[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Mon May 30 17:44:03 MDT 2011


The branch, master has been updated
       via  caf0df2 s3-build Specify more of the smbconf dependencies
       via  3aa9eea s3-build Make smbregistry depend on more of the subsystems it needs
       via  3557032 s3-build Add util_sec subsystem
       via  83e62de s3-build Move dbwrap_rbt into dbwrap_util subsystem
       via  0199100 s3-build Create dbwrap_util subsystem
       via  e65f4dd s3-build: Rearrange build system to seperate out simple libraries
       via  c7131e6 s3-build Add dependency on 'ldap' and 'ber'
       via  702d8d5 s3-lib Move free_namearray() into it's own file
       via  3b7e1ac s3-lib Move realloc based string substitution functions out of util_str.c
       via  a5a2373 s3-lib Move sstring_sub() to it's only user and make static
       via  8d639fe s3-param Move init_iconv() to loadparm.c
       via  381423b libcli/security: move secdesc.c to the top level libcli/security
       via  e5dd03d s3-globals Remove smbd_event_context() (use server_event_context())
       via  8190558 heimdal: Remove getprogname and setprogname from the heimdal import
       via  b19fe19 heimdal_build: Don't use heimdal's getprogname() and setprogname()
       via  33e8126 s3-param split service.c into param and smbd components
       via  ade01f0 s3-smbd Split conn.c into 3 files
       via  4e374d1 s3-build: Move user_util.c into it's own subsystem
       via  5314072 s3-lib Move string_init functions into their own file
       via  8524924 s3-smbd provide struct smbd_server_connection * to conn_snum_used
      from  c981d4f s3: Safely mark our sconn as smb2 if we have that protocol

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit caf0df2dde2f39c3b271a79fab9358475de6a6e4
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 18:39:27 2011 +1000

    s3-build Specify more of the smbconf dependencies
    
    This brings more functions into util_names.c, and util_names.c into
    PARAM_WITHOUT_REG_SRC.
    
    This is not yet a full list, that would formalise the implicit
    dependency loop.
    
    Andrew Bartlett
    
    Autobuild-User: Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date: Tue May 31 01:43:37 CEST 2011 on sn-devel-104

commit 3aa9eead2702880b1f645793b48f4e7d9e0fc17c
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 18:37:00 2011 +1000

    s3-build Make smbregistry depend on more of the subsystems it needs
    
    This is not the full list (that can be seen by setting
    allow_undefined_symbols=True).
    
    Andrew Bartlett

commit 355703249401aefe24caceb4e5622a9d249a745f
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 17:42:06 2011 +1000

    s3-build Add util_sec subsystem

commit 83e62de9a79b4542f85611126a5589ed8ad2eb34
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 17:39:35 2011 +1000

    s3-build Move dbwrap_rbt into dbwrap_util subsystem

commit 019910034854dc1ed70ba09a14d419ed45903715
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 17:27:23 2011 +1000

    s3-build Create dbwrap_util subsystem
    
    This contains the functions from dbwrap that don't require lp_
    functions, and can therefore be put into a library (without dependency
    loops).
    
    Andrew Bartlett

commit e65f4dd9d4ca7019e537da8f4ab3061c76fd8204
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 16:55:30 2011 +1000

    s3-build: Rearrange build system to seperate out simple libraries
    
    This will slowly allow us to develop a proper dependency tree without
    interlibrary loops and unresolved symbols.
    
    Andrew Bartlett

commit c7131e6b736cf21a94b045c2ad854016c51c316b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 16:28:17 2011 +1000

    s3-build Add dependency on 'ldap' and 'ber'
    
    These external libraries are required for the hooks in lib/ldap_debug_handler.c

commit 702d8d5f87f36a6b62a8ad35af62fd0e7cb20384
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 16:18:51 2011 +1000

    s3-lib Move free_namearray() into it's own file
    
    This makes it easier to have conn_smbd strictly depend on all it's
    dependencies.
    
    Andrew Bartlett

commit 3b7e1ac31c764fc2023925288783c868eb6ec31e
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 16:16:08 2011 +1000

    s3-lib Move realloc based string substitution functions out of util_str.c
    
    This makes the dependency set for source3/lib/util_str.c simpiler,
    which in turn makes it easier to build a dependency tree.
    
