mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
libsecurity: Simplify struct ace_condition_script
We only need the stack temporarily, no reason to put it in the struct Signed-off-by: Volker Lendecke <vl@samba.org> Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Sep 6 14:23:58 UTC 2024 on atb-devel-224
This commit is contained in:
parent
7bd8234152
commit
5ad8536ec7
@ -706,17 +706,6 @@ struct ace_condition_script *parse_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
if (program->tokens == NULL) {
|
||||
goto fail;
|
||||
}
|
||||
/*
|
||||
* When interpreting the program we will need a stack, which in the
|
||||
* very worst case can be as deep as the program is long.
|
||||
*/
|
||||
program->stack = talloc_array(program,
|
||||
struct ace_condition_token,
|
||||
program->length + 1);
|
||||
if (program->stack == NULL) {
|
||||
goto fail;
|
||||
}
|
||||
|
||||
return program;
|
||||
fail:
|
||||
talloc_free(program);
|
||||
@ -2218,8 +2207,20 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
struct ace_condition_token *lhs = NULL;
|
||||
struct ace_condition_token *rhs = NULL;
|
||||
struct ace_condition_token result = {};
|
||||
struct ace_condition_token *stack = NULL;
|
||||
bool ok;
|
||||
|
||||
/*
|
||||
* When interpreting the program we will need a stack, which in the
|
||||
* very worst case can be as deep as the program is long.
|
||||
*/
|
||||
stack = talloc_array(mem_ctx,
|
||||
struct ace_condition_token,
|
||||
program->length + 1);
|
||||
if (stack == NULL) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
for (i = 0; i < program->length; i++) {
|
||||
struct ace_condition_token *tok = &program->tokens[i];
|
||||
switch (tok->type) {
|
||||
@ -2232,7 +2233,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
case CONDITIONAL_ACE_TOKEN_SID:
|
||||
case CONDITIONAL_ACE_TOKEN_COMPOSITE:
|
||||
/* just plonk these literals on the stack */
|
||||
program->stack[depth] = *tok;
|
||||
stack[depth] = *tok;
|
||||
depth++;
|
||||
break;
|
||||
|
||||
@ -2243,7 +2244,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
if (! ok) {
|
||||
goto error;
|
||||
}
|
||||
program->stack[depth] = result;
|
||||
stack[depth] = result;
|
||||
depth++;
|
||||
break;
|
||||
|
||||
@ -2255,7 +2256,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
if (! ok) {
|
||||
goto error;
|
||||
}
|
||||
program->stack[depth] = result;
|
||||
stack[depth] = result;
|
||||
depth++;
|
||||
break;
|
||||
|
||||
@ -2271,12 +2272,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
goto error;
|
||||
}
|
||||
depth--;
|
||||
lhs = &program->stack[depth];
|
||||
lhs = &stack[depth];
|
||||
ok = member_lookup(token, tok, lhs, &result);
|
||||
if (! ok) {
|
||||
goto error;
|
||||
}
|
||||
program->stack[depth] = result;
|
||||
stack[depth] = result;
|
||||
depth++;
|
||||
break;
|
||||
/* binary relational operators */
|
||||
@ -2294,14 +2295,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
goto error;
|
||||
}
|
||||
depth--;
|
||||
rhs = &program->stack[depth];
|
||||
rhs = &stack[depth];
|
||||
depth--;
|
||||
lhs = &program->stack[depth];
|
||||
lhs = &stack[depth];
|
||||
ok = relational_operator(token, tok, lhs, rhs, &result);
|
||||
if (! ok) {
|
||||
goto error;
|
||||
}
|
||||
program->stack[depth] = result;
|
||||
stack[depth] = result;
|
||||
depth++;
|
||||
break;
|
||||
/* unary logical operators */
|
||||
@ -2312,12 +2313,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
goto error;
|
||||
}
|
||||
depth--;
|
||||
lhs = &program->stack[depth];
|
||||
lhs = &stack[depth];
|
||||
ok = unary_logic_operator(mem_ctx, token, tok, lhs, sd, &result);
|
||||
if (!ok) {
|
||||
goto error;
|
||||
}
|
||||
program->stack[depth] = result;
|
||||
stack[depth] = result;
|
||||
depth++;
|
||||
break;
|
||||
/* binary logical operators */
|
||||
@ -2327,14 +2328,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
goto error;
|
||||
}
|
||||
depth--;
|
||||
rhs = &program->stack[depth];
|
||||
rhs = &stack[depth];
|
||||
depth--;
|
||||
lhs = &program->stack[depth];
|
||||
lhs = &stack[depth];
|
||||
ok = binary_logic_operator(token, tok, lhs, rhs, &result);
|
||||
if (! ok) {
|
||||
goto error;
|
||||
}
|
||||
program->stack[depth] = result;
|
||||
stack[depth] = result;
|
||||
depth++;
|
||||
break;
|
||||
default:
|
||||
@ -2348,11 +2349,11 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
if (depth != 1) {
|
||||
goto error;
|
||||
}
|
||||
result = program->stack[0];
|
||||
result = stack[0];
|
||||
if (result.type != CONDITIONAL_ACE_SAMBA_RESULT_BOOL) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
TALLOC_FREE(stack);
|
||||
return result.data.result.value;
|
||||
|
||||
error:
|
||||
@ -2360,6 +2361,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
* the result of an error is always UNKNOWN, which should be
|
||||
* interpreted pessimistically, not allowing access.
|
||||
*/
|
||||
TALLOC_FREE(stack);
|
||||
return ACE_CONDITION_UNKNOWN;
|
||||
}
|
||||
|
||||
|
@ -2893,16 +2893,14 @@ static bool init_compiler_context(
|
||||
TALLOC_FREE(program);
|
||||
return false;
|
||||
}
|
||||
program->stack = talloc_array(program,
|
||||
struct ace_condition_token,
|
||||
max_stack + 1);
|
||||
if (program->stack == NULL) {
|
||||
comp->program = program;
|
||||
comp->stack = talloc_array(program,
|
||||
struct ace_condition_token,
|
||||
max_stack + 1);
|
||||
if (comp->stack == NULL) {
|
||||
TALLOC_FREE(program);
|
||||
return false;
|
||||
}
|
||||
comp->program = program;
|
||||
/* we can borrow the program stack for the operator stack */
|
||||
comp->stack = program->stack;
|
||||
comp->target = program->tokens;
|
||||
comp->target_len = &program->length;
|
||||
comp->length = strlen(sddl);
|
||||
|
@ -390,7 +390,6 @@ interface conditional_ace
|
||||
*/
|
||||
typedef [public] struct {
|
||||
ace_condition_token *tokens;
|
||||
ace_condition_token *stack;
|
||||
uint32 length;
|
||||
} ace_condition_script;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user