svn commit: samba r4034 - in
branches/SAMBA_4_0/source/libcli/security: .
tridge at samba.org
tridge at samba.org
Thu Dec 2 04:34:12 GMT 2004
Author: tridge
Date: 2004-12-02 04:34:11 +0000 (Thu, 02 Dec 2004)
New Revision: 4034
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4034
Log:
add a function security_descriptor_create() which can be used to
easily create complex security descriptors for testing. This greatly
simplifies the smbtorture code I am writing for testing our
new access_check code.
Modified:
branches/SAMBA_4_0/source/libcli/security/security_descriptor.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/security/security_descriptor.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2004-12-02 04:31:08 UTC (rev 4033)
+++ branches/SAMBA_4_0/source/libcli/security/security_descriptor.c 2004-12-02 04:34:11 UTC (rev 4034)
@@ -100,6 +100,8 @@
sd->dacl->num_aces++;
+ sd->type |= SEC_DESC_DACL_PRESENT;
+
return NT_STATUS_OK;
}
@@ -206,3 +208,80 @@
return True;
}
+
+
+/*
+ create a security descriptor using string SIDs. This is used by the
+ torture code to allow the easy creation of complex ACLs
+ This is a varargs function. The list of ACEs ends with a NULL sid.
+
+ a typical call would be:
+
+ sd = security_descriptor_create(mem_ctx,
+ mysid,
+ mygroup,
+ SID_AUTHENTICATED_USERS,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ SEC_FILE_ALL,
+ NULL);
+ that would create a sd with one ACE
+*/
+struct security_descriptor *security_descriptor_create(TALLOC_CTX *mem_ctx,
+ const char *owner_sid,
+ const char *group_sid,
+ ...)
+{
+ va_list ap;
+ struct security_descriptor *sd;
+ const char *sidstr;
+
+ sd = security_descriptor_initialise(mem_ctx);
+ if (sd == NULL) return NULL;
+
+ if (owner_sid) {
+ sd->owner_sid = dom_sid_parse_talloc(mem_ctx, owner_sid);
+ if (sd->owner_sid == NULL) {
+ talloc_free(sd);
+ return NULL;
+ }
+ }
+ if (group_sid) {
+ sd->group_sid = dom_sid_parse_talloc(mem_ctx, group_sid);
+ if (sd->group_sid == NULL) {
+ talloc_free(sd);
+ return NULL;
+ }
+ }
+
+ va_start(ap, group_sid);
+ while ((sidstr = va_arg(ap, const char *))) {
+ struct dom_sid *sid;
+ struct security_ace *ace = talloc_p(sd, struct security_ace);
+ NTSTATUS status;
+
+ if (ace == NULL) {
+ talloc_free(sd);
+ va_end(ap);
+ return NULL;
+ }
+ ace->type = va_arg(ap, unsigned int);
+ ace->access_mask = va_arg(ap, unsigned int);
+ ace->flags = 0;
+ sid = dom_sid_parse_talloc(ace, sidstr);
+ if (sid == NULL) {
+ va_end(ap);
+ talloc_free(sd);
+ return NULL;
+ }
+ ace->trustee = *sid;
+ status = security_descriptor_dacl_add(sd, ace);
+ if (!NT_STATUS_IS_OK(status)) {
+ va_end(ap);
+ talloc_free(sd);
+ return NULL;
+ }
+ }
+ va_end(ap);
+
+ return sd;
+}
More information about the samba-cvs
mailing list