lib/secace.c

ソースコードを見る。

関数

BOOL sec_ace_object (uint8 type)
void sec_ace_copy (SEC_ACE *ace_dest, SEC_ACE *ace_src)
void init_sec_ace (SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag)
NTSTATUS sec_ace_add_sid (TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask)
NTSTATUS sec_ace_mod_sid (SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask)
NTSTATUS sec_ace_del_sid (TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 *num, DOM_SID *sid)
BOOL sec_ace_equal (SEC_ACE *s1, SEC_ACE *s2)
int nt_ace_inherit_comp (SEC_ACE *a1, SEC_ACE *a2)
int nt_ace_canon_comp (SEC_ACE *a1, SEC_ACE *a2)
void dacl_sort_into_canonical_order (SEC_ACE *srclist, unsigned int num_aces)
BOOL token_sid_in_ace (const NT_USER_TOKEN *token, const SEC_ACE *ace)

関数

BOOL sec_ace_object ( uint8  type  ) 

secace.c30 行で定義されています。

参照先 SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECTSEC_ACE_TYPE_ACCESS_DENIED_OBJECTSEC_ACE_TYPE_SYSTEM_ALARM_OBJECTSEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT.

参照元 ads_disp_ace()sec_io_ace().

00031 {
00032         if (type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
00033             type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
00034             type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
00035             type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) {
00036                 return True;
00037         }
00038         return False;
00039 }

void sec_ace_copy ( SEC_ACE ace_dest,
SEC_ACE ace_src 
)

secace.c44 行で定義されています。

参照先 security_ace_info::access_masksecurity_ace_info::flagssecurity_ace_info::inh_guidsecurity_ace_info::obj_flagssecurity_ace_info::obj_guidsid_copy()security_ace_info::sizesecurity_ace_info::trusteesecurity_ace_info::type.

参照元 append_parent_acl()sec_ace_add_sid()sec_ace_del_sid().

00045 {
00046         ace_dest->type  = ace_src->type;
00047         ace_dest->flags = ace_src->flags;
00048         ace_dest->size  = ace_src->size;
00049         ace_dest->access_mask = ace_src->access_mask;
00050         ace_dest->obj_flags = ace_src->obj_flags;
00051         memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct GUID));
00052         memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct GUID));
00053         sid_copy(&ace_dest->trustee, &ace_src->trustee);
00054 }

void init_sec_ace ( SEC_ACE t,
const DOM_SID sid,
uint8  type,
SEC_ACCESS  mask,
uint8  flag 
)

secace.c60 行で定義されています。

参照先 sid_copy()sid_size()t.

参照元 afs_to_nt_acl()construct_default_printer_sdb()construct_registry_sd()construct_scm_sd()construct_service_sd()get_nt_acl()get_share_security_default()lsa_get_generic_sd()make_default_reg_sd()make_samr_object_sd()parse_usershare_acl()py_to_ACE()samr_make_sam_obj_sd()smbacl4_nfs42win().

00061 {
00062         t->type = type;
00063         t->flags = flag;
00064         t->size = sid_size(sid) + 8;
00065         t->access_mask = mask;
00066 
00067         ZERO_STRUCTP(&t->trustee);
00068         sid_copy(&t->trustee, sid);
00069 }

NTSTATUS sec_ace_add_sid ( TALLOC_CTX ctx,
SEC_ACE **  pp_new,
SEC_ACE old,
unsigned *  num,
DOM_SID sid,
uint32  mask 
)

secace.c75 行で定義されています。

参照先 sec_ace_copy()sid_copy()sid_size().

参照元 sec_desc_add_sid().

