sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

r15328: Move some functions around, remove dependencies.

Browse Source 
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
This commit is contained in:
Jelmer Vernooij 2006-04-29 17:34:49 +00:00 committed by Gerald (Jerry) Carter
parent 1a4effad3d
commit e002300f23
45 changed files with 193 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
source4/auth/auth_sam.c
View File

@ -28,7 +28,6 @@
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
#include "libcli/ldap/ldap.h"
#include "librpc/gen_ndr/ndr_security.h"
extern const char *user_attrs[];
extern const char *domain_ref_attrs[];

1
source4/auth/sam.c
View File

@ -27,7 +27,6 @@
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
#include "libcli/ldap/ldap.h"
#include "librpc/gen_ndr/ndr_security.h"
const char *user_attrs[] = {
/* required for the krb5 kdc */

2
source4/client/client.c
View File

@ -27,6 +27,7 @@
#include "lib/cmdline/popt_common.h"
#include "librpc/gen_ndr/ndr_srvsvc_c.h"
#include "librpc/gen_ndr/ndr_lsa.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/raw/libcliraw.h"
#include "libcli/util/clilsa.h"
#include "system/dir.h"
@ -39,7 +40,6 @@
#include "libcli/security/security.h"
#include "lib/replace/readline.h"
#include "librpc/gen_ndr/ndr_nbt.h"
#include "librpc/gen_ndr/ndr_security.h"
static int io_bufsize = 64512;

3
source4/dsdb/common/sidmap.c
View File

@ -28,7 +28,6 @@
#include "libcli/ldap/ldap.h"
#include "db_wrap.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
these are used for the fallback local uid/gid to sid mapping
@ -43,7 +42,7 @@
private context for sid mapping routines
*/
struct sidmap_context {
struct ldb_wrap *samctx;
struct ldb_context *samctx;
};
/*

2
source4/dsdb/samdb/cracknames.c
View File

@ -30,10 +30,10 @@
#include "auth/kerberos/kerberos.h"
#include "libcli/ldap/ldap.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "auth/auth.h"
#include "db_wrap.h"
#include "dsdb/samdb/samdb.h"
#include "librpc/gen_ndr/ndr_security.h"
static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
struct smb_krb5_context *smb_krb5_context,

3
source4/dsdb/samdb/ldb_modules/extended_dn.c
View File

@ -36,8 +36,9 @@
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_errors.h"
#include "ldb/include/ldb_private.h"
#include "librpc/gen_ndr/ndr_misc.h"
#include "dsdb/samdb/samdb.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
#include <time.h>

2
source4/dsdb/samdb/ldb_modules/password_hash.c
View File

@ -36,8 +36,8 @@
#include "ldb/include/ldb_private.h"
#include "librpc/gen_ndr/misc.h"
#include "librpc/gen_ndr/samr.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/auth/libcli_auth.h"
#include "libcli/security/security.h"
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "system/time.h"

8
source4/heimdal_build/config.mk
View File

@ -296,8 +296,6 @@ OBJ_FILES = \
[SUBSYSTEM::HEIMDAL_ROKEN_GAI_STRERROR]
OBJ_FILES = ../heimdal/lib/roken/gai_strerror.o
#######################
# Start SUBSYSTEM HEIMDAL_ROKEN_GAI_STRERROR
[SUBSYSTEM::HEIMDAL_ROKEN_INET_ATON]
CFLAGS = -Iheimdal_build -Iheimdal/lib/roken
OBJ_FILES = ../heimdal/lib/roken/inet_aton.o
@ -356,7 +354,8 @@ PUBLIC_DEPENDENCIES = \
HEIMDAL_ROKEN_GETPROGNAME \
GAI \
NSL \
LIBREPLACE
LIBREPLACE \
RESOLV
# End SUBSYSTEM HEIMDAL_ROKEN
#######################
@ -485,8 +484,7 @@ SO_VERSION = 0
CFLAGS = -Iheimdal_build
OBJ_FILES = ../heimdal/lib/vers/print_version.o
PUBLIC_DEPENDENCIES = \
HEIMDAL_GSSAPI HEIMDAL_KRB5 KERBEROS \
RESOLV
HEIMDAL_GSSAPI HEIMDAL_KRB5 KERBEROS
# End SUBSYSTEM HEIMDAL
#######################

