2 Unix SMB/CIFS implementation.
4 routines for marshalling/unmarshalling security descriptors
7 Copyright (C) Andrew Tridgell 2003
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
30 NTSTATUS ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid)
33 if (!(ndr_flags & NDR_SCALARS)) {
36 NDR_CHECK(ndr_pull_uint32(ndr, &num_auths));
37 return ndr_pull_dom_sid(ndr, ndr_flags, sid);
41 parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field
43 NTSTATUS ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, struct dom_sid *sid)
45 if (!(ndr_flags & NDR_SCALARS)) {
48 NDR_CHECK(ndr_push_uint32(ndr, sid->num_auths));
49 return ndr_push_dom_sid(ndr, ndr_flags, sid);
54 convert a dom_sid to a string
56 char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
63 return talloc_strdup(mem_ctx, "(NULL SID)");
66 maxlen = sid->num_auths * 11 + 25;
67 ret = talloc(mem_ctx, maxlen);
68 if (!ret) return talloc_strdup(mem_ctx, "(SID ERR)");
70 ia = (sid->id_auth[5]) +
71 (sid->id_auth[4] << 8 ) +
72 (sid->id_auth[3] << 16) +
73 (sid->id_auth[2] << 24);
75 ofs = snprintf(ret, maxlen, "S-%u-%lu",
76 (unsigned int)sid->sid_rev_num, (unsigned long)ia);
78 for (i = 0; i < sid->num_auths; i++) {
79 ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu", (unsigned long)sid->sub_auths[i]);
89 void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, struct dom_sid *sid)
91 ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr->mem_ctx, sid));
94 void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, struct dom_sid2 *sid)
96 ndr_print_dom_sid(ndr, name, sid);
100 return the wire size of a dom_sid
102 size_t ndr_size_dom_sid(struct dom_sid *sid)
105 return 8 + 4*sid->num_auths;
109 add a rid to a domain dom_sid to make a full dom_sid
111 struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
112 const struct dom_sid *domain_sid,
117 sid = talloc_p(mem_ctx, struct dom_sid);
118 if (!sid) return NULL;
121 sid->sub_auths = talloc_array_p(mem_ctx, uint32_t, sid->num_auths+1);
122 if (!sid->sub_auths) {
125 memcpy(sid->sub_auths, domain_sid->sub_auths, sid->num_auths*sizeof(uint32_t));
126 sid->sub_auths[sid->num_auths] = rid;
132 return the wire size of a security_ace
134 size_t ndr_size_security_ace(struct security_ace *ace)
137 return 8 + ndr_size_dom_sid(&ace->trustee);
142 return the wire size of a security_acl
144 size_t ndr_size_security_acl(struct security_acl *acl)
150 for (i=0;i<acl->num_aces;i++) {
151 ret += ndr_size_security_ace(&acl->aces[i]);
157 return the wire size of a security descriptor
159 size_t ndr_size_security_descriptor(struct security_descriptor *sd)
165 ret += ndr_size_dom_sid(sd->owner_sid);
166 ret += ndr_size_dom_sid(sd->group_sid);
167 ret += ndr_size_security_acl(sd->dacl);
168 ret += ndr_size_security_acl(sd->sacl);
173 talloc and copy a security descriptor
175 struct security_descriptor *copy_security_descriptor(TALLOC_CTX *mem_ctx,
176 const struct security_descriptor *osd)
178 struct security_descriptor *nsd;
181 DEBUG(1, ("copy_security_descriptor: sorry unimplemented yet\n"));