1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

r3810: create a LIB_SECURITY subsystem

- move dom_sid, security_descriptor, security_* funtions to one place
  and rename some of them

metze
(This used to be commit b620bdd672)
This commit is contained in:
Stefan Metzmacher 2004-11-17 14:35:29 +00:00 committed by Gerald (Jerry) Carter
parent 04a47a26ce
commit 856ee66537
24 changed files with 358 additions and 234 deletions

View File

@ -24,6 +24,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_samr.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "auth/auth.h"
#undef DBGC_CLASS
@ -401,7 +402,7 @@ NTSTATUS create_nt_user_token(TALLOC_CTX *mem_ctx,
for (i = 0; i < n_groupSIDs; i++) {
size_t check_sid_idx;
for (check_sid_idx = 1; check_sid_idx < ptoken->num_sids; check_sid_idx++) {
if (sid_equal(ptoken->user_sids[check_sid_idx],
if (dom_sid_equal(ptoken->user_sids[check_sid_idx],
groupSIDs[i])) {
break;
}

View File

@ -51,7 +51,8 @@ sub smb_build_main($)
"librpc/config.mk",
"client/config.mk",
"libcli/libsmb.mk",
"libcli/config.mk"
"libcli/config.mk",
"libcli/security/config.mk"
);
$| = 1;

View File

@ -120,3 +120,7 @@ struct test_join_ads_dc;
struct netr_LMSessionKey;
struct ldb_message;
struct security_token;
struct security_acl;
struct security_ace;

View File

@ -51,8 +51,6 @@ ADD_OBJ_FILES = \
lib/wins_srv.o \
lib/util_str.o \
lib/util_strlist.o \
lib/util_sid.o \
lib/util_secdesc.o \
lib/util_uuid.o \
lib/util_unistr.o \
lib/util_file.o \
@ -74,6 +72,6 @@ ADD_OBJ_FILES = \
lib/db_wrap.o \
lib/gencache.o
REQUIRED_SUBSYSTEMS = \
LIBLDB CHARSET LIBREPLACE LIBNETIF LIBCRYPTO EXT_LIB_DL
LIBLDB CHARSET LIBREPLACE LIBNETIF LIBCRYPTO LIB_SECURITY EXT_LIB_DL
# End SUBSYSTEM LIBBASIC
##############################

View File

@ -1,85 +0,0 @@
/*
Unix SMB/CIFS implementation.
Samba utility functions
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
Copyright (C) Jeremy Allison 1999
Copyright (C) Stefan (metze) Metzmacher 2002
Copyright (C) Simo Sorce 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
/*****************************************************************
Compare the auth portion of two sids.
*****************************************************************/
static int sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2)
{
int i;
if (sid1 == sid2)
return 0;
if (!sid1)
return -1;
if (!sid2)
return 1;
if (sid1->sid_rev_num != sid2->sid_rev_num)
return sid1->sid_rev_num - sid2->sid_rev_num;
for (i = 0; i < 6; i++)
if (sid1->id_auth[i] != sid2->id_auth[i])
return sid1->id_auth[i] - sid2->id_auth[i];
return 0;
}
/*****************************************************************
Compare two sids.
*****************************************************************/
static int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
{
int i;
if (sid1 == sid2)
return 0;
if (!sid1)
return -1;
if (!sid2)
return 1;
/* Compare most likely different rids, first: i.e start at end */
if (sid1->num_auths != sid2->num_auths)
return sid1->num_auths - sid2->num_auths;
for (i = sid1->num_auths-1; i >= 0; --i)
if (sid1->sub_auths[i] != sid2->sub_auths[i])
return sid1->sub_auths[i] - sid2->sub_auths[i];
return sid_compare_auth(sid1, sid2);
}
/*****************************************************************
Compare two sids.
*****************************************************************/
BOOL sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2)
{
return sid_compare(sid1, sid2) == 0;
}

