diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-09-18 12:55:31 +1000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2010-10-14 02:35:05 +0000 |
| commit | a879a4610dac03b814ad40800f408416d250c6be (patch) | |
| tree | 3b1bb4216ace458281db4bc3355f0fb3ccf42e89 /source3 | |
| parent | 8b22eefd252e5d8d787ce3368d54b23d75b00310 (diff) | |
| download | samba-a879a4610dac03b814ad40800f408416d250c6be.tar.gz samba-a879a4610dac03b814ad40800f408416d250c6be.tar.bz2 samba-a879a4610dac03b814ad40800f408416d250c6be.zip | |
libcli/auth Merge source4/libcli/security and util_sid.c into the common code
This should ensure we only have one copy of these core functions
in the tree.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/Makefile.in | 5 | ||||
| -rw-r--r-- | source3/include/proto.h | 18 | ||||
| -rw-r--r-- | source3/include/smb.h | 26 | ||||
| -rw-r--r-- | source3/lib/util_sid.c | 314 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_util.c | 2 |
5 files changed, 5 insertions, 360 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index a73ce26a3a..491c1a9f6a 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -470,14 +470,15 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \ lib/module.o lib/events.o @LIBTEVENT_OBJ0@ \ lib/server_contexts.o \ lib/ldap_escape.o @CHARSET_STATIC@ \ - lib/secdesc.o ../libcli/security/access_check.o ../libcli/security/secace.o \ + lib/secdesc.o ../libcli/security/access_check.o \ + ../libcli/security/secace.o ../libcli/security/object_tree.o \ ../libcli/security/sddl.o \ ../libcli/security/secacl.o @PTHREADPOOL_OBJ@ \ lib/fncall.o \ libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \ lib/file_id.o lib/idmap_cache.o \ ../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o \ - ../libcli/security/security_token.o + ../libcli/security/security_token.o ../libcli/security/util_sid.o LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ) diff --git a/source3/include/proto.h b/source3/include/proto.h index 81e1909521..3725ea3fa8 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1258,31 +1258,13 @@ bool is_setuid_root(void) ; /* The following definitions come from lib/util_sid.c */ -const char *sid_type_lookup(uint32 sid_type) ; -const struct security_token *get_system_token(void) ; char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid); char *sid_string_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); char *sid_string_dbg(const struct dom_sid *sid); char *sid_string_tos(const struct dom_sid *sid); -bool string_to_sid(struct dom_sid *sidout, const char *sidstr); -bool sid_append_rid(struct dom_sid *sid, uint32 rid); -bool sid_compose(struct dom_sid *dst, const struct dom_sid *domain_sid, uint32 rid); -bool sid_split_rid(struct dom_sid *sid, uint32 *rid); -bool sid_peek_rid(const struct dom_sid *sid, uint32 *rid); -bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32 *rid); -void sid_copy(struct dom_sid *dst, const struct dom_sid *src); bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid); -bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid); bool non_mappable_sid(struct dom_sid *sid); char *sid_binstring_hex(const struct dom_sid *sid); -NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, - struct dom_sid **sids, uint32_t *num); -NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, - struct dom_sid **sids, uint32_t *num_sids); -void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t *num); -bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx, - uint32 rid, uint32 **pp_rids, size_t *p_num); -bool is_null_sid(const struct dom_sid *sid); NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, struct dom_sid **user_sids, diff --git a/source3/include/smb.h b/source3/include/smb.h index ae93bbbe7e..07a53de8e6 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -193,32 +193,6 @@ struct lsa_name_info { int dom_idx; }; -/* Some well-known SIDs */ -extern const struct dom_sid global_sid_World_Domain; -extern const struct dom_sid global_sid_World; -extern const struct dom_sid global_sid_Creator_Owner_Domain; -extern const struct dom_sid global_sid_NT_Authority; -extern const struct