Ejemplo n.º 1
0
/*
  convert a NDR formatted blob to a ldif formatted ntSecurityDescriptor (SDDL format)
*/
static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx,
					   const struct ldb_val *in, struct ldb_val *out)
{
	struct security_descriptor *sd;
	enum ndr_err_code ndr_err;

	if (ldb_get_flags(ldb) & LDB_FLG_SHOW_BINARY) {
		return ldif_write_NDR(ldb, mem_ctx, in, out, 
				      sizeof(struct security_descriptor),
				      (ndr_pull_flags_fn_t)ndr_pull_security_descriptor,
				      (ndr_print_fn_t)ndr_print_security_descriptor,
				      true);
				      
	}

	sd = talloc(mem_ctx, struct security_descriptor);
	if (sd == NULL) {
		return -1;
	}
	/* We can't use ndr_pull_struct_blob_all because this contains relative pointers */
	ndr_err = ndr_pull_struct_blob(in, sd, sd,
					   (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
		talloc_free(sd);
		return -1;
	}
	out->data = (uint8_t *)sddl_encode(mem_ctx, sd, samdb_domain_sid_cache_only(ldb));
	talloc_free(sd);
	if (out->data == NULL) {
		return -1;
	}
	out->length = strlen((const char *)out->data);
	return 0;
}
Ejemplo n.º 2
0
/*
  test one SDDL example
*/
static bool test_sddl(struct torture_context *tctx, 
					  const void *test_data)
{
	struct security_descriptor *sd, *sd2;
	struct dom_sid *domain;
	const char *sddl = (const char *)test_data;
	const char *sddl2;
	TALLOC_CTX *mem_ctx = tctx;


	domain = dom_sid_parse_talloc(mem_ctx, "S-1-2-3-4");
	sd = sddl_decode(mem_ctx, sddl, domain);
	torture_assert(tctx, sd != NULL, talloc_asprintf(tctx, 
					"Failed to decode '%s'\n", sddl));

	sddl2 = sddl_encode(mem_ctx, sd, domain);
	torture_assert(tctx, sddl2 != NULL, talloc_asprintf(tctx, 
					"Failed to re-encode '%s'\n", sddl));

	sd2 = sddl_decode(mem_ctx, sddl2, domain);
	torture_assert(tctx, sd2 != NULL, talloc_asprintf(tctx, 
					"Failed to decode2 '%s'\n", sddl2));

	torture_assert(tctx, security_descriptor_equal(sd, sd2),
		talloc_asprintf(tctx, "Failed equality test for '%s'\n", sddl));

#if 0
	/* flags don't have a canonical order ... */
	if (strcmp(sddl, sddl2) != 0) {
		printf("Failed sddl equality test\norig: %s\n new: %s\n", sddl, sddl2);
	}
#endif

	if (DEBUGLVL(2)) {
		NDR_PRINT_DEBUG(security_descriptor, sd);
	}
	talloc_free(sd);
	talloc_free(domain);
	return true;
}