libcli/security: move secdesc.c to the top level libcli/security

author Andrew Bartlett <abartlet@samba.org>

Mon, 30 May 2011 03:23:56 +0000 (13:23 +1000)

committer Andrew Bartlett <abartlet@samba.org>

Mon, 30 May 2011 22:32:07 +0000 (00:32 +0200)
author Andrew Bartlett <abartlet@samba.org>
Mon, 30 May 2011 03:23:56 +0000 (13:23 +1000)
committer Andrew Bartlett <abartlet@samba.org>
Mon, 30 May 2011 22:32:07 +0000 (00:32 +0200)
diff --git a/source3/lib/secdesc.c b/libcli/security/secdesc.c

similarity index 92%

rename from source3/lib/secdesc.c

rename to libcli/security/secdesc.c

index 001eccb5763b5a95b95c0726d7ae38ca80bbfe86..5d75f073f44b2c20f866873f22307ec20fe5980d 100644 (file)
--- a/source3/lib/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -1,28 +1,28 @@
-/* 
+/*
   *  Unix SMB/Netbios implementation.
   *  SEC_DESC handling functions
   *  Copyright (C) Andrew Tridgell              1992-1998,
   *  Copyright (C) Jeremy R. Allison            1995-2003.
   *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
   *  Copyright (C) Paul Ashton                  1997-1998.
   *  Unix SMB/Netbios implementation.
   *  SEC_DESC handling functions
   *  Copyright (C) Andrew Tridgell              1992-1998,
   *  Copyright (C) Jeremy R. Allison            1995-2003.
   *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
   *  Copyright (C) Paul Ashton                  1997-1998.
- *  
+ *
   *  This program is free software; you can redistribute it and/or modify
   *  it under the terms of the GNU General Public License as published by
   *  the Free Software Foundation; either version 3 of the License, or
   *  (at your option) any later version.
   *  This program is free software; you can redistribute it and/or modify
   *  it under the terms of the GNU General Public License as published by
   *  the Free Software Foundation; either version 3 of the License, or
   *  (at your option) any later version.
- *  
+ *
   *  This program is distributed in the hope that it will be useful,
   *  but WITHOUT ANY WARRANTY; without even the implied warranty of
   *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   *  GNU General Public License for more details.
   *  This program is distributed in the hope that it will be useful,
   *  but WITHOUT ANY WARRANTY; without even the implied warranty of
   *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   *  GNU General Public License for more details.
- *  
+ *
   *  You should have received a copy of the GNU General Public License
   *  along with this program; if not, see <http://www.gnu.org/licenses/>.
   */
  
  #include "includes.h"
   *  You should have received a copy of the GNU General Public License
   *  along with this program; if not, see <http://www.gnu.org/licenses/>.
   */
  
  #include "includes.h"
-#include "../librpc/gen_ndr/ndr_security.h"
-#include "../libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
  
  #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
                                         SECINFO_DACL|SECINFO_SACL|\
  
  #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
                                         SECINFO_DACL|SECINFO_SACL|\
@@ -68,7 +68,7 @@ uint32_t get_sec_info(const struct security_descriptor *sd)
  
  
  /*******************************************************************
  
  
  /*******************************************************************
- Merge part of security descriptor old_sec in to the empty sections of 
+ Merge part of security descriptor old_sec in to the empty sections of
   security descriptor new_sec.
  ********************************************************************/
  
   security descriptor new_sec.
  ********************************************************************/
  
@@ -78,7 +78,7 @@ struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *ne
         struct sec_desc_buf *return_sdb;
         struct security_acl *dacl, *sacl;
         struct security_descriptor *psd = NULL;
         struct sec_desc_buf *return_sdb;
         struct security_acl *dacl, *sacl;
         struct security_descriptor *psd = NULL;
-       uint16 secdesc_type;
+       uint16_t secdesc_type;
         size_t secdesc_size;
  
         /* Copy over owner and group sids.  There seems to be no flag for
         size_t secdesc_size;
  
