summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-11-12 23:35:05 +0000
committerLuke Leighton <lkcl@samba.org>1998-11-12 23:35:05 +0000
commit06abdfd68e1d7fa8741afc3f56ec7a13b5fa4ccc (patch)
tree496a089568c16cda3a1545ba3a9e94c9ffacc3f1
parent88c90ec65c1a764dd7b13d9fb5ce700027f40cfd (diff)
downloadsamba-06abdfd68e1d7fa8741afc3f56ec7a13b5fa4ccc.tar.gz
security descriptors.
kanji const char* warnings.
-rw-r--r--source/include/proto.h20
-rw-r--r--source/include/rpc_reg.h10
-rw-r--r--source/include/rpc_secdes.h28
-rw-r--r--source/include/smb.h8
-rw-r--r--source/lib/kanji.c52
-rw-r--r--source/lib/util_sid.c13
-rw-r--r--source/rpc_client/cli_reg.c4
-rw-r--r--source/rpc_parse/parse_reg.c24
-rw-r--r--source/rpc_parse/parse_sec.c270
-rw-r--r--source/rpcclient/cmd_reg.c21
-rw-r--r--source/rpcclient/display.c30
11 files changed, 387 insertions, 93 deletions
diff --git a/source/include/proto.h b/source/include/proto.h
index e7f48ce044c..547458c07d4 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -306,6 +306,7 @@ BOOL sid_append_rid(DOM_SID *sid, uint32 rid);
BOOL sid_split_rid(DOM_SID *sid, uint32 *rid);
void sid_copy(DOM_SID *sid1, DOM_SID *sid2);
BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2);
+int sid_size(DOM_SID *sid);
/*The following definitions come from lib/util_sock.c */
@@ -1334,7 +1335,7 @@ BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name);
BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name);
BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
char *key_name, char *key_class,
- SEC_INFO *sam_access,
+ SEC_ACCESS *sam_access,
POLICY_HND *key);
BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd,
int key_index, char *key_name,
@@ -1644,7 +1645,7 @@ void reg_io_q_flush_key(char *desc, REG_Q_FLUSH_KEY *r_q, prs_struct *ps, int d
void reg_io_r_flush_key(char *desc, REG_R_FLUSH_KEY *r_r, prs_struct *ps, int depth);
void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
char *name, char *class,
- SEC_INFO *sam_access);
+ SEC_ACCESS *sam_access);
void reg_io_q_create_key(char *desc, REG_Q_CREATE_KEY *r_q, prs_struct *ps, int depth);
void reg_io_r_create_key(char *desc, REG_R_CREATE_KEY *r_r, prs_struct *ps, int depth);
void make_reg_q_delete_val(REG_Q_DELETE_VALUE *q_c, POLICY_HND *hnd,
@@ -1940,10 +1941,19 @@ void samr_io_r_chgpasswd_user(char *desc, SAMR_R_CHGPASSWD_USER *r_u, prs_struct
/*The following definitions come from rpc_parse/parse_sec.c */
-void sec_io_info(char *desc, SEC_INFO *t, prs_struct *ps, int depth);
+void make_sec_access(SEC_ACCESS *t, uint32 mask);
+void sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth);
+void make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag);
void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth);
+void make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace);
+void free_sec_acl(SEC_ACL *t);
void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth);
+int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type,
+ DOM_SID *owner_sid, DOM_SID *grp_sid,
+ SEC_ACL *sacl, SEC_ACL *dacl);
+void free_sec_desc(SEC_DESC *t);
void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data);
+void free_sec_desc_buf(SEC_DESC_BUF *buf);
void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth);
/*The following definitions come from rpc_parse/parse_srv.c */
@@ -2199,8 +2209,8 @@ void display_group_rid_info(FILE *out_hnd, enum action_type action,
void display_alias_name_info(FILE *out_hnd, enum action_type action,
uint32 num_aliases, fstring *alias_name, uint32 *num_als_usrs);
void display_sam_user_info_21(FILE *out_hnd, enum action_type action, SAM_USER_INFO_21 *usr);
-char *get_sec_perms_str(uint32 type);
-void display_sec_info(FILE *out_hnd, enum action_type action, SEC_INFO *info);
+char *get_sec_mask_str(uint32 type);
+void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *info);
