sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

libcli/security: handle node initialisation in one spot in insert_in_object_tree()

Browse Source 
This removes special-case for initalising the children array in
insert_in_object_tree().  talloc_realloc() handles the intial allocate
case perfectly well, so there is no need to have this duplicated.

This also restores having just one place were the rest of the elements
are intialised, to ensure uniform behaviour.

To do this, we have to rework insert_in_object_tree to have only one
output variable, both because having both root and new_node as output
variables was too confusing, and because otherwise the two pointers
were being allowed to point at the same memory.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Bartlett 2013-01-03 20:40:32 +11:00 committed by Stefan Metzmacher
parent a359aef083
commit 5b4e3de2bb
4 changed files with 47 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libcli/security/access_check.h
View File

@ -77,10 +77,10 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
struct dom_sid *replace_sid); struct dom_sid *replace_sid);
bool insert_in_object_tree(TALLOC_CTX *mem_ctx, bool insert_in_object_tree(TALLOC_CTX *mem_ctx,
const struct GUID *guid, const struct GUID *guid,
uint32_t init_access, uint32_t init_access,
struct object_tree **root, struct object_tree *root,
struct object_tree **new_node); struct object_tree **new_node_out);
/* search by GUID */ /* search by GUID */
struct object_tree *get_object_tree_by_GUID(struct object_tree *root, struct object_tree *get_object_tree_by_GUID(struct object_tree *root,

67
libcli/security/object_tree.c
View File

@ -38,52 +38,51 @@
*/ */
bool insert_in_object_tree(TALLOC_CTX *mem_ctx, bool insert_in_object_tree(TALLOC_CTX *mem_ctx,
const struct GUID *guid, const struct GUID *guid,
uint32_t init_access, uint32_t init_access,
struct object_tree **root, struct object_tree *root,
struct object_tree **new_node) struct object_tree **new_node_out)
{ {
struct object_tree *new_node;
if (!guid || GUID_all_zero(guid)){ if (!guid || GUID_all_zero(guid)){
return true; return true;
} }
if (!*root){ if (!root) {
*root = talloc_zero(mem_ctx, struct object_tree); root = talloc_zero(mem_ctx, struct object_tree);
if (!*root) { if (!root) {
return false; return false;
} }
(*root)->guid = *guid; new_node = root;
(*root)->remaining_access = init_access; } else {
*new_node = *root;
return true;
}
if (!(*root)->children) {
(*root)->children = talloc_array(mem_ctx, struct object_tree, 1);
(*root)->children[0].guid = *guid;
(*root)->children[0].num_of_children = 0;
(*root)->children[0].children = NULL;
(*root)->num_of_children++;
(*root)->children[0].remaining_access = init_access;
*new_node = &((*root)->children[0]);
return true;
}
else {
int i; int i;
for (i = 0; i < (*root)->num_of_children; i++) {
if (GUID_equal(&((*root)->children[i].guid), guid)) { for (i = 0; i < root->num_of_children; i++) {
*new_node = &((*root)->children[i]); if (GUID_equal(&root->children[i].guid, guid)) {
new_node = &root->children[i];
*new_node_out = new_node;
return true; return true;
} }
} }
(*root)->children = talloc_realloc(mem_ctx, (*root)->children, struct object_tree,
(*root)->num_of_children +1); root->children = talloc_realloc(mem_ctx, root->children,
(*root)->children[(*root)->num_of_children].guid = *guid; struct object_tree,
(*root)->children[(*root)->num_of_children].remaining_access = init_access; root->num_of_children + 1);
*new_node = &((*root)->children[(*root)->num_of_children]); if (!root->children) {
(*root)->num_of_children++; return false;
return true; }
new_node = &root->children[root->num_of_children];
root->num_of_children++;
} }
new_node->children = NULL;
new_node->guid = *guid;
new_node->remaining_access = init_access;
new_node->num_of_children = 0;
*new_node_out = new_node;
return true;
} }
/* search by GUID */ /* search by GUID */

