関数 | |
BOOL | sec_ace_object (uint8 type) |
void | sec_ace_copy (SEC_ACE *ace_dest, SEC_ACE *ace_src) |
void | init_sec_ace (SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag) |
NTSTATUS | sec_ace_add_sid (TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask) |
NTSTATUS | sec_ace_mod_sid (SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask) |
NTSTATUS | sec_ace_del_sid (TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 *num, DOM_SID *sid) |
BOOL | sec_ace_equal (SEC_ACE *s1, SEC_ACE *s2) |
int | nt_ace_inherit_comp (SEC_ACE *a1, SEC_ACE *a2) |
int | nt_ace_canon_comp (SEC_ACE *a1, SEC_ACE *a2) |
void | dacl_sort_into_canonical_order (SEC_ACE *srclist, unsigned int num_aces) |
BOOL | token_sid_in_ace (const NT_USER_TOKEN *token, const SEC_ACE *ace) |
BOOL sec_ace_object | ( | uint8 | type | ) |
参照先 SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT・SEC_ACE_TYPE_ACCESS_DENIED_OBJECT・SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT・SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT.
参照元 ads_disp_ace()・sec_io_ace().
00031 { 00032 if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || 00033 type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || 00034 type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || 00035 type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) { 00036 return True; 00037 } 00038 return False; 00039 }
参照先 security_ace_info::access_mask・security_ace_info::flags・security_ace_info::inh_guid・security_ace_info::obj_flags・security_ace_info::obj_guid・sid_copy()・security_ace_info::size・security_ace_info::trustee・security_ace_info::type.
参照元 append_parent_acl()・sec_ace_add_sid()・sec_ace_del_sid().
00045 { 00046 ace_dest->type = ace_src->type; 00047 ace_dest->flags = ace_src->flags; 00048 ace_dest->size = ace_src->size; 00049 ace_dest->access_mask = ace_src->access_mask; 00050 ace_dest->obj_flags = ace_src->obj_flags; 00051 memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct GUID)); 00052 memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct GUID)); 00053 sid_copy(&ace_dest->trustee, &ace_src->trustee); 00054 }
void init_sec_ace | ( | SEC_ACE * | t, | |
const DOM_SID * | sid, | |||
uint8 | type, | |||
SEC_ACCESS | mask, | |||
uint8 | flag | |||
) |
参照先 sid_copy()・sid_size()・t.
参照元 afs_to_nt_acl()・construct_default_printer_sdb()・construct_registry_sd()・construct_scm_sd()・construct_service_sd()・get_nt_acl()・get_share_security_default()・lsa_get_generic_sd()・make_default_reg_sd()・make_samr_object_sd()・parse_usershare_acl()・py_to_ACE()・samr_make_sam_obj_sd()・smbacl4_nfs42win().
00061 { 00062 t->type = type; 00063 t->flags = flag; 00064 t->size = sid_size(sid) + 8; 00065 t->access_mask = mask; 00066 00067 ZERO_STRUCTP(&t->trustee); 00068 sid_copy(&t->trustee, sid); 00069 }
NTSTATUS sec_ace_add_sid | ( | TALLOC_CTX * | ctx, | |
SEC_ACE ** | pp_new, | |||
SEC_ACE * | old, | |||
unsigned * | num, | |||
DOM_SID * | sid, | |||
uint32 | mask | |||
) |
参照先 sec_ace_copy()・sid_copy()・sid_size().
参照元 sec_desc_add_sid().
00076 { 00077 unsigned int i = 0; 00078 00079 if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; 00080 00081 *num += 1; 00082 00083 if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) 00084 return NT_STATUS_NO_MEMORY; 00085 00086 for (i = 0; i < *num - 1; i ++) 00087 sec_ace_copy(&(*pp_new)[i], &old[i]); 00088 00089 (*pp_new)[i].type = 0; 00090 (*pp_new)[i].flags = 0; 00091 (*pp_new)[i].size = SEC_ACE_HEADER_SIZE + sid_size(sid); 00092 (*pp_new)[i].access_mask = mask; 00093 sid_copy(&(*pp_new)[i].trustee, sid); 00094 return NT_STATUS_OK; 00095 }
参照先 sid_compare().
参照元 sec_desc_mod_sid().
00102 { 00103 unsigned int i = 0; 00104 00105 if (!ace || !sid) return NT_STATUS_INVALID_PARAMETER; 00106 00107 for (i = 0; i < num; i ++) { 00108 if (sid_compare(&ace[i].trustee, sid) == 0) { 00109 ace[i].access_mask = mask; 00110 return NT_STATUS_OK; 00111 } 00112 } 00113 return NT_STATUS_NOT_FOUND; 00114 }
NTSTATUS sec_ace_del_sid | ( | TALLOC_CTX * | ctx, | |
SEC_ACE ** | pp_new, | |||
SEC_ACE * | old, | |||
uint32 * | num, | |||
DOM_SID * | sid | |||
) |
参照先 sec_ace_copy()・sid_compare().
参照元 sec_desc_del_sid().