    Andrew Bartlett

commit a5a2373979a9484bb68271e9c1c518f05a8ec564
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 16:15:01 2011 +1000

    s3-lib Move sstring_sub() to it's only user and make static
    
    This should not be used more generally, as it is specifically not for
    multibyte strings, and uses malloc rather than talloc.
    
    Andrew Bartlett

commit 8d639feed9493a099c57d494254f1ea262b28277
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 13:40:33 2011 +1000

    s3-param Move init_iconv() to loadparm.c
    
    This assists with some dependency loops
    
    Andrew Bartlett

commit 381423b1bdba4c7d1931b162d872134c42e432cf
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 30 13:23:56 2011 +1000

    libcli/security: move secdesc.c to the top level libcli/security
    
    This code does not rely on lp_ or other source3 only functions, so can
    be part of the common library.
    
    Andrew Bartlett

commit e5dd03d1991f125fa3cfddac9a41d2f9e6391c42
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 25 18:51:56 2011 +1000

    s3-globals Remove smbd_event_context() (use server_event_context())
    
    This has been a wrapper around server_event_context() for some time
    now, and removing this from dummmysmbd.c assists with library
    dependencies.
    
    Andrew Bartlett

commit 81905585c093b6d641a10f6c338949bcbaa724c0
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 25 16:45:53 2011 +1000

    heimdal: Remove getprogname and setprogname from the heimdal import

commit b19fe1995ac5359b61eb9ff87bf6d800bb904cb8
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 25 16:44:50 2011 +1000

    heimdal_build: Don't use heimdal's getprogname() and setprogname()
    
    Writing into an __progname variable spooks me, and if we use the local
    variable, then we duplciate the system one, which fails SYMBOLCHECK
    
    Andrew Bartlett

commit 33e8126c3c810388d079008d6de8291a294b9bd8
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 25 15:01:04 2011 +1000

    s3-param split service.c into param and smbd components
    
    The dependency chain of find_service can't be satisfied sensibly
    outside smbd, so don't include this in the main 'param' subsystem.
    
    Also remove the duplicate find_service() and conn_snum_used() from
    dummysmbd.c: The WAF build does not need these dummies any more, but
    file.
    
    Andrew Bartlett

commit ade01f083c502ecf7cba19303eb16d3c9a4be52a
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 25 14:58:24 2011 +1000

    s3-smbd Split conn.c into 3 files
    
    The idea with this split is to make it easier to handle dependencies,
    avoiding having the loadparm code depend on the global server
    variables, without resorting to dummy functions and linker tricks.
    
    conn_clear_vuid_cache() is brought in from uid.c to make it static
    
    Andrew Bartlett

commit 4e374d167992195b7a0e0f8c82aab755fd3d8379
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 25 14:55:08 2011 +1000

    s3-build: Move user_util.c into it's own subsystem

commit 53140724f149058a8404727533ae792cbb8b1340
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 25 14:53:32 2011 +1000

    s3-lib Move string_init functions into their own file
    
    These have not been moved in common, as they are not talloc-based, but
    it helps with dependencies if these are seperated from the rest of
    util_str.c
    
    Andrew Bartlett

commit 8524924a460349a9aa56db475d771b8884fbe517
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 25 13:00:22 2011 +1000

    s3-smbd provide struct smbd_server_connection * to conn_snum_used
    
    This provides the 'sconn' parameter to this key functions, that
    is currently duplicated in dummysmbd.c, which causes duplicate symbol
    issues in the waf build.
    
    This has natrually caused a number of consequential changes across the
    codebase, includning not passing a messaging context into initial
    reload_services():
    
