mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
conditional_aces: Avoid manual parsing for ace_condition_sid
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
1e45a4d10a
commit
94d1cfbd85
@ -152,7 +152,7 @@ static bool claim_v1_sid_to_ace_sid(
|
||||
}
|
||||
|
||||
result->type = CONDITIONAL_ACE_TOKEN_SID;
|
||||
result->data.sid.sid = sid;
|
||||
result->data.sid.sid = *sid;
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -370,7 +370,7 @@ static bool ace_sid_to_claim_v1_sid(TALLOC_CTX *mem_ctx,
|
||||
{
|
||||
/* claim_v1 sid is an "S-1-*" string data blob, not struct dom_sid. */
|
||||
DATA_BLOB *blob = NULL;
|
||||
char *s = dom_sid_string(mem_ctx, tok->data.sid.sid);
|
||||
char *s = dom_sid_string(mem_ctx, &tok->data.sid.sid);
|
||||
if (s == NULL) {
|
||||
return false;
|
||||
}
|
||||
|
@ -18,6 +18,7 @@
|
||||
|
||||
#include "replace.h"
|
||||
#include "librpc/gen_ndr/ndr_security.h"
|
||||
#include "librpc/gen_ndr/ndr_conditional_ace.h"
|
||||
#include "librpc/gen_ndr/conditional_ace.h"
|
||||
#include "libcli/security/security.h"
|
||||
#include "libcli/security/conditional_ace.h"
|
||||
@ -264,25 +265,21 @@ static ssize_t pull_sid(TALLOC_CTX *mem_ctx,
|
||||
uint8_t *data, size_t length,
|
||||
struct ace_condition_sid *tok)
|
||||
{
|
||||
uint32_t tok_length;
|
||||
ssize_t sidlen;
|
||||
if (length < 4) {
|
||||
ssize_t bytes_used;
|
||||
enum ndr_err_code ndr_err;
|
||||
DATA_BLOB v = data_blob_const(data, length);
|
||||
struct ndr_pull *ndr = ndr_pull_init_blob(&v, mem_ctx);
|
||||
if (ndr == NULL) {
|
||||
return -1;
|
||||
}
|
||||
tok_length = PULL_LE_U32(data, 0);
|
||||
if (tok_length > length - 4) {
|
||||
ndr_err = ndr_pull_ace_condition_sid(ndr, NDR_SCALARS|NDR_BUFFERS, tok);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
TALLOC_FREE(ndr);
|
||||
return -1;
|
||||
}
|
||||
tok->sid = talloc(mem_ctx, struct dom_sid);
|
||||
if (tok->sid == NULL) {
|
||||
return -1;
|
||||
}
|
||||
sidlen = sid_parse(data + 4, tok_length, tok->sid);
|
||||
if (sidlen == -1) {
|
||||
talloc_free(tok->sid);
|
||||
return -1;
|
||||
}
|
||||
return tok_length + 4;
|
||||
bytes_used = ndr->offset;
|
||||
TALLOC_FREE(ndr);
|
||||
return bytes_used;
|
||||
}
|
||||
|
||||
static ssize_t push_sid(uint8_t *data, size_t available,
|
||||
@ -290,22 +287,19 @@ static ssize_t push_sid(uint8_t *data, size_t available,
|
||||
{
|
||||
enum ndr_err_code ndr_err;
|
||||
DATA_BLOB v;
|
||||
ssize_t total_length;
|
||||
ndr_err = ndr_push_struct_blob(&v, NULL,
|
||||
tok->sid,
|
||||
(ndr_push_flags_fn_t)ndr_push_dom_sid);
|
||||
tok,
|
||||
(ndr_push_flags_fn_t)ndr_push_ace_condition_sid);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
return -1;
|
||||
}
|
||||
total_length = v.length + 4;
|
||||
if (available < total_length) {
|
||||
if (available < v.length) {
|
||||
talloc_free(v.data);
|
||||
return -1;
|
||||
}
|
||||
PUSH_LE_U32(data, 0, v.length);
|
||||
memcpy(data + 4, v.data, v.length);
|
||||
memcpy(data, v.data, v.length);
|
||||
talloc_free(v.data);
|
||||
return total_length;
|
||||
return v.length;
|
||||
}
|
||||
|
||||
|
||||
@ -904,7 +898,7 @@ static bool member_lookup(
|
||||
bool arg_is_a_single_sid;
|
||||
struct dom_sid *sid_array = NULL;
|
||||
size_t num_sids, i, j;
|
||||
struct dom_sid *sid = NULL;
|
||||
const struct dom_sid *sid = NULL;
|
||||
|
||||
result->type = CONDITIONAL_ACE_SAMBA_RESULT_BOOL;
|
||||
result->data.result.value = ACE_CONDITION_UNKNOWN;
|
||||
@ -973,7 +967,7 @@ static bool member_lookup(
|
||||
* In this case the any and all operations are the
|
||||
* same.
