2010-09-17 06:59:24 +04:00
/*
2004-05-28 17:23:30 +04:00
Unix SMB / CIFS implementation .
2009-07-15 15:25:04 +04:00
security descriptor utility functions
2004-05-28 17:23:30 +04:00
Copyright ( C ) Andrew Tridgell 2004
2010-09-17 06:59:24 +04:00
Copyright ( C ) Andrew Bartlett 2010
2005-01-09 15:55:25 +03:00
Copyright ( C ) Stefan Metzmacher 2005
2010-09-17 06:59:24 +04:00
2004-05-28 17:23:30 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2004-05-28 17:23:30 +04:00
( at your option ) any later version .
2010-09-17 06:59:24 +04:00
2004-05-28 17:23:30 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2010-09-17 06:59:24 +04:00
2004-05-28 17:23:30 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2004-05-28 17:23:30 +04:00
*/
# include "includes.h"
2010-09-17 06:59:24 +04:00
# include "libcli/security/security_token.h"
# include "libcli/security/dom_sid.h"
# include "libcli/security/privileges.h"
2004-05-28 17:23:30 +04:00
/*
2004-12-11 08:41:19 +03:00
return a blank security token
2004-05-28 17:23:30 +04:00
*/
2004-11-17 17:35:29 +03:00
struct security_token * security_token_initialise ( TALLOC_CTX * mem_ctx )
2004-05-28 17:23:30 +04:00
{
2004-11-17 17:35:29 +03:00
struct security_token * st ;
2004-05-28 17:23:30 +04:00
2010-09-11 11:00:10 +04:00
st = talloc_zero ( mem_ctx , struct security_token ) ;
2004-11-17 17:35:29 +03:00
if ( ! st ) {
2004-05-28 17:23:30 +04:00
return NULL ;
}
2004-11-17 17:35:29 +03:00
return st ;
}
2004-12-30 23:34:20 +03:00
/****************************************************************************
prints a struct security_token to debug output .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-09-17 09:23:19 +04:00
void security_token_debug ( int dbg_class , int dbg_lev , const struct security_token * token )
2004-12-30 23:34:20 +03:00
{
TALLOC_CTX * mem_ctx ;
2010-09-09 22:31:38 +04:00
uint32_t i ;
2004-12-30 23:34:20 +03:00
if ( ! token ) {
2010-09-17 09:23:19 +04:00
DEBUGC ( dbg_class , dbg_lev , ( " Security token: (NULL) \n " ) ) ;
2004-12-30 23:34:20 +03:00
return ;
}
mem_ctx = talloc_init ( " security_token_debug() " ) ;
if ( ! mem_ctx ) {
return ;
}
2010-09-17 09:23:19 +04:00
DEBUGC ( dbg_class , dbg_lev , ( " Security token SIDs (%lu): \n " ,
2004-12-30 23:34:20 +03:00
( unsigned long ) token - > num_sids ) ) ;
for ( i = 0 ; i < token - > num_sids ; i + + ) {
2010-09-17 09:23:19 +04:00
DEBUGADDC ( dbg_class , dbg_lev , ( " SID[%3lu]: %s \n " , ( unsigned long ) i ,
2010-08-20 06:15:15 +04:00
dom_sid_string ( mem_ctx , & token - > sids [ i ] ) ) ) ;
2004-12-30 23:34:20 +03:00
}
2010-09-17 09:23:19 +04:00
security_token_debug_privileges ( dbg_class , dbg_lev , token ) ;
2004-12-30 23:34:20 +03:00
2005-01-27 10:08:20 +03:00
talloc_free ( mem_ctx ) ;
2004-12-30 23:34:20 +03:00
}
2005-10-07 15:31:45 +04:00
/* These really should be cheaper... */
2007-10-07 02:28:14 +04:00
bool security_token_is_sid ( const struct security_token * token , const struct dom_sid * sid )
2005-10-07 15:31:45 +04:00
{
2010-08-20 06:15:15 +04:00
if ( token - > sids & & dom_sid_equal ( & token - > sids [ PRIMARY_USER_SID_INDEX ] , sid ) ) {
2007-10-07 02:28:14 +04:00
return true ;
