2 Unix SMB/CIFS implementation.
4 fast routines for getting the wire size of security objects
6 Copyright (C) Andrew Tridgell 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 return the wire size of a dom_sid
29 size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
32 return 8 + 4*sid->num_auths;
36 return the wire size of a security_ace
38 size_t ndr_size_security_ace(const struct security_ace *ace, int flags)
41 return 8 + ndr_size_dom_sid(&ace->trustee, flags);
46 return the wire size of a security_acl
48 size_t ndr_size_security_acl(const struct security_acl *acl, int flags)
54 for (i=0;i<acl->num_aces;i++) {
55 ret += ndr_size_security_ace(&acl->aces[i], flags);
61 return the wire size of a security descriptor
63 size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags)
69 ret += ndr_size_dom_sid(sd->owner_sid, flags);
70 ret += ndr_size_dom_sid(sd->group_sid, flags);
71 ret += ndr_size_security_acl(sd->dacl, flags);
72 ret += ndr_size_security_acl(sd->sacl, flags);
79 void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
81 ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
84 void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
86 ndr_print_dom_sid(ndr, name, sid);
89 void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
91 ndr_print_dom_sid(ndr, name, sid);
94 static NTSTATUS ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r)
96 NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
100 static NTSTATUS ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r)
103 NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
108 void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r)
110 ndr_print_uint8(ndr, name, r);
112 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_OBJECT_INHERIT", SEC_ACE_FLAG_OBJECT_INHERIT, r);
113 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_CONTAINER_INHERIT", SEC_ACE_FLAG_CONTAINER_INHERIT, r);
114 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_NO_PROPAGATE_INHERIT", SEC_ACE_FLAG_NO_PROPAGATE_INHERIT, r);
115 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_INHERIT_ONLY", SEC_ACE_FLAG_INHERIT_ONLY, r);
116 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_INHERITED_ACE", SEC_ACE_FLAG_INHERITED_ACE, r);
117 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_VALID_INHERIT", SEC_ACE_FLAG_VALID_INHERIT, r);
118 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_SUCCESSFUL_ACCESS", SEC_ACE_FLAG_SUCCESSFUL_ACCESS, r);
119 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_FAILED_ACCESS", SEC_ACE_FLAG_FAILED_ACCESS, r);
123 static NTSTATUS ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r)
125 NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
129 static NTSTATUS ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r)
132 NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
133 *r = (enum security_ace_type)v;
137 void ndr_print_security_ace_type(struct ndr_print *ndr, const char *name, enum security_ace_type r)
139 const char *val = NULL;
142 case SEC_ACE_TYPE_ACCESS_ALLOWED: val = "SEC_ACE_TYPE_ACCESS_ALLOWED"; break;
143 case SEC_ACE_TYPE_ACCESS_DENIED: val = "SEC_ACE_TYPE_ACCESS_DENIED"; break;
144 case SEC_ACE_TYPE_SYSTEM_AUDIT: val = "SEC_ACE_TYPE_SYSTEM_AUDIT"; break;
145 case SEC_ACE_TYPE_SYSTEM_ALARM: val = "SEC_ACE_TYPE_SYSTEM_ALARM"; break;
146 case SEC_ACE_TYPE_ALLOWED_COMPOUND: val = "SEC_ACE_TYPE_ALLOWED_COMPOUND"; break;
147 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: val = "SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT"; break;
148 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: val = "SEC_ACE_TYPE_ACCESS_DENIED_OBJECT"; break;
149 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: val = "SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT"; break;
150 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: val = "SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT"; break;
152 ndr_print_enum(ndr, name, "ENUM", val, r);
155 static NTSTATUS ndr_push_security_ace_object_flags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
157 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
161 static NTSTATUS ndr_pull_security_ace_object_flags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
164 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
169 void ndr_print_security_ace_object_flags(struct ndr_print *ndr, const char *name, uint32_t r)
171 ndr_print_uint32(ndr, name, r);