         /* Copy over owner and group sids.  There seems to be no flag for
@@ -89,11 +89,11 @@ struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *ne
  
         group_sid = new_sdb->sd->group_sid ? new_sdb->sd->group_sid :
                 old_sdb->sd->group_sid;
  
         group_sid = new_sdb->sd->group_sid ? new_sdb->sd->group_sid :
                 old_sdb->sd->group_sid;
-       
+
         secdesc_type = new_sdb->sd->type;
  
         /* Ignore changes to the system ACL.  This has the effect of making
         secdesc_type = new_sdb->sd->type;
  
         /* Ignore changes to the system ACL.  This has the effect of making
-          changes through the security tab audit button not sticking. 
+          changes through the security tab audit button not sticking.
            Perhaps in future Samba could implement these settings somehow. */
  
         sacl = NULL;
            Perhaps in future Samba could implement these settings somehow. */
  
         sacl = NULL;
@@ -122,7 +122,7 @@ struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_desc
         struct dom_sid *owner_sid, *group_sid;
         struct security_acl *dacl, *sacl;
         struct security_descriptor *psd = NULL;
         struct dom_sid *owner_sid, *group_sid;
         struct security_acl *dacl, *sacl;
         struct security_descriptor *psd = NULL;
-       uint16 secdesc_type;
+       uint16_t secdesc_type;
         size_t secdesc_size;
  
         /* Copy over owner and group sids.  There seems to be no flag for
         size_t secdesc_size;
  
         /* Copy over owner and group sids.  There seems to be no flag for
@@ -162,20 +162,20 @@ struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_desc
   Creates a struct security_descriptor structure
  ********************************************************************/
  
   Creates a struct security_descriptor structure
  ********************************************************************/
  
-#define  SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32))
+#define  SEC_DESC_HEADER_SIZE (2 * sizeof(uint16_t) + 4 * sizeof(uint32_t))
  
  struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx,
                         enum security_descriptor_revision revision,
  
  struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx,
                         enum security_descriptor_revision revision,
-                       uint16 type,
+                       uint16_t type,
                         const struct dom_sid *owner_sid, const struct dom_sid *grp_sid,
                         struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size)
  {
         struct security_descriptor *dst;
                         const struct dom_sid *owner_sid, const struct dom_sid *grp_sid,
                         struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size)
  {
         struct security_descriptor *dst;
-       uint32 offset     = 0;
+       uint32_t offset     = 0;
  
         *sd_size = 0;
  
  
         *sd_size = 0;
  
-       if(( dst = TALLOC_ZERO_P(ctx, struct security_descriptor)) == NULL)
+       if(( dst = talloc_zero(ctx, struct security_descriptor)) == NULL)
                 return NULL;
  
         dst->revision = revision;
                 return NULL;
  
         dst->revision = revision;
@@ -254,7 +254,7 @@ struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_
  ********************************************************************/
  NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx,
                            struct security_descriptor *secdesc,
  ********************************************************************/
  NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx,
                            struct security_descriptor *secdesc,
-                          uint8 **data, size_t *len)
+                          uint8_t **data, size_t *len)
  {
         DATA_BLOB blob;
         enum ndr_err_code ndr_err;
  {
         DATA_BLOB blob;
         enum ndr_err_code ndr_err;
@@ -303,7 +303,7 @@ NTSTATUS marshall_sec_desc_buf(TALLOC_CTX *mem_ctx,
  /*******************************************************************
   Parse a byte stream into a secdesc
  ********************************************************************/
  /*******************************************************************
   Parse a byte stream into a secdesc
  ********************************************************************/
-NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len,
+NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len,
                              struct security_descriptor **psecdesc)
  {
         DATA_BLOB blob;
                              struct security_descriptor **psecdesc)
  {
         DATA_BLOB blob;
@@ -314,7 +314,7 @@ NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len,
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
-       result = TALLOC_ZERO_P(mem_ctx, struct security_descriptor);
+       result = talloc_zero(mem_ctx, struct security_descriptor);
         if (result == NULL) {
                 return NT_STATUS_NO_MEMORY;
         }
         if (result == NULL) {
                 return NT_STATUS_NO_MEMORY;
         }
@@ -350,7 +350,7 @@ NTSTATUS unmarshall_sec_desc_buf(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len,
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
-       result = TALLOC_ZERO_P(mem_ctx, struct sec_desc_buf);
+       result = talloc_zero(mem_ctx, struct sec_desc_buf);
         if (result == NULL) {
                 return NT_STATUS_NO_MEMORY;
         }
         if (result == NULL) {
                 return NT_STATUS_NO_MEMORY;
         }
@@ -391,12 +391,12 @@ struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct secur
  {
         struct sec_desc_buf *dst;
  
