/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- make_sec_acl
- dup_sec_acl
- sec_acl_equal
1 /*
2 * Unix SMB/Netbios implementation.
3 * SEC_ACL handling routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Jeremy R. Allison 1995-2003.
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7 * Copyright (C) Paul Ashton 1997-1998.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "librpc/gen_ndr/ndr_security.h"
25 #include "libcli/security/secace.h"
26
27 #define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16_t) + sizeof(uint32_t))
28
29 /*******************************************************************
30 Create a SEC_ACL structure.
31 ********************************************************************/
32
33 struct security_acl *make_sec_acl(TALLOC_CTX *ctx,
/* [<][>][^][v][top][bottom][index][help] */
34 enum security_acl_revision revision,
35 int num_aces, struct security_ace *ace_list)
36 {
37 struct security_acl *dst;
38 int i;
39
40 if((dst = talloc_zero(ctx, struct security_acl)) == NULL)
41 return NULL;
42
43 dst->revision = revision;
44 dst->num_aces = num_aces;
45 dst->size = SEC_ACL_HEADER_SIZE;
46
47 /* Now we need to return a non-NULL address for the ace list even
48 if the number of aces required is zero. This is because there
49 is a distinct difference between a NULL ace and an ace with zero
50 entries in it. This is achieved by checking that num_aces is a
51 positive number. */
52
53 if ((num_aces) &&
54 ((dst->aces = talloc_array(ctx, struct security_ace, num_aces))
55 == NULL)) {
56 return NULL;
57 }
58
59 for (i = 0; i < num_aces; i++) {
60 dst->aces[i] = ace_list[i]; /* Structure copy. */
61 dst->size += ace_list[i].size;
62 }
63
64 return dst;
65 }
66
67 /*******************************************************************
68 Duplicate a SEC_ACL structure.
69 ********************************************************************/
70
71 struct security_acl *dup_sec_acl(TALLOC_CTX *ctx, struct security_acl *src)
/* [<][>][^][v][top][bottom][index][help] */
72 {
73 if(src == NULL)
74 return NULL;
75
76 return make_sec_acl(ctx, src->revision, src->num_aces, src->aces);
77 }
78
79 /*******************************************************************
80 Compares two SEC_ACL structures
81 ********************************************************************/
82
83 bool sec_acl_equal(struct security_acl *s1, struct security_acl *s2)
/* [<][>][^][v][top][bottom][index][help] */
84 {
85 unsigned int i, j;
86
87 /* Trivial cases */
88
89 if (!s1 && !s2) return true;
90 if (!s1 || !s2) return false;
91
92 /* Check top level stuff */
93
94 if (s1->revision != s2->revision) {
95 DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n",
96 s1->revision, s2->revision));
97 return false;
98 }
99
100 if (s1->num_aces != s2->num_aces) {
101 DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n",
102 s1->revision, s2->revision));
103 return false;
104 }
105
106 /* The ACEs could be in any order so check each ACE in s1 against
107 each ACE in s2. */
108
109 for (i = 0; i < s1->num_aces; i++) {
110 bool found = false;
111
112 for (j = 0; j < s2->num_aces; j++) {
113 if (sec_ace_equal(&s1->aces[i], &s2->aces[j])) {
114 found = true;
115 break;
116 }
117 }
118
119 if (!found) return false;
120 }
121
122 return true;
123 }