mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
Move dom_sid to the Samba 3 IDL file, remove the old definition.
This commit is contained in:
Jelmer Vernooij
parent
c4fc0b49f0
commit
cd25b6245f
@ -7,12 +7,40 @@
|
||||
import "misc.idl";
|
||||
import "dom_sid.idl";
|
||||
|
||||
/*
|
||||
use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
|
||||
just a dom sid, but with the sub_auths represented as a conformant
|
||||
array. As with all in-structure conformant arrays, the array length
|
||||
is placed before the start of the structure. That's what gives rise
|
||||
to the extra num_auths elemenent. We don't want the Samba code to
|
||||
have to bother with such esoteric NDR details, so its easier to just
|
||||
define it as a dom_sid and use pidl magic to make it all work. It
|
||||
just means you need to mark a sid as a "dom_sid2" in the IDL when you
|
||||
know it is of the conformant array variety
|
||||
*/
|
||||
cpp_quote("#define dom_sid2 dom_sid")
|
||||
|
||||
/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
|
||||
cpp_quote("#define dom_sid28 dom_sid")
|
||||
|
||||
/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
|
||||
cpp_quote("#define dom_sid0 dom_sid")
|
||||
|
||||
|
||||
|
||||
[
|
||||
helper("librpc/gen_ndr/ndr_dom_sid.h"),
|
||||
pointer_default(unique)
|
||||
]
|
||||
interface security
|
||||
{
|
||||
|
||||
typedef [public,gensize,noprint,nosize,nopull,nopush] struct {
|
||||
uint8 sid_rev_num; /**< SID revision number */
|
||||
[range(0,15)] int8 num_auths; /**< Number of sub-authorities */
|
||||
uint8 id_auth[6]; /**< Identifier Authority */
|
||||
uint32 sub_auths[15];
|
||||
} dom_sid;
|
||||
/*
|
||||
access masks are divided up like this:
|
||||
0xabccdddd
|
||||
@ -388,4 +416,5 @@ interface security
|
||||
KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008,
|
||||
KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010
|
||||
} kerb_EncTypes;
|
||||
|
||||
}
|
||||
|
||||
@ -23,6 +23,9 @@
|
||||
|
||||
#include "includes.h"
|
||||
#include "librpc/gen_ndr/ndr_security.h"
|
||||
#if _SAMBA_BUILD_ == 4
|
||||
#include "libcli/security/security.h"
|
||||
#endif
|
||||
|
||||
/*
|
||||
return the wire size of a security_ace
|
||||
@ -116,3 +119,224 @@ size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int fl
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
return the wire size of a dom_sid
|
||||
*/
|
||||
size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
|
||||
{
|
||||
if (!sid) return 0;
|
||||
return 8 + 4*sid->num_auths;
|
||||
}
|
||||
|
||||
size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags)
|
||||
{
|
||||
struct dom_sid zero_sid;
|
||||
|
||||
if (!sid) return 0;
|
||||
|
||||
ZERO_STRUCT(zero_sid);
|
||||
|
||||
if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 8 + 4*sid->num_auths;
|
||||
}
|
||||
|
||||
size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags)
|
||||
{
|
||||
return ndr_size_dom_sid28(sid, flags);
|
||||
}
|
||||
|
||||
/*
|
||||
print a dom_sid
|
||||
*/
|
||||
void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
|
||||
}
|
||||
|
||||
void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr_print_dom_sid(ndr, name, sid);
|
||||
}
|
||||
|
||||
void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr_print_dom_sid(ndr, name, sid);
|
||||
}
|
||||
|
||||
void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr_print_dom_sid(ndr, name, sid);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
|
||||
*/
|
||||
enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
|
||||
{
|
||||
uint32_t num_auths;
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths));
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
|
||||
if (sid->num_auths != num_auths) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
|
||||
"Bad array size %u should exceed %u",
|
||||
num_auths, sid->num_auths);
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
|
||||
*/
|
||||
enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
|
||||
{
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths));
|
||||
return ndr_push_dom_sid(ndr, ndr_flags, sid);
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth
|
||||
*/
|
||||
enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
|
||||
{
|
||||
enum ndr_err_code status;
|
||||
struct ndr_pull *subndr;
|
||||
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
subndr = talloc_zero(ndr, struct ndr_pull);
|
||||
NDR_ERR_HAVE_NO_MEMORY(subndr);
|
||||
subndr->flags = ndr->flags;
|
||||
subndr->current_mem_ctx = ndr->current_mem_ctx;
|
||||