View File

@ -6,8 +6,7 @@ ADD_OBJ_FILES = libcli/util/asn1.o \
libcli/util/clierror.o \
libcli/util/nterr.o \
libcli/util/smbdes.o \
libcli/util/smbencrypt.o \
libcli/util/dom_sid.o
libcli/util/smbencrypt.o
[SUBSYSTEM::LIBCLI_NMB]
ADD_OBJ_FILES = libcli/unexpected.o \

View File

@ -19,6 +19,7 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/raw/libcliraw.h"
/****************************************************************************

View File

@ -0,0 +1,18 @@
#################################
# Start SUBSYSTEM LIB_SECURITY_NDR
[SUBSYSTEM::LIB_SECURITY_NDR]
ADD_OBJ_FILES = librpc/gen_ndr/ndr_security.o
NOPROTO = YES
# End SUBSYSTEM LIB_SECURITY_NDR
#################################
#################################
# Start SUBSYSTEM LIB_SECURITY
[SUBSYSTEM::LIB_SECURITY]
ADD_OBJ_FILES = libcli/security/security_token.o \
libcli/security/security_descriptor.o \
libcli/security/dom_sid.o \
librpc/ndr/ndr_sec.o
REQUIRED_SUBSYSTEMS = LIB_SECURITY_NDR
# End SUBSYSTEM LIB_SECURITY
#################################

View File

@ -1,10 +1,12 @@
/*
Unix SMB/CIFS implementation.
routines to manipulate a "struct dom_sid"
Copyright (C) Andrew Tridgell 2004
Samba utility functions
Copyright (C) Andrew Tridgell 1992-2004
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
Copyright (C) Jeremy Allison 1999
Copyright (C) Stefan (metze) Metzmacher 2002-2004
Copyright (C) Simo Sorce 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
@ -21,6 +23,67 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
/*****************************************************************
Compare the auth portion of two sids.
*****************************************************************/
static int dom_sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2)
{
int i;
if (sid1 == sid2)
return 0;
if (!sid1)
return -1;
if (!sid2)
return 1;
if (sid1->sid_rev_num != sid2->sid_rev_num)
return sid1->sid_rev_num - sid2->sid_rev_num;
for (i = 0; i < 6; i++)
if (sid1->id_auth[i] != sid2->id_auth[i])
return sid1->id_auth[i] - sid2->id_auth[i];
return 0;
}
/*****************************************************************
Compare two sids.
*****************************************************************/
static int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
{
int i;
if (sid1 == sid2)
return 0;
if (!sid1)
return -1;
if (!sid2)
return 1;
/* Compare most likely different rids, first: i.e start at end */
if (sid1->num_auths != sid2->num_auths)
return sid1->num_auths - sid2->num_auths;
for (i = sid1->num_auths-1; i >= 0; --i)
if (sid1->sub_auths[i] != sid2->sub_auths[i])
return sid1->sub_auths[i] - sid2->sub_auths[i];
return dom_sid_compare_auth(sid1, sid2);
}
/*****************************************************************
Compare two sids.
*****************************************************************/
BOOL dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2)
{
return dom_sid_compare(sid1, sid2) == 0;
}
/*
convert a dom_sid to a string
@ -124,7 +187,7 @@ struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
/*
convert a string to a dom_sid, returning a talloc'd dom_sid
*/
struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, struct dom_sid *dom_sid)
struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
{
struct dom_sid *ret;
int i;
@ -177,4 +240,3 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
sid->num_auths++;
return sid;
}

