2 Unix SMB/CIFS implementation.
4 fast routines for getting the wire size of security objects
6 Copyright (C) Andrew Tridgell 2003
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 return the wire size of a dom_sid
28 size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags)
31 return 8 + 4*sid->num_auths;
35 return the wire size of a security_ace
37 size_t ndr_size_security_ace(const struct security_ace *ace, int flags)
40 return 8 + ndr_size_dom_sid(&ace->trustee, flags);
45 return the wire size of a security_acl
47 size_t ndr_size_security_acl(const struct security_acl *acl, int flags)
53 for (i=0;i<acl->num_aces;i++) {
54 ret += ndr_size_security_ace(&acl->aces[i], flags);
60 return the wire size of a security descriptor
62 size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags)
68 ret += ndr_size_dom_sid(sd->owner_sid, flags);
69 ret += ndr_size_dom_sid(sd->group_sid, flags);
70 ret += ndr_size_security_acl(sd->dacl, flags);
71 ret += ndr_size_security_acl(sd->sacl, flags);
78 void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
80 ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
83 void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
85 ndr_print_dom_sid(ndr, name, sid);
88 void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
90 ndr_print_dom_sid(ndr, name, sid);
93 static NTSTATUS ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r)
95 NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
99 static NTSTATUS ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r)
102 NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
107 void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r)
109 ndr_print_uint8(ndr, name, r);
111 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_OBJECT_INHERIT", SEC_ACE_FLAG_OBJECT_INHERIT, r);
112 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_CONTAINER_INHERIT", SEC_ACE_FLAG_CONTAINER_INHERIT, r);
113 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_NO_PROPAGATE_INHERIT", SEC_ACE_FLAG_NO_PROPAGATE_INHERIT, r);
114 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_INHERIT_ONLY", SEC_ACE_FLAG_INHERIT_ONLY, r);
115 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_INHERITED_ACE", SEC_ACE_FLAG_INHERITED_ACE, r);
116 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_VALID_INHERIT", SEC_ACE_FLAG_VALID_INHERIT, r);
117 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_SUCCESSFUL_ACCESS", SEC_ACE_FLAG_SUCCESSFUL_ACCESS, r);
118 ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_FAILED_ACCESS", SEC_ACE_FLAG_FAILED_ACCESS, r);
122 static NTSTATUS ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r)
124 NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
128 static NTSTATUS ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r)
131 NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
132 *r = (enum security_ace_type)v;
136 void ndr_print_security_ace_type(struct ndr_print *ndr, const char *name, enum security_ace_type r)
138 const char *val = NULL;
141 case SEC_ACE_TYPE_ACCESS_ALLOWED: val = "SEC_ACE_TYPE_ACCESS_ALLOWED"; break;
142 case SEC_ACE_TYPE_ACCESS_DENIED: val = "SEC_ACE_TYPE_ACCESS_DENIED"; break;
143 case SEC_ACE_TYPE_SYSTEM_AUDIT: val = "SEC_ACE_TYPE_SYSTEM_AUDIT"; break;
144 case SEC_ACE_TYPE_SYSTEM_ALARM: val = "SEC_ACE_TYPE_SYSTEM_ALARM"; break;
145 case SEC_ACE_TYPE_ALLOWED_COMPOUND: val = "SEC_ACE_TYPE_ALLOWED_COMPOUND"; break;
146 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: val = "SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT"; break;
147 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: val = "SEC_ACE_TYPE_ACCESS_DENIED_OBJECT"; break;
148 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: val = "SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT"; break;
149 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: val = "SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT"; break;
151 ndr_print_enum(ndr, name, "ENUM", val, r);
154 static NTSTATUS ndr_push_security_ace_object_flags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
156 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
160 static NTSTATUS ndr_pull_security_ace_object_flags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
163 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
168 void ndr_print_security_ace_object_flags(struct ndr_print *ndr, const char *name, uint32_t r)
170 ndr_print_uint32(ndr, name, r);
