sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00
Code
samba-mirror/libcli/security/security_token.c

143 lines
3.8 KiB
C
Raw Normal View History

libcli/security Move most of security_token.c to common code. The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-09-17 12:59:24 +10:00
/*
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
Unix SMB/CIFS implementation.
Fix typo
2009-07-15 13:25:04 +02:00
security descriptor utility functions
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
Copyright (C) Andrew Tridgell 2004
libcli/security Move most of security_token.c to common code. The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-09-17 12:59:24 +10:00
Copyright (C) Andrew Bartlett 2010
r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2005-01-09 12:55:25 +00:00
Copyright (C) Stefan Metzmacher 2005
libcli/security Move most of security_token.c to common code. The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-09-17 12:59:24 +10:00
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
the Free Software Foundation; either version 3 of the License, or
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
(at your option) any later version.
libcli/security Move most of security_token.c to common code. The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-09-17 12:59:24 +10:00
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
libcli/security Move most of security_token.c to common code. The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-09-17 12:59:24 +10:00
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
*/
#include "includes.h"
libcli/security Move most of security_token.c to common code. The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-09-17 12:59:24 +10:00
#include "libcli/security/security_token.h"
#include "libcli/security/dom_sid.h"
#include "libcli/security/privileges.h"
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
/*
r4147: converted from NT_USER_TOKEN to struct security_token this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2004-12-11 05:41:19 +00:00
return a blank security token
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
*/
r3810: create a LIB_SECURITY subsystem - move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
2004-11-17 14:35:29 +00:00
struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
{
r3810: create a LIB_SECURITY subsystem - move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
2004-11-17 14:35:29 +00:00
struct security_token *st;
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
libcli/security Use talloc_zero when making a struct security_token
2010-09-11 17:00:10 +10:00
st = talloc_zero(mem_ctx, struct security_token);
r3810: create a LIB_SECURITY subsystem - move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
2004-11-17 14:35:29 +00:00
if (!st) {
r937: - added a simple QuerySecurity implementation in samr server - moved some sec desc defines into misc.idl - fixed pw_len field in UserInfo26 - made some pipes available on TCP - added netr_DsrEnumerateDomainTrusts() to netlogon - added templates for remaining netlogon IDL calls (from ethereal) - added a unistr_noterm vs unistr error detector in ndr basic decoder - added torture test for netr_DsrEnumerateDomainTrusts() (This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
2004-05-28 13:23:30 +00:00
return NULL;
}
r3810: create a LIB_SECURITY subsystem - move dom_sid, security_descriptor, security_* funtions to one place and rename some of them metze (This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
2004-11-17 14:35:29 +00:00
return st;
}
r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2004-12-30 20:34:20 +00:00
/****************************************************************************
prints a struct security_token to debug output.
****************************************************************************/
libcli/security Add debug class to security_token_debug() et al This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-09-17 15:23:19 +10:00
void security_token_debug(int dbg_class, int dbg_lev, const struct security_token *token)
r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2004-12-30 20:34:20 +00:00
{
TALLOC_CTX *mem_ctx;
s4:libcli/security/*.c - fix some wrong typed counters According to "librpc/gen_ndr/security.h" they need to be "uint32_t".
2010-09-09 20:31:38 +02:00
uint32_t i;
r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2004-12-30 20:34:20 +00:00
if (!token) {
libcli/security Add debug class to security_token_debug() et al This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-09-17 15:23:19 +10:00
DEBUGC(dbg_class, dbg_lev, ("Security token: (NULL)\n"));
r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2004-12-30 20:34:20 +00:00
return;
}
mem_ctx = talloc_init("security_token_debug()");
if (!mem_ctx) {
return;
}
libcli/security Add debug class to security_token_debug() et al This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-09-17 15:23:19 +10:00
DEBUGC(dbg_class, dbg_lev, ("Security token SIDs (%lu):\n",
r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2004-12-30 20:34:20 +00:00
(unsigned long)token->num_sids));
for (i = 0; i < token->num_sids; i++) {
libcli/security Add debug class to security_token_debug() et al This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-09-17 15:23:19 +10:00
DEBUGADDC(dbg_class, dbg_lev, (" SID[%3lu]: %s\n", (unsigned long)i,
s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-20 12:15:15 +10:00
dom_sid_string(mem_ctx, &token->sids[i])));
r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2004-12-30 20:34:20 +00:00
}
libcli/security Add debug class to security_token_debug() et al This will allow it to replace functions in source3 that use debug classes. Andrew Bartlett
2010-09-17 15:23:19 +10:00
security_token_debug_privileges(dbg_class, dbg_lev, token);
r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2004-12-30 20:34:20 +00:00
r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2005-01-27 07:08:20 +00:00
talloc_free(mem_ctx);
r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2004-12-30 20:34:20 +00:00
}
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 11:31:45 +00:00
/* These really should be cheaper... */
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 11:31:45 +00:00
{
s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-20 12:15:15 +10:00
if (token->sids && dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX], sid)) {
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
return true;
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 11:31:45 +00:00