2
source4/kdc/kpasswdd.c
View File

@ -31,11 +31,11 @@
#include "lib/ldb/include/ldb.h"
#include "heimdal/lib/krb5/krb5_locl.h"
#include "heimdal/lib/krb5/krb5-private.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "auth/auth.h"
#include "dsdb/samdb/samdb.h"
#include "rpc_server/dcerpc_server.h"
#include "rpc_server/samr/proto.h"
#include "libcli/security/security.h"
/* hold information about one kdc socket */
struct kpasswd_socket {

4
source4/lib/samba3/share_info.c
View File

@ -61,10 +61,10 @@ NTSTATUS samba3_read_share_info(const char *fn, TALLOC_CTX *ctx, struct samba3 *
struct samba3_share_info *share;
char *name;
if (strncmp(kbuf.dptr, "SECDESC/", strlen("SECDESC/")) != 0)
if (strncmp((char *)kbuf.dptr, "SECDESC/", strlen("SECDESC/")) != 0)
continue;
name = talloc_strndup(ctx, kbuf.dptr+strlen("SECDESC/"), kbuf.dsize-strlen("SECDESC/"));
name = talloc_strndup(ctx, (char *)kbuf.dptr+strlen("SECDESC/"), kbuf.dsize-strlen("SECDESC/"));
db->shares = talloc_realloc(db, db->shares, struct samba3_share_info, db->share_count+1);
share = &db->shares[db->share_count];

2
source4/libcli/security/config.mk
View File

@ -8,6 +8,6 @@ OBJ_FILES = security_token.o \
access_check.o \
privilege.o \
sddl.o
PUBLIC_DEPENDENCIES = NDR_SECURITY
PUBLIC_DEPENDENCIES = NDR_MISC
# End SUBSYSTEM LIBSECURITY
#################################

32
source4/libcli/security/dom_sid.c
View File

@ -240,3 +240,35 @@ BOOL dom_sid_in_domain(const struct dom_sid *domain_sid,
return dom_sid_compare_auth(domain_sid, sid) == 0;
}
/*
convert a dom_sid to a string
*/
char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
{
int i, ofs, maxlen;
uint32_t ia;
char *ret;
if (!sid) {
return talloc_strdup(mem_ctx, "(NULL SID)");
}
maxlen = sid->num_auths * 11 + 25;
ret = talloc_size(mem_ctx, maxlen);
if (!ret) return talloc_strdup(mem_ctx, "(SID ERR)");
ia = (sid->id_auth[5]) +
(sid->id_auth[4] << 8 ) +
(sid->id_auth[3] << 16) +
(sid->id_auth[2] << 24);
ofs = snprintf(ret, maxlen, "S-%u-%lu",
(uint_t)sid->sid_rev_num, (unsigned long)ia);
for (i = 0; i < sid->num_auths; i++) {
ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu", (unsigned long)sid->sub_auths[i]);
}
return ret;
}

2
source4/libcli/security/sddl.c
View File

@ -22,8 +22,8 @@
#include "includes.h"
#include "system/iconv.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_misc.h"
struct flag_map {
const char *name;

1
source4/libcli/security/security_token.c
View File

@ -24,7 +24,6 @@
#include "includes.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
return a blank security token

1
source4/libcli/util/clilsa.c
View File

@ -30,7 +30,6 @@
#include "libcli/raw/libcliraw.h"
#include "libcli/libcli.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "librpc/gen_ndr/ndr_lsa.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"

1
source4/libnet/libnet_join.c
View File

@ -31,7 +31,6 @@
#include "libcli/security/security.h"
#include "auth/credentials/credentials.h"
#include "librpc/gen_ndr/ndr_samr_c.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
* complete a domain join, when joining to a AD domain:

2
source4/libnet/libnet_samdump.c
View File

@ -25,7 +25,7 @@
#include "libnet/libnet.h"
#include "dlinklist.h"
#include "samba3/samba3.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
struct samdump_secret {

1
source4/libnet/libnet_samsync_ldb.c
View File

@ -31,7 +31,6 @@
#include "librpc/gen_ndr/ndr_misc.h"
#include "db_wrap.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "librpc/rpc/dcerpc.h"
struct samsync_ldb_secret {