172 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_ACE_OBJECT_TYPE_PRESENT", SEC_ACE_OBJECT_TYPE_PRESENT, r);
173 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT", SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT, r);
177 static NTSTATUS ndr_push_security_ace_object_type(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_type *r)
180 level = ndr_push_get_switch_value(ndr, r);
181 if (ndr_flags & NDR_SCALARS) {
183 case SEC_ACE_OBJECT_TYPE_PRESENT:
184 NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->type));
192 if (ndr_flags & NDR_BUFFERS) {
194 case SEC_ACE_OBJECT_TYPE_PRESENT:
205 static NTSTATUS ndr_pull_security_ace_object_type(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_type *r)
208 level = ndr_pull_get_switch_value(ndr, r);
209 if (ndr_flags & NDR_SCALARS) {
211 case SEC_ACE_OBJECT_TYPE_PRESENT: {
212 NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->type));
220 if (ndr_flags & NDR_BUFFERS) {
222 case SEC_ACE_OBJECT_TYPE_PRESENT:
233 void ndr_print_security_ace_object_type(struct ndr_print *ndr, const char *name, const union security_ace_object_type *r)
236 level = ndr_print_get_switch_value(ndr, r);
237 ndr_print_union(ndr, name, level, "security_ace_object_type");
239 case SEC_ACE_OBJECT_TYPE_PRESENT:
240 ndr_print_GUID(ndr, "type", &r->type);
249 static NTSTATUS ndr_push_security_ace_object_inherited_type(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_inherited_type *r)
252 level = ndr_push_get_switch_value(ndr, r);
253 if (ndr_flags & NDR_SCALARS) {
255 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
256 NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->inherited_type));
264 if (ndr_flags & NDR_BUFFERS) {
266 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
277 static NTSTATUS ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_inherited_type *r)
280 level = ndr_pull_get_switch_value(ndr, r);
281 if (ndr_flags & NDR_SCALARS) {
283 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
284 NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->inherited_type));
292 if (ndr_flags & NDR_BUFFERS) {
294 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
305 void ndr_print_security_ace_object_inherited_type(struct ndr_print *ndr, const char *name, const union security_ace_object_inherited_type *r)
308 level = ndr_print_get_switch_value(ndr, r);
309 ndr_print_union(ndr, name, level, "security_ace_object_inherited_type");
311 case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
312 ndr_print_GUID(ndr, "inherited_type", &r->inherited_type);
321 static NTSTATUS ndr_push_security_ace_object(struct ndr_push *ndr, int ndr_flags, const struct security_ace_object *r)
323 if (ndr_flags & NDR_SCALARS) {
324 NDR_CHECK(ndr_push_align(ndr, 4));
325 NDR_CHECK(ndr_push_security_ace_object_flags(ndr, NDR_SCALARS, r->flags));
326 NDR_CHECK(ndr_push_set_switch_value(ndr, &r->type, r->flags&SEC_ACE_OBJECT_TYPE_PRESENT));
327 NDR_CHECK(ndr_push_security_ace_object_type(ndr, NDR_SCALARS, &r->type));
328 NDR_CHECK(ndr_push_set_switch_value(ndr, &r->inherited_type, r->flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
329 NDR_CHECK(ndr_push_security_ace_object_inherited_type(ndr, NDR_SCALARS, &r->inherited_type));
331 if (ndr_flags & NDR_BUFFERS) {
332 NDR_CHECK(ndr_push_security_ace_object_type(ndr, NDR_BUFFERS, &r->type));
333 NDR_CHECK(ndr_push_security_ace_object_inherited_type(ndr, NDR_BUFFERS, &r->inherited_type));
338 static NTSTATUS ndr_pull_security_ace_object(struct ndr_pull *ndr, int ndr_flags, struct security_ace_object *r)
340 if (ndr_flags & NDR_SCALARS) {
341 NDR_CHECK(ndr_pull_align(ndr, 4));
342 NDR_CHECK(ndr_pull_security_ace_object_flags(ndr, NDR_SCALARS, &r->flags));
343 NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->type, r->flags&SEC_ACE_OBJECT_TYPE_PRESENT));
344 NDR_CHECK(ndr_pull_security_ace_object_type(ndr, NDR_SCALARS, &r->type));
345 NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->inherited_type, r->flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
346 NDR_CHECK(ndr_pull_security_ace_object_inherited_type(ndr, NDR_SCALARS, &r->inherited_type));
348 if (ndr_flags & NDR_BUFFERS) {
349 NDR_CHECK(ndr_pull_security_ace_object_type(ndr, NDR_BUFFERS, &r->type));
350 NDR_CHECK(ndr_pull_security_ace_object_inherited_type(ndr, NDR_BUFFERS, &r->inherited_type));
355 void ndr_print_security_ace_object(struct ndr_print *ndr, const char *name, const struct security_ace_object *r)
