2003-10-06 01:24:48 +00:00
/*
* Unix SMB / Netbios implementation .
* SEC_ACL handling routines
* Copyright ( C ) Andrew Tridgell 1992 - 1998 ,
* Copyright ( C ) Jeremy R . Allison 1995 - 2003.
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1998 ,
* Copyright ( C ) Paul Ashton 1997 - 1998.
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
* the Free Software Foundation ; either version 3 of the License , or
2003-10-06 01:24:48 +00:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 05:23:25 +00:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2003-10-06 01:24:48 +00:00
*/
# include "includes.h"
2009-03-02 08:55:00 +01:00
# include "librpc/gen_ndr/ndr_security.h"
2009-03-02 12:05:43 +01:00
# include "libcli/security/secace.h"
2009-03-01 18:15:36 +01:00
# define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16_t) + sizeof(uint32_t))
2003-10-06 01:24:48 +00:00
/*******************************************************************
Create a SEC_ACL structure .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-03-01 18:15:36 +01:00
struct security_acl * make_sec_acl ( TALLOC_CTX * ctx ,
enum security_acl_revision revision ,
int num_aces , struct security_ace * ace_list )
2003-10-06 01:24:48 +00:00
{
2009-03-01 18:15:36 +01:00
struct security_acl * dst ;
2003-10-06 01:24:48 +00:00
int i ;
2009-03-01 18:15:36 +01:00
if ( ( dst = talloc_zero ( ctx , struct security_acl ) ) = = NULL )
2003-10-06 01:24:48 +00:00
return NULL ;
dst - > revision = revision ;
dst - > num_aces = num_aces ;
dst - > size = SEC_ACL_HEADER_SIZE ;
/* Now we need to return a non-NULL address for the ace list even
if the number of aces required is zero . This is because there
is a distinct difference between a NULL ace and an ace with zero
entries in it . This is achieved by checking that num_aces is a
positive number . */
if ( ( num_aces ) & &
2009-07-14 18:34:07 +02:00
( ( dst - > aces = talloc_array ( dst , struct security_ace , num_aces ) )
2003-10-06 01:24:48 +00:00
= = NULL ) ) {
return NULL ;
}
for ( i = 0 ; i < num_aces ; i + + ) {
2006-09-20 22:23:12 +00:00
dst - > aces [ i ] = ace_list [ i ] ; /* Structure copy. */
2003-10-06 01:24:48 +00:00
dst - > size + = ace_list [ i ] . size ;
}
return dst ;
}
/*******************************************************************
Duplicate a SEC_ACL structure .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-03-01 18:15:36 +01:00
struct security_acl * dup_sec_acl ( TALLOC_CTX * ctx , struct security_acl * src )
2003-10-06 01:24:48 +00:00
{
if ( src = = NULL )
return NULL ;
2006-09-20 22:23:12 +00:00
return make_sec_acl ( ctx , src - > revision , src - > num_aces , src - > aces ) ;
2003-10-06 01:24:48 +00:00
}
/*******************************************************************
Compares two SEC_ACL structures
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-03-01 18:15:36 +01:00
bool sec_acl_equal ( struct security_acl * s1 , struct security_acl * s2 )
2003-10-06 01:24:48 +00:00
{
unsigned int i , j ;
/* Trivial cases */
2009-03-01 18:15:36 +01:00
if ( ! s1 & & ! s2 ) return true ;
if ( ! s1 | | ! s2 ) return false ;
2003-10-06 01:24:48 +00:00
/* Check top level stuff */
if ( s1 - > revision ! = s2 - > revision ) {
DEBUG ( 10 , ( " sec_acl_equal(): revision differs (%d != %d) \n " ,
s1 - > revision , s2 - > revision ) ) ;
2009-03-01 18:15:36 +01:00
return false ;
2003-10-06 01:24:48 +00:00
}
if ( s1 - > num_aces ! = s2 - > num_aces ) {
DEBUG ( 10 , ( " sec_acl_equal(): num_aces differs (%d != %d) \n " ,
s1 - > revision , s2 - > revision ) ) ;
2009-03-01 18:15:36 +01:00
return false ;
2003-10-06 01:24:48 +00:00
}
/* The ACEs could be in any order so check each ACE in s1 against
each ACE in s2 . */
for ( i = 0 ; i < s1 - > num_aces ; i + + ) {
2009-03-01 18:15:36 +01:00
bool found = false ;
2003-10-06 01:24:48 +00:00
for ( j = 0 ; j < s2 - > num_aces ; j + + ) {
2006-09-20 22:23:12 +00:00
if ( sec_ace_equal ( & s1 - > aces [ i ] , & s2 - > aces [ j ] ) ) {
2009-03-01 18:15:36 +01:00
found = true ;
2003-10-06 01:24:48 +00:00
break ;
}
}
2009-03-01 18:15:36 +01:00
if ( ! found ) return false ;
2003-10-06 01:24:48 +00:00
}
2009-03-01 18:15:36 +01:00
return true ;
2003-10-06 01:24:48 +00:00
}