34
source4/librpc/config.mk
View File

@ -28,16 +28,12 @@ PUBLIC_DEPENDENCIES = LIBCOMPRESSION
# End SUBSYSTEM NDR_COMPRESSION
################################################
[SUBSYSTEM::NDR_SECURITY_HELPER]
PRIVATE_PROTO_HEADER = ndr/ndr_sec.h
OBJ_FILES = ndr/ndr_sec_helper.o ndr/ndr_sec.o
[LIBRARY::NDR_SECURITY]
VERSION = 0.0.1
SO_VERSION = 0
OBJ_FILES = gen_ndr/ndr_security.o
OBJ_FILES = gen_ndr/ndr_security.o ndr/ndr_sec_helper.o
PUBLIC_HEADERS = gen_ndr/security.h
PUBLIC_DEPENDENCIES = NDR_MISC NDR_SECURITY_HELPER
PUBLIC_DEPENDENCIES = NDR_MISC LIBSECURITY
[LIBRARY::NDR_AUDIOSRV]
VERSION = 0.0.1
@ -65,7 +61,7 @@ PUBLIC_DEPENDENCIES = LIBNDR
VERSION = 0.0.1
SO_VERSION = 0
OBJ_FILES = gen_ndr/ndr_irpc.o
PUBLIC_DEPENDENCIES = LIBNDR
PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY
[LIBRARY::NDR_DSBACKUP]
VERSION = 0.0.1
@ -77,7 +73,7 @@ PUBLIC_DEPENDENCIES = LIBNDR
VERSION = 0.0.1
SO_VERSION = 0
OBJ_FILES = gen_ndr/ndr_efs.o
PUBLIC_DEPENDENCIES = LIBNDR
PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY
[SUBSYSTEM::NDR_MISC]
OBJ_FILES = gen_ndr/ndr_misc.o
@ -93,7 +89,7 @@ VERSION = 0.0.1
SO_VERSION = 0
OBJ_FILES = gen_ndr/ndr_lsa.o
PUBLIC_HEADERS = gen_ndr/lsa.h
PUBLIC_DEPENDENCIES = LIBNDR
PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY
[LIBRARY::NDR_DFS]
VERSION = 0.0.1
@ -104,12 +100,8 @@ PUBLIC_DEPENDENCIES = LIBNDR
[LIBRARY::NDR_DRSUAPI]
VERSION = 0.0.1
SO_VERSION = 0
OBJ_FILES = gen_ndr/ndr_drsuapi.o
PUBLIC_DEPENDENCIES = LIBNDR NDR_DRSUAPI_PRINT NDR_COMPRESSION NDR_SECURITY
[SUBSYSTEM::NDR_DRSUAPI_PRINT]
PRIVATE_PROTO_HEADER = ndr/ndr_drsuapi.h
OBJ_FILES = ndr/ndr_drsuapi.o
OBJ_FILES = gen_ndr/ndr_drsuapi.o ndr/ndr_drsuapi.o
PUBLIC_DEPENDENCIES = LIBNDR NDR_COMPRESSION NDR_SECURITY
[LIBRARY::NDR_DRSBLOBS]
VERSION = 0.0.1
@ -131,7 +123,7 @@ PUBLIC_DEPENDENCIES = LIBNDR
VERSION = 0.0.1
SO_VERSION = 0
OBJ_FILES = gen_ndr/ndr_unixinfo.o
PUBLIC_DEPENDENCIES = LIBNDR
PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY
[LIBRARY::NDR_SAMR]
VERSION = 0.0.1
@ -309,12 +301,8 @@ OBJ_FILES = gen_ndr/ndr_keysvc.o
PUBLIC_DEPENDENCIES = LIBNDR
[SUBSYSTEM::NDR_KRB5PAC]
OBJ_FILES = gen_ndr/ndr_krb5pac.o
PUBLIC_DEPENDENCIES = LIBNDR NDR_KRB5PAC_UTIL NDR_NETLOGON
[SUBSYSTEM::NDR_KRB5PAC_UTIL]
PRIVATE_PROTO_HEADER = ndr/ndr_krb5pac.h
OBJ_FILES = ndr/ndr_krb5pac.o
OBJ_FILES = gen_ndr/ndr_krb5pac.o ndr/ndr_krb5pac.o
PUBLIC_DEPENDENCIES = LIBNDR NDR_NETLOGON NDR_SECURITY
[LIBRARY::NDR_XATTR]
VERSION = 0.0.1
@ -431,7 +419,7 @@ PUBLIC_DEPENDENCIES = dcerpc NDR_UNIXINFO
VERSION = 0.0.1
SO_VERSION = 0
OBJ_FILES = gen_ndr/ndr_samr_c.o
PUBLIC_DEPENDENCIES = dcerpc NDR_SAMR
PUBLIC_DEPENDENCIES = dcerpc NDR_SAMR
[LIBRARY::RPC_NDR_SPOOLSS]
VERSION = 0.0.1

