libcli/security: remove dup_sec_acl()

[sharpe/samba-autobuild/.git] / libcli / security / security_descriptor.c

diff --git a/libcli/security/security_descriptor.c b/libcli/security/security_descriptor.c
index 8e9c7eb4a9b847807950ba4234d37301ac32acd6..25b316cdd2a10dadfc0eaa782633281b874c3025 100644 (file)
--- a/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
@@ -49,11 +49,15 @@ struct security_descriptor *security_descriptor_initialise(TALLOC_CTX *mem_ctx)
        return sd;
 }
 
-static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx,
+struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx,
                                             const struct security_acl *oacl)
 {
        struct security_acl *nacl;
 
+       if (oacl == NULL) {
+               return NULL;
+       }
+
        nacl = talloc (mem_ctx, struct security_acl);
        if (nacl == NULL) {
                return NULL;
@@ -76,6 +80,56 @@ static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx,
        
 }
 
+struct security_acl *security_acl_concatenate(TALLOC_CTX *mem_ctx,
+                                              const struct security_acl *acl1,
+                                              const struct security_acl *acl2)
+{
+        struct security_acl *nacl;
+        uint32_t i;
+
+        if (!acl1 && !acl2)
+                return NULL;
+
+        if (!acl1){
+                nacl = security_acl_dup(mem_ctx, acl2);
+                return nacl;
+        }
+
+        if (!acl2){
+                nacl = security_acl_dup(mem_ctx, acl1);
+                return nacl;
+        }
+
+        nacl = talloc (mem_ctx, struct security_acl);
+        if (nacl == NULL) {
+                return NULL;
+        }
+
+        nacl->revision = acl1->revision;
+        nacl->size = acl1->size + acl2->size;
+        nacl->num_aces = acl1->num_aces + acl2->num_aces;
+
+        if (nacl->num_aces == 0)
+                return nacl;
+
+        nacl->aces = (struct security_ace *)talloc_array (mem_ctx, struct security_ace, acl1->num_aces+acl2->num_aces);
+        if ((nacl->aces == NULL) && (nacl->num_aces > 0)) {
+                goto failed;
+        }
+
+        for (i = 0; i < acl1->num_aces; i++)
+                nacl->aces[i] = acl1->aces[i];
+        for (i = 0; i < acl2->num_aces; i++)
+                nacl->aces[i + acl1->num_aces] = acl2->aces[i];
+
+        return nacl;
+
+ failed:
+        talloc_free (nacl);
+        return NULL;
+
+}
+
 /* 
    talloc and copy a security descriptor
  */
@@ -216,7 +270,7 @@ static NTSTATUS security_descriptor_acl_del(struct security_descriptor *sd,
                                            bool sacl_del,
                                            const struct dom_sid *trustee)
 {
-       int i;
+       uint32_t i;
        bool found = false;
        struct security_acl *acl = NULL;
 
@@ -310,7 +364,7 @@ bool security_ace_equal(const struct security_ace *ace1,
 bool security_acl_equal(const struct security_acl *acl1, 
                        const struct security_acl *acl2)
 {
-       int i;
+       uint32_t i;
 
        if (acl1 == acl2) return true;
        if (!acl1 || !acl2) return false;
@@ -372,7 +426,7 @@ static struct security_descriptor *security_descriptor_appendv(struct security_d
 
        while ((sidstr = va_arg(ap, const char *))) {
                struct dom_sid *sid;
-               struct security_ace *ace = talloc(sd, struct security_ace);
+               struct security_ace *ace = talloc_zero(sd, struct security_ace);
                NTSTATUS status;
 
                if (ace == NULL) {
@@ -510,21 +564,19 @@ struct security_ace *security_ace_create(TALLOC_CTX *mem_ctx,
                                         uint8_t flags)
 
 {
-       struct dom_sid *sid;
        struct security_ace *ace;
+       bool ok;
 
        ace = talloc_zero(mem_ctx, struct security_ace);
        if (ace == NULL) {
                return NULL;
        }
 
-       sid = dom_sid_parse_talloc(ace, sid_str);
-       if (sid == NULL) {
+       ok = dom_sid_parse(sid_str, &ace->trustee);
+       if (!ok) {
                talloc_free(ace);
                return NULL;
        }
-
-       ace->trustee = *sid;
        ace->type = type;
        ace->access_mask = access_mask;
        ace->flags = flags;