void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *ace);
void display_sec_acl(FILE *out_hnd, enum action_type action, SEC_ACL *acl);
void display_sec_desc(FILE *out_hnd, enum action_type action, SEC_DESC *sec);
diff --git a/source/include/rpc_reg.h b/source/include/rpc_reg.h
index 163dfd67fe0..ceb88ad657c 100644
--- a/source/include/rpc_reg.h
+++ b/source/include/rpc_reg.h
@@ -104,11 +104,11 @@ typedef struct q_reg_set_key_sec_info
{
POLICY_HND pol; /* policy handle */
- uint32 unknown; /* 0x0000 0004 */
+ uint32 sec_info; /* xxxx_SECURITY_INFORMATION */
uint32 ptr; /* pointer */
BUFHDR hdr_sec; /* header for security data */
- SEC_DESC_BUF data; /* security data */
+ SEC_DESC_BUF *data; /* security data */
} REG_Q_SET_KEY_SEC;
@@ -125,7 +125,7 @@ typedef struct q_reg_get_key_sec_info
{
POLICY_HND pol; /* policy handle */
- uint32 unknown; /* 0x0000 0007 */
+ uint32 sec_info; /* xxxx_SECURITY_INFORMATION */
uint32 ptr; /* pointer */
BUFHDR hdr_sec; /* header for security data */
@@ -136,7 +136,7 @@ typedef struct q_reg_get_key_sec_info
/* REG_R_GET_KEY_SEC */
typedef struct r_reg_get_key_sec_info
{
- uint32 unknown; /* 0x0000 0007 */
+ uint32 sec_info; /* xxxx_SECURITY_INFORMATION */
uint32 ptr; /* pointer */
BUFHDR hdr_sec; /* header for security data */
@@ -225,7 +225,7 @@ typedef struct q_reg_create_key_info
UNISTR2 uni_class;
uint32 reserved; /* 0x0000 0000 */
- SEC_INFO sam_access; /* access rights flags, see rpc_secdes.h */
+ SEC_ACCESS sam_access; /* access rights flags, see rpc_secdes.h */
uint32 ptr1;
uint32 unknown_0; /* 0x0000 000C */
diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h
index b317ead5e10..5d5a1d0d841 100644
--- a/source/include/rpc_secdes.h
+++ b/source/include/rpc_secdes.h
@@ -60,24 +60,30 @@
#define SEC_DESC_SACL_DEFAULTED 0x0020
#define SEC_DESC_SELF_RELATIVE 0x8000
+/* security information */
+#define OWNER_SECURITY_INFORMATION 0x00000001
+#define GROUP_SECURITY_INFORMATION 0x00000002
+#define DACL_SECURITY_INFORMATION 0x00000004
+#define SACL_SECURITY_INFORMATION 0x00000008
-/* SEC_INFO */
+
+/* SEC_ACCESS */
typedef struct security_info_info
{
- uint32 perms;
+ uint32 mask;
-} SEC_INFO;
+} SEC_ACCESS;
/* SEC_ACE */
typedef struct security_ace_info
{
- uint8 type;
- uint8 flags;
+ uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
+ uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
uint16 size;
- SEC_INFO info;
+ SEC_ACCESS info;
DOM_SID sid;
} SEC_ACE;
@@ -92,7 +98,7 @@ typedef struct security_acl_info
uint16 size; /* size in bytes of the entire ACL structure */
uint32 num_aces; /* number of Access Control Entries */
- SEC_ACE ace[MAX_SEC_ACES];
+ SEC_ACE *ace;
} SEC_ACL;
@@ -108,10 +114,10 @@ typedef struct security_descriptor_info
uint32 off_sacl ; /* offset to system list of permissions */
uint32 off_dacl ; /* offset to list of permissions */
- SEC_ACL dacl; /* user ACL */
- SEC_ACL sacl; /* system ACL */
- DOM_SID owner_sid;
- DOM_SID grp_sid;
+ SEC_ACL *dacl; /* user ACL */
+ SEC_ACL *sacl; /* system ACL */
+ DOM_SID *owner_sid;
+ DOM_SID *grp_sid;
} SEC_DESC;
diff --git a/source/include/smb.h b/source/include/smb.h
index 47a8869a48f..4f064d27d18 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -1655,7 +1655,13 @@ extern int unix_ERR_code;
#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
/* zero a structure given a pointer to the structure */
-#define ZERO_STRUCTP(x) memset((char *)(x), 0, sizeof(*(x)))
+#if 0
+#define ZERO_STRUCTP(x) { }
+#else
+#define ZERO_STRUCTP(x) { if (x != NULL) memset((char *)(x), 0, sizeof(*(x))); }
+#endif
+
+#define ZERO_STRUCTPN(x) { if (x != NULL) ZERO_STRUCTP(x); }
/* zero an array - note that sizeof(array) must work - ie. it must not be a
pointer */
diff --git a/source/lib/kanji.c b/source/lib/kanji.c
index 7df1986e83c..565e8d852f6 100644
--- a/source/lib/kanji.c
+++ b/source/lib/kanji.c
@@ -32,9 +32,9 @@
* are loaded.
