X-Git-Url: https://wimlib.net/git/?p=wimlib;a=blobdiff_plain;f=src%2Fsecurity.c;h=e6a7e93a84d6001ed47f55afdfdfd8d3e2c1f395;hp=d5fbcbb7db1d6d75501b4767ceb6924b1349b190;hb=76b57cc8cf113194136a7e264644a37515650ccc;hpb=c73468ab9d94f48a801008ea4fb15de6880c44e8

diff --git a/src/security.c b/src/security.c
index d5fbcbb7..e6a7e93a 100644
--- a/src/security.c
+++ b/src/security.c
@@ -5,7 +5,7 @@
  */
 
 /*
- * Copyright (C) 2012, 2013 Eric Biggers
+ * Copyright (C) 2012, 2013, 2014 Eric Biggers
  *
  * This file is part of wimlib, a library for working with WIM files.
  *
@@ -28,10 +28,10 @@
 #endif
 
 #include "wimlib/assert.h"
+#include "wimlib/avl_tree.h"
 #include "wimlib/endianness.h"
 #include "wimlib/error.h"
 #include "wimlib/security.h"
-#include "wimlib/security_descriptor.h"
 #include "wimlib/sha1.h"
 #include "wimlib/util.h"
 
@@ -50,12 +50,13 @@ new_wim_security_data(void)
 /*
  * Reads the security data from the metadata resource of a WIM image.
  *
- * @metadata_resource:	An array that contains the uncompressed metadata
- *				resource for the WIM image.
- * @metadata_resource_len:	The length of @metadata_resource.
- * @sd_ret:	A pointer to a pointer to a wim_security_data structure that
- *		will be filled in with a pointer to a new wim_security_data
- *		structure containing the security data on success.
+ * @buf
+ *	Buffer containing an uncompressed WIM metadata resource.
+ * @buf_len
+ *	Length of the uncompressed metadata resource, in bytes.
+ * @sd_ret
+ *	On success, a pointer to the resulting security data structure will be
+ *	returned here.
  *
  * Note: There is no `offset' argument because the security data is located at
  * the beginning of the metadata resource.
@@ -66,7 +67,7 @@ new_wim_security_data(void)
  *	WIMLIB_ERR_NOMEM
  */
 int
-read_wim_security_data(const u8 metadata_resource[], size_t metadata_resource_len,
+read_wim_security_data(const u8 *buf, size_t buf_len,
 		       struct wim_security_data **sd_ret)
 {
 	struct wim_security_data *sd;
@@ -77,14 +78,14 @@ read_wim_security_data(const u8 metadata_resource[], size_t metadata_resource_le
 	const struct wim_security_data_disk *sd_disk;
 	const u8 *p;
 
-	if (metadata_resource_len < 8)
+	if (buf_len < 8)
 		return WIMLIB_ERR_INVALID_METADATA_RESOURCE;
 
 	sd = new_wim_security_data();
 	if (!sd)
 		goto out_of_memory;
 
-	sd_disk = (const struct wim_security_data_disk*)metadata_resource;
+	sd_disk = (const struct wim_security_data_disk *)buf;
 	sd->total_length = le32_to_cpu(sd_disk->total_length);
 	sd->num_entries = le32_to_cpu(sd_disk->num_entries);
 
@@ -112,7 +113,7 @@ read_wim_security_data(const u8 metadata_resource[], size_t metadata_resource_le
 	 * integer, even though each security descriptor size is a 64-bit
 	 * integer.  This is stupid, and we need to be careful not to actually
 	 * let the security descriptor sizes be over 0xffffffff.  */
-	if (sd->total_length > metadata_resource_len)
+	if (sd->total_length > buf_len)
 		goto out_invalid_sd;
 
 	sizes_size = (u64)sd->num_entries * sizeof(u64);
@@ -215,116 +216,6 @@ write_wim_security_data(const struct wim_security_data * restrict sd,
 	return p;
 }
 
