Пример #1
0
/**
 * e2k_security_descriptor_new:
 * @xml_form: the XML form of the folder's security descriptor
 * (The "http://schemas.microsoft.com/exchange/security/descriptor"
 * property, aka %E2K_PR_EXCHANGE_SD_XML)
 * @binary_form: the binary form of the folder's security descriptor
 * (The "http://schemas.microsoft.com/exchange/ntsecuritydescriptor"
 * property, aka %E2K_PR_EXCHANGE_SD_BINARY)
 *
 * Constructs an #E2kSecurityDescriptor from the data in @xml_form and
 * @binary_form.
 *
 * Return value: the security descriptor, or %NULL if the data could
 * not be parsed.
 **/
E2kSecurityDescriptor *
e2k_security_descriptor_new (xmlNodePtr xml_form, GByteArray *binary_form)
{
	E2kSecurityDescriptor *sd;
	E2k_SECURITY_DESCRIPTOR_RELATIVE sdbuf;
	guint16 off, header_len;

	g_return_val_if_fail (xml_form != NULL, NULL);
	g_return_val_if_fail (binary_form != NULL, NULL);

	if (binary_form->len < 2)
		return NULL;

	memcpy (&header_len, binary_form->data, 2);
	header_len = GUINT16_FROM_LE (header_len);
	if (header_len + sizeof (sdbuf) > binary_form->len)
		return NULL;

	memcpy (&sdbuf, binary_form->data + header_len, sizeof (sdbuf));
	if (sdbuf.Revision != E2K_SECURITY_DESCRIPTOR_REVISION)
		return NULL;
	if ((sdbuf.Control & (E2K_SE_DACL_PRESENT | E2K_SE_SACL_PRESENT)) !=
	    E2K_SE_DACL_PRESENT)
		return NULL;

	sd = g_object_new (E2K_TYPE_SECURITY_DESCRIPTOR, NULL);
	sd->priv->header = g_byte_array_new ();
	g_byte_array_append (sd->priv->header, binary_form->data, header_len);
	sd->priv->control_flags = sdbuf.Control;

	/* Create a SID for "Default" then extract remaining SIDs from
	 * the XML form since they have display names associated with
	 * them.
	 */
	sd->priv->default_sid =
		e2k_sid_new_from_string_sid (E2K_SID_TYPE_WELL_KNOWN_GROUP,
					     E2K_SID_WKS_EVERYONE, NULL);
	g_hash_table_insert (sd->priv->sids,
			     (char *)e2k_sid_get_binary_sid (sd->priv->default_sid),
			     sd->priv->default_sid);
	extract_sids (sd, xml_form);

	off = GUINT32_FROM_LE (sdbuf.Owner) + sd->priv->header->len;
	if (!parse_sid (sd, binary_form, &off, &sd->priv->owner))
		goto lose;
	off = GUINT32_FROM_LE (sdbuf.Group) + sd->priv->header->len;
	if (!parse_sid (sd, binary_form, &off, &sd->priv->group))
		goto lose;

	off = GUINT32_FROM_LE (sdbuf.Dacl) + sd->priv->header->len;
	if (!parse_acl (sd, binary_form, &off))
		goto lose;

	return sd;

 lose:
	g_object_unref (sd);
	return NULL;
}
Пример #2
0
struct acl *acl_create(int len, char **lines, int default_deny)
{
    struct acl *acl;

    acl = (struct acl *) xmalloc(sizeof(struct acl));
    acl->len = parse_acl(&acl->entries, len, lines);
    acl->default_deny = default_deny;
    return acl;
}
Пример #3
0
Файл: acl.C Проект: bougyman/sfs
u_int 
acl::get_permissions (sfsauth_cred *cred, str *key,
                      vec<sfs_idname> *groups)
{
  vec<str> credstrings;
  u_int p = 0;

