[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-101-g99b2881

Jelmer Vernooij jelmer at samba.org
Sun Mar 1 17:00:37 GMT 2009


The branch, master has been updated
       via  99b288156f021db7bb771f3a5bf78def61d699f2 (commit)
      from  bbe2d30f66ebd8537203870b1225179f03d42744 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 99b288156f021db7bb771f3a5bf78def61d699f2
Author: Jelmer Vernooij <jelmer at samba.org>
Date:   Sun Mar 1 17:59:30 2009 +0100

    Move secace.c to top-level.

-----------------------------------------------------------------------

Summary of changes:
 {source3/lib => libcli/security}/secace.c |   90 ++++++++++++----------------
 source3/Makefile.in                       |    3 +-
 source3/include/rpc_secdes.h              |    1 -
 source3/lib/util_nttoken.c                |   16 +++++
 source4/libcli/security/config.mk         |    3 +-
 5 files changed, 59 insertions(+), 54 deletions(-)
 rename {source3/lib => libcli/security}/secace.c (76%)


Changeset truncated at 500 lines:

diff --git a/source3/lib/secace.c b/libcli/security/secace.c
similarity index 76%
rename from source3/lib/secace.c
rename to libcli/security/secace.c
index 878fac2..4e8eddc 100644
--- a/source3/lib/secace.c
+++ b/libcli/security/secace.c
@@ -1,6 +1,6 @@
 /* 
  *  Unix SMB/Netbios implementation.
- *  SEC_ACE handling functions
+ *  struct security_ace handling functions
  *  Copyright (C) Andrew Tridgell              1992-1998,
  *  Copyright (C) Jeremy R. Allison            1995-2003.
  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
@@ -21,56 +21,58 @@
  */
 
 #include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
 
-/*******************************************************************
- Check if ACE has OBJECT type.
-********************************************************************/
+#define  SEC_ACE_HEADER_SIZE (2 * sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint32_t))
 
-bool sec_ace_object(uint8 type)
+/**
+ * Check if ACE has OBJECT type.
+ */
+bool sec_ace_object(uint8_t type)
 {
 	if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
             type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
             type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
             type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) {
-		return True;
+		return true;
 	}
-	return False;
+	return false;
 }
 
-/*******************************************************************
- copy a SEC_ACE structure.
-********************************************************************/
-void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
+/**
+ * copy a struct security_ace structure.
+ */
+void sec_ace_copy(struct security_ace *ace_dest, struct security_ace *ace_src)
 {
 	ace_dest->type  = ace_src->type;
 	ace_dest->flags = ace_src->flags;
 	ace_dest->size  = ace_src->size;
 	ace_dest->access_mask = ace_src->access_mask;
 	ace_dest->object = ace_src->object;
-	sid_copy(&ace_dest->trustee, &ace_src->trustee);
+	ace_dest->trustee = ace_src->trustee;
 }
 
 /*******************************************************************
- Sets up a SEC_ACE structure.
+ Sets up a struct security_ace structure.
 ********************************************************************/
 
-void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type,
-		  uint32_t mask, uint8 flag)
+void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type,
+		  uint32_t mask, uint8_t flag)
 {
 	t->type = type;
 	t->flags = flag;
 	t->size = ndr_size_dom_sid(sid, NULL, 0) + 8;
 	t->access_mask = mask;
 
-	ZERO_STRUCTP(&t->trustee);
-	sid_copy(&t->trustee, sid);
+	t->trustee = *sid;
 }
 
 /*******************************************************************
  adds new SID with its permissions to ACE list
 ********************************************************************/
 
-NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask)
+NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, struct dom_sid *sid, uint32_t mask)
 {
 	unsigned int i = 0;
 	
@@ -78,7 +80,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsign
 
 	*num += 1;
 	