00076 {
00077         unsigned int i = 0;
00078         
00079         if (!ctx || !pp_new || !old || !sid || !num)  return NT_STATUS_INVALID_PARAMETER;
00080 
00081         *num += 1;
00082         
00083         if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0)
00084                 return NT_STATUS_NO_MEMORY;
00085 
00086         for (i = 0; i < *num - 1; i ++)
00087                 sec_ace_copy(&(*pp_new)[i], &old[i]);
00088 
00089         (*pp_new)[i].type  = 0;
00090         (*pp_new)[i].flags = 0;
00091         (*pp_new)[i].size  = SEC_ACE_HEADER_SIZE + sid_size(sid);
00092         (*pp_new)[i].access_mask = mask;
00093         sid_copy(&(*pp_new)[i].trustee, sid);
00094         return NT_STATUS_OK;
00095 }

NTSTATUS sec_ace_mod_sid ( SEC_ACE ace,
size_t  num,
DOM_SID sid,
uint32  mask 
)

secace.c101 行で定義されています。

参照先 sid_compare().

参照元 sec_desc_mod_sid().

00102 {
00103         unsigned int i = 0;
00104 
00105         if (!ace || !sid)  return NT_STATUS_INVALID_PARAMETER;
00106 
00107         for (i = 0; i < num; i ++) {
00108                 if (sid_compare(&ace[i].trustee, sid) == 0) {
00109                         ace[i].access_mask = mask;
00110                         return NT_STATUS_OK;
00111                 }
00112         }
00113         return NT_STATUS_NOT_FOUND;
00114 }

NTSTATUS sec_ace_del_sid ( TALLOC_CTX ctx,
SEC_ACE **  pp_new,
SEC_ACE old,
uint32 *  num,
DOM_SID sid 
)

secace.c120 行で定義されています。

参照先 sec_ace_copy()sid_compare().

参照元 sec_desc_del_sid().

00121 {
00122         unsigned int i     = 0;
00123         unsigned int n_del = 0;
00124 
00125         if (!ctx || !pp_new || !old || !sid || !num)  return NT_STATUS_INVALID_PARAMETER;
00126 
00127         if (*num) {
00128                 if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0)
00129                         return NT_STATUS_NO_MEMORY;
00130         } else {
00131                 pp_new[0] = NULL;
00132         }
00133 
00134         for (i = 0; i < *num; i ++) {
00135                 if (sid_compare(&old[i].trustee, sid) != 0)
00136                         sec_ace_copy(&(*pp_new)[i], &old[i]);
00137                 else
00138                         n_del ++;
00139         }
00140         if (n_del == 0)
00141                 return NT_STATUS_NOT_FOUND;
00142         else {
00143                 *num -= n_del;
00144                 return NT_STATUS_OK;
00145         }
00146 }

BOOL sec_ace_equal ( SEC_ACE s1,
SEC_ACE s2 
)

secace.c152 行で定義されています。

参照先 security_ace_info::access_masksecurity_ace_info::flagssid_equal()security_ace_info::trusteesecurity_ace_info::type.

参照元 ace_compare()cacl_set()change_share_sec()sec_acl_equal()sort_acl().

00153 {
00154         /* Trivial case */
00155 
00156         if (!s1 && !s2) {
00157                 return True;
00158         }
00159 
00160         if (!s1 || !s2) {
00161                 return False;
00162         }
00163 
00164         /* Check top level stuff */
00165 
00166         if (s1->type != s2->type || s1->flags != s2->flags ||
00167             s1->access_mask != s2->access_mask) {
00168                 return False;
00169         }
00170 
00171         /* Check SID */
00172 
00173         if (!sid_equal(&s1->trustee, &s2->trustee)) {
00174                 return False;
00175         }
00176 
00177         return True;
00178 }

int nt_ace_inherit_comp ( SEC_ACE a1,
SEC_ACE a2 
)

secace.c180 行で定義されています。

参照先 security_ace_info::flags.

参照元 dacl_sort_into_canonical_order().

