1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libsecurity: Simplify struct ace_condition_script

We only need the stack temporarily, no reason to put it in the struct

Signed-off-by: Volker Lendecke <vl@samba.org>
Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep  6 14:23:58 UTC 2024 on atb-devel-224
This commit is contained in:
Volker Lendecke 2024-09-04 17:13:44 +02:00 committed by Stefan Metzmacher
parent 7bd8234152
commit 5ad8536ec7
3 changed files with 33 additions and 34 deletions

View File

@ -706,17 +706,6 @@ struct ace_condition_script *parse_conditional_ace(TALLOC_CTX *mem_ctx,
if (program->tokens == NULL) { if (program->tokens == NULL) {
goto fail; goto fail;
} }
/*
* When interpreting the program we will need a stack, which in the
* very worst case can be as deep as the program is long.
*/
program->stack = talloc_array(program,
struct ace_condition_token,
program->length + 1);
if (program->stack == NULL) {
goto fail;
}
return program; return program;
fail: fail:
talloc_free(program); talloc_free(program);
@ -2218,8 +2207,20 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
struct ace_condition_token *lhs = NULL; struct ace_condition_token *lhs = NULL;
struct ace_condition_token *rhs = NULL; struct ace_condition_token *rhs = NULL;
struct ace_condition_token result = {}; struct ace_condition_token result = {};
struct ace_condition_token *stack = NULL;
bool ok; bool ok;
/*
* When interpreting the program we will need a stack, which in the
* very worst case can be as deep as the program is long.
*/
stack = talloc_array(mem_ctx,
struct ace_condition_token,
program->length + 1);
if (stack == NULL) {
goto error;
}
for (i = 0; i < program->length; i++) { for (i = 0; i < program->length; i++) {
struct ace_condition_token *tok = &program->tokens[i]; struct ace_condition_token *tok = &program->tokens[i];
switch (tok->type) { switch (tok->type) {
@ -2232,7 +2233,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
case CONDITIONAL_ACE_TOKEN_SID: case CONDITIONAL_ACE_TOKEN_SID:
case CONDITIONAL_ACE_TOKEN_COMPOSITE: case CONDITIONAL_ACE_TOKEN_COMPOSITE:
/* just plonk these literals on the stack */ /* just plonk these literals on the stack */
program->stack[depth] = *tok; stack[depth] = *tok;
depth++; depth++;
break; break;
@ -2243,7 +2244,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
if (! ok) { if (! ok) {
goto error; goto error;
} }
program->stack[depth] = result; stack[depth] = result;
depth++; depth++;
break; break;
@ -2255,7 +2256,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
if (! ok) { if (! ok) {
goto error; goto error;
} }
program->stack[depth] = result; stack[depth] = result;
depth++; depth++;
break; break;
@ -2271,12 +2272,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
goto error; goto error;
} }
depth--; depth--;
lhs = &program->stack[depth]; lhs = &stack[depth];
ok = member_lookup(token, tok, lhs, &result); ok = member_lookup(token, tok, lhs, &result);
if (! ok) { if (! ok) {
goto error; goto error;
} }
program->stack[depth] = result; stack[depth] = result;
depth++; depth++;
break; break;
/* binary relational operators */ /* binary relational operators */
@ -2294,14 +2295,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
goto error; goto error;
} }
depth--; depth--;
rhs = &program->stack[depth]; rhs = &stack[depth];
depth--; depth--;
lhs = &program->stack[depth]; lhs = &stack[depth];
ok = relational_operator(token, tok, lhs, rhs, &result); ok = relational_operator(token, tok, lhs, rhs, &result);
if (! ok) { if (! ok) {
goto error; goto error;
} }
program->stack[depth] = result; stack[depth] = result;
depth++; depth++;
break; break;
/* unary logical operators */ /* unary logical operators */
@ -2312,12 +2313,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
goto error; goto error;
} }
depth--; depth--;
lhs = &program->stack[depth]; lhs = &stack[depth];
ok = unary_logic_operator(mem_ctx, token, tok, lhs, sd, &result); ok = unary_logic_operator(mem_ctx, token, tok, lhs, sd, &result);
if (!ok) { if (!ok) {
goto error; goto error;
} }
program->stack[depth] = result; stack[depth] = result;
depth++; depth++;
break; break;
/* binary logical operators */ /* binary logical operators */
@ -2327,14 +2328,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
goto error; goto error;
} }
depth--; depth--;
rhs = &program->stack[depth]; rhs = &stack[depth];
depth--; depth--;
lhs = &program->stack[depth]; lhs = &stack[depth];
ok = binary_logic_operator(token, tok, lhs, rhs, &result); ok = binary_logic_operator(token, tok, lhs, rhs, &result);
if (! ok) { if (! ok) {
goto error; goto error;
} }
program->stack[depth] = result; stack[depth] = result;
depth++; depth++;
break; break;
default: default:
@ -2348,11 +2349,11 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
if (depth != 1) { if (depth != 1) {
goto error; goto error;
} }
result = program->stack[0]; result = stack[0];
if (result.type != CONDITIONAL_ACE_SAMBA_RESULT_BOOL) { if (result.type != CONDITIONAL_ACE_SAMBA_RESULT_BOOL) {
goto error; goto error;
} }
TALLOC_FREE(stack);
return result.data.result.value; return result.data.result.value;
error: error:
@ -2360,6 +2361,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
* the result of an error is always UNKNOWN, which should be * the result of an error is always UNKNOWN, which should be
* interpreted pessimistically, not allowing access. * interpreted pessimistically, not allowing access.
*/ */
TALLOC_FREE(stack);
return ACE_CONDITION_UNKNOWN; return ACE_CONDITION_UNKNOWN;
} }

View File

@ -2893,16 +2893,14 @@ static bool init_compiler_context(
TALLOC_FREE(program); TALLOC_FREE(program);
return false; return false;
} }
program->stack = talloc_array(program, comp->program = program;
struct ace_condition_token, comp->stack = talloc_array(program,
max_stack + 1); struct ace_condition_token,
if (program->stack == NULL) { max_stack + 1);
if (comp->stack == NULL) {
TALLOC_FREE(program); TALLOC_FREE(program);
return false; return false;
} }
comp->program = program;
/* we can borrow the program stack for the operator stack */
comp->stack = program->stack;
comp->target = program->tokens; comp->target = program->tokens;
comp->target_len = &program->length; comp->target_len = &program->length;
comp->length = strlen(sddl); comp->length = strlen(sddl);

View File

@ -390,7 +390,6 @@ interface conditional_ace
*/ */
typedef [public] struct { typedef [public] struct {
ace_condition_token *tokens; ace_condition_token *tokens;
ace_condition_token *stack;
uint32 length; uint32 length;
} ace_condition_script; } ace_condition_script;