2003-10-06 05:24:48 +04:00
/*
* Unix SMB / Netbios implementation .
* SEC_ACL handling routines
* Copyright ( C ) Andrew Tridgell 1992 - 1998 ,
* Copyright ( C ) Jeremy R . Allison 1995 - 2003.
* Copyright ( C ) Luke Kenneth Casson Leighton 1996 - 1998 ,
* Copyright ( C ) Paul Ashton 1997 - 1998.
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2003-10-06 05:24:48 +04:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2003-10-06 05:24:48 +04:00
*/
# include "includes.h"
/*******************************************************************
Create a SEC_ACL structure .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-12-21 00:27:01 +03:00
SEC_ACL * make_sec_acl ( TALLOC_CTX * ctx , enum security_acl_revision revision ,
int num_aces , SEC_ACE * ace_list )
2003-10-06 05:24:48 +04:00
{
SEC_ACL * dst ;
int i ;
2004-12-07 21:25:53 +03:00
if ( ( dst = TALLOC_ZERO_P ( ctx , SEC_ACL ) ) = = NULL )
2003-10-06 05:24:48 +04:00
return NULL ;
dst - > revision = revision ;
dst - > num_aces = num_aces ;
dst - > size = SEC_ACL_HEADER_SIZE ;
/* Now we need to return a non-NULL address for the ace list even
if the number of aces required is zero . This is because there
is a distinct difference between a NULL ace and an ace with zero
entries in it . This is achieved by checking that num_aces is a
positive number . */
if ( ( num_aces ) & &
2006-09-21 02:23:12 +04:00
( ( dst - > aces = TALLOC_ARRAY ( ctx , SEC_ACE , num_aces ) )
2003-10-06 05:24:48 +04:00
= = NULL ) ) {
return NULL ;
}
for ( i = 0 ; i < num_aces ; i + + ) {
2006-09-21 02:23:12 +04:00
dst - > aces [ i ] = ace_list [ i ] ; /* Structure copy. */
2003-10-06 05:24:48 +04:00
dst - > size + = ace_list [ i ] . size ;
}
return dst ;
}
/*******************************************************************
Duplicate a SEC_ACL structure .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
SEC_ACL * dup_sec_acl ( TALLOC_CTX * ctx , SEC_ACL * src )
{
if ( src = = NULL )
return NULL ;
2006-09-21 02:23:12 +04:00
return make_sec_acl ( ctx , src - > revision , src - > num_aces , src - > aces ) ;
2003-10-06 05:24:48 +04:00
}
/*******************************************************************
Compares two SEC_ACL structures
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-10-19 04:40:25 +04:00
bool sec_acl_equal ( SEC_ACL * s1 , SEC_ACL * s2 )
2003-10-06 05:24:48 +04:00
{
unsigned int i , j ;
/* Trivial cases */
if ( ! s1 & & ! s2 ) return True ;
if ( ! s1 | | ! s2 ) return False ;
/* Check top level stuff */
if ( s1 - > revision ! = s2 - > revision ) {
DEBUG ( 10 , ( " sec_acl_equal(): revision differs (%d != %d) \n " ,
s1 - > revision , s2 - > revision ) ) ;
return False ;
}
if ( s1 - > num_aces ! = s2 - > num_aces ) {
DEBUG ( 10 , ( " sec_acl_equal(): num_aces differs (%d != %d) \n " ,
s1 - > revision , s2 - > revision ) ) ;
return False ;
}
/* The ACEs could be in any order so check each ACE in s1 against
each ACE in s2 . */
for ( i = 0 ; i < s1 - > num_aces ; i + + ) {
2007-10-19 04:40:25 +04:00
bool found = False ;
2003-10-06 05:24:48 +04:00
for ( j = 0 ; j < s2 - > num_aces ; j + + ) {
2006-09-21 02:23:12 +04:00
if ( sec_ace_equal ( & s1 - > aces [ i ] , & s2 - > aces [ j ] ) ) {
2003-10-06 05:24:48 +04:00
found = True ;
break ;
}
}
if ( ! found ) return False ;
}
return True ;
}