Line data Source code
1 : /*
2 : * Unix SMB/CIFS implementation.
3 : * Authentication utility functions
4 : * Copyright (C) Andrew Tridgell 1992-1998
5 : * Copyright (C) Andrew Bartlett 2001
6 : * Copyright (C) Jeremy Allison 2000-2001
7 : * Copyright (C) Rafal Szczesniak 2002
8 : * Copyright (C) Volker Lendecke 2006
9 : * Copyright (C) Michael Adam 2007
10 : * Copyright (C) Guenther Deschner 2007
11 : *
12 : * This program is free software; you can redistribute it and/or modify
13 : * it under the terms of the GNU General Public License as published by
14 : * the Free Software Foundation; either version 3 of the License, or
15 : * (at your option) any later version.
16 : *
17 : * This program is distributed in the hope that it will be useful,
18 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 : * GNU General Public License for more details.
21 : *
22 : * You should have received a copy of the GNU General Public License
23 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 : */
25 :
26 : /* function(s) moved from auth/auth_util.c to minimize linker deps */
27 :
28 : #include "includes.h"
29 : #include "../libcli/security/security.h"
30 :
31 : /****************************************************************************
32 : Duplicate a SID token.
33 : ****************************************************************************/
34 :
35 282199 : struct security_token *dup_nt_token(TALLOC_CTX *mem_ctx, const struct security_token *ptoken)
36 : {
37 : struct security_token *token;
38 :
39 282199 : if (!ptoken)
40 52009 : return NULL;
41 :
42 230190 : token = talloc_zero(mem_ctx, struct security_token);
43 230190 : if (token == NULL) {
44 0 : DEBUG(0, ("talloc failed\n"));
45 0 : return NULL;
46 : }
47 :
48 230190 : if (ptoken->sids && ptoken->num_sids) {
49 230190 : token->sids = (struct dom_sid *)talloc_memdup(
50 : token, ptoken->sids, sizeof(struct dom_sid) * ptoken->num_sids );
51 :
52 230190 : if (token->sids == NULL) {
53 0 : DEBUG(0, ("talloc_memdup failed\n"));
54 0 : TALLOC_FREE(token);
55 0 : return NULL;
56 : }
57 230190 : token->num_sids = ptoken->num_sids;
58 : }
59 :
60 230190 : token->privilege_mask = ptoken->privilege_mask;
61 230190 : token->rights_mask = ptoken->rights_mask;
62 :
63 230190 : return token;
64 : }
65 :
66 : /****************************************************************************
67 : merge NT tokens
68 : ****************************************************************************/
69 :
70 0 : NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
71 : const struct security_token *token_1,
72 : const struct security_token *token_2,
73 : struct security_token **token_out)
74 : {
75 0 : struct security_token *token = NULL;
76 : NTSTATUS status;
77 : uint32_t i;
78 :
79 0 : if (!token_1 || !token_2 || !token_out) {
80 0 : return NT_STATUS_INVALID_PARAMETER;
81 : }
82 :
83 0 : token = talloc_zero(mem_ctx, struct security_token);
84 0 : NT_STATUS_HAVE_NO_MEMORY(token);
85 :
86 0 : for (i=0; i < token_1->num_sids; i++) {
87 0 : status = add_sid_to_array_unique(mem_ctx,
88 0 : &token_1->sids[i],
89 : &token->sids,
90 : &token->num_sids);
91 0 : if (!NT_STATUS_IS_OK(status)) {
92 0 : TALLOC_FREE(token);
93 0 : return status;
94 : }
95 : }
96 :
97 0 : for (i=0; i < token_2->num_sids; i++) {
98 0 : status = add_sid_to_array_unique(mem_ctx,
99 0 : &token_2->sids[i],
100 : &token->sids,
101 : &token->num_sids);
102 0 : if (!NT_STATUS_IS_OK(status)) {
103 0 : TALLOC_FREE(token);
104 0 : return status;
105 : }
106 : }
107 :
108 0 : token->privilege_mask |= token_1->privilege_mask;
109 0 : token->privilege_mask |= token_2->privilege_mask;
110 :
111 0 : token->rights_mask |= token_1->rights_mask;
112 0 : token->rights_mask |= token_2->rights_mask;
113 :
114 0 : *token_out = token;
115 :
116 0 : return NT_STATUS_OK;
117 : }
118 :
119 : /*******************************************************************
120 : Check if this struct security_ace has a SID in common with the token.
121 : ********************************************************************/
122 :
123 0 : bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace)
124 : {
125 : size_t i;
126 :
127 0 : for (i = 0; i < token->num_sids; i++) {
128 0 : if (dom_sid_equal(&ace->trustee, &token->sids[i]))
129 0 : return true;
130 : }
131 :
132 0 : return false;
133 : }
|