    This causes problems because the global smbd_server_connection isn't
    yet set up, as there isn't a connection here, just the initial
    process.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 libcli/security/secdesc.c                   |  719 +++++++++++++++++++++++++++
 libcli/security/secdesc.h                   |  102 ++++
 libcli/security/security.h                  |    1 +
 libcli/security/wscript_build               |    2 +-
 source3/Makefile.in                         |   14 +-
 source3/auth/wscript_build                  |   10 +-
 source3/include/proto.h                     |   51 +--
 source3/lib/charcnv.c                       |   14 -
 source3/lib/dbwrap.c                        |   60 ---
 source3/lib/dbwrap_util.c                   |   65 +++-
 source3/lib/dummyparam.c                    |   35 ++
 source3/lib/dummysmbd.c                     |   15 -
 source3/lib/namearray.c                     |   39 ++
 source3/lib/secdesc.c                       |  712 --------------------------
 source3/lib/string_init.c                   |   77 +++
 source3/lib/substitute.c                    |   29 ++
 source3/lib/substitute_generic.c            |  116 +++++
 source3/lib/util.c                          |  178 -------
 source3/lib/util_names.c                    |  163 ++++++-
 source3/lib/util_str.c                      |  205 +--------
 source3/libnet/libnet_samsync_ldif.c        |   27 +
 source3/libsmb/clisecdesc.c                 |    1 +
 source3/modules/onefs_cbrl.c                |    2 +-
 source3/modules/vfs_aio_fork.c              |    6 +-
 source3/modules/vfs_preopen.c               |    2 +-
 source3/param/loadparm.c                    |   46 +-
 source3/param/service.c                     |  276 ++++++++++
 source3/registry/reg_backend_db.c           |    1 +
 source3/registry/regfio.c                   |    1 +
 source3/rpc_server/dfs/srv_dfs_nt.c         |    4 +-
 source3/rpc_server/spoolss/srv_spoolss_nt.c |    1 +
 source3/rpc_server/srvsvc/srv_srvsvc_nt.c   |    3 +-
 source3/rpc_server/winreg/srv_winreg_nt.c   |    1 +
 source3/smbd/aio.c                          |    4 +-
 source3/smbd/blocking.c                     |    2 +-
 source3/smbd/close.c                        |    2 +-
 source3/smbd/conn.c                         |  227 ++-------
 source3/smbd/conn_idle.c                    |  207 ++++++++
 source3/smbd/conn_msg.c                     |   49 ++
 source3/smbd/fileio.c                       |    2 +-
 source3/smbd/globals.c                      |    2 +-
 source3/smbd/ipc.c                          |    4 +-
 source3/smbd/lanman.c                       |    2 +-
 source3/smbd/msdfs.c                        |    5 +-
 source3/smbd/oplock.c                       |    2 +-
 source3/smbd/oplock_irix.c                  |    2 +-
 source3/smbd/oplock_linux.c                 |    2 +-
 source3/smbd/oplock_onefs.c                 |    2 +-
 source3/smbd/pipes.c                        |    6 +-
 source3/smbd/process.c                      |   26 +-
 source3/smbd/proto.h                        |    7 +-
 source3/smbd/server.c                       |   49 +-
 source3/smbd/server_reload.c                |    6 +-
 source3/smbd/service.c                      |  228 +---------
 source3/smbd/signing.c                      |    4 +-
 source3/smbd/smb2_lock.c                    |    2 +-
 source3/smbd/smb2_read.c                    |    2 +-
 source3/smbd/smb2_server.c                  |    2 +-
 source3/smbd/smb2_write.c                   |    2 +-
 source3/smbd/uid.c                          |   44 --
 source3/torture/vfstest.c                   |   10 -
 source3/wscript_build                       |  118 ++++--
 source4/heimdal/lib/roken/getprogname.c     |   48 --
 source4/heimdal/lib/roken/setprogname.c     |   91 ----
 source4/heimdal_build/replace.c             |   17 +
 source4/heimdal_build/wscript_build         |    6 -
 66 files changed, 2168 insertions(+), 1992 deletions(-)
 create mode 100644 libcli/security/secdesc.c
 create mode 100644 libcli/security/secdesc.h
 create mode 100644 source3/lib/dummyparam.c
 create mode 100644 source3/lib/namearray.c
 delete mode 100644 source3/lib/secdesc.c
 create mode 100644 source3/lib/string_init.c
 create mode 100644 source3/lib/substitute_generic.c
 create mode 100644 source3/param/service.c
 create mode 100644 source3/smbd/conn_idle.c
 create mode 100644 source3/smbd/conn_msg.c
 delete mode 100644 source4/heimdal/lib/roken/getprogname.c
 delete mode 100644 source4/heimdal/lib/roken/setprogname.c