-static void
-print_acl(const wimlib_ACL *acl, const tchar *type, size_t max_size)
-{
-	const u8 *p;
-
-	if (max_size < sizeof(wimlib_ACL))
-		return;
-
-	u8 revision = acl->revision;
-	u16 acl_size = le16_to_cpu(acl->acl_size);
-	u16 ace_count = le16_to_cpu(acl->ace_count);
-
-	tprintf(T("    [%"TS" ACL]\n"), type);
-	tprintf(T("    Revision = %u\n"), revision);
-	tprintf(T("    ACL Size = %u\n"), acl_size);
-	tprintf(T("    ACE Count = %u\n"), ace_count);
-
-	p = (const u8*)acl + sizeof(wimlib_ACL);
-	for (u16 i = 0; i < ace_count; i++) {
-		if (max_size < p + sizeof(wimlib_ACCESS_ALLOWED_ACE) - (const u8*)acl)
-			break;
-		const wimlib_ACCESS_ALLOWED_ACE *aaa = (const wimlib_ACCESS_ALLOWED_ACE*)p;
-		tprintf(T("        [ACE]\n"));
-		tprintf(T("        ACE type  = %d\n"), aaa->hdr.type);
-		tprintf(T("        ACE flags = 0x%x\n"), aaa->hdr.flags);
-		tprintf(T("        ACE size  = %u\n"), le16_to_cpu(aaa->hdr.size));
-		tprintf(T("        ACE mask = %x\n"), le32_to_cpu(aaa->mask));
-		tprintf(T("        SID start = %u\n"), le32_to_cpu(aaa->sid_start));
-		p += le16_to_cpu(aaa->hdr.size);
-	}
-	tputchar(T('\n'));
-}
-
-static void
-print_sid(const wimlib_SID *sid, const tchar *type, size_t max_size)
-{
-	if (max_size < sizeof(wimlib_SID))
-		return;
-
-	tprintf(T("    [%"TS" SID]\n"), type);
-	tprintf(T("    Revision = %u\n"), sid->revision);
-	tprintf(T("    Subauthority count = %u\n"), sid->sub_authority_count);
-	tprintf(T("    Identifier authority = "));
-	print_byte_field(sid->identifier_authority,
-			 sizeof(sid->identifier_authority), stdout);
-	tputchar(T('\n'));
-	if (max_size < sizeof(wimlib_SID) + (size_t)sid->sub_authority_count * sizeof(u32))
-		return;
-	for (u8 i = 0; i < sid->sub_authority_count; i++) {
-		tprintf(T("    Subauthority %u = %u\n"),
-			i, le32_to_cpu(sid->sub_authority[i]));
-	}
-	tputchar(T('\n'));
-}
-
-static void
-print_security_descriptor(const wimlib_SECURITY_DESCRIPTOR_RELATIVE *descr,
-			  size_t size)
-{
-	u8 revision      = descr->revision;
-	u16 control      = le16_to_cpu(descr->control);
-	u32 owner_offset = le32_to_cpu(descr->owner_offset);
-	u32 group_offset = le32_to_cpu(descr->group_offset);
-	u32 dacl_offset  = le32_to_cpu(descr->dacl_offset);
-	u32 sacl_offset  = le32_to_cpu(descr->sacl_offset);
-
-	tprintf(T("Revision = %u\n"), revision);
-	tprintf(T("Security Descriptor Control = %#x\n"), control);
-	tprintf(T("Owner offset = %u\n"), owner_offset);
-	tprintf(T("Group offset = %u\n"), group_offset);
-	tprintf(T("Discretionary ACL offset = %u\n"), dacl_offset);
-	tprintf(T("System ACL offset = %u\n"), sacl_offset);
-
-	if (owner_offset != 0 && owner_offset <= size)
-		print_sid((const wimlib_SID*)((const u8*)descr + owner_offset),
-			  T("Owner"), size - owner_offset);
-
-	if (group_offset != 0 && group_offset <= size)
-		print_sid((const wimlib_SID*)((const u8*)descr + group_offset),
-			  T("Group"), size - group_offset);
-
-	if (dacl_offset != 0 && dacl_offset <= size)
-		print_acl((const wimlib_ACL*)((const u8*)descr + dacl_offset),
-			  T("Discretionary"), size - dacl_offset);
-
-	if (sacl_offset != 0 && sacl_offset <= size)
-		print_acl((const wimlib_ACL*)((const u8*)descr + sacl_offset),
-			  T("System"), size - sacl_offset);
-}
-
-/*
- * Prints the security data for a WIM file.
- */
-void
-print_wim_security_data(const struct wim_security_data *sd)
-{
-	tputs(T("[SECURITY DATA]"));
-	tprintf(T("Length            = %"PRIu32" bytes\n"), sd->total_length);
-	tprintf(T("Number of Entries = %"PRIu32"\n"), sd->num_entries);
-
-	for (u32 i = 0; i < sd->num_entries; i++) {
-		tprintf(T("[SECURITY_DESCRIPTOR_RELATIVE %"PRIu32", length = %"PRIu64"]\n"),
-			i, sd->sizes[i]);
-		print_security_descriptor((const wimlib_SECURITY_DESCRIPTOR_RELATIVE*)sd->descriptors[i],
-					  sd->sizes[i]);
-		tputchar(T('\n'));
-	}
-	tputchar(T('\n'));
-}
-
 void
 free_wim_security_data(struct wim_security_data *sd)
 {
@@ -341,79 +232,72 @@ free_wim_security_data(struct wim_security_data *sd)
 }
 
 struct sd_node {
-	int security_id;
+	int32_t security_id;
 	u8 hash[SHA1_HASH_SIZE];
-	struct rb_node rb_node;
+	struct avl_tree_node index_node;
 };
 
+#define SD_NODE(avl_node) \
+	avl_tree_entry(avl_node, struct sd_node, index_node)
+
 static void
-free_sd_tree(struct rb_node *node)
+free_sd_tree(struct avl_tree_node *node)
 {
 	if (node) {
-		free_sd_tree(node->rb_left);
-		free_sd_tree(node->rb_right);
-		FREE(container_of(node, struct sd_node, rb_node));
+		free_sd_tree(node->left);
+		free_sd_tree(node->right);
+		FREE(SD_NODE(node));
 	}
 }
 
