- Timestamp:
- 01/12/09 12:07:58 (16 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/winsec.h
r132 r133 1 1 /* 2 * This file contains miscellaneous pieces of code which regfio.c3 * depends upon, from the Samba Subversion tree.See:2 * This file contains refactored Samba code used to interpret Windows 3 * Security Descriptors. See: 4 4 * http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/ 5 5 * 6 6 * Copyright (C) 2005,2009 Timothy D. Morgan 7 7 * Copyright (C) 1992-2005 Samba development team 8 * (see individual files under Subversion for details.) 9 * 8 * 10 9 * This program is free software; you can redistribute it and/or modify 11 10 * it under the terms of the GNU General Public License as published by … … 21 20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 22 21 * 23 * $Id 22 * $Id$ 24 23 */ 25 24 … … 37 36 38 37 39 /* From smb.h */ 38 #define MAXSUBAUTHS 15 40 39 41 #define MAXSUBAUTHS 15 40 #define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32)) 41 /*thanks for Jim McDonough <jmcd@us.ibm.com>*/ 42 #define SEC_DESC_DACL_PRESENT 0x0004 43 #define SEC_DESC_SACL_PRESENT 0x0010 44 45 #define SEC_ACE_OBJECT_PRESENT 0x00000001 46 #define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002 47 #define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5 48 #define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6 49 #define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7 50 #define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8 51 42 52 43 53 typedef struct sid_info … … 55 65 } DOM_SID; 56 66 57 /* End of stuff from smb.h */58 59 60 /* From rpc_secdesc.h */61 67 62 68 typedef struct security_info_info … … 111 117 } SEC_DESC; 112 118 113 /* End of stuff from rpc_secdesc.h */114 119 115 120 116 117 /* From rpc_secdes.h */118 119 #define SEC_DESC_DACL_PRESENT 0x0004120 #define SEC_DESC_SACL_PRESENT 0x0010121 #define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32))122 /* thanks for Jim McDonough <jmcd@us.ibm.com> */123 #define SEC_ACE_OBJECT_PRESENT 0x00000001124 #define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002125 126 #define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5127 #define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6128 #define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7129 #define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8130 131 /* End of stuff from rpc_secdes.h */132 133 /* From rpc_parse/parse_misc.c */134 135 121 bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth); 136 137 /* End of stuff from rpc_parse/parse_misc.c */138 139 /* From lib/util_sid.c */140 141 size_t sid_size(const DOM_SID *sid);142 int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2);143 int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2);144 bool sid_equal(const DOM_SID *sid1, const DOM_SID *sid2);145 146 /* End of stuff from lib/util_sid.c */147 148 /* From lib/secace.c */149 150 bool sec_ace_object(uint8 type);151 152 /* End of stuff from lib/secace.c */153 154 /* From rpc_parse/parse_sec.c */155 156 122 bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth); 157 123 bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth); … … 159 125 bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth); 160 126 161 /* End of stuff from rpc_parse/parse_sec.c */ 162 163 /* From lib/secace.c */ 164 127 size_t sid_size(const DOM_SID *sid); 128 int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2); 129 int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2); 165 130 bool sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2); 166 167 /* End of stuff from lib/secace.c */168 169 /* From lib/secacl.c */170 171 131 bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2); 172 173 /* End of stuff from lib/secacl.c */174 175 /* From lib/secdesc.c */176 177 132 bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2); 178 179 /* End of stuff from lib/secdesc.c */ 133 bool sid_equal(const DOM_SID *sid1, const DOM_SID *sid2); 134 bool sec_ace_object(uint8 type); -
