2 * Unix SMB/Netbios implementation.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1998,
6 * Copyright (C) Jeremy R. Allison 1995-2005.
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
8 * Copyright (C) Paul Ashton 1997-1998.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #define DBGC_CLASS DBGC_RPC_PARSE
29 /*******************************************************************
30 Reads or writes a SEC_ACE structure.
31 ********************************************************************/
33 static bool sec_io_ace(const char *desc
, SEC_ACE
*psa
, prs_struct
*ps
,
37 uint32 offset_ace_size
;
43 prs_debug(ps
, depth
, desc
, "sec_io_ace");
46 old_offset
= prs_offset(ps
);
48 if (MARSHALLING(ps
)) {
49 type
= (uint8
)psa
->type
;
52 if(!prs_uint8("type ", ps
, depth
, &type
))
55 if (UNMARSHALLING(ps
)) {
56 psa
->type
= (enum security_ace_type
)type
;
59 if(!prs_uint8("flags", ps
, depth
, &psa
->flags
))
62 if(!prs_uint16_pre("size ", ps
, depth
, &psa
->size
, &offset_ace_size
))
65 if(!prs_uint32("access_mask", ps
, depth
, &psa
->access_mask
))
68 /* check whether object access is present */
69 if (!sec_ace_object(psa
->type
)) {
70 if (!smb_io_dom_sid("trustee ", &psa
->trustee
, ps
, depth
))
73 if (!prs_uint32("obj_flags", ps
, depth
, &psa
->object
.object
.flags
))
76 if (psa
->object
.object
.flags
& SEC_ACE_OBJECT_TYPE_PRESENT
)
77 if (!smb_io_uuid("obj_guid", &psa
->object
.object
.type
.type
, ps
,depth
))
80 if (psa
->object
.object
.flags
& SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
)
81 if (!smb_io_uuid("inh_guid", &psa
->object
.object
.inherited_type
.inherited_type
, ps
,depth
))
84 if(!smb_io_dom_sid("trustee ", &psa
->trustee
, ps
, depth
))
88 /* Theorectically an ACE can have a size greater than the
89 sum of its components. When marshalling, pad with extra null bytes up to the
92 if (MARSHALLING(ps
) && (psa
->size
> prs_offset(ps
) - old_offset
)) {
93 uint32 extra_len
= psa
->size
- (prs_offset(ps
) - old_offset
);
97 for (i
= 0; i
< extra_len
; i
++) {
98 if (!prs_uint8("ace extra space", ps
, depth
, &c
))
103 if(!prs_uint16_post("size ", ps
, depth
, &psa
->size
, offset_ace_size
, old_offset
))
109 /*******************************************************************
110 Reads or writes a SEC_ACL structure.
112 First of the xx_io_xx functions that allocates its data structures
113 for you as it reads them.
114 ********************************************************************/
116 static bool sec_io_acl(const char *desc
, SEC_ACL
**ppsa
, prs_struct
*ps
,
121 uint32 offset_acl_size
;
126 * Note that the size is always a multiple of 4 bytes due to the
127 * nature of the data structure. Therefore the prs_align() calls
128 * have been removed as they through us off when doing two-layer
129 * marshalling such as in the printing code (RPC_BUFFER). --jerry
137 if(UNMARSHALLING(ps
) && psa
== NULL
) {
139 * This is a read and we must allocate the stuct to read into.
141 if((psa
= PRS_ALLOC_MEM(ps
, SEC_ACL
, 1)) == NULL
)
146 prs_debug(ps
, depth
, desc
, "sec_io_acl");
149 old_offset
= prs_offset(ps
);
151 if (MARSHALLING(ps
)) {
152 revision
= (uint16
)psa
->revision
;
155 if(!prs_uint16("revision", ps
, depth
, &revision
))
158 if (UNMARSHALLING(ps
)) {
159 psa
->revision
= (enum security_acl_revision
)revision
;
162 if(!prs_uint16_pre("size ", ps
, depth
, &psa
->size
, &offset_acl_size
))
165 if(!prs_uint32("num_aces ", ps
, depth
, &psa
->num_aces
))
168 if (UNMARSHALLING(ps
)) {
170 if((psa
->aces
= PRS_ALLOC_MEM(ps
, SEC_ACE
, psa
->num_aces
)) == NULL
)
177 for (i
= 0; i
< psa
->num_aces
; i
++) {
179 slprintf(tmp
, sizeof(tmp
)-1, "ace_list[%02d]: ", i
);
180 if(!sec_io_ace(tmp
, &psa
->aces
[i
], ps
, depth
))
184 /* Theorectically an ACL can have a size greater than the
185 sum of its components. When marshalling, pad with extra null bytes up to the
188 if (MARSHALLING(ps
) && (psa
->size
> prs_offset(ps
) - old_offset
)) {
189 uint32 extra_len
= psa
->size
- (prs_offset(ps
) - old_offset
);
192 for (i
= 0; i
< extra_len
; i
++) {
193 if (!prs_uint8("acl extra space", ps
, depth
, &c
))
198 if(!prs_uint16_post("size ", ps
, depth
, &psa
->size
, offset_acl_size
, old_offset
))
204 /*******************************************************************
205 Reads or writes a SEC_DESC structure.
206 If reading and the *ppsd = NULL, allocates the structure.
207 ********************************************************************/
209 bool sec_io_desc(const char *desc
, SEC_DESC
**ppsd
, prs_struct
*ps
, int depth
)
212 uint32 max_offset
= 0; /* after we're done, move offset to end */
213 uint32 tmp_offset
= 0;
214 uint32 off_sacl
, off_dacl
, off_owner_sid
, off_grp_sid
;
225 if(UNMARSHALLING(ps
)) {
226 if((psd
= PRS_ALLOC_MEM(ps
,SEC_DESC
,1)) == NULL
)
230 /* Marshalling - just ignore. */
235 prs_debug(ps
, depth
, desc
, "sec_io_desc");
238 /* start of security descriptor stored for back-calc offset purposes */
239 old_offset
= prs_offset(ps
);
241 if (MARSHALLING(ps
)) {
242 revision
= (uint16
)psd
->revision
;
245 if(!prs_uint16("revision", ps
, depth
, &revision
))
248 if (UNMARSHALLING(ps
)) {
249 psd
->revision
= (enum security_descriptor_revision
)revision
;
252 if(!prs_uint16("type ", ps
, depth
, &psd
->type
))
255 if (MARSHALLING(ps
)) {
256 uint32 offset
= SEC_DESC_HEADER_SIZE
;
259 * Work out the offsets here, as we write it out.
