
|
||||
Copyright (C) Tom Jansen (Ninja ISD) 2002
|
||||
Copyright (C) Derrell Lipman 2003-2008
|
||||
Copyright (C) Jeremy Allison 2007, 2008
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/*
|
||||
* This file is a copy of private samba sources. Parts of it
|
||||
* were removed or edited.
|
||||
*/
|
||||
|
||||
#include "samba/dom_sid.h"
|
||||
|
||||
#include "samba/security_descriptor.h"
|
||||
|
||||
#include <ndr.h>
|
||||
#include <gen_ndr/security.h>
|
||||
#include <string.h>
|
||||
|
||||
#define NUMERIC_CMP(a, b) (((a) > (b)) - ((a) < (b)))
|
||||
|
||||
/*
|
||||
* Sort ACEs according to the documentation at
|
||||
* http://support.microsoft.com/kb/269175, at least as far as it defines the
|
||||
* order.
|
||||
*/
|
||||
|
||||
int ace_compare(void const *ace1_ptr,
|
||||
void const *ace2_ptr)
|
||||
{
|
||||
const struct security_ace *ace1 = ace1_ptr;
|
||||
const struct security_ace *ace2 = ace2_ptr;
|
||||
|
||||
bool b1;
|
||||
bool b2;
|
||||
|
||||
/* If the ACEs are equal, we have nothing more to do. */
|
||||
if (security_ace_equal(ace1, ace2)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Inherited follow non-inherited */
|
||||
b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
|
||||
b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
|
||||
if (b1 != b2) {
|
||||
return (b1 ? 1 : -1);
|
||||
}
|
||||
|
||||
/*
|
||||
* What shall we do with AUDITs and ALARMs? It's undefined. We'll
|
||||
* sort them after DENY and ALLOW.
|
||||
*/
|
||||
b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
|
||||
ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
|
||||
ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
|
||||
ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
|
||||
b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
|
||||
ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
|
||||
ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
|
||||
ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
|
||||
if (b1 != b2) {
|
||||
return (b1 ? 1 : -1);
|
||||
}
|
||||
|
||||
/* Allowed ACEs follow denied ACEs */
|
||||
b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
|
||||
ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
|
||||
b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
|
||||
ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
|
||||
if (b1 != b2) {
|
||||
return (b1 ? 1 : -1);
|
||||
}
|
||||
|
||||
/*
|
||||
* ACEs applying to an entity's object follow those applying to the
|
||||
* entity itself
|
||||
*/
|
||||
b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
|
||||
ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
|
||||
b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
|
||||
ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
|
||||
if (b1 != b2) {
|
||||
return (b1 ? 1 : -1);
|
||||
}
|
||||
|
||||
/*
|
||||
* If we get this far, the ACEs are similar as far as the
|
||||
* characteristics we typically care about (those defined by the
|
||||
* referenced MS document). We'll now sort by characteristics that
|
||||
* just seems reasonable.
|
||||
*/
|
||||
|
||||
if (ace1->type != ace2->type) {
|
||||
/*
|
||||
* ace2 and ace1 are reversed here, so that
|
||||
* ACCESS_DENIED_ACE_TYPE (1) sorts before
|
||||
* ACCESS_ALLOWED_ACE_TYPE (0), which is the order you
|
||||
* usually want.
|
||||
*/
|
||||
return NUMERIC_CMP(ace2->type, ace1->type);
|
||||
}
|
||||
|
||||
if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
|
||||
return dom_sid_compare(&ace1->trustee, &ace2->trustee);
|
||||
}
|
||||
|
||||
if (ace1->flags != ace2->flags) {
|
||||
return NUMERIC_CMP(ace1->flags, ace2->flags);
|
||||
}
|
||||
|
||||
if (ace1->access_mask != ace2->access_mask) {
|
||||
return NUMERIC_CMP(ace1->access_mask, ace2->access_mask);
|
||||
}
|
||||
|
||||
if (ace1->size != ace2->size) {
|
||||
return NUMERIC_CMP(ace1->size, ace2->size);
|
||||
}
|
||||
|
||||
return memcmp(ace1, ace2, sizeof(struct security_ace));
|
||||
}
|
Loading…
Reference in New Issue
Block a user