search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use vfs_cifs as a basis for vfs_proxy
[Samba/vfs_proxy.git] / source3 / rpc_parse / parse_sec.c
blobc71b31086a4dde832c7396879ffc4a729df1d93d
1 /*
2 * Unix SMB/Netbios implementation.
3 * Version 1.9.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1998,
6 * Copyright (C) Jeremy R. Allison 1995-2005.
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
8 * Copyright (C) Paul Ashton 1997-1998.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_PARSE
28
29 /*******************************************************************
30 Reads or writes a SEC_ACE structure.
31 ********************************************************************/
32
33 static bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps,
34 int depth)
35 {
36 uint32 old_offset;
37 uint32 offset_ace_size;
38 uint8 type;
39
40 if (psa == NULL)
41 return False;
42
43 prs_debug(ps, depth, desc, "sec_io_ace");
44 depth++;
45
46 old_offset = prs_offset(ps);
47
48 if (MARSHALLING(ps)) {
49 type = (uint8)psa->type;
50 }
51
52 if(!prs_uint8("type ", ps, depth, &type))
53 return False;
54
55 if (UNMARSHALLING(ps)) {
56 psa->type = (enum security_ace_type)type;
57 }
58
59 if(!prs_uint8("flags", ps, depth, &psa->flags))
60 return False;
61
62 if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size))
63 return False;
64
65 if(!prs_uint32("access_mask", ps, depth, &psa->access_mask))
66 return False;
67
68 /* check whether object access is present */
69 if (!sec_ace_object(psa->type)) {
70 if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
71 return False;
72 } else {
73 if (!prs_uint32("obj_flags", ps, depth, &psa->object.object.flags))
74 return False;
75
76 if (psa->object.object.flags & SEC_ACE_OBJECT_PRESENT)
77 if (!smb_io_uuid("obj_guid", &psa->object.object.type.type, ps,depth))
78 return False;
79
80 if (psa->object.object.flags & SEC_ACE_OBJECT_INHERITED_PRESENT)
81 if (!smb_io_uuid("inh_guid", &psa->object.object.inherited_type.inherited_type, ps,depth))
82 return False;
83
84 if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
85 return False;
86 }
87
88 /* Theorectically an ACE can have a size greater than the
89 sum of its components. When marshalling, pad with extra null bytes up to the
90 correct size. */
91
92 if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) {
93 uint32 extra_len = psa->size - (prs_offset(ps) - old_offset);
94 uint32 i;
95 uint8 c = 0;
96
97 for (i = 0; i < extra_len; i++) {
98 if (!prs_uint8("ace extra space", ps, depth, &c))
99 return False;
100 }
101 }
102
103 if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset))
104 return False;
105
106 return True;
107 }
108
109 /*******************************************************************
110 Reads or writes a SEC_ACL structure.
111
112 First of the xx_io_xx functions that allocates its data structures
113 for you as it reads them.
114 ********************************************************************/
115
116 static bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps,
117 int depth)
118 {
119 unsigned int i;
120 uint32 old_offset;
121 uint32 offset_acl_size;
122 SEC_ACL *psa;
123 uint16 revision;
124
125 /*
126 * Note that the size is always a multiple of 4 bytes due to the
127 * nature of the data structure. Therefore the prs_align() calls
128 * have been removed as they through us off when doing two-layer
129 * marshalling such as in the printing code (RPC_BUFFER). --jerry
130 */
131
132 if (ppsa == NULL)
133 return False;
134
135 psa = *ppsa;
136
137 if(UNMARSHALLING(ps) && psa == NULL) {
138 /*
139 * This is a read and we must allocate the stuct to read into.
