From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 23 Aug 2023 00:44:26 +0000 (+1200)
Subject: libcli/security: helper to find resource attribute ACEs
X-Git-Tag: tevent-0.16.0~491
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41e1b6957ae3aee07fa3abc18237d353bafb92e5;p=thirdparty%2Fsamba.git

libcli/security: helper to find resource attribute ACEs

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/secace.c b/libcli/security/secace.c
index 8d7b22d1f68..e6ac6572ba2 100644
--- a/libcli/security/secace.c
+++ b/libcli/security/secace.c
@@ -64,6 +64,15 @@ bool sec_ace_callback(uint8_t type)
 	return false;
 }
 
+/**
+ * Check if an ACE type is resource attribute, which means it will
+ * have a blob of data at the end defining an attribute on the object.
+ * Resource attribute ACEs should only occur in SACLs.
+ */
+bool sec_ace_resource(uint8_t type)
+{
+	return type == SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE;
+}
 
 /*******************************************************************
  Sets up a struct security_ace structure.
diff --git a/libcli/security/secace.h b/libcli/security/secace.h
index 6b2e8995ea0..97be5348735 100644
--- a/libcli/security/secace.h
+++ b/libcli/security/secace.h
@@ -26,6 +26,7 @@
 bool sec_ace_object(uint8_t type);
 size_t ndr_subcontext_size_of_ace_coda(const struct security_ace *ace, size_t ace_size, int flags);
 bool sec_ace_callback(uint8_t type);
+bool sec_ace_resource(uint8_t type);
 
 void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type,
 		  uint32_t mask, uint8_t flag);