Changeset 133

Timestamp:

01/12/09 12:07:58 (16 years ago)

Author:

tim

Message:

minor changes to winsec library

fixed major bug with data_in_offset values

Location:

trunk

Files:

• include/winsec.h (modified) (6 diffs)
• lib/regfi.c (modified) (8 diffs)
• lib/winsec.c (modified) (9 diffs)

trunk/include/winsec.h

@@ -1 +1 @@
 /*
- * This file contains miscellaneous pieces of code which regfio.c
- * depends upon, from the Samba Subversion tree.  See:
+ * This file contains refactored Samba code used to interpret Windows
+ * Security Descriptors. See:
  *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
  *
  * Copyright (C) 2005,2009 Timothy D. Morgan
  * Copyright (C) 1992-2005 Samba development team 
- *               (see individual files under Subversion for details.)
- *
+ * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21 +20 @@
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- * $Id $
+ * $Id$
  */
 
@@ -37 +36 @@
 
 
-/* From smb.h */
+#define MAXSUBAUTHS 15
 
-#define MAXSUBAUTHS 15
+#define SEC_DESC_HEADER_SIZE     (2 * sizeof(uint16) + 4 * sizeof(uint32))
+                                 /*thanks for Jim McDonough <jmcd@us.ibm.com>*/
+#define SEC_DESC_DACL_PRESENT    0x0004
+#define SEC_DESC_SACL_PRESENT    0x0010
+
+#define SEC_ACE_OBJECT_PRESENT              0x00000001 
+#define SEC_ACE_OBJECT_INHERITED_PRESENT    0x00000002
+#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT  0x5
+#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT   0x6
+#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT    0x7
+#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT    0x8
+
 
 typedef struct sid_info
@@ -55 +65 @@
 } DOM_SID;
 
-/* End of stuff from smb.h */
-
-
-/* From rpc_secdesc.h */
 
 typedef struct security_info_info
@@ -111 +117 @@
 } SEC_DESC;
 
-/* End of stuff from rpc_secdesc.h */
 
 
-
-/* From rpc_secdes.h */
-
-#define SEC_DESC_DACL_PRESENT           0x0004
-#define SEC_DESC_SACL_PRESENT           0x0010
-#define  SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32))
-   /* thanks for Jim McDonough <jmcd@us.ibm.com> */
-#define SEC_ACE_OBJECT_PRESENT        0x00000001 
-#define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002
-
-#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT      0x5
-#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT       0x6
-#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT        0x7
-#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT        0x8
-
-/* End of stuff from rpc_secdes.h */
-
-/* From rpc_parse/parse_misc.c */
-
 bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth);
-
-/* End of stuff from rpc_parse/parse_misc.c */
-
-/* From lib/util_sid.c */
-
-size_t sid_size(const DOM_SID *sid);
-int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2);
-int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2);
-bool sid_equal(const DOM_SID *sid1, const DOM_SID *sid2);
-
-/* End of stuff from lib/util_sid.c */
-
-/* From lib/secace.c */
-
-bool sec_ace_object(uint8 type);
-
-/* End of stuff from lib/secace.c */
-
-/* From rpc_parse/parse_sec.c */
-
 bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth);
 bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth);
@@ -159 +125 @@
 bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth);
 
-/* End of stuff from rpc_parse/parse_sec.c */
-
-/* From lib/secace.c */
-
+size_t sid_size(const DOM_SID *sid);
+int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2);
+int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2);
 bool sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2);
-
-/* End of stuff from lib/secace.c */
-
-/* From lib/secacl.c */
-
 bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2);
-
-/* End of stuff from lib/secacl.c */
-
-/* From lib/secdesc.c */
-
 bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2);
-
-/* End of stuff from lib/secdesc.c */
+bool sid_equal(const DOM_SID *sid1, const DOM_SID *sid2);
+bool sec_ace_object(uint8 type);

