1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

libcli/security: make sddl_encode_sid an external function

Mirroring the last commit for sddl_decode_sid, we want to be able to
encode SIDs from sibling source files.

The dom_sid functions are insufficient for this because they don't know
the SDDL short aliases, like "WD".

sddl_transition_encode_sid() is used internally.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-07-21 16:40:38 +12:00 committed by Andrew Bartlett
parent 6d012757a0
commit 2bf404eb5a
2 changed files with 25 additions and 5 deletions

View File

@ -784,7 +784,7 @@ failed:
/*
encode a sid in SDDL format
*/
static char *sddl_encode_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
static char *sddl_transition_encode_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
struct sddl_transition_state *state)
{
bool in_machine = dom_sid_in_domain(state->machine_sid, sid);
@ -830,6 +830,23 @@ static char *sddl_encode_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
return talloc_strdup(mem_ctx, sidstr);
}
char *sddl_encode_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
const struct dom_sid *domain_sid)
{
struct sddl_transition_state state = {
/*
* TODO: verify .machine_rid values really belong to
* to the machine_sid on a member, once
* we pass machine_sid from the caller...
*/
.machine_sid = domain_sid,
.domain_sid = domain_sid,
.forest_sid = domain_sid,
};
return sddl_transition_encode_sid(mem_ctx, sid, &state);
}
/*
encode an ACE in SDDL format
@ -890,7 +907,7 @@ static char *sddl_transition_encode_ace(TALLOC_CTX *mem_ctx, const struct securi
}
}
sddl_trustee = sddl_encode_sid(tmp_ctx, &ace->trustee, state);
sddl_trustee = sddl_transition_encode_sid(tmp_ctx, &ace->trustee, state);
if (sddl_trustee == NULL) {
goto failed;
}
@ -976,14 +993,14 @@ char *sddl_encode(TALLOC_CTX *mem_ctx, const struct security_descriptor *sd,
tmp_ctx = talloc_new(mem_ctx);
if (sd->owner_sid != NULL) {
char *sid = sddl_encode_sid(tmp_ctx, sd->owner_sid, &state);
char *sid = sddl_transition_encode_sid(tmp_ctx, sd->owner_sid, &state);
if (sid == NULL) goto failed;
sddl = talloc_asprintf_append_buffer(sddl, "O:%s", sid);
if (sddl == NULL) goto failed;
}
if (sd->group_sid != NULL) {
char *sid = sddl_encode_sid(tmp_ctx, sd->group_sid, &state);
char *sid = sddl_transition_encode_sid(tmp_ctx, sd->group_sid, &state);
if (sid == NULL) goto failed;
sddl = talloc_asprintf_append_buffer(sddl, "G:%s", sid);
if (sddl == NULL) goto failed;

View File

@ -33,4 +33,7 @@ char *sddl_encode_ace(TALLOC_CTX *mem_ctx, const struct security_ace *ace,
struct dom_sid *sddl_decode_sid(TALLOC_CTX *mem_ctx, const char **sddlp,
const struct dom_sid *domain_sid);
char *sddl_encode_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
const struct dom_sid *domain_sid);
#endif /* __SDDL_H__ */