11
source4/librpc/idl/drsuapi.idl
View File

@ -7,8 +7,7 @@
authservice("ldap"),
helpstring("Active Directory Replication"),
pointer_default(unique),
depends(security),
helper("librpc/ndr/ndr_drsuapi.h")
depends(security)
]
interface drsuapi
{
@ -122,7 +121,7 @@ interface drsuapi
/* Function 0x02 */
typedef [public,gensize] struct {
[value(ndr_size_drsuapi_DsReplicaObjectIdentifier(r, ndr->flags)-4)] uint32 __ndr_size;
[value(ndr_length_dom_sid(&r->sid))] uint32 __ndr_size_sid;
[value(ndr_size_dom_sid(&r->sid, ndr->flags))] uint32 __ndr_size_sid;
GUID guid;
dom_sid28 sid;
[flag(STR_SIZE4|STR_CHARLEN|STR_CONFORMANT)] string dn;
@ -444,7 +443,7 @@ interface drsuapi
/* DN String values */
typedef [public,gensize] struct {
[value(ndr_size_drsuapi_DsReplicaObjectIdentifier3(r, ndr->flags))] uint32 __ndr_size;
[value(ndr_length_dom_sid(&r->sid))] uint32 __ndr_size_sid;
[value(ndr_size_dom_sid(&r->sid,ndr->flags))] uint32 __ndr_size_sid;
GUID guid;
dom_sid28 sid;
[flag(STR_SIZE4|STR_CHARLEN)] string dn;
@ -473,7 +472,7 @@ interface drsuapi
/* SID values */
typedef struct {
[range(0,10485760),value(ndr_size_dom_sid(sid))] uint32 __ndr_size;
[range(0,10485760),value(ndr_size_dom_sid(sid,ndr->flags))] uint32 __ndr_size;
[subcontext(4)] dom_sid *sid;
} drsuapi_DsAttributeValueSID;
@ -484,7 +483,7 @@ interface drsuapi
/* SecurityDescriptor values */
typedef struct {
[range(0,10485760),value(ndr_size_security_descriptor(sd))] uint32 __ndr_size;
[range(0,10485760),value(ndr_size_security_descriptor(sd,ndr->flags))] uint32 __ndr_size;
[subcontext(4)] security_descriptor *sd;
} drsuapi_DsAttributeValueSecurityDescriptor;

3
source4/librpc/idl/krb5pac.idl
View File

@ -9,8 +9,7 @@
version(0.0),
pointer_default(unique),
helpstring("Active Directory KRB5 PAC"),
depends(security,netlogon,samr),
helper("librpc/ndr/ndr_krb5pac.h")
depends(security,netlogon,samr)
]
interface krb5pac
{

4
source4/librpc/idl/nbt.idl
View File

@ -427,7 +427,7 @@
nstring unicode_domain;
uint32 db_count;
nbt_db_change dbchange[db_count];
[value(ndr_size_dom_sid(&sid))] uint32 sid_size;
[value(ndr_size_dom_sid(&sid, ndr->flags))] uint32 sid_size;
[flag(NDR_ALIGN4)] DATA_BLOB _pad2;
dom_sid sid;
uint32 nt_version;
@ -547,7 +547,7 @@
nstring user_name;
astring mailslot_name;
uint32 acct_control;
[value(ndr_size_dom_sid(&sid))] uint32 sid_size;
[value(ndr_size_dom_sid(&sid, ndr->flags))] uint32 sid_size;
[flag(NDR_ALIGN4)] DATA_BLOB _pad;
dom_sid sid;
uint32 nt_version;

