sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
f4a8f84328
samba-mirror/source3/lib/util_wellknown.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

193 lines
4.9 KiB
C
Raw Normal View History

s3-passdb: move util_wellknown.c out of passdb. Guenther
2011-03-23 01:20:49 +03:00
/*
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
Unix SMB/CIFS implementation.
Lookup routines for well-known SIDs
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
Copyright (C) Jeremy Allison 1999
Copyright (C) Volker Lendecke 2005
s3-passdb: move util_wellknown.c out of passdb. Guenther
2011-03-23 01:20:49 +03:00
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-07-09 23:25:36 +04:00
the Free Software Foundation; either version 3 of the License, or
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
(at your option) any later version.
s3-passdb: move util_wellknown.c out of passdb. Guenther
2011-03-23 01:20:49 +03:00
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
s3-passdb: move util_wellknown.c out of passdb. Guenther
2011-03-23 01:20:49 +03:00
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
You should have received a copy of the GNU General Public License
r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-07-10 04:52:41 +04:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
*/
#include "includes.h"
libcli/security Provide a common, top level libcli/security/security.h This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 08:27:50 +04:00
#include "../libcli/security/security.h"
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
struct rid_name_map {
Convert all uint32/16/8 to _t in source3/lib. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-10 02:33:10 +03:00
uint32_t rid;
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
const char *name;
};
struct sid_name_map_info
{
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 05:25:01 +04:00
const struct dom_sid *sid;
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
const char *name;
const struct rid_name_map *known_users;
};
static const struct rid_name_map everyone_users[] = {
{ 0, "Everyone" },
{ 0, NULL}};
security: add local authority well-known SIDs add the S-1-2 well-known SID family Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Thu Nov 24 19:01:08 CET 2011 on sn-devel-104
2011-09-01 18:09:01 +04:00
static const struct rid_name_map local_authority_users[] = {
{ 0, "Local" },
{ 1, "Console Logon" },
{ 0, NULL}};
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
static const struct rid_name_map creator_owner_users[] = {
{ 0, "Creator Owner" },
{ 1, "Creator Group" },
s3:lib add some more well-known sids add S-1-3-2/Creator Owner Server, S-1-3-3/Creator Group Server and S-1-3-4/Owner Rights to the well-known SID list
2011-08-29 19:40:18 +04:00
{ 2, "Creator Owner Server" },
{ 3, "Creator Group Server" },
{ 4, "Owner Rights" },
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
{ 0, NULL}};
static const struct rid_name_map nt_authority_users[] = {
{ 1, "Dialup" },
{ 2, "Network"},
{ 3, "Batch"},
{ 4, "Interactive"},
{ 6, "Service"},
s3-lsa: Allow to lookup 'NT AUTHORITY\Anonymous Logon' as well. This is to finally pass RPC-LSA-LOOKUPNAMES test. Guenther
2009-10-20 17:15:06 +04:00
{ 7, "Anonymous Logon"},
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
{ 8, "Proxy"},
s3:lib S-1-5-9 is "Enterprise Domain Controllers" and not ServerLogon
2011-08-29 19:46:06 +04:00
{ 9, "Enterprise Domain Controllers"},
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
{ 10, "Self"},
{ 11, "Authenticated Users"},
{ 12, "Restricted"},
{ 13, "Terminal Server User"},
{ 14, "Remote Interactive Logon"},
{ 15, "This Organization"},
s3:lib add S-1-5-17 to well-known SID list http://support.microsoft.com/kb/243330/en-us says the name is "This organization", but Windows 2008 says IUSR Picking the Windows 2008 variant as 'This Organization' would be duplicate to S-1-5-15
2011-08-29 19:42:45 +04:00
{ 17, "IUSR"},
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
{ 18, "SYSTEM"},
{ 19, "Local Service"},
{ 20, "Network Service"},
{ 0, NULL}};
static struct sid_name_map_info special_domains[] = {
{ &global_sid_World_Domain, "", everyone_users },
security: add local authority well-known SIDs add the S-1-2 well-known SID family Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Thu Nov 24 19:01:08 CET 2011 on sn-devel-104