|
||||
subndr->data = ndr->data + ndr->offset;
|
||||
subndr->data_size = 28;
|
||||
subndr->offset = 0;
|
||||
|
||||
NDR_CHECK(ndr_pull_advance(ndr, 28));
|
||||
|
||||
status = ndr_pull_dom_sid(subndr, ndr_flags, sid);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(status)) {
|
||||
/* handle a w2k bug which send random data in the buffer */
|
||||
ZERO_STRUCTP(sid);
|
||||
} else if (sid->num_auths == 0 && sid->sub_auths) {
|
||||
ZERO_STRUCT(sid->sub_auths);
|
||||
}
|
||||
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer
|
||||
*/
|
||||
enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
|
||||
{
|
||||
uint32_t old_offset;
|
||||
uint32_t padding;
|
||||
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (sid->num_auths > 5) {
|
||||
return ndr_push_error(ndr, NDR_ERR_RANGE,
|
||||
"dom_sid28 allows only upto 5 sub auth [%u]",
|
||||
sid->num_auths);
|
||||
}
|
||||
|
||||
old_offset = ndr->offset;
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid));
|
||||
|
||||
padding = 28 - (ndr->offset - old_offset);
|
||||
|
||||
if (padding > 0) {
|
||||
NDR_CHECK(ndr_push_zero(ndr, padding));
|
||||
}
|
||||
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
|
||||
*/
|
||||
enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
|
||||
{
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (ndr->data_size == ndr->offset) {
|
||||
ZERO_STRUCTP(sid);
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
return ndr_pull_dom_sid(ndr, ndr_flags, sid);
|
||||
}
|
||||
|
||||
/*
|
||||
push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
|
||||
*/
|
||||
enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
|
||||
{
|
||||
struct dom_sid zero_sid;
|
||||
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (!sid) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
ZERO_STRUCT(zero_sid);
|
||||
|
||||
if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
return ndr_push_dom_sid(ndr, ndr_flags, sid);
|
||||
}
|
||||
|
||||
_PUBLIC_ enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r)
|
||||
{
|
||||
uint32_t cntr_sub_auths_0;
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_push_align(ndr, 4));
|
||||
NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num));
|
||||
NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths));
|
||||
NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
|
||||
for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0]));
|
||||
}
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
_PUBLIC_ enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r)
|
||||
{
|
||||
uint32_t cntr_sub_auths_0;
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_pull_align(ndr, 4));
|
||||
NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num));
|
||||
NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths));
|
||||
if (r->num_auths < 0 || r->num_auths > 15) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
|
||||
}
|
||||
NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
|
||||
for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
|
||||
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0]));
|
||||
}
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
@ -2315,15 +2315,7 @@ void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct do
|
||||
|
||||
/* The following definitions come from librpc/ndr/sid.c */
|
||||
|
||||
enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r);
|
||||
enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r);
|
||||
char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
|
||||
enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid);
|
||||
enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid);
|
||||
enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid);
|
||||
enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid);
|
||||
enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid);
|
||||
enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid);
|
||||
|
||||
/* The following definitions come from librpc/rpc/binding.c */
|
||||
|
||||
|
||||
@ -209,18 +209,7 @@ typedef uint32 codepoint_t;
|
||||
*
|
||||
* @sa http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/accctrl_38yn.asp
|
||||
**/
|
||||
typedef struct dom_sid {
|
||||
uint8 sid_rev_num; /**< SID revision number */
|
||||
uint8 num_auths; /**< Number of sub-authorities */
|
||||
uint8 id_auth[6]; /**< Identifier Authority */
|
||||
/*
|
||||
* Pointer to sub-authorities.
|
||||
*
|
||||
* @note The values in these uint32's are in *native* byteorder, not
|
||||
* neccessarily little-endian...... JRA.