Changeset truncated at 500 lines:

diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
new file mode 100644
index 0000000..5d75f07
--- /dev/null
+++ b/libcli/security/secdesc.c
@@ -0,0 +1,719 @@
+/*
+ *  Unix SMB/Netbios implementation.
+ *  SEC_DESC handling functions
+ *  Copyright (C) Andrew Tridgell              1992-1998,
+ *  Copyright (C) Jeremy R. Allison            1995-2003.
+ *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ *  Copyright (C) Paul Ashton                  1997-1998.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+
+#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
+					SECINFO_DACL|SECINFO_SACL|\
+					SECINFO_UNPROTECTED_SACL|\
+					SECINFO_UNPROTECTED_DACL|\
+					SECINFO_PROTECTED_SACL|\
+					SECINFO_PROTECTED_DACL)
+
+/* Map generic permissions to file object specific permissions */
+
+const struct generic_mapping file_generic_mapping = {
+	FILE_GENERIC_READ,
+	FILE_GENERIC_WRITE,
+	FILE_GENERIC_EXECUTE,
+	FILE_GENERIC_ALL
+};
+
+/*******************************************************************
+ Given a security_descriptor return the sec_info.
+********************************************************************/
+
+uint32_t get_sec_info(const struct security_descriptor *sd)
+{
+	uint32_t sec_info = ALL_SECURITY_INFORMATION;
+
+	SMB_ASSERT(sd);
+
+	if (sd->owner_sid == NULL) {
+		sec_info &= ~SECINFO_OWNER;
+	}
+	if (sd->group_sid == NULL) {
+		sec_info &= ~SECINFO_GROUP;
+	}
+	if (sd->sacl == NULL) {
+		sec_info &= ~SECINFO_SACL;
+	}
+	if (sd->dacl == NULL) {
+		sec_info &= ~SECINFO_DACL;
+	}
+
+	return sec_info;
+}
+
+
+/*******************************************************************
+ Merge part of security descriptor old_sec in to the empty sections of
+ security descriptor new_sec.
+********************************************************************/
+
+struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *new_sdb, struct sec_desc_buf *old_sdb)
+{
+	struct dom_sid *owner_sid, *group_sid;
+	struct sec_desc_buf *return_sdb;
+	struct security_acl *dacl, *sacl;
+	struct security_descriptor *psd = NULL;
+	uint16_t secdesc_type;
+	size_t secdesc_size;
+
+	/* Copy over owner and group sids.  There seems to be no flag for
+	   this so just check the pointer values. */
+
+	owner_sid = new_sdb->sd->owner_sid ? new_sdb->sd->owner_sid :
+		old_sdb->sd->owner_sid;
+
+	group_sid = new_sdb->sd->group_sid ? new_sdb->sd->group_sid :
+		old_sdb->sd->group_sid;
+
+	secdesc_type = new_sdb->sd->type;
+
+	/* Ignore changes to the system ACL.  This has the effect of making
+	   changes through the security tab audit button not sticking.
+	   Perhaps in future Samba could implement these settings somehow. */
+
+	sacl = NULL;
+	secdesc_type &= ~SEC_DESC_SACL_PRESENT;
+
+	/* Copy across discretionary ACL */
+
+	if (secdesc_type & SEC_DESC_DACL_PRESENT) {
+		dacl = new_sdb->sd->dacl;
+	} else {
+		dacl = old_sdb->sd->dacl;
+	}
+
+	/* Create new security descriptor from bits */
+
+	psd = make_sec_desc(ctx, new_sdb->sd->revision, secdesc_type,
+			    owner_sid, group_sid, sacl, dacl, &secdesc_size);
+
+	return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd);
+
+	return(return_sdb);
+}
+
+struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_descriptor *new_sdb, struct security_descriptor *old_sdb)
+{
+	struct dom_sid *owner_sid, *group_sid;
+	struct security_acl *dacl, *sacl;
+	struct security_descriptor *psd = NULL;
+	uint16_t secdesc_type;
+	size_t secdesc_size;
+
+	/* Copy over owner and group sids.  There seems to be no flag for
+	   this so just check the pointer values. */
+
+	owner_sid = new_sdb->owner_sid ? new_sdb->owner_sid :
+		old_sdb->owner_sid;
+
+	group_sid = new_sdb->group_sid ? new_sdb->group_sid :
+		old_sdb->group_sid;
+
+	secdesc_type = new_sdb->type;
+
+	/* Ignore changes to the system ACL.  This has the effect of making
+	   changes through the security tab audit button not sticking.
+	   Perhaps in future Samba could implement these settings somehow. */
+
+	sacl = NULL;
+	secdesc_type &= ~SEC_DESC_SACL_PRESENT;
+
+	/* Copy across discretionary ACL */
+
+	if (secdesc_type & SEC_DESC_DACL_PRESENT) {
+		dacl = new_sdb->dacl;
+	} else {
+		dacl = old_sdb->dacl;
+	}
+
+	/* Create new security descriptor from bits */
+	psd = make_sec_desc(ctx, new_sdb->revision, secdesc_type,
+			    owner_sid, group_sid, sacl, dacl, &secdesc_size);
+
+	return psd;
+}
+
+/*******************************************************************
