Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : security access checking routines
5 :
6 : Copyright (C) Nadezhda Ivanova 2009
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : /*
23 : * Description: Contains data handler functions for
24 : * the object tree that must be constructed to perform access checks.
25 : * The object tree is an unbalanced tree of depth 3, indexed by
26 : * object type guid. Perhaps a different data structure
27 : * should be concidered later to improve performance
28 : *
29 : * Author: Nadezhda Ivanova
30 : */
31 : #include "includes.h"
32 : #include "libcli/security/security.h"
33 : #include "librpc/ndr/libndr.h"
34 :
35 : /* Adds a new node to the object tree. If attributeSecurityGUID is not zero and
36 : * has already been added to the tree, the new node is added as a child of that node
37 : * In all other cases as a child of the root
38 : */
39 :
40 17365603 : bool insert_in_object_tree(TALLOC_CTX *mem_ctx,
41 : const struct GUID *guid,
42 : uint32_t init_access,
43 : struct object_tree *root,
44 : struct object_tree **new_node_out)
45 : {
46 : struct object_tree *new_node;
47 :
48 17365603 : if (!guid || GUID_all_zero(guid)){
49 0 : return true;
50 : }
51 :
52 17365603 : if (!root) {
53 6590643 : root = talloc_zero(mem_ctx, struct object_tree);
54 6590643 : if (!root) {
55 0 : return false;
56 : }
57 6590643 : new_node = root;
58 : } else {
59 : int i;
60 :
61 10774960 : for (i = 0; i < root->num_of_children; i++) {
62 0 : if (GUID_equal(&root->children[i].guid, guid)) {
63 0 : new_node = &root->children[i];
64 0 : new_node->remaining_access |= init_access;
65 0 : *new_node_out = new_node;
66 0 : return true;
67 : }
68 : }
69 :
70 10774960 : root->children = talloc_realloc(mem_ctx, root->children,
71 : struct object_tree,
72 : root->num_of_children + 1);
73 10774960 : if (!root->children) {
74 0 : return false;
75 : }
76 10774960 : new_node = &root->children[root->num_of_children];
77 10774960 : root->num_of_children++;
78 : }
79 :
80 17365603 : new_node->children = NULL;
81 17365603 : new_node->guid = *guid;
82 17365603 : new_node->remaining_access = init_access;
83 17365603 : new_node->num_of_children = 0;
84 :
85 17365603 : *new_node_out = new_node;
86 17365603 : return true;
87 : }
88 :
89 : /* search by GUID */
90 9431779 : struct object_tree *get_object_tree_by_GUID(struct object_tree *root,
91 : const struct GUID *guid)
92 : {
93 9431779 : struct object_tree *result = NULL;
94 : int i;
95 :
96 9431779 : if (!root || GUID_equal(&root->guid, guid)) {
97 655635 : result = root;
98 655635 : return result;
99 : }
100 12812314 : for (i = 0; i < root->num_of_children; i++) {
101 4677952 : if ((result = get_object_tree_by_GUID(&root->children[i], guid)))
102 641782 : break;
103 : }
104 8776144 : return result;
105 : }
106 :
107 : /**
108 : * @brief Modify the tree to mark specified access rights as granted
109 : *
110 : * This function will modify the root and the child of the tree pointed by
111 : * root, so that for each tree element the bits set in access_mask are
112 : * marked as granted.
113 : *
114 : * @param[in] root An object_tree structure that we want to modify
115 : *
116 : * @param[in] access_mask A bitfield of access right that we want to mark as
117 : * granted in the whole tree.
118 : */
119 19627895 : void object_tree_modify_access(struct object_tree *root,
120 : uint32_t access_mask)
121 : {
122 : int i;
123 19627895 : root->remaining_access &= ~access_mask;
124 31503050 : for (i = 0; i < root->num_of_children; i++) {
125 11875155 : object_tree_modify_access(&root->children[i], access_mask);
126 : }
127 19627895 : }
|