|
||||
*/
|
||||
uint32 sub_auths[MAXSUBAUTHS];
|
||||
} DOM_SID;
|
||||
typedef struct dom_sid DOM_SID;
|
||||
|
||||
enum id_mapping {
|
||||
ID_UNKNOWN = 0,
|
||||
|
||||
@ -17,7 +17,7 @@ struct lsa_String {
|
||||
uint16_t length;/* [value(2*strlen_m(string))] */
|
||||
uint16_t size;/* [value(2*strlen_m(string))] */
|
||||
const char *string;/* [unique,charset(UTF16),length_is(length/2),size_is(size/2)] */
|
||||
}/* [public,noejs] */;
|
||||
}/* [public] */;
|
||||
|
||||
struct lsa_StringLarge {
|
||||
uint16_t length;/* [value(2*strlen_m(string))] */
|
||||
|
||||
@ -11,7 +11,7 @@ struct GUID {
|
||||
uint16_t time_hi_and_version;
|
||||
uint8_t clock_seq[2];
|
||||
uint8_t node[6];
|
||||
}/* [noprint,gensize,public,noejs] */;
|
||||
}/* [noprint,gensize,public] */;
|
||||
|
||||
struct ndr_syntax_id {
|
||||
struct GUID uuid;
|
||||
|
||||
@ -2351,7 +2351,6 @@ static enum ndr_err_code ndr_push_AuthInfoNT4Owf(struct ndr_push *ndr, int ndr_f
|
||||
NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->password));
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->password));
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
@ -2364,7 +2363,6 @@ static enum ndr_err_code ndr_pull_AuthInfoNT4Owf(struct ndr_pull *ndr, int ndr_f
|
||||
NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->password));
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->password));
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
@ -2477,7 +2475,6 @@ static enum ndr_err_code ndr_push_AuthInfo(struct ndr_push *ndr, int ndr_flags,
|
||||
break;
|
||||
|
||||
case TRUST_AUTH_TYPE_NT4OWF:
|
||||
NDR_CHECK(ndr_push_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf));
|
||||
break;
|
||||
|
||||
case TRUST_AUTH_TYPE_CLEAR:
|
||||
@ -2525,7 +2522,6 @@ static enum ndr_err_code ndr_pull_AuthInfo(struct ndr_pull *ndr, int ndr_flags,
|
||||
break;
|
||||
|
||||
case TRUST_AUTH_TYPE_NT4OWF:
|
||||
NDR_CHECK(ndr_pull_AuthInfoNT4Owf(ndr, NDR_BUFFERS, &r->nt4owf));
|
||||
break;
|
||||
|
||||
case TRUST_AUTH_TYPE_CLEAR:
|
||||
@ -2584,7 +2580,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_AuthenticationInformation(struct ndr_push *n
|
||||
}
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
NDR_CHECK(ndr_push_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo));
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
@ -2605,7 +2600,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_AuthenticationInformation(struct ndr_pull *n
|
||||
}
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
NDR_CHECK(ndr_pull_AuthInfo(ndr, NDR_BUFFERS, &r->AuthInfo));
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
@ -2641,7 +2635,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_trustCurrentPasswords(struct ndr_push *ndr,
|
||||
for (cntr_current_0 = 0; cntr_current_0 < r->count; cntr_current_0++) {
|
||||
if (r->current[cntr_current_0]) {
|
||||
NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current[cntr_current_0]));
|
||||
NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0]));
|
||||
NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0]));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -2681,7 +2675,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_trustCurrentPasswords(struct ndr_pull *ndr,
|
||||
NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current[cntr_current_0]));
|
||||
_mem_save_current_1 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->current[cntr_current_0], 0);
|
||||
NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->current[cntr_current_0]));
|
||||
NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, r->current[cntr_current_0]));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_1, 0);
|
||||
ndr->offset = _relative_save_offset;
|
||||
}
|
||||
|
||||
@ -427,7 +427,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_f
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->trustee));
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