trunk/lib/regfi.c
r132 r133 688 688 } 689 689 690 /* XXX: call should look more like: */ 691 /*if (!(ret_val->sec_desc = winsec_parse_desc(sec_desc_buf, ret_val->desc_size)))*/ 690 692 if (!sec_io_desc("sec_desc", &ret_val->sec_desc, &ps, 0)) 691 693 { … … 794 796 return NULL; 795 797 } 796 798 797 799 vk_offset = voffsets[i] + REGF_BLOCKSIZE; 798 800 vk_max_length = hbin->block_size + hbin->file_off - vk_offset; … … 853 855 else 854 856 nk->values = NULL; 857 855 858 } 856 859 else … … 865 868 return NULL; 866 869 } 870 867 871 } 868 872 } … … 1239 1243 bool found = false; 1240 1244 uint32 old_subkey = i->cur_subkey; 1241 1245 1242 1246 if(subkey_name == NULL) 1243 1247 return false; … … 1358 1362 1359 1363 nk_offset = i->cur_key->subkeys->elements[i->cur_subkey].nk_off; 1360 1364 1361 1365 return regfi_load_key(i->f, nk_offset+REGF_BLOCKSIZE, true); 1362 1366 } … … 1881 1885 } 1882 1886 ret_val->valuename[ret_val->name_length] = '\0'; 1887 1883 1888 } 1884 1889 else … … 1896 1901 else 1897 1902 { 1898 hbin = regfi_lookup_hbin(file, ret_val->data_off); 1899 if(hbin) 1900 { 1901 data_offset = ret_val->data_off+REGF_BLOCKSIZE; 1902 data_maxsize = hbin->block_size + hbin->file_off - data_offset; 1903 ret_val->data = regfi_parse_data(file, data_offset, raw_data_size, 1904 data_maxsize, strict); 1903 if(ret_val->data_in_offset) 1904 { 1905 ret_val->data = regfi_parse_data(file, data_offset, 1906 raw_data_size, 4, strict); 1905 1907 } 1906 1908 else 1907 ret_val->data = NULL; 1909 { 1910 hbin = regfi_lookup_hbin(file, ret_val->data_off); 1911 if(hbin) 1912 { 1913 data_offset = ret_val->data_off+REGF_BLOCKSIZE; 1914 data_maxsize = hbin->block_size + hbin->file_off - data_offset; 1915 ret_val->data = regfi_parse_data(file, data_offset, raw_data_size, 1916 data_maxsize, strict); 1917 1918 } 1919 else 1920 ret_val->data = NULL; 1921 } 1908 1922 1909 1923 if(strict && (ret_val->data == NULL)) -
trunk/lib/winsec.c
r132 r133 1 1 /* 2 * This file contains miscellaneous pieces of code which regfio.c3 * depends upon, from the Samba Subversion tree.See:2 * This file contains refactored Samba code used to interpret Windows 3 * Security Descriptors. See: 4 4 * http://websvn.samba.org/cgi-bin/viewcvs.cgi/trunk/source/ 5 5 * … … 21 21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 22 22 * 23 * $Id 23 * $Id$ 24 24 */ 25 25 … … 28 28 29 29 30 /* From rpc_parse/parse_misc.c */ 30 /******************************************************************* 31 * Parses a SEC_DESC structure. 32 *******************************************************************/ 33 bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) 34 { 35 uint32 old_offset; 36 uint32 max_offset = 0; /* after we're done, move offset to end */ 37 uint32 tmp_offset = 0; 38 39 SEC_DESC *psd; 40 41 if (ppsd == NULL || ps == NULL) 42 return false; 43 44 psd = *ppsd; 45 if (psd == NULL) 46 { 47 if((psd = (SEC_DESC*)zalloc(sizeof(SEC_DESC))) == NULL) 48 return false; 49 *ppsd = psd; 50 } 51 52 depth++; 53 54 /* start of security descriptor stored for back-calc offset purposes */ 55 old_offset = ps->data_offset; 56 57 if(!prs_uint16("revision ", ps, depth, &psd->revision) 58 || !prs_uint16("type ", ps, depth, &psd->type)) 59 { 60 free(psd); 61 *ppsd = NULL; 62 return false; 63 } 64 65 if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid) 66 || !prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid) 