  {
         struct sec_desc_buf *dst;
  
-       if((dst = TALLOC_ZERO_P(ctx, struct sec_desc_buf)) == NULL)
+       if((dst = talloc_zero(ctx, struct sec_desc_buf)) == NULL)
                 return NULL;
  
         /* max buffer size (allocated size) */
                 return NULL;
  
         /* max buffer size (allocated size) */
-       dst->sd_size = (uint32)len;
-       
+       dst->sd_size = (uint32_t)len;
+
         if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) {
                 return NULL;
         }
         if(sec_desc && ((dst->sd = dup_sec_desc(ctx, sec_desc)) == NULL)) {
                 return NULL;
         }
@@ -420,7 +420,7 @@ struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src)
   Add a new SID with its permissions to struct security_descriptor.
  ********************************************************************/
  
   Add a new SID with its permissions to struct security_descriptor.
  ********************************************************************/
  
-NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32 mask, size_t *sd_size)
+NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32_t mask, size_t *sd_size)
  {
         struct security_descriptor *sd   = 0;
         struct security_acl  *dacl = 0;
  {
         struct security_descriptor *sd   = 0;
         struct security_acl  *dacl = 0;
@@ -433,14 +433,14 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, con
         *sd_size = 0;
  
         status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask);
         *sd_size = 0;
  
         status = sec_ace_add_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid, mask);
-       
+
         if (!NT_STATUS_IS_OK(status))
                 return status;
  
         if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
                 return NT_STATUS_UNSUCCESSFUL;
         if (!NT_STATUS_IS_OK(status))
                 return status;
  
         if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
                 return NT_STATUS_UNSUCCESSFUL;
-       
-       if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, 
+
+       if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
                 psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
                 return NT_STATUS_UNSUCCESSFUL;
  
                 psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
                 return NT_STATUS_UNSUCCESSFUL;
  
@@ -453,7 +453,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, con
   Modify a SID's permissions in a struct security_descriptor.
  ********************************************************************/
  
   Modify a SID's permissions in a struct security_descriptor.
  ********************************************************************/
  
-NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32 mask)
+NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32_t mask)
  {
         NTSTATUS status;
  
  {
         NTSTATUS status;
  
@@ -464,7 +464,7 @@ NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, u
  
         if (!NT_STATUS_IS_OK(status))
                 return status;
  
         if (!NT_STATUS_IS_OK(status))
                 return status;
-       
+
         return NT_STATUS_OK;
  }
  
         return NT_STATUS_OK;
  }
  
@@ -483,7 +483,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, str
                 return NT_STATUS_INVALID_PARAMETER;
  
         *sd_size = 0;
                 return NT_STATUS_INVALID_PARAMETER;
  
         *sd_size = 0;
-       
+
         status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid);
  
         if (!NT_STATUS_IS_OK(status))
         status = sec_ace_del_sid(ctx, &ace, psd[0]->dacl->aces, &psd[0]->dacl->num_aces, sid);
  
         if (!NT_STATUS_IS_OK(status))
@@ -491,8 +491,8 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, str
  
         if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
                 return NT_STATUS_UNSUCCESSFUL;
  
         if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
                 return NT_STATUS_UNSUCCESSFUL;
-       
-       if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid, 
+
+       if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
                 psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
                 return NT_STATUS_UNSUCCESSFUL;
  
                 psd[0]->group_sid, psd[0]->sacl, dacl, sd_size)))
                 return NT_STATUS_UNSUCCESSFUL;
  
