2023-06-29 15:16:20 +12:00
/*
* Unix SMB implementation .
* Utility functions for converting between claims formats .
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
*/
2023-07-20 15:45:35 +12:00
# ifndef LIBCLI_SECURITY_CLAIMS_CONVERSIONS_H
# define LIBCLI_SECURITY_CLAIMS_CONVERSIONS_H
2023-06-29 15:16:20 +12:00
2023-07-20 15:46:33 +12:00
# include "replace.h"
# include <talloc.h>
2023-09-21 15:16:20 +12:00
# include "libcli/util/ntstatus.h"
2023-07-20 15:46:33 +12:00
2023-09-21 15:16:20 +12:00
struct CLAIMS_SET ;
2023-07-20 15:46:33 +12:00
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 ;
struct ace_condition_token ;
struct security_token ;
2023-06-29 15:16:20 +12:00
bool claim_v1_to_ace_token ( TALLOC_CTX * mem_ctx ,
const struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 * claim ,
struct ace_condition_token * result ) ;
bool ace_token_to_claim_v1 ( TALLOC_CTX * mem_ctx ,
const char * name ,
2023-07-20 15:44:49 +12:00
const struct ace_condition_token * tok ,
2023-06-29 15:16:20 +12:00
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 * * claim ,
uint32_t flags ) ;
bool add_claim_to_token ( TALLOC_CTX * mem_ctx ,
struct security_token * token ,
2023-07-20 15:44:49 +12:00
const struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 * claim ,
2023-06-29 15:16:20 +12:00
const char * claim_type ) ;
2023-07-20 15:45:35 +12:00
2023-09-21 15:16:20 +12:00
NTSTATUS token_claims_to_claims_v1 ( TALLOC_CTX * mem_ctx ,
const struct CLAIMS_SET * claims_set ,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 * * out_claims ,
uint32_t * out_n_claims ) ;
libcli/security: separate out claim_v1_to_ace_composite_unchecked()
For SDDL Resource ACE conversions we don't want to check too much
claim validity so that a semi-invalid ACE can round-trip through
deserialisation and serialisation. This is because Windows allows it,
but also because if the check puts the values in a sorted order that
makes the round-trip less round (that is, the return string is
semantically the same but possibly different in byte order).
The validity we're talking about is mostly uniqueness. For example
`S:(RA;;;;;WD;("foo",TU,0,7,5,7))` has two 7s, and that would be
invalid as a claim, but this is not checked while in ACE form.
On the other hand `S:(RA;;;;;WD;("foo",TU,0,3,2))` is valid, but the
return string will have 3 and 2 reversed when the check is made. We
prefer the ACE to stay the same while it is just being an ACE.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-17 13:58:12 +13:00
bool claim_v1_to_ace_composite_unchecked ( TALLOC_CTX * mem_ctx ,
const struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 * claim ,
struct ace_condition_token * result ) ;
2023-11-22 11:07:29 +13:00
NTSTATUS claim_v1_check_and_sort (
TALLOC_CTX * mem_ctx ,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 * claim ,
bool case_sensitive ) ;
2023-07-20 15:45:35 +12:00
# endif /* LIBCLI_SECURITY_CLAIMS_CONVERSIONS_H */