public/admc
1
0
Fork 0
mirror of https://github.com/altlinux/admc.git synced 2025-01-18 02:04:36 +03:00
Code Issues Projects Releases Wiki Activity

Add security rights generation functions

Browse Source 
These functions get security right list, that is used to make
corresponding security descriptor ACEs (e.g. child object
creation/deletion ACE).
This commit is contained in:
Semyon Knyazev 2024-09-19 02:30:09 +04:00
parent e9ccdb843d
commit 3c3bd48bfe
2 changed files with 101 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
src/adldap/ad_security.cpp
View File

@ -1173,3 +1173,98 @@ QList<SecurityRight> ad_security_get_extended_rights_for_class(AdConfig *adconfi
return out;
}
QList<SecurityRight> creation_deletion_rights_for_class(AdConfig *adconfig, const QString &obj_class) {
const QByteArray obj_class_guid = adconfig->guid_from_class(obj_class);
if (obj_class_guid.isEmpty()) {
return QList<SecurityRight>();
}
const QList<SecurityRight> rights = {
SecurityRight {
SEC_ADS_CREATE_CHILD,
obj_class_guid,
QByteArray(),
SEC_ACE_FLAG_CONTAINER_INHERIT
},
SecurityRight {
SEC_ADS_DELETE_CHILD,
obj_class_guid,
QByteArray(),
SEC_ACE_FLAG_CONTAINER_INHERIT
}
};
return rights;
}
QList<SecurityRight> control_children_class_right(AdConfig *adconfig, const QString &obj_class) {
const QByteArray obj_class_guid = adconfig->guid_from_class(obj_class);
const QList<SecurityRight> rights = {
SecurityRight {
SEC_ADS_GENERIC_ALL,
QByteArray(),
obj_class_guid,
SEC_ACE_FLAG_CONTAINER_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY
}
};
return rights;
}
QList<SecurityRight> children_class_read_write_prop_rights(AdConfig *adconfig, const QString &obj_class, const QString &attribute) {
const QByteArray obj_class_guid = adconfig->guid_from_class(obj_class);
const QByteArray property_guid = adconfig->attribute_to_guid(attribute);
const QList<SecurityRight> rights = {
SecurityRight {
SEC_ADS_READ_PROP,
property_guid,
obj_class_guid,
SEC_ACE_FLAG_CONTAINER_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY
},
SecurityRight {
SEC_ADS_WRITE_PROP,
property_guid,
obj_class_guid,
SEC_ACE_FLAG_CONTAINER_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY
}
};
return rights;
}
QList<SecurityRight> read_all_children_class_info_rights(AdConfig *adconfig, const QString &obj_class) {
const QByteArray obj_class_guid = adconfig->guid_from_class(obj_class);
const QList<SecurityRight> rights = {
SecurityRight {
SEC_ADS_READ_PROP,
QByteArray(),
obj_class_guid,
SEC_ACE_FLAG_CONTAINER_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY
}
};
return rights;
}
QList<SecurityRight> read_write_property_rights(AdConfig *adconfig, const QString &attribute) {
const QByteArray property_guid = adconfig->attribute_to_guid(attribute);
const QList<SecurityRight> rights = {
SecurityRight {
SEC_ADS_READ_PROP,
property_guid,
QByteArray(),
SEC_ACE_FLAG_CONTAINER_INHERIT
},
SecurityRight {
SEC_ADS_WRITE_PROP,
property_guid,
QByteArray(),
SEC_ACE_FLAG_CONTAINER_INHERIT
}
};
return rights;
}

6
src/adldap/ad_security.h
View File

@ -121,4 +121,10 @@ QList<SecurityRight> ad_security_get_extended_rights_for_class(AdConfig *adconfi
QList<SecurityRight> ad_security_get_superior_right_list(const SecurityRight &right);
QList<SecurityRight> ad_security_get_subordinate_right_list(AdConfig *adconfig, const SecurityRight &right, const QList<QString> &class_list);
QList<SecurityRight> creation_deletion_rights_for_class(AdConfig *adconfig, const QString &obj_class);
QList<SecurityRight> control_children_class_right(AdConfig *adconfig, const QString &obj_class);
QList<SecurityRight> children_class_read_write_prop_rights(AdConfig *adconfig, const QString &obj_class, const QString &attribute);
QList<SecurityRight> read_all_children_class_info_rights(AdConfig *adconfig, const QString &obj_class);
QList<SecurityRight> read_write_property_rights(AdConfig *adconfig, const QString &attribute);
#endif /* AD_SECURITY_H */