sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code
samba-mirror/libcli/security/dom_sid.h

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

156 lines
7.0 KiB
C
Raw Normal View History

shared: Move dom_sid_* utility functions to top level
2009-02-01 16:08:45 +01:00
/*
Unix SMB/CIFS implementation.
Samba utility functions
Copyright (C) Stefan (metze) Metzmacher 2002-2004
Copyright (C) Andrew Tridgell 1992-2004
Copyright (C) Jeremy Allison 1999
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _DOM_SID_H_
#define _DOM_SID_H_
lib: Add required #includes dom_sid.h itself references talloc, and security.h references DATA_BLOB. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-16 17:04:47 +02:00
#include "replace.h"
#include <talloc.h>
#include "lib/util/data_blob.h"
dom_sid.h: Include dependency security.h that provides the dom_sid struct.
2009-03-01 18:15:15 +01:00
#include "librpc/gen_ndr/security.h"
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
/* Some well-known SIDs */
extern const struct dom_sid global_sid_World_Domain;
extern const struct dom_sid global_sid_World;
security: add local authority well-known SIDs add the S-1-2 well-known SID family Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Thu Nov 24 19:01:08 CET 2011 on sn-devel-104
2011-09-01 16:09:01 +02:00
extern const struct dom_sid global_sid_Local_Authority;
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
extern const struct dom_sid global_sid_Creator_Owner_Domain;
extern const struct dom_sid global_sid_NT_Authority;
libcli/security Use static SIDs rather than parsing from strings This should make the security_token_is_*() calls a little faster. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-21 07:14:38 +10:00
extern const struct dom_sid global_sid_Enterprise_DCs;
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
extern const struct dom_sid global_sid_System;
extern const struct dom_sid global_sid_NULL;
libcli:security: Add SELF SID constant Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 14:13:09 +12:00
extern const struct dom_sid global_sid_Self;
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
extern const struct dom_sid global_sid_Authenticated_Users;
extern const struct dom_sid global_sid_Network;
security: Add Asserted Identity sids (S-1-18) Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677 definitions taken from [MS-DTYP]: Windows Data Types, 2.4.2.4 Well-Known SID Structures. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-15 14:46:07 +01:00
extern const struct dom_sid global_sid_Asserted_Identity;
extern const struct dom_sid global_sid_Asserted_Identity_Service;
extern const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority;
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
extern const struct dom_sid global_sid_Creator_Owner;
extern const struct dom_sid global_sid_Creator_Group;
Fix bug #8795 - Samba does not handle the Owner Rights permissions at all Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 14 02:26:34 CET 2012 on sn-devel-104
2012-03-13 16:47:17 -07:00
extern const struct dom_sid global_sid_Owner_Rights;
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
extern const struct dom_sid global_sid_Anonymous;
libcli:security: Add Compounded Authentication and Claims Valid SID constants Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 14:27:14 +12:00
extern const struct dom_sid global_sid_Compounded_Authentication;
extern const struct dom_sid global_sid_Claims_Valid;
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
extern const struct dom_sid global_sid_Builtin;
extern const struct dom_sid global_sid_Builtin_Administrators;
extern const struct dom_sid global_sid_Builtin_Users;
extern const struct dom_sid global_sid_Builtin_Guests;
extern const struct dom_sid global_sid_Builtin_Power_Users;
extern const struct dom_sid global_sid_Builtin_Account_Operators;
extern const struct dom_sid global_sid_Builtin_Server_Operators;
extern const struct dom_sid global_sid_Builtin_Print_Operators;
extern const struct dom_sid global_sid_Builtin_Backup_Operators;
extern const struct dom_sid global_sid_Builtin_Replicator;
extern const struct dom_sid global_sid_Builtin_PreWin2kAccess;
extern const struct dom_sid global_sid_Unix_Users;
extern const struct dom_sid global_sid_Unix_Groups;
libcli/security: add NFS SID mappings Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-09-08 23:18:35 +02:00
extern const struct dom_sid global_sid_Unix_NFS;
extern const struct dom_sid global_sid_Unix_NFS_Users;
extern const struct dom_sid global_sid_Unix_NFS_Groups;
extern const struct dom_sid global_sid_Unix_NFS_Mode;
extern const struct dom_sid global_sid_Unix_NFS_Other;
smbd: Make SID_SAMBA_SMB3 a static SID No need to parse it Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 11:34:23 +02:00
extern const struct dom_sid global_sid_Samba_SMB3;
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
