2009-02-01 18:08:45 +03:00
/*
2004-04-07 11:20:53 +04:00
Unix SMB / CIFS implementation .
2004-11-17 17:35:29 +03:00
Samba utility functions
2004-11-18 01:12:46 +03:00
Copyright ( C ) Stefan ( metze ) Metzmacher 2002 - 2004
2004-11-17 17:35:29 +03:00
Copyright ( C ) Andrew Tridgell 1992 - 2004
Copyright ( C ) Jeremy Allison 1999
2009-02-01 18:08:45 +03:00
2004-04-07 11:20:53 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2004-04-07 11:20:53 +04:00
( at your option ) any later version .
2009-02-01 18:08:45 +03:00
2004-04-07 11:20:53 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2009-02-01 18:08:45 +03:00
2004-04-07 11:20:53 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2004-04-07 11:20:53 +04:00
*/
2018-10-18 06:46:03 +03:00
# include "replace.h"
# include "lib/util/data_blob.h"
# include "system/locale.h"
# include "lib/util/debug.h"
2019-01-30 10:39:15 +03:00
# include "lib/util/util.h"
2006-03-18 18:42:57 +03:00
# include "librpc/gen_ndr/security.h"
2009-02-14 19:42:51 +03:00
# include "dom_sid.h"
2020-07-03 09:11:20 +03:00
# include "lib/util/smb_strtox.h"
2004-11-17 17:35:29 +03:00
/*****************************************************************
Compare the auth portion of two sids .
2009-02-01 18:08:45 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-11-17 17:35:29 +03:00
2010-09-18 06:55:31 +04:00
int dom_sid_compare_auth ( const struct dom_sid * sid1 ,
const struct dom_sid * sid2 )
2004-11-17 17:35:29 +03:00
{
int i ;
if ( sid1 = = sid2 )
return 0 ;
if ( ! sid1 )
return - 1 ;
if ( ! sid2 )
return 1 ;
if ( sid1 - > sid_rev_num ! = sid2 - > sid_rev_num )
return sid1 - > sid_rev_num - sid2 - > sid_rev_num ;
for ( i = 0 ; i < 6 ; i + + )
if ( sid1 - > id_auth [ i ] ! = sid2 - > id_auth [ i ] )
return sid1 - > id_auth [ i ] - sid2 - > id_auth [ i ] ;
return 0 ;
}
/*****************************************************************
Compare two sids .
2009-02-01 18:08:45 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-11-17 17:35:29 +03:00
2008-12-22 01:05:35 +03:00
int dom_sid_compare ( const struct dom_sid * sid1 , const struct dom_sid * sid2 )
2004-11-17 17:35:29 +03:00
{
int i ;
if ( sid1 = = sid2 )
return 0 ;
if ( ! sid1 )
return - 1 ;
if ( ! sid2 )
return 1 ;
/* Compare most likely different rids, first: i.e start at end */
if ( sid1 - > num_auths ! = sid2 - > num_auths )
return sid1 - > num_auths - sid2 - > num_auths ;
for ( i = sid1 - > num_auths - 1 ; i > = 0 ; - - i )
if ( sid1 - > sub_auths [ i ] ! = sid2 - > sub_auths [ i ] )
return sid1 - > sub_auths [ i ] - sid2 - > sub_auths [ i ] ;
return dom_sid_compare_auth ( sid1 , sid2 ) ;
}
/*****************************************************************
Compare two sids .
2009-02-01 18:08:45 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2004-11-17 17:35:29 +03:00
2007-09-08 17:27:14 +04:00
bool dom_sid_equal ( const struct dom_sid * sid1 , const struct dom_sid * sid2 )
2004-11-17 17:35:29 +03:00
{
return dom_sid_compare ( sid1 , sid2 ) = = 0 ;
}
2004-04-07 11:20:53 +04:00
2010-09-04 08:09:17 +04:00
/*****************************************************************
Add a rid to the end of a sid
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-01-25 18:44:38 +03:00
2010-09-04 08:09:17 +04:00
bool sid_append_rid ( struct dom_sid * sid , uint32_t rid )
2004-04-07 11:20:53 +04:00
{
2010-09-04 08:09:17 +04:00
if ( sid - > num_auths < ARRAY_SIZE ( sid - > sub_auths ) ) {
sid - > sub_auths [ sid - > num_auths + + ] = rid ;
return true ;
}
return false ;
}
2010-08-26 18:41:15 +04:00
/*
See if 2 SIDs are in the same domain
this just compares the leading sub - auths
*/
int dom_sid_compare_domain ( const struct dom_sid * sid1 ,
const struct dom_sid * sid2 )
{
int n , i ;
n = MIN ( sid1 - > num_auths , sid2 - > num_auths ) ;
for ( i = n - 1 ; i > = 0 ; - - i )
if ( sid1 - > sub_auths [ i ] ! = sid2 - > sub_auths [ i ] )
return sid1 - > sub_auths [ i ] - sid2 - > sub_auths [ i ] ;
return dom_sid_compare_auth ( sid1 , sid2 ) ;
}
2010-09-04 08:09:17 +04:00
/*****************************************************************
Convert a string to a SID . Returns True on success , False on fail .
