2007-06-14 15:29:35 +04:00
/*
* Unix SMB / CIFS implementation .
* Authentication utility functions
* Copyright ( C ) Andrew Tridgell 1992 - 1998
* Copyright ( C ) Andrew Bartlett 2001
* Copyright ( C ) Jeremy Allison 2000 - 2001
* Copyright ( C ) Rafal Szczesniak 2002
* Copyright ( C ) Volker Lendecke 2006
* Copyright ( C ) Michael Adam 2007
2008-02-29 20:23:53 +03:00
* Copyright ( C ) Guenther Deschner 2007
2007-06-14 15:29:35 +04:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
* the Free Software Foundation ; either version 3 of the License , or
2007-06-14 15:29:35 +04:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2007-07-10 09:23:25 +04:00
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
2007-06-14 15:29:35 +04:00
*/
/* function(s) moved from auth/auth_util.c to minimize linker deps */
# include "includes.h"
2010-10-12 08:27:50 +04:00
# include "../libcli/security/security.h"
2007-06-14 15:29:35 +04:00
/****************************************************************************
Duplicate a SID token .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 16:08:22 +04:00
struct security_token * dup_nt_token ( TALLOC_CTX * mem_ctx , const struct security_token * ptoken )
2007-06-14 15:29:35 +04:00
{
2010-08-26 16:08:22 +04:00
struct security_token * token ;
2007-06-14 15:29:35 +04:00
if ( ! ptoken )
return NULL ;
2010-08-26 16:08:22 +04:00
token = TALLOC_ZERO_P ( mem_ctx , struct security_token ) ;
2007-06-14 15:29:35 +04:00
if ( token = = NULL ) {
DEBUG ( 0 , ( " talloc failed \n " ) ) ;
return NULL ;
}
2010-08-31 03:32:52 +04:00
if ( ptoken - > sids & & ptoken - > num_sids ) {
token - > sids = ( struct dom_sid * ) talloc_memdup (
token , ptoken - > sids , sizeof ( struct dom_sid ) * ptoken - > num_sids ) ;
2007-06-14 15:29:35 +04:00
2010-08-31 03:32:52 +04:00
if ( token - > sids = = NULL ) {
2007-06-14 15:29:35 +04:00
DEBUG ( 0 , ( " talloc_memdup failed \n " ) ) ;
TALLOC_FREE ( token ) ;
return NULL ;
}
token - > num_sids = ptoken - > num_sids ;
}
2010-08-30 07:14:40 +04:00
token - > privilege_mask = ptoken - > privilege_mask ;
2010-09-17 10:23:53 +04:00
token - > rights_mask = ptoken - > rights_mask ;
2007-06-14 15:29:35 +04:00
return token ;
}
2008-02-29 20:23:53 +03:00
/****************************************************************************
merge NT tokens
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
NTSTATUS merge_nt_token ( TALLOC_CTX * mem_ctx ,
2010-08-26 14:04:11 +04:00
const struct security_token * token_1 ,
const struct security_token * token_2 ,
struct security_token * * token_out )
2008-02-29 20:23:53 +03:00
{
2010-08-26 14:04:11 +04:00
struct security_token * token = NULL ;
2008-02-29 20:23:53 +03:00
NTSTATUS status ;
int i ;
if ( ! token_1 | | ! token_2 | | ! token_out ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2010-08-26 14:04:11 +04:00
token = TALLOC_ZERO_P ( mem_ctx , struct security_token ) ;
2008-02-29 20:23:53 +03:00
NT_STATUS_HAVE_NO_MEMORY ( token ) ;
for ( i = 0 ; i < token_1 - > num_sids ; i + + ) {
status = add_sid_to_array_unique ( mem_ctx ,
2010-08-31 03:32:52 +04:00
& token_1 - > sids [ i ] ,
& token - > sids ,
2008-02-29 20:23:53 +03:00
& token - > num_sids ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
TALLOC_FREE ( token ) ;
return status ;
}
}
for ( i = 0 ; i < token_2 - > num_sids ; i + + ) {
status = add_sid_to_array_unique ( mem_ctx ,
2010-08-31 03:32:52 +04:00
& token_2 - > sids [ i ] ,
& token - > sids ,
2008-02-29 20:23:53 +03:00
& token - > num_sids ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
TALLOC_FREE ( token ) ;
return status ;
}
}
2010-08-30 07:14:40 +04:00
token - > privilege_mask | = token_1 - > privilege_mask ;
token - > privilege_mask | = token_2 - > privilege_mask ;
2008-02-29 20:23:53 +03:00
2010-09-17 10:23:53 +04:00
token - > rights_mask | = token_1 - > rights_mask ;
token - > rights_mask | = token_2 - > rights_mask ;
2008-02-29 20:23:53 +03:00
* token_out = token ;
return NT_STATUS_OK ;
}
2009-03-01 19:59:30 +03:00
/*******************************************************************
2010-05-18 05:25:38 +04:00
Check if this struct security_ace has a SID in common with the token .
2009-03-01 19:59:30 +03:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 16:08:22 +04:00
bool token_sid_in_ace ( const struct security_token * token , const struct security_ace * ace )
2009-03-01 19:59:30 +03:00
{
size_t i ;
for ( i = 0 ; i < token - > num_sids ; i + + ) {
2010-08-26 17:48:50 +04:00
if ( dom_sid_equal ( & ace - > trustee , & token - > sids [ i ] ) )
2009-03-01 19:59:30 +03:00
return true ;
}
return false ;
}