67 || !prs_uint32("off_sacl ", ps, depth, &psd->off_sacl) 68 || !prs_uint32("off_dacl ", ps, depth, &psd->off_dacl)) 69 { 70 free(psd); 71 *ppsd = NULL; 72 return false; 73 } 74 max_offset = MAX(max_offset, ps->data_offset); 75 76 if (psd->off_owner_sid != 0) 77 { 78 tmp_offset = ps->data_offset; 79 if(!prs_set_offset(ps, old_offset + psd->off_owner_sid)) 80 { 81 free(psd); 82 *ppsd = NULL; 83 return false; 84 } 85 86 /* reading */ 87 if((psd->owner_sid = (DOM_SID*)zalloc(sizeof(DOM_SID))) == NULL) 88 { 89 free(psd); 90 *ppsd = NULL; 91 return false; 92 } 93 94 if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth)) 95 { 96 free(psd->owner_sid); 97 free(psd); 98 *ppsd = NULL; 99 return false; 100 } 101 102 max_offset = MAX(max_offset, ps->data_offset); 103 104 if (!prs_set_offset(ps,tmp_offset)) 105 { 106 free(psd->owner_sid); 107 free(psd); 108 *ppsd = NULL; 109 return false; 110 } 111 } 112 113 if (psd->off_grp_sid != 0) 114 { 115 tmp_offset = ps->data_offset; 116 if(!prs_set_offset(ps, old_offset + psd->off_grp_sid)) 117 { 118 free(psd->owner_sid); 119 free(psd); 120 *ppsd = NULL; 121 return false; 122 } 123 124 /* reading */ 125 if((psd->grp_sid = (DOM_SID*)zalloc(sizeof(DOM_SID))) == NULL) 126 { 127 free(psd->owner_sid); 128 free(psd); 129 *ppsd = NULL; 130 return false; 131 } 132 133 if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth)) 134 { 135 free(psd->grp_sid); 136 free(psd->owner_sid); 137 free(psd); 138 *ppsd = NULL; 139 return false; 140 } 141 142 max_offset = MAX(max_offset, ps->data_offset); 143 144 if (!prs_set_offset(ps,tmp_offset)) 145 { 146 free(psd->grp_sid); 147 free(psd->owner_sid); 148 free(psd); 149 *ppsd = NULL; 150 return false; 151 } 152 } 153 154 if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl) 155 { 156 tmp_offset = ps->data_offset; 157 if(!prs_set_offset(ps, old_offset + psd->off_sacl) 158 || !sec_io_acl("sacl", &psd->sacl, ps, depth)) 159 { 160 free(psd->grp_sid); 161 free(psd->owner_sid); 162 free(psd); 163 *ppsd = NULL; 164 return false; 165 } 166 max_offset = MAX(max_offset, ps->data_offset); 167 if (!prs_set_offset(ps,tmp_offset)) 168 { 169 free(psd->grp_sid); 170 free(psd->owner_sid); 171 free(psd); 172 *ppsd = NULL; 173 return false; 174 } 175 } 176 177 if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0) 178 { 179 tmp_offset = ps->data_offset; 180 if(!prs_set_offset(ps, old_offset + psd->off_dacl) 181 || !sec_io_acl("dacl", &psd->dacl, ps, depth)) 182 { 183 free(psd->grp_sid); 184 free(psd->owner_sid); 185 free(psd); 186 *ppsd = NULL; 187 return false; 188 } 189 max_offset = MAX(max_offset, ps->data_offset); 190 if (!prs_set_offset(ps,tmp_offset)) 191 { 192 free(psd->grp_sid); 193 free(psd->owner_sid); 194 free(psd); 195 *ppsd = NULL; 196 return false; 197 } 198 } 199 200 if(!prs_set_offset(ps, max_offset)) 201 { 202 free(psd->grp_sid); 203 free(psd->owner_sid); 204 free(psd); 205 *ppsd = NULL; 206 return false; 207 } 208 209 return true; 210 } 211 31 212 32 213 /******************************************************************* … … 66 247 } 67 248 68 /* End of stuff from rpc_parse/parse_misc.c */ 69 70 /* From lib/util_sid.c */ 249 250 251 /******************************************************************* 252 Reads or writes a SEC_ACCESS structure. 253 ********************************************************************/ 254 bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth) 255 { 256 if (t == NULL) 257 return false; 258 259 depth++; 260 261 if(!prs_uint32("mask", ps, depth, &t->mask)) 262 return false; 263 264 return true; 265 } 266 267 268 /******************************************************************* 269 Reads or writes a SEC_ACE structure. 