rpc: Add global_sid_Samba_NPA_Flags SID This will be used as a flexible way to pass per-RPC-connection flags over ncalrpc to the RPC server without having to modify named_pipe_auth_req_info6 every time something new needs to be passed. It's modeled after global_sid_Samba_SMB3. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-18 12:09:45 +02:00
extern const struct dom_sid global_sid_Samba_NPA_Flags;
#define SAMBA_NPA_FLAGS_NEED_IDLE 1
rpc_server3: Pass winbind_env_set() state through to rpcd_* Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back into winbind for getpwnam. We have the "_NO_WINBINDD" environment variable set in winbind itself for this case, but this is lost on the way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass this information to dcerpc_core, where it sets the variable on every call if requested. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
2023-04-18 12:47:04 +02:00
#define SAMBA_NPA_FLAGS_WINBIND_OFF 2
rpc: Add global_sid_Samba_NPA_Flags SID This will be used as a flexible way to pass per-RPC-connection flags over ncalrpc to the RPC server without having to modify named_pipe_auth_req_info6 every time something new needs to be passed. It's modeled after global_sid_Samba_SMB3. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-18 12:09:45 +02:00
libcli/security: Add auth_SidAttr utility functions These functions are modelled on add_sid_to_array() and add_sid_to_array_unique(). They differ in that they operate not on an array of dom_sid, but of auth_SidAttr, and take an additional 'attrs' parameter of type uint32_t. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-27 15:12:52 +13:00
struct auth_SidAttr;
libcli/security: add dom_sid_lookup_predefined_{sid,name}() This basically implements [MS-LSAT] 3.1.1.1.1 Predefined Translation Database and Corresponding View. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-20 12:55:44 +01:00
enum lsa_SidType;
NTSTATUS dom_sid_lookup_predefined_name(const char *name,
const struct dom_sid **sid,
enum lsa_SidType *type,
const struct dom_sid **authority_sid,
const char **authority_name);
NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
const char **name,
enum lsa_SidType *type,
const struct dom_sid **authority_sid,
const char **authority_name);
libcli/security: add dom_sid_lookup_is_predefined_domain() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
2018-11-28 17:19:39 +01:00
bool dom_sid_lookup_is_predefined_domain(const char *domain);
libcli/security: add dom_sid_lookup_predefined_{sid,name}() This basically implements [MS-LSAT] 3.1.1.1.1 Predefined Translation Database and Corresponding View. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-20 12:55:44 +01:00
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
int dom_sid_compare_auth(const struct dom_sid *sid1,
const struct dom_sid *sid2);
shared: Move dom_sid_* utility functions to top level
2009-02-01 16:08:45 +01:00
int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2);
libcli: add dom_sid_compare_domain() Guenther
2010-08-26 16:41:15 +02:00
int dom_sid_compare_domain(const struct dom_sid *sid1,
const struct dom_sid *sid2);
shared: Move dom_sid_* utility functions to top level
2009-02-01 16:08:45 +01:00
bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2);
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
bool sid_append_rid(struct dom_sid *sid, uint32_t rid);
bool string_to_sid(struct dom_sid *sidout, const char *sidstr);
Add dom_sid_parse_endp This returns a pointer to the first non-parsed character, along the lines of strtoul for example. Signed-off-by: Jeremy Allison <jra@samba.org>
2011-03-07 20:16:13 +01:00
bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout,
const char **endp);
shared: Move dom_sid_* utility functions to top level
2009-02-01 16:08:45 +01:00
bool dom_sid_parse(const char *sidstr, struct dom_sid *ret);
struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr);
struct dom_sid *dom_sid_parse_length(TALLOC_CTX *mem_ctx, const DATA_BLOB *sid);
struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid);
struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
const struct dom_sid *domain_sid,
uint32_t rid);
NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
struct dom_sid **domain, uint32_t *rid);
bool dom_sid_in_domain(const struct dom_sid *domain_sid,
const struct dom_sid *sid);
libcli/security: Add dom_sid_has_account_domain() to confirm a S-1-5-21 prefix Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-16 11:25:57 +13:00
bool dom_sid_has_account_domain(const struct dom_sid *sid);
libcli/security: add dom_sid_is_valid_account_domain() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2018-01-25 09:50:17 +01:00
bool dom_sid_is_valid_account_domain(const struct dom_sid *sid);
Add dom_sid_string_buf This prints into a fixed buffer with the same overflow semantics as snprintf has: Return required string length, regardless of whether it fit or not.