23
source4/librpc/idl/security.idl
View File

@ -6,8 +6,7 @@
[
pointer_default(unique),
depends(misc),
helper("librpc/ndr/ndr_sec.h")
depends(misc,security)
]
interface security
{
@ -22,9 +21,9 @@ interface security
common combinations of bits are prefixed with SEC_RIGHTS_
*/
const int SEC_MASK_GENERIC = 0xF0000000;
const int SEC_MASK_FLAGS = 0x0F000000;
const int SEC_MASK_STANDARD = 0x00FF0000;
const int SEC_MASK_GENERIC = 0xF0000000;
const int SEC_MASK_FLAGS = 0x0F000000;
const int SEC_MASK_STANDARD = 0x00FF0000;
const int SEC_MASK_SPECIFIC = 0x0000FFFF;
/* generic bits */
@ -210,7 +209,7 @@ interface security
/* a domain SID. Note that unlike Samba3 this contains a pointer,
so you can't copy them using assignment */
typedef [public,noprint,noejs] struct {
typedef [public,gensize,noprint,noejs,nosize] struct {
uint8 sid_rev_num; /**< SID revision number */
[range(0,15)] int8 num_auths; /**< Number of sub-authorities */
uint8 id_auth[6]; /**< Identifier Authority */
@ -273,10 +272,10 @@ interface security
[default];
} security_ace_object_ctr;
typedef [public] struct {
typedef [public,gensize,nosize] struct {
security_ace_type type; /* SEC_ACE_TYPE_* */
security_ace_flags flags; /* SEC_ACE_FLAG_* */
[value(ndr_size_security_ace(r))] uint16 size;
[value(ndr_size_security_ace(r,ndr->flags))] uint16 size;
uint32 access_mask;
[switch_is(type)] security_ace_object_ctr object;
dom_sid trustee;
@ -289,9 +288,9 @@ interface security
const uint NT4_ACL_REVISION = SECURITY_ACL_REVISION_NT4;
typedef [public] struct {
typedef [public,gensize,nosize] struct {
security_acl_revision revision;
[value(ndr_size_security_acl(r))] uint16 size;
[value(ndr_size_security_acl(r,ndr->flags))] uint16 size;
[range(0,1000)] uint32 num_aces;
security_ace aces[num_aces];
} security_acl;
@ -323,7 +322,7 @@ interface security
SEC_DESC_SELF_RELATIVE = 0x8000
} security_descriptor_type;
typedef [public,flag(NDR_LITTLE_ENDIAN)] struct {
typedef [gensize,nosize,public,flag(NDR_LITTLE_ENDIAN)] struct {
security_descriptor_revision revision;
security_descriptor_type type; /* SEC_DESC_xxxx flags */
[relative] dom_sid *owner_sid;
@ -333,7 +332,7 @@ interface security
} security_descriptor;
typedef [public] struct {
[range(0,0x40000),value(ndr_size_security_descriptor(sd))] uint32 sd_size;
[range(0,0x40000),value(ndr_size_security_descriptor(sd,ndr->flags))] uint32 sd_size;
[subcontext(4)] security_descriptor *sd;
} sec_desc_buf;

9
source4/librpc/ndr/libndr.h
View File

@ -291,4 +291,13 @@ extern const struct dcerpc_syntax_id ndr64_transfer_syntax;
#include "librpc/gen_ndr/misc.h"
#include "librpc/ndr/libndr_proto.h"
/* FIXME: Use represent_as instead */
struct dom_sid;
NTSTATUS ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid);
NTSTATUS ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid);
void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid);
NTSTATUS ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid);
NTSTATUS ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid);
void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid);
#endif /* __LIBNDR_H__ */

2
source4/librpc/ndr/ndr_drsuapi.c
View File

@ -37,7 +37,7 @@ void ndr_print_drsuapi_DsReplicaObjectListItem(struct ndr_print *ndr, const char
}
}
void ndr_print_drsuapi_DsReplicaObjectListItemEx(struct ndr_print *ndr, const char *name, struct drsuapi_DsReplicaObjectListItemEx *r)
void ndr_print_drsuapi_DsReplicaObjectListItemEx(struct ndr_print *ndr, const char *name, const struct drsuapi_DsReplicaObjectListItemEx *r)
{
ndr_print_struct(ndr, name, "drsuapi_DsReplicaObjectListItemEx");
ndr->depth++;