140 */
141 if((psa = PRS_ALLOC_MEM(ps, SEC_ACL, 1)) == NULL)
142 return False;
143 *ppsa = psa;
144 }
145
146 prs_debug(ps, depth, desc, "sec_io_acl");
147 depth++;
148
149 old_offset = prs_offset(ps);
150
151 if (MARSHALLING(ps)) {
152 revision = (uint16)psa->revision;
153 }
154
155 if(!prs_uint16("revision", ps, depth, &revision))
156 return False;
157
158 if (UNMARSHALLING(ps)) {
159 psa->revision = (enum security_acl_revision)revision;
160 }
161
162 if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size))
163 return False;
164
165 if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces))
166 return False;
167
168 if (UNMARSHALLING(ps)) {
169 if (psa->num_aces) {
170 if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces)) == NULL)
171 return False;
172 } else {
173 psa->aces = NULL;
174 }
175 }
176
177 for (i = 0; i < psa->num_aces; i++) {
178 fstring tmp;
179 slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i);
180 if(!sec_io_ace(tmp, &psa->aces[i], ps, depth))
181 return False;
182 }
183
184 /* Theorectically an ACL can have a size greater than the
185 sum of its components. When marshalling, pad with extra null bytes up to the
186 correct size. */
187
188 if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) {
189 uint32 extra_len = psa->size - (prs_offset(ps) - old_offset);
190 uint8 c = 0;
191
192 for (i = 0; i < extra_len; i++) {
193 if (!prs_uint8("acl extra space", ps, depth, &c))
194 return False;
195 }
196 }
197
198 if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset))
199 return False;
200
201 return True;
202 }
203
204 /*******************************************************************
205 Reads or writes a SEC_DESC structure.
206 If reading and the *ppsd = NULL, allocates the structure.
207 ********************************************************************/
208
209 bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
210 {
211 uint32 old_offset;
212 uint32 max_offset = 0; /* after we're done, move offset to end */
213 uint32 tmp_offset = 0;
214 uint32 off_sacl, off_dacl, off_owner_sid, off_grp_sid;
215 uint16 revision;
216
217 SEC_DESC *psd;
218
219 if (ppsd == NULL)
220 return False;
221
222 psd = *ppsd;
223
224 if (psd == NULL) {
225 if(UNMARSHALLING(ps)) {
226 if((psd = PRS_ALLOC_MEM(ps,SEC_DESC,1)) == NULL)
227 return False;
228 *ppsd = psd;
229 } else {
230 /* Marshalling - just ignore. */
231 return True;
232 }
233 }
234
235 prs_debug(ps, depth, desc, "sec_io_desc");
236 depth++;
237
238 /* start of security descriptor stored for back-calc offset purposes */
239 old_offset = prs_offset(ps);
240
241 if (MARSHALLING(ps)) {
242 revision = (uint16)psd->revision;
243 }
244
245 if(!prs_uint16("revision", ps, depth, &revision))
246 return False;
247
248 if (UNMARSHALLING(ps)) {
249 psd->revision = (enum security_descriptor_revision)revision;
250 }
251
252 if(!prs_uint16("type ", ps, depth, &psd->type))
253 return False;
254
255 if (MARSHALLING(ps)) {
256 uint32 offset = SEC_DESC_HEADER_SIZE;
257
258 /*
259 * Work out the offsets here, as we write it out.
260 */
261
262 if (psd->sacl != NULL) {
263 off_sacl = offset;
264 offset += psd->sacl->size;
265 } else {
266 off_sacl = 0;
267 }
268
269 if (psd->dacl != NULL) {
270 off_dacl = offset;
271 offset += psd->dacl->size;
272 } else {
273 off_dacl = 0;
274 }
275
276 if (psd->owner_sid != NULL) {
277 off_owner_sid = offset;
278 offset += ndr_size_dom_sid(psd->owner_sid, 0);
279 } else {
280 off_owner_sid = 0;
281 }
282
283 if (psd->group_sid != NULL) {
284 off_grp_sid = offset;
285 offset += ndr_size_dom_sid(psd->group_sid, 0);
286 } else {
287 off_grp_sid = 0;
288 }
289 }
290
291 if(!prs_uint32("off_owner_sid", ps, depth, &off_owner_sid))
292 return False;
293
294 if(!prs_uint32("off_grp_sid ", ps, depth, &off_grp_sid))
