mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
c73034cf7c
Soon we will get Conditional ACEs and Resource Attribute ACES, each of
which have trailing bytes at the end of the ACE. Here's a diagram:
____ The ACE size field may indicate a size bigger
.type / | than the known parts, even when you take
.flags / | rounding to a multiple of four into account.
.size --' | This extra data is meaningful in some ACEs.
.access_mask |
.trustee (sid) _| <- known data ends here.
:
"coda" ___: <- the trailing part, Zero size unless the size
field points beyond the end of the known data.
Probably empty for ordinary ACE types.
Until now we have thrown away these extra bytes, because they have no
meaning in the ACE types we recognise. But with conditional and
resource attribute ACEs we need to catch and process these bytes, so
we add an extra field for that.
Thus we can drop the manually written ndr_pull_security_ace() that
discarded the trailing bytes, because we just allow it to be pulled
into an unused blob. In the very common case, the blob will be empty.
Microsoft does not use a common name across different ACE types to
describe this end-data -- "coda" is a Samba term.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
38 lines
1.4 KiB
C
38 lines
1.4 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
Samba utility functions
|
|
|
|
Copyright (C) 2009 Jelmer Vernooij <jelmer@samba.org>
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef _ACE_H_
|
|
#define _ACE_H_
|
|
|
|
#include "librpc/gen_ndr/security.h"
|
|
|
|
bool sec_ace_object(uint8_t type);
|
|
void sec_ace_copy(struct security_ace *ace_dest, const struct security_ace *ace_src);
|
|
size_t ndr_subcontext_size_of_ace_coda(const struct security_ace *ace, size_t ace_size, int flags);
|
|
|
|
void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type,
|
|
uint32_t mask, uint8_t flag);
|
|
int nt_ace_inherit_comp( const struct security_ace *a1, const struct security_ace *a2);
|
|
int nt_ace_canon_comp( const struct security_ace *a1, const struct security_ace *a2);
|
|
void dacl_sort_into_canonical_order(struct security_ace *srclist, unsigned int num_aces);
|
|
|
|
#endif /*_ACE_H_*/
|
|
|