357 ndr_print_struct(ndr, name, "security_ace_object");
359 ndr_print_security_ace_object_flags(ndr, "flags", r->flags);
360 ndr_print_set_switch_value(ndr, &r->type, r->flags&SEC_ACE_OBJECT_TYPE_PRESENT);
361 ndr_print_security_ace_object_type(ndr, "type", &r->type);
362 ndr_print_set_switch_value(ndr, &r->inherited_type, r->flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT);
363 ndr_print_security_ace_object_inherited_type(ndr, "inherited_type", &r->inherited_type);
367 static NTSTATUS ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r)
370 level = ndr_push_get_switch_value(ndr, r);
371 if (ndr_flags & NDR_SCALARS) {
373 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
374 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
377 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
378 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
381 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
382 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
385 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
386 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
394 if (ndr_flags & NDR_BUFFERS) {
396 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
397 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
400 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
401 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
404 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
405 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
408 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
409 NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
420 static NTSTATUS ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r)
423 level = ndr_pull_get_switch_value(ndr, r);
424 if (ndr_flags & NDR_SCALARS) {
426 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
427 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
430 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: {
431 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
434 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: {
435 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
438 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: {
439 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
447 if (ndr_flags & NDR_BUFFERS) {
449 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
450 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
453 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
454 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
457 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
458 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
461 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
462 NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
473 void ndr_print_security_ace_object_ctr(struct ndr_print *ndr, const char *name, const union security_ace_object_ctr *r)
476 level = ndr_print_get_switch_value(ndr, r);
477 ndr_print_union(ndr, name, level, "security_ace_object_ctr");
479 case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
480 ndr_print_security_ace_object(ndr, "object", &r->object);
483 case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
484 ndr_print_security_ace_object(ndr, "object", &r->object);
487 case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
488 ndr_print_security_ace_object(ndr, "object", &r->object);
491 case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
492 ndr_print_security_ace_object(ndr, "object", &r->object);
501 NTSTATUS ndr_push_security_ace(struct ndr_push *ndr, int ndr_flags, const struct security_ace *r)
503 if (ndr_flags & NDR_SCALARS) {
504 NDR_CHECK(ndr_push_align(ndr, 4));
505 NDR_CHECK(ndr_push_security_ace_type(ndr, NDR_SCALARS, r->type));
506 NDR_CHECK(ndr_push_security_ace_flags(ndr, NDR_SCALARS, r->flags));
507 NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ndr_size_security_ace(r,ndr->flags)));
508 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->access_mask));
509 NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, r->type));
510 NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
511 NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee));
513 if (ndr_flags & NDR_BUFFERS) {
514 NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
519 NTSTATUS ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r)
521 if (ndr_flags & NDR_SCALARS) {
522 NDR_CHECK(ndr_pull_align(ndr, 4));
523 NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type));