@ -621,11 +620,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_descriptor(struct ndr_push *ndr, in
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
if (r->owner_sid) {
|
||||
NDR_CHECK(ndr_push_relative_ptr2(ndr, r->owner_sid));
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid));
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
|
||||
}
|
||||
if (r->group_sid) {
|
||||
NDR_CHECK(ndr_push_relative_ptr2(ndr, r->group_sid));
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid));
|
||||
}
|
||||
if (r->sacl) {
|
||||
NDR_CHECK(ndr_push_relative_ptr2(ndr, r->sacl));
|
||||
@ -694,7 +693,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in
|
||||
NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
|
||||
_mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid));
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
|
||||
ndr->offset = _relative_save_offset;
|
||||
}
|
||||
@ -704,7 +703,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, in
|
||||
NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
|
||||
_mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
|
||||
ndr->offset = _relative_save_offset;
|
||||
}
|
||||
@ -855,14 +854,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_token(struct ndr_push *ndr, int ndr
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
if (r->user_sid) {
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid));
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->user_sid));
|
||||
}
|
||||
if (r->group_sid) {
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid));
|
||||
}
|
||||
for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) {
|
||||
if (r->sids[cntr_sids_0]) {
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0]));
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0]));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -916,13 +915,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr
|
||||
if (r->user_sid) {
|
||||
_mem_save_user_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->user_sid, 0);
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid));
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->user_sid));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_sid_0, 0);
|
||||
}
|
||||
if (r->group_sid) {
|
||||
_mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
|
||||
}
|
||||
_mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
@ -931,7 +930,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr
|
||||
if (r->sids[cntr_sids_0]) {
|
||||
_mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr);
|
||||
NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_0], 0);
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0]));
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->sids[cntr_sids_0]));
|
||||
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0);
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,6 +8,10 @@
|
||||
|
||||
#include "librpc/gen_ndr/ndr_dom_sid.h"
|
||||
#define NDR_SECURITY_CALL_COUNT (0)
|
||||
enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r);
|
||||
enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r);
|
||||
void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *r);
|
||||
size_t ndr_size_dom_sid(const struct dom_sid *r, int flags);
|
||||
enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r);
|
||||
enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r);
|
||||
void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r);
|
||||
|
||||
@ -6358,7 +6358,7 @@ _PUBLIC_ void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *nam
|
||||
ndr_print_enum(ndr, name, "ENUM", val, r);
|
||||
}
|
||||
|
||||
static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r)
|
||||
_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r)
|
||||
{
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_push_align(ndr, 4));
|
||||
@ -6376,7 +6376,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r)
|
||||
_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r)
|
||||
{
|
||||
uint32_t _ptr_server_name;
|
||||
TALLOC_CTX *_mem_save_server_name_0;
