2004-04-07 11:20:53 +04:00
/*
Unix SMB / CIFS implementation .
2004-11-17 17:35:29 +03:00
Samba utility functions
2004-11-18 01:12:46 +03:00
Copyright ( C ) Stefan ( metze ) Metzmacher 2002 - 2004
2004-11-17 17:35:29 +03:00
Copyright ( C ) Andrew Tridgell 1992 - 2004
Copyright ( C ) Jeremy Allison 1999
2004-04-07 11:20:53 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2004-11-17 17:35:29 +03:00
# include "librpc/gen_ndr/ndr_security.h"
/*****************************************************************
Compare the auth portion of two sids .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int dom_sid_compare_auth ( const struct dom_sid * sid1 , const struct dom_sid * sid2 )
{
int i ;
if ( sid1 = = sid2 )
return 0 ;
if ( ! sid1 )
return - 1 ;
if ( ! sid2 )
return 1 ;
if ( sid1 - > sid_rev_num ! = sid2 - > sid_rev_num )
return sid1 - > sid_rev_num - sid2 - > sid_rev_num ;
for ( i = 0 ; i < 6 ; i + + )
if ( sid1 - > id_auth [ i ] ! = sid2 - > id_auth [ i ] )
return sid1 - > id_auth [ i ] - sid2 - > id_auth [ i ] ;
return 0 ;
}
/*****************************************************************
Compare two sids .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int dom_sid_compare ( const struct dom_sid * sid1 , const struct dom_sid * sid2 )
{
int i ;
if ( sid1 = = sid2 )
return 0 ;
if ( ! sid1 )
return - 1 ;
if ( ! sid2 )
return 1 ;
/* Compare most likely different rids, first: i.e start at end */
if ( sid1 - > num_auths ! = sid2 - > num_auths )
return sid1 - > num_auths - sid2 - > num_auths ;
for ( i = sid1 - > num_auths - 1 ; i > = 0 ; - - i )
if ( sid1 - > sub_auths [ i ] ! = sid2 - > sub_auths [ i ] )
return sid1 - > sub_auths [ i ] - sid2 - > sub_auths [ i ] ;
return dom_sid_compare_auth ( sid1 , sid2 ) ;
}
/*****************************************************************
Compare two sids .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
BOOL dom_sid_equal ( const struct dom_sid * sid1 , const struct dom_sid * sid2 )
{
return dom_sid_compare ( sid1 , sid2 ) = = 0 ;
}
2004-04-07 11:20:53 +04:00
2004-10-29 12:31:27 +04:00
/*
convert a dom_sid to a string
*/
char * dom_sid_string ( TALLOC_CTX * mem_ctx , const struct dom_sid * sid )
{
int i , ofs , maxlen ;
uint32_t ia ;
char * ret ;
if ( ! sid ) {
return talloc_strdup ( mem_ctx , " (NULL SID) " ) ;
}
maxlen = sid - > num_auths * 11 + 25 ;
ret = talloc ( mem_ctx , maxlen ) ;
if ( ! ret ) return talloc_strdup ( mem_ctx , " (SID ERR) " ) ;
ia = ( sid - > id_auth [ 5 ] ) +
( sid - > id_auth [ 4 ] < < 8 ) +
( sid - > id_auth [ 3 ] < < 16 ) +
( sid - > id_auth [ 2 ] < < 24 ) ;
ofs = snprintf ( ret , maxlen , " S-%u-%lu " ,
( uint_t ) sid - > sid_rev_num , ( unsigned long ) ia ) ;
for ( i = 0 ; i < sid - > num_auths ; i + + ) {
ofs + = snprintf ( ret + ofs , maxlen - ofs , " -%lu " , ( unsigned long ) sid - > sub_auths [ i ] ) ;
}
return ret ;
}
2004-04-07 11:20:53 +04:00
/*
convert a string to a dom_sid , returning a talloc ' d dom_sid
*/
struct dom_sid * dom_sid_parse_talloc ( TALLOC_CTX * mem_ctx , const char * sidstr )
{
struct dom_sid * ret ;
2004-06-01 12:12:45 +04:00
uint_t rev , ia , num_sub_auths , i ;
