shared: Move dom_sid_* utility functions to top level

libcli/security/config.mk

@@ -0,0 +1,5 @@
+[SUBSYSTEM::LIBSECURITY_COMMON]
+PRIVATE_DEPENDENCIES = TALLOC
+
+LIBSECURITY_COMMON_OBJ_FILES = $(addprefix $(libclicommonsrcdir)/security/, \
+					dom_sid.o)

libcli/security/dom_sid.c

@@ -1,21 +1,21 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    Samba utility functions
 
    Copyright (C) Stefan (metze) Metzmacher 	2002-2004
    Copyright (C) Andrew Tridgell 		1992-2004
    Copyright (C) Jeremy Allison  		1999
-      
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -26,9 +26,10 @@
 
 /*****************************************************************
  Compare the auth portion of two sids.
-*****************************************************************/  
+*****************************************************************/
 
-static int dom_sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2)
+static int dom_sid_compare_auth(const struct dom_sid *sid1,
+				const struct dom_sid *sid2)
 {
 	int i;
 
@@ -51,7 +52,7 @@ static int dom_sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid
 
 /*****************************************************************
  Compare two sids.
-*****************************************************************/  
+*****************************************************************/
 
 int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
 {
@@ -77,18 +78,22 @@ int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
 
 /*****************************************************************
  Compare two sids.
-*****************************************************************/  
+*****************************************************************/
 
 bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2)
 {
 	return dom_sid_compare(sid1, sid2) == 0;
 }
 
+/* Yes, I did think about multibyte issues here, and for all I can see there's
+ * none of those for parsing a SID. */
+#undef strncasecmp
+
 bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
 {
 	uint_t rev, ia, num_sub_auths, i;
 	char *p;
-  
+
 	if (strncasecmp(sidstr, "S-", 2)) {
 		return false;
 	}
@@ -176,7 +181,7 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
 {
 	struct dom_sid *ret;
 	int i;
-	
+
 	if (!dom_sid) {
 		return NULL;
 	}
@@ -206,8 +211,8 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
   add a rid to a domain dom_sid to make a full dom_sid. This function
   returns a new sid in the supplied memory context
 */
-struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, 
+struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
-				const struct dom_sid *domain_sid, 
+				const struct dom_sid *domain_sid,
 				uint32_t rid)
 {
 	struct dom_sid *sid;
@@ -251,7 +256,7 @@ NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
 /*
   return true if the 2nd sid is in the domain given by the first sid
 */
-bool dom_sid_in_domain(const struct dom_sid *domain_sid, 
+bool dom_sid_in_domain(const struct dom_sid *domain_sid,
 		       const struct dom_sid *sid)
 {
 	int i;
@@ -281,7 +286,7 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
 	int i, ofs, maxlen;
 	uint32_t ia;
 	char *ret;
-	
+
 	if (!sid) {
 		return talloc_strdup(mem_ctx, "(NULL SID)");
 	}
@@ -295,12 +300,13 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
 		(sid->id_auth[3] << 16) +
 		(sid->id_auth[2] << 24);
 
-	ofs = snprintf(ret, maxlen, "S-%u-%lu", 
+	ofs = snprintf(ret, maxlen, "S-%u-%lu",
 		       (unsigned int)sid->sid_rev_num, (unsigned long)ia);
 
 	for (i = 0; i < sid->num_auths; i++) {
-		ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu", (unsigned long)sid->sub_auths[i]);
+		ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu",
+				(unsigned long)sid->sub_auths[i]);
 	}
-	
+
 	return ret;
 }

libcli/security/dom_sid.h

@@ -0,0 +1,42 @@
+/*
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+
+   Copyright (C) Stefan (metze) Metzmacher 	2002-2004
+   Copyright (C) Andrew Tridgell 		1992-2004
+   Copyright (C) Jeremy Allison  		1999
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _DOM_SID_H_
+#define _DOM_SID_H_
+
+int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2);
+bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2);
+bool dom_sid_parse(const char *sidstr, struct dom_sid *ret);
+struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr);
+struct dom_sid *dom_sid_parse_length(TALLOC_CTX *mem_ctx, const DATA_BLOB *sid);
+struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid);
+struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
+				const struct dom_sid *domain_sid,
+				uint32_t rid);
+NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
+			   struct dom_sid **domain, uint32_t *rid);
+bool dom_sid_in_domain(const struct dom_sid *domain_sid,
+		       const struct dom_sid *sid);
+char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
+
+#endif /*_DOM_SID_H_*/
+

source3/Makefile.in

@@ -279,7 +279,6 @@ LIBNDR_OBJ = ../librpc/ndr/ndr_basic.o \
 	     ../librpc/gen_ndr/ndr_security.o \
 	     ../librpc/ndr/ndr_sec_helper.o \
 	     librpc/ndr/ndr_string.o \
-	     librpc/ndr/sid.o \
 	     ../librpc/ndr/uuid.o \
 		 librpc/ndr/util.o
 