2011-03-03 16:59:39 +01:00
#define DOM_SID_STR_BUFLEN (15*11+25)
shared: Move dom_sid_* utility functions to top level
2009-02-01 16:08:45 +01:00
char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
lib: Add dom_sid_str_buf This is modeled after server_id_str_buf, which as an API to me is easier to use: I can rely on the compiler to get the buffer size right. It is designed to violate README.Coding's "Make use of helper variables", but as this API is simple enough and the output should never be a surprise at all, I think that's worth it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 2 20:11:11 CET 2018 on sn-devel-144
2018-10-18 05:46:37 +02:00
struct dom_sid_buf { char buf[DOM_SID_STR_BUFLEN]; };
char *dom_sid_str_buf(const struct dom_sid *sid, struct dom_sid_buf *dst);
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
const char *sid_type_lookup(uint32_t sid_type);
const struct security_token *get_system_token(void);
bool sid_compose(struct dom_sid *dst, const struct dom_sid *domain_sid, uint32_t rid);
bool sid_split_rid(struct dom_sid *sid, uint32_t *rid);
bool sid_peek_rid(const struct dom_sid *sid, uint32_t *rid);
bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32_t *rid);
void sid_copy(struct dom_sid *dst, const struct dom_sid *src);
lib: Remove "struct sid_parse_ret" again Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-11 17:11:06 +01:00
ssize_t sid_parse(const uint8_t *inbuf, size_t len, struct dom_sid *sid);
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
struct dom_sid **sids, uint32_t *num);
NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
struct dom_sid **sids, uint32_t *num_sids);
libcli/security: Add auth_SidAttr utility functions These functions are modelled on add_sid_to_array() and add_sid_to_array_unique(). They differ in that they operate not on an array of dom_sid, but of auth_SidAttr, and take an additional 'attrs' parameter of type uint32_t. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-27 15:12:52 +13:00
NTSTATUS add_sid_to_array_attrs(TALLOC_CTX *mem_ctx,
const struct dom_sid *sid, uint32_t attrs,
struct auth_SidAttr **sids, uint32_t *num);
NTSTATUS add_sid_to_array_attrs_unique(TALLOC_CTX *mem_ctx,
const struct dom_sid *sid, uint32_t attrs,
struct auth_SidAttr **sids, uint32_t *num_sids);
libcli/security: Make del_sid_from_array take a uint32_t This aligns it with add_sid_to_array Signed-off-by: Michael Adam <obnox@samba.org>
2011-02-03 05:22:36 -07:00
void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids,
uint32_t *num);
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
uint32_t rid, uint32_t **pp_rids, size_t *p_num);
bool is_null_sid(const struct dom_sid *sid);
libcli/security: Add sids_contains_sid() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-30 14:51:17 +13:00
bool sids_contains_sid(const struct dom_sid *sids,
const uint32_t num_sids,
const struct dom_sid *sid);
libcli/security: Add sid_attrs_contains_sid() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-30 15:03:04 +13:00
bool sid_attrs_contains_sid(const struct auth_SidAttr *sids,
const uint32_t num_sids,
const struct dom_sid *sid);
libcli/security: Rename sids_contains_sid() to sids_contains_sid_attrs() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-30 14:48:23 +13:00
bool sids_contains_sid_attrs(const struct auth_SidAttr *sids,
const uint32_t num_sids,
const struct dom_sid *sid,
uint32_t attrs);
libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-18 12:55:31 +10:00
shared: Move dom_sid_* utility functions to top level
2009-02-01 16:08:45 +01:00
#endif /*_DOM_SID_H_*/
Copy Permalink