2011-03-07 22:16:13 +03:00
Return the first character not parsed in endp .
2010-09-04 08:09:17 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2013-07-31 18:38:20 +04:00
# define AUTHORITY_MASK (~(0xffffffffffffULL))
2009-02-01 18:08:45 +03:00
2011-03-07 22:16:13 +03:00
bool dom_sid_parse_endp ( const char * sidstr , struct dom_sid * sidout ,
const char * * endp )
2010-09-04 08:09:17 +04:00
{
const char * p ;
2023-04-12 02:38:24 +03:00
char * q = NULL ;
char * end = NULL ;
2013-07-31 18:38:20 +04:00
uint64_t conv ;
2019-01-30 10:39:15 +03:00
int error = 0 ;
2010-09-04 08:09:17 +04:00
2010-09-15 01:45:45 +04:00
ZERO_STRUCTP ( sidout ) ;
2010-09-04 08:09:17 +04:00
if ( ( sidstr [ 0 ] ! = ' S ' & & sidstr [ 0 ] ! = ' s ' ) | | sidstr [ 1 ] ! = ' - ' ) {
goto format_error ;
2004-04-07 11:20:53 +04:00
}
2010-09-04 08:09:17 +04:00
/* Get the revision number. */
p = sidstr + 2 ;
2023-04-21 06:32:01 +03:00
if ( ! isdigit ( ( unsigned char ) * p ) ) {
2010-09-04 08:09:17 +04:00
goto format_error ;
2004-04-07 11:20:53 +04:00
}
2019-06-04 09:59:07 +03:00
conv = smb_strtoul ( p , & q , 10 , & error , SMB_STR_STANDARD ) ;
2023-03-16 05:42:52 +03:00
if ( error ! = 0 | | ( * q ! = ' - ' ) | | conv > UINT8_MAX | | q - p > 4 ) {
2010-09-04 08:09:17 +04:00
goto format_error ;
2004-04-07 11:20:53 +04:00
}
2010-09-04 08:09:17 +04:00
sidout - > sid_rev_num = ( uint8_t ) conv ;
q + + ;
2004-04-07 11:20:53 +04:00
2023-04-21 06:32:01 +03:00
if ( ! isdigit ( ( unsigned char ) * q ) ) {
2010-09-04 08:09:17 +04:00
goto format_error ;
2004-04-07 11:20:53 +04:00
}
2023-04-12 02:38:24 +03:00
while ( q [ 0 ] = = ' 0 ' & & isdigit ( ( unsigned char ) q [ 1 ] ) ) {
/*
* strtoull will think this is octal , which is not how SIDs
* work ! So let ' s walk along until there are no leading zeros
* ( or a single zero ) .
*/
q + + ;
}
2004-04-07 11:20:53 +04:00
2010-09-04 08:09:17 +04:00
/* get identauth */
2023-04-12 02:38:24 +03:00
conv = smb_strtoull ( q , & end , 0 , & error , SMB_STR_STANDARD ) ;
2019-03-06 12:06:35 +03:00
if ( conv & AUTHORITY_MASK | | error ! = 0 ) {
2010-09-04 08:09:17 +04:00
goto format_error ;
}
2023-04-12 02:38:24 +03:00
if ( conv > = ( 1ULL < < 48 ) | | end - q > 15 ) {
/*
* This identauth looks like a big number , but resolves to a
* small number after rounding .