-	if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0)
+	if((pp_new[0] = talloc_zero_array(ctx, struct security_ace, *num )) == 0)
 		return NT_STATUS_NO_MEMORY;
 
 	for (i = 0; i < *num - 1; i ++)
@@ -88,7 +90,7 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsign
 	(*pp_new)[i].flags = 0;
 	(*pp_new)[i].size  = SEC_ACE_HEADER_SIZE + ndr_size_dom_sid(sid, NULL, 0);
 	(*pp_new)[i].access_mask = mask;
-	sid_copy(&(*pp_new)[i].trustee, sid);
+	(*pp_new)[i].trustee = *sid;
 	return NT_STATUS_OK;
 }
 
@@ -96,14 +98,14 @@ NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsign
   modify SID's permissions at ACL 
 ********************************************************************/
 
-NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask)
+NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, struct dom_sid *sid, uint32_t mask)
 {
 	unsigned int i = 0;
 
 	if (!ace || !sid)  return NT_STATUS_INVALID_PARAMETER;
 
 	for (i = 0; i < num; i ++) {
-		if (sid_compare(&ace[i].trustee, sid) == 0) {
+		if (dom_sid_equal(&ace[i].trustee, sid)) {
 			ace[i].access_mask = mask;
 			return NT_STATUS_OK;
 		}
@@ -115,7 +117,7 @@ NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask)
  delete SID from ACL
 ********************************************************************/
 
-NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 *num, DOM_SID *sid)
+NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, uint32_t *num, struct dom_sid *sid)
 {
 	unsigned int i     = 0;
 	unsigned int n_del = 0;
@@ -123,14 +125,14 @@ NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32
 	if (!ctx || !pp_new || !old || !sid || !num)  return NT_STATUS_INVALID_PARAMETER;
 
 	if (*num) {
-		if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0)
+		if((pp_new[0] = talloc_zero_array(ctx, struct security_ace, *num )) == 0)
 			return NT_STATUS_NO_MEMORY;
 	} else {
 		pp_new[0] = NULL;
 	}
 
 	for (i = 0; i < *num; i ++) {
-		if (sid_compare(&old[i].trustee, sid) != 0)
+		if (!dom_sid_equal(&old[i].trustee, sid))
 			sec_ace_copy(&(*pp_new)[i], &old[i]);
 		else
 			n_del ++;
@@ -144,38 +146,38 @@ NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32
 }
 
 /*******************************************************************
- Compares two SEC_ACE structures
+ Compares two struct security_ace structures
 ********************************************************************/
 
-bool sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2)
+bool sec_ace_equal(struct security_ace *s1, struct security_ace *s2)
 {
 	/* Trivial case */
 
 	if (!s1 && !s2) {
-		return True;
+		return true;
 	}
 
 	if (!s1 || !s2) {
-		return False;
+		return false;
 	}
 
 	/* Check top level stuff */
 
 	if (s1->type != s2->type || s1->flags != s2->flags ||
 	    s1->access_mask != s2->access_mask) {
-		return False;
+		return false;
 	}
 
 	/* Check SID */
 
-	if (!sid_equal(&s1->trustee, &s2->trustee)) {
-		return False;
+	if (!dom_sid_equal(&s1->trustee, &s2->trustee)) {
+		return false;
 	}
 
-	return True;
+	return true;
 }
 
-int nt_ace_inherit_comp( SEC_ACE *a1, SEC_ACE *a2)
+int nt_ace_inherit_comp( struct security_ace *a1, struct security_ace *a2)
 {
 	int a1_inh = a1->flags & SEC_ACE_FLAG_INHERITED_ACE;
 	int a2_inh = a2->flags & SEC_ACE_FLAG_INHERITED_ACE;
@@ -192,7 +194,7 @@ int nt_ace_inherit_comp( SEC_ACE *a1, SEC_ACE *a2)
   Comparison function to apply the order explained below in a group.
 *******************************************************************/
 