120
source4/librpc/ndr/ndr_sec.c
View File

@ -1,120 +0,0 @@
/*
Unix SMB/CIFS implementation.
routines for marshalling/unmarshalling security descriptors
and related structures
Copyright (C) Andrew Tridgell 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
/*
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
*/
NTSTATUS ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
{
uint32_t num_auths;
if (!(ndr_flags & NDR_SCALARS)) {
return NT_STATUS_OK;
}
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths));
NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
if (sid->num_auths != num_auths) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
"Bad array size %u should exceed %u",
num_auths, sid->num_auths);
}
return NT_STATUS_OK;
}
/*
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
*/
NTSTATUS ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
{
if (!(ndr_flags & NDR_SCALARS)) {
return NT_STATUS_OK;
}
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths));
return ndr_push_dom_sid(ndr, ndr_flags, sid);
}
/*
parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth
*/
NTSTATUS ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
{
NTSTATUS status;
struct ndr_pull *subndr;
if (!(ndr_flags & NDR_SCALARS)) {
return NT_STATUS_OK;
}
subndr = talloc_zero(ndr, struct ndr_pull);
NT_STATUS_HAVE_NO_MEMORY(subndr);
subndr->flags = ndr->flags;
subndr->current_mem_ctx = ndr->current_mem_ctx;
subndr->data = ndr->data + ndr->offset;
subndr->data_size = 28;
subndr->offset = 0;
NDR_CHECK(ndr_pull_advance(ndr, 28));
status = ndr_pull_dom_sid(subndr, ndr_flags, sid);
if (!NT_STATUS_IS_OK(status)) {
/* handle a w2k bug which send random data in the buffer */
ZERO_STRUCTP(sid);
}
return NT_STATUS_OK;
}
/*
push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer
*/
NTSTATUS ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
{
uint32_t old_offset;
uint32_t padding;
if (!(ndr_flags & NDR_SCALARS)) {
return NT_STATUS_OK;
}
if (sid->num_auths > 5) {
return ndr_push_error(ndr, NDR_ERR_RANGE,
"dom_sid28 allows only upto 5 sub auth [%u]",
sid->num_auths);
}
old_offset = ndr->offset;
NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid));
padding = 28 - (ndr->offset - old_offset);
if (padding > 0) {
NDR_CHECK(ndr_push_zero(ndr, padding));
}
return NT_STATUS_OK;
}

