2010-09-17 12:59:24 +10:00
/*
2004-05-28 13:23:30 +00:00
Unix SMB / CIFS implementation .
2009-07-15 13:25:04 +02:00
security descriptor utility functions
2004-05-28 13:23:30 +00:00
Copyright ( C ) Andrew Tridgell 2004
2010-09-17 12:59:24 +10:00
Copyright ( C ) Andrew Bartlett 2010
2005-01-09 12:55:25 +00:00
Copyright ( C ) Stefan Metzmacher 2005
2010-09-17 12:59:24 +10:00
2004-05-28 13:23:30 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 02:07:03 +00:00
the Free Software Foundation ; either version 3 of the License , or
2004-05-28 13:23:30 +00:00
( at your option ) any later version .
2010-09-17 12:59:24 +10:00
2004-05-28 13:23:30 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2010-09-17 12:59:24 +10:00
2004-05-28 13:23:30 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 02:07:03 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2004-05-28 13:23:30 +00:00
*/
# include "includes.h"
2010-09-17 12:59:24 +10:00
# include "libcli/security/security_token.h"
# include "libcli/security/dom_sid.h"
# include "libcli/security/privileges.h"
2004-05-28 13:23:30 +00:00
/*
2004-12-11 05:41:19 +00:00
return a blank security token
2004-05-28 13:23:30 +00:00
*/
2004-11-17 14:35:29 +00:00
struct security_token * security_token_initialise ( TALLOC_CTX * mem_ctx )
2004-05-28 13:23:30 +00:00
{
2020-08-24 22:31:01 +02:00
struct security_token * st = talloc_zero (
mem_ctx , struct security_token ) ;
2004-11-17 14:35:29 +00:00
return st ;
}
2004-12-30 20:34:20 +00:00
/****************************************************************************
prints a struct security_token to debug output .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-09-17 15:23:19 +10:00
void security_token_debug ( int dbg_class , int dbg_lev , const struct security_token * token )
2004-12-30 20:34:20 +00:00
{
2010-09-09 20:31:38 +02:00
uint32_t i ;
2004-12-30 20:34:20 +00:00
if ( ! token ) {
2010-09-17 15:23:19 +10:00
DEBUGC ( dbg_class , dbg_lev , ( " Security token: (NULL) \n " ) ) ;
2004-12-30 20:34:20 +00:00
return ;
}
2010-09-17 15:23:19 +10:00
DEBUGC ( dbg_class , dbg_lev , ( " Security token SIDs (%lu): \n " ,
2004-12-30 20:34:20 +00:00
( unsigned long ) token - > num_sids ) ) ;
for ( i = 0 ; i < token - > num_sids ; i + + ) {
2018-11-24 13:16:56 +01:00
struct dom_sid_buf sidbuf ;
DEBUGADDC ( dbg_class ,
dbg_lev ,
( " SID[%3lu]: %s \n " , ( unsigned long ) i ,
dom_sid_str_buf ( & token - > sids [ i ] , & sidbuf ) ) ) ;
2004-12-30 20:34:20 +00:00
}
2010-09-17 15:23:19 +10:00
security_token_debug_privileges ( dbg_class , dbg_lev , token ) ;
2004-12-30 20:34:20 +00:00
}
2005-10-07 11:31:45 +00:00
/* These really should be cheaper... */
2007-10-06 22:28:14 +00:00
bool security_token_is_sid ( const struct security_token * token , const struct dom_sid * sid )
2005-10-07 11:31:45 +00:00
{
2020-01-21 11:56:18 +01:00
if ( token - > sids = = NULL ) {
return false ;
}
if ( dom_sid_equal ( & token - > sids [ PRIMARY_USER_SID_INDEX ] , sid ) ) {
2007-10-06 22:28:14 +00:00
return true ;
2005-10-07 11:31:45 +00:00
}
2007-10-06 22:28:14 +00:00
return false ;