270 ********************************************************************/ 271 bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) 272 { 273 uint32 old_offset; 274 uint32 offset_ace_size; 275 276 if (psa == NULL) 277 return false; 278 279 depth++; 280 281 old_offset = ps->data_offset; 282 283 if(!prs_uint8("type ", ps, depth, &psa->type)) 284 return false; 285 286 if(!prs_uint8("flags", ps, depth, &psa->flags)) 287 return false; 288 289 if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size)) 290 return false; 291 292 if(!sec_io_access("info ", &psa->info, ps, depth)) 293 return false; 294 295 /* check whether object access is present */ 296 if (!sec_ace_object(psa->type)) 297 { 298 if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) 299 return false; 300 } 301 else 302 { 303 if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags)) 304 return false; 305 306 if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT) 307 if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth)) 308 return false; 309 310 if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT) 311 if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth)) 312 return false; 313 314 if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) 315 return false; 316 } 317 318 if(!prs_uint16_post("size ", ps, depth, &psa->size, 319 offset_ace_size, old_offset)) 320 { return false; } 321 322 return true; 323 } 324 325 326 /******************************************************************* 327 Reads or writes a SEC_ACL structure. 328 329 First of the xx_io_xx functions that allocates its data structures 330 for you as it reads them. 331 ********************************************************************/ 332 bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) 333 { 334 unsigned int i; 335 uint32 old_offset; 336 uint32 offset_acl_size; 337 SEC_ACL* psa; 338 339 /* 340 * Note that the size is always a multiple of 4 bytes due to the 341 * nature of the data structure. Therefore the prs_align() calls 342 * have been removed as they through us off when doing two-layer 343 * marshalling such as in the printing code (RPC_BUFFER). --jerry 344 */ 345 346 if (ppsa == NULL || ps == NULL) 347 return false; 348 349 psa = *ppsa; 350 351 if(psa == NULL) 352 { 353 /* 354 * This is a read and we must allocate the stuct to read into. 355 */ 356 if((psa = (SEC_ACL*)zalloc(sizeof(SEC_ACL))) == NULL) 357 return false; 358 *ppsa = psa; 359 } 360 361 depth++; 362 old_offset = ps->data_offset; 363 364 if(!prs_uint16("revision", ps, depth, &psa->revision) 365 || !prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size) 366 || !prs_uint32("num_aces ", ps, depth, &psa->num_aces)) 367 { 368 free(psa); 369 *ppsa = NULL; 370 return false; 371 } 372 373 /* 374 * Even if the num_aces is zero, allocate memory as there's a difference 375 * between a non-present DACL (allow all access) and a DACL with no ACE's 376 * (allow no access). 377 */ 378 if((psa->ace = (SEC_ACE*)zcalloc(sizeof(SEC_ACE), psa->num_aces+1)) == NULL) 379 { 380 free(psa); 381 *ppsa = NULL; 382 return false; 383 } 384 385 for (i = 0; i < psa->num_aces; i++) 386 { 387 fstring tmp; 388 snprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); 389 if(!sec_io_ace(tmp, &psa->ace[i], ps, depth)) 390 { 391 free(psa); 392 *ppsa = NULL; 393 return false; 394 } 395 } 396 397 if(!prs_uint16_post("size ", ps, depth, &psa->size, 398 offset_acl_size, old_offset)) 399 { 400 free(psa); 401 *ppsa = NULL; 402 return false; 403 } 404 405 return true; 406 } 407 71 408 72 409 /***************************************************************** … … 141 478 } 142 479 143 /* End of stuff from lib/util_sid.c */ 144 145 /* From lib/secace.c */ 480 146 481 