@@ -560,6 +560,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
         struct security_ace *new_ace_list = NULL;
         unsigned int new_ace_list_ndx = 0, i;
  
         struct security_ace *new_ace_list = NULL;
         unsigned int new_ace_list_ndx = 0, i;
  
+       TALLOC_CTX *frame;
+
         *ppsd = NULL;
         *psize = 0;
  
         *ppsd = NULL;
         *psize = 0;
  
@@ -574,20 +576,22 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
                         return NT_STATUS_NO_MEMORY;
                 }
  
                         return NT_STATUS_NO_MEMORY;
                 }
  
-               if (!(new_ace_list = TALLOC_ARRAY(ctx, struct security_ace,
-                                               2*the_acl->num_aces))) {
+               if (!(new_ace_list = talloc_array(ctx, struct security_ace,
+                                                 2*the_acl->num_aces))) {
                         return NT_STATUS_NO_MEMORY;
                 }
         } else {
                 new_ace_list = NULL;
         }
  
                         return NT_STATUS_NO_MEMORY;
                 }
         } else {
                 new_ace_list = NULL;
         }
  
+       frame = talloc_stackframe();
+
         for (i = 0; i < the_acl->num_aces; i++) {
                 const struct security_ace *ace = &the_acl->aces[i];
                 struct security_ace *new_ace = &new_ace_list[new_ace_list_ndx];
                 const struct dom_sid *ptrustee = &ace->trustee;
                 const struct dom_sid *creator = NULL;
         for (i = 0; i < the_acl->num_aces; i++) {
                 const struct security_ace *ace = &the_acl->aces[i];
                 struct security_ace *new_ace = &new_ace_list[new_ace_list_ndx];
                 const struct dom_sid *ptrustee = &ace->trustee;
                 const struct dom_sid *creator = NULL;
-               uint8 new_flags = ace->flags;
+               uint8_t new_flags = ace->flags;
  
                 if (!is_inheritable_ace(ace, container)) {
                         continue;
  
                 if (!is_inheritable_ace(ace, container)) {
                         continue;
@@ -621,15 +625,15 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
  
                         /* First add the regular ACE entry. */
                         init_sec_ace(new_ace, ptrustee, ace->type,
  
                         /* First add the regular ACE entry. */
                         init_sec_ace(new_ace, ptrustee, ace->type,
-                               ace->access_mask, 0);
+                               ace->access_mask, 0);
  
                         DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
  
                         DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
-                               " inherited as %s:%d/0x%02x/0x%08x\n",
-                               sid_string_dbg(&ace->trustee),
-                               ace->type, ace->flags, ace->access_mask,
-                               sid_string_dbg(&new_ace->trustee),
-                               new_ace->type, new_ace->flags,
-                               new_ace->access_mask));
+                                " inherited as %s:%d/0x%02x/0x%08x\n",
+                                dom_sid_string(frame, &ace->trustee),
+                                ace->type, ace->flags, ace->access_mask,
+                                dom_sid_string(frame, &new_ace->trustee),
+                                new_ace->type, new_ace->flags,
+                                new_ace->access_mask));
  
                         new_ace_list_ndx++;
  
  
                         new_ace_list_ndx++;
  
@@ -638,6 +642,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
  
                         ptrustee = creator;
                         new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
  
                         ptrustee = creator;
                         new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
+
                 } else if (container &&
                                 !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
                         ptrustee = &ace->trustee;
                 } else if (container &&
                                 !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
                         ptrustee = &ace->trustee;
@@ -648,15 +653,17 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
  
                 DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
                           " inherited as %s:%d/0x%02x/0x%08x\n",
  