*/
-char *(*multibyte_strchr)(const char *, int ) = (char *(*)(const char *, int )) strchr;
-char *(*multibyte_strrchr)(const char *, int ) = (char *(*)(const char *, int )) strrchr;
-char *(*multibyte_strstr)(const char *, const char *) = (char *(*)(const char *, const char *)) strstr;
+const char *(*multibyte_strchr)(const char *, int ) = (const char *(*)(const char *, int )) strchr;
+const char *(*multibyte_strrchr)(const char *, int ) = (const char *(*)(const char *, int )) strrchr;
+const char *(*multibyte_strstr)(const char *, const char *) = (const char *(*)(const char *, const char *)) strstr;
char *(*multibyte_strtok)(char *, const char *) = (char *(*)(char *, const char *)) strtok;
/*
@@ -134,15 +134,15 @@ static char *sj_strtok(char *s1, const char *s2)
S1 contains SHIFT JIS chars.
********************************************************************/
-static char *sj_strstr(const char *s1, const char *s2)
+static const char *sj_strstr(const char *s1, const char *s2)
{
size_t len = strlen (s2);
if (!*s2)
- return (char *) s1;
+ return (const char *) s1;
for (;*s1;) {
if (*s1 == *s2) {
if (strncmp (s1, s2, len) == 0)
- return (char *) s1;
+ return (const char *) s1;
}
if (is_shift_jis (*s1)) {
s1 += 2;
@@ -150,7 +150,7 @@ static char *sj_strstr(const char *s1, const char *s2)
s1++;
}
}
- return 0;
+ return NULL;
}
/*******************************************************************
@@ -158,18 +158,18 @@ static char *sj_strstr(const char *s1, const char *s2)
S contains SHIFT JIS chars.
********************************************************************/
-static char *sj_strchr (const char *s, int c)
+static const char *sj_strchr (const char *s, int c)
{
for (; *s; ) {
if (*s == c)
- return (char *) s;
+ return (const char *) s;
if (is_shift_jis (*s)) {
s += 2;
} else {
s++;
}
}
- return 0;
+ return NULL;
}
/*******************************************************************
@@ -177,13 +177,13 @@ static char *sj_strchr (const char *s, int c)
S contains SHIFT JIS chars.
********************************************************************/
-static char *sj_strrchr(const char *s, int c)
+static const char *sj_strrchr(const char *s, int c)
{
- char *q;
+ const char *q;
for (q = 0; *s; ) {
if (*s == c) {
- q = (char *) s;
+ q = (const char *) s;
}
if (is_shift_jis (*s)) {
s += 2;
@@ -300,15 +300,15 @@ static char *generic_multibyte_strtok(char *s1, const char *s2)
S1 contains generic multibyte chars.
********************************************************************/
-static char *generic_multibyte_strstr(const char *s1, const char *s2)
+static const char *generic_multibyte_strstr(const char *s1, const char *s2)
{
size_t len = strlen (s2);
if (!*s2)
- return (char *) s1;
+ return (const char *) s1;
for (;*s1;) {
if (*s1 == *s2) {
if (strncmp (s1, s2, len) == 0)
- return (char *) s1;
+ return (const char *) s1;
}
if ((*is_multibyte_char_1)(*s1)) {
s1 += 2;
@@ -316,7 +316,7 @@ static char *generic_multibyte_strstr(const char *s1, const char *s2)
s1++;
}
}
- return 0;
+ return NULL;
}
/*******************************************************************
@@ -324,18 +324,18 @@ static char *generic_multibyte_strstr(const char *s1, const char *s2)
S contains generic multibyte chars.
********************************************************************/
-static char *generic_multibyte_strchr(const char *s, int c)
+static const char *generic_multibyte_strchr(const char *s, int c)
{
for (; *s; ) {
if (*s == c)
- return (char *) s;
+ return (const char *) s;
if ((*is_multibyte_char_1)(*s)) {
s += 2;
} else {
s++;
}
}
- return 0;
+ return NULL;
}
/*******************************************************************
@@ -343,13 +343,13 @@ static char *generic_multibyte_strchr(const char *s, int c)
S contains generic multibyte chars.
********************************************************************/
-static char *generic_multibyte_strrchr(const char *s, int c)
+static const char *generic_multibyte_strrchr(const char *s, int c)
{
- char *q;
+ const char *q;
for (q = 0; *s; ) {
if (*s == c) {
- q = (char *) s;
+ q = (const char *) s;
}
if ((*is_multibyte_char_1)(*s)) {
s += 2;
@@ -1221,9 +1221,9 @@ void initialize_multibyte_vectors( int client_codepage)
* Single char size code page.
