1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00

libsecurity: Simplify struct ace_condition_script

We only need the stack temporarily, no reason to put it in the struct

Signed-off-by: Volker Lendecke <vl@samba.org>
Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep  6 14:23:58 UTC 2024 on atb-devel-224
This commit is contained in:
Volker Lendecke 2024-09-04 17:13:44 +02:00 committed by Stefan Metzmacher
parent 7bd8234152
commit 5ad8536ec7
3 changed files with 33 additions and 34 deletions

View File

@ -706,17 +706,6 @@ struct ace_condition_script *parse_conditional_ace(TALLOC_CTX *mem_ctx,
if (program->tokens == NULL) {
goto fail;
}
/*
* When interpreting the program we will need a stack, which in the
* very worst case can be as deep as the program is long.
*/
program->stack = talloc_array(program,
struct ace_condition_token,
program->length + 1);
if (program->stack == NULL) {
goto fail;
}
return program;
fail:
talloc_free(program);
@ -2218,8 +2207,20 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
struct ace_condition_token *lhs = NULL;
struct ace_condition_token *rhs = NULL;
struct ace_condition_token result = {};
struct ace_condition_token *stack = NULL;
bool ok;
/*
* When interpreting the program we will need a stack, which in the
* very worst case can be as deep as the program is long.
*/
stack = talloc_array(mem_ctx,
struct ace_condition_token,
program->length + 1);
if (stack == NULL) {
goto error;
}
for (i = 0; i < program->length; i++) {
struct ace_condition_token *tok = &program->tokens[i];
switch (tok->type) {
@ -2232,7 +2233,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
case CONDITIONAL_ACE_TOKEN_SID:
case CONDITIONAL_ACE_TOKEN_COMPOSITE:
/* just plonk these literals on the stack */
program->stack[depth] = *tok;
stack[depth] = *tok;
depth++;
break;
@ -2243,7 +2244,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
if (! ok) {
goto error;
}
program->stack[depth] = result;
stack[depth] = result;
depth++;
break;
@ -2255,7 +2256,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
if (! ok) {
goto error;
}
program->stack[depth] = result;
stack[depth] = result;
depth++;
break;
@ -2271,12 +2272,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
goto error;
}
depth--;
lhs = &program->stack[depth];
lhs = &stack[depth];
ok = member_lookup(token, tok, lhs, &result);
if (! ok) {
goto error;
}
program->stack[depth] = result;
stack[depth] = result;
depth++;
break;
/* binary relational operators */
@ -2294,14 +2295,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
goto error;
}
depth--;
rhs = &program->stack[depth];
rhs = &stack[depth];
depth--;
lhs = &program->stack[depth];
lhs = &stack[depth];
ok = relational_operator(token, tok, lhs, rhs, &result);
if (! ok) {
goto error;
}
program->stack[depth] = result;
stack[depth] = result;
depth++;
break;
/* unary logical operators */
@ -2312,12 +2313,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
goto error;
}
depth--;
lhs = &program->stack[depth];
lhs = &stack[depth];
ok = unary_logic_operator(mem_ctx, token, tok, lhs, sd, &result);
if (!ok) {
goto error;
}
program->stack[depth] = result;
stack[depth] = result;
depth++;
break;
/* binary logical operators */
@ -2327,14 +2328,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
goto error;
}
depth--;
rhs = &program->stack[depth];
rhs = &stack[depth];
depth--;
lhs = &program->stack[depth];
lhs = &stack[depth];
ok = binary_logic_operator(token, tok, lhs, rhs, &result);
if (! ok) {
goto error;
}
program->stack[depth] = result;
stack[depth] = result;
depth++;
break;
default:
@ -2348,11 +2349,11 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
if (depth != 1) {
goto error;
}
result = program->stack[0];
result = stack[0];
if (result.type != CONDITIONAL_ACE_SAMBA_RESULT_BOOL) {
goto error;
}
TALLOC_FREE(stack);
return result.data.result.value;
error:
@ -2360,6 +2361,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
* the result of an error is always UNKNOWN, which should be
* interpreted pessimistically, not allowing access.
*/
TALLOC_FREE(stack);
return ACE_CONDITION_UNKNOWN;
}

View File

@ -2893,16 +2893,14 @@ static bool init_compiler_context(
TALLOC_FREE(program);
return false;
}
program->stack = talloc_array(program,
struct ace_condition_token,
max_stack + 1);
if (program->stack == NULL) {
comp->program = program;
comp->stack = talloc_array(program,
struct ace_condition_token,
max_stack + 1);
if (comp->stack == NULL) {
TALLOC_FREE(program);
return false;
}
comp->program = program;
/* we can borrow the program stack for the operator stack */
comp->stack = program->stack;
comp->target = program->tokens;
comp->target_len = &program->length;
comp->length = strlen(sddl);

View File

@ -390,7 +390,6 @@ interface conditional_ace
*/
typedef [public] struct {
ace_condition_token *tokens;
ace_condition_token *stack;
uint32 length;
} ace_condition_script;