trunk/lib/regfi.c

@@ -688 +688 @@
   }
 
+  /* XXX: call should look more like: */
+  /*if (!(ret_val->sec_desc = winsec_parse_desc(sec_desc_buf, ret_val->desc_size)))*/
   if (!sec_io_desc("sec_desc", &ret_val->sec_desc, &ps, 0))
   {
@@ -794 +796 @@
       return NULL;
     }
-    
+
     vk_offset =  voffsets[i] + REGF_BLOCKSIZE;
     vk_max_length = hbin->block_size + hbin->file_off - vk_offset;
@@ -853 +855 @@
       else
         nk->values = NULL;
+
     }
     else
@@ -865 +868 @@
         return NULL;
       }
+
     }
   }
@@ -1239 +1243 @@
   bool found = false;
   uint32 old_subkey = i->cur_subkey;
-  
+
   if(subkey_name == NULL)
     return false;
@@ -1358 +1362 @@
 
   nk_offset = i->cur_key->subkeys->elements[i->cur_subkey].nk_off;
-  
+
   return regfi_load_key(i->f, nk_offset+REGF_BLOCKSIZE, true);
 }
@@ -1881 +1885 @@
     }
     ret_val->valuename[ret_val->name_length] = '\0';
+
   }
   else
@@ -1896 +1901 @@
   else
   {
-    hbin = regfi_lookup_hbin(file, ret_val->data_off);
-    if(hbin)
-    {
-      data_offset = ret_val->data_off+REGF_BLOCKSIZE;
-      data_maxsize = hbin->block_size + hbin->file_off - data_offset;
-      ret_val->data = regfi_parse_data(file, data_offset, raw_data_size,
-                                       data_maxsize, strict);
+    if(ret_val->data_in_offset)
+    {
+      ret_val->data = regfi_parse_data(file, data_offset, 
+                                       raw_data_size, 4, strict);
     }
     else
-      ret_val->data = NULL;
+    {
+      hbin = regfi_lookup_hbin(file, ret_val->data_off);
+      if(hbin)
+      {
+        data_offset = ret_val->data_off+REGF_BLOCKSIZE;
+        data_maxsize = hbin->block_size + hbin->file_off - data_offset;
+        ret_val->data = regfi_parse_data(file, data_offset, raw_data_size,
+                                         data_maxsize, strict);
+        
+      }
+      else
+        ret_val->data = NULL;
+    }
 
     if(strict && (ret_val->data == NULL))

trunk/lib/winsec.c

@@ -1 +1 @@
 /*
- * This file contains miscellaneous pieces of code which regfio.c
- * depends upon, from the Samba Subversion tree.  See:
+ * This file contains refactored Samba code used to interpret Windows
+ * Security Descriptors. See:
  *   http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/
  *
@@ -21 +21 @@
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- * $Id $
+ * $Id$
  */
 
