Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : security descriptor utility functions
5 :
6 : Copyright (C) Andrew Tridgell 2004
7 : Copyright (C) Andrew Bartlett 2010
8 : Copyright (C) Stefan Metzmacher 2005
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include "libcli/security/security_token.h"
26 : #include "libcli/security/dom_sid.h"
27 : #include "libcli/security/privileges.h"
28 :
29 : /*
30 : return a blank security token
31 : */
32 69408 : struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
33 : {
34 69408 : struct security_token *st = talloc_zero(
35 : mem_ctx, struct security_token);
36 69408 : return st;
37 : }
38 :
39 : /****************************************************************************
40 : prints a struct security_token to debug output.
41 : ****************************************************************************/
42 230106 : void security_token_debug(int dbg_class, int dbg_lev, const struct security_token *token)
43 : {
44 : uint32_t i;
45 :
46 230106 : if (!token) {
47 130674 : DEBUGC(dbg_class, dbg_lev, ("Security token: (NULL)\n"));
48 130674 : return;
49 : }
50 :
51 99432 : DEBUGC(dbg_class, dbg_lev, ("Security token SIDs (%lu):\n",
52 : (unsigned long)token->num_sids));
53 974064 : for (i = 0; i < token->num_sids; i++) {
54 : struct dom_sid_buf sidbuf;
55 874632 : DEBUGADDC(dbg_class,
56 : dbg_lev,
57 : (" SID[%3lu]: %s\n", (unsigned long)i,
58 : dom_sid_str_buf(&token->sids[i], &sidbuf)));
59 : }
60 :
61 99432 : security_token_debug_privileges(dbg_class, dbg_lev, token);
62 : }
63 :
64 : /* These really should be cheaper... */
65 :
66 69133555 : bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
67 : {
68 69133555 : if (token->sids == NULL) {
69 0 : return false;
70 : }
71 69133555 : if (dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX], sid)) {
72 35074277 : return true;
73 : }
74 34059278 : return false;
75 : }
76 :
77 51320439 : bool security_token_is_system(const struct security_token *token)
78 : {
79 51320439 : return security_token_is_sid(token, &global_sid_System);
80 : }
81 :
82 17809127 : bool security_token_is_anonymous(const struct security_token *token)
83 : {
84 17809127 : return security_token_is_sid(token, &global_sid_Anonymous);
85 : }
86 :
87 80181436 : bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
88 : {
89 : uint32_t i;
90 766976844 : for (i = 0; i < token->num_sids; i++) {
91 732838179 : if (dom_sid_equal(&token->sids[i], sid)) {
92 46042771 : return true;
93 : }
94 : }
95 34138665 : return false;
96 : }
97 :
98 6108 : size_t security_token_count_flag_sids(const struct security_token *token,
99 : const struct dom_sid *prefix_sid,
100 : size_t num_flags,
101 : const struct dom_sid **_flag_sid)
102 : {
103 6108 : const size_t num_auths_expected = prefix_sid->num_auths + num_flags;
104 6108 : const struct dom_sid *found = NULL;
105 6108 : size_t num = 0;
106 : uint32_t i;
107 :
108 6108 : SMB_ASSERT(num_auths_expected <= ARRAY_SIZE(prefix_sid->sub_auths));
109 :
110 74759 : for (i = 0; i < token->num_sids; i++) {
111 68651 : const struct dom_sid *sid = &token->sids[i];
112 : int cmp;
113 :
114 68651 : if ((size_t)sid->num_auths != num_auths_expected) {
115 49635 : continue;
116 : }
117 :
118 19016 : cmp = dom_sid_compare_domain(sid, prefix_sid);
119 19016 : if (cmp != 0) {
120 17917 : continue;
121 : }
122 :
123 1099 : num += 1;
124 1099 : found = sid;
125 : }
126 :
127 6108 : if ((num == 1) && (_flag_sid != NULL)) {
128 1099 : *_flag_sid = found;
129 : }
130 :
131 6108 : return num;
132 : }
133 :
134 16153925 : bool security_token_has_builtin_guests(const struct security_token *token)
135 : {
136 16153925 : return security_token_has_sid(token, &global_sid_Builtin_Guests);
137 : }
138 :
139 16184439 : bool security_token_has_builtin_administrators(const struct security_token *token)
140 : {
141 16184439 : return security_token_has_sid(token, &global_sid_Builtin_Administrators);
142 : }
143 :
144 16153929 : bool security_token_has_nt_authenticated_users(const struct security_token *token)
145 : {
146 16153929 : return security_token_has_sid(token, &global_sid_Authenticated_Users);
147 : }
148 :
149 404055 : bool security_token_has_enterprise_dcs(const struct security_token *token)
150 : {
151 404055 : return security_token_has_sid(token, &global_sid_Enterprise_DCs);
152 : }
|