173 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_ACE_OBJECT_TYPE_PRESENT", SEC_ACE_OBJECT_TYPE_PRESENT, r);
174 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT", SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT, r);
178 static NTSTATUS ndr_push_security_ace_object_type(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_type *r)
181 level = ndr_push_get_switch_value(ndr, r);
182 if (ndr_flags & NDR_SCALARS) {
184 case SEC_ACE_OBJECT_TYPE_PRESENT:
185 NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->type));
193 if (ndr_flags & NDR_BUFFERS) {
195 case SEC_ACE_OBJECT_TYPE_PRESENT:
206 static NTSTATUS ndr_pull_security_ace_object_type(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_type *r)
209 level = ndr_pull_get_switch_value(ndr, r);
210 if (ndr_flags & NDR_SCALARS) {
212 case SEC_ACE_OBJECT_TYPE_PRESENT: {
213 NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->type));
221 if (ndr_flags & NDR_BUFFERS) {
223 case SEC_ACE_OBJECT_TYPE_PRESENT:
234 void ndr_print_security_ace_object_type(struct ndr_print *ndr, const char *name, const union security_ace_object_type *r)
237 level = ndr_print_get_switch_value(ndr, r);
238 ndr_print_union(ndr, name, level, "security_ace_object_type");
240 case SEC_ACE_OBJECT_TYPE_PRESENT:
241 ndr_print_GUID(ndr, "type", &r->type);
250 static NTSTATUS ndr_push_security_ace_object_inherited_type(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_inherited_type *r)
253 level = ndr_push_get_switch_value(ndr, r);
254 if (ndr_flags & NDR_SCALARS) {
256 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
257 NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->inherited_type));
265 if (ndr_flags & NDR_BUFFERS) {
267 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
278 static NTSTATUS ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_inherited_type *r)
281 level = ndr_pull_get_switch_value(ndr, r);
282 if (ndr_flags & NDR_SCALARS) {
284 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
285 NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->inherited_type));
293 if (ndr_flags & NDR_BUFFERS) {
295 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
306 void ndr_print_security_ace_object_inherited_type(struct ndr_print *ndr, const char *name, const union security_ace_object_inherited_type *r)
309 level = ndr_print_get_switch_value(ndr, r);
310 ndr_print_union(ndr, name, level, "security_ace_object_inherited_type");
312 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
313 ndr_print_GUID(ndr, "inherited_type", &r->inherited_type);
322 static NTSTATUS ndr_push_security_ace_object(struct ndr_push *ndr, int ndr_flags, const struct security_ace_object *r)
324 if (ndr_flags & NDR_SCALARS) {
325 NDR_CHECK(ndr_push_align(ndr, 4));
326 NDR_CHECK(ndr_push_security_ace_object_flags(ndr, NDR_SCALARS, r->flags));
327 NDR_CHECK(ndr_push_set_switch_value(ndr, &r->type, r->flags&SEC_ACE_OBJECT_TYPE_PRESENT));
328 NDR_CHECK(ndr_push_security_ace_object_type(ndr, NDR_SCALARS, &r->type));
329 NDR_CHECK(ndr_push_set_switch_value(ndr, &r->inherited_type, r->flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
330 NDR_CHECK(ndr_push_security_ace_object_inherited_type(ndr, NDR_SCALARS, &r->inherited_type));
332 if (ndr_flags & NDR_BUFFERS) {
333 NDR_CHECK(ndr_push_security_ace_object_type(ndr, NDR_BUFFERS, &r->type));
334 NDR_CHECK(ndr_push_security_ace_object_inherited_type(ndr, NDR_BUFFERS, &r->inherited_type));
339 static NTSTATUS ndr_pull_security_ace_object(struct ndr_pull *ndr, int ndr_flags, struct security_ace_object *r)
341 if (ndr_flags & NDR_SCALARS) {
342 NDR_CHECK(ndr_pull_align(ndr, 4));
343 NDR_CHECK(ndr_pull_security_ace_object_flags(ndr, NDR_SCALARS, &r->flags));
344 NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->type, r->flags&SEC_ACE_OBJECT_TYPE_PRESENT));
345 NDR_CHECK(ndr_pull_security_ace_object_type(ndr, NDR_SCALARS, &r->type));
346 NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->inherited_type, r->flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
347 NDR_CHECK(ndr_pull_security_ace_object_inherited_type(ndr, NDR_SCALARS, &r->inherited_type));
349 if (ndr_flags & NDR_BUFFERS) {
350 NDR_CHECK(ndr_pull_security_ace_object_type(ndr, NDR_BUFFERS, &r->type));
351 NDR_CHECK(ndr_pull_security_ace_object_inherited_type(ndr, NDR_BUFFERS, &r->inherited_type));
356 void ndr_print_security_ace_object(struct ndr_print *ndr, const char *name, const struct security_ace_object *r)