View File

@ -0,0 +1,102 @@
/*
Unix SMB/CIFS implementation.
security descriptror utility functions
Copyright (C) Andrew Tridgell 2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
return a blank security descriptor (no owners, dacl or sacl)
*/
struct security_descriptor *security_descriptor_initialise(TALLOC_CTX *mem_ctx)
{
struct security_descriptor *sd;
sd = talloc_p(mem_ctx, struct security_descriptor);
if (!sd) {
return NULL;
}
sd->revision = SD_REVISION;
/* we mark as self relative, even though it isn't while it remains
a pointer in memory because this simplifies the ndr code later.
All SDs that we store/emit are in fact SELF_RELATIVE
*/
sd->type = SEC_DESC_SELF_RELATIVE;
sd->owner_sid = NULL;
sd->group_sid = NULL;
sd->sacl = NULL;
sd->dacl = NULL;
return sd;
}
/*
talloc and copy a security descriptor
*/
struct security_descriptor *security_descriptor_copy(TALLOC_CTX *mem_ctx,
const struct security_descriptor *osd)
{
struct security_descriptor *nsd;
/* FIXME */
DEBUG(1, ("security_descriptor_copy(): sorry unimplemented yet\n"));
nsd = NULL;
return nsd;
}
NTSTATUS security_check_dacl(struct security_token *st, struct security_descriptor *sd, uint32 access_mask)
{
size_t i,y;
NTSTATUS status = NT_STATUS_ACCESS_DENIED;
DEBUG(1, ("security_check_dacl(): sorry untested yet\n"));
return status;
if (!sd->dacl) {
return NT_STATUS_INVALID_ACL;
}
for (i=0; i < st->num_sids; i++) {
for (y=0; y < sd->dacl->num_aces; y++) {
if (dom_sid_equal(&st->sids[i], &sd->dacl->aces[y].trustee)) {
switch (sd->dacl->aces[y].type) {
case SEC_ACE_TYPE_ACCESS_ALLOWED:
if (access_mask & sd->dacl->aces[y].access_mask) {
status = NT_STATUS_OK;
}
break;
case SEC_ACE_TYPE_ACCESS_DENIED:
if (access_mask & sd->dacl->aces[y].access_mask) {
return NT_STATUS_ACCESS_DENIED;
}
break;
default:
return NT_STATUS_INVALID_ACL;
}
}
}
}
return status;
}

View File

@ -21,31 +21,36 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
return a blank security descriptor (no owners, dacl or sacl)
*/
struct security_descriptor *sd_initialise(TALLOC_CTX *mem_ctx)
struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
{
struct security_descriptor *sd;
struct security_token *st;
sd = talloc_p(mem_ctx, struct security_descriptor);
if (!sd) {
st = talloc_p(mem_ctx, struct security_token);
if (!st) {
return NULL;
}
sd->revision = SD_REVISION;
/* we mark as self relative, even though it isn't while it remains
a pointer in memory because this simplifies the ndr code later.
All SDs that we store/emit are in fact SELF_RELATIVE
*/
sd->type = SEC_DESC_SELF_RELATIVE;
st->flags = 0;
sd->owner_sid = NULL;
sd->group_sid = NULL;
sd->sacl = NULL;
sd->dacl = NULL;
st->user_sid = NULL;
st->group_sid = NULL;
st->logon_sid = NULL;
return sd;
st->num_sids = 0;
st->sids = NULL;
st->num_restricted_sids = 0;
st->restricted_sids = NULL;
st->num_privileges = 0;
st->privileges = NULL;
st->dacl = NULL;
return st;
}

View File

@ -5,7 +5,6 @@ INIT_OBJ_FILES = \
librpc/ndr/ndr.o
ADD_OBJ_FILES = \
librpc/ndr/ndr_basic.o \
librpc/ndr/ndr_sec.o \
librpc/ndr/ndr_spoolss_buf.o \
librpc/ndr/ndr_dcom.o
# End SUBSYSTEM LIBNDR_RAW

View File

@ -7,7 +7,8 @@
[
uuid("46746756-7567-7567-5677-756756756756"),
version(0.0),
pointer_default(unique)
pointer_default(unique),
depends(security)
]
interface krb5pac
{

View File

@ -8,7 +8,8 @@
version(0.0),
endpoint("ncacn_np:[\\pipe\\lsarpc]","ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:"),
pointer_default(unique),
helpstring("Local Server Authentication(?)")
helpstring("Local Server Authentication(?)"),
depends(security)
] interface lsarpc
{
/******************/