|
||||
@ -6421,7 +6421,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char *
|
||||
ndr->depth--;
|
||||
}
|
||||
|
||||
static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r)
|
||||
_PUBLIC_ enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r)
|
||||
{
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_push_align(ndr, 4));
|
||||
@ -6449,7 +6449,7 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
static enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r)
|
||||
_PUBLIC_ enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r)
|
||||
{
|
||||
uint32_t _ptr_server_name;
|
||||
TALLOC_CTX *_mem_save_server_name_0;
|
||||
|
||||
@ -186,7 +186,11 @@ void ndr_print_srvsvc_NetShareInfoCtr(struct ndr_print *ndr, const char *name, c
|
||||
enum ndr_err_code ndr_push_srvsvc_PlatformId(struct ndr_push *ndr, int ndr_flags, enum srvsvc_PlatformId r);
|
||||
enum ndr_err_code ndr_pull_srvsvc_PlatformId(struct ndr_pull *ndr, int ndr_flags, enum srvsvc_PlatformId *r);
|
||||
void ndr_print_srvsvc_PlatformId(struct ndr_print *ndr, const char *name, enum srvsvc_PlatformId r);
|
||||
enum ndr_err_code ndr_push_srvsvc_NetSrvInfo100(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo100 *r);
|
||||
enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo100(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo100 *r);
|
||||
void ndr_print_srvsvc_NetSrvInfo100(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo100 *r);
|
||||
enum ndr_err_code ndr_push_srvsvc_NetSrvInfo101(struct ndr_push *ndr, int ndr_flags, const struct srvsvc_NetSrvInfo101 *r);
|
||||
enum ndr_err_code ndr_pull_srvsvc_NetSrvInfo101(struct ndr_pull *ndr, int ndr_flags, struct srvsvc_NetSrvInfo101 *r);
|
||||
void ndr_print_srvsvc_NetSrvInfo101(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo101 *r);
|
||||
void ndr_print_srvsvc_NetSrvInfo102(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo102 *r);
|
||||
void ndr_print_srvsvc_NetSrvInfo402(struct ndr_print *ndr, const char *name, const struct srvsvc_NetSrvInfo402 *r);
|
||||
|
||||
@ -4,6 +4,9 @@
|
||||
|
||||
#include "librpc/gen_ndr/misc.h"
|
||||
#include "librpc/gen_ndr/dom_sid.h"
|
||||
#define dom_sid2 dom_sid
|
||||
#define dom_sid28 dom_sid
|
||||
#define dom_sid0 dom_sid
|
||||
#ifndef _HEADER_security
|
||||
#define _HEADER_security
|
||||
|
||||
@ -129,6 +132,13 @@
|
||||
#define DOMAIN_RID_ENTERPRISE_ADMINS ( 519 )
|
||||
#define NT4_ACL_REVISION ( SECURITY_ACL_REVISION_NT4 )
|
||||
#define SD_REVISION ( SECURITY_DESCRIPTOR_REVISION_1 )
|
||||
struct dom_sid {
|
||||
uint8_t sid_rev_num;
|
||||
int8_t num_auths;/* [range(0,15)] */
|
||||
uint8_t id_auth[6];
|
||||
uint32_t sub_auths[15];
|
||||
}/* [noprint,gensize,nopull,public,nopush,nosize] */;
|
||||
|
||||
enum sec_privilege
|
||||
#ifndef USE_UINT_ENUMS
|
||||
{
|
||||
|
||||
@ -431,7 +431,7 @@ enum srvsvc_PlatformId
|
||||
struct srvsvc_NetSrvInfo100 {
|
||||
enum srvsvc_PlatformId platform_id;
|
||||
const char *server_name;/* [unique,charset(UTF16)] */
|
||||
};
|
||||
}/* [public] */;
|
||||
|
||||
struct srvsvc_NetSrvInfo101 {
|
||||
enum srvsvc_PlatformId platform_id;
|
||||
@ -440,7 +440,7 @@ struct srvsvc_NetSrvInfo101 {
|
||||
uint32_t version_minor;
|
||||
uint32_t server_type;
|
||||
const char *comment;/* [unique,charset(UTF16)] */
|
||||
};
|
||||
}/* [public] */;
|
||||
|
||||
struct srvsvc_NetSrvInfo102 {
|
||||
enum srvsvc_PlatformId platform_id;
|
||||
|
||||
@ -54,7 +54,7 @@ struct winreg_String {
|
||||
uint16_t name_len;/* [value(strlen_m_term(name)*2)] */
|
||||
uint16_t name_size;/* [value(strlen_m_term(name)*2)] */
|
||||
const char *name;/* [unique,charset(UTF16)] */
|
||||
}/* [public,noejs] */;
|
||||
}/* [public] */;
|
||||
|
||||
struct KeySecurityData {
|
||||
uint8_t *data;/* [unique,length_is(len),size_is(size)] */
|
||||
|
||||
@ -21,72 +21,6 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
/*
|
||||
return the wire size of a dom_sid
|
||||
*/
|
||||
size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