358 ndr_print_struct(ndr, name, "security_ace_object");
360 ndr_print_security_ace_object_flags(ndr, "flags", r->flags);
361 ndr_print_set_switch_value(ndr, &r->type, r->flags&SEC_ACE_OBJECT_TYPE_PRESENT);
362 ndr_print_security_ace_object_type(ndr, "type", &r->type);
363 ndr_print_set_switch_value(ndr, &r->inherited_type, r->flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT);
364 ndr_print_security_ace_object_inherited_type(ndr, "inherited_type", &r->inherited_type);
368 static NTSTATUS ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r)
371 level = ndr_push_get_switch_value(ndr, r);
372 if (ndr_flags & NDR_SCALARS) {
374 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
375 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
378 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
379 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
382 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
383 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
386 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
387 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
395 if (ndr_flags & NDR_BUFFERS) {
397 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
398 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
401 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
402 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
405 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
406 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
409 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
410 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
421 static NTSTATUS ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r)
424 level = ndr_pull_get_switch_value(ndr, r);
425 if (ndr_flags & NDR_SCALARS) {
427 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
428 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
431 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: {
432 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
435 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: {
436 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
439 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: {
440 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
448 if (ndr_flags & NDR_BUFFERS) {
450 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
451 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
454 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
455 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
458 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
459 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
462 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
463 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
474 void ndr_print_security_ace_object_ctr(struct ndr_print *ndr, const char *name, const union security_ace_object_ctr *r)
477 level = ndr_print_get_switch_value(ndr, r);
478 ndr_print_union(ndr, name, level, "security_ace_object_ctr");
480 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
481 ndr_print_security_ace_object(ndr, "object", &r->object);
484 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
485 ndr_print_security_ace_object(ndr, "object", &r->object);
488 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
489 ndr_print_security_ace_object(ndr, "object", &r->object);
492 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
493 ndr_print_security_ace_object(ndr, "object", &r->object);
502 NTSTATUS ndr_push_security_ace(struct ndr_push *ndr, int ndr_flags, const struct security_ace *r)
504 if (ndr_flags & NDR_SCALARS) {
505 NDR_CHECK(ndr_push_align(ndr, 4));
506 NDR_CHECK(ndr_push_security_ace_type(ndr, NDR_SCALARS, r->type));
507 NDR_CHECK(ndr_push_security_ace_flags(ndr, NDR_SCALARS, r->flags));
508 NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ndr_size_security_ace(r,ndr->flags)));
509 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->access_mask));
510 NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, r->type));
511 NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
512 NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee));
514 if (ndr_flags & NDR_BUFFERS) {
515 NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
520 NTSTATUS ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r)
522 if (ndr_flags & NDR_SCALARS) {
523 NDR_CHECK(ndr_pull_align(ndr, 4));
524 NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type));