262 if (psd
->sacl
!= NULL
) {
264 offset
+= psd
->sacl
->size
;
269 if (psd
->dacl
!= NULL
) {
271 offset
+= psd
->dacl
->size
;
276 if (psd
->owner_sid
!= NULL
) {
277 off_owner_sid
= offset
;
278 offset
+= ndr_size_dom_sid(psd
->owner_sid
, NULL
, 0);
283 if (psd
->group_sid
!= NULL
) {
284 off_grp_sid
= offset
;
285 offset
+= ndr_size_dom_sid(psd
->group_sid
, NULL
, 0);
291 if(!prs_uint32("off_owner_sid", ps
, depth
, &off_owner_sid
))
294 if(!prs_uint32("off_grp_sid ", ps
, depth
, &off_grp_sid
))
297 if(!prs_uint32("off_sacl ", ps
, depth
, &off_sacl
))
300 if(!prs_uint32("off_dacl ", ps
, depth
, &off_dacl
))
303 max_offset
= MAX(max_offset
, prs_offset(ps
));
305 if (off_owner_sid
!= 0) {
307 tmp_offset
= prs_offset(ps
);
308 if(!prs_set_offset(ps
, old_offset
+ off_owner_sid
))
311 if (UNMARSHALLING(ps
)) {
313 if((psd
->owner_sid
= PRS_ALLOC_MEM(ps
,DOM_SID
,1)) == NULL
)
317 if(!smb_io_dom_sid("owner_sid ", psd
->owner_sid
, ps
, depth
))
320 max_offset
= MAX(max_offset
, prs_offset(ps
));
322 if (!prs_set_offset(ps
,tmp_offset
))
326 if (psd
->group_sid
!= 0) {
328 tmp_offset
= prs_offset(ps
);
329 if(!prs_set_offset(ps
, old_offset
+ off_grp_sid
))
332 if (UNMARSHALLING(ps
)) {
334 if((psd
->group_sid
= PRS_ALLOC_MEM(ps
,DOM_SID
,1)) == NULL
)
338 if(!smb_io_dom_sid("grp_sid", psd
->group_sid
, ps
, depth
))
341 max_offset
= MAX(max_offset
, prs_offset(ps
));
343 if (!prs_set_offset(ps
,tmp_offset
))
347 if ((psd
->type
& SEC_DESC_SACL_PRESENT
) && off_sacl
) {
348 tmp_offset
= prs_offset(ps
);
349 if(!prs_set_offset(ps
, old_offset
+ off_sacl
))
351 if(!sec_io_acl("sacl", &psd
->sacl
, ps
, depth
))
353 max_offset
= MAX(max_offset
, prs_offset(ps
));
354 if (!prs_set_offset(ps
,tmp_offset
))
358 if ((psd
->type
& SEC_DESC_DACL_PRESENT
) && off_dacl
!= 0) {
359 tmp_offset
= prs_offset(ps
);
360 if(!prs_set_offset(ps
, old_offset
+ off_dacl
))
362 if(!sec_io_acl("dacl", &psd
->dacl
, ps
, depth
))
364 max_offset
= MAX(max_offset
, prs_offset(ps
));
365 if (!prs_set_offset(ps
,tmp_offset
))
369 if(!prs_set_offset(ps
, max_offset
))
375 /*******************************************************************
376 Reads or writes a SEC_DESC_BUF structure.
377 ********************************************************************/
379 bool sec_io_desc_buf(const char *desc
, SEC_DESC_BUF
**ppsdb
, prs_struct
*ps
, int depth
)
394 if (UNMARSHALLING(ps
) && psdb
== NULL
) {
395 if((psdb
= PRS_ALLOC_MEM(ps
,SEC_DESC_BUF
,1)) == NULL
)
400 prs_debug(ps
, depth
, desc
, "sec_io_desc_buf");
406 if(!prs_uint32_pre("max_len", ps
, depth
, &psdb
->sd_size
, &off_max_len
))
410 if(!prs_uint32 ("ptr ", ps
, depth
, &ptr
))
413 len
= ndr_size_security_descriptor(psdb
->sd
, NULL
, 0);
414 if(!prs_uint32_pre("len ", ps
, depth
, &len
, &off_len
))
417 old_offset
= prs_offset(ps
);
419 /* reading, length is non-zero; writing, descriptor is non-NULL */
420 if ((UNMARSHALLING(ps
) && psdb
->sd_size
!= 0) || (MARSHALLING(ps
) && psdb
->sd
!= NULL
)) {
421 if(!sec_io_desc("sec ", &psdb
->sd
, ps
, depth
))
428 size
= prs_offset(ps
) - old_offset
;
429 if(!prs_uint32_post("max_len", ps
, depth
, &psdb
->sd_size
, off_max_len
, size
== 0 ? psdb
->sd_size
: size
))
432 if(!prs_uint32_post("len ", ps
, depth
, &len
, off_len
, size
))