143
source4/librpc/ndr/ndr_sec_helper.c
View File

@ -23,47 +23,38 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
/*
return the wire size of a dom_sid
*/
size_t ndr_size_dom_sid(const struct dom_sid *sid)
size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
{
if (!sid) return 0;
return 8 + 4*sid->num_auths;
}
/*
return the wire size of a dom_sid
*/
size_t ndr_length_dom_sid(const struct dom_sid *sid)
{
if (!sid) return 0;
if (sid->sid_rev_num == 0) return 0;
return 8 + 4*sid->num_auths;
}
/*
return the wire size of a security_ace
*/
size_t ndr_size_security_ace(const struct security_ace *ace)
size_t ndr_size_security_ace(const struct security_ace *ace, int flags)
{
if (!ace) return 0;
return 8 + ndr_size_dom_sid(&ace->trustee);
return 8 + ndr_size_dom_sid(&ace->trustee, flags);
}
/*
return the wire size of a security_acl
*/
size_t ndr_size_security_acl(const struct security_acl *acl)
size_t ndr_size_security_acl(const struct security_acl *acl, int flags)
{
size_t ret;
int i;
if (!acl) return 0;
ret = 8;
for (i=0;i<acl->num_aces;i++) {
ret += ndr_size_security_ace(&acl->aces[i]);
ret += ndr_size_security_ace(&acl->aces[i], flags);
}
return ret;
}
@ -71,16 +62,16 @@ size_t ndr_size_security_acl(const struct security_acl *acl)
/*
return the wire size of a security descriptor
*/
size_t ndr_size_security_descriptor(const struct security_descriptor *sd)
size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags)
{
size_t ret;
if (!sd) return 0;
ret = 20;
ret += ndr_size_dom_sid(sd->owner_sid);
ret += ndr_size_dom_sid(sd->group_sid);
ret += ndr_size_security_acl(sd->dacl);
ret += ndr_size_security_acl(sd->sacl);
ret += ndr_size_dom_sid(sd->owner_sid, flags);
ret += ndr_size_dom_sid(sd->group_sid, flags);
ret += ndr_size_security_acl(sd->dacl, flags);
ret += ndr_size_security_acl(sd->sacl, flags);
return ret;
}
@ -102,35 +93,97 @@ void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct d
ndr_print_dom_sid(ndr, name, sid);
}
/*
convert a dom_sid to a string
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
*/
char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
NTSTATUS ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
{
int i, ofs, maxlen;
uint32_t ia;
char *ret;
if (!sid) {
return talloc_strdup(mem_ctx, "(NULL SID)");
uint32_t num_auths;
if (!(ndr_flags & NDR_SCALARS)) {
return NT_STATUS_OK;
}
maxlen = sid->num_auths * 11 + 25;
ret = talloc_size(mem_ctx, maxlen);
if (!ret) return talloc_strdup(mem_ctx, "(SID ERR)");
ia = (sid->id_auth[5]) +
(sid->id_auth[4] << 8 ) +
(sid->id_auth[3] << 16) +
(sid->id_auth[2] << 24);
ofs = snprintf(ret, maxlen, "S-%u-%lu",
(uint_t)sid->sid_rev_num, (unsigned long)ia);
for (i = 0; i < sid->num_auths; i++) {
ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu", (unsigned long)sid->sub_auths[i]);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths));
NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
if (sid->num_auths != num_auths) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
"Bad array size %u should exceed %u",
num_auths, sid->num_auths);
}
return ret;
return NT_STATUS_OK;
}
/*
parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
*/
NTSTATUS ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
{
if (!(ndr_flags & NDR_SCALARS)) {
return NT_STATUS_OK;
}
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths));
return ndr_push_dom_sid(ndr, ndr_flags, sid);
}
/*
parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth
*/
NTSTATUS ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
{
NTSTATUS status;
struct ndr_pull *subndr;
if (!(ndr_flags & NDR_SCALARS)) {
return NT_STATUS_OK;
}
subndr = talloc_zero(ndr, struct ndr_pull);
NT_STATUS_HAVE_NO_MEMORY(subndr);
subndr->flags = ndr->flags;
subndr->current_mem_ctx = ndr->current_mem_ctx;
subndr->data = ndr->data + ndr->offset;
subndr->data_size = 28;
subndr->offset = 0;
NDR_CHECK(ndr_pull_advance(ndr, 28));
status = ndr_pull_dom_sid(subndr, ndr_flags, sid);
if (!NT_STATUS_IS_OK(status)) {
/* handle a w2k bug which send random data in the buffer */
ZERO_STRUCTP(sid);
}
return NT_STATUS_OK;
}
/*
push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer
*/
NTSTATUS ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid)
{
uint32_t old_offset;
uint32_t padding;
if (!(ndr_flags & NDR_SCALARS)) {
return NT_STATUS_OK;
}
if (sid->num_auths > 5) {
return ndr_push_error(ndr, NDR_ERR_RANGE,
"dom_sid28 allows only upto 5 sub auth [%u]",
sid->num_auths);
}
old_offset = ndr->offset;
NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid));
padding = 28 - (ndr->offset - old_offset);
if (padding > 0) {
NDR_CHECK(ndr_push_zero(ndr, padding));
}
return NT_STATUS_OK;
}

1
source4/ntvfs/common/opendb.c
View File

@ -42,7 +42,6 @@
#include "system/filesys.h"
#include "lib/tdb/include/tdb.h"
#include "messaging/messaging.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "db_wrap.h"
#include "lib/messaging/irpc.h"
#include "librpc/gen_ndr/ndr_opendb.h"

1
source4/ntvfs/ntvfs_generic.c
View File

@ -32,7 +32,6 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "ntvfs/ntvfs.h"
/* a second stage function converts from the out parameters of the generic

1
source4/rpc_server/lsa/dcesrv_lsa.c
View File

@ -29,7 +29,6 @@
#include "libcli/ldap/ldap.h"
#include "libcli/security/security.h"
#include "libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "passdb/secrets.h"
#include "db_wrap.h"