|
||||
{
|
||||
if (!sid) return 0;
|
||||
return 8 + 4*sid->num_auths;
|
||||
}
|
||||
|
||||
size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags)
|
||||
{
|
||||
struct dom_sid zero_sid;
|
||||
|
||||
if (!sid) return 0;
|
||||
|
||||
ZERO_STRUCT(zero_sid);
|
||||
|
||||
if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 8 + 4*sid->num_auths;
|
||||
}
|
||||
|
||||
size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags)
|
||||
{
|
||||
return ndr_size_dom_sid28(sid, flags);
|
||||
}
|
||||
|
||||
enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r)
|
||||
{
|
||||
uint32_t cntr_sub_auths_0;
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_push_align(ndr, 4));
|
||||
NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num));
|
||||
NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths));
|
||||
NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
|
||||
for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0]));
|
||||
}
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r)
|
||||
{
|
||||
uint32_t cntr_sub_auths_0;
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_pull_align(ndr, 4));
|
||||
NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num));
|
||||
NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->num_auths));
|
||||
if (r->num_auths > 15) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
|
||||
}
|
||||
NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
|
||||
for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
|
||||
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0]));
|
||||
}
|
||||
}
|
||||
if (ndr_flags & NDR_BUFFERS) {
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
convert a dom_sid to a string
|
||||
*/
|
||||
@ -123,161 +57,3 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
|
||||
*/
|
||||
enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
|
||||
{
|
||||
uint32_t num_auths;
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths));
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
|
||||
if (sid->num_auths != num_auths) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
|
||||
"Bad array size %u should exceed %u",
|
||||
num_auths, sid->num_auths);
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
|
||||
*/
|
||||
enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
|
||||
{
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths));
|
||||
return ndr_push_dom_sid(ndr, ndr_flags, sid);
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth
|
||||
*/
|
||||
enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
|
||||
{
|
||||
enum ndr_err_code status;
|
||||
struct ndr_pull *subndr;
|
||||
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
subndr = talloc_zero(ndr, struct ndr_pull);
|
||||
NDR_ERR_HAVE_NO_MEMORY(subndr);
|
||||
subndr->flags = ndr->flags;
|
||||
subndr->current_mem_ctx = ndr->current_mem_ctx;
|
||||
|
||||
subndr->data = ndr->data + ndr->offset;
|
||||
subndr->data_size = 28;
|
||||
subndr->offset = 0;
|
||||
|
||||
NDR_CHECK(ndr_pull_advance(ndr, 28));
|
||||
|
||||
status = ndr_pull_dom_sid(subndr, ndr_flags, sid);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(status)) {
|
||||
/* handle a w2k bug which send random data in the buffer */
|
||||
ZERO_STRUCTP(sid);
|
||||
}
|
||||
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer
|
||||
*/
|
||||
enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
|
||||
{
|
||||
uint32_t old_offset;
|
||||
uint32_t padding;
|
||||
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (sid->num_auths > 5) {
|
||||
return ndr_push_error(ndr, NDR_ERR_RANGE,
|
||||
"dom_sid28 allows only upto 5 sub auth [%u]",
|
||||
sid->num_auths);
|
||||
}
|
||||
|
||||
old_offset = ndr->offset;
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid));
|
||||
|
||||
padding = 28 - (ndr->offset - old_offset);
|
||||
|
||||
if (padding > 0) {
|
||||
NDR_CHECK(ndr_push_zero(ndr, padding));
|
||||
}
|
||||
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
|
||||
*/
|
||||
enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
|
||||
{
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (ndr->data_size == ndr->offset) {
|
||||
ZERO_STRUCTP(sid);
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
return ndr_pull_dom_sid(ndr, ndr_flags, sid);
|
||||
}
|
||||
|
||||
/*
|
||||
push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
|
||||
*/
|
||||
enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
|
||||
{
|
||||
struct dom_sid zero_sid;
|
||||
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (!sid) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
ZERO_STRUCT(zero_sid);
|
||||
|
||||
if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
return ndr_push_dom_sid(ndr, ndr_flags, sid);
|
||||
}
|
||||
|
||||
/*
|
||||
print a dom_sid
|
||||
*/
|
||||
void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
|
||||
}
|
||||
|
||||
void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr_print_dom_sid(ndr, name, sid);
|
||||
}
|
||||
|
||||
void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr_print_dom_sid(ndr, name, sid);
|
||||
}
|
||||
|
||||
void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr_print_dom_sid(ndr, name, sid);
|
||||
}
|
||||
|
||||
|
||||
@ -54,10 +54,9 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY
|
||||
|
||||
NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \
|
||||
../librpc/ndr/ndr_sec_helper.o \
|
||||
$(gen_ndrsrcdir)/ndr_dom_sid.o \
|
||||
$(ndrsrcdir)/ndr_dom_sid.o
|
||||
$(gen_ndrsrcdir)/ndr_dom_sid.o
|
||||
|
||||
PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h dom_sid.h)
|
||||
PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h)
|
||||
|
||||
|
||||
[SUBSYSTEM::NDR_AUDIOSRV]
|
||||
@ -737,15 +736,9 @@ PRIVATE_DEPENDENCIES = RPC_NDR_DRSUAPI PYTALLOC param swig_credentials python_dc
|
||||
|
||||
python_drsuapi_OBJ_FILES = $(gen_ndrsrcdir)/py_drsuapi.o
|
||||
|
||||
[PYTHON::python_dcerpc_dom_sid]
|
||||
LIBRARY_REALNAME = samba/dcerpc/dom_sid.$(SHLIBEXT)
|
||||
PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc
|
||||
|
||||
python_dcerpc_dom_sid_OBJ_FILES = $(gen_ndrsrcdir)/py_dom_sid.o
|
||||
|
||||
[PYTHON::python_dcerpc_security]
|
||||
LIBRARY_REALNAME = samba/dcerpc/security.$(SHLIBEXT)
|
||||
PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc_dom_sid python_dcerpc
|
||||
PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc
|
||||
|
||||
python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o
|
||||
|
||||
|
||||
@ -1,34 +1,8 @@
|
||||
/*
|
||||
use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
|
||||
just a dom sid, but with the sub_auths represented as a conformant
|
||||
array. As with all in-structure conformant arrays, the array length
|
||||
is placed before the start of the structure. That's what gives rise
|
||||
to the extra num_auths elemenent. We don't want the Samba code to
|
||||
have to bother with such esoteric NDR details, so its easier to just
|
||||
define it as a dom_sid and use pidl magic to make it all work. It
|
||||
just means you need to mark a sid as a "dom_sid2" in the IDL when you
|
||||
know it is of the conformant array variety
|
||||
*/
|
||||
cpp_quote("#define dom_sid2 dom_sid")
|
||||
|
||||
/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
|
||||
cpp_quote("#define dom_sid28 dom_sid")
|
||||
|
||||
/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
|
||||
cpp_quote("#define dom_sid0 dom_sid")
|
||||
|
||||
[
|
||||
pointer_default(unique)
|
||||
]
|
||||
interface dom_sid
|
||||
{
|
||||
typedef [public,gensize,noprint,nosize,nopull,nopush] struct {
|
||||
uint8 sid_rev_num; /**< SID revision number */
|
||||
[range(0,15)] int8 num_auths; /**< Number of sub-authorities */
|
||||
uint8 id_auth[6]; /**< Identifier Authority */
|
||||
uint32 sub_auths[15];
|
||||
} dom_sid;
|
||||
|
||||
/* id used to identify a endpoint, possibly in a cluster */
|
||||
typedef [public] struct {
|
||||
hyper id;
|
||||
|
||||
@ -1,248 +0,0 @@
|
||||
/*
|
||||
Unix SMB/CIFS implementation.