}
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
return false;
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 11:31:45 +00:00
}
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
bool security_token_is_sid_string(const struct security_token *token, const char *sid_string)
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 11:31:45 +00:00
{
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
bool ret;
r14894: - add some 'const' - remove sid_active_in_token() was the same as security_token_has_sid() - rename some functions metze (This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
2006-04-03 15:18:12 +00:00
struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
if (!sid) return false;
r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2006-03-31 11:05:33 +00:00
ret = security_token_is_sid(token, sid);
talloc_free(sid);
return ret;
r10810: This adds the hooks required to communicate the current user from the authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2005-10-07 11:31:45 +00:00
}
libcli/security Move most of security_token.c to common code. The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-09-17 12:59:24 +10:00
bool security_token_is_system(const struct security_token *token)
r12747: Add a couple more token tests, used by the kludge ACL module. Andrew Bartlett (This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)
2006-01-06 21:20:09 +00:00
{
libcli/security Use static SIDs rather than parsing from strings This should make the security_token_is_*() calls a little faster. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-21 07:14:38 +10:00
return security_token_is_sid(token, &global_sid_System);
r12747: Add a couple more token tests, used by the kludge ACL module. Andrew Bartlett (This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)
2006-01-06 21:20:09 +00:00
}
libcli/security Move most of security_token.c to common code. The source4-specific session_info functions have been left in session.c Andrew Bartlett
2010-09-17 12:59:24 +10:00
bool security_token_is_anonymous(const struct security_token *token)
r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2006-03-31 11:05:33 +00:00
{
libcli/security Use static SIDs rather than parsing from strings This should make the security_token_is_*() calls a little faster. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-21 07:14:38 +10:00
return security_token_is_sid(token, &global_sid_Anonymous);
r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2006-03-31 11:05:33 +00:00
}
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
r12747: Add a couple more token tests, used by the kludge ACL module. Andrew Bartlett (This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)
2006-01-06 21:20:09 +00:00
{
s4:libcli/security/*.c - fix some wrong typed counters According to "librpc/gen_ndr/security.h" they need to be "uint32_t".
2010-09-09 20:31:38 +02:00
uint32_t i;
r12747: Add a couple more token tests, used by the kludge ACL module. Andrew Bartlett (This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)
2006-01-06 21:20:09 +00:00
for (i = 0; i < token->num_sids; i++) {
s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett
2010-08-20 12:15:15 +10:00
if (dom_sid_equal(&token->sids[i], sid)) {
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
return true;
r12747: Add a couple more token tests, used by the kludge ACL module. Andrew Bartlett (This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)
2006-01-06 21:20:09 +00:00
}
}
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
return false;
r12747: Add a couple more token tests, used by the kludge ACL module. Andrew Bartlett (This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)
2006-01-06 21:20:09 +00:00
}
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
bool security_token_has_sid_string(const struct security_token *token, const char *sid_string)
r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2006-03-31 11:05:33 +00:00
{
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
bool ret;
r14894: - add some 'const' - remove sid_active_in_token() was the same as security_token_has_sid() - rename some functions metze (This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
2006-04-03 15:18:12 +00:00
struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
if (!sid) return false;
r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2006-03-31 11:05:33 +00:00
ret = security_token_has_sid(token, sid);
talloc_free(sid);
return ret;
}
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
bool security_token_has_builtin_administrators(const struct security_token *token)
r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2006-03-31 11:05:33 +00:00
{
libcli/security Use static SIDs rather than parsing from strings This should make the security_token_is_*() calls a little faster. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-21 07:14:38 +10:00
return security_token_has_sid(token, &global_sid_Builtin_Administrators);
r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2006-03-31 11:05:33 +00:00
}
r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-06 22:28:14 +00:00
bool security_token_has_nt_authenticated_users(const struct security_token *token)
r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2006-03-31 11:05:33 +00:00
{
libcli/security Use static SIDs rather than parsing from strings This should make the security_token_is_*() calls a little faster. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-21 07:14:38 +10:00
return security_token_has_sid(token, &global_sid_Authenticated_Users);
r14840: - rename some functions - stack specific functions on top of generic ones metze (This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
2006-03-31 11:05:33 +00:00
}
More kludge ACLs! Rather than killing off the nasty 'kludge ACLs' stuff, this patch extends it, to ensure that LSA secrets and the registry are also protected. Andrew Bartlett (This used to be commit 2f2b110fb870132099bad1d4c16ed8962affb3ce)
2008-03-20 12:12:10 +11:00
s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-09-15 19:25:45 -07:00
bool security_token_has_enterprise_dcs(const struct security_token *token)
{
libcli/security Use static SIDs rather than parsing from strings This should make the security_token_is_*() calls a little faster. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-21 07:14:38 +10:00
return security_token_has_sid(token, &global_sid_Enterprise_DCs);
s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-09-15 19:25:45 -07:00
}
Copy Permalink