root/libcli/security/secacl.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. make_sec_acl
  2. dup_sec_acl
  3. sec_acl_equal

   1 /* 
   2  *  Unix SMB/Netbios implementation.
   3  *  SEC_ACL handling routines
   4  *  Copyright (C) Andrew Tridgell              1992-1998,
   5  *  Copyright (C) Jeremy R. Allison            1995-2003.
   6  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
   7  *  Copyright (C) Paul Ashton                  1997-1998.
   8  *  
   9  *  This program is free software; you can redistribute it and/or modify
  10  *  it under the terms of the GNU General Public License as published by
  11  *  the Free Software Foundation; either version 3 of the License, or
  12  *  (at your option) any later version.
  13  *  
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *  
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  21  */
  22 
  23 #include "includes.h"
  24 #include "librpc/gen_ndr/ndr_security.h"
  25 #include "libcli/security/secace.h"
  26 
  27 #define  SEC_ACL_HEADER_SIZE (2 * sizeof(uint16_t) + sizeof(uint32_t))
  28 
  29 /*******************************************************************
  30  Create a SEC_ACL structure.  
  31 ********************************************************************/
  32 
  33 struct security_acl *make_sec_acl(TALLOC_CTX *ctx, 
     /* [<][>][^][v][top][bottom][index][help] */
  34                                                                   enum security_acl_revision revision,
  35                                                                   int num_aces, struct security_ace *ace_list)
  36 {
  37         struct security_acl *dst;
  38         int i;
  39 
  40         if((dst = talloc_zero(ctx, struct security_acl)) == NULL)
  41                 return NULL;
  42 
  43         dst->revision = revision;
  44         dst->num_aces = num_aces;
  45         dst->size = SEC_ACL_HEADER_SIZE;
  46 
  47         /* Now we need to return a non-NULL address for the ace list even
  48            if the number of aces required is zero.  This is because there
  49            is a distinct difference between a NULL ace and an ace with zero
  50            entries in it.  This is achieved by checking that num_aces is a
  51            positive number. */
  52 
  53         if ((num_aces) && 
  54             ((dst->aces = talloc_array(ctx, struct security_ace, num_aces)) 
  55              == NULL)) {
  56                 return NULL;
  57         }
  58         
  59         for (i = 0; i < num_aces; i++) {
  60                 dst->aces[i] = ace_list[i]; /* Structure copy. */
  61                 dst->size += ace_list[i].size;
  62         }
  63 
  64         return dst;
  65 }
  66 
  67 /*******************************************************************
  68  Duplicate a SEC_ACL structure.  
  69 ********************************************************************/
  70 
  71 struct security_acl *dup_sec_acl(TALLOC_CTX *ctx, struct security_acl *src)
     /* [<][>][^][v][top][bottom][index][help] */
  72 {
  73         if(src == NULL)
  74                 return NULL;
  75 
  76         return make_sec_acl(ctx, src->revision, src->num_aces, src->aces);
  77 }
  78 
  79 /*******************************************************************
  80  Compares two SEC_ACL structures
  81 ********************************************************************/
  82 
  83 bool sec_acl_equal(struct security_acl *s1, struct security_acl *s2)
     /* [<][>][^][v][top][bottom][index][help] */
  84 {
  85         unsigned int i, j;
  86 
  87         /* Trivial cases */
  88 
  89         if (!s1 && !s2) return true;
  90         if (!s1 || !s2) return false;
  91 
  92         /* Check top level stuff */
  93 
  94         if (s1->revision != s2->revision) {
  95                 DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n",
  96                            s1->revision, s2->revision));
  97                 return false;
  98         }
  99 
 100         if (s1->num_aces != s2->num_aces) {
 101                 DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n",
 102                            s1->revision, s2->revision));
 103                 return false;
 104         }
 105 
 106         /* The ACEs could be in any order so check each ACE in s1 against 
 107            each ACE in s2. */
 108 
 109         for (i = 0; i < s1->num_aces; i++) {
 110                 bool found = false;
 111 
 112                 for (j = 0; j < s2->num_aces; j++) {
 113                         if (sec_ace_equal(&s1->aces[i], &s2->aces[j])) {
 114                                 found = true;
 115                                 break;
 116                         }
 117                 }
 118 
 119                 if (!found) return false;
 120         }
 121 
 122         return true;
 123 }

/* [<][>][^][v][top][bottom][index][help] */