@@ -28 +28 @@
 
 
-/* From rpc_parse/parse_misc.c */
+/*******************************************************************
+ * Parses a SEC_DESC structure.
+ *******************************************************************/
+bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
+{
+  uint32 old_offset;
+  uint32 max_offset = 0; /* after we're done, move offset to end */
+  uint32 tmp_offset = 0;
+
+  SEC_DESC *psd;
+
+  if (ppsd == NULL || ps == NULL)
+    return false;
+
+  psd = *ppsd;
+  if (psd == NULL) 
+  {
+    if((psd = (SEC_DESC*)zalloc(sizeof(SEC_DESC))) == NULL)
+      return false;
+    *ppsd = psd;
+  }
+
+  depth++;
+
+  /* start of security descriptor stored for back-calc offset purposes */
+  old_offset = ps->data_offset;
+
+  if(!prs_uint16("revision ", ps, depth, &psd->revision)
+     || !prs_uint16("type     ", ps, depth, &psd->type))
+  {
+    free(psd);
+    *ppsd = NULL;
+    return false;
+  }
+
+  if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)
+     || !prs_uint32("off_grp_sid  ", ps, depth, &psd->off_grp_sid)
+     || !prs_uint32("off_sacl     ", ps, depth, &psd->off_sacl)
+     || !prs_uint32("off_dacl     ", ps, depth, &psd->off_dacl))
+  {
+    free(psd);
+    *ppsd = NULL;    
+    return false;
+  }
+  max_offset = MAX(max_offset, ps->data_offset);
+
+  if (psd->off_owner_sid != 0) 
+  {
+    tmp_offset = ps->data_offset;
+    if(!prs_set_offset(ps, old_offset + psd->off_owner_sid))
+    {
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+
+    /* reading */
+    if((psd->owner_sid = (DOM_SID*)zalloc(sizeof(DOM_SID))) == NULL)
+    {
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+
+    if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth))
+    {
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+
+    max_offset = MAX(max_offset, ps->data_offset);
+
+    if (!prs_set_offset(ps,tmp_offset))
+    {
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+  }
+
+  if (psd->off_grp_sid != 0) 
+  {
+    tmp_offset = ps->data_offset;
+    if(!prs_set_offset(ps, old_offset + psd->off_grp_sid))
+    {
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+
+    /* reading */
+    if((psd->grp_sid = (DOM_SID*)zalloc(sizeof(DOM_SID))) == NULL)
+    {
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+
+    if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth))
+    {
+      free(psd->grp_sid);
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+                        
+    max_offset = MAX(max_offset, ps->data_offset);
+
+    if (!prs_set_offset(ps,tmp_offset))
+    {
+      free(psd->grp_sid);
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+  }
+
+  if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) 
+  {
+    tmp_offset = ps->data_offset;
+    if(!prs_set_offset(ps, old_offset + psd->off_sacl)
+       || !sec_io_acl("sacl", &psd->sacl, ps, depth))
+    {
+      free(psd->grp_sid);
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+    max_offset = MAX(max_offset, ps->data_offset);
+    if (!prs_set_offset(ps,tmp_offset))
+    {
+      free(psd->grp_sid);
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+  }
+
+  if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) 
+  {
+    tmp_offset = ps->data_offset;
+    if(!prs_set_offset(ps, old_offset + psd->off_dacl)
+       || !sec_io_acl("dacl", &psd->dacl, ps, depth))
+    {
+      free(psd->grp_sid);
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+    max_offset = MAX(max_offset, ps->data_offset);
+    if (!prs_set_offset(ps,tmp_offset))
+    {
+      free(psd->grp_sid);
+      free(psd->owner_sid);
+      free(psd);
+      *ppsd = NULL;
+      return false;
+    }
+  }
+
+  if(!prs_set_offset(ps, max_offset))
+  {
+    free(psd->grp_sid);
+    free(psd->owner_sid);
+    free(psd);
+    *ppsd = NULL;
+    return false;
+  }
+
+  return true;
+}
+
 
 /*******************************************************************
@@ -66 +247 @@
 }
 
