Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : security descriptor utility functions
5 :
6 : Copyright (C) Andrew Tridgell 2004
7 : Copyright (C) Andrew Bartlett 2010
8 : Copyright (C) Stefan Metzmacher 2005
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include "libcli/security/security_token.h"
26 : #include "libcli/security/dom_sid.h"
27 : #include "libcli/security/privileges.h"
28 :
29 : /*
30 : return a blank security token
31 : */
32 73560 : struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
33 : {
34 73560 : struct security_token *st = talloc_zero(
35 : mem_ctx, struct security_token);
36 73560 : return st;
37 : }
38 :
39 : /****************************************************************************
40 : prints a struct security_token to debug output.
41 : ****************************************************************************/
42 6016173 : void security_token_debug(int dbg_class, int dbg_lev, const struct security_token *token)
43 : {
44 : uint32_t i;
45 :
46 6016173 : if (!token) {
47 5628893 : DEBUGC(dbg_class, dbg_lev, ("Security token: (NULL)\n"));
48 5617133 : return;
49 : }
50 :
51 387280 : DEBUGC(dbg_class, dbg_lev, ("Security token SIDs (%lu):\n",
52 : (unsigned long)token->num_sids));
53 4869395 : for (i = 0; i < token->num_sids; i++) {
54 : struct dom_sid_buf sidbuf;
55 4485630 : DEBUGADDC(dbg_class,
56 : dbg_lev,
57 : (" SID[%3lu]: %s\n", (unsigned long)i,
58 : dom_sid_str_buf(&token->sids[i], &sidbuf)));
59 : }
60 :
61 387280 : security_token_debug_privileges(dbg_class, dbg_lev, token);
62 : }
63 :
64 : /* These really should be cheaper... */
65 :
66 75410953 : bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
67 : {
68 75410953 : if (token->sids == NULL) {
69 0 : return false;
70 : }
71 75410950 : if (dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX], sid)) {
72 37908015 : return true;
73 : }
74 35943901 : return false;
75 : }
76 :
77 0 : bool security_token_is_sid_string(const struct security_token *token, const char *sid_string)
78 : {
79 : bool ret;
80 : struct dom_sid sid;
81 :
82 0 : ret = dom_sid_parse(sid_string, &sid);
83 0 : if (!ret) {
84 0 : return false;
85 : }
86 :
87 0 : ret = security_token_is_sid(token, &sid);
88 0 : return ret;
89 : }
90 :
91 56589964 : bool security_token_is_system(const struct security_token *token)
92 : {
93 56589964 : return security_token_is_sid(token, &global_sid_System);
94 : }
95 :
96 18811704 : bool security_token_is_anonymous(const struct security_token *token)
97 : {
98 18811704 : return security_token_is_sid(token, &global_sid_Anonymous);
99 : }
100 :
101 67052676 : bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
102 : {
103 : uint32_t i;
104 614907727 : for (i = 0; i < token->num_sids; i++) {
105 591862361 : if (dom_sid_equal(&token->sids[i], sid)) {
106 40918920 : return true;
107 : }
108 : }
109 21550807 : return false;
110 : }
111 :
112 0 : bool security_token_has_sid_string(const struct security_token *token, const char *sid_string)
113 : {
114 : bool ret;
115 : struct dom_sid sid;
116 :
117 0 : ret = dom_sid_parse(sid_string, &sid);
118 0 : if (!ret) {
119 0 : return false;
120 : }
121 :
122 0 : ret = security_token_has_sid(token, &sid);
123 0 : return ret;
124 : }
125 :
126 16911569 : bool security_token_has_builtin_guests(const struct security_token *token)
127 : {
128 16911569 : return security_token_has_sid(token, &global_sid_Builtin_Guests);
129 : }
130 :
131 17056177 : bool security_token_has_builtin_administrators(const struct security_token *token)
132 : {
133 17056177 : return security_token_has_sid(token, &global_sid_Builtin_Administrators);
134 : }
135 :
136 16911668 : bool security_token_has_nt_authenticated_users(const struct security_token *token)
137 : {
138 16911668 : return security_token_has_sid(token, &global_sid_Authenticated_Users);
139 : }
140 :
141 456989 : bool security_token_has_enterprise_dcs(const struct security_token *token)
142 : {
143 456989 : return security_token_has_sid(token, &global_sid_Enterprise_DCs);
144 : }
|