security descriptors
authorLuke Leighton <lkcl@samba.org>
Fri, 13 Nov 1998 01:38:41 +0000 (01:38 +0000)
committerLuke Leighton <lkcl@samba.org>
Fri, 13 Nov 1998 01:38:41 +0000 (01:38 +0000)
(This used to be commit 9412edfd4c11a26e4ef290839375e3959cf70a7e)

source3/include/proto.h
source3/include/rpc_reg.h
source3/include/smb.h
source3/rpc_client/cli_reg.c
source3/rpc_parse/parse_reg.c
source3/rpc_parse/parse_sec.c

index aa2d3b648628b4588536a13a29a476c2724fa18b..843c0a331180de1bff7c43e810efe5e7e4857c8c 100644 (file)
@@ -1648,7 +1648,9 @@ void reg_io_q_flush_key(char *desc,  REG_Q_FLUSH_KEY *r_q, prs_struct *ps, int d
 void reg_io_r_flush_key(char *desc,  REG_R_FLUSH_KEY *r_r, prs_struct *ps, int depth);
 void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
                                char *name, char *class,
-                               SEC_ACCESS *sam_access);
+                               SEC_ACCESS *sam_access,
+                               SEC_DESC_BUF *sec_buf,
+                               int sec_len, SEC_DESC *sec);
 void reg_io_q_create_key(char *desc,  REG_Q_CREATE_KEY *r_q, prs_struct *ps, int depth);
 void reg_io_r_create_key(char *desc,  REG_R_CREATE_KEY *r_r, prs_struct *ps, int depth);
 void make_reg_q_delete_val(REG_Q_DELETE_VALUE *q_c, POLICY_HND *hnd,
index ceb88ad657cb52131ddc7df26754b8ece67faf41..776605258884e379efb485ddb0b2e27dfb7e77d5 100644 (file)
@@ -228,20 +228,12 @@ typedef struct q_reg_create_key_info
        SEC_ACCESS sam_access; /* access rights flags, see rpc_secdes.h */
 
        uint32 ptr1;
-       uint32 unknown_0; /* 0x0000 000C */
-
-       uint32 ptr2;
-       uint32 sec_len1; /* 0x14 - length of security descriptor, bytes */
-       uint32 sec_len2; /* 0x14 - length of security descriptor, bytes */
-       uint32 sec_len3; /* 0x0 - length of security descriptor, bytes */
-       uint32 sec_len4; /* 0x14 - length of security descriptor, bytes */
-       uint32 sec_len5; /* 0x0 - length of security descriptor, bytes */
-       uint32 sec_len6; /* 0x14 - length of security descriptor, bytes */
-#if 0
-       SEC_DES sec_desc;
-#else
-       uint8 buf_unk[20];  /* 01 00 00 80   00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00  */
-#endif
+       uint32 sec_info; /* xxxx_SECURITY_INFORMATION */
+
+       uint32 ptr2;       /* pointer */
+       BUFHDR hdr_sec;    /* header for security data */
+       uint32 ptr3;       /* pointer */
+       SEC_DESC_BUF *data;
 
        uint32 unknown_2; /* 0x0000 0000 */
 
index 4f064d27d186e41a71785dccd686c149abe613e1..9339cdda6f06e5c3e622613cfce6e776b039e685 100644 (file)
@@ -1655,11 +1655,7 @@ extern int unix_ERR_code;
 #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
 
 /* zero a structure given a pointer to the structure */
-#if 0
-#define ZERO_STRUCTP(x) { }
-#else
-#define ZERO_STRUCTP(x) { if (x != NULL) memset((char *)(x), 0, sizeof(*(x))); }
-#endif
+#define ZERO_STRUCTP(x) { memset((char *)(x), 0, sizeof(*(x))); }
 
 #define ZERO_STRUCTPN(x) { if (x != NULL) ZERO_STRUCTP(x); }
 
index dc6f45ed86585488f6a26dc1ac28263bc430f21e..61e38a8d96a845c24c7b6a6e27fa1270710fd703 100644 (file)
@@ -674,6 +674,13 @@ BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
        prs_struct buf; 
        REG_Q_CREATE_KEY q_o;
        BOOL valid_create = False;
+       SEC_DESC sec;
+       SEC_DESC_BUF sec_buf;
+       int sec_len;
+
+       ZERO_STRUCT(sec);
+       ZERO_STRUCT(sec_buf);
+       ZERO_STRUCT(q_o);
 
        if (hnd == NULL) return False;
 