-/* End of stuff from rpc_parse/parse_misc.c */
-
-/* From lib/util_sid.c */
+
+
+/*******************************************************************
+ Reads or writes a SEC_ACCESS structure.
+********************************************************************/
+bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth)
+{
+  if (t == NULL)
+    return false;
+
+  depth++;
+        
+  if(!prs_uint32("mask", ps, depth, &t->mask))
+    return false;
+
+  return true;
+}
+
+
+/*******************************************************************
+ Reads or writes a SEC_ACE structure.
+********************************************************************/
+bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
+{
+  uint32 old_offset;
+  uint32 offset_ace_size;
+
+  if (psa == NULL)
+    return false;
+
+  depth++;
+        
+  old_offset = ps->data_offset;
+
+  if(!prs_uint8("type ", ps, depth, &psa->type))
+    return false;
+
+  if(!prs_uint8("flags", ps, depth, &psa->flags))
+    return false;
+
+  if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size))
+    return false;
+
+  if(!sec_io_access("info ", &psa->info, ps, depth))
+    return false;
+
+  /* check whether object access is present */
+  if (!sec_ace_object(psa->type)) 
+  {
+    if (!smb_io_dom_sid("trustee  ", &psa->trustee , ps, depth))
+      return false;
+  } 
+  else 
+  {
+    if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags))
+      return false;
+
+    if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT)
+      if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth))
+        return false;
+
+    if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT)
+      if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth))
+        return false;
+
+    if(!smb_io_dom_sid("trustee  ", &psa->trustee , ps, depth))
+      return false;
+  }
+
+  if(!prs_uint16_post("size ", ps, depth, &psa->size, 
+                      offset_ace_size, old_offset))
+  { return false; }
+
+  return true;
+}
+
+
+/*******************************************************************
+ Reads or writes a SEC_ACL structure.  
+
+ First of the xx_io_xx functions that allocates its data structures
+ for you as it reads them.
+********************************************************************/
+bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
+{
+  unsigned int i;
+  uint32 old_offset;
+  uint32 offset_acl_size;
+  SEC_ACL* psa;
+
+  /*
+   * Note that the size is always a multiple of 4 bytes due to the
+   * nature of the data structure.  Therefore the prs_align() calls
+   * have been removed as they through us off when doing two-layer
+   * marshalling such as in the printing code (RPC_BUFFER).  --jerry
+   */
+
+  if (ppsa == NULL || ps == NULL)
+    return false;
+
+  psa = *ppsa;
+
+  if(psa == NULL) 
+  {
+    /*
+     * This is a read and we must allocate the stuct to read into.
+     */
+    if((psa = (SEC_ACL*)zalloc(sizeof(SEC_ACL))) == NULL)
+      return false;
+    *ppsa = psa;
+  }
+
+  depth++;      
+  old_offset = ps->data_offset;
+
+  if(!prs_uint16("revision", ps, depth, &psa->revision)
+     || !prs_uint16_pre("size     ", ps, depth, &psa->size, &offset_acl_size)
+     || !prs_uint32("num_aces ", ps, depth, &psa->num_aces))
+  {
+    free(psa);
+    *ppsa = NULL;
+    return false;
+  }
+
+  /*
+   * Even if the num_aces is zero, allocate memory as there's a difference
+   * between a non-present DACL (allow all access) and a DACL with no ACE's
+   * (allow no access).
+   */
+  if((psa->ace = (SEC_ACE*)zcalloc(sizeof(SEC_ACE), psa->num_aces+1)) == NULL)
+  {
+    free(psa);
+    *ppsa = NULL;
+    return false;
+  }
+
+  for (i = 0; i < psa->num_aces; i++) 
+  {
+    fstring tmp;
+    snprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i);
+    if(!sec_io_ace(tmp, &psa->ace[i], ps, depth))
+    {
+      free(psa);
+      *ppsa = NULL;
+      return false;
+    }
+  }
+
+  if(!prs_uint16_post("size     ", ps, depth, &psa->size, 
+                      offset_acl_size, old_offset))
+  { 
+    free(psa);
+    *ppsa = NULL;
+    return false; 
+  }
+
+  return true;
+}
+
 
 /*****************************************************************
@@ -141 +478 @@
 }
 
-/* End of stuff from lib/util_sid.c */
-
-/* From lib/secace.c */
+
 
 /*******************************************************************
  Check if ACE has OBJECT type.
 ********************************************************************/
-
 bool sec_ace_object(uint8 type)
 {
@@ -160 +494 @@
 }
 
