*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
Check if ACE has OBJECT type.
********************************************************************/
-BOOL sec_ace_object(uint8 type)
+bool sec_ace_object(uint8 type)
{
if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
ace_dest->type = ace_src->type;
ace_dest->flags = ace_src->flags;
ace_dest->size = ace_src->size;
- ace_dest->info.mask = ace_src->info.mask;
- ace_dest->obj_flags = ace_src->obj_flags;
- memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE);
- memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE);
+ ace_dest->access_mask = ace_src->access_mask;
+ ace_dest->object = ace_src->object;
sid_copy(&ace_dest->trustee, &ace_src->trustee);
}
Sets up a SEC_ACE structure.
********************************************************************/
-void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag)
+void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type,
+ uint32_t mask, uint8 flag)
{
t->type = type;
t->flags = flag;
- t->size = sid_size(sid) + 8;
- t->info = mask;
+ t->size = ndr_size_dom_sid(sid, NULL, 0) + 8;
+ t->access_mask = mask;
ZERO_STRUCTP(&t->trustee);
sid_copy(&t->trustee, sid);
adds new SID with its permissions to ACE list
********************************************************************/
-NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask)
+NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask)
{
unsigned int i = 0;
- if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER;
+ if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER;
*num += 1;
- if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0)
+ if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0)
return NT_STATUS_NO_MEMORY;
for (i = 0; i < *num - 1; i ++)
- sec_ace_copy(&(*new)[i], &old[i]);
+ sec_ace_copy(&(*pp_new)[i], &old[i]);
- (*new)[i].type = 0;
- (*new)[i].flags = 0;
- (*new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid);
- (*new)[i].info.mask = mask;
- sid_copy(&(*new)[i].trustee, sid);
+ (*pp_new)[i].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ (*pp_new)[i].flags = 0;
+ (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + ndr_size_dom_sid(sid, NULL, 0);
+ (*pp_new)[i].access_mask = mask;
+ sid_copy(&(*pp_new)[i].trustee, sid);
return NT_STATUS_OK;
}
for (i = 0; i < num; i ++) {
if (sid_compare(&ace[i].trustee, sid) == 0) {
- ace[i].info.mask = mask;
+ ace[i].access_mask = mask;
return NT_STATUS_OK;
}
}
delete SID from ACL
********************************************************************/
-NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **new, SEC_ACE *old, uint32 *num, DOM_SID *sid)
+NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 *num, DOM_SID *sid)
{
unsigned int i = 0;
unsigned int n_del = 0;
- if (!ctx || !new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER;
+ if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER;
- if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0)
- return NT_STATUS_NO_MEMORY;
+ if (*num) {
+ if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0)
+ return NT_STATUS_NO_MEMORY;
+ } else {
+ pp_new[0] = NULL;
+ }
for (i = 0; i < *num; i ++) {
if (sid_compare(&old[i].trustee, sid) != 0)
- sec_ace_copy(&(*new)[i], &old[i]);
+ sec_ace_copy(&(*pp_new)[i], &old[i]);
else
n_del ++;
}
Compares two SEC_ACE structures
********************************************************************/
-BOOL sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2)
+bool sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2)
{
/* Trivial case */
- if (!s1 && !s2) return True;
+ if (!s1 && !s2) {
+ return True;
+ }
+
+ if (!s1 || !s2) {
+ return False;
+ }
/* Check top level stuff */
if (s1->type != s2->type || s1->flags != s2->flags ||
- s1->info.mask != s2->info.mask) {
+ s1->access_mask != s2->access_mask) {
return False;
}
Check if this ACE has a SID in common with the token.
********************************************************************/
-BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
+bool token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
{
size_t i;