@@ -685,7 +692,13 @@ BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
        DEBUG(4,("REG Create Key: %s %s 0x%08x\n", key_name, key_class,
                sam_access != NULL ? sam_access->mask : 0));
 
-       make_reg_q_create_key(&q_o, hnd, key_name, key_class, sam_access);
+       sec_len = make_sec_desc(&sec, 1, SEC_DESC_SELF_RELATIVE,
+                               NULL, NULL, NULL, NULL);
+
+       DEBUG(10,("make_sec_desc: len = %d\n", sec_len));
+
+       make_reg_q_create_key(&q_o, hnd, key_name, key_class, sam_access,
+                             &sec_buf, sec_len, &sec);
 
        /* turn parameters into data stream */
        reg_io_q_create_key("", &q_o, &buf, 0);
@@ -715,6 +728,8 @@ BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
                }
        }
 
+       free_sec_desc(&sec);
+
        prs_mem_free(&rbuf);
        prs_mem_free(&buf );
 
index 103e6b0f85bfcdfca02f2966a6d7a318ec3ee1a2..ff57535caf72a48c57fa6bf87134b826dbb5a9a2 100644 (file)
@@ -118,6 +118,32 @@ void reg_io_r_flush_key(char *desc,  REG_R_FLUSH_KEY *r_r, prs_struct *ps, int d
        prs_uint32("status", ps, depth, &(r_r->status));
 }
 
+/*******************************************************************
+reads or writes SEC_DESC_BUF and SEC_DATA structures.
+********************************************************************/
+static void reg_io_hdrbuf_sec(uint32 ptr, uint32 *ptr3, BUFHDR *hdr_sec, SEC_DESC_BUF *data, prs_struct *ps, int depth)
+{
+       if (ptr != 0)
+       {
+               uint32 hdr_offset;
+               uint32 old_offset;
+               smb_io_hdrbuf_pre("hdr_sec", hdr_sec, ps, depth, &hdr_offset);
+               old_offset = ps->offset;
+               if (ptr3 != NULL)
+               {
+                       prs_uint32("ptr3", ps, depth, ptr3);
+               }
+               if (ptr3 == NULL || *ptr3 != 0)
+               {
+                       sec_io_desc_buf("data   ", data   , ps, depth);
+               }
+               smb_io_hdrbuf_post("hdr_sec", hdr_sec, ps, depth, hdr_offset,
+                                  data->max_len, data->len);
+               ps->offset = old_offset + data->len + sizeof(uint32) * ((ptr3 != NULL) ? 5 : 3);
+               prs_align(ps);
+       }
+}
+
 
 
 /*******************************************************************
@@ -125,20 +151,13 @@ creates a structure.
 ********************************************************************/
 void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
                                char *name, char *class,
-                               SEC_ACCESS *sam_access)
+                               SEC_ACCESS *sam_access,
+                               SEC_DESC_BUF *sec_buf,
+                               int sec_len, SEC_DESC *sec)
 {
        int len_name  = name  != NULL ? strlen(name ) + 1: 0;
        int len_class = class != NULL ? strlen(class) + 1: 0;
 
-       static unsigned char data[] =
-       {
-               0x01, 0x00, 0x00, 0x80,
-               0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00,
-               0x00, 0x00, 0x00, 0x00
-       };
-
        ZERO_STRUCTP(q_c);
 
        memcpy(&(q_c->pnt_pol), hnd, sizeof(q_c->pnt_pol));
@@ -153,17 +172,13 @@ void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
        memcpy(&(q_c->sam_access), sam_access, sizeof(q_c->sam_access));
 
        q_c->ptr1 = 1;
-       q_c->unknown_0 = 0x0000000C;
+       q_c->sec_info = DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
 