147 482 /******************************************************************* 148 483 Check if ACE has OBJECT type. 149 484 ********************************************************************/ 150 151 485 bool sec_ace_object(uint8 type) 152 486 { … … 160 494 } 161 495 162 /* End of stuff from lib/secace.c */163 164 /* From rpc_parse/parse_sec.c */165 166 /*******************************************************************167 Reads or writes a SEC_ACCESS structure.168 ********************************************************************/169 bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth)170 {171 if (t == NULL)172 return false;173 174 depth++;175 176 if(!prs_uint32("mask", ps, depth, &t->mask))177 return false;178 179 return true;180 }181 182 183 /*******************************************************************184 Reads or writes a SEC_ACE structure.185 ********************************************************************/186 bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth)187 {188 uint32 old_offset;189 uint32 offset_ace_size;190 191 if (psa == NULL)192 return false;193 194 depth++;195 196 old_offset = ps->data_offset;197 198 if(!prs_uint8("type ", ps, depth, &psa->type))199 return false;200 201 if(!prs_uint8("flags", ps, depth, &psa->flags))202 return false;203 204 if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size))205 return false;206 207 if(!sec_io_access("info ", &psa->info, ps, depth))208 return false;209 210 /* check whether object access is present */211 if (!sec_ace_object(psa->type))212 {213 if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))214 return false;215 }216 else217 {218 if (!prs_uint32("obj_flags", ps, depth, &psa->obj_flags))219 return false;220 221 if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT)222 if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth))223 return false;224 225 if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT)226 if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth))227 return false;228 229 if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))230 return false;231 }232 233 /* Theorectically an ACE can have a size greater than the234 * sum of its components. When marshalling, pad with extra null bytes235 * up to the236 * correct size.237 */238 if (!ps->io && (psa->size > ps->data_offset - old_offset))239 {240 uint32 extra_len = psa->size - (ps->data_offset - old_offset);241 uint32 i;242 uint8 c = 0;243 244 for (i = 0; i < extra_len; i++)245 {246 if (!prs_uint8("ace extra space", ps, depth, &c))247 return false;248 }249 }250 251 if(!prs_uint16_post("size ", ps, depth, &psa->size,252 offset_ace_size, old_offset))253 { return false; }254 255 return true;256 }257 258 259 /*******************************************************************260 Reads or writes a SEC_ACL structure.261 262 First of the xx_io_xx functions that allocates its data structures263 for you as it reads them.264 ********************************************************************/265 bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)266 {267 unsigned int i;268 uint32 old_offset;269 uint32 offset_acl_size;270 SEC_ACL* psa;271 272 /*273 * Note that the size is always a multiple of 4 bytes due to the274 * nature of the data structure. Therefore the prs_align() calls275 * have been removed as they through us off when doing two-layer276 * marshalling such as in the printing code (RPC_BUFFER). --jerry277 */278 279 if (ppsa == NULL || ps == NULL)280 return false;281 282 psa = *ppsa;283 284 if(ps->io && psa == NULL)285 {286 /*287 * This is a read and we must allocate the stuct to read into.288 */289 if((psa = (SEC_ACL*)zalloc(sizeof(SEC_ACL))) == NULL)290 return false;291 *ppsa = psa;292 }293 294 depth++;295 old_offset = ps->data_offset;296 297 if(!prs_uint16("revision", ps, depth, &psa->revision)298 || !prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size)299 || !prs_uint32("num_aces ", ps, depth, &psa->num_aces))300 {301 free(psa);302 *ppsa = NULL;303 return false;304 }305 306 if (ps->io)307 {308 /*309 * Even if the num_aces is zero, allocate memory as there's a difference310 * between a non-present DACL (allow all access) and a DACL with no ACE's311 * (allow no access).312 */313 if((psa->ace = (SEC_ACE*)zcalloc(sizeof(SEC_ACE), psa->num_aces+1)) == NULL)314 {315 free(psa);316 *ppsa = NULL;317 return false;318 }319 }320 321 for (i = 0; i < psa->num_aces; i++)322 {323 fstring tmp;324 snprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i);325 if(!sec_io_ace(tmp, &psa->ace[i], ps, depth))326 {327 free(psa);328 *ppsa = NULL;329 return false;330 }331 }332 333 /* Theoretically an ACL can have a size greater than the334 * sum of its components. When marshalling, pad with extra null335 * bytes up to the336 * correct size.337 */338 if (!ps->io && (psa->size > ps->data_offset - old_offset))339 {340 uint32 extra_len = psa->size - (ps->data_offset - old_offset);341 uint8 c = 0;342 343 for (i = 0; i < extra_len; i++)344 {345 if (!prs_uint8("acl extra space", ps, depth, &c))346 {347 free(psa);348 *ppsa = NULL;349 return false;350 }351 }352 }353 354 if(!prs_uint16_post("size ", ps, depth, &psa->size,355 offset_acl_size, old_offset))356 {357 free(psa);358 *ppsa = NULL;359 return false;360 }361 362 return true;363 }364 365 366 /*******************************************************************367 Reads or writes a SEC_DESC structure.368 If reading and the *ppsd = NULL, allocates the structure.369 ********************************************************************/370 bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)371 {372 uint32 old_offset;373 uint32 max_offset = 0; /* after we're done, move offset to end */374 uint32 tmp_offset = 0;375 376 SEC_DESC *psd;377 378 if (ppsd == NULL || ps == NULL)379 return false;380 381 psd = *ppsd;382 if (psd == NULL)383 {384 if(ps->io)385 {386 if((psd = (SEC_DESC*)zalloc(sizeof(SEC_DESC))) == NULL)387 return false;388 *ppsd = psd;389 }390 else391 {392 /* Marshalling - just ignore. */393 return true;394 }395 }396 397 depth++;398 399 /* start of security descriptor stored for back-calc offset purposes */400 old_offset = ps->data_offset;401 402 if(!prs_uint16("revision ", ps, depth, &psd->revision)403 || !prs_uint16("type ", ps, depth, &psd->type))404 {405 free(psd);406 *ppsd = NULL;407 return false;408 }409 410 if (!ps->io)411 {412 uint32 offset = SEC_DESC_HEADER_SIZE;413 414 /*415 * Work out the offsets here, as we write it out.416 */417 418 if (psd->sacl != NULL)419 {420 psd->off_sacl = offset;421 offset += psd->sacl->size;422 }423 else424 psd->off_sacl = 0;425 426 if (psd->dacl != NULL)427 {428 psd->off_dacl = offset;429 offset += psd->dacl->size;430 }431 else432 psd->off_dacl = 0;433 434 if (psd->owner_sid != NULL)435 {436 psd->off_owner_sid = offset;437 offset += sid_size(psd->owner_sid);438 }439 else440 psd->off_owner_sid = 0;441 442 if (psd->grp_sid != NULL)443 {444 psd->off_grp_sid = offset;445 offset += sid_size(psd->grp_sid);446 }447 else448 psd->off_grp_sid = 0;449 }450 451 if(!prs_uint32("off_owner_sid", ps, depth, &psd->off_owner_sid)452 || !prs_uint32("off_grp_sid ", ps, depth, &psd->off_grp_sid)453 || !prs_uint32("off_sacl ", ps, depth, &psd->off_sacl)454 || !prs_uint32("off_dacl ", ps, depth, &psd->off_dacl))455 {456 free(psd);457 *ppsd = NULL;458 return false;459 }460 max_offset = MAX(max_offset, ps->data_offset);461 462 if (psd->off_owner_sid != 0)463 {464 tmp_offset = ps->data_offset;465 if(!prs_set_offset(ps, old_offset + psd->off_owner_sid))466 {467 free(psd);468 *ppsd = NULL;469 return false;470 }471 472 if (ps->io)473 {474 /* reading */475 if((psd->owner_sid = (DOM_SID*)zalloc(sizeof(DOM_SID))) == NULL)476 {477 free(psd);478 *ppsd = NULL;479 return false;480 }481 }482 483 if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth))484 {485 if(ps->io)486 free(psd->owner_sid);487 free(psd);488 *ppsd = NULL;489 return false;490 }491 492 max_offset = MAX(max_offset, ps->data_offset);493 494 if (!prs_set_offset(ps,tmp_offset))495 {496 if(ps->io)497 free(psd->owner_sid);498 free(psd);499 *ppsd = NULL;500 return false;501 }502 }503 504 if (psd->off_grp_sid != 0)505 {506 tmp_offset = ps->data_offset;507 if(!prs_set_offset(ps, old_offset + psd->off_grp_sid))508 {509 if(ps->io)510 free(psd->owner_sid);511 free(psd);512 *ppsd = NULL;513 return false;514 }515 516 if (ps->io)517 {518 /* reading */519 if((psd->grp_sid = (DOM_SID*)zalloc(sizeof(DOM_SID))) == NULL)520 {521 free(psd->owner_sid);522 free(psd);523 *ppsd = NULL;524 return false;525 }526 }527 528 if(!smb_io_dom_sid("grp_sid", psd->grp_sid, ps, depth))529 {530 if(ps->io)531 {532 free(psd->grp_sid);533 free(psd->owner_sid);534 }535 free(psd);536 *ppsd = NULL;537 return false;538 }539 540 max_offset = MAX(max_offset, ps->data_offset);541 542 if (!prs_set_offset(ps,tmp_offset))543 {544 if(ps->io)545 {546 free(psd->grp_sid);547 free(psd->owner_sid);548 }549 free(psd);550 *ppsd = NULL;551 return false;552 }553 }554 555 if ((psd->type & SEC_DESC_SACL_PRESENT) && psd->off_sacl)556 {557 tmp_offset = ps->data_offset;558 if(!prs_set_offset(ps, old_offset + psd->off_sacl)559 || !sec_io_acl("sacl", &psd->sacl, ps, depth))560 {561 if(ps->io)562 {563 free(psd->grp_sid);564 free(psd->owner_sid);565 }566 free(psd);567 *ppsd = NULL;568 return false;569 }570 max_offset = MAX(max_offset, ps->data_offset);571 if (!prs_set_offset(ps,tmp_offset))572 {573 if(ps->io)574 {575 free(psd->grp_sid);576 free(psd->owner_sid);577 }578 free(psd);579 *ppsd = NULL;580 return false;581 }582 }583 584 if ((psd->type & SEC_DESC_DACL_PRESENT) && psd->off_dacl != 0)585 {586 tmp_offset = ps->data_offset;587 if(!prs_set_offset(ps, old_offset + psd->off_dacl)588 || !sec_io_acl("dacl", &psd->dacl, ps, depth))589 {590 if(ps->io)591 {592 free(psd->grp_sid);593 free(psd->owner_sid);594 }595 free(psd);596 *ppsd = NULL;597 return false;598 }599 max_offset = MAX(max_offset, ps->data_offset);600 if (!prs_set_offset(ps,tmp_offset))601 {602 if(ps->io)603 {604 free(psd->grp_sid);605 free(psd->owner_sid);606 }607 free(psd);608 *ppsd = NULL;609 return false;610 }611 }612 613 if(!prs_set_offset(ps, max_offset))614 {615 if(ps->io)616 {617 free(psd->grp_sid);618 free(psd->owner_sid);619 }620 free(psd);621 *ppsd = NULL;622 return false;623 }624 625 return true;626 }627 628 /* End of stuff from rpc_parse/parse_sec.c */629 630 /* From lib/secace.c */631 496 632 497 /******************************************************************* … … 653 518 } 654 519 655 /* End of stuff from lib/secace.c */656 657 /* From lib/secacl.c */658 520 659 521 /******************************************************************* 660 522 Compares two SEC_ACL structures 661 523 ********************************************************************/ 662 663 524 bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) 664 525 { … … 701 562 } 702 563 703 /* End of stuff from lib/secacl.c */704 705 /* From lib/secdesc.c */706 564 707 565 /******************************************************************* … … 742 600 return true; 743 601 } 744 745 /* End of stuff from lib/secdesc.c */
Note: See TracChangeset
for help on using the changeset viewer.