r4034: add a function security_descriptor_create() which can be used to

easily create complex security descriptors for testing. This greatly
simplifies the smbtorture code I am writing for testing our
new access_check code.
(This used to be commit 891a8bc16af3c6ce5800e793ce4ec8b0078e444f)

diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c
index 1783c62f37f2fdbd023845562e78ce45340a57f8..1c63478ab2ae7dfd6e20a6169ad56479164a7e2d 100644 (file)
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -100,6 +100,8 @@ NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
        
        sd->dacl->num_aces++;
 
+       sd->type |= SEC_DESC_DACL_PRESENT;
+
        return NT_STATUS_OK;
 }
 
@@ -206,3 +208,80 @@ BOOL security_descriptor_mask_equal(const struct security_descriptor *sd1,
 
        return True;    
 }
+
+
+/*
+  create a security descriptor using string SIDs. This is used by the
+  torture code to allow the easy creation of complex ACLs
+  This is a varargs function. The list of ACEs ends with a NULL sid.
+
+  a typical call would be:
+
+    sd = security_descriptor_create(mem_ctx,
+                                    mysid,
+                                   mygroup,
+                                   SID_AUTHENTICATED_USERS, 
+                                   SEC_ACE_TYPE_ACCESS_ALLOWED,
+                                   SEC_FILE_ALL,
+                                   NULL);
+  that would create a sd with one ACE
+*/
+struct security_descriptor *security_descriptor_create(TALLOC_CTX *mem_ctx,
+                                                      const char *owner_sid,
+                                                      const char *group_sid,
+                                                      ...)
+{
+       va_list ap;
+       struct security_descriptor *sd;
+       const char *sidstr;
+
+       sd = security_descriptor_initialise(mem_ctx);
+       if (sd == NULL) return NULL;
+
+       if (owner_sid) {
+               sd->owner_sid = dom_sid_parse_talloc(mem_ctx, owner_sid);
+               if (sd->owner_sid == NULL) {
+                       talloc_free(sd);
+                       return NULL;
+               }
+       }
+       if (group_sid) {
+               sd->group_sid = dom_sid_parse_talloc(mem_ctx, group_sid);
+               if (sd->group_sid == NULL) {
+                       talloc_free(sd);
+                       return NULL;
+               }
+       }
+
+       va_start(ap, group_sid);
+       while ((sidstr = va_arg(ap, const char *))) {
+               struct dom_sid *sid;
+               struct security_ace *ace = talloc_p(sd, struct security_ace);
+               NTSTATUS status;
+
+               if (ace == NULL) {
+                       talloc_free(sd);
+                       va_end(ap);
+                       return NULL;
+               }
+               ace->type = va_arg(ap, unsigned int);
+               ace->access_mask = va_arg(ap, unsigned int);
+               ace->flags = 0;
+               sid = dom_sid_parse_talloc(ace, sidstr);
+               if (sid == NULL) {
+                       va_end(ap);
+                       talloc_free(sd);
+                       return NULL;
+               }
+               ace->trustee = *sid;
+               status = security_descriptor_dacl_add(sd, ace);
+               if (!NT_STATUS_IS_OK(status)) {
+                       va_end(ap);
+                       talloc_free(sd);
+                       return NULL;
+               }
+       }
+       va_end(ap);
+
+       return sd;
+}