                 DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
                           " inherited as %s:%d/0x%02x/0x%08x\n",
-                         sid_string_dbg(&ace->trustee),
+                         dom_sid_string(frame, &ace->trustee),
                           ace->type, ace->flags, ace->access_mask,
                           ace->type, ace->flags, ace->access_mask,
-                         sid_string_dbg(&ace->trustee),
+                         dom_sid_string(frame, &ace->trustee),
                           new_ace->type, new_ace->flags,
                           new_ace->access_mask));
  
                 new_ace_list_ndx++;
         }
  
                           new_ace->type, new_ace->flags,
                           new_ace->access_mask));
  
                 new_ace_list_ndx++;
         }
  
+       talloc_free(frame);
+
         /* Create child security descriptor to return */
         if (new_ace_list_ndx) {
                 new_dacl = make_sec_acl(ctx,
         /* Create child security descriptor to return */
         if (new_ace_list_ndx) {
                 new_dacl = make_sec_acl(ctx,
diff --git a/libcli/security/secdesc.h b/libcli/security/secdesc.h

new file mode 100644 (file)

index 0000000..eae8100
--- /dev/null
+++ b/libcli/security/secdesc.h
@@ -0,0 +1,102 @@
+#ifndef _SECDESC_H_
+#define _SECDESC_H_
+
+/* The following definitions come from libcli/security/secdesc.c  */
+#include "librpc/gen_ndr/security.h"
+
+/*******************************************************************
+ Given a security_descriptor return the sec_info.
+********************************************************************/
+uint32_t get_sec_info(const struct security_descriptor *sd);
+
+/*******************************************************************
+ Merge part of security descriptor old_sec in to the empty sections of
+ security descriptor new_sec.
+********************************************************************/
+struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *new_sdb, struct sec_desc_buf *old_sdb);
+struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_descriptor *new_sdb, struct security_descriptor *old_sdb);
+
+/*******************************************************************
+ Creates a struct security_descriptor structure
+********************************************************************/
+struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx,
+                       enum security_descriptor_revision revision,
+                       uint16_t type,
+                       const struct dom_sid *owner_sid, const struct dom_sid *grp_sid,
+                       struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size);
+
+/*******************************************************************
+ Duplicate a struct security_descriptor structure.
+********************************************************************/
+struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_descriptor *src);
+
+/*******************************************************************
+ Convert a secdesc into a byte stream
+********************************************************************/
+NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx,
+                          struct security_descriptor *secdesc,
+                          uint8_t **data, size_t *len);
+
+/*******************************************************************
+ Convert a secdesc_buf into a byte stream
+********************************************************************/
+NTSTATUS marshall_sec_desc_buf(TALLOC_CTX *mem_ctx,
+                              struct sec_desc_buf *secdesc_buf,
+                              uint8_t **data, size_t *len);
+
+/*******************************************************************
+ Parse a byte stream into a secdesc
+********************************************************************/
+NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len,
+                            struct security_descriptor **psecdesc);
+
+/*******************************************************************
+ Parse a byte stream into a sec_desc_buf
+********************************************************************/
+NTSTATUS unmarshall_sec_desc_buf(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len,
+                                struct sec_desc_buf **psecdesc_buf);
+
+/*******************************************************************
+ Creates a struct security_descriptor structure with typical defaults.
+********************************************************************/
+struct security_descriptor *make_standard_sec_desc(TALLOC_CTX *ctx, const struct dom_sid *owner_sid, const struct dom_sid *grp_sid,
+                                struct security_acl *dacl, size_t *sd_size);
+
+/*******************************************************************
+ Creates a struct sec_desc_buf structure.
+********************************************************************/
+struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct security_descriptor *sec_desc);
+
+/*******************************************************************
+ Duplicates a struct sec_desc_buf structure.
+********************************************************************/
+struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src);
+
+/*******************************************************************
+ Add a new SID with its permissions to struct security_descriptor.
+********************************************************************/
+NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32_t mask, size_t *sd_size);
+
+/*******************************************************************
+ Modify a SID's permissions in a struct security_descriptor.
+********************************************************************/
+NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32_t mask);
+
+/*******************************************************************
+ Delete a SID from a struct security_descriptor.
+********************************************************************/
+NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, struct dom_sid *sid, size_t *sd_size);
+bool sd_has_inheritable_components(const struct security_descriptor *parent_ctr, bool container);
+NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
+                                       struct security_descriptor **ppsd,
+                                       size_t *psize,
+                                       const struct security_descriptor *parent_ctr,
+                                       const struct dom_sid *owner_sid,
+                                       const struct dom_sid *group_sid,
+                                       bool container);
+NTSTATUS se_create_child_secdesc_buf(TALLOC_CTX *ctx,
+                                       struct sec_desc_buf **ppsdb,
+                                       const struct security_descriptor *parent_ctr,
+                                       bool container);
+
+#endif /* _SECDESC_H_ */
diff --git a/libcli/security/security.h b/libcli/security/security.h

