/* encode an ACE in SDDL format */ static char *sddl_encode_ace(TALLOC_CTX *mem_ctx, const struct security_ace *ace, const struct dom_sid *domain_sid) { char *sddl = NULL; TALLOC_CTX *tmp_ctx; const char *s_type="", *s_flags="", *s_mask="", *s_object="", *s_iobject="", *s_trustee=""; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { DEBUG(0, ("talloc_new failed\n")); return NULL; } s_type = sddl_flags_to_string(tmp_ctx, ace_types, ace->type, True); if (s_type == NULL) goto failed; s_flags = sddl_flags_to_string(tmp_ctx, ace_flags, ace->flags, True); if (s_flags == NULL) goto failed; s_mask = sddl_flags_to_string(tmp_ctx, ace_access_mask, ace->access_mask, True); if (s_mask == NULL) { s_mask = talloc_asprintf(tmp_ctx, "0x%08x", ace->access_mask); if (s_mask == NULL) goto failed; } if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT || ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT || ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) { if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) { s_object = GUID_string(tmp_ctx, &ace->object.object.type.type); if (s_object == NULL) goto failed; } if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) { s_iobject = GUID_string(tmp_ctx, &ace->object.object.inherited_type.inherited_type); if (s_iobject == NULL) goto failed; } } s_trustee = sddl_encode_sid(tmp_ctx, &ace->trustee, domain_sid); if (s_trustee == NULL) goto failed; sddl = talloc_asprintf(mem_ctx, "%s;%s;%s;%s;%s;%s", s_type, s_flags, s_mask, s_object, s_iobject, s_trustee); failed: talloc_free(tmp_ctx); return sddl; }
/* encode an ACL in SDDL format */ static char *sddl_encode_acl(TALLOC_CTX *mem_ctx, const struct security_acl *acl, uint32_t flags, const struct dom_sid *domain_sid) { char *sddl; uint32_t i; /* add any ACL flags */ sddl = sddl_flags_to_string(mem_ctx, acl_flags, flags, false); if (sddl == NULL) goto failed; /* now the ACEs, encoded in braces */ for (i=0;i<acl->num_aces;i++) { char *ace = sddl_encode_ace(sddl, &acl->aces[i], domain_sid); if (ace == NULL) goto failed; sddl = talloc_asprintf_append_buffer(sddl, "(%s)", ace); if (sddl == NULL) goto failed; talloc_free(ace); } return sddl; failed: talloc_free(sddl); return NULL; }