First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.

This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
author: Jeremy Allison <jra@samba.org> 2002-10-23 01:22:32 +0000
committer: Jeremy Allison <jra@samba.org> 2002-10-23 01:22:32 +0000
commit: f735551b9edef66b152261cf6eb2f29b7b69d65b (patch)
tree: 056d6b95538571bb4932c658f2b08a4e491d0d2b /source3/lib/util_sid.c
parent: 83219da3028a0341a9c7b2db38738ca30288686b (diff)
download: samba-f735551b9edef66b152261cf6eb2f29b7b69d65b.tar.gz
samba-f735551b9edef66b152261cf6eb2f29b7b69d65b.tar.bz2
samba-f735551b9edef66b152261cf6eb2f29b7b69d65b.zip
1 files changed, 108 insertions, 92 deletions
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index f01479f1cc..f0daf9787e 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -40,9 +40,9 @@ DOM_SID global_sid_NULL;            		/* NULL sid */
 DOM_SID global_sid_Authenticated_Users;		/* All authenticated rids */
 DOM_SID global_sid_Network;			/* Network rids */
 
-static DOM_SID global_sid_Creator_Owner;	/* Creator Owner */
-static DOM_SID global_sid_Creator_Group;	/* Creator Group */
-static DOM_SID global_sid_Anonymous;		/* Anonymous login */
+DOM_SID global_sid_Creator_Owner;	/* Creator Owner */
+DOM_SID global_sid_Creator_Group;	/* Creator Group */
+DOM_SID global_sid_Anonymous;		/* Anonymous login */
 
 DOM_SID global_sid_Builtin; 			/* Local well-known domain */
 DOM_SID global_sid_Builtin_Administrators;	/* Builtin administrators */
@@ -166,6 +166,10 @@ void generate_wellknown_sids(void)
 	initialised = True;
 }
 
+/**************************************************************************
+ Create the SYSTEM token.
+***************************************************************************/
+
 NT_USER_TOKEN *get_system_token(void) 
 {
 	generate_wellknown_sids(); /* The token is initialised here */
@@ -239,7 +243,10 @@ char *sid_to_string(fstring sidstr_out, const DOM_SID *sid)
 		return sidstr_out;
 	}
 
-	/* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
+	/*
+	 * BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 
+	 * in a range of 2^48.
+	 */
 	ia = (sid->id_auth[5]) +
 		(sid->id_auth[4] << 8 ) +
 		(sid->id_auth[3] << 16) +
@@ -272,63 +279,63 @@ const char *sid_string_static(const DOM_SID *sid)
    
 BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
 {
-  pstring tok;
-  char *p, *q;
-  /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
-  uint32 ia;
+	pstring tok;
+	char *p, *q;
+	/* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
+	uint32 ia;
   