index 1a9f4fa386681d2b7603417cdb5f2820a672e8bf..659d34157b07fa226d1e1492c839d34c3a3dfef7 100644 (file)
--- a/libcli/security/security.h
+++ b/libcli/security/security.h
@@ -100,6 +100,7 @@ struct object_tree {
  #include "libcli/security/dom_sid.h"
  #include "libcli/security/secace.h"
  #include "libcli/security/secacl.h"
  #include "libcli/security/dom_sid.h"
  #include "libcli/security/secace.h"
  #include "libcli/security/secacl.h"
+#include "libcli/security/secdesc.h"
  #include "libcli/security/security_descriptor.h"
  #include "libcli/security/security_token.h"
  #include "libcli/security/sddl.h"
  #include "libcli/security/security_descriptor.h"
  #include "libcli/security/security_token.h"
  #include "libcli/security/sddl.h"
diff --git a/libcli/security/wscript_build b/libcli/security/wscript_build

index 3f2e06a908ba8236f012ce155fad5a412d83e1c9..940ee700f26bd30c119a906a0b0bda23483f58d5 100644 (file)
--- a/libcli/security/wscript_build
+++ b/libcli/security/wscript_build
@@ -2,7 +2,7 @@
  
  
  bld.SAMBA_LIBRARY('security',
  
  
  bld.SAMBA_LIBRARY('security',
-                  source='dom_sid.c display_sec.c secace.c secacl.c security_descriptor.c sddl.c privileges.c security_token.c access_check.c object_tree.c create_descriptor.c util_sid.c session.c',
+                  source='dom_sid.c display_sec.c secace.c secacl.c security_descriptor.c sddl.c privileges.c security_token.c access_check.c object_tree.c create_descriptor.c util_sid.c session.c secdesc.c',
                    private_library=True,
                    deps='talloc ndr NDR_SECURITY'
                    )
                    private_library=True,
                    deps='talloc ndr NDR_SECURITY'
                    )
diff --git a/source3/Makefile.in b/source3/Makefile.in

index ab59ad01042a62b1a1a5e51fca0cf756cf65471b..822ffc509f7e520e598bb8deca48f8348c47ce0f 100644 (file)
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -474,7 +474,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
           lib/module.o lib/events.o @LIBTEVENT_OBJ0@ \
           lib/server_contexts.o \
           lib/ldap_escape.o @CHARSET_STATIC@ \
           lib/module.o lib/events.o @LIBTEVENT_OBJ0@ \
           lib/server_contexts.o \
           lib/ldap_escape.o @CHARSET_STATIC@ \
-         lib/secdesc.o ../libcli/security/access_check.o \
+         ../libcli/security/secdesc.o ../libcli/security/access_check.o \
           ../libcli/security/secace.o ../libcli/security/object_tree.o \
           ../libcli/security/sddl.o \
           ../libcli/security/secacl.o @PTHREADPOOL_OBJ@ \
           ../libcli/security/secace.o ../libcli/security/object_tree.o \
           ../libcli/security/sddl.o \
           ../libcli/security/secacl.o @PTHREADPOOL_OBJ@ \
diff --git a/source3/include/proto.h b/source3/include/proto.h

index 8cd3ec2ea81aef170a4059d4eee5718b8dc5b877..ba9497e6ca95b5ebc66fe6538d6950d3d0908fd2 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -236,47 +236,6 @@ ssize_t sys_recvfile(int fromfd,
                         size_t count);
  ssize_t drain_socket(int sockfd, size_t count);
  
