From bcee6c1fe209b458e546b5788a9148eecc8715f1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 22 Mar 2011 23:20:49 +0100 Subject: s3-passdb: move util_wellknown.c out of passdb. Guenther --- source3/Makefile.in | 2 +- source3/include/proto.h | 9 +++ source3/lib/util_wellknown.c | 173 +++++++++++++++++++++++++++++++++++++++ source3/passdb/proto.h | 9 --- source3/passdb/util_wellknown.c | 174 ---------------------------------------- source3/wscript_build | 2 +- 6 files changed, 184 insertions(+), 185 deletions(-) create mode 100644 source3/lib/util_wellknown.c delete mode 100644 source3/passdb/util_wellknown.c diff --git a/source3/Makefile.in b/source3/Makefile.in index 36951a7ca5..ace5bbbba6 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -759,7 +759,7 @@ PRIVILEGES_OBJ = lib/privileges.o PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ - passdb/util_wellknown.o passdb/util_builtin.o passdb/pdb_compat.o \ + lib/util_wellknown.o passdb/util_builtin.o passdb/pdb_compat.o \ passdb/util_unixsids.o passdb/lookup_sid.o \ passdb/login_cache.o @PDB_STATIC@ \ passdb/account_pol.o $(PRIVILEGES_OBJ) \ diff --git a/source3/include/proto.h b/source3/include/proto.h index 76694a346f..01ec4bb4c1 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4701,4 +4701,13 @@ void map_max_allowed_access(const struct security_token *nt_token, const struct security_unix_token *unix_token, uint32_t *pacc_requested); +/* The following definitions come from lib/util_wellknown.c */ + +bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name); +bool sid_check_is_in_wellknown_domain(const struct dom_sid *sid); +bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, + const char **domain, const char **name); +bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name, + struct dom_sid *sid, const char **domain); + #endif /* _PROTO_H_ */ diff --git a/source3/lib/util_wellknown.c b/source3/lib/util_wellknown.c new file mode 100644 index 0000000000..f2f99af2d0 --- /dev/null +++ b/source3/lib/util_wellknown.c @@ -0,0 +1,173 @@ +/* + Unix SMB/CIFS implementation. + Lookup routines for well-known SIDs + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Luke Kenneth Caseson Leighton 1998-1999 + Copyright (C) Jeremy Allison 1999 + Copyright (C) Volker Lendecke 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "../libcli/security/security.h" + +struct rid_name_map { + uint32 rid; + const char *name; +}; + +struct sid_name_map_info +{ + const struct dom_sid *sid; + const char *name; + const struct rid_name_map *known_users; +}; + +static const struct rid_name_map everyone_users[] = { + { 0, "Everyone" }, + { 0, NULL}}; + +static const struct rid_name_map creator_owner_users[] = { + { 0, "Creator Owner" }, + { 1, "Creator Group" }, + { 0, NULL}}; + +static const struct rid_name_map nt_authority_users[] = { + { 1, "Dialup" }, + { 2, "Network"}, + { 3, "Batch"}, + { 4, "Interactive"}, + { 6, "Service"}, + { 7, "AnonymousLogon"}, + { 7, "Anonymous Logon"}, + { 8, "Proxy"}, + { 9, "ServerLogon"}, + { 10, "Self"}, + { 11, "Authenticated Users"}, + { 12, "Restricted"}, + { 13, "Terminal Server User"}, + { 14, "Remote Interactive Logon"}, + { 15, "This Organization"}, + { 18, "SYSTEM"}, + { 19, "Local Service"}, + { 20, "Network Service"}, + { 0, NULL}}; + +static struct sid_name_map_info special_domains[] = { + { &global_sid_World_Domain, "", everyone_users }, + { &global_sid_Creator_Owner_Domain, "", creator_owner_users }, + { &global_sid_NT_Authority, "NT Authority", nt_authority_users }, + { NULL, NULL, NULL }}; + +bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name) +{ + int i; + + for (i=0; special_domains[i].sid != NULL; i++) { + if (dom_sid_equal(sid, special_domains[i].sid)) { + if (name != NULL) { + *name = special_domains[i].name; + } + return True; + } + } + return False; +} + +bool