|
||||
*/
|
||||
sid = arg->data.sid.sid;
|
||||
sid = &arg->data.sid.sid;
|
||||
match = false;
|
||||
for (i = 0; i < num_sids; i++) {
|
||||
match = dom_sid_equal(sid, &sid_array[i]);
|
||||
@ -1007,7 +1001,7 @@ static bool member_lookup(
|
||||
j, member->type);
|
||||
return false;
|
||||
}
|
||||
sid = member->data.sid.sid;
|
||||
sid = &member->data.sid.sid;
|
||||
match = false;
|
||||
for (i = 0; i < num_sids; i++) {
|
||||
match = dom_sid_equal(sid, &sid_array[i]);
|
||||
@ -1397,8 +1391,8 @@ static bool compare_sids(const struct ace_condition_token *op,
|
||||
const struct ace_condition_token *rhs,
|
||||
int *cmp)
|
||||
{
|
||||
*cmp = dom_sid_compare(lhs->data.sid.sid,
|
||||
rhs->data.sid.sid);
|
||||
*cmp = dom_sid_compare(&lhs->data.sid.sid,
|
||||
&rhs->data.sid.sid);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -560,7 +560,7 @@ char *debug_conditional_ace(TALLOC_CTX *mem_ctx,
|
||||
break;
|
||||
case CONDITIONAL_ACE_TOKEN_SID:
|
||||
utf8 = sddl_encode_sid(mem_ctx,
|
||||
tok->data.sid.sid,
|
||||
&tok->data.sid.sid,
|
||||
NULL);
|
||||
snprintf(line, sizeof(line),
|
||||
"%s (%s)\n",
|
||||
@ -883,7 +883,7 @@ static bool sddl_write_sid(struct sddl_write_context *ctx,
|
||||
bool ok;
|
||||
char *sddl = NULL;
|
||||
char *sid = sddl_encode_sid(ctx->mem_ctx,
|
||||
tok->data.sid.sid,
|
||||
&tok->data.sid.sid,
|
||||
NULL);
|
||||
if (sid == NULL) {
|
||||
return false;
|
||||
@ -2019,7 +2019,7 @@ static bool parse_sid(struct ace_condition_sddl_compiler_context *comp)
|
||||
comp->offset++;
|
||||
}
|
||||
token.type = CONDITIONAL_ACE_TOKEN_SID;
|
||||
token.data.sid.sid = sid;
|
||||
token.data.sid.sid = *sid;
|
||||
return write_sddl_token(comp, token);
|
||||
}
|
||||
|
||||
@ -3167,7 +3167,7 @@ static bool write_resource_attr_from_token(struct sddl_write_context *ctx,
|
||||
|
||||
case CONDITIONAL_ACE_TOKEN_SID:
|
||||
/* unlike conditional ACE, SID does not had "SID()" wrapper. */
|
||||
sid = sddl_encode_sid(ctx->mem_ctx, tok->data.sid.sid, NULL);
|
||||
sid = sddl_encode_sid(ctx->mem_ctx, &tok->data.sid.sid, NULL);
|
||||
if (sid == NULL) {
|
||||
return false;
|
||||
}
|
||||
|
@ -10,7 +10,7 @@ bld.SAMBA_LIBRARY('samba-security',
|
||||
'util_sid.c', 'session.c', 'secdesc.c',
|
||||
'conditional_ace.c', 'sddl_conditional_ace.c',
|
||||
'claims-conversions.c'],
|
||||
private_library=True, deps='talloc ndr NDR_SECURITY')
|
||||
private_library=True, deps='talloc ndr NDR_SECURITY NDR_CONDITIONAL_ACE')
|
||||
|
||||
pytalloc_util = bld.pyembed_libname('pytalloc-util')
|
||||
bld.SAMBA_PYTHON('pysecurity',
|
||||
|
@ -264,8 +264,6 @@ interface conditional_ace
|
||||
/*
|
||||
* Sub-structures for struct ace_condition_token -> data,
|
||||
* which vary according to the token->type.
|
||||
*
|
||||
* These are not used on the wire.
|
||||
*/
|
||||
typedef [flag(NDR_NOALIGN)] struct {
|
||||
int64 value;
|
||||
@ -287,8 +285,8 @@ interface conditional_ace
|
||||
uint32 length;
|
||||
} ace_condition_bytes;
|
||||
|
||||
typedef struct {
|
||||
dom_sid *sid;
|
||||
typedef [public] struct {
|
||||
[subcontext(4)] dom_sid sid;
|
||||
} ace_condition_sid;
|
||||
|
||||
/*
|
||||
|
@ -448,6 +448,11 @@ bld.SAMBA_SUBSYSTEM('NDR_WINSTATION',
|
||||
public_deps='ndr'
|
||||
)
|
||||
|
||||
bld.SAMBA_SUBSYSTEM('NDR_CONDITIONAL_ACE',
|
||||
source='gen_ndr/ndr_conditional_ace.c',
|
||||
public_deps='ndr'
|
||||
)
|
||||
|
||||
bld.SAMBA_SUBSYSTEM('RPC_NDR_ATSVC',
|
||||
source='gen_ndr/ndr_atsvc_c.c',
|
||||
public_deps='dcerpc-binding NDR_ATSVC'
|
||||
|
Loading…
Reference in New Issue
Block a user