|
||||
|
||||
fast routines for getting the wire size of security objects
|
||||
|
||||
Copyright (C) Andrew Tridgell 2003
|
||||
Copyright (C) Stefan Metzmacher 2006-2008
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
|
||||
#include "includes.h"
|
||||
#include "librpc/gen_ndr/ndr_security.h"
|
||||
#include "libcli/security/security.h"
|
||||
|
||||
/*
|
||||
return the wire size of a dom_sid
|
||||
*/
|
||||
size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
|
||||
{
|
||||
if (!sid) return 0;
|
||||
return 8 + 4*sid->num_auths;
|
||||
}
|
||||
|
||||
size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags)
|
||||
{
|
||||
struct dom_sid zero_sid;
|
||||
|
||||
if (!sid) return 0;
|
||||
|
||||
ZERO_STRUCT(zero_sid);
|
||||
|
||||
if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 8 + 4*sid->num_auths;
|
||||
}
|
||||
|
||||
size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags)
|
||||
{
|
||||
return ndr_size_dom_sid28(sid, flags);
|
||||
}
|
||||
|
||||
/*
|
||||
print a dom_sid
|
||||
*/
|
||||
void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
|
||||
}
|
||||
|
||||
void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr_print_dom_sid(ndr, name, sid);
|
||||
}
|
||||
|
||||
void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr_print_dom_sid(ndr, name, sid);
|
||||
}
|
||||
|
||||
void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
|
||||
{
|
||||
ndr_print_dom_sid(ndr, name, sid);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
|
||||
*/
|
||||
enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
|
||||
{
|
||||
uint32_t num_auths;
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths));
|
||||
NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
|
||||
if (sid->num_auths != num_auths) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
|
||||
"Bad array size %u should exceed %u",
|
||||
num_auths, sid->num_auths);
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
|
||||
*/
|
||||
enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
|
||||
{
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths));
|
||||
return ndr_push_dom_sid(ndr, ndr_flags, sid);
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth
|
||||
*/
|
||||
enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
|
||||
{
|
||||
enum ndr_err_code status;
|
||||
struct ndr_pull *subndr;
|
||||
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
subndr = talloc_zero(ndr, struct ndr_pull);
|
||||
NDR_ERR_HAVE_NO_MEMORY(subndr);
|
||||
subndr->flags = ndr->flags;
|
||||
subndr->current_mem_ctx = ndr->current_mem_ctx;
|
||||
|
||||
subndr->data = ndr->data + ndr->offset;
|
||||
subndr->data_size = 28;
|
||||
subndr->offset = 0;
|
||||
|
||||
NDR_CHECK(ndr_pull_advance(ndr, 28));
|
||||
|
||||
status = ndr_pull_dom_sid(subndr, ndr_flags, sid);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(status)) {
|
||||
/* handle a w2k bug which send random data in the buffer */
|
||||
ZERO_STRUCTP(sid);
|
||||
} else if (sid->num_auths == 0 && sid->sub_auths) {
|
||||
ZERO_STRUCT(sid->sub_auths);
|
||||
}
|
||||
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer
|
||||
*/
|
||||
enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
|
||||
{
|
||||
uint32_t old_offset;
|
||||
uint32_t padding;
|
||||
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (sid->num_auths > 5) {
|
||||
return ndr_push_error(ndr, NDR_ERR_RANGE,
|
||||
"dom_sid28 allows only upto 5 sub auth [%u]",
|
||||
sid->num_auths);
|
||||
}
|
||||
|
||||
old_offset = ndr->offset;
|
||||
NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid));
|
||||
|
||||
padding = 28 - (ndr->offset - old_offset);
|
||||
|
||||
if (padding > 0) {
|
||||
NDR_CHECK(ndr_push_zero(ndr, padding));
|
||||
}
|
||||
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
|
||||
*/
|
||||
enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
|
||||
{
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (ndr->data_size == ndr->offset) {
|
||||
ZERO_STRUCTP(sid);
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
return ndr_pull_dom_sid(ndr, ndr_flags, sid);
|
||||
}
|
||||
|
||||
/*
|
||||
push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty
|
||||
*/
|
||||
enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
|
||||
{
|
||||
struct dom_sid zero_sid;
|
||||
|
||||
if (!(ndr_flags & NDR_SCALARS)) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
if (!sid) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
ZERO_STRUCT(zero_sid);
|
||||
|
||||
if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) {
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
return ndr_push_dom_sid(ndr, ndr_flags, sid);
|
||||
}
|
||||
|
||||
_PUBLIC_ enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r)
|
||||
{
|
||||
uint32_t cntr_sub_auths_0;
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_push_align(ndr, 4));
|
||||
NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num));
|
||||
NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths));
|
||||
NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
|
||||
for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
|
||||
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0]));
|
||||
}
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
_PUBLIC_ enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r)
|
||||
{
|
||||
uint32_t cntr_sub_auths_0;
|
||||
if (ndr_flags & NDR_SCALARS) {
|
||||
NDR_CHECK(ndr_pull_align(ndr, 4));
|
||||
NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num));
|
||||
NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths));
|
||||
if (r->num_auths < 0 || r->num_auths > 15) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
|
||||
}
|
||||
NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
|
||||
for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
|
||||
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0]));
|
||||
}
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user