2005-10-07 11:31:45 +00:00
}
2007-10-06 22:28:14 +00:00
bool security_token_is_sid_string ( const struct security_token * token , const char * sid_string )
2005-10-07 11:31:45 +00:00
{
2007-10-06 22:28:14 +00:00
bool ret ;
2014-05-26 20:57:31 +00:00
struct dom_sid sid ;
2006-03-31 11:05:33 +00:00
2014-05-26 20:57:31 +00:00
ret = dom_sid_parse ( sid_string , & sid ) ;
if ( ! ret ) {
return false ;
}
2006-03-31 11:05:33 +00:00
2014-05-26 20:57:31 +00:00
ret = security_token_is_sid ( token , & sid ) ;
2006-03-31 11:05:33 +00:00
return ret ;
2005-10-07 11:31:45 +00:00
}
2010-09-17 12:59:24 +10:00
bool security_token_is_system ( const struct security_token * token )
2006-01-06 21:20:09 +00:00
{
2010-09-21 07:14:38 +10:00
return security_token_is_sid ( token , & global_sid_System ) ;
2006-01-06 21:20:09 +00:00
}
2010-09-17 12:59:24 +10:00
bool security_token_is_anonymous ( const struct security_token * token )
2006-03-31 11:05:33 +00:00
{
2010-09-21 07:14:38 +10:00
return security_token_is_sid ( token , & global_sid_Anonymous ) ;
2006-03-31 11:05:33 +00:00
}
2007-10-06 22:28:14 +00:00
bool security_token_has_sid ( const struct security_token * token , const struct dom_sid * sid )
2006-01-06 21:20:09 +00:00
{
2010-09-09 20:31:38 +02:00
uint32_t i ;
2006-01-06 21:20:09 +00:00
for ( i = 0 ; i < token - > num_sids ; i + + ) {
2010-08-20 12:15:15 +10:00
if ( dom_sid_equal ( & token - > sids [ i ] , sid ) ) {
2007-10-06 22:28:14 +00:00
return true ;
2006-01-06 21:20:09 +00:00
}
}
2007-10-06 22:28:14 +00:00
return false ;
2006-01-06 21:20:09 +00:00
}
2007-10-06 22:28:14 +00:00
bool security_token_has_sid_string ( const struct security_token * token , const char * sid_string )
2006-03-31 11:05:33 +00:00
{
2007-10-06 22:28:14 +00:00
bool ret ;
2014-05-26 20:57:31 +00:00
struct dom_sid sid ;
2006-03-31 11:05:33 +00:00
2014-05-26 20:57:31 +00:00
ret = dom_sid_parse ( sid_string , & sid ) ;
if ( ! ret ) {
return false ;
}
2006-03-31 11:05:33 +00:00
2014-05-26 20:57:31 +00:00
ret = security_token_has_sid ( token , & sid ) ;
2006-03-31 11:05:33 +00:00
return ret ;
}
2016-04-20 16:29:42 +02:00
bool security_token_has_builtin_guests ( const struct security_token * token )
{
return security_token_has_sid ( token , & global_sid_Builtin_Guests ) ;
}
2007-10-06 22:28:14 +00:00
bool security_token_has_builtin_administrators ( const struct security_token * token )
2006-03-31 11:05:33 +00:00
{
2010-09-21 07:14:38 +10:00
return security_token_has_sid ( token , & global_sid_Builtin_Administrators ) ;
2006-03-31 11:05:33 +00:00
}
2007-10-06 22:28:14 +00:00
bool security_token_has_nt_authenticated_users ( const struct security_token * token )
2006-03-31 11:05:33 +00:00
{
2010-09-21 07:14:38 +10:00
return security_token_has_sid ( token , & global_sid_Authenticated_Users ) ;
2006-03-31 11:05:33 +00:00
}
2008-03-20 12:12:10 +11:00
2009-09-15 19:25:45 -07:00
bool security_token_has_enterprise_dcs ( const struct security_token * token )
{
2010-09-21 07:14:38 +10:00
return security_token_has_sid ( token , & global_sid_Enterprise_DCs ) ;
2009-09-15 19:25:45 -07:00
}