libcli/security Move most of security_token.c to common code.

The source4-specific session_info functions have been left in session.c

Andrew Bartlett

4 files changed, 66 insertions, 182 deletions

diff --git a/source4/libcli/security/security.h b/source4/libcli/security/security.h
index dc5e3ca736..12c95f1d83 100644
--- a/source4/libcli/security/security.h
+++ b/source4/libcli/security/security.h
@@ -49,6 +49,7 @@ struct object_tree {
 #include "libcli/security/secacl.h"
 #include "libcli/security/proto.h"
 #include "libcli/security/security_descriptor.h"
+#include "libcli/security/security_token.h"
 #include "libcli/security/sddl.h"
 #include "libcli/security/privileges.h"
 
diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c
deleted file mode 100644
index 9d37475c7a..0000000000
--- a/source4/libcli/security/security_token.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-
-   security descriptor utility functions
-
-   Copyright (C) Andrew Tridgell 		2004
-   Copyright (C) Stefan Metzmacher 		2005
-      
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "libcli/security/security.h"
-#include "auth/session.h"
-
-/*
-  return a blank security token
-*/
-struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
-{
-	struct security_token *st;
-
-	st = talloc_zero(mem_ctx, struct security_token);
-	if (!st) {
-		return NULL;
-	}
-
-	return st;
-}
-
-/****************************************************************************
- prints a struct security_token to debug output.
-****************************************************************************/
-void security_token_debug(int dbg_lev, const struct security_token *token)
-{
-	TALLOC_CTX *mem_ctx;
-	uint32_t i;
-
-	if (!token) {
-		DEBUG(dbg_lev, ("Security token: (NULL)\n"));
-		return;
-	}
-
-	mem_ctx = talloc_init("security_token_debug()");
-	if (!mem_ctx) {
-		return;
-	}
-
-	DEBUG(dbg_lev, ("Security token SIDs (%lu):\n", 
-				       (unsigned long)token->num_sids));
-	for (i = 0; i < token->num_sids; i++) {
-		DEBUGADD(dbg_lev, ("  SID[%3lu]: %s\n", (unsigned long)i, 
-			   dom_sid_string(mem_ctx, &token->sids[i])));
-	}
-
-	security_token_debug_privileges(dbg_lev, token);
-
-	talloc_free(mem_ctx);
-}
-
-/* These really should be cheaper... */
-
-bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
-{
-	if (token->sids && dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX], sid)) {
-		return true;
-	}
-	return false;
-}
-
-bool security_token_is_sid_string(const struct security_token *token, const char *sid_string)
-{
-	bool ret;
-	struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
-	if (!sid) return false;
-
-	ret = security_token_is_sid(token, sid);
-
-	talloc_free(sid);
-	return ret;
-}
-
-bool security_token_is_system(const struct security_token *token) 
-{
-	return security_token_is_sid_string(token, SID_NT_SYSTEM);
-}
-
-bool security_token_is_anonymous(const struct security_token *token) 
-{
-	return security_token_is_sid_string(token, SID_NT_ANONYMOUS);
-}
-
-bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
-{
-	uint32_t i;
-	for (i = 0; i < token->num_sids; i++) {
-		if (dom_sid_equal(&token->sids[i], sid)) {
-			return true;
-		}
-	}
-	return false;
-}
-
-bool security_token_has_sid_string(const struct security_token *token, const char *sid_string)
-{
-	bool ret;
-	struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
-	if (!sid) return false;
-
-	ret = security_token_has_sid(token, sid);
-
-	talloc_free(sid);
-	return ret;
-}
-
-bool security_token_has_builtin_administrators(const struct security_token *token)
-{
-	return security_token_has_sid_string(token, SID_BUILTIN_ADMINISTRATORS);
-}
-
-bool security_token_has_nt_authenticated_users(const struct security_token *token)
-{
-	return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS);
-}
-
-bool security_token_has_enterprise_dcs(const struct security_token *token)
-{
-	return security_token_has_sid_string(token, SID_NT_ENTERPRISE_DCS);
-}
-
-enum security_user_level security_session_user_level(struct auth_session_info *session_info,
-						     const struct dom_sid *domain_sid)
-{
-	if (!session_info) {
-		return SECURITY_ANONYMOUS;
-	}
-	
-	if (security_token_is_system(session_info->security_token)) {
-		return SECURITY_SYSTEM;
-	}
-
-	if (security_token_is_anonymous(session_info->security_token)) {
-		return SECURITY_ANONYMOUS;
-	}
-
-	if (security_token_has_builtin_administrators(session_info->security_token)) {
-		return SECURITY_ADMINISTRATOR;
-	}
-
-	if (domain_sid) {
-		struct dom_sid *rodc_dcs;
-		rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS);
-		if (security_token_has_sid(session_info->security_token, rodc_dcs)) {
-			talloc_free(rodc_dcs);
-			return SECURITY_RO_DOMAIN_CONTROLLER;
-		}
-		talloc_free(rodc_dcs);
-	}
-
-	if (security_token_has_enterprise_dcs(session_info->security_token)) {
-		return SECURITY_DOMAIN_CONTROLLER;
-	}
-
-	if (security_token_has_nt_authenticated_users(session_info->security_token)) {
-		return SECURITY_USER;
-	}
-
-	return SECURITY_ANONYMOUS;
-}
-
diff --git a/source4/libcli/security/session.c b/source4/libcli/security/session.c
new file mode 100644
index 0000000000..cd09b6d403
--- /dev/null
+++ b/source4/libcli/security/session.c
@@ -0,0 +1,64 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   session_info utility functions
+
+   Copyright (C) Andrew Bartlett 2008-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/session.h"
+#include "libcli/security/security.h"
+
+enum security_user_level security_session_user_level(struct auth_session_info *session_info,
+						     const struct dom_sid *domain_sid)
+{
+	if (!session_info) {
+		return SECURITY_ANONYMOUS;
+	}
+
+	if (security_token_is_system(session_info->security_token)) {
+		return SECURITY_SYSTEM;
+	}
+
+	if (security_token_is_anonymous(session_info->security_token)) {
+		return SECURITY_ANONYMOUS;
+	}
+
+	if (security_token_has_builtin_administrators(session_info->security_token)) {
+		return SECURITY_ADMINISTRATOR;
+	}
+
+	if (domain_sid) {
+		struct dom_sid *rodc_dcs;
+		rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS);
+		if (security_token_has_sid(session_info->security_token, rodc_dcs)) {
+			talloc_free(rodc_dcs);
+			return SECURITY_RO_DOMAIN_CONTROLLER;
+		}
+		talloc_free(rodc_dcs);
+	}
+
+	if (security_token_has_enterprise_dcs(session_info->security_token)) {
+		return SECURITY_DOMAIN_CONTROLLER;
+	}
+
+	if (security_token_has_nt_authenticated_users(session_info->security_token)) {
+		return SECURITY_USER;
+	}
+
+	return SECURITY_ANONYMOUS;
+}
diff --git a/source4/libcli/security/wscript_build b/source4/libcli/security/wscript_build
index 5d53022137..4187bcbebe 100644
--- a/source4/libcli/security/wscript_build
+++ b/source4/libcli/security/wscript_build
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 bld.SAMBA_SUBSYSTEM('LIBSECURITY',
-	source='security_token.c access_check.c create_descriptor.c object_tree.c',
+	source='access_check.c create_descriptor.c object_tree.c session.c',
 	autoproto='proto.h',
 	public_deps='LIBNDR LIBSECURITY_COMMON'
 	)