*/
goto format_error ;
}
2010-09-15 01:45:45 +04:00
2010-09-04 08:09:17 +04:00
/* NOTE - the conv value is in big-endian format. */
2013-07-31 18:38:20 +04:00
sidout - > id_auth [ 0 ] = ( conv & 0xff0000000000ULL ) > > 40 ;
sidout - > id_auth [ 1 ] = ( conv & 0x00ff00000000ULL ) > > 32 ;
sidout - > id_auth [ 2 ] = ( conv & 0x0000ff000000ULL ) > > 24 ;
sidout - > id_auth [ 3 ] = ( conv & 0x000000ff0000ULL ) > > 16 ;
sidout - > id_auth [ 4 ] = ( conv & 0x00000000ff00ULL ) > > 8 ;
sidout - > id_auth [ 5 ] = ( conv & 0x0000000000ffULL ) ;
2010-09-04 08:09:17 +04:00
sidout - > num_auths = 0 ;
2023-04-12 02:38:24 +03:00
q = end ;
2010-09-15 01:45:45 +04:00
if ( * q ! = ' - ' ) {
/* Just id_auth, no subauths */
2016-12-01 19:15:29 +03:00
goto done ;
2010-09-04 08:09:17 +04:00
}
q + + ;
while ( true ) {
2023-04-21 06:32:01 +03:00
if ( ! isdigit ( ( unsigned char ) * q ) ) {
2010-09-04 08:09:17 +04:00
goto format_error ;
}
2023-04-16 03:21:16 +03:00
while ( q [ 0 ] = = ' 0 ' & & isdigit ( ( unsigned char ) q [ 1 ] ) ) {
/*
* strtoull will think this is octal , which is not how
* SIDs work ! So let ' s walk along until there are no
* leading zeros ( or a single zero ) .
*/
q + + ;
}
conv = smb_strtoull ( q , & end , 0 , & error , SMB_STR_STANDARD ) ;
2023-04-12 02:39:25 +03:00
if ( conv > UINT32_MAX | | error ! = 0 | | end - q > 12 ) {
/*
* This sub - auth is greater than 4294967295 ,
* and hence invalid . Windows will treat it as
* 4294967295 , while we prefer to refuse ( old
* versions of Samba will wrap , arriving at
* another number altogether ) .
*/
DBG_NOTICE ( " bad sub-auth in %s \n " , sidstr ) ;
2010-09-04 08:09:17 +04:00
goto format_error ;
2004-04-07 11:20:53 +04:00
}
2010-09-04 08:09:17 +04:00
if ( ! sid_append_rid ( sidout , conv ) ) {
DEBUG ( 3 , ( " Too many sid auths in %s \n " , sidstr ) ) ;
2008-12-21 23:10:40 +03:00
return false ;
2004-04-07 11:20:53 +04:00
}
2010-09-04 08:09:17 +04:00
q = end ;
if ( * q ! = ' - ' ) {
2010-09-15 01:45:45 +04:00
break ;
2010-09-04 08:09:17 +04:00
}
q + = 1 ;
}
2016-12-01 19:15:29 +03:00
done :
2011-03-07 22:16:13 +03:00
if ( endp ! = NULL ) {
* endp = q ;
}
2008-12-21 23:10:40 +03:00
return true ;
2010-09-04 08:09:17 +04:00
format_error :
DEBUG ( 3 , ( " string_to_sid: SID %s is not in a valid format \n " , sidstr ) ) ;
return false ;
}
2011-03-07 22:16:13 +03:00
bool string_to_sid ( struct dom_sid * sidout , const char * sidstr )
{
return dom_sid_parse ( sidstr , sidout ) ;
}
2010-09-04 08:09:17 +04:00
bool dom_sid_parse ( const char * sidstr , struct dom_sid * ret )
{
2011-03-07 22:16:13 +03:00
return dom_sid_parse_endp ( sidstr , ret , NULL ) ;
2008-12-21 23:10:40 +03:00
}
/*
convert a string to a dom_sid , returning a talloc ' d dom_sid
*/
struct dom_sid * dom_sid_parse_talloc ( TALLOC_CTX * mem_ctx , const char * sidstr )
{
struct dom_sid * ret ;
ret = talloc ( mem_ctx , struct dom_sid ) ;
if ( ! ret ) {
return NULL ;
}
if ( ! dom_sid_parse ( sidstr , ret ) ) {
talloc_free ( ret ) ;
return NULL ;
}
2004-04-07 11:20:53 +04:00
return ret ;
2008-08-21 13:24:58 +04:00
}
/*
convert a string to a dom_sid , returning a talloc ' d dom_sid
*/
struct dom_sid * dom_sid_parse_length ( TALLOC_CTX * mem_ctx , const DATA_BLOB * sid )
{
2015-01-02 13:02:45 +03:00
char p [ sid - > length + 1 ] ;
2015-04-29 03:20:42 +03:00
memcpy ( p , sid - > data , sid - > length ) ;
p [ sid - > length ] = ' \0 ' ;
2015-01-02 13:02:45 +03:00
return dom_sid_parse_talloc ( mem_ctx , p ) ;
2004-04-07 11:20:53 +04:00
}
2004-06-07 12:54:49 +04:00
/*
2004-11-18 04:02:27 +03:00
copy a dom_sid structure
2004-06-07 12:54:49 +04:00
*/
2004-11-17 17:35:29 +03:00
struct dom_sid * dom_sid_dup ( TALLOC_CTX * mem_ctx , const struct dom_sid * dom_sid )
2004-06-07 12:54:49 +04:00
{
struct dom_sid * ret ;
int i ;
2009-02-01 18:08:45 +03:00
r12858: This moves the libnet_LookupPdc code to use a GetDC request to find
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.
