From 4dbd743e467096624961533335afccadc67af0e6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 26 Aug 2010 15:48:50 +0200 Subject: s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. Guenther --- source3/lib/netapi/localgroup.c | 5 ++- source3/lib/secdesc.c | 5 ++- source3/lib/util_nttoken.c | 3 +- source3/lib/util_sid.c | 92 ++++------------------------------------- 4 files changed, 15 insertions(+), 90 deletions(-) (limited to 'source3/lib') diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c index 69cf974225..c9e1b722bd 100644 --- a/source3/lib/netapi/localgroup.c +++ b/source3/lib/netapi/localgroup.c @@ -27,6 +27,7 @@ #include "../librpc/gen_ndr/cli_lsa.h" #include "rpc_client/cli_lsarpc.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *pipe_cli, @@ -1171,7 +1172,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, for (i=0; i < r->in.total_entries; i++) { bool already_member = false; for (k=0; k < current_sids.num_sids; k++) { - if (sid_equal(&member_sids[i], + if (dom_sid_equal(&member_sids[i], current_sids.sids[k].sid)) { already_member = true; break; @@ -1193,7 +1194,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, for (k=0; k < current_sids.num_sids; k++) { bool keep_member = false; for (i=0; i < r->in.total_entries; i++) { - if (sid_equal(&member_sids[i], + if (dom_sid_equal(&member_sids[i], current_sids.sids[k].sid)) { keep_member = true; break; diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index b9ed955dee..b8bb0acf7b 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -22,6 +22,7 @@ #include "includes.h" #include "../librpc/gen_ndr/ndr_security.h" +#include "../libcli/security/dom_sid.h" #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\ SECINFO_DACL|SECINFO_SACL|\ @@ -607,10 +608,10 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } /* The CREATOR sids are special when inherited */ - if (sid_equal(ptrustee, &global_sid_Creator_Owner)) { + if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) { creator = &global_sid_Creator_Owner; ptrustee = owner_sid; - } else if (sid_equal(ptrustee, &global_sid_Creator_Group)) { + } else if (dom_sid_equal(ptrustee, &global_sid_Creator_Group)) { creator = &global_sid_Creator_Group; ptrustee = group_sid; } diff --git a/source3/lib/util_nttoken.c b/source3/lib/util_nttoken.c index 3130ed89fb..680dd29ba7 100644 --- a/source3/lib/util_nttoken.c +++ b/source3/lib/util_nttoken.c @@ -26,6 +26,7 @@ /* function(s) moved from auth/auth_util.c to minimize linker deps */ #include "includes.h" +#include "../libcli/security/dom_sid.h" /**************************************************************************** Duplicate a SID token. @@ -120,7 +121,7 @@ bool token_sid_in_ace(const struct security_token *token, const struct security_ size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->trustee, &token->sids[i])) + if (dom_sid_equal(&ace->trustee, &token->sids[i])) return true; } diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 92218ff2b2..1873692f0f 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -244,7 +244,7 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid return False; } - if (sid_compare_domain(exp_dom_sid, sid)!=0){ + if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){ *rid=(-1); return False; } @@ -307,84 +307,6 @@ bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid) return true; } -/***************************************************************** - Compare the auth portion of two sids. -*****************************************************************/ - -static int sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int i; - - if (sid1 == sid2) - return 0; - if (!sid1) - return -1; - if (!sid2) - return 1; - - if (sid1->sid_rev_num != sid2->sid_rev_num) - return sid1->sid_rev_num - sid2->sid_rev_num; - - for (i = 0; i < 6; i++) - if (sid1->id_auth[i] != sid2->id_auth[i]) - return sid1->id_auth[i] - sid2->id_auth[i]; - - return 0; -} - -/***************************************************************** - Compare two sids. -*****************************************************************/ - -int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int i; - - if (sid1 == sid2) - return 0; - if (!sid1) - return -1; - if (!sid2) - return 1; - - /* Compare most likely different rids, first: i.e start at end */ - if (sid1->num_auths != sid2->num_auths) - return sid1->num_auths - sid2->num_auths; - - for (i = sid1->num_auths-1; i >= 0; --i) - if (sid1->sub_auths[i] != sid2->sub_auths[i]) - return sid1->sub_auths[i] - sid2->sub_auths[i]; - - return sid_compare_auth(sid1, sid2); -} - -/***************************************************************** - See if 2 SIDs are in the same domain - this just compares the leading sub-auths -*****************************************************************/ - -int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int n, i; - - n = MIN(sid1->num_auths, sid2->num_auths); - - for (i = n-1; i >= 0; --i) - if (sid1->sub_auths[i] != sid2->sub_auths[i]) - return sid1->sub_auths[i] - sid2->sub_auths[i]; - - return sid_compare_auth(sid1, sid2); -} - -/***************************************************************** - Compare two sids. -*****************************************************************/ - -bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - return sid_compare(sid1, sid2) == 0; -} - /***************************************************************** Returns true if SID is internal (and non-mappable). *****************************************************************/ @@ -397,10 +319,10 @@ bool non_mappable_sid(struct dom_sid *sid) sid_copy(&dom, sid); sid_split_rid(&dom, &rid); - if (sid_equal(&dom, &global_sid_Builtin)) + if (dom_sid_equal(&dom, &global_sid_Builtin)) return True; - if (sid_equal(&dom, &global_sid_NT_Authority)) + if (dom_sid_equal(&dom, &global_sid_NT_Authority)) return True; return False; @@ -494,7 +416,7 @@ NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, size_t i; for (i=0; i<(*num_sids); i++) { - if (sid_compare(sid, &(*sids)[i]) == 0) + if (dom_sid_compare(sid, &(*sids)[i]) == 0) return NT_STATUS_OK; } @@ -515,7 +437,7 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t /* if we find the SID, then decrement the count and break out of the loop */ - if ( sid_equal(sid, &sid_list[i]) ) { + if ( dom_sid_equal(sid, &sid_list[i]) ) { *num -= 1; break; } @@ -555,7 +477,7 @@ bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx, bool is_null_sid(const struct dom_sid *sid) { static const struct dom_sid null_sid = {0}; - return sid_equal(sid, &null_sid); + return dom_sid_equal(sid, &null_sid); } bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid) @@ -563,7 +485,7 @@ bool is_sid_in_token(const struct security_token *token, const struct dom_sid *s int i; for (i=0; inum_sids; i++) { - if (sid_compare(sid, &token->sids[i]) == 0) + if (dom_sid_compare(sid, &token->sids[i]) == 0) return true; } return false; -- cgit