524 NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags));
525 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
526 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask));
527 NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
528 NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
529 NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
531 if (ndr_flags & NDR_BUFFERS) {
532 NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
537 void ndr_print_security_ace(struct ndr_print *ndr, const char *name, const struct security_ace *r)
539 ndr_print_struct(ndr, name, "security_ace");
541 ndr_print_security_ace_type(ndr, "type", r->type);
542 ndr_print_security_ace_flags(ndr, "flags", r->flags);
543 ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_ace(r,ndr->flags):r->size);
544 ndr_print_uint32(ndr, "access_mask", r->access_mask);
545 ndr_print_set_switch_value(ndr, &r->object, r->type);
546 ndr_print_security_ace_object_ctr(ndr, "object", &r->object);
547 ndr_print_dom_sid(ndr, "trustee", &r->trustee);
551 static NTSTATUS ndr_push_security_acl_revision(struct ndr_push *ndr, int ndr_flags, enum security_acl_revision r)
553 NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
557 static NTSTATUS ndr_pull_security_acl_revision(struct ndr_pull *ndr, int ndr_flags, enum security_acl_revision *r)
560 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
561 *r = (enum security_acl_revision)v;
565 void ndr_print_security_acl_revision(struct ndr_print *ndr, const char *name, enum security_acl_revision r)
567 const char *val = NULL;
570 case SECURITY_ACL_REVISION_NT4: val = "SECURITY_ACL_REVISION_NT4"; break;
571 case SECURITY_ACL_REVISION_ADS: val = "SECURITY_ACL_REVISION_ADS"; break;
573 ndr_print_enum(ndr, name, "ENUM", val, r);
576 NTSTATUS ndr_push_security_acl(struct ndr_push *ndr, int ndr_flags, const struct security_acl *r)
578 uint32_t cntr_aces_0;
579 if (ndr_flags & NDR_SCALARS) {
580 NDR_CHECK(ndr_push_align(ndr, 4));
581 NDR_CHECK(ndr_push_security_acl_revision(ndr, NDR_SCALARS, r->revision));
582 NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ndr_size_security_acl(r,ndr->flags)));
583 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_aces));
584 for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
585 NDR_CHECK(ndr_push_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0]));
588 if (ndr_flags & NDR_BUFFERS) {
589 for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
590 NDR_CHECK(ndr_push_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0]));
596 NTSTATUS ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_flags, struct security_acl *r)
598 uint32_t cntr_aces_0;
599 TALLOC_CTX *_mem_save_aces_0;
600 if (ndr_flags & NDR_SCALARS) {
601 NDR_CHECK(ndr_pull_align(ndr, 4));
602 NDR_CHECK(ndr_pull_security_acl_revision(ndr, NDR_SCALARS, &r->revision));
603 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
604 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
605 if (r->num_aces > 1000) { /* num_aces is unsigned */
606 return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
608 NDR_PULL_ALLOC_N(ndr, r->aces, r->num_aces);
609 _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr);
610 NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0);
611 for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
612 NDR_CHECK(ndr_pull_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0]));
614 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0);
616 if (ndr_flags & NDR_BUFFERS) {
617 _mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr);
618 NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0);
619 for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
620 NDR_CHECK(ndr_pull_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0]));
622 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0);
627 void ndr_print_security_acl(struct ndr_print *ndr, const char *name, const struct security_acl *r)
629 uint32_t cntr_aces_0;
630 ndr_print_struct(ndr, name, "security_acl");
632 ndr_print_security_acl_revision(ndr, "revision", r->revision);
633 ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_acl(r,ndr->flags):r->size);
634 ndr_print_uint32(ndr, "num_aces", r->num_aces);
635 ndr->print(ndr, "%s: ARRAY(%d)", "aces", r->num_aces);
637 for (cntr_aces_0=0;cntr_aces_0<r->num_aces;cntr_aces_0++) {
639 asprintf(&idx_0, "[%d]", cntr_aces_0);
641 ndr_print_security_ace(ndr, "aces", &r->aces[cntr_aces_0]);