The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands. (I need this to put these into SWAT).
The only problem I have is that I must create a messaging context, which
requires a server ID. As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number. We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.
Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing. They are good
frontends onto the libnet system, and I see no reason not to test them.
In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.
(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')
In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.
(posted to samba-technical for review, and I'll happily update with
any comments)
Andrew Bartlett
(This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
2006-01-12 06:02:00 +03:00
if ( ! dom_sid ) {
return NULL ;
}
2005-01-27 10:08:20 +03:00
ret = talloc ( mem_ctx , struct dom_sid ) ;
2004-06-07 12:54:49 +04:00
if ( ! ret ) {
return NULL ;
}
ret - > sid_rev_num = dom_sid - > sid_rev_num ;
ret - > id_auth [ 0 ] = dom_sid - > id_auth [ 0 ] ;
ret - > id_auth [ 1 ] = dom_sid - > id_auth [ 1 ] ;
ret - > id_auth [ 2 ] = dom_sid - > id_auth [ 2 ] ;
ret - > id_auth [ 3 ] = dom_sid - > id_auth [ 3 ] ;
ret - > id_auth [ 4 ] = dom_sid - > id_auth [ 4 ] ;
ret - > id_auth [ 5 ] = dom_sid - > id_auth [ 5 ] ;
ret - > num_auths = dom_sid - > num_auths ;
for ( i = 0 ; i < dom_sid - > num_auths ; i + + ) {
ret - > sub_auths [ i ] = dom_sid - > sub_auths [ i ] ;
}
return ret ;
}
2004-10-29 12:31:27 +04:00
/*
2004-11-29 06:19:28 +03:00
add a rid to a domain dom_sid to make a full dom_sid . This function
2008-12-12 21:52:06 +03:00
returns a new sid in the supplied memory context
2004-10-29 12:31:27 +04:00
*/
2009-02-01 18:08:45 +03:00
struct dom_sid * dom_sid_add_rid ( TALLOC_CTX * mem_ctx ,
const struct dom_sid * domain_sid ,
2004-10-29 12:31:27 +04:00
uint32_t rid )
{
struct dom_sid * sid ;
2010-09-04 08:10:31 +04:00
sid = dom_sid_dup ( mem_ctx , domain_sid ) ;
2004-10-29 12:31:27 +04:00
if ( ! sid ) return NULL ;
2010-09-04 08:10:31 +04:00
if ( ! sid_append_rid ( sid , rid ) ) {
talloc_free ( sid ) ;
return NULL ;
}
2004-11-29 06:19:28 +03:00
2004-10-29 12:31:27 +04:00
return sid ;
}
2004-11-26 15:30:39 +03:00
2006-07-17 12:05:02 +04:00
/*
Split up a SID into its domain and RID part
*/
NTSTATUS dom_sid_split_rid ( TALLOC_CTX * mem_ctx , const struct dom_sid * sid ,
struct dom_sid * * domain , uint32_t * rid )
{
if ( sid - > num_auths = = 0 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2007-02-13 12:27:56 +03:00
if ( domain ) {
if ( ! ( * domain = dom_sid_dup ( mem_ctx , sid ) ) ) {
return NT_STATUS_NO_MEMORY ;
}
( * domain ) - > num_auths - = 1 ;
}
if ( rid ) {
* rid = sid - > sub_auths [ sid - > num_auths - 1 ] ;
2006-07-17 12:05:02 +04:00
}
return NT_STATUS_OK ;
}
2004-11-26 15:30:39 +03:00
/*
2007-10-07 02:28:14 +04:00
return true if the 2 nd sid is in the domain given by the first sid