3
source4/rpc_server/netlogon/dcerpc_netlogon.c
View File

@ -25,13 +25,14 @@
#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "lib/ldb/include/ldb.h"
#include "auth/auth_sam.h"
#include "auth/auth.h"
#include "auth/auth_sam.h"
#include "dsdb/samdb/samdb.h"
#include "rpc_server/samr/proto.h"
#include "db_wrap.h"
#include "libcli/auth/libcli_auth.h"
#include "auth/gensec/schannel_state.h"
#include "libcli/security/security.h"
struct server_pipe_state {
struct netr_Credential client_challenge;

1
source4/rpc_server/samr/dcesrv_samr.c
View File

@ -27,7 +27,6 @@
#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "rpc_server/samr/dcesrv_samr.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "system/time.h"
#include "lib/ldb/include/ldb.h"
#include "ads.h"

1
source4/rpc_server/samr/samr_password.c
View File

@ -25,7 +25,6 @@
#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "rpc_server/samr/dcesrv_samr.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "system/time.h"
#include "lib/crypto/crypto.h"
#include "ads.h"

1
source4/scripting/ejs/ejsrpc.c
View File

@ -23,7 +23,6 @@
#include "includes.h"
#include "lib/appweb/ejs/ejs.h"
#include "scripting/ejs/smbcalls.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "librpc/gen_ndr/lsa.h"
#include "librpc/gen_ndr/winreg.h"
#include "scripting/ejs/ejsrpc.h"

3
source4/scripting/ejs/smbcalls_samba3.c
View File

@ -24,7 +24,8 @@
#include "scripting/ejs/smbcalls.h"
#include "lib/appweb/ejs/ejs.h"
#include "lib/samba3/samba3.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_misc.h"
static struct MprVar mprRegistry(struct samba3_regdb *reg)

1
source4/torture/auth/pac.c
View File

@ -28,7 +28,6 @@
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "samba3/samba3.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "torture/torture.h"
static BOOL torture_pac_self_check(void)

1
source4/torture/libnet/userinfo.c
View File

@ -25,7 +25,6 @@
#include "libnet/userinfo.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_samr_c.h"
#include "librpc/gen_ndr/ndr_security.h"
#define TEST_USERNAME "libnetuserinfotest"

2
source4/torture/local/sddl.c
View File

@ -21,9 +21,9 @@
*/
#include "includes.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
#include "torture/torture.h"
#include "librpc/gen_ndr/ndr_security.h"
/*

2
source4/torture/raw/acls.c
View File

@ -27,8 +27,8 @@
#include "librpc/gen_ndr/lsa.h"
#include "libcli/util/clilsa.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "torture/util.h"
#include "librpc/gen_ndr/ndr_security.h"
#define BASEDIR "\\testsd"

1
source4/torture/rpc/lsa_lookup.c
View File

@ -25,7 +25,6 @@
#include "libnet/libnet_join.h"
#include "torture/rpc/rpc.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
static BOOL open_policy(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,

1
source4/torture/rpc/samr.c
View File

@ -24,7 +24,6 @@
#include "torture/torture.h"
#include "librpc/gen_ndr/lsa.h"
#include "librpc/gen_ndr/ndr_samr_c.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "smb.h"
#include "lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"

2
source4/utils/net/net_join.c
View File

@ -23,7 +23,7 @@
#include "includes.h"
#include "utils/net/net.h"
#include "libnet/libnet.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
int net_join(struct net_context *ctx, int argc, const char **argv)
{

2
source4/utils/ntlm_auth.c
View File

@ -28,7 +28,7 @@
#include "auth/auth.h"
#include "pstring.h"
#include "libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
#include "lib/ldb/include/ldb.h"
#define SQUID_BUFFER_SIZE 2010

1
source4/winbind/wb_init_domain.c
View File

@ -30,7 +30,6 @@
#include "smbd/service_task.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/auth/credentials.h"
#include "libcli/security/security.h"

1
source4/winbind/wb_samba3_cmd.c
View File

@ -28,7 +28,6 @@
#include "libcli/composite/composite.h"
#include "version.h"
#include "librpc/gen_ndr/netlogon.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
#include "auth/pam_errors.h"