View File

@ -6,37 +6,6 @@
interface misc
{
/* a NULL sid */
const string SID_NULL = "S-1-0-0";
/* the world domain */
const string SID_WORLD_DOMAIN = "S-1-1";
const string SID_WORLD = "S-1-1-0";
/* SECURITY_CREATOR_SID_AUTHORITY */
const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
const string SID_CREATOR_OWNER = "S-1-3-0";
const string SID_CREATOR_GROUP = "S-1-3-1";
/* SECURITY_NT_AUTHORITY */
const string SID_NT_AUTHORITY = "S-1-5";
const string SID_NETWORK = "S-1-5-2";
const string SID_ANONYMOUS = "S-1-5-7";
const string SID_AUTHENTICATED_USERS = "S-1-5-11";
const string SID_SYSTEM = "S-1-5-18";
/* SECURITY_BUILTIN_DOMAIN_RID */
const string SID_BUILTIN = "S-1-5-32";
const string SID_BUILTIN_ADMINISTRATORS = "S-1-5-32-544";
const string SID_BUILTIN_USERS = "S-1-5-32-545";
const string SID_BUILTIN_GUESTS = "S-1-5-32-546";
const string SID_BUILTIN_POWER_USERS = "S-1-5-32-547";
const string SID_BUILTIN_ACCOUNT_OPERATORS = "S-1-5-32-548";
const string SID_BUILTIN_SERVER_OPERATORS = "S-1-5-32-549";
const string SID_BUILTIN_PRINT_OPERATORS = "S-1-5-32-550";
const string SID_BUILTIN_BACKUP_OPERATORS = "S-1-5-32-551";
const string SID_BUILTIN_REPLICATOR = "S-1-5-32-552";
/* server roles */
typedef enum {
ROLE_STANDALONE = 0,
@ -54,70 +23,6 @@ interface misc
uint8 node[6];
} GUID;
/* a domain SID. Note that unlike Samba3 this contains a pointer,
so you can't copy them using assignment */
typedef [public,noprint] struct {
uint8 sid_rev_num; /**< SID revision number */
uint8 num_auths; /**< Number of sub-authorities */
uint8 id_auth[6]; /**< Identifier Authority */
uint32 sub_auths[num_auths];
} dom_sid;
typedef [public] struct {
uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
[value(ndr_size_security_ace(r))] uint16 size;
uint32 access_mask;
#if 0
/* the 'obj' part is present when type is XXXX_TYPE_XXXX_OBJECT */
struct {
uint32 flags;
GUID object_guid;
GUID inherit_guid;
} *obj;
#endif
dom_sid trustee;
} security_ace;
typedef [public] struct {
uint16 revision;
[value(ndr_size_security_acl(r))] uint16 size;
uint32 num_aces;
security_ace aces[num_aces];
} security_acl;
/* default revision for new ACLs */
const int SD_REVISION = 1;
/* security_descriptor->type bits */
const int SEC_DESC_OWNER_DEFAULTED = 0x0001;
const int SEC_DESC_GROUP_DEFAULTED = 0x0002;
const int SEC_DESC_DACL_PRESENT = 0x0004;
const int SEC_DESC_DACL_DEFAULTED = 0x0008;
const int SEC_DESC_SACL_PRESENT = 0x0010;
const int SEC_DESC_SACL_DEFAULTED = 0x0020;
const int SEC_DESC_DACL_TRUSTED = 0x0040;
const int SEC_DESC_SERVER_SECURITY = 0x0080;
const int SEC_DESC_DACL_AUTO_INHERIT_REQ = 0x0100;
const int SEC_DESC_SACL_AUTO_INHERIT_REQ = 0x0200;
const int SEC_DESC_DACL_AUTO_INHERITED = 0x0400;
const int SEC_DESC_SACL_AUTO_INHERITED = 0x0800;
const int SEC_DESC_DACL_PROTECTED = 0x1000;
const int SEC_DESC_SACL_PROTECTED = 0x2000;
const int SEC_DESC_RM_CONTROL_VALID = 0x4000;
const int SEC_DESC_SELF_RELATIVE = 0x8000;
typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
uint8 revision;
uint16 type; /* SEC_DESC_xxxx flags */
[relative] dom_sid *owner_sid;
[relative] dom_sid *group_sid;
[relative] security_acl *sacl; /* system ACL */
[relative] security_acl *dacl; /* user (discretionary) ACL */
} security_descriptor;
typedef [public] struct {
uint32 handle_type;
GUID uuid;