                         size_t count);
  ssize_t drain_socket(int sockfd, size_t count);
  
-/* The following definitions come from lib/secdesc.c  */
-
-uint32_t get_sec_info(const struct security_descriptor *sd);
-struct security_descriptor *sec_desc_merge(TALLOC_CTX *ctx, struct security_descriptor *new_sdb, struct security_descriptor *old_sdb);
-struct sec_desc_buf *sec_desc_merge_buf(TALLOC_CTX *ctx, struct sec_desc_buf *new_sdb, struct sec_desc_buf *old_sdb);
-struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx,
-                       enum security_descriptor_revision revision,
-                       uint16 type,
-                       const struct dom_sid *owner_sid, const struct dom_sid *grp_sid,
-                       struct security_acl *sacl, struct security_acl *dacl, size_t *sd_size);
-struct security_descriptor *dup_sec_desc(TALLOC_CTX *ctx, const struct security_descriptor *src);
-NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx,
-                          struct security_descriptor *secdesc,
-                          uint8 **data, size_t *len);
-NTSTATUS marshall_sec_desc_buf(TALLOC_CTX *mem_ctx,
-                              struct sec_desc_buf *secdesc_buf,
-                              uint8_t **data, size_t *len);
-NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len,
-                            struct security_descriptor **psecdesc);
-NTSTATUS unmarshall_sec_desc_buf(TALLOC_CTX *mem_ctx, uint8_t *data, size_t len,
-                                struct sec_desc_buf **psecdesc_buf);
-struct security_descriptor *make_standard_sec_desc(TALLOC_CTX *ctx, const struct dom_sid *owner_sid, const struct dom_sid *grp_sid,
-                                struct security_acl *dacl, size_t *sd_size);
-struct sec_desc_buf *make_sec_desc_buf(TALLOC_CTX *ctx, size_t len, struct security_descriptor *sec_desc);
-struct sec_desc_buf *dup_sec_desc_buf(TALLOC_CTX *ctx, struct sec_desc_buf *src);
-NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, const struct dom_sid *sid, uint32 mask, size_t *sd_size);
-NTSTATUS sec_desc_mod_sid(struct security_descriptor *sd, struct dom_sid *sid, uint32 mask);
-NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, struct security_descriptor **psd, struct dom_sid *sid, size_t *sd_size);
-bool sd_has_inheritable_components(const struct security_descriptor *parent_ctr, bool container);
-NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
-                                        struct security_descriptor **ppsd,
-                                       size_t *psize,
-                                        const struct security_descriptor *parent_ctr,
-                                        const struct dom_sid *owner_sid,
-                                        const struct dom_sid *group_sid,
-                                        bool container);
-NTSTATUS se_create_child_secdesc_buf(TALLOC_CTX *ctx,
-                                       struct sec_desc_buf **ppsdb,
-                                       const struct security_descriptor *parent_ctr,
-                                       bool container);
-
  /* The following definitions come from lib/sendfile.c  */
  
  ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, SMB_OFF_T offset, size_t count);
  /* The following definitions come from lib/sendfile.c  */
  
  ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, SMB_OFF_T offset, size_t count);
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c

index c998c70826dda5d5545c57f155435957a1b440d4..d703b1f77443054ab315124973d8565b64073898 100644 (file)
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -19,6 +19,7 @@
  
  #include "includes.h"
  #include "libsmb/libsmb.h"
  
  #include "includes.h"
  #include "libsmb/libsmb.h"
+#include "../libcli/security/secdesc.h"
  
  /****************************************************************************
    query the security descriptor for a open file
  