dom_sid global_sid_System; -extern const struct dom_sid global_sid_NULL; -extern const struct dom_sid global_sid_Authenticated_Users; -extern const struct dom_sid global_sid_Network; -extern const struct dom_sid global_sid_Creator_Owner; -extern const struct dom_sid global_sid_Creator_Group; -extern const struct dom_sid global_sid_Anonymous; -extern const struct dom_sid global_sid_Builtin; -extern const struct dom_sid global_sid_Builtin_Administrators; -extern const struct dom_sid global_sid_Builtin_Users; -extern const struct dom_sid global_sid_Builtin_Guests; -extern const struct dom_sid global_sid_Builtin_Power_Users; -extern const struct dom_sid global_sid_Builtin_Account_Operators; -extern const struct dom_sid global_sid_Builtin_Server_Operators; -extern const struct dom_sid global_sid_Builtin_Print_Operators; -extern const struct dom_sid global_sid_Builtin_Backup_Operators; -extern const struct dom_sid global_sid_Builtin_Replicator; -extern const struct dom_sid global_sid_Builtin_PreWin2kAccess; -extern const struct dom_sid global_sid_Unix_Users; -extern const struct dom_sid global_sid_Unix_Groups; - /* * The complete list of SIDS belonging to this user. * Created when a vuid is registered. diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 25933116c4..bb9e2e98f9 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -25,132 +25,8 @@ #include "includes.h" #include "../librpc/gen_ndr/ndr_security.h" #include "../librpc/gen_ndr/netlogon.h" -#include "../libcli/security/dom_sid.h" - -/* - * Some useful sids, more well known sids can be found at - * http://support.microsoft.com/kb/243330/EN-US/ - */ - - -const struct dom_sid global_sid_World_Domain = /* Everyone domain */ -{ 1, 0, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_World = /* Everyone */ -{ 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Creator_Owner_Domain = /* Creator Owner domain */ -{ 1, 0, {0,0,0,0,0,3}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_NT_Authority = /* NT Authority */ -{ 1, 0, {0,0,0,0,0,5}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_System = /* System */ -{ 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_NULL = /* NULL sid */ -{ 1, 1, {0,0,0,0,0,0}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Authenticated_Users = /* All authenticated rids */ -{ 1, 1, {0,0,0,0,0,5}, {11,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -#if 0 -/* for documentation */ -const struct dom_sid global_sid_Restriced = /* Restriced Code */ -{ 1, 1, {0,0,0,0,0,5}, {12,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -#endif -const struct dom_sid global_sid_Network = /* Network rids */ -{ 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; - -const struct dom_sid global_sid_Creator_Owner = /* Creator Owner */ -{ 1, 1, {0,0,0,0,0,3}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Creator_Group = /* Creator Group */ -{ 1, 1, {0,0,0,0,0,3}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Anonymous = /* Anonymous login */ -{ 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; - -const struct dom_sid global_sid_Builtin = /* Local well-known domain */ -{ 1, 1, {0,0,0,0,0,5}, {32,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_Administrators = /* Builtin administrators */ -{ 1, 2, {0,0,0,0,0,5}, {32,544,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_Users = /* Builtin users */ -{ 1, 2, {0,0,0,0,0,5}, {32,545,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_Guests = /* Builtin guest users */ -{ 1, 2, {0,0,0,0,0,5}, {32,546,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_Power_Users = /* Builtin power users */ -{ 1, 2, {0,0,0,0,0,5}, {32,547,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_Account_Operators = /* Builtin account operators */ -{ 1, 2, {0,0,0,0,0,5}, {32,548,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_Server_Operators = /* Builtin server operators */ -{ 1, 2, {0,0,0,0,0,5}, {32,549,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_Print_Operators = /* Builtin print operators */ -{ 1, 2, {0,0,0,0,0,5}, {32,550,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_Backup_Operators = /* Builtin