s4-auth Move conversion of security_token to unix_token to auth

This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

1 files changed, 91 insertions, 0 deletions

diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
new file mode 100644
index 0000000000..3cd67ed79a
--- /dev/null
+++ b/source4/auth/unix_token.c
@@ -0,0 +1,91 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Deal with unix elements in the security token
+
+   Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Andrew Bartlett 2011
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "libcli/wbclient/wbclient.h"
+
+/*
+  form a security_unix_token from the current security_token
+*/
+NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
+				      struct wbc_context *wbc_ctx,
+				      struct security_token *token,
+				      struct security_unix_token **sec)
+{
+	int i;
+	NTSTATUS status;
+	struct id_map *ids;
+	struct composite_context *ctx;
+	*sec = talloc(mem_ctx, struct security_unix_token);
+
+	/* we can't do unix security without a user and group */
+	if (token->num_sids < 2) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	ids = talloc_array(mem_ctx, struct id_map, token->num_sids);
+	NT_STATUS_HAVE_NO_MEMORY(ids);
+
+	(*sec)->ngroups = token->num_sids - 2;
+	(*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
+	NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
+
+	for (i=0;i<token->num_sids;i++) {
+		ZERO_STRUCT(ids[i].xid);
+		ids[i].sid = &token->sids[i];
+		ids[i].status = ID_UNKNOWN;
+	}
+
+	ctx = wbc_sids_to_xids_send(wbc_ctx, ids, token->num_sids, ids);
+	NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+	status = wbc_sids_to_xids_recv(ctx, &ids);
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	if (ids[0].xid.type == ID_TYPE_BOTH ||
+	    ids[0].xid.type == ID_TYPE_UID) {
+		(*sec)->uid = ids[0].xid.id;
+	} else {
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (ids[1].xid.type == ID_TYPE_BOTH ||
+	    ids[1].xid.type == ID_TYPE_GID) {
+		(*sec)->gid = ids[1].xid.id;
+	} else {
+		return NT_STATUS_INVALID_SID;
+	}
+
+	for (i=0;i<(*sec)->ngroups;i++) {
+		if (ids[i+2].xid.type == ID_TYPE_BOTH ||
+		    ids[i+2].xid.type == ID_TYPE_GID) {
+			(*sec)->groups[i] = ids[i+2].xid.id;
+		} else {
+			return NT_STATUS_INVALID_SID;
+		}
+	}
+
+	TALLOC_FREE(ids);
+
+	return NT_STATUS_OK;
+}