sid_check_is_in_wellknown_domain(const struct dom_sid *sid) +{ + struct dom_sid dom_sid; + + sid_copy(&dom_sid, sid); + sid_split_rid(&dom_sid, NULL); + + return sid_check_is_wellknown_domain(&dom_sid, NULL); +} + +/************************************************************************** + Looks up a known username from one of the known domains. +***************************************************************************/ + +bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, + const char **domain, const char **name) +{ + int i; + struct dom_sid dom_sid; + uint32 rid; + const struct rid_name_map *users = NULL; + + sid_copy(&dom_sid, sid); + if (!sid_split_rid(&dom_sid, &rid)) { + DEBUG(2, ("Could not split rid from SID\n")); + return False; + } + + for (i=0; special_domains[i].sid != NULL; i++) { + if (dom_sid_equal(&dom_sid, special_domains[i].sid)) { + *domain = talloc_strdup(mem_ctx, + special_domains[i].name); + users = special_domains[i].known_users; + break; + } + } + + if (users == NULL) { + DEBUG(10, ("SID %s is no special sid\n", sid_string_dbg(sid))); + return False; + } + + for (i=0; users[i].name != NULL; i++) { + if (rid == users[i].rid) { + *name = talloc_strdup(mem_ctx, users[i].name); + return True; + } + } + + DEBUG(10, ("RID of special SID %s not found\n", sid_string_dbg(sid))); + + return False; +} + +/************************************************************************** + Try and map a name to one of the well known SIDs. +***************************************************************************/ + +bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name, + struct dom_sid *sid, const char **domain) +{ + int i, j; + + DEBUG(10,("map_name_to_wellknown_sid: looking up %s\n", name)); + + for (i=0; special_domains[i].sid != NULL; i++) { + const struct rid_name_map *users = + special_domains[i].known_users; + + if (users == NULL) + continue; + + for (j=0; users[j].name != NULL; j++) { + if ( strequal(users[j].name, name) ) { + sid_compose(sid, special_domains[i].sid, + users[j].rid); + *domain = talloc_strdup( + mem_ctx, special_domains[i].name); + return True; + } + } + } + + return False; +} diff --git a/source3/passdb/proto.h b/source3/passdb/proto.h index 2f7776b796..8680a09704 100644 --- a/source3/passdb/proto.h +++ b/source3/passdb/proto.h @@ -309,15 +309,6 @@ bool sid_check_is_in_unix_groups(const struct dom_sid *sid); const char *unix_groups_domain_name(void); bool lookup_unix_group_name(const char *name, struct dom_sid *sid); -/* The following definitions come from passdb/util_wellknown.c */ - -bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name); -bool sid_check_is_in_wellknown_domain(const struct dom_sid *sid); -bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, - const char **domain, const char **name); -bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name, - struct dom_sid *sid, const char **domain); - /* The following definitions come from passdb/pdb_util.c */ NTSTATUS create_builtin_users(const struct dom_sid *sid); diff --git a/source3/passdb/util_wellknown.c b/source3/passdb/util_wellknown.c deleted file mode 100644 index 1810efac17..0000000000 --- a/source3/passdb/util_wellknown.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Lookup routines for well-known SIDs - Copyright (C) Andrew Tridgell 1992-1998 - Copyright (C) Luke Kenneth Caseson Leighton 1998-1999 - Copyright (C) Jeremy Allison 1999 - Copyright (C) Volker Lendecke 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "passdb.h" -#include "../libcli/security/security.h" - -struct rid_name_map { - uint32 rid; - const char *name; -}; - -struct sid_name_map_info -{ - const struct dom_sid *sid; - const char *name; - const struct rid_name_map *known_users; -}; - -static const struct rid_name_map everyone_users[] = { - { 0, "Everyone" }, - { 0, NULL}}; - -static const struct rid_name_map