2004-04-07 11:20:53 +04:00
char * p ;
if ( strncasecmp ( sidstr , " S- " , 2 ) ) {
return NULL ;
}
sidstr + = 2 ;
rev = strtol ( sidstr , & p , 10 ) ;
if ( * p ! = ' - ' ) {
return NULL ;
}
sidstr = p + 1 ;
ia = strtol ( sidstr , & p , 10 ) ;
2004-04-18 07:57:09 +04:00
if ( p = = sidstr ) {
2004-04-07 11:20:53 +04:00
return NULL ;
}
2004-04-18 07:57:09 +04:00
sidstr = p ;
2004-04-07 11:20:53 +04:00
num_sub_auths = 0 ;
for ( i = 0 ; sidstr [ i ] ; i + + ) {
if ( sidstr [ i ] = = ' - ' ) num_sub_auths + + ;
}
ret = talloc_p ( mem_ctx , struct dom_sid ) ;
if ( ! ret ) {
return NULL ;
}
2004-05-25 20:24:13 +04:00
ret - > sub_auths = talloc_array_p ( mem_ctx , uint32_t , num_sub_auths ) ;
2004-04-07 11:20:53 +04:00
if ( ! ret - > sub_auths ) {
return NULL ;
}
ret - > sid_rev_num = rev ;
ret - > id_auth [ 0 ] = 0 ;
ret - > id_auth [ 1 ] = 0 ;
ret - > id_auth [ 2 ] = ia > > 24 ;
ret - > id_auth [ 3 ] = ia > > 16 ;
ret - > id_auth [ 4 ] = ia > > 8 ;
ret - > id_auth [ 5 ] = ia ;
ret - > num_auths = num_sub_auths ;
for ( i = 0 ; i < num_sub_auths ; i + + ) {
2004-04-18 07:57:09 +04:00
if ( sidstr [ 0 ] ! = ' - ' ) {
2004-04-07 11:20:53 +04:00
return NULL ;
}
2004-04-18 07:57:09 +04:00
sidstr + + ;
2004-07-06 00:33:17 +04:00
ret - > sub_auths [ i ] = strtoul ( sidstr , & p , 10 ) ;
2004-04-18 07:57:09 +04:00
if ( p = = sidstr ) {
2004-04-07 11:20:53 +04:00
return NULL ;
}
2004-04-18 07:57:09 +04:00
sidstr = p ;
2004-04-07 11:20:53 +04:00
}
return ret ;
}
2004-06-07 12:54:49 +04:00
/*
convert a string to a dom_sid , returning a talloc ' d dom_sid
*/
2004-11-17 17:35:29 +03:00
struct dom_sid * dom_sid_dup ( TALLOC_CTX * mem_ctx , const struct dom_sid * dom_sid )
2004-06-07 12:54:49 +04:00
{
struct dom_sid * ret ;
int i ;
ret = talloc_p ( mem_ctx , struct dom_sid ) ;
if ( ! ret ) {
return NULL ;
}
ret - > sub_auths = talloc_array_p ( mem_ctx , uint32_t , dom_sid - > num_auths ) ;
if ( ! ret - > sub_auths ) {
return NULL ;
}
ret - > sid_rev_num = dom_sid - > sid_rev_num ;
ret - > id_auth [ 0 ] = dom_sid - > id_auth [ 0 ] ;
ret - > id_auth [ 1 ] = dom_sid - > id_auth [ 1 ] ;
ret - > id_auth [ 2 ] = dom_sid - > id_auth [ 2 ] ;
ret - > id_auth [ 3 ] = dom_sid - > id_auth [ 3 ] ;
ret - > id_auth [ 4 ] = dom_sid - > id_auth [ 4 ] ;
ret - > id_auth [ 5 ] = dom_sid - > id_auth [ 5 ] ;
ret - > num_auths = dom_sid - > num_auths ;
for ( i = 0 ; i < dom_sid - > num_auths ; i + + ) {
ret - > sub_auths [ i ] = dom_sid - > sub_auths [ i ] ;
}
return ret ;
}
2004-10-29 12:31:27 +04:00
/*
add a rid to a domain dom_sid to make a full dom_sid
*/
struct dom_sid * dom_sid_add_rid ( TALLOC_CTX * mem_ctx ,
const struct dom_sid * domain_sid ,
uint32_t rid )
{
struct dom_sid * sid ;
sid = talloc_p ( mem_ctx , struct dom_sid ) ;
if ( ! sid ) return NULL ;
* sid = * domain_sid ;
/*TODO: use realloc! */
sid - > sub_auths = talloc_array_p ( mem_ctx , uint32_t , sid - > num_auths + 1 ) ;
if ( ! sid - > sub_auths ) {
return NULL ;
}
memcpy ( sid - > sub_auths , domain_sid - > sub_auths , sid - > num_auths * sizeof ( uint32_t ) ) ;
sid - > sub_auths [ sid - > num_auths ] = rid ;
sid - > num_auths + + ;
return sid ;
}