2011-09-01 18:09:01 +04:00
{ &global_sid_Local_Authority, "", local_authority_users },
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
{ &global_sid_Creator_Owner_Domain, "", creator_owner_users },
{ &global_sid_NT_Authority, "NT Authority", nt_authority_users },
{ NULL, NULL, NULL }};
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 05:25:01 +04:00
bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name)
r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2006-02-04 01:19:41 +03:00
{
int i;
for (i=0; special_domains[i].sid != NULL; i++) {
s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. Guenther
2010-08-26 17:48:50 +04:00
if (dom_sid_equal(sid, special_domains[i].sid)) {
r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2006-02-04 01:19:41 +03:00
if (name != NULL) {
*name = special_domains[i].name;
}
return True;
}
}
return False;
}
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 05:25:01 +04:00
bool sid_check_is_in_wellknown_domain(const struct dom_sid *sid)
r13791: Having S-1-1-0 show up in winbind lookupsid does not really make sense. Volker (This used to be commit ae9614ce019e25fb29dad8429d93f3140c2f84ad)
2006-03-02 21:33:43 +03:00
{
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 05:25:01 +04:00
struct dom_sid dom_sid;
r13791: Having S-1-1-0 show up in winbind lookupsid does not really make sense. Volker (This used to be commit ae9614ce019e25fb29dad8429d93f3140c2f84ad)
2006-03-02 21:33:43 +03:00
sid_copy(&dom_sid, sid);
Quite some callers of sid_split_rid do not care about the rid
2011-03-10 18:19:17 +03:00
sid_split_rid(&dom_sid, NULL);
r13791: Having S-1-1-0 show up in winbind lookupsid does not really make sense. Volker (This used to be commit ae9614ce019e25fb29dad8429d93f3140c2f84ad)
2006-03-02 21:33:43 +03:00
return sid_check_is_wellknown_domain(&dom_sid, NULL);
}
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
/**************************************************************************
Looks up a known username from one of the known domains.
***************************************************************************/
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 05:25:01 +04:00
bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
r12163: Change lookup_sid and lookup_name to return const char * instead of char *, use a temporary talloc_ctx for clarity. Volker (This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
2005-12-10 14:22:01 +03:00
const char **domain, const char **name)
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
{
int i;
s3:dom_sid Global replace of DOM_SID with struct dom_sid This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 05:25:01 +04:00
struct dom_sid dom_sid;
Convert all uint32/16/8 to _t in source3/lib. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-10 02:33:10 +03:00
uint32_t rid;
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
const struct rid_name_map *users = NULL;
lib: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-13 23:22:27 +03:00
struct dom_sid_buf buf;
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
sid_copy(&dom_sid, sid);
if (!sid_split_rid(&dom_sid, &rid)) {
DEBUG(2, ("Could not split rid from SID\n"));
return False;
}
for (i=0; special_domains[i].sid != NULL; i++) {
s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. Guenther
2010-08-26 17:48:50 +04:00
if (dom_sid_equal(&dom_sid, special_domains[i].sid)) {
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
*domain = talloc_strdup(mem_ctx,
special_domains[i].name);
users = special_domains[i].known_users;
break;
}
}
if (users == NULL) {
lib: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-13 23:22:27 +03:00
DEBUG(10, ("SID %s is no special sid\n",
dom_sid_str_buf(sid, &buf)));
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
return False;
}
for (i=0; users[i].name != NULL; i++) {
if (rid == users[i].rid) {
*name = talloc_strdup(mem_ctx, users[i].name);
return True;
}
}
lib: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-13 23:22:27 +03:00
DEBUG(10, ("RID of special SID %s not found\n",
dom_sid_str_buf(sid, &buf)));
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
return False;
}
/**************************************************************************
Try and map a name to one of the well known SIDs.