View File

@ -12,7 +12,7 @@
version(1.0),
endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
pointer_default(unique),
depends(lsa)
depends(lsa,security)
] interface samr
{
/* account control (acct_flags) bits */

View File

@ -0,0 +1,123 @@
#include "idl_types.h"
/*
security IDL structures
*/
interface security
{
/* a NULL sid */
const string SID_NULL = "S-1-0-0";
/* the world domain */
const string SID_WORLD_DOMAIN = "S-1-1";
const string SID_WORLD = "S-1-1-0";
/* SECURITY_CREATOR_SID_AUTHORITY */
const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
const string SID_CREATOR_OWNER = "S-1-3-0";
const string SID_CREATOR_GROUP = "S-1-3-1";
/* SECURITY_NT_AUTHORITY */
const string SID_NT_AUTHORITY = "S-1-5";
const string SID_NETWORK = "S-1-5-2";
const string SID_ANONYMOUS = "S-1-5-7";
const string SID_AUTHENTICATED_USERS = "S-1-5-11";
const string SID_SYSTEM = "S-1-5-18";
/* SECURITY_BUILTIN_DOMAIN_RID */
const string SID_BUILTIN = "S-1-5-32";
const string SID_BUILTIN_ADMINISTRATORS = "S-1-5-32-544";
const string SID_BUILTIN_USERS = "S-1-5-32-545";
const string SID_BUILTIN_GUESTS = "S-1-5-32-546";
const string SID_BUILTIN_POWER_USERS = "S-1-5-32-547";
const string SID_BUILTIN_ACCOUNT_OPERATORS = "S-1-5-32-548";
const string SID_BUILTIN_SERVER_OPERATORS = "S-1-5-32-549";
const string SID_BUILTIN_PRINT_OPERATORS = "S-1-5-32-550";
const string SID_BUILTIN_BACKUP_OPERATORS = "S-1-5-32-551";
const string SID_BUILTIN_REPLICATOR = "S-1-5-32-552";
/* a domain SID. Note that unlike Samba3 this contains a pointer,
so you can't copy them using assignment */
typedef [public,noprint] struct {
uint8 sid_rev_num; /**< SID revision number */
uint8 num_auths; /**< Number of sub-authorities */
uint8 id_auth[6]; /**< Identifier Authority */
uint32 sub_auths[num_auths];
} dom_sid;
typedef [public] struct {
uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
[value(ndr_size_security_ace(r))] uint16 size;
uint32 access_mask;
#if 0
/* the 'obj' part is present when type is XXXX_TYPE_XXXX_OBJECT */
struct {
uint32 flags;
GUID object_guid;
GUID inherit_guid;
} *obj;
#endif
dom_sid trustee;
} security_ace;
typedef [public] struct {
uint16 revision;
[value(ndr_size_security_acl(r))] uint16 size;
uint32 num_aces;
security_ace aces[num_aces];
} security_acl;
/* default revision for new ACLs */
const int SD_REVISION = 1;
/* security_descriptor->type bits */
const int SEC_DESC_OWNER_DEFAULTED = 0x0001;
const int SEC_DESC_GROUP_DEFAULTED = 0x0002;
const int SEC_DESC_DACL_PRESENT = 0x0004;
const int SEC_DESC_DACL_DEFAULTED = 0x0008;
const int SEC_DESC_SACL_PRESENT = 0x0010;
const int SEC_DESC_SACL_DEFAULTED = 0x0020;
const int SEC_DESC_DACL_TRUSTED = 0x0040;
const int SEC_DESC_SERVER_SECURITY = 0x0080;
const int SEC_DESC_DACL_AUTO_INHERIT_REQ = 0x0100;
const int SEC_DESC_SACL_AUTO_INHERIT_REQ = 0x0200;
const int SEC_DESC_DACL_AUTO_INHERITED = 0x0400;
const int SEC_DESC_SACL_AUTO_INHERITED = 0x0800;
const int SEC_DESC_DACL_PROTECTED = 0x1000;
const int SEC_DESC_SACL_PROTECTED = 0x2000;
const int SEC_DESC_RM_CONTROL_VALID = 0x4000;
const int SEC_DESC_SELF_RELATIVE = 0x8000;
typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
uint8 revision;
uint16 type; /* SEC_DESC_xxxx flags */
[relative] dom_sid *owner_sid;
[relative] dom_sid *group_sid;
[relative] security_acl *sacl; /* system ACL */
[relative] security_acl *dacl; /* user (discretionary) ACL */
} security_descriptor;
typedef [public,printonly] struct {
/* TODO */
uint32 flags;
} security_privilege;
typedef [public,printonly] struct {
uint32 flags;
dom_sid *user_sid;
dom_sid *group_sid;
dom_sid *logon_sid;
uint32 num_sids;
dom_sid sids[num_sids];
uint32 num_restricted_sids;
dom_sid restricted_sids[num_restricted_sids];
uint32 num_privileges;
security_privilege privileges[num_privileges];
security_acl *dacl;
} security_token;
}