*/
default:
- multibyte_strchr = (char *(*)(const char *, int )) strchr;
- multibyte_strrchr = (char *(*)(const char *, int )) strrchr;
- multibyte_strstr = (char *(*)(const char *, const char *)) strstr;
+ multibyte_strchr = (const char *(*)(const char *, int )) strchr;
+ multibyte_strrchr = (const char *(*)(const char *, int )) strrchr;
+ multibyte_strstr = (const char *(*)(const char *, const char *)) strstr;
multibyte_strtok = (char *(*)(char *, const char *)) strtok;
_skip_multibyte_char = skip_non_multibyte_char;
is_multibyte_char_1 = not_multibyte_char_1;
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 17af94a79ca..9ca3a59ad47 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -176,3 +176,16 @@ BOOL sid_equal(DOM_SID *sid1, DOM_SID *sid2)
return True;
}
+
+
+/*****************************************************************
+ calculates size of a sid
+*****************************************************************/
+int sid_size(DOM_SID *sid)
+{
+ if (sid == NULL)
+ {
+ return 0;
+ }
+ return sid->num_auths * sizeof(uint32) + 8;
+}
diff --git a/source/rpc_client/cli_reg.c b/source/rpc_client/cli_reg.c
index 5eccdc7826a..dc6f45ed865 100644
--- a/source/rpc_client/cli_reg.c
+++ b/source/rpc_client/cli_reg.c
@@ -667,7 +667,7 @@ do a REG Create Key
****************************************************************************/
BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
char *key_name, char *key_class,
- SEC_INFO *sam_access,
+ SEC_ACCESS *sam_access,
POLICY_HND *key)
{
prs_struct rbuf;
@@ -683,7 +683,7 @@ BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
/* create and send a MSRPC command with api REG_CREATE_KEY */
DEBUG(4,("REG Create Key: %s %s 0x%08x\n", key_name, key_class,
- sam_access != NULL ? sam_access->perms : 0));
+ sam_access != NULL ? sam_access->mask : 0));
make_reg_q_create_key(&q_o, hnd, key_name, key_class, sam_access);
diff --git a/source/rpc_parse/parse_reg.c b/source/rpc_parse/parse_reg.c
index f22bf10ff8e..103e6b0f85b 100644
--- a/source/rpc_parse/parse_reg.c
+++ b/source/rpc_parse/parse_reg.c
@@ -125,7 +125,7 @@ creates a structure.
********************************************************************/
void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
char *name, char *class,
- SEC_INFO *sam_access)
+ SEC_ACCESS *sam_access)
{
int len_name = name != NULL ? strlen(name ) + 1: 0;
int len_class = class != NULL ? strlen(class) + 1: 0;
@@ -191,7 +191,7 @@ void reg_io_q_create_key(char *desc, REG_Q_CREATE_KEY *r_q, prs_struct *ps, int
prs_align(ps);
prs_uint32("reserved", ps, depth, &(r_q->reserved));
- sec_io_info("sam_access", &r_q->sam_access, ps, depth);
+ sec_io_access("sam_access", &r_q->sam_access, ps, depth);
prs_uint32("ptr1", ps, depth, &(r_q->ptr1));
if (r_q->ptr2 != 0)
@@ -551,11 +551,11 @@ void make_reg_q_set_key_sec(REG_Q_SET_KEY_SEC *q_i, POLICY_HND *pol,
memcpy(&(q_i->pol), pol, sizeof(q_i->pol));
- q_i->unknown = 0x4;
+ q_i->sec_info = DACL_SECURITY_INFORMATION;
q_i->ptr = 1;
make_buf_hdr(&(q_i->hdr_sec), buf_len, buf_len);
- make_sec_desc_buf(&(q_i->data), buf_len, sec_desc);
+ make_sec_desc_buf(q_i->data, buf_len, sec_desc);
}
/*******************************************************************
@@ -572,7 +572,7 @@ void reg_io_q_set_key_sec(char *desc, REG_Q_SET_KEY_SEC *r_q, prs_struct *ps, i
smb_io_pol_hnd("", &(r_q->pol), ps, depth);
- prs_uint32("unknown", ps, depth, &(r_q->unknown));
+ prs_uint32("sec_info", ps, depth, &(r_q->sec_info));
prs_uint32("ptr ", ps, depth, &(r_q->ptr ));
if (r_q->ptr != 0)
@@ -581,10 +581,10 @@ void reg_io_q_set_key_sec(char *desc, REG_Q_SET_KEY_SEC *r_q, prs_struct *ps, i
uint32 old_offset;
smb_io_hdrbuf_pre("hdr_sec", &(r_q->hdr_sec), ps, depth, &hdr_offset);
old_offset = ps->offset;
- sec_io_desc_buf("data ", &(r_q->data ), ps, depth);
+ sec_io_desc_buf("data ", r_q->data , ps, depth);
smb_io_hdrbuf_post("hdr_sec", &(r_q->hdr_sec), ps, depth, hdr_offset,
- r_q->data.max_len, r_q->data.len);
- ps->offset = old_offset + r_q->data.len + sizeof(uint32) * 3;
+ r_q->data->max_len, r_q->data->len);
+ ps->offset = old_offset + r_q->data->len + sizeof(uint32) * 3;
prs_align(ps);
}
}
@@ -615,7 +615,9 @@ void make_reg_q_get_key_sec(REG_Q_GET_KEY_SEC *q_i, POLICY_HND *pol,
memcpy(&(q_i->pol), pol, sizeof(q_i->pol));
- q_i->unknown = 0x7;
+ q_i->sec_info = OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION;
q_i->ptr = sec_buf != NULL ? 1 : 0;
q_i->data = sec_buf;
@@ -641,8 +643,8 @@ void reg_io_q_get_key_sec(char *desc, REG_Q_GET_KEY_SEC *r_q, prs_struct *ps, i
smb_io_pol_hnd("", &(r_q->pol), ps, depth);
- prs_uint32("unknown", ps, depth, &(r_q->unknown));
- prs_uint32("ptr ", ps, depth, &(r_q->ptr ));
+ prs_uint32("sec_info", ps, depth, &(r_q->sec_info));
+ prs_uint32("ptr ", ps, depth, &(r_q->ptr ));
if (r_q->ptr != 0)
{
diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c
index 7ef69141080..b3c75fb0dc2 100644
--- a/source/rpc_parse/parse_sec.c
+++ b/source/rpc_parse/parse_sec.c
@@ -1,11 +1,11 @@
-
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
* RPC Pipe client / server routines
- * Copyright (C) Andrew Tridgell 1992-1997,
- * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- * Copyright (C) Paul Ashton 1997.