-/* End of stuff from lib/secace.c */
-
-/* From rpc_parse/parse_sec.c */
-
-/*******************************************************************
- Reads or writes a SEC_ACCESS structure.
-********************************************************************/
-bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth)
-{
-  if (t == NULL)
-    return false;
-
-  depth++;
-        
-  if(!prs_uint32("mask", ps, depth, &t->mask))
-    return false;
-
-  return true;
-}
-
-
-/*******************************************************************
- Reads or writes a SEC_ACE structure.
-********************************************************************/
-bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
-{
-  uint32 old_offset;
-  uint32 offset_ace_size;
-
-  if (psa == NULL)
-    return false;
-
-  depth++;
-        
-  old_offset = ps->data_offset;
-
-  if(!prs_uint8("type ", ps, depth, &psa->type))
-    return false;
-
-  if(!prs_uint8("flags", ps, depth, &psa->flags))
-    return false;
-
-  if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size))
-    return false;
-
-  if(!sec_io_access("info ", &psa->info, ps, depth))
-    return false;
-
-  /* check whether object access is present */
-  if (!sec_ace_object(psa->type)) 
-  {
-    if (!smb_io_dom_sid("trustee  ", &psa->trustee , ps, depth))
-      return false;
-  } 
-  else 
-  {
-    if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags))
-      return false;
-
-    if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT)
-      if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth))
-        return false;
-
-    if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT)
-      if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth))
-        return false;
-
-    if(!smb_io_dom_sid("trustee  ", &psa->trustee , ps, depth))
-      return false;
-  }
-
-  /* Theorectically an ACE can have a size greater than the
-   * sum of its components. When marshalling, pad with extra null bytes 
-   * up to the
-   * correct size. 
-   */
-  if (!ps->io && (psa->size > ps->data_offset - old_offset)) 
-  {
-    uint32 extra_len = psa->size - (ps->data_offset - old_offset);
-    uint32 i;
-    uint8 c = 0;
-
-    for (i = 0; i < extra_len; i++) 
-    {
-      if (!prs_uint8("ace extra space", ps, depth, &c))
-        return false;
-    }
-  }
-
-  if(!prs_uint16_post("size ", ps, depth, &psa->size, 
-                      offset_ace_size, old_offset))
-  { return false; }
-
-  return true;
-}
-
-
-/*******************************************************************
- Reads or writes a SEC_ACL structure.  
-
- First of the xx_io_xx functions that allocates its data structures
- for you as it reads them.
-********************************************************************/
-bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
-{
-  unsigned int i;
-  uint32 old_offset;
-  uint32 offset_acl_size;
-  SEC_ACL* psa;
-
-  /*
-   * Note that the size is always a multiple of 4 bytes due to the
-   * nature of the data structure.  Therefore the prs_align() calls
-   * have been removed as they through us off when doing two-layer
-   * marshalling such as in the printing code (RPC_BUFFER).  --jerry
-   */
-
-  if (ppsa == NULL || ps == NULL)
-    return false;
-
-  psa = *ppsa;
-
-  if(ps->io && psa == NULL) 
-  {
-    /*
-     * This is a read and we must allocate the stuct to read into.
-     */
-    if((psa = (SEC_ACL*)zalloc(sizeof(SEC_ACL))) == NULL)
-      return false;
-    *ppsa = psa;
-  }
-
-  depth++;      
-  old_offset = ps->data_offset;
-
-  if(!prs_uint16("revision", ps, depth, &psa->revision)
-     || !prs_uint16_pre("size     ", ps, depth, &psa->size, &offset_acl_size)
-     || !prs_uint32("num_aces ", ps, depth, &psa->num_aces))
-  {
-    free(psa);
-    *ppsa = NULL;