backup operators */ -{ 1, 2, {0,0,0,0,0,5}, {32,551,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_Replicator = /* Builtin replicator */ -{ 1, 2, {0,0,0,0,0,5}, {32,552,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Builtin_PreWin2kAccess = /* Builtin pre win2k access */ -{ 1, 2, {0,0,0,0,0,5}, {32,554,0,0,0,0,0,0,0,0,0,0,0,0,0}}; - -const struct dom_sid global_sid_Unix_Users = /* Unmapped Unix users */ -{ 1, 1, {0,0,0,0,0,22}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -const struct dom_sid global_sid_Unix_Groups = /* Unmapped Unix groups */ -{ 1, 1, {0,0,0,0,0,22}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; - -/* Unused, left here for documentary purposes */ -#if 0 -#define SECURITY_NULL_SID_AUTHORITY 0 -#define SECURITY_WORLD_SID_AUTHORITY 1 -#define SECURITY_LOCAL_SID_AUTHORITY 2 -#define SECURITY_CREATOR_SID_AUTHORITY 3 -#define SECURITY_NT_AUTHORITY 5 -#endif - -static struct dom_sid system_sid_array[1] = -{ { 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} }; -static const struct security_token system_token = { - .num_sids = ARRAY_SIZE(system_sid_array), - .sids = system_sid_array, - .privilege_mask = SE_ALL_PRIVS -}; - -/**************************************************************************** - Lookup string names for SID types. -****************************************************************************/ - -static const struct { - enum lsa_SidType sid_type; - const char *string; -} sid_name_type[] = { - {SID_NAME_USER, "User"}, - {SID_NAME_DOM_GRP, "Domain Group"}, - {SID_NAME_DOMAIN, "Domain"}, - {SID_NAME_ALIAS, "Local Group"}, - {SID_NAME_WKN_GRP, "Well-known Group"}, - {SID_NAME_DELETED, "Deleted Account"}, - {SID_NAME_INVALID, "Invalid Account"}, - {SID_NAME_UNKNOWN, "UNKNOWN"}, - {SID_NAME_COMPUTER, "Computer"}, - - {(enum lsa_SidType)0, NULL} -}; - -const char *sid_type_lookup(uint32 sid_type) -{ - int i = 0; - - /* Look through list */ - while(sid_name_type[i].sid_type != 0) { - if (sid_name_type[i].sid_type == sid_type) - return sid_name_type[i].string; - i++; - } +#include "../libcli/security/security.h" - /* Default return */ - return "SID *TYPE* is INVALID"; -} - -/************************************************************************** - Create the SYSTEM token. -***************************************************************************/ - -const struct security_token *get_system_token(void) -{ - return &system_token; -} /***************************************************************** Convert a SID to an ascii string. @@ -194,83 +70,6 @@ char *sid_string_tos(const struct dom_sid *sid) return sid_string_talloc(talloc_tos(), sid); } -bool sid_compose(struct dom_sid *dst, const struct dom_sid *domain_sid, uint32 rid) -{ - sid_copy(dst, domain_sid); - return sid_append_rid(dst, rid); -} - -/***************************************************************** - Removes the last rid from the end of a sid -*****************************************************************/ - -bool sid_split_rid(struct dom_sid *sid, uint32 *rid) -{ - if (sid->num_auths > 0) { - sid->num_auths--; - *rid = sid->sub_auths[sid->num_auths]; - return True; - } - return False; -} - -/***************************************************************** - Return the last rid from the end of a sid -*****************************************************************/ - -bool sid_peek_rid(const struct dom_sid *sid, uint32 *rid) -{ - if (!sid || !rid) - return False; - - if (sid->num_auths > 0) { - *rid = sid->sub_auths[sid->num_auths - 1]; - return True; - } - return False; -} - -/***************************************************************** - Return the last rid from the end of a sid - and check the sid against the exp_dom_sid -*****************************************************************/ - -bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32 *rid) -{ - if (!exp_dom_sid || !sid || !rid) - return False; - - if (sid->num_auths != (exp_dom_sid->num_auths+1)) { - return False; - } - - if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){ - *rid=(-1); - return False; - } - - return