2005-10-07 15:31:45 +04:00
}
2007-10-07 02:28:14 +04:00
return false ;
2005-10-07 15:31:45 +04:00
}
2007-10-07 02:28:14 +04:00
bool security_token_is_sid_string ( const struct security_token * token , const char * sid_string )
2005-10-07 15:31:45 +04:00
{
2007-10-07 02:28:14 +04:00
bool ret ;
2014-05-27 00:57:31 +04:00
struct dom_sid sid ;
2006-03-31 15:05:33 +04:00
2014-05-27 00:57:31 +04:00
ret = dom_sid_parse ( sid_string , & sid ) ;
if ( ! ret ) {
return false ;
}
2006-03-31 15:05:33 +04:00
2014-05-27 00:57:31 +04:00
ret = security_token_is_sid ( token , & sid ) ;
2006-03-31 15:05:33 +04:00
return ret ;
2005-10-07 15:31:45 +04:00
}
2010-09-17 06:59:24 +04:00
bool security_token_is_system ( const struct security_token * token )
2006-01-07 00:20:09 +03:00
{
2010-09-21 01:14:38 +04:00
return security_token_is_sid ( token , & global_sid_System ) ;
2006-01-07 00:20:09 +03:00
}
2010-09-17 06:59:24 +04:00
bool security_token_is_anonymous ( const struct security_token * token )
2006-03-31 15:05:33 +04:00
{
2010-09-21 01:14:38 +04:00
return security_token_is_sid ( token , & global_sid_Anonymous ) ;
2006-03-31 15:05:33 +04:00
}
2007-10-07 02:28:14 +04:00
bool security_token_has_sid ( const struct security_token * token , const struct dom_sid * sid )
2006-01-07 00:20:09 +03:00
{
2010-09-09 22:31:38 +04:00
uint32_t i ;
2006-01-07 00:20:09 +03:00
for ( i = 0 ; i < token - > num_sids ; i + + ) {
2010-08-20 06:15:15 +04:00
if ( dom_sid_equal ( & token - > sids [ i ] , sid ) ) {
2007-10-07 02:28:14 +04:00
return true ;
2006-01-07 00:20:09 +03:00
}
}
2007-10-07 02:28:14 +04:00
return false ;
2006-01-07 00:20:09 +03:00
}
2007-10-07 02:28:14 +04:00
bool security_token_has_sid_string ( const struct security_token * token , const char * sid_string )
2006-03-31 15:05:33 +04:00
{
2007-10-07 02:28:14 +04:00
bool ret ;
2014-05-27 00:57:31 +04:00
struct dom_sid sid ;
2006-03-31 15:05:33 +04:00
2014-05-27 00:57:31 +04:00
ret = dom_sid_parse ( sid_string , & sid ) ;
if ( ! ret ) {
return false ;
}
2006-03-31 15:05:33 +04:00
2014-05-27 00:57:31 +04:00
ret = security_token_has_sid ( token , & sid ) ;
2006-03-31 15:05:33 +04:00
return ret ;
}
2016-04-20 17:29:42 +03:00
bool security_token_has_builtin_guests ( const struct security_token * token )
{
return security_token_has_sid ( token , & global_sid_Builtin_Guests ) ;
}
2007-10-07 02:28:14 +04:00
bool security_token_has_builtin_administrators ( const struct security_token * token )
2006-03-31 15:05:33 +04:00
{
2010-09-21 01:14:38 +04:00
return security_token_has_sid ( token , & global_sid_Builtin_Administrators ) ;
2006-03-31 15:05:33 +04:00
}
2007-10-07 02:28:14 +04:00
bool security_token_has_nt_authenticated_users ( const struct security_token * token )
2006-03-31 15:05:33 +04:00
{
2010-09-21 01:14:38 +04:00
return security_token_has_sid ( token , & global_sid_Authenticated_Users ) ;
2006-03-31 15:05:33 +04:00
}
2008-03-20 04:12:10 +03:00
2009-09-16 06:25:45 +04:00
bool security_token_has_enterprise_dcs ( const struct security_token * token )
{
2010-09-21 01:14:38 +04:00
return security_token_has_sid ( token , & global_sid_Enterprise_DCs ) ;
2009-09-16 06:25:45 +04:00
}