-    return false;
-  }
-
-  if (ps->io) 
-  {
-    /*
-     * Even if the num_aces is zero, allocate memory as there's a difference
-     * between a non-present DACL (allow all access) and a DACL with no ACE's
-     * (allow no access).
-     */
-    if((psa->ace = (SEC_ACE*)zcalloc(sizeof(SEC_ACE), psa->num_aces+1)) == NULL)
-    {
-      free(psa);
-      *ppsa = NULL;
-      return false;
-    }
-  }
-
-  for (i = 0; i < psa->num_aces; i++) 
-  {
-    fstring tmp;
-    snprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i);
-    if(!sec_io_ace(tmp, &psa->ace[i], ps, depth))
-    {
-      free(psa);
-      *ppsa = NULL;
-      return false;
-    }
-  }
-
-  /* Theoretically an ACL can have a size greater than the
-   *  sum of its components. When marshalling, pad with extra null 
-   *  bytes up to the
-   *  correct size. 
-   */
-  if (!ps->io && (psa->size > ps->data_offset - old_offset)) 
-  {
-    uint32 extra_len = psa->size - (ps->data_offset - old_offset);
-    uint8 c = 0;
-
-    for (i = 0; i < extra_len; i++) 
-    {
-      if (!prs_uint8("acl extra space", ps, depth, &c))
-      {
-        free(psa);
-        *ppsa = NULL;
-        return false;
-      }
-    }
-  }
-
-  if(!prs_uint16_post("size     ", ps, depth, &psa->size, 
-                      offset_acl_size, old_offset))
-  { 
-    free(psa);
-    *ppsa = NULL;
-    return false; 
-  }
-
-  return true;
-}
-
-
-/*******************************************************************
- Reads or writes a SEC_DESC structure.
- If reading and the *ppsd = NULL, allocates the structure.
-********************************************************************/
-bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
-{
-  uint32 old_offset;
-  uint32 max_offset = 0; /* after we're done, move offset to end */
-  uint32 tmp_offset = 0;
-
-  SEC_DESC *psd;
-
-  if (ppsd == NULL || ps == NULL)
-    return false;
-
-  psd = *ppsd;
-  if (psd == NULL) 
-  {
-    if(ps->io) 
-    {
-      if((psd = (SEC_DESC*)zalloc(sizeof(SEC_DESC))) == NULL)
-        return false;
-      *ppsd = psd;
-    } 
-    else 
-    {
-      /* Marshalling - just ignore. */
-      return true;
-    }
-  }
-
-  depth++;
-
-  /* start of security descriptor stored for back-calc offset purposes */
-  old_offset = ps->data_offset;
-
-  if(!prs_uint16("revision ", ps, depth, &psd->revision)
-     || !prs_uint16("type     ", ps, depth, &psd->type))
-  {
-    free(psd);
-    *ppsd = NULL;
-    return false;
-  }
-
-  if (!ps->io)
-  {
-    uint32 offset = SEC_DESC_HEADER_SIZE;
-
-    /*
-     * Work out the offsets here, as we write it out.
-     */
-
-    if (psd->sacl != NULL) 
-    {
-      psd->off_sacl = offset;
-      offset += psd->sacl->size;
-    } 
-    else
-      psd->off_sacl = 0;
-
-    if (psd->dacl != NULL) 
-    {
-      psd->off_dacl = offset;
-      offset += psd->dacl->size;
-    } 
-    else 
-      psd->off_dacl = 0;
-
-    if (psd->owner_sid != NULL) 
-    {
-      psd->off_owner_sid = offset;
-      offset += sid_size(psd->owner_sid);
-    } 
-    else
-      psd->off_owner_sid = 0;
-
-    if (psd->grp_sid != NULL) 
-    {
-      psd->off_grp_sid = offset;
-      offset += sid_size(psd->grp_sid);
-    } 
-    else
-      psd->off_grp_sid = 0;
-  }
-
-  if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)
-     || !prs_uint32("off_grp_sid  ", ps, depth, &psd->off_grp_sid)
-     || !prs_uint32("off_sacl     ", ps, depth, &psd->off_sacl)
-     || !prs_uint32("off_dacl     ", ps, depth, &psd->off_dacl))
-  {
-    free(psd);
-    *ppsd = NULL;    
-    return false;
-  }
-  max_offset = MAX(max_offset, ps->data_offset);
-
-  if (psd->off_owner_sid != 0) 
-  {
-    tmp_offset = ps->data_offset;
-    if(!prs_set_offset(ps, old_offset + psd->off_owner_sid))
-    {
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-