View File

@ -8,7 +8,8 @@
version(1.0),
endpoint("ncacn_np:[\\pipe\\spoolss]"),
pointer_default(unique),
helpstring("Spooler SubSystem")
helpstring("Spooler SubSystem"),
depends(security)
] interface spoolss
{
typedef struct {

View File

@ -7,7 +7,8 @@
[ uuid("4b324fc8-1670-01d3-1278-5a47bf6ee188"),
version(3.0),
pointer_default(unique),
helpstring("Server Service")
helpstring("Server Service"),
depends(security)
] interface srvsvc
{
/**************************/

View File

@ -23,6 +23,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
@ -112,18 +113,3 @@ size_t ndr_size_security_descriptor(struct security_descriptor *sd)
ret += ndr_size_security_acl(sd->sacl);
return ret;
}
/*
talloc and copy a security descriptor
*/
struct security_descriptor *copy_security_descriptor(TALLOC_CTX *mem_ctx,
const struct security_descriptor *osd)
{
struct security_descriptor *nsd;
/* FIXME */
DEBUG(1, ("copy_security_descriptor: sorry unimplemented yet\n"));
nsd = NULL;
return nsd;
}

View File

@ -198,7 +198,7 @@ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
* we try to set it
*/
if (ep->sd == NULL) {
ep->sd = copy_security_descriptor(dce_ctx, sd);
ep->sd = security_descriptor_copy(dce_ctx, sd);
}
/* if now there's no security descriptor given on the endpoint

View File

@ -888,7 +888,7 @@ struct security_descriptor *samdb_default_security_descriptor(TALLOC_CTX *mem_ct
{
struct security_descriptor *sd;
sd = sd_initialise(mem_ctx);
sd = security_descriptor_initialise(mem_ctx);
return sd;
}

View File

@ -24,6 +24,7 @@
#include "includes.h"
#include "smb_server/smb_server.h"
#include "librpc/gen_ndr/ndr_security.h"

View File

@ -301,7 +301,7 @@ static BOOL samsync_handle_policy(TALLOC_CTX *mem_ctx, struct samsync_state *sam
}
}
if (!sid_equal(samsync_state->sid[SAM_DATABASE_DOMAIN], policy->sid)) {
if (!dom_sid_equal(samsync_state->sid[SAM_DATABASE_DOMAIN], policy->sid)) {
printf("Domain SID from POLICY (%s) does not match domain sid from SAMR (%s)\n",
dom_sid_string(mem_ctx, policy->sid), dom_sid_string(mem_ctx, samsync_state->sid[SAM_DATABASE_DOMAIN]));
return False;