+       q_c->data = sec_buf;
        q_c->ptr2 = 1;
-       q_c->sec_len1 = 0x14;
-       q_c->sec_len2 = 0x14;
-       q_c->sec_len3 = 0x0;
-       q_c->sec_len4 = 0x14;
-       q_c->sec_len5 = 0x0;
-       q_c->sec_len6 = 0x14;
-
-       memcpy(&q_c->buf_unk, data, sizeof(q_c->buf_unk));
+       make_buf_hdr(&(q_c->hdr_sec), sec_len, sec_len);
+       q_c->ptr3 = 1;
+       make_sec_desc_buf(q_c->data, sec_len, sec);
 
        q_c->unknown_2 = 0x00000000;
 }
@@ -194,27 +209,15 @@ void reg_io_q_create_key(char *desc,  REG_Q_CREATE_KEY *r_q, prs_struct *ps, int
        sec_io_access("sam_access", &r_q->sam_access, ps, depth);
 
        prs_uint32("ptr1", ps, depth, &(r_q->ptr1));
-       if (r_q->ptr2 != 0)
+       if (r_q->ptr1 != 0)
        {
-               prs_uint32("unknown_0", ps, depth, &(r_q->unknown_0));
+               prs_uint32("sec_info", ps, depth, &(r_q->sec_info));
        }
 
        prs_uint32("ptr2", ps, depth, &(r_q->ptr2));
-       if (r_q->ptr2)
-       {
-               prs_uint32("sec_len1", ps, depth, &(r_q->sec_len1));
-               prs_uint32("sec_len2", ps, depth, &(r_q->sec_len2));
-               prs_uint32("sec_len3", ps, depth, &(r_q->sec_len3));
-               prs_uint32("sec_len4", ps, depth, &(r_q->sec_len4));
-               prs_uint32("sec_len5", ps, depth, &(r_q->sec_len5));
-               prs_uint32("sec_len6", ps, depth, &(r_q->sec_len6));
-               prs_uint8s(False, "buf_unk", ps, depth, r_q->buf_unk, sizeof(r_q->buf_unk));
-               prs_align(ps);
-
-               prs_uint32("unknown_2", ps, depth, &(r_q->unknown_2));
-       }
+       reg_io_hdrbuf_sec(r_q->ptr2, &r_q->ptr3, &r_q->hdr_sec, r_q->data, ps, depth);
 
-       prs_align(ps);
+       prs_uint32("unknown_2", ps, depth, &(r_q->unknown_2));
 }
 
 
@@ -575,18 +578,7 @@ void reg_io_q_set_key_sec(char *desc,  REG_Q_SET_KEY_SEC *r_q, prs_struct *ps, i
        prs_uint32("sec_info", ps, depth, &(r_q->sec_info));
        prs_uint32("ptr    ", ps, depth, &(r_q->ptr    ));
 
-       if (r_q->ptr != 0)
-       {
-               uint32 hdr_offset;
-               uint32 old_offset;
-               smb_io_hdrbuf_pre("hdr_sec", &(r_q->hdr_sec), ps, depth, &hdr_offset);
-               old_offset = ps->offset;
-               sec_io_desc_buf("data   ", r_q->data   , ps, depth);
-               smb_io_hdrbuf_post("hdr_sec", &(r_q->hdr_sec), ps, depth, hdr_offset,
-                                  r_q->data->max_len, r_q->data->len);
-               ps->offset = old_offset + r_q->data->len + sizeof(uint32) * 3;
-               prs_align(ps);
-       }
+       reg_io_hdrbuf_sec(r_q->ptr, NULL, &r_q->hdr_sec, r_q->data, ps, depth);
 }
 
 /*******************************************************************
@@ -646,18 +638,7 @@ void reg_io_q_get_key_sec(char *desc,  REG_Q_GET_KEY_SEC *r_q, prs_struct *ps, i
        prs_uint32("sec_info", ps, depth, &(r_q->sec_info));
        prs_uint32("ptr     ", ps, depth, &(r_q->ptr     ));
 
-       if (r_q->ptr != 0)
-       {
-               uint32 hdr_offset;
-               uint32 old_offset;
-               smb_io_hdrbuf_pre("hdr_sec", &(r_q->hdr_sec), ps, depth, &hdr_offset);
-               old_offset = ps->offset;
-               sec_io_desc_buf("data   ", r_q->data   , ps, depth);
-               smb_io_hdrbuf_post("hdr_sec", &(r_q->hdr_sec), ps, depth, hdr_offset,
-                                  r_q->data->max_len, r_q->data->len);
-               ps->offset = old_offset + r_q->data->len + sizeof(uint32) * 3;
-               prs_align(ps);
-       }
+       reg_io_hdrbuf_sec(r_q->ptr, NULL, &r_q->hdr_sec, r_q->data, ps, depth);
 }
 
 #if 0
index b3c75fb0dc2a91e4aae4150719b7e52a2367832c..0b0c08fe136bc64f967a86626cacab5a6b2bcc83 100644 (file)
@@ -194,33 +194,49 @@ int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type,
        t->owner_sid = owner_sid;
        t->grp_sid   = grp_sid;
 