-    if (ps->io) 
-    {
-      /* reading */
-      if((psd->owner_sid = (DOM_SID*)zalloc(sizeof(DOM_SID))) == NULL)
-      {
-        free(psd);
-        *ppsd = NULL;
-        return false;
-      }
-    }
-
-    if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth))
-    {
-      if(ps->io)
-        free(psd->owner_sid);
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-
-    max_offset = MAX(max_offset, ps->data_offset);
-
-    if (!prs_set_offset(ps,tmp_offset))
-    {
-      if(ps->io)
-        free(psd->owner_sid);
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-  }
-
-  if (psd->off_grp_sid != 0) 
-  {
-    tmp_offset = ps->data_offset;
-    if(!prs_set_offset(ps, old_offset + psd->off_grp_sid))
-    {
-      if(ps->io)
-        free(psd->owner_sid);
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-
-    if (ps->io) 
-    {
-      /* reading */
-      if((psd->grp_sid = (DOM_SID*)zalloc(sizeof(DOM_SID))) == NULL)
-      {
-        free(psd->owner_sid);
-        free(psd);
-        *ppsd = NULL;
-        return false;
-      }
-    }
-
-    if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth))
-    {
-      if(ps->io)
-      {
-        free(psd->grp_sid);
-        free(psd->owner_sid);
-      }
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-                        
-    max_offset = MAX(max_offset, ps->data_offset);
-
-    if (!prs_set_offset(ps,tmp_offset))
-    {
-      if(ps->io)
-      {
-        free(psd->grp_sid);
-        free(psd->owner_sid);
-      }
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-  }
-
-  if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) 
-  {
-    tmp_offset = ps->data_offset;
-    if(!prs_set_offset(ps, old_offset + psd->off_sacl)
-       || !sec_io_acl("sacl", &psd->sacl, ps, depth))
-    {
-      if(ps->io)
-      {
-        free(psd->grp_sid);
-        free(psd->owner_sid);
-      }
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-    max_offset = MAX(max_offset, ps->data_offset);
-    if (!prs_set_offset(ps,tmp_offset))
-    {
-      if(ps->io)
-      {
-        free(psd->grp_sid);
-        free(psd->owner_sid);
-      }
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-  }
-
-  if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) 
-  {
-    tmp_offset = ps->data_offset;
-    if(!prs_set_offset(ps, old_offset + psd->off_dacl)
-       || !sec_io_acl("dacl", &psd->dacl, ps, depth))
-    {
-      if(ps->io)
-      {
-        free(psd->grp_sid);
-        free(psd->owner_sid);
-      }
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-    max_offset = MAX(max_offset, ps->data_offset);
-    if (!prs_set_offset(ps,tmp_offset))
-    {
-      if(ps->io)
-      {
-        free(psd->grp_sid);
-        free(psd->owner_sid);
-      }
-      free(psd);
-      *ppsd = NULL;
-      return false;
-    }
-  }
-
-  if(!prs_set_offset(ps, max_offset))
-  {
-      if(ps->io)
-      {
-        free(psd->grp_sid);
-        free(psd->owner_sid);
-      }
-      free(psd);
-      *ppsd = NULL;
-      return false;
-  }
-
-  return true;
-}
-
-/* End of stuff from rpc_parse/parse_sec.c */
-
-/* From lib/secace.c */
 
 /*******************************************************************
@@ -653 +518 @@
 }
 
-/* End of stuff from lib/secace.c */
-
-/* From lib/secacl.c */
 
 /*******************************************************************
  Compares two SEC_ACL structures
 ********************************************************************/
-
 bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2)
 {
@@ -701 +562 @@
 }
 
-/* End of stuff from lib/secacl.c */
-
-/* From lib/secdesc.c */
 
 /*******************************************************************
@@ -742 +600 @@
   return true;
 }
-
-/* End of stuff from lib/secdesc.c */