LCOV - code coverage report
Current view: top level - libcli/security - object_tree.c (source / functions) Hit Total Coverage
Test: coverage report for abartlet/fix-coverage dd10fb34 Lines: 31 39 79.5 %
Date: 2021-09-23 10:06:22 Functions: 3 3 100.0 %

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    security access checking routines
       5             : 
       6             :    Copyright (C) Nadezhda Ivanova 2009
       7             : 
       8             :    This program is free software; you can redistribute it and/or modify
       9             :    it under the terms of the GNU General Public License as published by
      10             :    the Free Software Foundation; either version 3 of the License, or
      11             :    (at your option) any later version.
      12             : 
      13             :    This program is distributed in the hope that it will be useful,
      14             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :    GNU General Public License for more details.
      17             : 
      18             :    You should have received a copy of the GNU General Public License
      19             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      20             : */
      21             : 
      22             : /*
      23             :  *  Description: Contains data handler functions for
      24             :  *               the object tree that must be constructed to perform access checks.
      25             :  *               The object tree is an unbalanced tree of depth 3, indexed by
      26             :  *               object type guid. Perhaps a different data structure
      27             :  *               should be concidered later to improve performance
      28             :  *
      29             :  *  Author: Nadezhda Ivanova
      30             :  */
      31             : #include "includes.h"
      32             : #include "libcli/security/security.h"
      33             : #include "librpc/ndr/libndr.h"
      34             : 
      35             : /* Adds a new node to the object tree. If attributeSecurityGUID is not zero and
      36             :  * has already been added to the tree, the new node is added as a child of that node
      37             :  * In all other cases as a child of the root
      38             :  */
      39             : 
      40    13158165 : bool insert_in_object_tree(TALLOC_CTX *mem_ctx,
      41             :                            const struct GUID *guid,
      42             :                            uint32_t init_access,
      43             :                            struct object_tree *root,
      44             :                            struct object_tree **new_node_out)
      45             : {
      46             :         struct object_tree *new_node;
      47             : 
      48    13158165 :         if (!guid || GUID_all_zero(guid)){
      49           0 :                 return true;
      50             :         }
      51             : 
      52    13158165 :         if (!root) {
      53     5183217 :                 root = talloc_zero(mem_ctx, struct object_tree);
      54     5183217 :                 if (!root) {
      55           0 :                         return false;
      56             :                 }
      57     5101972 :                 new_node = root;
      58             :         } else {
      59             :                 int i;
      60             : 
      61     7969333 :                 for (i = 0; i < root->num_of_children; i++) {
      62           0 :                         if (GUID_equal(&root->children[i].guid, guid)) {
      63           0 :                                 new_node = &root->children[i];
      64           0 :                                 new_node->remaining_access |= init_access;
      65           0 :                                 *new_node_out = new_node;
      66           0 :                                 return true;
      67             :                         }
      68             :                 }
      69             : 
      70     7974948 :                 root->children = talloc_realloc(mem_ctx, root->children,
      71             :                                                 struct object_tree,
      72             :                                                 root->num_of_children + 1);
      73     7974948 :                 if (!root->children) {
      74           0 :                         return false;
      75             :                 }
      76     7974948 :                 new_node = &root->children[root->num_of_children];
      77     7974948 :                 root->num_of_children++;
      78             :         }
      79             : 
      80    13158165 :         new_node->children = NULL;
      81    13158165 :         new_node->guid = *guid;
      82    13158165 :         new_node->remaining_access = init_access;
      83    13158165 :         new_node->num_of_children = 0;
      84             : 
      85    13158165 :         *new_node_out = new_node;
      86    13158165 :         return true;
      87             : }
      88             : 
      89             : /* search by GUID */
      90     2863558 : struct object_tree *get_object_tree_by_GUID(struct object_tree *root,
      91             :                                              const struct GUID *guid)
      92             : {
      93     2863558 :         struct object_tree *result = NULL;
      94             :         int i;
      95             : 
      96     2863558 :         if (!root || GUID_equal(&root->guid, guid)) {
      97       63473 :                 result = root;
      98       63473 :                 return result;
      99             :         }
     100     3707187 :         for (i = 0; i < root->num_of_children; i++) {
     101     1133228 :                 if ((result = get_object_tree_by_GUID(&root->children[i], guid)))
     102       50067 :                         break;
     103             :         }
     104     2624152 :         return result;
     105             : }
     106             : 
     107             : /**
     108             :  * @brief Modify the tree to mark specified access rights as granted
     109             :  *
     110             :  * This function will modify the root and the child of the tree pointed by
     111             :  * root, so that for each tree element the bits set in access_mask are
     112             :  * marked as granted.
     113             :  *
     114             :  * @param[in]  root        An object_tree structure that we want to modify
     115             :  *
     116             :  * @param[in]  access_mask A bitfield of access right that we want to mark as
     117             :  *                         granted in the whole tree.
     118             :  */
     119    13516408 : void object_tree_modify_access(struct object_tree *root,
     120             :                                uint32_t access_mask)
     121             : {
     122             :         int i;
     123    13516408 :         root->remaining_access &= ~access_mask;
     124    21557465 :         for (i = 0; i < root->num_of_children; i++) {
     125     8041057 :                 object_tree_modify_access(&root->children[i], access_mask);
     126             :         }
     127    13516408 : }

Generated by: LCOV version 1.13