mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libsecurity: Simplify struct ace_condition_script
We only need the stack temporarily, no reason to put it in the struct Signed-off-by: Volker Lendecke <vl@samba.org> Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Sep 6 14:23:58 UTC 2024 on atb-devel-224
This commit is contained in:
parent
7bd8234152
commit
5ad8536ec7
@ -706,17 +706,6 @@ struct ace_condition_script *parse_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
if (program->tokens == NULL) {
|
if (program->tokens == NULL) {
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
/*
|
|
||||||
* When interpreting the program we will need a stack, which in the
|
|
||||||
* very worst case can be as deep as the program is long.
|
|
||||||
*/
|
|
||||||
program->stack = talloc_array(program,
|
|
||||||
struct ace_condition_token,
|
|
||||||
program->length + 1);
|
|
||||||
if (program->stack == NULL) {
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
return program;
|
return program;
|
||||||
fail:
|
fail:
|
||||||
talloc_free(program);
|
talloc_free(program);
|
||||||
@ -2218,8 +2207,20 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
struct ace_condition_token *lhs = NULL;
|
struct ace_condition_token *lhs = NULL;
|
||||||
struct ace_condition_token *rhs = NULL;
|
struct ace_condition_token *rhs = NULL;
|
||||||
struct ace_condition_token result = {};
|
struct ace_condition_token result = {};
|
||||||
|
struct ace_condition_token *stack = NULL;
|
||||||
bool ok;
|
bool ok;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* When interpreting the program we will need a stack, which in the
|
||||||
|
* very worst case can be as deep as the program is long.
|
||||||
|
*/
|
||||||
|
stack = talloc_array(mem_ctx,
|
||||||
|
struct ace_condition_token,
|
||||||
|
program->length + 1);
|
||||||
|
if (stack == NULL) {
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
for (i = 0; i < program->length; i++) {
|
for (i = 0; i < program->length; i++) {
|
||||||
struct ace_condition_token *tok = &program->tokens[i];
|
struct ace_condition_token *tok = &program->tokens[i];
|
||||||
switch (tok->type) {
|
switch (tok->type) {
|
||||||
@ -2232,7 +2233,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
case CONDITIONAL_ACE_TOKEN_SID:
|
case CONDITIONAL_ACE_TOKEN_SID:
|
||||||
case CONDITIONAL_ACE_TOKEN_COMPOSITE:
|
case CONDITIONAL_ACE_TOKEN_COMPOSITE:
|
||||||
/* just plonk these literals on the stack */
|
/* just plonk these literals on the stack */
|
||||||
program->stack[depth] = *tok;
|
stack[depth] = *tok;
|
||||||
depth++;
|
depth++;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2243,7 +2244,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
if (! ok) {
|
if (! ok) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
program->stack[depth] = result;
|
stack[depth] = result;
|
||||||
depth++;
|
depth++;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2255,7 +2256,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
if (! ok) {
|
if (! ok) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
program->stack[depth] = result;
|
stack[depth] = result;
|
||||||
depth++;
|
depth++;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2271,12 +2272,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
depth--;
|
depth--;
|
||||||
lhs = &program->stack[depth];
|
lhs = &stack[depth];
|
||||||
ok = member_lookup(token, tok, lhs, &result);
|
ok = member_lookup(token, tok, lhs, &result);
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
program->stack[depth] = result;
|
stack[depth] = result;
|
||||||
depth++;
|
depth++;
|
||||||
break;
|
break;
|
||||||
/* binary relational operators */
|
/* binary relational operators */
|
||||||
@ -2294,14 +2295,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
depth--;
|
depth--;
|
||||||
rhs = &program->stack[depth];
|
rhs = &stack[depth];
|
||||||
depth--;
|
depth--;
|