295 return False;
296
297 if(!prs_uint32("off_sacl ", ps, depth, &off_sacl))
298 return False;
299
300 if(!prs_uint32("off_dacl ", ps, depth, &off_dacl))
301 return False;
302
303 max_offset = MAX(max_offset, prs_offset(ps));
304
305 if (off_owner_sid != 0) {
306
307 tmp_offset = prs_offset(ps);
308 if(!prs_set_offset(ps, old_offset + off_owner_sid))
309 return False;
310
311 if (UNMARSHALLING(ps)) {
312 /* reading */
313 if((psd->owner_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL)
314 return False;
315 }
316
317 if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth))
318 return False;
319
320 max_offset = MAX(max_offset, prs_offset(ps));
321
322 if (!prs_set_offset(ps,tmp_offset))
323 return False;
324 }
325
326 if (psd->group_sid != 0) {
327
328 tmp_offset = prs_offset(ps);
329 if(!prs_set_offset(ps, old_offset + off_grp_sid))
330 return False;
331
332 if (UNMARSHALLING(ps)) {
333 /* reading */
334 if((psd->group_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL)
335 return False;
336 }
337
338 if(!smb_io_dom_sid("grp_sid", psd->group_sid, ps, depth))
339 return False;
340
341 max_offset = MAX(max_offset, prs_offset(ps));
342
343 if (!prs_set_offset(ps,tmp_offset))
344 return False;
345 }
346
347 if ((psd->type & SEC_DESC_SACL_PRESENT) && off_sacl) {
348 tmp_offset = prs_offset(ps);
349 if(!prs_set_offset(ps, old_offset + off_sacl))
350 return False;
351 if(!sec_io_acl("sacl", &psd->sacl, ps, depth))
352 return False;
353 max_offset = MAX(max_offset, prs_offset(ps));
354 if (!prs_set_offset(ps,tmp_offset))
355 return False;
356 }
357
358 if ((psd->type & SEC_DESC_DACL_PRESENT) && off_dacl != 0) {
359 tmp_offset = prs_offset(ps);
360 if(!prs_set_offset(ps, old_offset + off_dacl))
361 return False;
362 if(!sec_io_acl("dacl", &psd->dacl, ps, depth))
363 return False;
364 max_offset = MAX(max_offset, prs_offset(ps));
365 if (!prs_set_offset(ps,tmp_offset))
366 return False;
367 }
368
369 if(!prs_set_offset(ps, max_offset))
370 return False;
371
372 return True;
373 }
374
375 /*******************************************************************
376 Reads or writes a SEC_DESC_BUF structure.
377 ********************************************************************/
378
379 bool sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth)
380 {
381 uint32 off_len;
382 uint32 off_max_len;
383 uint32 old_offset;
384 uint32 size;
385 uint32 len;
386 SEC_DESC_BUF *psdb;
387 uint32 ptr;
388
389 if (ppsdb == NULL)
390 return False;
391
392 psdb = *ppsdb;
393
394 if (UNMARSHALLING(ps) && psdb == NULL) {
395 if((psdb = PRS_ALLOC_MEM(ps,SEC_DESC_BUF,1)) == NULL)
396 return False;
397 *ppsdb = psdb;
398 }
399
400 prs_debug(ps, depth, desc, "sec_io_desc_buf");
401 depth++;
402
403 if(!prs_align(ps))
404 return False;
405
406 if(!prs_uint32_pre("max_len", ps, depth, &psdb->sd_size, &off_max_len))
407 return False;
408
409 ptr = 1;
410 if(!prs_uint32 ("ptr ", ps, depth, &ptr))
411 return False;
412
413 len = ndr_size_security_descriptor(psdb->sd, 0);
414 if(!prs_uint32_pre("len ", ps, depth, &len, &off_len))
415 return False;
416
417 old_offset = prs_offset(ps);
418
419 /* reading, length is non-zero; writing, descriptor is non-NULL */
420 if ((UNMARSHALLING(ps) && psdb->sd_size != 0) || (MARSHALLING(ps) && psdb->sd != NULL)) {
421 if(!sec_io_desc("sec ", &psdb->sd, ps, depth))
422 return False;
423 }
424
425 if(!prs_align(ps))
426 return False;
427
428 size = prs_offset(ps) - old_offset;
429 if(!prs_uint32_post("max_len", ps, depth, &psdb->sd_size, off_max_len, size == 0 ? psdb->sd_size : size))
430 return False;
431
432 if(!prs_uint32_post("len ", ps, depth, &len, off_len, size))
433 return False;
434
435 return True;
436 }
Proof-of-concept samba4 based caching proxy