  /****************************************************************************
    query the security descriptor for a open file
diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c

index 1db745d962a5e0c250389dba059c148954c17273..566ab0bc6b8e2224ae7424117bef9381b57ebbe4 100644 (file)
--- a/source3/registry/reg_backend_db.c
+++ b/source3/registry/reg_backend_db.c
@@ -30,6 +30,7 @@
  #include "nt_printing.h"
  #include "util_tdb.h"
  #include "dbwrap.h"
  #include "nt_printing.h"
  #include "util_tdb.h"
  #include "dbwrap.h"
+#include "../libcli/security/secdesc.h"
  
  #undef DBGC_CLASS
  #define DBGC_CLASS DBGC_REGISTRY
  
  #undef DBGC_CLASS
  #define DBGC_CLASS DBGC_REGISTRY
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c

index c4d2a6d4d340b4304c9ebd83cb97ceb400107a10..8715ab567301150aed491eb66a2f70289d8fe6a4 100644 (file)
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -22,6 +22,7 @@
  #include "regfio.h"
  #include "../librpc/gen_ndr/ndr_security.h"
  #include "../libcli/security/security_descriptor.h"
  #include "regfio.h"
  #include "../librpc/gen_ndr/ndr_security.h"
  #include "../libcli/security/security_descriptor.h"
+#include "../libcli/security/secdesc.h"
  
  #undef DBGC_CLASS
  #define DBGC_CLASS DBGC_REGISTRY
  
  #undef DBGC_CLASS
  #define DBGC_CLASS DBGC_REGISTRY
diff --git a/source3/rpc_server/winreg/srv_winreg_nt.c b/source3/rpc_server/winreg/srv_winreg_nt.c

index 1b3cab8844748324d806fd143d95740593c60586..6f319e9905460d0a4f54ce4338eab1da54a85589 100644 (file)
--- a/source3/rpc_server/winreg/srv_winreg_nt.c
+++ b/source3/rpc_server/winreg/srv_winreg_nt.c
@@ -30,6 +30,7 @@
  #include "rpc_misc.h"
  #include "auth.h"
  #include "lib/privileges.h"
  #include "rpc_misc.h"
  #include "auth.h"
  #include "lib/privileges.h"
+#include "libcli/security/secdesc.h"
  
  #undef DBGC_CLASS
  #define DBGC_CLASS DBGC_RPC_SRV
  
  #undef DBGC_CLASS
  #define DBGC_CLASS DBGC_RPC_SRV
diff --git a/source3/wscript_build b/source3/wscript_build

index cbb94797f0f89f2002b926f483661ff0320b9f56..543aef7158445c6ae60e9507d76554ced3608841 100755 (executable)
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -87,7 +87,6 @@ LIB_SRC = '''
            lib/module.c lib/events.c
            lib/server_contexts.c
            lib/ldap_escape.c
            lib/module.c lib/events.c
            lib/server_contexts.c
            lib/ldap_escape.c
-          lib/secdesc.c
            lib/fncall.c
            libads/krb5_errs.c lib/system_smbd.c lib/audit.c
            lib/file_id.c lib/idmap_cache.c'''
            lib/fncall.c
            libads/krb5_errs.c lib/system_smbd.c lib/audit.c
            lib/file_id.c lib/idmap_cache.c'''
author	Andrew Bartlett <abartlet@samba.org>
	Mon, 30 May 2011 03:23:56 +0000 (13:23 +1000)
committer	Andrew Bartlett <abartlet@samba.org>
	Mon, 30 May 2011 22:32:07 +0000 (00:32 +0200)
libcli/security/secdesc.c	[moved from source3/lib/secdesc.c with 92% similarity]	patch \| blob \| history
libcli/security/secdesc.h	[new file with mode: 0644]	patch \| blob
libcli/security/security.h		patch \| blob \| history
libcli/security/wscript_build		patch \| blob \| history
source3/Makefile.in		patch \| blob \| history
source3/include/proto.h		patch \| blob \| history
source3/libsmb/clisecdesc.c		patch \| blob \| history
source3/registry/reg_backend_db.c		patch \| blob \| history
source3/registry/regfio.c		patch \| blob \| history
source3/rpc_server/winreg/srv_winreg_nt.c		patch \| blob \| history
source3/wscript_build		patch \| blob \| history