649 static NTSTATUS ndr_push_security_descriptor_revision(struct ndr_push *ndr, int ndr_flags, enum security_descriptor_revision r)
651 NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
655 static NTSTATUS ndr_pull_security_descriptor_revision(struct ndr_pull *ndr, int ndr_flags, enum security_descriptor_revision *r)
658 NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
659 *r = (enum security_descriptor_revision)v;
663 void ndr_print_security_descriptor_revision(struct ndr_print *ndr, const char *name, enum security_descriptor_revision r)
665 const char *val = NULL;
668 case SECURITY_DESCRIPTOR_REVISION_1: val = "SECURITY_DESCRIPTOR_REVISION_1"; break;
670 ndr_print_enum(ndr, name, "ENUM", val, r);
673 static NTSTATUS ndr_push_security_descriptor_type(struct ndr_push *ndr, int ndr_flags, uint16_t r)
675 NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
679 static NTSTATUS ndr_pull_security_descriptor_type(struct ndr_pull *ndr, int ndr_flags, uint16_t *r)
682 NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
687 void ndr_print_security_descriptor_type(struct ndr_print *ndr, const char *name, uint16_t r)
689 ndr_print_uint16(ndr, name, r);
691 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_OWNER_DEFAULTED", SEC_DESC_OWNER_DEFAULTED, r);
692 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_GROUP_DEFAULTED", SEC_DESC_GROUP_DEFAULTED, r);
693 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_PRESENT", SEC_DESC_DACL_PRESENT, r);
694 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_DEFAULTED", SEC_DESC_DACL_DEFAULTED, r);
695 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_PRESENT", SEC_DESC_SACL_PRESENT, r);
696 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_DEFAULTED", SEC_DESC_SACL_DEFAULTED, r);
697 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_TRUSTED", SEC_DESC_DACL_TRUSTED, r);
698 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SERVER_SECURITY", SEC_DESC_SERVER_SECURITY, r);
699 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_AUTO_INHERIT_REQ", SEC_DESC_DACL_AUTO_INHERIT_REQ, r);
700 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_AUTO_INHERIT_REQ", SEC_DESC_SACL_AUTO_INHERIT_REQ, r);
701 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_AUTO_INHERITED", SEC_DESC_DACL_AUTO_INHERITED, r);
702 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_AUTO_INHERITED", SEC_DESC_SACL_AUTO_INHERITED, r);
703 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_PROTECTED", SEC_DESC_DACL_PROTECTED, r);
704 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_PROTECTED", SEC_DESC_SACL_PROTECTED, r);
705 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_RM_CONTROL_VALID", SEC_DESC_RM_CONTROL_VALID, r);
706 ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SELF_RELATIVE", SEC_DESC_SELF_RELATIVE, r);
710 NTSTATUS ndr_push_security_descriptor(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor *r)
713 uint32_t _flags_save_STRUCT = ndr->flags;
714 ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
715 if (ndr_flags & NDR_SCALARS) {
716 NDR_CHECK(ndr_push_align(ndr, 4));
717 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
718 NDR_CHECK(ndr_push_security_descriptor_type(ndr, NDR_SCALARS, r->type));
719 NDR_CHECK(ndr_push_relative_ptr1(ndr, r->owner_sid));
720 NDR_CHECK(ndr_push_relative_ptr1(ndr, r->group_sid));
721 NDR_CHECK(ndr_push_relative_ptr1(ndr, r->sacl));
722 NDR_CHECK(ndr_push_relative_ptr1(ndr, r->dacl));
724 if (ndr_flags & NDR_BUFFERS) {
726 NDR_CHECK(ndr_push_relative_ptr2(ndr, r->owner_sid));
727 NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
730 NDR_CHECK(ndr_push_relative_ptr2(ndr, r->group_sid));
731 NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid));
734 NDR_CHECK(ndr_push_relative_ptr2(ndr, r->sacl));
735 NDR_CHECK(ndr_push_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->sacl));
738 NDR_CHECK(ndr_push_relative_ptr2(ndr, r->dacl));
739 NDR_CHECK(ndr_push_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->dacl));
742 ndr->flags = _flags_save_STRUCT;
747 NTSTATUS ndr_pull_security_descriptor(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor *r)
749 uint32_t _ptr_owner_sid;
750 TALLOC_CTX *_mem_save_owner_sid_0;
751 uint32_t _ptr_group_sid;
752 TALLOC_CTX *_mem_save_group_sid_0;
754 TALLOC_CTX *_mem_save_sacl_0;
756 TALLOC_CTX *_mem_save_dacl_0;
758 uint32_t _flags_save_STRUCT = ndr->flags;
