/**
* e2k_security_descriptor_new:
* @xml_form: the XML form of the folder's security descriptor
* (The "http://schemas.microsoft.com/exchange/security/descriptor"
* property, aka %E2K_PR_EXCHANGE_SD_XML)
* @binary_form: the binary form of the folder's security descriptor
* (The "http://schemas.microsoft.com/exchange/ntsecuritydescriptor"
* property, aka %E2K_PR_EXCHANGE_SD_BINARY)
*
* Constructs an #E2kSecurityDescriptor from the data in @xml_form and
* @binary_form.
*
* Return value: the security descriptor, or %NULL if the data could
* not be parsed.
**/
E2kSecurityDescriptor *
e2k_security_descriptor_new (xmlNodePtr xml_form, GByteArray *binary_form)
{
E2kSecurityDescriptor *sd;
E2k_SECURITY_DESCRIPTOR_RELATIVE sdbuf;
guint16 off, header_len;
g_return_val_if_fail (xml_form != NULL, NULL);
g_return_val_if_fail (binary_form != NULL, NULL);
if (binary_form->len < 2)
return NULL;
memcpy (&header_len, binary_form->data, 2);
header_len = GUINT16_FROM_LE (header_len);
if (header_len + sizeof (sdbuf) > binary_form->len)
return NULL;
memcpy (&sdbuf, binary_form->data + header_len, sizeof (sdbuf));
if (sdbuf.Revision != E2K_SECURITY_DESCRIPTOR_REVISION)
return NULL;
if ((sdbuf.Control & (E2K_SE_DACL_PRESENT | E2K_SE_SACL_PRESENT)) !=
E2K_SE_DACL_PRESENT)
return NULL;
sd = g_object_new (E2K_TYPE_SECURITY_DESCRIPTOR, NULL);
sd->priv->header = g_byte_array_new ();
g_byte_array_append (sd->priv->header, binary_form->data, header_len);
sd->priv->control_flags = sdbuf.Control;
/* Create a SID for "Default" then extract remaining SIDs from
* the XML form since they have display names associated with
* them.
*/
sd->priv->default_sid =
e2k_sid_new_from_string_sid (E2K_SID_TYPE_WELL_KNOWN_GROUP,
E2K_SID_WKS_EVERYONE, NULL);
g_hash_table_insert (sd->priv->sids,
(char *)e2k_sid_get_binary_sid (sd->priv->default_sid),
sd->priv->default_sid);
extract_sids (sd, xml_form);
off = GUINT32_FROM_LE (sdbuf.Owner) + sd->priv->header->len;
if (!parse_sid (sd, binary_form, &off, &sd->priv->owner))
goto lose;
off = GUINT32_FROM_LE (sdbuf.Group) + sd->priv->header->len;
if (!parse_sid (sd, binary_form, &off, &sd->priv->group))
goto lose;
off = GUINT32_FROM_LE (sdbuf.Dacl) + sd->priv->header->len;
if (!parse_acl (sd, binary_form, &off))
goto lose;
return sd;
lose:
g_object_unref (sd);
return NULL;
}
struct acl *acl_create(int len, char **lines, int default_deny)
{
struct acl *acl;
acl = (struct acl *) xmalloc(sizeof(struct acl));
acl->len = parse_acl(&acl->entries, len, lines);
acl->default_deny = default_deny;
return acl;
}
u_int
acl::get_permissions (sfsauth_cred *cred, str *key,
vec<sfs_idname> *groups)
{
vec<str> credstrings;
u_int p = 0;
// 3 kinds of access: anonymous, public key, unix credentials
// anonymous means that the user wasn't running an agent or
// for some reason the authd couldn't even return a public key
if (key)
credstrings.push_back (strbuf () << TYPEPK << ACLDIV << *key);
if (cred)
credstrings.push_back (strbuf () << TYPELOCALUSER << ACLDIV << cred->unixcred->username);
if (groups) {
for (unsigned int i = 0; i < groups->size (); i++)
credstrings.push_back (strbuf () << TYPELOCALGROUP << ACLDIV << (*groups)[i]);
}
if (!cred && !key)
credstrings.push_back (strbuf () << TYPESYS << ACLDIV << SYS_ANONYMOUS);
str flattened_creds ("");
for (u_int i = 0; i < credstrings.size (); i++) {
warn ("CRED[%d]: %s\n", i, credstrings[i].cstr ());
flattened_creds = strbuf () << flattened_creds << credstrings[i];
}
#if PCACHE
//make hash out of acl and user; ask cache about hash
str ua = strbuf () << armor32 (str (aclhash, sizeof (aclhash)))
<< flattened_creds;
bzero (hashbuf, sizeof (hashbuf));
sha1_hash (hashbuf, ua.cstr (), ua.len ());
if (is_cached (hashbuf, p)) {
warn << "Using cached perms (" << get_strpermissions (p)
<< ") for cache key "<< armor32 (str (hashbuf, sizeof (hashbuf)))
<< "\n";
return p;
}
else {
warn << "Did not find cached perms (" << ua << ") for cache key "
<< armor32 (str (hashbuf, sizeof (hashbuf))) << "\n";
}
#endif
p = parse_acl (credstrings);
#if PCACHE
insert_cache (hashbuf, p);
#endif
return p;
}
size_t smbresult_tocsv(smbresult data, char **buf, char *ace) {
if(data.statuscode < 0) {
return 0;
}
//parsehidden returns 0 or 1, so we need a quick if statement
char hidden = ' ';
if(parse_hidden(data.mode))
hidden = 'X';
//We need to parse the access entry, here are the variables we'll use to hold them
char * principal = "";
unsigned int atype = 0;
unsigned int aflags = 0;
unsigned int amask = 0;
//Parse the entry, if we can't then just quit because we got bad data.
if(ace != NULL) {
if(parse_acl(ace, &principal, &atype, &aflags, &amask) == 0) {
return 0;
}
}
//We need to determine the length of our new string
size_t size = snprintf(NULL, 0, "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%c\"",
data.host,
data.share,
data.object,
parse_type(data.type),
principal,
parse_accessmask(amask),
hidden
);
//Otherwise, just a simple sprintf to the buffer the user gave us.
char *buffer = malloc(size+1);
snprintf(buffer, size+1, "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%c\"",
data.host,
data.share,
data.object,
parse_type(data.type),
principal,
parse_accessmask(amask),
hidden
);
*buf = strdup(buffer);
free(buffer);
return size+1;
}
GSList*
_get_acl(apr_pool_t *p, namespace_info_t *ns_info)
{
GSList *acl = NULL;
GByteArray* acl_allow, *acl_deny;
if (!ns_info || !ns_info->options)
return NULL;
acl_allow = g_hash_table_lookup(ns_info->options, NS_ACL_ALLOW_OPTION);
acl_deny = g_hash_table_lookup(ns_info->options, NS_ACL_DENY_OPTION);
acl = g_slist_concat(parse_acl(acl_allow, TRUE), parse_acl(acl_deny, FALSE));
if (!acl)
return NULL;
GSList *src, *dst;
guint i, list_length;
list_length = g_slist_length(acl);
/* Copy the list content */
dst = apr_pcalloc(p, sizeof(GSList) * list_length);
if (list_length > 1) {
for (i=0; i < list_length - 2; i++)
dst[i].next = dst + i + 1;
}
/* copy the original data */
for (i=0, src=acl; src ;src=src->next,i++) {
if (src->data)
dst[i].data = apr_pmemdup(p, src->data, sizeof(addr_rule_t));
}
g_slist_foreach(acl, _addr_rule_gclean, NULL);
g_slist_free(acl);
return dst;
}
