This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
-#include "system/iconv.h"
-#include "librpc/gen_ndr/ndr_security.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "system/locale.h"
struct flag_map {
const char *name;
It can either be a special 2 letter code, or in S-* format
*/
static struct dom_sid *sddl_decode_sid(TALLOC_CTX *mem_ctx, const char **sddlp,
- struct dom_sid *domain_sid)
+ const struct dom_sid *domain_sid)
{
const char *sddl = (*sddlp);
int i;
/* see if its in the numeric format */
if (strncmp(sddl, "S-", 2) == 0) {
+ struct dom_sid *sid;
+ char *sid_str;
size_t len = strspn(sddl+2, "-0123456789");
+ sid_str = talloc_strndup(mem_ctx, sddl, len+2);
+ if (!sid_str) {
+ return NULL;
+ }
(*sddlp) += len+2;
- return dom_sid_parse_talloc(mem_ctx, sddl);
+ sid = dom_sid_parse_talloc(mem_ctx, sid_str);
+ talloc_free(sid_str);
+ return sid;
}
/* now check for one of the special codes */
note that this routine modifies the string
*/
static BOOL sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char *str,
- struct dom_sid *domain_sid)
+ const struct dom_sid *domain_sid)
{
const char *tok[6];
const char *s;
*/
static struct security_acl *sddl_decode_acl(struct security_descriptor *sd,
const char **sddlp, uint32_t *flags,
- struct dom_sid *domain_sid)
+ const struct dom_sid *domain_sid)
{
const char *sddl = *sddlp;
struct security_acl *acl;
talloc_free(acl);
return NULL;
}
+ switch (acl->aces[acl->num_aces].type) {
+ case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+ case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+ case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+ case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+ acl->revision = SECURITY_ACL_REVISION_ADS;
+ break;
+ default:
+ break;
+ }
talloc_free(astr);
sddl += len+2;
acl->num_aces++;
decode a security descriptor in SDDL format
*/
struct security_descriptor *sddl_decode(TALLOC_CTX *mem_ctx, const char *sddl,
- struct dom_sid *domain_sid)
+ const struct dom_sid *domain_sid)
{
struct security_descriptor *sd;
sd = talloc_zero(mem_ctx, struct security_descriptor);
encode a sid in SDDL format
*/
static char *sddl_encode_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
- struct dom_sid *domain_sid)
+ const struct dom_sid *domain_sid)
{
int i;
char *sidstr;
encode an ACE in SDDL format
*/
static char *sddl_encode_ace(TALLOC_CTX *mem_ctx, const struct security_ace *ace,
- struct dom_sid *domain_sid)
+ const struct dom_sid *domain_sid)
{
- char *sddl;
+ char *sddl = NULL;
TALLOC_CTX *tmp_ctx;
const char *s_type="", *s_flags="", *s_mask="",
*s_object="", *s_iobject="", *s_trustee="";
tmp_ctx = talloc_new(mem_ctx);
+ if (tmp_ctx == NULL) {
+ DEBUG(0, ("talloc_new failed\n"));
+ return NULL;
+ }
s_type = sddl_flags_to_string(tmp_ctx, ace_types, ace->type, True);
if (s_type == NULL) goto failed;
encode an ACL in SDDL format
*/
static char *sddl_encode_acl(TALLOC_CTX *mem_ctx, const struct security_acl *acl,
- uint32_t flags, struct dom_sid *domain_sid)
+ uint32_t flags, const struct dom_sid *domain_sid)
{
char *sddl;
int i;
encode a security descriptor to SDDL format
*/
char *sddl_encode(TALLOC_CTX *mem_ctx, const struct security_descriptor *sd,
- struct dom_sid *domain_sid)
+ const struct dom_sid *domain_sid)
{
char *sddl;
TALLOC_CTX *tmp_ctx;
git.samba.org / samba.git / blobdiff