+ * Copyright (C) Andrew Tridgell 1992-1998,
+ * Copyright (C) Jeremy R. Allison 1995-1998
+ * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
+ * Copyright (C) Paul Ashton 1997-1998.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -29,18 +29,40 @@ extern int DEBUGLEVEL;
/*******************************************************************
+makes a structure.
+********************************************************************/
+void make_sec_access(SEC_ACCESS *t, uint32 mask)
+{
+ t->mask = mask;
+}
+
+/*******************************************************************
reads or writes a structure.
********************************************************************/
-void sec_io_info(char *desc, SEC_INFO *t, prs_struct *ps, int depth)
+void sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth)
{
if (t == NULL) return;
- prs_debug(ps, depth, desc, "sec_io_info");
+ prs_debug(ps, depth, desc, "sec_io_access");
depth++;
prs_align(ps);
- prs_uint32("perms", ps, depth, &(t->perms));
+ prs_uint32("mask", ps, depth, &(t->mask));
+}
+
+
+/*******************************************************************
+makes a structure.
+********************************************************************/
+void make_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag)
+{
+ t->type = type;
+ t->flags = flag;
+ t->size = sid_size(sid) + 8;
+ t->info = mask;
+
+ sid_copy(&t->sid, sid);
}
/*******************************************************************
@@ -63,7 +85,7 @@ void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth)
prs_uint8 ("flags", ps, depth, &(t->flags));
prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_ace_size);
- sec_io_info ("info ", &t->info, ps, depth);
+ sec_io_access ("info ", &t->info, ps, depth);
prs_align(ps);
smb_io_dom_sid("sid ", &t->sid , ps, depth);
@@ -71,8 +93,38 @@ void sec_io_ace(char *desc, SEC_ACE *t, prs_struct *ps, int depth)
}
/*******************************************************************
-reads or writes a structure. this is one of those retrospective jobs,
-which i hate. why do we have to do this? what's it all about?
+makes a structure.
+********************************************************************/
+void make_sec_acl(SEC_ACL *t, uint16 revision, int num_aces, SEC_ACE *ace)
+{
+ int i;
+ t->revision = revision;
+ t->num_aces = num_aces;
+ t->size = 4;
+ t->ace = ace;
+
+ for (i = 0; i < num_aces; i++)
+ {
+ t->size += ace[i].size;
+ }
+}
+
+/*******************************************************************
+frees a structure.
+********************************************************************/
+void free_sec_acl(SEC_ACL *t)
+{
+ if (t->ace != NULL)
+ {
+ free(t->ace);
+ }
+}
+
+/*******************************************************************
+reads or writes a structure.
+
+first of the xx_io_xx functions that allocates its data structures
+for you as it reads them.