+void
+rollback_new_security_descriptors(struct wim_sd_set *sd_set)
+{
+	struct wim_security_data *sd = sd_set->sd;
+	u8 **descriptors = sd->descriptors + sd_set->orig_num_entries;
+	u32 num_entries  = sd->num_entries - sd_set->orig_num_entries;
+	while (num_entries--)
+		FREE(*descriptors++);
+	sd->num_entries = sd_set->orig_num_entries;
+}
+
 /* Frees a security descriptor index set. */
 void
-destroy_sd_set(struct wim_sd_set *sd_set, bool rollback)
+destroy_sd_set(struct wim_sd_set *sd_set)
 {
-	if (rollback) {
-		struct wim_security_data *sd = sd_set->sd;
-		u8 **descriptors = sd->descriptors + sd_set->orig_num_entries;
-		u32 num_entries  = sd->num_entries - sd_set->orig_num_entries;
-		while (num_entries--)
-			FREE(*descriptors++);
-		sd->num_entries = sd_set->orig_num_entries;
-	}
-	free_sd_tree(sd_set->rb_root.rb_node);
+	free_sd_tree(sd_set->root);
+}
+
+static int
+_avl_cmp_nodes_by_hash(const struct avl_tree_node *n1,
+		       const struct avl_tree_node *n2)
+{
+	return hashes_cmp(SD_NODE(n1)->hash, SD_NODE(n2)->hash);
 }
 
-/* Inserts a a new node into the security descriptor index tree. */
+/* Inserts a new node into the security descriptor index tree.  Returns true
+ * if successful (not a duplicate).  */
 static bool
 insert_sd_node(struct wim_sd_set *set, struct sd_node *new)
 {
-	struct rb_root *root = &set->rb_root;
-	struct rb_node **p = &(root->rb_node);
-	struct rb_node *rb_parent = NULL;
-
-	while (*p) {
-		struct sd_node *this = container_of(*p, struct sd_node, rb_node);
-		int cmp = hashes_cmp(new->hash, this->hash);
-
-		rb_parent = *p;
-		if (cmp < 0)
-			p = &((*p)->rb_left);
-		else if (cmp > 0)
-			p = &((*p)->rb_right);
-		else
-			return false; /* Duplicate security descriptor */
-	}
-	rb_link_node(&new->rb_node, rb_parent, p);
-	rb_insert_color(&new->rb_node, root);
-	return true;
+	return NULL == avl_tree_insert(&set->root, &new->index_node,
+				       _avl_cmp_nodes_by_hash);
 }
 
 /* Returns the index of the security descriptor having a SHA1 message digest of
  * @hash.  If not found, return -1. */
-static int
+static int32_t
 lookup_sd(struct wim_sd_set *set, const u8 hash[SHA1_HASH_SIZE])
 {
-	struct rb_node *node = set->rb_root.rb_node;
-
-	while (node) {
-		struct sd_node *sd_node = container_of(node, struct sd_node, rb_node);
-		int cmp = hashes_cmp(hash, sd_node->hash);
-		if (cmp < 0)
-			node = node->rb_left;
-		else if (cmp > 0)
-			node = node->rb_right;
-		else
-			return sd_node->security_id;
-	}
-	return -1;
+	struct avl_tree_node *res;
+	struct sd_node dummy;
+
+	copy_hash(dummy.hash, hash);
+	res = avl_tree_lookup_node(set->root, &dummy.index_node,
+				   _avl_cmp_nodes_by_hash);
+	if (!res)
+		return -1;
+	return SD_NODE(res)->security_id;
 }
 
 /*
@@ -423,11 +307,11 @@ lookup_sd(struct wim_sd_set *set, const u8 hash[SHA1_HASH_SIZE])
  * the security ID for it.  If a new security descriptor cannot be allocated,
  * return -1.
  */
-int
+int32_t
 sd_set_add_sd(struct wim_sd_set *sd_set, const char *descriptor, size_t size)
 {
 	u8 hash[SHA1_HASH_SIZE];
-	int security_id;
+	int32_t security_id;
 	struct sd_node *new;
 	u8 **descriptors;
 	u64 *sizes;
@@ -494,7 +378,7 @@ init_sd_set(struct wim_sd_set *sd_set, struct wim_security_data *sd)
 	int ret;
 
 	sd_set->sd = sd;
-	sd_set->rb_root.rb_node = NULL;
+	sd_set->root = NULL;
 
 	/* Remember the original number of security descriptors so that newly
 	 * added ones can be rolled back if needed. */
@@ -515,7 +399,7 @@ init_sd_set(struct wim_sd_set *sd_set, struct wim_security_data *sd)
 	ret = 0;
 	goto out;
 out_destroy_sd_set:
-	destroy_sd_set(sd_set, false);
+	destroy_sd_set(sd_set);
 out:
 	return ret;
 }