diff options
Diffstat (limited to 'source3/lib/util_sid.c')
-rw-r--r-- | source3/lib/util_sid.c | 148 |
1 files changed, 97 insertions, 51 deletions
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 1439471f64..f01479f1cc 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -5,6 +5,7 @@ Copyright (C) Luke Kenneth Caseson Leighton 1998-1999 Copyright (C) Jeremy Allison 1999 Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Simo Sorce 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -37,16 +38,28 @@ DOM_SID global_sid_NT_Authority; /* NT Authority */ DOM_SID global_sid_System; /* System */ DOM_SID global_sid_NULL; /* NULL sid */ DOM_SID global_sid_Authenticated_Users; /* All authenticated rids */ -DOM_SID global_sid_Network; /* Network rids */ - -static DOM_SID global_sid_Creator_Owner; /* Creator Owner */ -static DOM_SID global_sid_Creator_Group; /* Creator Group */ -static DOM_SID global_sid_Anonymous; /* Anonymous login */ - -DOM_SID global_sid_Builtin; /* Local well-known domain */ -DOM_SID global_sid_Builtin_Administrators; -DOM_SID global_sid_Builtin_Users; -DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */ +DOM_SID global_sid_Network; /* Network rids */ + +static DOM_SID global_sid_Creator_Owner; /* Creator Owner */ +static DOM_SID global_sid_Creator_Group; /* Creator Group */ +static DOM_SID global_sid_Anonymous; /* Anonymous login */ + +DOM_SID global_sid_Builtin; /* Local well-known domain */ +DOM_SID global_sid_Builtin_Administrators; /* Builtin administrators */ +DOM_SID global_sid_Builtin_Users; /* Builtin users */ +DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */ +DOM_SID global_sid_Builtin_Power_Users; /* Builtin power users */ +DOM_SID global_sid_Builtin_Account_Operators; /* Builtin account operators */ +DOM_SID global_sid_Builtin_Server_Operators; /* Builtin server operators */ +DOM_SID global_sid_Builtin_Print_Operators; /* Builtin print operators */ +DOM_SID global_sid_Builtin_Backup_Operators; /* Builtin backup operators */ +DOM_SID global_sid_Builtin_Replicator; /* Builtin replicator */ + +#define SECURITY_NULL_SID_AUTHORITY 0 +#define SECURITY_WORLD_SID_AUTHORITY 1 +#define SECURITY_LOCAL_SID_AUTHORITY 2 +#define SECURITY_CREATOR_SID_AUTHORITY 3 +#define SECURITY_NT_AUTHORITY 5 /* * An NT compatible anonymous token. @@ -55,14 +68,14 @@ DOM_SID global_sid_Builtin_Guests; /* Builtin guest users */ static DOM_SID anon_sid_array[3]; NT_USER_TOKEN anonymous_token = { - 3, - anon_sid_array + 3, + anon_sid_array }; static DOM_SID system_sid_array[4]; NT_USER_TOKEN system_token = { - 1, - system_sid_array + 1, + system_sid_array }; /**************************************************************************** @@ -73,13 +86,13 @@ const static struct { enum SID_NAME_USE sid_type; char *string; } sid_name_type[] = { - {SID_NAME_USER, "user"}, - {SID_NAME_DOM_GRP, "domain group"}, - {SID_NAME_DOMAIN, "domain"}, - {SID_NAME_ALIAS, "local group"}, - {SID_NAME_WKN_GRP, "well-known group"}, - {SID_NAME_DELETED, "deleted account"}, - {SID_NAME_INVALID, "invalid account"}, + {SID_NAME_USER, "User"}, + {SID_NAME_DOM_GRP, "Domain Group"}, + {SID_NAME_DOMAIN, "Domain"}, + {SID_NAME_ALIAS, "Local Group"}, + {SID_NAME_WKN_GRP, "Well-known Group"}, + {SID_NAME_DELETED, "Deleted Account"}, + {SID_NAME_INVALID, "Invalid Account"}, {SID_NAME_UNKNOWN, "UNKNOWN"}, {SID_NAME_USE_NONE, NULL} @@ -98,10 +111,8 @@ const char *sid_type_lookup(uint32 sid_type) /* Default return */ return "SID *TYPE* is INVALID"; - } - /**************************************************************************** Creates some useful well known sids ****************************************************************************/ @@ -109,24 +120,40 @@ const char *sid_type_lookup(uint32 sid_type) void generate_wellknown_sids(void) { static BOOL initialised = False; + if (initialised) return; - string_to_sid(&global_sid_Builtin, "S-1-5-32"); - string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544"); - string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545"); - string_to_sid(&global_sid_Builtin_Guests, "S-1-5-32-546"); + /* SECURITY_NULL_SID_AUTHORITY */ + string_to_sid(&global_sid_NULL, "S-1-0-0"); + + /* SECURITY_WORLD_SID_AUTHORITY */ string_to_sid(&global_sid_World_Domain, "S-1-1"); string_to_sid(&global_sid_World, "S-1-1-0"); + + /* SECURITY_CREATOR_SID_AUTHORITY */ string_to_sid(&global_sid_Creator_Owner_Domain, "S-1-3"); string_to_sid(&global_sid_Creator_Owner, "S-1-3-0"); string_to_sid(&global_sid_Creator_Group, "S-1-3-1"); + + /* SECURITY_NT_AUTHORITY */ string_to_sid(&global_sid_NT_Authority, "S-1-5"); - string_to_sid(&global_sid_System, "S-1-5-18"); - string_to_sid(&global_sid_NULL, "S-1-0-0"); - string_to_sid(&global_sid_Authenticated_Users, "S-1-5-11"); string_to_sid(&global_sid_Network, "S-1-5-2"); string_to_sid(&global_sid_Anonymous, "S-1-5-7"); + string_to_sid(&global_sid_Authenticated_Users, "S-1-5-11"); + string_to_sid(&global_sid_System, "S-1-5-18"); + + /* SECURITY_BUILTIN_DOMAIN_RID */ + string_to_sid(&global_sid_Builtin, "S-1-5-32"); + string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544"); + string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545"); + string_to_sid(&global_sid_Builtin_Guests, "S-1-5-32-546"); + string_to_sid(&global_sid_Builtin_Power_Users, "S-1-5-32-547"); + string_to_sid(&global_sid_Builtin_Account_Operators, "S-1-5-32-548"); + string_to_sid(&global_sid_Builtin_Server_Operators, "S-1-5-32-549"); + string_to_sid(&global_sid_Builtin_Print_Operators, "S-1-5-32-550"); + string_to_sid(&global_sid_Builtin_Backup_Operators, "S-1-5-32-551"); + string_to_sid(&global_sid_Builtin_Replicator, "S-1-5-32-552"); /* Create the anon token. */ sid_copy( &anonymous_token.user_sids[0], &global_sid_World); @@ -179,40 +206,59 @@ void split_domain_name(const char *fullname, char *domain, char *name) fullname, domain, name)); } +/**************************************************************************** + Test if a SID is wellknown and resolvable. +****************************************************************************/ + +BOOL resolvable_wellknown_sid(DOM_SID *sid) +{ + uint32 ia = (sid->id_auth[5]) + + (sid->id_auth[4] << 8 ) + + (sid->id_auth[3] << 16) + + (sid->id_auth[2] << 24); + + if (sid->sid_rev_num != SEC_DESC_REVISION || sid->num_auths < 1) + return False; + + return (ia == SECURITY_WORLD_SID_AUTHORITY || + ia == SECURITY_CREATOR_SID_AUTHORITY); +} + /***************************************************************** Convert a SID to an ascii string. *****************************************************************/ char *sid_to_string(fstring sidstr_out, const DOM_SID *sid) { - char subauth[16]; - int i; - uint32 ia; + char subauth[16]; + int i; + uint32 ia; - if (!sid) { - fstrcpy(sidstr_out, "(NULL SID)"); - return sidstr_out; - } + if (!sid) { + fstrcpy(sidstr_out, "(NULL SID)"); + return sidstr_out; + } - /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ - ia = (sid->id_auth[5]) + - (sid->id_auth[4] << 8 ) + - (sid->id_auth[3] << 16) + - (sid->id_auth[2] << 24); + /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ + ia = (sid->id_auth[5]) + + (sid->id_auth[4] << 8 ) + + (sid->id_auth[3] << 16) + + (sid->id_auth[2] << 24); - slprintf(sidstr_out, sizeof(fstring) - 1, "S-%u-%lu", (unsigned int)sid->sid_rev_num, (unsigned long)ia); + slprintf(sidstr_out, sizeof(fstring) - 1, "S-%u-%lu", (unsigned int)sid->sid_rev_num, (unsigned long)ia); - for (i = 0; i < sid->num_auths; i++) { - slprintf(subauth, sizeof(subauth)-1, "-%lu", (unsigned long)sid->sub_auths[i]); - fstrcat(sidstr_out, subauth); - } + for (i = 0; i < sid->num_auths; i++) { + slprintf(subauth, sizeof(subauth)-1, "-%lu", (unsigned long)sid->sub_auths[i]); + fstrcat(sidstr_out, subauth); + } - return sidstr_out; + return sidstr_out; } -/* - useful function for debug lines -*/ +/***************************************************************** + Useful function for debug lines. +*****************************************************************/ + const char *sid_string_static(const DOM_SID *sid) { static fstring sid_str; |