@@ -364,7 +363,8 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
 	  lib/ldap_escape.o @CHARSET_STATIC@ \
 	  lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o \
 	  libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
-	  lib/file_id.o lib/idmap_cache.o
+	  lib/file_id.o lib/idmap_cache.o \
+	  ../libcli/security/dom_sid.o
 
 LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o
 LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ)

source3/samba4.mk

@@ -111,6 +111,7 @@ ntptrsrcdir := $(samba4srcdir)/ntptr
 clientsrcdir := $(samba4srcdir)/client
 libclisrcdir := $(samba4srcdir)/libcli
 libclinbtsrcdir := $(samba4srcdir)/../libcli/nbt
+libclicommonsrcdir := $(samba4srcdir)/../libcli
 pyscriptsrcdir := $(samba4srcdir)/scripting/python
 kdcsrcdir := $(samba4srcdir)/kdc
 smbreadlinesrcdir := $(samba4srcdir)/lib/smbreadline

source4/Makefile

@@ -98,6 +98,7 @@ ntvfssrcdir := ntvfs
 ntptrsrcdir := ntptr
 librpcsrcdir := librpc
 libclisrcdir := libcli
+libclicommonsrcdir := ../libcli
 libclinbtsrcdir := ../libcli/nbt
 pyscriptsrcdir := $(srcdir)/scripting/python
 kdcsrcdir := kdc

source4/libcli/security/config.mk

@@ -1,8 +1,8 @@
 [SUBSYSTEM::LIBSECURITY]
-PUBLIC_DEPENDENCIES = LIBNDR
+PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY_COMMON
 
 LIBSECURITY_OBJ_FILES = $(addprefix $(libclisrcdir)/security/, \
 					   security_token.o security_descriptor.o \
-					   dom_sid.o access_check.o privilege.o sddl.o)
+					   access_check.o privilege.o sddl.o)
 
 $(eval $(call proto_header_template,$(libclisrcdir)/security/proto.h,$(LIBSECURITY_OBJ_FILES:.o=.c)))

source4/libcli/security/security.h

@@ -28,4 +28,7 @@ enum security_user_level {
 
 struct auth_session_info;
 
+/* Moved the dom_sid functions to the top level dir with manual proto header */
+#include "libcli/security/dom_sid.h"
+
 #include "libcli/security/proto.h"

source4/main.mk

@@ -49,3 +49,4 @@ mkinclude scripting/python/config.mk
 mkinclude kdc/config.mk
 mkinclude ../lib/smbconf/config.mk
 mkinclude ../lib/async_req/config.mk
+mkinclude ../libcli/security/config.mk

source4/torture/rpc/samba3rpc.c

@@ -49,7 +49,7 @@
 #include "libcli/auth/libcli_auth.h"
 #include "../lib/crypto/crypto.h"
 #include "auth/ntlmssp/ntlmssp.h"
-#include "libcli/security/proto.h"
+#include "libcli/security/security.h"
 #include "param/param.h"
 #include "lib/registry/registry.h"
 #include "libcli/resolve/resolve.h"

source4/winbind/idmap.c

@@ -29,7 +29,7 @@
 #include "lib/ldb_wrap.h"
 #include "param/param.h"
 #include "winbind/idmap.h"
-#include "libcli/security/proto.h"
+#include "libcli/security/security.h"
 #include "libcli/ldap/ldap_ndr.h"
 
 /**

source4/winbind/wb_cmd_getpwnam.c

@@ -27,7 +27,7 @@
 #include "winbind/wb_helper.h"
 #include "smbd/service_task.h"
 #include "libnet/libnet_proto.h"
-#include "libcli/security/proto.h"
+#include "libcli/security/security.h"
 
 struct cmd_getpwnam_state {
 	struct composite_context *ctx;

source4/winbind/wb_sid2gid.c

@@ -24,7 +24,7 @@
 #include "winbind/wb_server.h"
 #include "smbd/service_task.h"
 #include "winbind/wb_helper.h"
-#include "libcli/security/proto.h"
+#include "libcli/security/security.h"
 #include "winbind/idmap.h"
 
 struct sid2gid_state {

source4/winbind/wb_sid2uid.c

@@ -24,7 +24,7 @@
 #include "winbind/wb_server.h"
 #include "smbd/service_task.h"
 #include "winbind/wb_helper.h"
-#include "libcli/security/proto.h"
+#include "libcli/security/security.h"
 #include "winbind/idmap.h"
 
 struct sid2uid_state {