diff options
-rw-r--r-- | libcli/security/secace.h | 39 | ||||
-rw-r--r-- | libcli/security/secacl.h | 33 | ||||
-rw-r--r-- | source3/include/includes.h | 2 | ||||
-rw-r--r-- | source3/include/proto.h | 23 | ||||
-rw-r--r-- | source4/libcli/security/security.h | 3 |
5 files changed, 77 insertions, 23 deletions
diff --git a/libcli/security/secace.h b/libcli/security/secace.h new file mode 100644 index 00000000000..8b6625d07d3 --- /dev/null +++ b/libcli/security/secace.h @@ -0,0 +1,39 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + + Copyright (C) 2009 Jelmer Vernooij <jelmer@samba.org> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _ACE_H_ +#define _ACE_H_ + +#include "librpc/gen_ndr/security.h" + +bool sec_ace_object(uint8_t type); +void sec_ace_copy(struct security_ace *ace_dest, struct security_ace *ace_src); +void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type, + uint32_t mask, uint8_t flag); +NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, struct dom_sid *sid, uint32_t mask); +NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, struct dom_sid *sid, uint32_t mask); +NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, uint32_t *num, struct dom_sid *sid); +bool sec_ace_equal(struct security_ace *s1, struct security_ace *s2); +int nt_ace_inherit_comp( struct security_ace *a1, struct security_ace *a2); +int nt_ace_canon_comp( struct security_ace *a1, struct security_ace *a2); +void dacl_sort_into_canonical_order(struct security_ace *srclist, unsigned int num_aces); + +#endif /*_ACE_H_*/ + diff --git a/libcli/security/secacl.h b/libcli/security/secacl.h new file mode 100644 index 00000000000..9f1e8fa183d --- /dev/null +++ b/libcli/security/secacl.h @@ -0,0 +1,33 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + + Copyright (C) 2009 Jelmer Vernooij <jelmer@samba.org> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _SECACL_H_ +#define _SECACL_H_ + +#include "librpc/gen_ndr/security.h" + +struct security_acl *make_sec_acl(TALLOC_CTX *ctx, enum security_acl_revision revision, + int num_aces, struct security_ace *ace_list); +struct security_acl *dup_sec_acl(TALLOC_CTX *ctx, struct security_acl *src); +bool sec_acl_equal(struct security_acl *s1, struct security_acl *s2); + + +#endif /*_SECACL_H_*/ + diff --git a/source3/include/includes.h b/source3/include/includes.h index 523a11e255d..63c77ec1822 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -703,6 +703,8 @@ enum flush_reason_enum { #ifndef NO_PROTO_H #include "proto.h" #endif +#include "libcli/security/secace.h" +#include "libcli/security/secacl.h" #if defined(HAVE_POSIX_ACLS) #include "modules/vfs_posixacl.h" diff --git a/source3/include/proto.h b/source3/include/proto.h index eeb6f1928de..60f8ace74de 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -650,28 +650,6 @@ ssize_t sys_recvfile(int fromfd, size_t count); ssize_t drain_socket(int sockfd, size_t count); -/* The following definitions come from lib/secace.c */ - -bool sec_ace_object(uint8 type); -void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src); -void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type, - uint32 mask, uint8 flag); -NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, unsigned *num, DOM_SID *sid, uint32 mask); -NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask); -NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 *num, DOM_SID *sid); -bool sec_ace_equal(SEC_ACE *s1, SEC_ACE *s2); -int nt_ace_inherit_comp( SEC_ACE *a1, SEC_ACE *a2); -int nt_ace_canon_comp( SEC_ACE *a1, SEC_ACE *a2); -void dacl_sort_into_canonical_order(SEC_ACE *srclist, unsigned int num_aces); -bool token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace); - -/* The following definitions come from lib/secacl.c */ - -SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, enum security_acl_revision revision, - int num_aces, SEC_ACE *ace_list); -SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src); -bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2); - /* The following definitions come from lib/secdesc.c */ bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2); @@ -1252,6 +1230,7 @@ NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx, const struct nt_user_token *token_1, const struct nt_user_token *token_2, struct nt_user_token **token_out); +bool token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace); /* The following definitions come from lib/util_pw.c */ diff --git a/source4/libcli/security/security.h b/source4/libcli/security/security.h index 517f3e8ebe4..2608c9f7ed2 100644 --- a/source4/libcli/security/security.h +++ b/source4/libcli/security/security.h @@ -30,5 +30,6 @@ struct auth_session_info; /* Moved the dom_sid functions to the top level dir with manual proto header */ #include "libcli/security/dom_sid.h" - +#include "libcli/security/secace.h" +#include "libcli/security/secacl.h" #include "libcli/security/proto.h" |