5
source4/dsdb/common/dsdb_access.c
View File

@ -93,7 +93,6 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
struct security_descriptor *sd = NULL; struct security_descriptor *sd = NULL;
struct dom_sid *sid = NULL; struct dom_sid *sid = NULL;
struct object_tree *root = NULL; struct object_tree *root = NULL;
struct object_tree *new_node = NULL;
NTSTATUS status; NTSTATUS status;
uint32_t access_granted; uint32_t access_granted;
int ret; int ret;
@ -108,8 +107,8 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
} }
sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid"); sid = samdb_result_dom_sid(mem_ctx, acl_res->msgs[0], "objectSid");
if (guid) { if (guid) {
if (!insert_in_object_tree(mem_ctx, guid, access_mask, &root, if (!insert_in_object_tree(mem_ctx, guid, access_mask, NULL,
&new_node)) { &root)) {
return ldb_operr(ldb); return ldb_operr(ldb);
} }
} }

16
source4/dsdb/samdb/ldb_modules/acl_util.c
View File

@ -109,16 +109,17 @@ int acl_check_access_on_attribute(struct ldb_module *module,
if (!insert_in_object_tree(tmp_ctx, if (!insert_in_object_tree(tmp_ctx,
&objectclass->schemaIDGUID, &objectclass->schemaIDGUID,
access_mask, &root, access_mask, NULL,
&new_node)) { &root)) {
DEBUG(10, ("acl_search: cannot add to object tree class schemaIDGUID\n")); DEBUG(10, ("acl_search: cannot add to object tree class schemaIDGUID\n"));
goto fail; goto fail;
} }
new_node = root;
if (!GUID_all_zero(&attr->attributeSecurityGUID)) { if (!GUID_all_zero(&attr->attributeSecurityGUID)) {
if (!insert_in_object_tree(tmp_ctx, if (!insert_in_object_tree(tmp_ctx,
&attr->attributeSecurityGUID, &attr->attributeSecurityGUID,
access_mask, &new_node, access_mask, new_node,
&new_node)) { &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n")); DEBUG(10, ("acl_search: cannot add to object tree securityGUID\n"));
goto fail; goto fail;
@ -127,7 +128,7 @@ int acl_check_access_on_attribute(struct ldb_module *module,
if (!insert_in_object_tree(tmp_ctx, if (!insert_in_object_tree(tmp_ctx,
&attr->schemaIDGUID, &attr->schemaIDGUID,
access_mask, &new_node, access_mask, new_node,
&new_node)) { &new_node)) {
DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n")); DEBUG(10, ("acl_search: cannot add to object tree attributeGUID\n"));
goto fail; goto fail;
@ -162,14 +163,13 @@ int acl_check_access_on_objectclass(struct ldb_module *module,
NTSTATUS status; NTSTATUS status;
uint32_t access_granted; uint32_t access_granted;
struct object_tree *root = NULL; struct object_tree *root = NULL;
struct object_tree *new_node = NULL;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct security_token *token = acl_user_token(module); struct security_token *token = acl_user_token(module);
if (!insert_in_object_tree(tmp_ctx, if (!insert_in_object_tree(tmp_ctx,
&objectclass->schemaIDGUID, &objectclass->schemaIDGUID,
access_mask, &root, access_mask, NULL,
&new_node)) { &root)) {
DEBUG(10, ("acl_search: cannot add to object tree class schemaIDGUID\n")); DEBUG(10, ("acl_search: cannot add to object tree class schemaIDGUID\n"));
goto fail; goto fail;
} }
@ -209,7 +209,7 @@ int acl_check_extended_right(TALLOC_CTX *mem_ctx,
GUID_from_string(ext_right, &right); GUID_from_string(ext_right, &right);
if (!insert_in_object_tree(tmp_ctx, &right, right_type, if (!insert_in_object_tree(tmp_ctx, &right, right_type,
&root, &new_node)) { NULL, &root)) {
DEBUG(10, ("acl_ext_right: cannot add to object tree\n")); DEBUG(10, ("acl_ext_right: cannot add to object tree\n"));
talloc_free(tmp_ctx); talloc_free(tmp_ctx);
return LDB_ERR_OPERATIONS_ERROR; return LDB_ERR_OPERATIONS_ERROR;