********************************************************************/
void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth)
{
@@ -93,6 +145,20 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth)
prs_uint16_pre("size ", ps, depth, &(t->size ), &offset_acl_size);
prs_uint32("num_aces ", ps, depth, &(t->num_aces ));
+ if (ps->io && t->num_aces != 0)
+ {
+ /* reading */
+ t->ace = malloc(sizeof(t->ace[0]) * t->num_aces);
+ ZERO_STRUCTPN(t->ace);
+ }
+
+ if (t->ace == NULL && t->num_aces != 0)
+ {
+ DEBUG(0,("INVALID ACL\n"));
+ ps->offset = 0xfffffffe;
+ return;
+ }
+
for (i = 0; i < MIN(t->num_aces, MAX_SEC_ACES); i++)
{
fstring tmp;
@@ -107,6 +173,85 @@ void sec_io_acl(char *desc, SEC_ACL *t, prs_struct *ps, int depth)
/*******************************************************************
+makes a structure
+********************************************************************/
+int make_sec_desc(SEC_DESC *t, uint16 revision, uint16 type,
+ DOM_SID *owner_sid, DOM_SID *grp_sid,
+ SEC_ACL *sacl, SEC_ACL *dacl)
+{
+ uint32 offset;
+
+ t->revision = revision;
+ t->type = type;
+
+ t->off_owner_sid = 0;
+ t->off_grp_sid = 0;
+ t->off_sacl = 0;
+ t->off_dacl = 0;
+
+ t->dacl = dacl;
+ t->sacl = sacl;
+ t->owner_sid = owner_sid;
+ t->grp_sid = grp_sid;
+
+ offset = 0x14;
+
+ if (dacl != NULL)
+ {
+ t->off_dacl = offset;
+ offset += dacl->size;
+ }
+
+ if (sacl != NULL)
+ {
+ t->off_dacl = offset;
+ offset += dacl->size;
+ }
+
+ if (owner_sid != NULL)
+ {
+ t->off_owner_sid = offset;
+ offset += sid_size(owner_sid);
+ }
+
+ if (grp_sid != NULL)
+ {
+ t->off_grp_sid = offset;
+ offset += sid_size(grp_sid);
+ }
+
+ return offset;
+}
+
+
+/*******************************************************************
+frees a structure
+********************************************************************/
+void free_sec_desc(SEC_DESC *t)
+{
+ if (t->dacl != NULL)
+ {
+ free_sec_acl(t->dacl);
+ }
+
+ if (t->sacl != NULL)
+ {
+ free_sec_acl(t->dacl);
+ }
+
+ if (t->owner_sid != NULL)
+ {
+ free(t->owner_sid);
+ }
+
+ if (t->grp_sid != NULL)
+ {
+ free(t->grp_sid);
+ }
+}
+
+
+/*******************************************************************
reads or writes a structure.
********************************************************************/
static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
@@ -114,8 +259,9 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
uint32 off_owner_sid;
uint32 off_grp_sid ;
uint32 off_sacl ;
- uint32 off_dacl ;
+ uint32 off_dacl ;
uint32 old_offset;
+ uint32 max_offset = 0; /* after we're done, move offset to end */
if (t == NULL) return;
@@ -135,11 +281,27 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
prs_uint32_pre("off_sacl ", ps, depth, &(t->off_sacl ), &off_sacl );
prs_uint32_pre("off_dacl ", ps, depth, &(t->off_dacl ), &off_dacl );
+ max_offset = MAX(max_offset, ps->offset);
+
if (IS_BITS_SET_ALL(t->type, SEC_DESC_DACL_PRESENT))
{
prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , ps->offset - old_offset);
ps->offset = old_offset + t->off_dacl;
- sec_io_acl ("dacl" , &t->dacl , ps, depth);
+ if (ps->io)
+ {
+ /* reading */
+ t->dacl = malloc(sizeof(*t->dacl));
+ ZERO_STRUCTPN(t->dacl);
+ }
+
+ if (t->dacl == NULL)
+ {
+ DEBUG(0,("INVALID DACL\n"));
+ ps->offset = 0xfffffffe;
+ return;
+ }
+
+ sec_io_acl ("dacl" , t->dacl , ps, depth);
prs_align(ps);
}
else
@@ -147,11 +309,27 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
prs_uint32_post("off_dacl ", ps, depth, &(t->off_dacl ), off_dacl , 0);
}
+ max_offset = MAX(max_offset, ps->offset);
+
if (IS_BITS_SET_ALL(t->type, SEC_DESC_SACL_PRESENT))
{
prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , ps->offset - old_offset);
ps->offset = old_offset + t->off_sacl;
- sec_io_acl ("sacl" , &t->sacl , ps, depth);
+ if (ps->io)
+ {
+ /* reading */
+ t->sacl = malloc(sizeof(*t->sacl));