  // 3 kinds of access: anonymous, public key, unix credentials
  // anonymous means that the user wasn't running an agent or
  // for some reason the authd couldn't even return a public key
  if (key)
    credstrings.push_back (strbuf () << TYPEPK << ACLDIV << *key); 
  if (cred)
    credstrings.push_back (strbuf () << TYPELOCALUSER << ACLDIV << cred->unixcred->username);
  if (groups) {
    for (unsigned int i = 0; i < groups->size (); i++)
      credstrings.push_back (strbuf () << TYPELOCALGROUP << ACLDIV << (*groups)[i]);
  }
  if (!cred && !key)
    credstrings.push_back (strbuf () << TYPESYS << ACLDIV << SYS_ANONYMOUS);

  str flattened_creds ("");
  for (u_int i = 0; i < credstrings.size (); i++) {
    warn ("CRED[%d]: %s\n", i, credstrings[i].cstr ());
    flattened_creds = strbuf () << flattened_creds << credstrings[i];
  }

#if PCACHE
  //make hash out of acl and user; ask cache about hash
  str ua = strbuf () << armor32 (str (aclhash, sizeof (aclhash)))
		     << flattened_creds;
  bzero (hashbuf, sizeof (hashbuf));
  sha1_hash (hashbuf, ua.cstr (), ua.len ());

  if (is_cached (hashbuf, p)) {
    warn << "Using cached perms (" << get_strpermissions (p)
      << ") for cache key "<< armor32 (str (hashbuf, sizeof (hashbuf)))
      << "\n";
    return p;
  } 
  else {
    warn << "Did not find cached perms (" << ua << ") for cache key "
      << armor32 (str (hashbuf, sizeof (hashbuf))) << "\n";
  }
#endif

  p = parse_acl (credstrings);

#if PCACHE
  insert_cache (hashbuf, p);
#endif

  return p;
}
Пример #4
0
size_t smbresult_tocsv(smbresult data, char **buf, char *ace) {
	if(data.statuscode < 0) {
		return 0;
	}

	//parsehidden returns 0 or 1, so we need a quick if statement
	char hidden = ' ';
	if(parse_hidden(data.mode))
		hidden = 'X';

	//We need to parse the access entry, here are the variables we'll use to hold them
	char * principal = "";
	unsigned int atype = 0;
	unsigned int aflags = 0;
	unsigned int amask = 0;

	//Parse the entry, if we can't then just quit because we got bad data.
	if(ace != NULL) {
		if(parse_acl(ace, &principal, &atype, &aflags, &amask) == 0) {
			return 0;
		}
	}

	//We need to determine the length of our new string
	size_t size = snprintf(NULL, 0, "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%c\"", 
		data.host, 
		data.share, 
		data.object, 
		parse_type(data.type),
		principal,
		parse_accessmask(amask),
		hidden
	);

	//Otherwise, just a simple sprintf to the buffer the user gave us.
	char *buffer = malloc(size+1);
	snprintf(buffer, size+1, "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%c\"", 
		data.host, 
		data.share, 
		data.object, 
		parse_type(data.type),
		principal,
		parse_accessmask(amask),
		hidden
	);

	*buf = strdup(buffer);

	free(buffer);

	return size+1;
}
Пример #5
0
GSList*
_get_acl(apr_pool_t *p, namespace_info_t *ns_info)
{
	GSList *acl = NULL;
	GByteArray* acl_allow, *acl_deny;
	
	if (!ns_info || !ns_info->options)
		return NULL;

	acl_allow = g_hash_table_lookup(ns_info->options, NS_ACL_ALLOW_OPTION);
	acl_deny = g_hash_table_lookup(ns_info->options, NS_ACL_DENY_OPTION);

	acl = g_slist_concat(parse_acl(acl_allow, TRUE), parse_acl(acl_deny, FALSE));
	if (!acl)
		return NULL;
		
	GSList *src, *dst;
	guint i, list_length;

	list_length = g_slist_length(acl);

	/* Copy the list content */
	dst = apr_pcalloc(p, sizeof(GSList) * list_length);
	if (list_length > 1) {
		for (i=0; i < list_length - 2; i++)
			dst[i].next = dst + i + 1;
	}

	/* copy the original data */
	for (i=0, src=acl; src ;src=src->next,i++) {
		if (src->data)
			dst[i].data = apr_pmemdup(p, src->data, sizeof(addr_rule_t));
	}

	g_slist_foreach(acl, _addr_rule_gclean, NULL);
	g_slist_free(acl);
	return dst;
}