-int nt_ace_canon_comp( SEC_ACE *a1, SEC_ACE *a2)
+int nt_ace_canon_comp( struct security_ace *a1, struct security_ace *a2)
 {
 	if ((a1->type == SEC_ACE_TYPE_ACCESS_DENIED) &&
 				(a2->type != SEC_ACE_TYPE_ACCESS_DENIED))
@@ -247,7 +249,7 @@ The following describes the preferred order:
 
 ********************************************************************/
 
-void dacl_sort_into_canonical_order(SEC_ACE *srclist, unsigned int num_aces)
+void dacl_sort_into_canonical_order(struct security_ace *srclist, unsigned int num_aces)
 {
 	unsigned int i;
 
@@ -259,7 +261,7 @@ void dacl_sort_into_canonical_order(SEC_ACE *srclist, unsigned int num_aces)
 
 	/* Find the boundary between non-inherited ACEs. */
 	for (i = 0; i < num_aces; i++ ) {
-		SEC_ACE *curr_ace = &srclist[i];
+		struct security_ace *curr_ace = &srclist[i];
 
 		if (curr_ace->flags & SEC_ACE_FLAG_INHERITED_ACE)
 			break;
@@ -276,18 +278,4 @@ void dacl_sort_into_canonical_order(SEC_ACE *srclist, unsigned int num_aces)
 		qsort( &srclist[i], num_aces - i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp);
 }
 
-/*******************************************************************
- Check if this ACE has a SID in common with the token.
-********************************************************************/
-
-bool token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
-{
-	size_t i;
 
-	for (i = 0; i < token->num_sids; i++) {
-		if (sid_equal(&ace->trustee, &token->user_sids[i]))
-			return True;
-	}
-
-	return False;
-}
diff --git a/source3/Makefile.in b/source3/Makefile.in
index d957d70..30990f4 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -370,7 +370,8 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
 	  lib/adt_tree.o lib/gencache.o \
 	  lib/module.o lib/events.o @LIBTEVENT_OBJ0@ \
 	  lib/ldap_escape.o @CHARSET_STATIC@ \
-	  lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \
+	  lib/secdesc.o lib/util_seaccess.o ../libcli/security/secace.o \
+	  lib/secacl.o \
 	  libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
 	  lib/file_id.o lib/idmap_cache.o \
 	  ../libcli/security/dom_sid.o
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 4bf0d9c..37f7464 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -69,7 +69,6 @@
 
 /* SEC_ACE */
 typedef struct security_ace SEC_ACE;
-#define  SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32))
 
 #ifndef ACL_REVISION
 #define ACL_REVISION 0x3
diff --git a/source3/lib/util_nttoken.c b/source3/lib/util_nttoken.c
index 774ef49..76e7402 100644
--- a/source3/lib/util_nttoken.c
+++ b/source3/lib/util_nttoken.c
@@ -115,3 +115,19 @@ NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
 
 	return NT_STATUS_OK;
 }
+
+/*******************************************************************
+ Check if this ACE has a SID in common with the token.
+********************************************************************/
+
+bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace)
+{
+	size_t i;
+
+	for (i = 0; i < token->num_sids; i++) {
+		if (sid_equal(&ace->trustee, &token->user_sids[i]))
+			return true;
+	}
+
+	return false;
+}
diff --git a/source4/libcli/security/config.mk b/source4/libcli/security/config.mk
index cd5b75b..d99b83c 100644
--- a/source4/libcli/security/config.mk
+++ b/source4/libcli/security/config.mk
@@ -3,6 +3,7 @@ PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY_COMMON
 
 LIBSECURITY_OBJ_FILES = $(addprefix $(libclisrcdir)/security/, \
 					   security_token.o security_descriptor.o \
-					   access_check.o privilege.o sddl.o)
+					   access_check.o privilege.o sddl.o) \
+					   ../libcli/security/secace.o
 
 $(eval $(call proto_header_template,$(libclisrcdir)/security/proto.h,$(LIBSECURITY_OBJ_FILES:.o=.c)))


-- 
Samba Shared Repository


More information about the samba-cvs mailing list