+ ZERO_STRUCTPN(t->sacl);
+ }
+
+ if (t->sacl == NULL)
+ {
+ DEBUG(0,("INVALID SACL\n"));
+ ps->offset = 0xfffffffe;
+ return;
+ }
+
+ sec_io_acl ("sacl" , t->sacl , ps, depth);
prs_align(ps);
}
else
@@ -159,6 +337,8 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
prs_uint32_post("off_sacl ", ps, depth, &(t->off_sacl ), off_sacl , 0);
}
+ max_offset = MAX(max_offset, ps->offset);
+
prs_uint32_post("off_owner_sid", ps, depth, &(t->off_owner_sid), off_owner_sid, ps->offset - old_offset);
if (t->off_owner_sid != 0)
{
@@ -166,10 +346,26 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
{
ps->offset = old_offset + t->off_owner_sid;
}
- smb_io_dom_sid("owner_sid ", &t->owner_sid , ps, depth);
+ if (ps->io)
+ {
+ /* reading */
+ t->owner_sid = malloc(sizeof(*t->owner_sid));
+ ZERO_STRUCTPN(t->owner_sid);
+ }
+
+ if (t->owner_sid == NULL)
+ {
+ DEBUG(0,("INVALID OWNER SID\n"));
+ ps->offset = 0xfffffffe;
+ return;
+ }
+
+ smb_io_dom_sid("owner_sid ", t->owner_sid , ps, depth);
prs_align(ps);
}
+ max_offset = MAX(max_offset, ps->offset);
+
prs_uint32_post("off_grp_sid ", ps, depth, &(t->off_grp_sid ), off_grp_sid , ps->offset - old_offset);
if (t->off_grp_sid != 0)
{
@@ -177,9 +373,27 @@ static void sec_io_desc(char *desc, SEC_DESC *t, prs_struct *ps, int depth)
{
ps->offset = old_offset + t->off_grp_sid;
}
- smb_io_dom_sid("grp_sid", &t->grp_sid, ps, depth);
+ if (ps->io)
+ {
+ /* reading */
+ t->grp_sid = malloc(sizeof(*t->grp_sid));
+ ZERO_STRUCTPN(t->grp_sid);
+ }
+
+ if (t->grp_sid == NULL)
+ {
+ DEBUG(0,("INVALID GROUP SID\n"));
+ ps->offset = 0xfffffffe;
+ return;
+ }
+
+ smb_io_dom_sid("grp_sid", t->grp_sid, ps, depth);
prs_align(ps);
}
+
+ max_offset = MAX(max_offset, ps->offset);
+
+ ps->offset = max_offset;
}
/*******************************************************************
@@ -196,6 +410,18 @@ void make_sec_desc_buf(SEC_DESC_BUF *buf, int len, SEC_DESC *data)
buf->sec = data;
}
+/*******************************************************************
+frees a SEC_DESC_BUF structure.
+********************************************************************/
+void free_sec_desc_buf(SEC_DESC_BUF *buf)
+{
+ if (buf->sec != NULL)
+ {
+ free_sec_desc(buf->sec);
+ free(buf->sec);
+ }
+}
+
/*******************************************************************
reads or writes a SEC_DESC_BUF structure.
@@ -220,6 +446,20 @@ void sec_io_desc_buf(char *desc, SEC_DESC_BUF *sec, prs_struct *ps, int depth)
old_offset = ps->offset;
+ if (sec->len != 0 && ps->io)
+ {
+ /* reading */
+ sec->sec = malloc(sizeof(*sec->sec));
+ ZERO_STRUCTPN(sec->sec);
+
+ if (sec->sec == NULL)
+ {
+ DEBUG(0,("INVALID SEC_DESC\n"));
+ ps->offset = 0xfffffffe;
+ return;
+ }
+ }
+
/* reading, length is non-zero; writing, descriptor is non-NULL */
if ((sec->len != 0 || (!ps->io)) && sec->sec != NULL)
{
diff --git a/source/rpcclient/cmd_reg.c b/source/rpcclient/cmd_reg.c
index ada125e4485..53936a3cf30 100644
--- a/source/rpcclient/cmd_reg.c
+++ b/source/rpcclient/cmd_reg.c
@@ -637,7 +637,7 @@ void cmd_reg_create_key(struct client_info *info)
fstring parent_name;
fstring key_name;
fstring key_class;
- SEC_INFO sam_access;
+ SEC_ACCESS sam_access;
DEBUG(5, ("cmd_reg_create_key: smb_cli->fd:%d\n", smb_cli->fd));
@@ -661,7 +661,7 @@ void cmd_reg_create_key(struct client_info *info)
}
/* set access permissions */
- sam_access.perms = SEC_RIGHTS_READ;
+ sam_access.mask = SEC_RIGHTS_READ;
/* open WINREG session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
@@ -766,11 +766,16 @@ void cmd_reg_test_key_sec(struct client_info *info)
/* query key sec info. first call sets sec_buf_size. */
sec_buf_size = 0;
- sec_buf.sec = NULL;
+ ZERO_STRUCT(sec_buf);
res4 = res3 ? do_reg_get_key_sec(smb_cli, &key_pol,
&sec_buf_size, &sec_buf) : False;
+ if (res4)
+ {
+ free_sec_desc_buf(&sec_buf);
+ }
+