sid_peek_rid(sid, rid); -} - -/***************************************************************** - Copies a sid -*****************************************************************/ - -void sid_copy(struct dom_sid *dst, const struct dom_sid *src) -{ - int i; - - ZERO_STRUCTP(dst); - - dst->sid_rev_num = src->sid_rev_num; - dst->num_auths = src->num_auths; - - memcpy(&dst->id_auth[0], &src->id_auth[0], sizeof(src->id_auth)); - - for (i = 0; i < src->num_auths; i++) - dst->sub_auths[i] = src->sub_auths[i]; -} - /***************************************************************** Write a sid out into on-the-wire format. *****************************************************************/ @@ -292,22 +91,6 @@ bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid) } /***************************************************************** - Parse a on-the-wire SID to a struct dom_sid. -*****************************************************************/ - -bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid) -{ - enum ndr_err_code ndr_err; - DATA_BLOB in = data_blob_const(inbuf, len); - ndr_err = ndr_pull_struct_blob_all(&in, NULL, sid, - (ndr_pull_flags_fn_t)ndr_pull_dom_sid); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return false; - } - return true; -} - -/***************************************************************** Returns true if SID is internal (and non-mappable). *****************************************************************/ @@ -346,101 +129,6 @@ char *sid_binstring_hex(const struct dom_sid *sid) return s; } -/******************************************************************** - Add SID to an array SIDs -********************************************************************/ - -NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, - struct dom_sid **sids, uint32_t *num) -{ - *sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, struct dom_sid, - (*num)+1); - if (*sids == NULL) { - *num = 0; - return NT_STATUS_NO_MEMORY; - } - - sid_copy(&((*sids)[*num]), sid); - *num += 1; - - return NT_STATUS_OK; -} - - -/******************************************************************** - Add SID to an array SIDs ensuring that it is not already there -********************************************************************/ - -NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, - struct dom_sid **sids, uint32_t *num_sids) -{ - size_t i; - - for (i=0; i<(*num_sids); i++) { - if (dom_sid_compare(sid, &(*sids)[i]) == 0) - return NT_STATUS_OK; - } - - return add_sid_to_array(mem_ctx, sid, sids, num_sids); -} - -/******************************************************************** - Remove SID from an array -********************************************************************/ - -void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t *num) -{ - struct dom_sid *sid_list = *sids; - size_t i; - - for ( i=0; i<*num; i++ ) { - - /* if we find the SID, then decrement the count - and break out of the loop */ - - if ( dom_sid_equal(sid, &sid_list[i]) ) { - *num -= 1; - break; - } - } - - /* This loop will copy the remainder of the array - if i < num of sids ni the array */ - - for ( ; i<*num; i++ ) - sid_copy( &sid_list[i], &sid_list[i+1] ); - - return; -} - -bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx, - uint32 rid, uint32 **pp_rids, size_t *p_num) -{ - size_t i; - - for (i=0; i<*p_num; i++) { - if ((*pp_rids)[i] == rid) - return True; - } - - *pp_rids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_rids, uint32, *p_num+1); - - if (*pp_rids == NULL) { - *p_num = 0; - return False; - } - - (*pp_rids)[*p_num] = rid; - *p_num += 1; - return True; -} - -bool is_null_sid(const struct dom_sid *sid) -{ - static const struct dom_sid null_sid = {0}; - return dom_sid_equal(sid, &null_sid); -} - NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, struct dom_sid **user_sids, diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index aec4cc60a2..afdce47d2d 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -31,7 +31,7 @@ extern struct winbindd_methods cache_methods; /** - * @file winbindd_util.c + * @file winbindd_util.cq * * Winbind daemon for NT domain authentication nss module. **/ |