00121 { 00122 unsigned int i = 0; 00123 unsigned int n_del = 0; 00124 00125 if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; 00126 00127 if (*num) { 00128 if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) 00129 return NT_STATUS_NO_MEMORY; 00130 } else { 00131 pp_new[0] = NULL; 00132 } 00133 00134 for (i = 0; i < *num; i ++) { 00135 if (sid_compare(&old[i].trustee, sid) != 0) 00136 sec_ace_copy(&(*pp_new)[i], &old[i]); 00137 else 00138 n_del ++; 00139 } 00140 if (n_del == 0) 00141 return NT_STATUS_NOT_FOUND; 00142 else { 00143 *num -= n_del; 00144 return NT_STATUS_OK; 00145 } 00146 }
参照先 security_ace_info::access_mask・security_ace_info::flags・sid_equal()・security_ace_info::trustee・security_ace_info::type.
参照元 ace_compare()・cacl_set()・change_share_sec()・sec_acl_equal()・sort_acl().
00153 { 00154 /* Trivial case */ 00155 00156 if (!s1 && !s2) { 00157 return True; 00158 } 00159 00160 if (!s1 || !s2) { 00161 return False; 00162 } 00163 00164 /* Check top level stuff */ 00165 00166 if (s1->type != s2->type || s1->flags != s2->flags || 00167 s1->access_mask != s2->access_mask) { 00168 return False; 00169 } 00170 00171 /* Check SID */ 00172 00173 if (!sid_equal(&s1->trustee, &s2->trustee)) { 00174 return False; 00175 } 00176 00177 return True; 00178 }
参照元 dacl_sort_into_canonical_order().
00181 { 00182 int a1_inh = a1->flags & SEC_ACE_FLAG_INHERITED_ACE; 00183 int a2_inh = a2->flags & SEC_ACE_FLAG_INHERITED_ACE; 00184 00185 if (a1_inh == a2_inh) 00186 return 0; 00187 00188 if (!a1_inh && a2_inh) 00189 return -1; 00190 return 1; 00191 }
参照先 security_ace_info::flags・SEC_ACE_TYPE_ACCESS_DENIED・security_ace_info::type.
参照元 dacl_sort_into_canonical_order().
00198 { 00199 if ((a1->type == SEC_ACE_TYPE_ACCESS_DENIED) && 00200 (a2->type != SEC_ACE_TYPE_ACCESS_DENIED)) 00201 return -1; 00202 00203 if ((a2->type == SEC_ACE_TYPE_ACCESS_DENIED) && 00204 (a1->type != SEC_ACE_TYPE_ACCESS_DENIED)) 00205 return 1; 00206 00207 /* Both access denied or access allowed. */ 00208 00209 /* 1. ACEs that apply to the object itself */ 00210 00211 if (!(a1->flags & SEC_ACE_FLAG_INHERIT_ONLY) && 00212 (a2->flags & SEC_ACE_FLAG_INHERIT_ONLY)) 00213 return -1; 00214 else if (!(a2->flags & SEC_ACE_FLAG_INHERIT_ONLY) && 00215 (a1->flags & SEC_ACE_FLAG_INHERIT_ONLY)) 00216 return 1; 00217 00218 /* 2. ACEs that apply to a subobject of the object, such as 00219 * a property set or property. */ 00220 00221 if (a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) && 00222 !(a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT))) 00223 return -1; 00224 else if (a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) && 00225 !(a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT))) 00226 return 1; 00227 00228 return 0; 00229 }
void dacl_sort_into_canonical_order | ( | SEC_ACE * | srclist, | |
unsigned int | num_aces | |||
) |
参照先 nt_ace_canon_comp()・nt_ace_inherit_comp().
参照元 get_nt_acl().
00253 { 00254 unsigned int i; 00255 00256 if (!srclist || num_aces == 0) 00257 return; 00258 00259 /* Sort so that non-inherited ACE's come first. */ 00260 qsort( srclist, num_aces, sizeof(srclist[0]), QSORT_CAST nt_ace_inherit_comp); 00261 00262 /* Find the boundary between non-inherited ACEs. */ 00263 for (i = 0; i < num_aces; i++ ) { 00264 SEC_ACE *curr_ace = &srclist[i]; 00265 00266 if (curr_ace->flags & SEC_ACE_FLAG_INHERITED_ACE) 00267 break; 00268 } 00269 00270 /* i now points at entry number of the first inherited ACE. */ 00271 00272 /* Sort the non-inherited ACEs. */ 00273 if (i) 00274 qsort( srclist, i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); 00275 00276 /* Now sort the inherited ACEs. */ 00277 if (num_aces - i) 00278 qsort( &srclist[i], num_aces - i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp); 00279 }
BOOL token_sid_in_ace | ( | const NT_USER_TOKEN * | token, | |
const SEC_ACE * | ace | |||
) |
参照先 nt_user_token::num_sids・sid_equal()・security_ace_info::trustee・nt_user_token::user_sids.
参照元 check_ace()・get_max_access().
00286 { 00287 size_t i; 00288 00289 for (i = 0; i < token->num_sids; i++) { 00290 if (sid_equal(&ace->trustee, &token->user_sids[i])) 00291 return True; 00292 } 00293 00294 return False; 00295 }