res4 = res4 ? do_reg_get_key_sec(smb_cli, &key_pol,
&sec_buf_size, &sec_buf) : False;
@@ -783,7 +788,7 @@ void cmd_reg_test_key_sec(struct client_info *info)
res4 = res4 ? do_reg_set_key_sec(smb_cli, &key_pol,
sec_buf_size, sec_buf.sec) : False;
- free(sec_buf.sec);
+ free_sec_desc_buf(&sec_buf);
}
/* close the key handle */
@@ -861,11 +866,16 @@ void cmd_reg_get_key_sec(struct client_info *info)
/* query key sec info. first call sets sec_buf_size. */
sec_buf_size = 0;
- sec_buf.sec = NULL;
+ ZERO_STRUCT(sec_buf);
res4 = res3 ? do_reg_get_key_sec(smb_cli, &key_pol,
&sec_buf_size, &sec_buf) : False;
+ if (res4)
+ {
+ free_sec_desc_buf(&sec_buf);
+ }
+
res4 = res4 ? do_reg_get_key_sec(smb_cli, &key_pol,
&sec_buf_size, &sec_buf) : False;
@@ -874,6 +884,7 @@ void cmd_reg_get_key_sec(struct client_info *info)
display_sec_desc(out_hnd, ACTION_HEADER , sec_buf.sec);
display_sec_desc(out_hnd, ACTION_ENUMERATE, sec_buf.sec);
display_sec_desc(out_hnd, ACTION_FOOTER , sec_buf.sec);
+
free(sec_buf.sec);
}
diff --git a/source/rpcclient/display.c b/source/rpcclient/display.c
index d3c2f84d210..f3bde7e58d6 100644
--- a/source/rpcclient/display.c
+++ b/source/rpcclient/display.c
@@ -1015,7 +1015,7 @@ void display_sam_user_info_21(FILE *out_hnd, enum action_type action, SAM_USER_I
/****************************************************************************
convert a security permissions into a string
****************************************************************************/
-char *get_sec_perms_str(uint32 type)
+char *get_sec_mask_str(uint32 type)
{
static fstring typestr;
int i;
@@ -1077,9 +1077,9 @@ char *get_sec_perms_str(uint32 type)
}
/****************************************************************************
- display sec_info structure
+ display sec_access structure
****************************************************************************/
-void display_sec_info(FILE *out_hnd, enum action_type action, SEC_INFO *info)
+void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *info)
{
switch (action)
{
@@ -1090,7 +1090,7 @@ void display_sec_info(FILE *out_hnd, enum action_type action, SEC_INFO *info)
case ACTION_ENUMERATE:
{
fprintf(out_hnd, "\t\tPermissions: %s\n",
- get_sec_perms_str(info->perms));
+ get_sec_mask_str(info->mask));
}
case ACTION_FOOTER:
{
@@ -1115,9 +1115,9 @@ void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *ace)
{
fstring sid_str;
- display_sec_info(out_hnd, ACTION_HEADER , &ace->info);
- display_sec_info(out_hnd, ACTION_ENUMERATE, &ace->info);
- display_sec_info(out_hnd, ACTION_FOOTER , &ace->info);
+ display_sec_access(out_hnd, ACTION_HEADER , &ace->info);
+ display_sec_access(out_hnd, ACTION_ENUMERATE, &ace->info);
+ display_sec_access(out_hnd, ACTION_FOOTER , &ace->info);
sid_to_string(sid_str, &ace->sid);
fprintf(out_hnd, "\t\tSID: %s\n", sid_str);
@@ -1186,20 +1186,26 @@ void display_sec_desc(FILE *out_hnd, enum action_type action, SEC_DESC *sec)
{
fstring sid_str;
+ if (sec->off_sacl != 0)
+ {
+ display_sec_acl(out_hnd, ACTION_HEADER , sec->sacl);
+ display_sec_acl(out_hnd, ACTION_ENUMERATE, sec->sacl);
+ display_sec_acl(out_hnd, ACTION_FOOTER , sec->sacl);
+ }
if (sec->off_dacl != 0)
{
- display_sec_acl(out_hnd, ACTION_HEADER , &sec->dacl);
- display_sec_acl(out_hnd, ACTION_ENUMERATE, &sec->dacl);
- display_sec_acl(out_hnd, ACTION_FOOTER , &sec->dacl);
+ display_sec_acl(out_hnd, ACTION_HEADER , sec->dacl);
+ display_sec_acl(out_hnd, ACTION_ENUMERATE, sec->dacl);
+ display_sec_acl(out_hnd, ACTION_FOOTER , sec->dacl);
}
if (sec->off_owner_sid != 0)
{
- sid_to_string(sid_str, &sec->owner_sid);
+ sid_to_string(sid_str, sec->owner_sid);
fprintf(out_hnd, "\tOwner SID:\t%s\n", sid_str);
}
if (sec->off_grp_sid != 0)
{
- sid_to_string(sid_str, &sec->grp_sid);
+ sid_to_string(sid_str, sec->grp_sid);
fprintf(out_hnd, "\tParent SID:\t%s\n", sid_str);
}