759 ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
760 if (ndr_flags & NDR_SCALARS) {
761 NDR_CHECK(ndr_pull_align(ndr, 4));
762 NDR_CHECK(ndr_pull_security_descriptor_revision(ndr, NDR_SCALARS, &r->revision));
763 NDR_CHECK(ndr_pull_security_descriptor_type(ndr, NDR_SCALARS, &r->type));
764 NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
765 if (_ptr_owner_sid) {
766 NDR_PULL_ALLOC(ndr, r->owner_sid);
767 NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->owner_sid, _ptr_owner_sid));
771 NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
772 if (_ptr_group_sid) {
773 NDR_PULL_ALLOC(ndr, r->group_sid);
774 NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->group_sid, _ptr_group_sid));
778 NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
780 NDR_PULL_ALLOC(ndr, r->sacl);
781 NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
785 NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
787 NDR_PULL_ALLOC(ndr, r->dacl);
788 NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
793 if (ndr_flags & NDR_BUFFERS) {
795 struct ndr_pull_save _relative_save;
796 ndr_pull_save(ndr, &_relative_save);
797 NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
798 _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
799 NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
800 NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
801 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
802 ndr_pull_restore(ndr, &_relative_save);
805 struct ndr_pull_save _relative_save;
806 ndr_pull_save(ndr, &_relative_save);
807 NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
808 _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
809 NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
810 NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
811 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
812 ndr_pull_restore(ndr, &_relative_save);
815 struct ndr_pull_save _relative_save;
816 ndr_pull_save(ndr, &_relative_save);
817 NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
818 _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
819 NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
820 NDR_CHECK(ndr_pull_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->sacl));
821 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
822 ndr_pull_restore(ndr, &_relative_save);
825 struct ndr_pull_save _relative_save;
826 ndr_pull_save(ndr, &_relative_save);
827 NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
828 _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
829 NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
830 NDR_CHECK(ndr_pull_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->dacl));
831 NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
832 ndr_pull_restore(ndr, &_relative_save);
835 ndr->flags = _flags_save_STRUCT;
840 void ndr_print_security_descriptor(struct ndr_print *ndr, const char *name, const struct security_descriptor *r)
842 ndr_print_struct(ndr, name, "security_descriptor");
844 uint32_t _flags_save_STRUCT = ndr->flags;
845 ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
847 ndr_print_security_descriptor_revision(ndr, "revision", r->revision);
848 ndr_print_security_descriptor_type(ndr, "type", r->type);
849 ndr_print_ptr(ndr, "owner_sid", r->owner_sid);
852 ndr_print_dom_sid(ndr, "owner_sid", r->owner_sid);
855 ndr_print_ptr(ndr, "group_sid", r->group_sid);
858 ndr_print_dom_sid(ndr, "group_sid", r->group_sid);
861 ndr_print_ptr(ndr, "sacl", r->sacl);
864 ndr_print_security_acl(ndr, "sacl", r->sacl);
867 ndr_print_ptr(ndr, "dacl", r->dacl);
870 ndr_print_security_acl(ndr, "dacl", r->dacl);
874 ndr->flags = _flags_save_STRUCT;
878 NTSTATUS ndr_push_security_secinfo(struct ndr_push *ndr, int ndr_flags, uint32_t r)
880 NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
884 NTSTATUS ndr_pull_security_secinfo(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
887 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
892 void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name, uint32_t r)
894 ndr_print_uint32(ndr, name, r);
896 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_OWNER", SECINFO_OWNER, r);
897 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_GROUP", SECINFO_GROUP, r);
898 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_DACL", SECINFO_DACL, r);
899 ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_SACL", SECINFO_SACL, r);
git.samba.org / tprouty / samba.git / blob