-       offset = 0x14;
+       offset = 0x0;
 
        if (dacl != NULL)
        {
+               if (offset == 0)
+               {
+                       offset = 0x14;
+               }
                t->off_dacl = offset;
                offset += dacl->size;
        }
 
        if (sacl != NULL)
        {
+               if (offset == 0)
+               {
+                       offset = 0x14;
+               }
                t->off_dacl = offset;
                offset += dacl->size;
        }
 
        if (owner_sid != NULL)
        {
+               if (offset == 0)
+               {
+                       offset = 0x14;
+               }
                t->off_owner_sid = offset;
                offset += sid_size(owner_sid);
        }
 
        if (grp_sid != NULL)
        {
+               if (offset == 0)
+               {
+                       offset = 0x14;
+               }
                t->off_grp_sid = offset;
                offset += sid_size(grp_sid);
        }
 
-       return offset;
+       return (offset == 0) ? 0x14 : offset;
 }
 
 
@@ -256,10 +272,12 @@ reads or writes a structure.
 ********************************************************************/
 static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
 {
+#if 0
        uint32 off_owner_sid;
        uint32 off_grp_sid  ;
        uint32 off_sacl     ;
        uint32 off_dacl     ;
+#endif
        uint32 old_offset;
        uint32 max_offset = 0; /* after we're done, move offset to end */
 
@@ -276,16 +294,23 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
        prs_uint16("revision ", ps, depth, &(t->revision ));
        prs_uint16("type     ", ps, depth, &(t->type     ));
 
+       prs_uint32("off_owner_sid", ps, depth, &(t->off_owner_sid));
+       prs_uint32("off_grp_sid  ", ps, depth, &(t->off_grp_sid  ));
+       prs_uint32("off_sacl     ", ps, depth, &(t->off_sacl     ));
+       prs_uint32("off_dacl     ", ps, depth, &(t->off_dacl     ));
+#if 0
        prs_uint32_pre("off_owner_sid", ps, depth, &(t->off_owner_sid), &off_owner_sid);
        prs_uint32_pre("off_grp_sid  ", ps, depth, &(t->off_grp_sid  ), &off_grp_sid  );
        prs_uint32_pre("off_sacl     ", ps, depth, &(t->off_sacl     ), &off_sacl     );
        prs_uint32_pre("off_dacl     ", ps, depth, &(t->off_dacl     ), &off_dacl     );
-
+#endif
        max_offset = MAX(max_offset, ps->offset);
 
        if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT))
        {
+#if 0
                prs_uint32_post("off_dacl    ", ps, depth, &(t->off_dacl     ), off_dacl     , ps->offset - old_offset);
+#endif
                ps->offset = old_offset + t->off_dacl;
                if (ps->io)
                {
@@ -304,16 +329,20 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
                sec_io_acl     ("dacl"        , t->dacl       , ps, depth);
                prs_align(ps);
        }
+#if 0
        else
        {
                prs_uint32_post("off_dacl    ", ps, depth, &(t->off_dacl     ), off_dacl     , 0);
        }
+#endif
 
        max_offset = MAX(max_offset, ps->offset);
 
        if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT))
        {
+#if 0
                prs_uint32_post("off_sacl  ", ps, depth, &(t->off_sacl  ), off_sacl  , ps->offset - old_offset);
+#endif
                ps->offset = old_offset + t->off_sacl;
                if (ps->io)
                {
@@ -332,14 +361,18 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
                sec_io_acl     ("sacl"      , t->sacl       , ps, depth);
                prs_align(ps);
        }
+#if 0
        else
        {
                prs_uint32_post("off_sacl  ", ps, depth, &(t->off_sacl  ), off_sacl  , 0);
        }
+#endif
 
        max_offset = MAX(max_offset, ps->offset);
 
+#if 0
        prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, ps->offset - old_offset);
+#endif
        if (t->off_owner_sid != 0)
        {
                if (ps->io)
@@ -366,7 +399,9 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
 
        max_offset = MAX(max_offset, ps->offset);
 
+#if 0
        prs_uint32_post("off_grp_sid  ", ps, depth, &(t->off_grp_sid  ), off_grp_sid  , ps->offset - old_offset);
+#endif
        if (t->off_grp_sid != 0)
        {
                if (ps->io)