2
Unix SMB/CIFS implementation.
4
security access checking routines
6
Copyright (C) Nadezhda Ivanova 2009
8
This program is free software; you can redistribute it and/or modify
9
it under the terms of the GNU General Public License as published by
10
the Free Software Foundation; either version 3 of the License, or
11
(at your option) any later version.
13
This program is distributed in the hope that it will be useful,
14
but WITHOUT ANY WARRANTY; without even the implied warranty of
15
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
GNU General Public License for more details.
18
You should have received a copy of the GNU General Public License
19
along with this program. If not, see <http://www.gnu.org/licenses/>.
23
* Description: Contains data handler functions for
24
* the object tree that must be constructed to perform access checks.
25
* The object tree is an unbalanced tree of depth 3, indexed by
26
* object type guid. Perhaps a different data structure
27
* should be concidered later to improve performance
29
* Author: Nadezhda Ivanova
32
#include "libcli/security/security.h"
33
#include "lib/util/dlinklist.h"
34
#include "librpc/ndr/libndr.h"
36
/* Adds a new node to the object tree. If attributeSecurityGUID is not zero and
37
* has already been added to the tree, the new node is added as a child of that node
38
* In all other cases as a child of the root
41
struct object_tree * insert_in_object_tree(TALLOC_CTX *mem_ctx,
42
const struct GUID *schemaGUIDID,
43
const struct GUID *attributeSecurityGUID,
45
struct object_tree *root)
47
struct object_tree * parent = NULL;
48
struct object_tree * new_node;
50
new_node = talloc(mem_ctx, struct object_tree);
53
memset(new_node, 0, sizeof(struct object_tree));
54
new_node->remaining_access = init_access;
57
memcpy(&new_node->guid, schemaGUIDID, sizeof(struct GUID));
61
if (attributeSecurityGUID && !GUID_all_zero(attributeSecurityGUID)){
62
parent = get_object_tree_by_GUID(root, attributeSecurityGUID);
63
memcpy(&new_node->guid, attributeSecurityGUID, sizeof(struct GUID));
66
memcpy(&new_node->guid, schemaGUIDID, sizeof(struct GUID));
71
new_node->remaining_access = init_access;
72
DLIST_ADD(parent, new_node);
77
struct object_tree * get_object_tree_by_GUID(struct object_tree *root,
78
const struct GUID *guid)
80
struct object_tree *p;
81
struct object_tree *result = NULL;
83
if (!root || GUID_equal(&root->guid, guid))
86
for (p = root->children; p != NULL; p = p->next)
87
if ((result = get_object_tree_by_GUID(p, guid)))
94
/* Change the granted access per each ACE */
96
void object_tree_modify_access(struct object_tree *root,
99
struct object_tree *p;
101
root->remaining_access &= ~access;
104
for (p = root->children; p != NULL; p = p->next)
105
object_tree_modify_access(p, access);