-  if (StrnCaseCmp( sidstr, "S-", 2)) {
-    DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr));
-    return False;
-  }
-
-  memset((char *)sidout, '\0', sizeof(DOM_SID));
-
-  q = p = strdup(sidstr + 2);
-  if (p == NULL) {
-    DEBUG(0, ("string_to_sid: out of memory!\n"));
-    return False;
-  }
-
-  if (!next_token(&p, tok, "-", sizeof(tok))) {
-    DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
-    SAFE_FREE(q);
-    return False;
-  }
-
-  /* Get the revision number. */
-  sidout->sid_rev_num = (uint8)strtoul(tok, NULL, 10);
-
-  if (!next_token(&p, tok, "-", sizeof(tok))) {
-    DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
-    SAFE_FREE(q);
-    return False;
-  }
-
-  /* identauth in decimal should be <  2^32 */
-  ia = (uint32)strtoul(tok, NULL, 10);
-
-  /* NOTE - the ia value is in big-endian format. */
-  sidout->id_auth[0] = 0;
-  sidout->id_auth[1] = 0;
-  sidout->id_auth[2] = (ia & 0xff000000) >> 24;
-  sidout->id_auth[3] = (ia & 0x00ff0000) >> 16;
-  sidout->id_auth[4] = (ia & 0x0000ff00) >> 8;
-  sidout->id_auth[5] = (ia & 0x000000ff);
-
-  sidout->num_auths = 0;
-
-  while(next_token(&p, tok, "-", sizeof(tok)) && 
-	sidout->num_auths < MAXSUBAUTHS) {
-    /* 
-     * NOTE - the subauths are in native machine-endian format. They
-     * are converted to little-endian when linearized onto the wire.
-     */
-	sid_append_rid(sidout, (uint32)strtoul(tok, NULL, 10));
-  }
-
-  SAFE_FREE(q);
-  return True;
+	if (StrnCaseCmp( sidstr, "S-", 2)) {
+		DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr));
+		return False;
+	}
+
+	memset((char *)sidout, '\0', sizeof(DOM_SID));
+
+	q = p = strdup(sidstr + 2);
+	if (p == NULL) {
+		DEBUG(0, ("string_to_sid: out of memory!\n"));
+		return False;
+	}
+
+	if (!next_token(&p, tok, "-", sizeof(tok))) {
+		DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+		SAFE_FREE(q);
+		return False;
+	}
+
+	/* Get the revision number. */
+	sidout->sid_rev_num = (uint8)strtoul(tok, NULL, 10);
+
+	if (!next_token(&p, tok, "-", sizeof(tok))) {
+		DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+		SAFE_FREE(q);
+		return False;
+	}
+
+	/* identauth in decimal should be <  2^32 */
+	ia = (uint32)strtoul(tok, NULL, 10);
+
+	/* NOTE - the ia value is in big-endian format. */
+	sidout->id_auth[0] = 0;
+	sidout->id_auth[1] = 0;
+	sidout->id_auth[2] = (ia & 0xff000000) >> 24;
+	sidout->id_auth[3] = (ia & 0x00ff0000) >> 16;
+	sidout->id_auth[4] = (ia & 0x0000ff00) >> 8;
+	sidout->id_auth[5] = (ia & 0x000000ff);
+
+	sidout->num_auths = 0;
+
+	while(next_token(&p, tok, "-", sizeof(tok)) && 
+		sidout->num_auths < MAXSUBAUTHS) {
+		/* 
+		 * NOTE - the subauths are in native machine-endian format. They
+		 * are converted to little-endian when linearized onto the wire.
+		 */
+		sid_append_rid(sidout, (uint32)strtoul(tok, NULL, 10));
+	}
+
+	SAFE_FREE(q);
+	return True;
 }
 
 /*****************************************************************
@@ -412,10 +419,10 @@ void sid_copy(DOM_SID *dst, const DOM_SID *src)
 		dst->sub_auths[i] = src->sub_auths[i];
 }
 
-
 /*****************************************************************
  Write a sid out into on-the-wire format.
 *****************************************************************/  
+
 BOOL sid_linearize(char *outbuf, size_t len, const DOM_SID *sid)
 {
 	size_t i;
@@ -433,36 +440,41 @@ BOOL sid_linearize(char *outbuf, size_t len, const DOM_SID *sid)
 }
 
 /*****************************************************************
- parse a on-the-wire SID to a DOM_SID
+ Parse a on-the-wire SID to a DOM_SID.
 *****************************************************************/  
+
 BOOL sid_parse(const char *inbuf, size_t len, DOM_SID *sid)
 {
 	int i;
-	if (len < 8) return False;
+	if (len < 8)
+		return False;
 
 	ZERO_STRUCTP(sid);
 
 	sid->sid_rev_num = CVAL(inbuf, 0);
 	sid->num_auths = CVAL(inbuf, 1);
 	memcpy(sid->id_auth, inbuf+2, 6);
-	if (len < 8 + sid->num_auths*4) return False;
-	for (i=0;i<sid->num_auths;i++) {
+	if (len < 8 + sid->num_auths*4)
+		return False;
+	for (i=0;i<sid->num_auths;i++)
 		sid->sub_auths[i] = IVAL(inbuf, 8+i*4);
-	}
 	return True;
 }
 
-
 /*****************************************************************
  Compare the auth portion of two sids.
 *****************************************************************/  
+
 static int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2)
 {
 	int i;
 
-	if (sid1 == sid2) return 0;
-	if (!sid1) return -1;
-	if (!sid2) return 1;
+	if (sid1 == sid2)
+		return 0;
+	if (!sid1)
+		return -1;
+	if (!sid2)
+		return 1;
 
 	if (sid1->sid_rev_num != sid2->sid_rev_num)
 		return sid1->sid_rev_num - sid2->sid_rev_num;
@@ -477,15 +489,19 @@ static int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2)
 /*****************************************************************
  Compare two sids.
 *****************************************************************/  
+
 int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2)
 {
 	int i;
 