+ Creates a struct security_descriptor structure
+********************************************************************/
+
+#define  SEC_DESC_HEADER_SIZE (2 * sizeof(uint16_t) + 4 * sizeof(uint32_t))
+
+struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx,
+			enum security_descriptor_revision revision,
+			uint16_t type,
+			const struct dom_sid *owner_sid, const struct dom_sid *grp_sid,
+			struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size)
+{
+	struct security_descriptor *dst;
+	uint32_t offset     = 0;
+
+	*sd_size = 0;
+
+	if(( dst = talloc_zero(ctx, struct security_descriptor)) == NULL)
+		return NULL;
+
+	dst->revision = revision;
+	dst->type = type;
+
+	if (sacl)
+		dst->type |= SEC_DESC_SACL_PRESENT;
+	if (dacl)
+		dst->type |= SEC_DESC_DACL_PRESENT;
+
+	dst->owner_sid = NULL;
+	dst->group_sid   = NULL;
+	dst->sacl      = NULL;
+	dst->dacl      = NULL;
+
+	if(owner_sid && ((dst->owner_sid = dom_sid_dup(dst,owner_sid)) == NULL))
+		goto error_exit;
+
+	if(grp_sid && ((dst->group_sid = dom_sid_dup(dst,grp_sid)) == NULL))
+		goto error_exit;
+
+	if(sacl && ((dst->sacl = dup_sec_acl(dst, sacl)) == NULL))
+		goto error_exit;
+
+	if(dacl && ((dst->dacl = dup_sec_acl(dst, dacl)) == NULL))
+		goto error_exit;
+
+	offset = SEC_DESC_HEADER_SIZE;
+
+	/*
+	 * Work out the linearization sizes.
+	 */
+
+	if (dst->sacl != NULL) {
+		offset += dst->sacl->size;
+	}
+	if (dst->dacl != NULL) {
+		offset += dst->dacl->size;
+	}
+
+	if (dst->owner_sid != NULL) {
+		offset += ndr_size_dom_sid(dst->owner_sid, 0);
+	}
+
+	if (dst->group_sid != NULL) {
+		offset += ndr_size_dom_sid(dst->group_sid, 0);
+	}
+
+	*sd_size = (size_t)offset;
+	return dst;
+
+error_exit:
+
+	*sd_size = 0;
+	return NULL;
+}
+
+/*******************************************************************
+ Duplicate a struct security_descriptor structure.
+********************************************************************/
+
+struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_descriptor *src)
+{
+	size_t dummy;
+
+	if(src == NULL)
+		return NULL;
+
+	return make_sec_desc( ctx, src->revision, src->type,
+				src->owner_sid, src->group_sid, src->sacl,
+				src->dacl, &dummy);
+}
+
+/*******************************************************************
+ Convert a secdesc into a byte stream
+********************************************************************/
+NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx,
+			   struct security_descriptor *secdesc,
+			   uint8_t **data, size_t *len)
+{
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_push_struct_blob(
+		&blob, mem_ctx, secdesc,
+		(ndr_push_flags_fn_t)ndr_push_security_descriptor);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(0, ("ndr_push_security_descriptor failed: %s\n",
+			  ndr_errstr(ndr_err)));
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	*data = blob.data;
+	*len = blob.length;
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Convert a secdesc_buf into a byte stream
+********************************************************************/
+
+NTSTATUS marshall_sec_desc_buf(TALLOC_CTX *mem_ctx,
+			       struct sec_desc_buf *secdesc_buf,
+			       uint8_t **data, size_t *len)
+{
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_push_struct_blob(
+		&blob, mem_ctx, secdesc_buf,
+		(ndr_push_flags_fn_t)ndr_push_sec_desc_buf);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(0, ("ndr_push_sec_desc_buf failed: %s\n",
+			  ndr_errstr(ndr_err)));
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	*data = blob.data;
+	*len = blob.length;
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Parse a byte stream into a secdesc
+********************************************************************/
+NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len,
+			     struct security_descriptor **psecdesc)
+{
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+	struct security_descriptor *result;
+
+	if ((data == NULL) || (len == 0)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	result = talloc_zero(mem_ctx, struct security_descriptor);
+	if (result == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	blob = data_blob_const(data, len);
+
+	ndr_err = ndr_pull_struct_blob(&blob, result, result,
+		(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(0, ("ndr_pull_security_descriptor failed: %s\n",
+			  ndr_errstr(ndr_err)));
+		TALLOC_FREE(result);
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	*psecdesc = result;