2004-11-26 15:30:39 +03:00
*/
2009-02-01 18:08:45 +03:00
bool dom_sid_in_domain ( const struct dom_sid * domain_sid ,
2004-11-26 15:30:39 +03:00
const struct dom_sid * sid )
{
int i ;
if ( ! domain_sid | | ! sid ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-11-26 15:30:39 +03:00
}
2017-04-10 17:14:45 +03:00
if ( sid - > num_auths < 2 ) {
return false ;
}
if ( domain_sid - > num_auths ! = ( sid - > num_auths - 1 ) ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-11-26 15:30:39 +03:00
}
for ( i = domain_sid - > num_auths - 1 ; i > = 0 ; - - i ) {
if ( domain_sid - > sub_auths [ i ] ! = sid - > sub_auths [ i ] ) {
2007-10-07 02:28:14 +04:00
return false ;
2004-11-26 15:30:39 +03:00
}
}
return dom_sid_compare_auth ( domain_sid , sid ) = = 0 ;
}
2006-04-29 21:34:49 +04:00
2023-03-16 01:25:57 +03:00
bool dom_sid_has_account_domain ( const struct dom_sid * sid )
{
if ( sid = = NULL ) {
return false ;
}
if ( sid - > sid_rev_num ! = 1 ) {
return false ;
}
if ( sid - > num_auths ! = 5 ) {
return false ;
}
if ( sid - > id_auth [ 5 ] ! = 5 ) {
return false ;
}
if ( sid - > id_auth [ 4 ] ! = 0 ) {
return false ;
}
if ( sid - > id_auth [ 3 ] ! = 0 ) {
return false ;
}
if ( sid - > id_auth [ 2 ] ! = 0 ) {
return false ;
}
if ( sid - > id_auth [ 1 ] ! = 0 ) {
return false ;
}
if ( sid - > id_auth [ 0 ] ! = 0 ) {
return false ;
}
if ( sid - > sub_auths [ 0 ] ! = 21 ) {
return false ;
}
return true ;
}
2018-01-25 11:50:17 +03:00
bool dom_sid_is_valid_account_domain ( const struct dom_sid * sid )
{
/*
* We expect S - 1 - 5 - 21 - 9 - 8 - 7 , but we don ' t
* allow S - 1 - 5 - 21 - 0 - 0 - 0 as this is used
* for claims and compound identities .
*
* With this structure :
*
* struct dom_sid {
* uint8_t sid_rev_num ;
* int8_t num_auths ; [ range ( 0 , 15 ) ]
* uint8_t id_auth [ 6 ] ;
* uint32_t sub_auths [ 15 ] ;
* }
*
* S - 1 - 5 - 21 - 9 - 8 - 7 looks like this :
* { 1 , 4 , { 0 , 0 , 0 , 0 , 0 , 5 } , { 21 , 9 , 8 , 7 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 } } ;
*/
if ( sid = = NULL ) {
return false ;
}
if ( sid - > sid_rev_num ! = 1 ) {
return false ;
}
if ( sid - > num_auths ! = 4 ) {
return false ;
}
if ( sid - > id_auth [ 5 ] ! = 5 ) {
return false ;
}
if ( sid - > id_auth [ 4 ] ! = 0 ) {
return false ;
}
if ( sid - > id_auth [ 3 ] ! = 0 ) {
return false ;
}
if ( sid - > id_auth [ 2 ] ! = 0 ) {
return false ;
}
if ( sid - > id_auth [ 1 ] ! = 0 ) {
return false ;
}
if ( sid - > id_auth [ 0 ] ! = 0 ) {
return false ;
}
if ( sid - > sub_auths [ 0 ] ! = 21 ) {
return false ;
}
if ( sid - > sub_auths [ 1 ] = = 0 ) {
return false ;
}
if ( sid - > sub_auths [ 2 ] = = 0 ) {
return false ;
}
if ( sid - > sub_auths [ 3 ] = = 0 ) {
return false ;
}
return true ;
}
2006-04-29 21:34:49 +04:00
/*
2011-03-03 18:59:39 +03:00
Convert a dom_sid to a string , printing into a buffer . Return the
string length . If it overflows , return the string length that would
result ( buflen needs to be + 1 for the terminating 0 ) .