-	if (sid1 == sid2) return 0;
-	if (!sid1) return -1;
-	if (!sid2) return 1;
+	if (sid1 == sid2)
+		return 0;
+	if (!sid1)
+		return -1;
+	if (!sid2)
+		return 1;
 
-	/* compare most likely different rids, first: i.e start at end */
+	/* Compare most likely different rids, first: i.e start at end */
 	if (sid1->num_auths != sid2->num_auths)
 		return sid1->num_auths - sid2->num_auths;
 
@@ -497,9 +513,10 @@ int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2)
 }
 
 /*****************************************************************
-see if 2 SIDs are in the same domain
-this just compares the leading sub-auths
+ See if 2 SIDs are in the same domain
+ this just compares the leading sub-auths
 *****************************************************************/  
+
 int sid_compare_domain(const DOM_SID *sid1, const DOM_SID *sid2)
 {
 	int n, i;
@@ -516,25 +533,25 @@ int sid_compare_domain(const DOM_SID *sid1, const DOM_SID *sid2)
 /*****************************************************************
  Compare two sids.
 *****************************************************************/  
+
 BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
 {
 	return sid_compare(sid1, sid2) == 0;
 }
 
-
-
 /*****************************************************************
  Check if the SID is the builtin SID (S-1-5-32).
 *****************************************************************/  
+
 BOOL sid_check_is_builtin(const DOM_SID *sid)
 {
 	return sid_equal(sid, &global_sid_Builtin);
 }
 
-
 /*****************************************************************
- Check if the SID is our domain SID (S-1-5-21-x-y-z).
+ Check if the SID is one of the builtin SIDs (S-1-5-32-a).
 *****************************************************************/  
+
 BOOL sid_check_is_in_builtin(const DOM_SID *sid)
 {
 	DOM_SID dom_sid;
@@ -546,7 +563,6 @@ BOOL sid_check_is_in_builtin(const DOM_SID *sid)
 	return sid_equal(&dom_sid, &global_sid_Builtin);
 }
 
-
 /*****************************************************************
  Calculates size of a sid.
 *****************************************************************/  
@@ -574,25 +590,24 @@ BOOL non_mappable_sid(DOM_SID *sid)
 	if (sid_equal(&dom, &global_sid_Builtin))
 		return True;
 
-	if (sid_equal(&dom, &global_sid_Creator_Owner_Domain))
-		return True;
- 
 	if (sid_equal(&dom, &global_sid_NT_Authority))
 		return True;
 
 	return False;
 }
 
-/*
-  return the binary string representation of a DOM_SID
-  caller must free
-*/
+/*****************************************************************
+ Return the binary string representation of a DOM_SID.
+ Caller must free.
+*****************************************************************/
+
 char *sid_binstring(const DOM_SID *sid)
 {
 	char *buf, *s;
 	int len = sid_size(sid);
 	buf = malloc(len);
-	if (!buf) return NULL;
+	if (!buf)
+		return NULL;
 	sid_linearize(buf, len, sid);
 	s = binary_string(buf, len);
 	free(buf);
@@ -600,9 +615,10 @@ char *sid_binstring(const DOM_SID *sid)
 }
 
 
-/*
-  print a GUID structure for debugging
-*/
+/*****************************************************************
+ Print a GUID structure for debugging.
+*****************************************************************/
+
 void print_guid(GUID *guid)
 {
 	int i;
author	Jeremy Allison <jra@samba.org>	2002-10-23 01:22:32 +0000
committer	Jeremy Allison <jra@samba.org>	2002-10-23 01:22:32 +0000
commit	f735551b9edef66b152261cf6eb2f29b7b69d65b (patch)
tree	056d6b95538571bb4932c658f2b08a4e491d0d2b /source3/lib/util_sid.c
parent	83219da3028a0341a9c7b2db38738ca30288686b (diff)
download	samba-f735551b9edef66b152261cf6eb2f29b7b69d65b.tar.gz samba-f735551b9edef66b152261cf6eb2f29b7b69d65b.tar.bz2 samba-f735551b9edef66b152261cf6eb2f29b7b69d65b.zip