525 NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags));
526 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
527 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask));
528 NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
529 NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
530 NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
532 if (ndr_flags & NDR_BUFFERS) {
533 NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
538 void ndr_print_security_ace(struct ndr_print *ndr, const char *name, const struct security_ace *r)
540 ndr_print_struct(ndr, name, "security_ace");
542 ndr_print_security_ace_type(ndr, "type", r->type);
543 ndr_print_security_ace_flags(ndr, "flags", r->flags);
544 ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_ace(r,ndr->flags):r->size);
545 ndr_print_uint32(ndr, "access_mask", r->access_mask);
546 ndr_print_set_switch_value(ndr, &r->object, r->type);
547 ndr_print_security_ace_object_ctr(ndr, "object", &r->object);
548 ndr_print_dom_sid(ndr, "trustee", &r->trustee);
552 static NTSTATUS ndr_push_security_acl_revision(struct ndr_push *ndr, int ndr_flags, enum security_acl_revision r)
554 NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
558 static NTSTATUS ndr_pull_security_acl_revision(struct ndr_pull *ndr, int ndr_flags, enum security_acl_revision *r)
561 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
562 *r = (enum security_acl_revision)v;
566 void ndr_print_security_acl_revision(struct ndr_print *ndr, const char *name, enum security_acl_revision r)
568 const char *val = NULL;
571 case SECURITY_ACL_REVISION_NT4: val = "SECURITY_ACL_REVISION_NT4"; break;
572 case SECURITY_ACL_REVISION_ADS: val = "SECURITY_ACL_REVISION_ADS"; break;
574 ndr_print_enum(ndr, name, "ENUM", val, r);
577 NTSTATUS ndr_push_security_acl(struct ndr_push *ndr, int ndr_flags, const struct security_acl *r)
579 uint32_t cntr_aces_0;
580 if (ndr_flags & NDR_SCALARS) {
581 NDR_CHECK(ndr_push_align(ndr, 4));
582 NDR_CHECK(ndr_push_security_acl_revision(ndr, NDR_SCALARS, r->revision));
583 NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ndr_size_security_acl(r,ndr->flags)));
584 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_aces));
585 for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
586 NDR_CHECK(ndr_push_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0]));
589 if (ndr_flags & NDR_BUFFERS) {
590 for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
591 NDR_CHECK(ndr_push_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0]));
597 NTSTATUS ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_flags, struct security_acl *r)
599 uint32_t cntr_aces_0;
600 TALLOC_CTX *_mem_save_aces_0;
601 if (ndr_flags & NDR_SCALARS) {
602 NDR_CHECK(ndr_pull_align(ndr, 4));
603 NDR_CHECK(ndr_pull_security_acl_revision(ndr, NDR_SCALARS, &r->revision));
604 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
605 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
606 if (r->num_aces > 1000) { /* num_aces is unsigned */
607 return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
609 NDR_PULL_ALLOC_N(ndr, r->aces, r->num_aces);
610 _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr);
611 NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0);
612 for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
613 NDR_CHECK(ndr_pull_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0]));
615 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0);
617 if (ndr_flags & NDR_BUFFERS) {
618 _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr);
619 NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0);
620 for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
621 NDR_CHECK(ndr_pull_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0]));
623 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0);
628 void ndr_print_security_acl(struct ndr_print *ndr, const char *name, const struct security_acl *r)
630 uint32_t cntr_aces_0;
631 ndr_print_struct(ndr, name, "security_acl");
633 ndr_print_security_acl_revision(ndr, "revision", r->revision);
634 ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_acl(r,ndr->flags):r->size);
635 ndr_print_uint32(ndr, "num_aces", r->num_aces);
636 ndr->print(ndr, "%s: ARRAY(%d)", "aces", r->num_aces);
638 for (cntr_aces_0=0;cntr_aces_0<r->num_aces;cntr_aces_0++) {
640 asprintf(&idx_0, "[%d]", cntr_aces_0);