2006-04-29 21:34:49 +04:00
*/
2018-10-26 15:09:32 +03:00
static int dom_sid_string_buf ( const struct dom_sid * sid , char * buf , int buflen )
2006-04-29 21:34:49 +04:00
{
2018-11-01 13:11:17 +03:00
int i , ofs , ret ;
2013-07-31 18:38:21 +04:00
uint64_t ia ;
2009-02-01 18:08:45 +03:00
2006-04-29 21:34:49 +04:00
if ( ! sid ) {
2011-06-01 00:07:11 +04:00
return strlcpy ( buf , " (NULL SID) " , buflen) ;
2006-04-29 21:34:49 +04:00
}
2013-07-31 18:38:21 +04:00
ia = ( ( uint64_t ) sid - > id_auth [ 5 ] ) +
( ( uint64_t ) sid - > id_auth [ 4 ] < < 8 ) +
( ( uint64_t ) sid - > id_auth [ 3 ] < < 16 ) +
( ( uint64_t ) sid - > id_auth [ 2 ] < < 24 ) +
( ( uint64_t ) sid - > id_auth [ 1 ] < < 32 ) +
( ( uint64_t ) sid - > id_auth [ 0 ] < < 40 ) ;
2018-11-01 13:11:17 +03:00
ret = snprintf ( buf , buflen , " S-% " PRIu8 " - " , sid - > sid_rev_num ) ;
if ( ret < 0 ) {
return ret ;
}
ofs = ret ;
2013-07-31 18:38:21 +04:00
if ( ia > = UINT32_MAX ) {
2018-11-01 13:11:17 +03:00
ret = snprintf ( buf + ofs , MAX ( buflen - ofs , 0 ) , " 0x% " PRIx64 , ia ) ;
2013-07-31 18:38:21 +04:00
} else {
2018-11-01 13:11:17 +03:00
ret = snprintf ( buf + ofs , MAX ( buflen - ofs , 0 ) , " % " PRIu64 , ia ) ;
2013-07-31 18:38:21 +04:00
}
2018-11-01 13:11:17 +03:00
if ( ret < 0 ) {
return ret ;
}
ofs + = ret ;
2006-04-29 21:34:49 +04:00
for ( i = 0 ; i < sid - > num_auths ; i + + ) {
2018-11-01 13:11:17 +03:00
ret = snprintf (
buf + ofs ,
MAX ( buflen - ofs , 0 ) ,
" -% " PRIu32 ,
sid - > sub_auths [ i ] ) ;
if ( ret < 0 ) {
return ret ;
}
ofs + = ret ;
2006-04-29 21:34:49 +04:00
}
2011-03-03 18:59:39 +03:00
return ofs ;
}
2009-02-01 18:08:45 +03:00
2011-03-03 18:59:39 +03:00
/*
convert a dom_sid to a string
*/
char * dom_sid_string ( TALLOC_CTX * mem_ctx , const struct dom_sid * sid )
{
char buf [ DOM_SID_STR_BUFLEN ] ;
char * result ;
int len ;
len = dom_sid_string_buf ( sid , buf , sizeof ( buf ) ) ;
2018-11-01 13:11:17 +03:00
if ( ( len < 0 ) | | ( len + 1 > sizeof ( buf ) ) ) {
2011-03-03 18:59:39 +03:00
return talloc_strdup ( mem_ctx , " (SID ERR) " ) ;
}
/*
* Avoid calling strlen ( via talloc_strdup ) , we already have
* the length
*/
result = ( char * ) talloc_memdup ( mem_ctx , buf , len + 1 ) ;
2014-06-03 17:03:56 +04:00
if ( result = = NULL ) {
return NULL ;
}
2011-03-03 18:59:39 +03:00
/*
* beautify the talloc_report output
*/
talloc_set_name_const ( result , result ) ;
return result ;
2006-04-29 21:34:49 +04:00
}
2018-10-18 06:46:37 +03:00
char * dom_sid_str_buf ( const struct dom_sid * sid , struct dom_sid_buf * dst )
{
int ret ;
ret = dom_sid_string_buf ( sid , dst - > buf , sizeof ( dst - > buf ) ) ;
if ( ( ret < 0 ) | | ( ret > = sizeof ( dst - > buf ) ) ) {
strlcpy ( dst - > buf , " (INVALID SID) " , sizeof ( dst - > buf ) ) ;
}
return dst - > buf ;
}