creator_owner_users[] = { - { 0, "Creator Owner" }, - { 1, "Creator Group" }, - { 0, NULL}}; - -static const struct rid_name_map nt_authority_users[] = { - { 1, "Dialup" }, - { 2, "Network"}, - { 3, "Batch"}, - { 4, "Interactive"}, - { 6, "Service"}, - { 7, "AnonymousLogon"}, - { 7, "Anonymous Logon"}, - { 8, "Proxy"}, - { 9, "ServerLogon"}, - { 10, "Self"}, - { 11, "Authenticated Users"}, - { 12, "Restricted"}, - { 13, "Terminal Server User"}, - { 14, "Remote Interactive Logon"}, - { 15, "This Organization"}, - { 18, "SYSTEM"}, - { 19, "Local Service"}, - { 20, "Network Service"}, - { 0, NULL}}; - -static struct sid_name_map_info special_domains[] = { - { &global_sid_World_Domain, "", everyone_users }, - { &global_sid_Creator_Owner_Domain, "", creator_owner_users }, - { &global_sid_NT_Authority, "NT Authority", nt_authority_users }, - { NULL, NULL, NULL }}; - -bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name) -{ - int i; - - for (i=0; special_domains[i].sid != NULL; i++) { - if (dom_sid_equal(sid, special_domains[i].sid)) { - if (name != NULL) { - *name = special_domains[i].name; - } - return True; - } - } - return False; -} - -bool sid_check_is_in_wellknown_domain(const struct dom_sid *sid) -{ - struct dom_sid dom_sid; - - sid_copy(&dom_sid, sid); - sid_split_rid(&dom_sid, NULL); - - return sid_check_is_wellknown_domain(&dom_sid, NULL); -} - -/************************************************************************** - Looks up a known username from one of the known domains. -***************************************************************************/ - -bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, - const char **domain, const char **name) -{ - int i; - struct dom_sid dom_sid; - uint32 rid; - const struct rid_name_map *users = NULL; - - sid_copy(&dom_sid, sid); - if (!sid_split_rid(&dom_sid, &rid)) { - DEBUG(2, ("Could not split rid from SID\n")); - return False; - } - - for (i=0; special_domains[i].sid != NULL; i++) { - if (dom_sid_equal(&dom_sid, special_domains[i].sid)) { - *domain = talloc_strdup(mem_ctx, - special_domains[i].name); - users = special_domains[i].known_users; - break; - } - } - - if (users == NULL) { - DEBUG(10, ("SID %s is no special sid\n", sid_string_dbg(sid))); - return False; - } - - for (i=0; users[i].name != NULL; i++) { - if (rid == users[i].rid) { - *name = talloc_strdup(mem_ctx, users[i].name); - return True; - } - } - - DEBUG(10, ("RID of special SID %s not found\n", sid_string_dbg(sid))); - - return False; -} - -/************************************************************************** - Try and map a name to one of the well known SIDs. -***************************************************************************/ - -bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name, - struct dom_sid *sid, const char **domain) -{ - int i, j; - - DEBUG(10,("map_name_to_wellknown_sid: looking up %s\n", name)); - - for (i=0; special_domains[i].sid != NULL; i++) { - const struct rid_name_map *users = - special_domains[i].known_users; - - if (users == NULL) - continue; - - for (j=0; users[j].name != NULL; j++) { - if ( strequal(users[j].name, name) ) { - sid_compose(sid, special_domains[i].sid, - users[j].rid); - *domain = talloc_strdup( - mem_ctx, special_domains[i].name); - return True; - } - } - } - - return False; -} diff --git a/source3/wscript_build b/source3/wscript_build index 9e3c7eeb43..933dcf6105 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -227,7 +227,7 @@ PRIVILEGES_SRC = '''lib/privileges.c''' PASSDB_GET_SET_SRC = '''passdb/pdb_get_set.c''' PASSDB_SRC = '''${PASSDB_GET_SET_SRC} passdb/passdb.c - passdb/util_wellknown.c passdb/util_builtin.c passdb/pdb_compat.c + lib/util_wellknown.c passdb/util_builtin.c passdb/pdb_compat.c passdb/util_unixsids.c passdb/lookup_sid.c passdb/login_cache.c passdb/account_pol.c ${PRIVILEGES_SRC} -- cgit