642 ndr_print_security_ace(ndr, "aces", &r->aces[cntr_aces_0]);
650 static NTSTATUS ndr_push_security_descriptor_revision(struct ndr_push *ndr, int ndr_flags, enum security_descriptor_revision r)
652 NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
656 static NTSTATUS ndr_pull_security_descriptor_revision(struct ndr_pull *ndr, int ndr_flags, enum security_descriptor_revision *r)
659 NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
660 *r = (enum security_descriptor_revision)v;
664 void ndr_print_security_descriptor_revision(struct ndr_print *ndr, const char *name, enum security_descriptor_revision r)
666 const char *val = NULL;
669 case SECURITY_DESCRIPTOR_REVISION_1: val = "SECURITY_DESCRIPTOR_REVISION_1"; break;
671 ndr_print_enum(ndr, name, "ENUM", val, r);
674 static NTSTATUS ndr_push_security_descriptor_type(struct ndr_push *ndr, int ndr_flags, uint16_t r)
676 NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
680 static NTSTATUS ndr_pull_security_descriptor_type(struct ndr_pull *ndr, int ndr_flags, uint16_t *r)
683 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
688 void ndr_print_security_descriptor_type(struct ndr_print *ndr, const char *name, uint16_t r)
690 ndr_print_uint16(ndr, name, r);
692 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_OWNER_DEFAULTED", SEC_DESC_OWNER_DEFAULTED, r);
693 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_GROUP_DEFAULTED", SEC_DESC_GROUP_DEFAULTED, r);
694 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_PRESENT", SEC_DESC_DACL_PRESENT, r);
695 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_DEFAULTED", SEC_DESC_DACL_DEFAULTED, r);
696 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_PRESENT", SEC_DESC_SACL_PRESENT, r);
697 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_DEFAULTED", SEC_DESC_SACL_DEFAULTED, r);
698 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_TRUSTED", SEC_DESC_DACL_TRUSTED, r);
699 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SERVER_SECURITY", SEC_DESC_SERVER_SECURITY, r);
700 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_AUTO_INHERIT_REQ", SEC_DESC_DACL_AUTO_INHERIT_REQ, r);
701 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_AUTO_INHERIT_REQ", SEC_DESC_SACL_AUTO_INHERIT_REQ, r);
702 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_AUTO_INHERITED", SEC_DESC_DACL_AUTO_INHERITED, r);
703 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_AUTO_INHERITED", SEC_DESC_SACL_AUTO_INHERITED, r);
704 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_PROTECTED", SEC_DESC_DACL_PROTECTED, r);
705 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_PROTECTED", SEC_DESC_SACL_PROTECTED, r);
706 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_RM_CONTROL_VALID", SEC_DESC_RM_CONTROL_VALID, r);
707 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SELF_RELATIVE", SEC_DESC_SELF_RELATIVE, r);
711 NTSTATUS ndr_push_security_descriptor(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor *r)
714 uint32_t _flags_save_STRUCT = ndr->flags;
715 ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
716 if (ndr_flags & NDR_SCALARS) {
717 NDR_CHECK(ndr_push_align(ndr, 4));
718 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
719 NDR_CHECK(ndr_push_security_descriptor_type(ndr, NDR_SCALARS, r->type));
720 NDR_CHECK(ndr_push_relative_ptr1(ndr, r->owner_sid));
721 NDR_CHECK(ndr_push_relative_ptr1(ndr, r->group_sid));
722 NDR_CHECK(ndr_push_relative_ptr1(ndr, r->sacl));
723 NDR_CHECK(ndr_push_relative_ptr1(ndr, r->dacl));
725 if (ndr_flags & NDR_BUFFERS) {
727 NDR_CHECK(ndr_push_relative_ptr2(ndr, r->owner_sid));
728 NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
731 NDR_CHECK(ndr_push_relative_ptr2(ndr, r->group_sid));
732 NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid));
735 NDR_CHECK(ndr_push_relative_ptr2(ndr, r->sacl));
736 NDR_CHECK(ndr_push_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->sacl));
739 NDR_CHECK(ndr_push_relative_ptr2(ndr, r->dacl));
740 NDR_CHECK(ndr_push_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->dacl));
743 ndr->flags = _flags_save_STRUCT;
748 NTSTATUS ndr_pull_security_descriptor(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor *r)
750 uint32_t _ptr_owner_sid;
751 TALLOC_CTX *_mem_save_owner_sid_0;
752 uint32_t _ptr_group_sid;
753 TALLOC_CTX *_mem_save_group_sid_0;
755 TALLOC_CTX *_mem_save_sacl_0;
757 TALLOC_CTX *_mem_save_dacl_0;
759 uint32_t _flags_save_STRUCT = ndr->flags;
