From e7dd6a12913464fd752ddb94bd2f553f14007c74 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Apr 2005 23:08:04 +0000 Subject: r6287: sorted out a small but surprisingly tricky dependency problem with the ndr code for handling sids and security descriptors now that we have a sid in the nbt IDL (This used to be commit f8e77fcdeac704aed5e501aa9108f3ed0ab26ca4) --- source4/librpc/idl/nbt.idl | 4 +- source4/librpc/ndr/ndr_sec.c | 77 -------------------- source4/librpc/ndr/ndr_sec_helper.c | 136 ++++++++++++++++++++++++++++++++++++ 3 files changed, 137 insertions(+), 80 deletions(-) create mode 100644 source4/librpc/ndr/ndr_sec_helper.c (limited to 'source4/librpc') diff --git a/source4/librpc/idl/nbt.idl b/source4/librpc/idl/nbt.idl index d2e32f6881..5876eb77ca 100644 --- a/source4/librpc/idl/nbt.idl +++ b/source4/librpc/idl/nbt.idl @@ -391,9 +391,7 @@ typedef [flag(NDR_NOALIGN),public] struct { nbt_netlogon_command command; - uint8 pad; + [value(0)] uint8 pad; [switch_is(command)] nbt_netlogon_request req; } nbt_netlogon_packet; - - void nbt_netlogon([in] nbt_netlogon_packet logon); } diff --git a/source4/librpc/ndr/ndr_sec.c b/source4/librpc/ndr/ndr_sec.c index 73d9ddc1d1..9e4bc526dc 100644 --- a/source4/librpc/ndr/ndr_sec.c +++ b/source4/librpc/ndr/ndr_sec.c @@ -116,80 +116,3 @@ NTSTATUS ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, struct dom_sid return NT_STATUS_OK; } -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -/* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(struct dom_sid *sid) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -/* - return the wire size of a dom_sid -*/ -size_t ndr_length_dom_sid(struct dom_sid *sid) -{ - if (!sid) return 0; - if (sid->sid_rev_num == 0) return 0; - return 8 + 4*sid->num_auths; -} - -/* - return the wire size of a security_ace -*/ -size_t ndr_size_security_ace(struct security_ace *ace) -{ - if (!ace) return 0; - return 8 + ndr_size_dom_sid(&ace->trustee); -} - - -/* - return the wire size of a security_acl -*/ -size_t ndr_size_security_acl(struct security_acl *acl) -{ - size_t ret; - int i; - if (!acl) return 0; - ret = 8; - for (i=0;inum_aces;i++) { - ret += ndr_size_security_ace(&acl->aces[i]); - } - return ret; -} - -/* - return the wire size of a security descriptor -*/ -size_t ndr_size_security_descriptor(struct security_descriptor *sd) -{ - size_t ret; - if (!sd) return 0; - - ret = 20; - ret += ndr_size_dom_sid(sd->owner_sid); - ret += ndr_size_dom_sid(sd->group_sid); - ret += ndr_size_security_acl(sd->dacl); - ret += ndr_size_security_acl(sd->sacl); - return ret; -} diff --git a/source4/librpc/ndr/ndr_sec_helper.c b/source4/librpc/ndr/ndr_sec_helper.c new file mode 100644 index 0000000000..268f270ebe --- /dev/null +++ b/source4/librpc/ndr/ndr_sec_helper.c @@ -0,0 +1,136 @@ +/* + Unix SMB/CIFS implementation. + + fast routines for getting the wire size of security objects + + Copyright (C) Andrew Tridgell 2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + + +#include "includes.h" +#include "librpc/gen_ndr/ndr_security.h" + +/* + return the wire size of a dom_sid +*/ +size_t ndr_size_dom_sid(struct dom_sid *sid) +{ + if (!sid) return 0; + return 8 + 4*sid->num_auths; +} + +/* + return the wire size of a dom_sid +*/ +size_t ndr_length_dom_sid(struct dom_sid *sid) +{ + if (!sid) return 0; + if (sid->sid_rev_num == 0) return 0; + return 8 + 4*sid->num_auths; +} + +/* + return the wire size of a security_ace +*/ +size_t ndr_size_security_ace(struct security_ace *ace) +{ + if (!ace) return 0; + return 8 + ndr_size_dom_sid(&ace->trustee); +} + + +/* + return the wire size of a security_acl +*/ +size_t ndr_size_security_acl(struct security_acl *acl) +{ + size_t ret; + int i; + if (!acl) return 0; + ret = 8; + for (i=0;inum_aces;i++) { + ret += ndr_size_security_ace(&acl->aces[i]); + } + return ret; +} + +/* + return the wire size of a security descriptor +*/ +size_t ndr_size_security_descriptor(struct security_descriptor *sd) +{ + size_t ret; + if (!sd) return 0; + + ret = 20; + ret += ndr_size_dom_sid(sd->owner_sid); + ret += ndr_size_dom_sid(sd->group_sid); + ret += ndr_size_security_acl(sd->dacl); + ret += ndr_size_security_acl(sd->sacl); + return ret; +} + +/* + print a dom_sid +*/ +void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, struct dom_sid *sid) +{ + ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); +} + +void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +/* + convert a dom_sid to a string +*/ +char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) +{ + int i, ofs, maxlen; + uint32_t ia; + char *ret; + + if (!sid) { + return talloc_strdup(mem_ctx, "(NULL SID)"); + } + + maxlen = sid->num_auths * 11 + 25; + ret = talloc_size(mem_ctx, maxlen); + if (!ret) return talloc_strdup(mem_ctx, "(SID ERR)"); + + ia = (sid->id_auth[5]) + + (sid->id_auth[4] << 8 ) + + (sid->id_auth[3] << 16) + + (sid->id_auth[2] << 24); + + ofs = snprintf(ret, maxlen, "S-%u-%lu", + (uint_t)sid->sid_rev_num, (unsigned long)ia); + + for (i = 0; i < sid->num_auths; i++) { + ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu", (unsigned long)sid->sub_auths[i]); + } + + return ret; +} + -- cgit