*/
#include "includes.h"
#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
/* Todos:
* build the security token dacl as follows:
return NULL;
}
new_acl->aces[new_acl->num_aces] = *ace;
- /*memcpy(&new_acl->aces[new_acl->num_aces], ace,
- sizeof(struct security_ace)); */
new_acl->num_aces++;
}
}
if (new_acl)
new_acl->revision = acl->revision;
- /* Todo what to do if all were inherited and this is empty */
+
return new_acl;
}
for (i=0; i < acl->num_aces; i++){
struct security_ace *ace = &acl->aces[i];
- if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY)
- continue;
-
if ((ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT) ||
(ace->flags & SEC_ACE_FLAG_OBJECT_INHERIT)){
tmp_acl->aces = talloc_realloc(tmp_acl, tmp_acl->aces, struct security_ace,
int i;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct security_acl *tmp_acl = talloc_zero(tmp_ctx, struct security_acl);
-/* struct security_acl *inh_acl = talloc_zero(tmp_ctx, struct security_acl); */
struct security_acl *new_acl;
struct dom_sid *co, *cg;
tmp_acl->aces = talloc_realloc(tmp_acl, tmp_acl->aces, struct security_ace,
tmp_acl->num_aces+1);
tmp_acl->aces[tmp_acl->num_aces] = *ace;
- tmp_acl->aces[tmp_acl->num_aces].flags = 0;
tmp_acl->num_aces++;
if (!dom_sid_equal(&ace->trustee, co) && !dom_sid_equal(&ace->trustee, cg))
}
new_acl = security_acl_dup(mem_ctx,tmp_acl);
+ if (new_acl)
+ new_acl->revision = acl->revision;
+
talloc_free(tmp_ctx);
return new_acl;
}
+static void cr_descr_log_descriptor(struct security_descriptor *sd,
+ const char *message,
+ int level)
+{
+ if (sd) {
+ DEBUG(level,("%s: %s\n", message,
+ ndr_print_struct_string(0,(ndr_print_fn_t)ndr_print_security_descriptor,
+ "", sd)));
+ }
+ else {
+ DEBUG(level,("%s: NULL\n", message));
+ }
+}
+
+static void cr_descr_log_acl(struct security_acl *acl,
+ const char *message,
+ int level)
+{
+ if (acl) {
+ DEBUG(level,("%s: %s\n", message,
+ ndr_print_struct_string(0,(ndr_print_fn_t)ndr_print_security_acl,
+ "", acl)));
+ }
+ else {
+ DEBUG(level,("%s: NULL\n", message));
+ }
+}
+
static bool compute_acl(int acl_type,
struct security_descriptor *parent_sd,
struct security_descriptor *creator_sd,
struct security_descriptor *new_sd) /* INOUT argument */
{
struct security_acl *p_acl = NULL, *c_acl = NULL, **new_acl;
+ int level = 10;
if (acl_type == SEC_DESC_DACL_PRESENT){
if (parent_sd)
p_acl = parent_sd->dacl;
c_acl = creator_sd->sacl;
new_acl = &new_sd->sacl;
}
+
+ cr_descr_log_descriptor(parent_sd, __location__"parent_sd", level);
+ cr_descr_log_descriptor(creator_sd,__location__ "creator_sd", level);
+
if (contains_inheritable_aces(p_acl)){
if (!c_acl || (c_acl && inherit_flags & SEC_DEFAULT_DESCRIPTOR)){
*new_acl = calculate_inherited_from_parent(new_sd,
if (!postprocess_acl(*new_acl, new_sd->owner_sid,
new_sd->group_sid, generic_map))
return false;
- else
+ else {
+ cr_descr_log_descriptor(new_sd,
+ __location__": Nothing from creator, newsd is", level);
goto final;
+ }
}
if (c_acl && !(inherit_flags & SEC_DEFAULT_DESCRIPTOR)){
struct security_acl *pr_acl, *tmp_acl, *tpr_acl;
tpr_acl,
is_container,
object_list);
+
+ cr_descr_log_acl(tmp_acl, __location__"Inherited from creator", level);
/* Todo some refactoring here! */
if (acl_type == SEC_DESC_DACL_PRESENT &&
!(creator_sd->type & SECINFO_PROTECTED_DACL) &&
p_acl,
is_container,
object_list);
-
+ cr_descr_log_acl(pr_acl, __location__"Inherited from parent", level);
*new_acl = security_acl_concatenate(new_sd, tmp_acl, pr_acl);
new_sd->type |= SEC_DESC_DACL_AUTO_INHERITED;
}
p_acl,
is_container,
object_list);
-
+ cr_descr_log_acl(pr_acl, __location__"Inherited from parent", level);
*new_acl = security_acl_concatenate(new_sd, tmp_acl, pr_acl);
new_sd->type |= SEC_DESC_SACL_AUTO_INHERITED;
}
* apprantly any AI flag provided by the user is preserved */
if (creator_sd)
new_sd->type |= creator_sd->type;
+ cr_descr_log_descriptor(new_sd, __location__"final sd", level);
return true;
}
git.samba.org / ira / wip.git / commitdiff