||||||
lhs = &program->stack[depth];
|
lhs = &stack[depth];
|
||||||
ok = relational_operator(token, tok, lhs, rhs, &result);
|
ok = relational_operator(token, tok, lhs, rhs, &result);
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
program->stack[depth] = result;
|
stack[depth] = result;
|
||||||
depth++;
|
depth++;
|
||||||
break;
|
break;
|
||||||
/* unary logical operators */
|
/* unary logical operators */
|
||||||
@ -2312,12 +2313,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
depth--;
|
depth--;
|
||||||
lhs = &program->stack[depth];
|
lhs = &stack[depth];
|
||||||
ok = unary_logic_operator(mem_ctx, token, tok, lhs, sd, &result);
|
ok = unary_logic_operator(mem_ctx, token, tok, lhs, sd, &result);
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
program->stack[depth] = result;
|
stack[depth] = result;
|
||||||
depth++;
|
depth++;
|
||||||
break;
|
break;
|
||||||
/* binary logical operators */
|
/* binary logical operators */
|
||||||
@ -2327,14 +2328,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
depth--;
|
depth--;
|
||||||
rhs = &program->stack[depth];
|
rhs = &stack[depth];
|
||||||
depth--;
|
depth--;
|
||||||
lhs = &program->stack[depth];
|
lhs = &stack[depth];
|
||||||
ok = binary_logic_operator(token, tok, lhs, rhs, &result);
|
ok = binary_logic_operator(token, tok, lhs, rhs, &result);
|
||||||
if (! ok) {
|
if (! ok) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
program->stack[depth] = result;
|
stack[depth] = result;
|
||||||
depth++;
|
depth++;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
@ -2348,11 +2349,11 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
if (depth != 1) {
|
if (depth != 1) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
result = program->stack[0];
|
result = stack[0];
|
||||||
if (result.type != CONDITIONAL_ACE_SAMBA_RESULT_BOOL) {
|
if (result.type != CONDITIONAL_ACE_SAMBA_RESULT_BOOL) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
TALLOC_FREE(stack);
|
||||||
return result.data.result.value;
|
return result.data.result.value;
|
||||||
|
|
||||||
error:
|
error:
|
||||||
@ -2360,6 +2361,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
|||||||
* the result of an error is always UNKNOWN, which should be
|
* the result of an error is always UNKNOWN, which should be
|
||||||
* interpreted pessimistically, not allowing access.
|
* interpreted pessimistically, not allowing access.
|
||||||
*/
|
*/
|
||||||
|
TALLOC_FREE(stack);
|
||||||
return ACE_CONDITION_UNKNOWN;
|
return ACE_CONDITION_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2893,16 +2893,14 @@ static bool init_compiler_context(
|
|||||||
TALLOC_FREE(program);
|
TALLOC_FREE(program);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
program->stack = talloc_array(program,
|
comp->program = program;
|
||||||
struct ace_condition_token,
|
comp->stack = talloc_array(program,
|
||||||
max_stack + 1);
|
struct ace_condition_token,
|
||||||
if (program->stack == NULL) {
|
max_stack + 1);
|
||||||
|
if (comp->stack == NULL) {
|
||||||
TALLOC_FREE(program);
|
TALLOC_FREE(program);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
comp->program = program;
|
|
||||||
/* we can borrow the program stack for the operator stack */
|
|
||||||
comp->stack = program->stack;
|
|
||||||
comp->target = program->tokens;
|
comp->target = program->tokens;
|
||||||
comp->target_len = &program->length;
|
comp->target_len = &program->length;
|
||||||
comp->length = strlen(sddl);
|
comp->length = strlen(sddl);
|
||||||
|
@ -390,7 +390,6 @@ interface conditional_ace
|
|||||||
*/
|
*/
|
||||||
typedef [public] struct {
|
typedef [public] struct {
|
||||||
ace_condition_token *tokens;
|
ace_condition_token *tokens;
|
||||||
ace_condition_token *stack;
|
|
||||||
uint32 length;
|
uint32 length;
|
||||||
} ace_condition_script;
|
} ace_condition_script;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user