760 ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
761 if (ndr_flags & NDR_SCALARS) {
762 NDR_CHECK(ndr_pull_align(ndr, 4));
763 NDR_CHECK(ndr_pull_security_descriptor_revision(ndr, NDR_SCALARS, &r->revision));
764 NDR_CHECK(ndr_pull_security_descriptor_type(ndr, NDR_SCALARS, &r->type));
765 NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
766 if (_ptr_owner_sid) {
767 NDR_PULL_ALLOC(ndr, r->owner_sid);
768 NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->owner_sid, _ptr_owner_sid));
772 NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
773 if (_ptr_group_sid) {
774 NDR_PULL_ALLOC(ndr, r->group_sid);
775 NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->group_sid, _ptr_group_sid));
779 NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
781 NDR_PULL_ALLOC(ndr, r->sacl);
782 NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
786 NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
788 NDR_PULL_ALLOC(ndr, r->dacl);
789 NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
794 if (ndr_flags & NDR_BUFFERS) {
796 struct ndr_pull_save _relative_save;
797 ndr_pull_save(ndr, &_relative_save);
798 NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
799 _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
800 NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
801 NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
802 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
803 ndr_pull_restore(ndr, &_relative_save);
806 struct ndr_pull_save _relative_save;
807 ndr_pull_save(ndr, &_relative_save);
808 NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
809 _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
810 NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
811 NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
812 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
813 ndr_pull_restore(ndr, &_relative_save);
816 struct ndr_pull_save _relative_save;
817 ndr_pull_save(ndr, &_relative_save);
818 NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
819 _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
820 NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
821 NDR_CHECK(ndr_pull_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->sacl));
822 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
823 ndr_pull_restore(ndr, &_relative_save);
826 struct ndr_pull_save _relative_save;
827 ndr_pull_save(ndr, &_relative_save);
828 NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
829 _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
830 NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
831 NDR_CHECK(ndr_pull_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->dacl));
832 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
833 ndr_pull_restore(ndr, &_relative_save);
836 ndr->flags = _flags_save_STRUCT;
841 void ndr_print_security_descriptor(struct ndr_print *ndr, const char *name, const struct security_descriptor *r)
843 ndr_print_struct(ndr, name, "security_descriptor");
845 uint32_t _flags_save_STRUCT = ndr->flags;
846 ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
848 ndr_print_security_descriptor_revision(ndr, "revision", r->revision);
849 ndr_print_security_descriptor_type(ndr, "type", r->type);
850 ndr_print_ptr(ndr, "owner_sid", r->owner_sid);
853 ndr_print_dom_sid(ndr, "owner_sid", r->owner_sid);
856 ndr_print_ptr(ndr, "group_sid", r->group_sid);
859 ndr_print_dom_sid(ndr, "group_sid", r->group_sid);
862 ndr_print_ptr(ndr, "sacl", r->sacl);
865 ndr_print_security_acl(ndr, "sacl", r->sacl);
868 ndr_print_ptr(ndr, "dacl", r->dacl);
871 ndr_print_security_acl(ndr, "dacl", r->dacl);
875 ndr->flags = _flags_save_STRUCT;
879 NTSTATUS ndr_push_security_secinfo(struct ndr_push *ndr, int ndr_flags, uint32_t r)
881 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
885 NTSTATUS ndr_pull_security_secinfo(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
888 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
893 void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name, uint32_t r)
895 ndr_print_uint32(ndr, name, r);
897 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_OWNER", SECINFO_OWNER, r);
898 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_GROUP", SECINFO_GROUP, r);
899 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_DACL", SECINFO_DACL, r);
900 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_SACL", SECINFO_SACL, r);