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Parse a byte stream into a sec_desc_buf
+********************************************************************/
+
+NTSTATUS unmarshall_sec_desc_buf(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len,
+				 struct sec_desc_buf **psecdesc_buf)
+{
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+	struct sec_desc_buf *result;
+
+	if ((data == NULL) || (len == 0)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	result = talloc_zero(mem_ctx, struct sec_desc_buf);
+	if (result == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	blob = data_blob_const(data, len);
+
+	ndr_err = ndr_pull_struct_blob(&blob, result, result,
+		(ndr_pull_flags_fn_t)ndr_pull_sec_desc_buf);
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(0, ("ndr_pull_sec_desc_buf failed: %s\n",
+			  ndr_errstr(ndr_err)));
+		TALLOC_FREE(result);
+		return ndr_map_error2ntstatus(ndr_err);
+	}
+
+	*psecdesc_buf = result;
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Creates a struct security_descriptor structure with typical defaults.
+********************************************************************/
+
+struct security_descriptor *make_standard_sec_desc(TALLOC_CTX *ctx, const struct dom_sid *owner_sid, const struct dom_sid *grp_sid,
+				 struct security_acl *dacl, size_t *sd_size)
+{
+	return make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
+			     SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, NULL,
+			     dacl, sd_size);
+}
+
+/*******************************************************************
+ Creates a struct sec_desc_buf structure.
+********************************************************************/
+
+struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct security_descriptor *sec_desc)
+{
+	struct sec_desc_buf *dst;
+
+	if((dst = talloc_zero(ctx, struct sec_desc_buf)) == NULL)
+		return NULL;
+
+	/* max buffer size (allocated size) */
+	dst->sd_size = (uint32_t)len;
+
+	if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) {
+		return NULL;
+	}
+
+	return dst;
+}
+
+/*******************************************************************
+ Duplicates a struct sec_desc_buf structure.
+********************************************************************/
+
+struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src)
+{
+	if(src == NULL)
+		return NULL;
+
+	return make_sec_desc_buf( ctx, src->sd_size, src->sd);
+}
+
+/*******************************************************************
+ Add a new SID with its permissions to struct security_descriptor.
+********************************************************************/
+
+NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32_t mask, size_t *sd_size)
+{
+	struct security_descriptor *sd   = 0;
+	struct security_acl  *dacl = 0;
+	struct security_ace  *ace  = 0;
+	NTSTATUS  status;
+
+	if (!ctx || !psd || !sid || !sd_size)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	*sd_size = 0;
+
+	status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask);
+
+	if (!NT_STATUS_IS_OK(status))
+		return status;
+
+	if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
+		psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	*psd = sd;
+	 sd  = 0;
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Modify a SID's permissions in a struct security_descriptor.
+********************************************************************/
+
+NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32_t mask)
+{
+	NTSTATUS status;
+
+	if (!sd || !sid)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	status = sec_ace_mod_sid(sd->dacl->aces, sd->dacl->num_aces, sid, mask);
+
+	if (!NT_STATUS_IS_OK(status))
+		return status;
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Delete a SID from a struct security_descriptor.
+********************************************************************/
+
+NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, struct dom_sid *sid, size_t *sd_size)
+{
+	struct security_descriptor *sd   = 0;
+	struct security_acl  *dacl = 0;
+	struct security_ace  *ace  = 0;
+	NTSTATUS  status;
+
+	if (!ctx || !psd[0] || !sid || !sd_size)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	*sd_size = 0;
+
+	status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid);
+
+	if (!NT_STATUS_IS_OK(status))
+		return status;
+
+	if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
+		return NT_STATUS_UNSUCCESSFUL;
+


-- 
Samba Shared Repository


More information about the samba-cvs mailing list