***************************************************************************/
RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-19 04:40:25 +04:00
bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
s3:lib: validate domain name in lookup_wellknown_name() If domain argument is not an empty string, only search the matching wellknown domain name. As the only wellknown domain with a name is "NT Authority", passing "" to lookup_wellknown_name() will search all domains inlcuding "NT Authority". Passing "NT Authority" otoh will obviously only search that domain. This change makes lookup_wellknown_name() behave like this: in domain | in name | ok | out sid | out domain ======================================================== Dialup + S-1-5-1 NT Authority NT Authority Dialup + S-1-5-1 NT Authority Creator Authority Dialup - - - Creator Owner + S-1-3-0 "" Creator Authority Creator Owner - - - NT Authority Creator Owner - - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
2015-10-15 13:35:26 +03:00
struct dom_sid *sid, const char **pdomain)
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
{
int i, j;
s3:lib: validate domain name in lookup_wellknown_name() If domain argument is not an empty string, only search the matching wellknown domain name. As the only wellknown domain with a name is "NT Authority", passing "" to lookup_wellknown_name() will search all domains inlcuding "NT Authority". Passing "NT Authority" otoh will obviously only search that domain. This change makes lookup_wellknown_name() behave like this: in domain | in name | ok | out sid | out domain ======================================================== Dialup + S-1-5-1 NT Authority NT Authority Dialup + S-1-5-1 NT Authority Creator Authority Dialup - - - Creator Owner + S-1-3-0 "" Creator Authority Creator Owner - - - NT Authority Creator Owner - - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
2015-10-15 13:35:26 +03:00
const char *domain = *pdomain;
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
s3:lib: validate domain name in lookup_wellknown_name() If domain argument is not an empty string, only search the matching wellknown domain name. As the only wellknown domain with a name is "NT Authority", passing "" to lookup_wellknown_name() will search all domains inlcuding "NT Authority". Passing "NT Authority" otoh will obviously only search that domain. This change makes lookup_wellknown_name() behave like this: in domain | in name | ok | out sid | out domain ======================================================== Dialup + S-1-5-1 NT Authority NT Authority Dialup + S-1-5-1 NT Authority Creator Authority Dialup - - - Creator Owner + S-1-3-0 "" Creator Authority Creator Owner - - - NT Authority Creator Owner - - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
2015-10-15 13:35:26 +03:00
DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain, name));
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
for (i=0; special_domains[i].sid != NULL; i++) {
const struct rid_name_map *users =
special_domains[i].known_users;
s3:lib: validate domain name in lookup_wellknown_name() If domain argument is not an empty string, only search the matching wellknown domain name. As the only wellknown domain with a name is "NT Authority", passing "" to lookup_wellknown_name() will search all domains inlcuding "NT Authority". Passing "NT Authority" otoh will obviously only search that domain. This change makes lookup_wellknown_name() behave like this: in domain | in name | ok | out sid | out domain ======================================================== Dialup + S-1-5-1 NT Authority NT Authority Dialup + S-1-5-1 NT Authority Creator Authority Dialup - - - Creator Owner + S-1-3-0 "" Creator Authority Creator Owner - - - NT Authority Creator Owner - - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
2015-10-15 13:35:26 +03:00
if (domain[0] != '\0') {
if (!strequal(domain, special_domains[i].name)) {
continue;
}
}
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
if (users == NULL)
continue;
for (j=0; users[j].name != NULL; j++) {
if ( strequal(users[j].name, name) ) {
s3: Replace most calls to sid_append_rid() by sid_compose()
2010-01-10 19:39:27 +03:00
sid_compose(sid, special_domains[i].sid,
users[j].rid);
s3:lib: validate domain name in lookup_wellknown_name() If domain argument is not an empty string, only search the matching wellknown domain name. As the only wellknown domain with a name is "NT Authority", passing "" to lookup_wellknown_name() will search all domains inlcuding "NT Authority". Passing "NT Authority" otoh will obviously only search that domain. This change makes lookup_wellknown_name() behave like this: in domain | in name | ok | out sid | out domain ======================================================== Dialup + S-1-5-1 NT Authority NT Authority Dialup + S-1-5-1 NT Authority Creator Authority Dialup - - - Creator Owner + S-1-3-0 "" Creator Authority Creator Owner - - - NT Authority Creator Owner - - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
2015-10-15 13:35:26 +03:00
*pdomain = talloc_strdup(
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
mem_ctx, special_domains[i].name);
return True;
}
}
}
return False;
}
Copy Permalink