security.idl: sometimes ACEs have some padding at the end
[kai/samba.git] / librpc / ndr / ndr_sec_helper.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    fast routines for getting the wire size of security objects
5
6    Copyright (C) Andrew Tridgell 2003
7    Copyright (C) Stefan Metzmacher 2006-2008
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23
24 #include "includes.h"
25 #include "librpc/gen_ndr/ndr_security.h"
26
27 /*
28   return the wire size of a security_ace
29 */
30 size_t ndr_size_security_ace(const struct security_ace *ace, int flags)
31 {
32         size_t ret;
33
34         if (!ace) return 0;
35
36         ret = 8 + ndr_size_dom_sid(&ace->trustee, flags);
37
38         switch (ace->type) {
39         case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
40         case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
41         case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
42         case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
43                 ret += 4; /* uint32 bitmap ace->object.object.flags */
44                 if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
45                         ret += 16; /* GUID ace->object.object.type.type */
46                 }
47                 if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
48                         ret += 16; /* GUID ace->object.object.inherited_typeinherited_type */
49                 }
50                 break;
51         default:
52                 break;
53         }
54
55         return ret;
56 }
57
58 enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r)
59 {
60         if (ndr_flags & NDR_SCALARS) {
61                 uint32_t start_ofs = ndr->offset;
62                 uint32_t size = 0;
63                 uint32_t pad = 0;
64                 NDR_CHECK(ndr_pull_align(ndr, 4));
65                 NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type));
66                 NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags));
67                 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
68                 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask));
69                 NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
70                 NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
71                 NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
72                 size = ndr->offset - start_ofs;
73                 if (r->size < size) {
74                         return ndr_pull_error(ndr, NDR_ERR_BUFSIZE,
75                                               "ndr_pull_security_ace: r->size %u < size %u",
76                                               (unsigned)r->size, size);
77                 }
78                 pad = r->size - size;
79                 NDR_PULL_NEED_BYTES(ndr, pad);
80                 ndr->offset += pad;
81         }
82         if (ndr_flags & NDR_BUFFERS) {
83                 NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
84         }
85         return NDR_ERR_SUCCESS;
86 }
87
88 /*
89   return the wire size of a security_acl
90 */
91 size_t ndr_size_security_acl(const struct security_acl *acl, int flags)
92 {
93         size_t ret;
94         int i;
95         if (!acl) return 0;
96         ret = 8;
97         for (i=0;i<acl->num_aces;i++) {
98                 ret += ndr_size_security_ace(&acl->aces[i], flags);
99         }
100         return ret;
101 }
102
103 /*
104   return the wire size of a security descriptor
105 */
106 size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags)
107 {
108         size_t ret;
109         if (!sd) return 0;
110         
111         ret = 20;
112         ret += ndr_size_dom_sid(sd->owner_sid, flags);
113         ret += ndr_size_dom_sid(sd->group_sid, flags);
114         ret += ndr_size_security_acl(sd->dacl, flags);
115         ret += ndr_size_security_acl(sd->sacl, flags);
116         return ret;
117 }
118