00181 {
00182         int a1_inh = a1->flags & SEC_ACE_FLAG_INHERITED_ACE;
00183         int a2_inh = a2->flags & SEC_ACE_FLAG_INHERITED_ACE;
00184 
00185         if (a1_inh == a2_inh)
00186                 return 0;
00187 
00188         if (!a1_inh && a2_inh)
00189                 return -1;
00190         return 1;
00191 }

int nt_ace_canon_comp ( SEC_ACE a1,
SEC_ACE a2 
)

secace.c197 行で定義されています。

参照先 security_ace_info::flagsSEC_ACE_TYPE_ACCESS_DENIEDsecurity_ace_info::type.

参照元 dacl_sort_into_canonical_order().

00198 {
00199         if ((a1->type == SEC_ACE_TYPE_ACCESS_DENIED) &&
00200                                 (a2->type != SEC_ACE_TYPE_ACCESS_DENIED))
00201                 return -1;
00202 
00203         if ((a2->type == SEC_ACE_TYPE_ACCESS_DENIED) &&
00204                                 (a1->type != SEC_ACE_TYPE_ACCESS_DENIED))
00205                 return 1;
00206 
00207         /* Both access denied or access allowed. */
00208 
00209         /* 1. ACEs that apply to the object itself */
00210 
00211         if (!(a1->flags & SEC_ACE_FLAG_INHERIT_ONLY) &&
00212                         (a2->flags & SEC_ACE_FLAG_INHERIT_ONLY))
00213                 return -1;
00214         else if (!(a2->flags & SEC_ACE_FLAG_INHERIT_ONLY) &&
00215                         (a1->flags & SEC_ACE_FLAG_INHERIT_ONLY))
00216                 return 1;
00217 
00218         /* 2. ACEs that apply to a subobject of the object, such as
00219          * a property set or property. */
00220 
00221         if (a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) &&
00222                         !(a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)))
00223                 return -1;
00224         else if (a2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT) &&
00225                         !(a1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)))
00226                 return 1;
00227 
00228         return 0;
00229 }

void dacl_sort_into_canonical_order ( SEC_ACE srclist,
unsigned int  num_aces 
)

secace.c252 行で定義されています。

参照先 nt_ace_canon_comp()nt_ace_inherit_comp().

参照元 get_nt_acl().

00253 {
00254         unsigned int i;
00255 
00256         if (!srclist || num_aces == 0)
00257                 return;
00258 
00259         /* Sort so that non-inherited ACE's come first. */
00260         qsort( srclist, num_aces, sizeof(srclist[0]), QSORT_CAST nt_ace_inherit_comp);
00261 
00262         /* Find the boundary between non-inherited ACEs. */
00263         for (i = 0; i < num_aces; i++ ) {
00264                 SEC_ACE *curr_ace = &srclist[i];
00265 
00266                 if (curr_ace->flags & SEC_ACE_FLAG_INHERITED_ACE)
00267                         break;
00268         }
00269 
00270         /* i now points at entry number of the first inherited ACE. */
00271 
00272         /* Sort the non-inherited ACEs. */
00273         if (i)
00274                 qsort( srclist, i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp);
00275 
00276         /* Now sort the inherited ACEs. */
00277         if (num_aces - i)
00278                 qsort( &srclist[i], num_aces - i, sizeof(srclist[0]), QSORT_CAST nt_ace_canon_comp);
00279 }

BOOL token_sid_in_ace ( const NT_USER_TOKEN token,
const SEC_ACE ace 
)

secace.c285 行で定義されています。

参照先 nt_user_token::num_sidssid_equal()security_ace_info::trusteent_user_token::user_sids.

参照元 check_ace()get_max_access().

00286 {
00287         size_t i;
00288 
00289         for (i = 0; i < token->num_sids; i++) {
00290                 if (sid_equal(&ace->trustee, &token->user_sids[i]))
00291                         return True;
00292         }
00293 
00294         return False;
00295 }

Sambaに対してSat Aug 29 21:23:37 2009に生成されました。  doxygen 1.4.7