LCOV - code coverage report
Current view: top level - source3/lib - util_sid.c (source / functions) Hit Total Coverage
Test: coverage report for abartlet/fix-coverage dd10fb34 Lines: 36 60 60.0 %
Date: 2021-09-23 10:06:22 Functions: 4 5 80.0 %

          Line data    Source code
       1             : /* 
       2             :    Unix SMB/CIFS implementation.
       3             :    Samba utility functions
       4             :    Copyright (C) Andrew Tridgell                1992-1998
       5             :    Copyright (C) Luke Kenneth Caseson Leighton  1998-1999
       6             :    Copyright (C) Jeremy Allison                 1999
       7             :    Copyright (C) Stefan (metze) Metzmacher      2002
       8             :    Copyright (C) Simo Sorce                     2002
       9             :    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
      10             : 
      11             :    This program is free software; you can redistribute it and/or modify
      12             :    it under the terms of the GNU General Public License as published by
      13             :    the Free Software Foundation; either version 3 of the License, or
      14             :    (at your option) any later version.
      15             : 
      16             :    This program is distributed in the hope that it will be useful,
      17             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      18             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      19             :    GNU General Public License for more details.
      20             : 
      21             :    You should have received a copy of the GNU General Public License
      22             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      23             : */
      24             : 
      25             : #include "includes.h"
      26             : #include "../librpc/gen_ndr/ndr_security.h"
      27             : #include "../librpc/gen_ndr/netlogon.h"
      28             : #include "../libcli/security/security.h"
      29             : #include "lib/util/string_wrappers.h"
      30             : #include "source3/lib/util_specialsids.h"
      31             : 
      32             : 
      33             : /*****************************************************************
      34             :  Convert a SID to an ascii string.
      35             : *****************************************************************/
      36             : 
      37       15866 : char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid)
      38             : {
      39             :         struct dom_sid_buf buf;
      40       15866 :         fstrcpy(sidstr_out, dom_sid_str_buf(sid, &buf));
      41       15866 :         return sidstr_out;
      42             : }
      43             : 
      44             : /*****************************************************************
      45             :  Write a sid out into on-the-wire format.
      46             : *****************************************************************/  
      47             : 
      48         192 : bool sid_linearize(uint8_t *outbuf, size_t len, const struct dom_sid *sid)
      49             : {
      50         192 :         struct ndr_push ndr = {
      51             :                 .data = outbuf, .alloc_size = len, .fixed_buf_size = true,
      52             :         };
      53             :         enum ndr_err_code ndr_err;
      54             : 
      55         192 :         ndr_err = ndr_push_dom_sid(&ndr, NDR_SCALARS|NDR_BUFFERS, sid);
      56         192 :         return NDR_ERR_CODE_IS_SUCCESS(ndr_err);
      57             : }
      58             : 
      59             : /*****************************************************************
      60             :  Returns true if SID is internal (and non-mappable).
      61             : *****************************************************************/
      62             : 
      63         224 : bool non_mappable_sid(struct dom_sid *sid)
      64             : {
      65             :         struct dom_sid dom;
      66             : 
      67         224 :         sid_copy(&dom, sid);
      68         224 :         sid_split_rid(&dom, NULL);
      69             : 
      70         224 :         if (dom_sid_equal(&dom, &global_sid_Builtin))
      71           4 :                 return True;
      72             : 
      73         220 :         if (dom_sid_equal(&dom, &global_sid_NT_Authority))
      74           4 :                 return True;
      75             : 
      76         216 :         return False;
      77             : }
      78             : 
      79             : /*****************************************************************
      80             :  Return the binary string representation of a struct dom_sid.
      81             :  Caller must free.
      82             : *****************************************************************/
      83             : 
      84           0 : char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
      85           0 : {
      86           0 :         int len = ndr_size_dom_sid(sid, 0);
      87           0 :         uint8_t buf[len];
      88           0 :         sid_linearize(buf, len, sid);
      89           0 :         return hex_encode_talloc(mem_ctx, buf, len);
      90             : }
      91             : 
      92          71 : NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
      93             :                               const struct netr_SamInfo3 *info3,
      94             :                               struct dom_sid **user_sids,
      95             :                               uint32_t *num_user_sids,
      96             :                               bool include_user_group_rid)
      97             : {
      98             :         NTSTATUS status;
      99             :         struct dom_sid sid;
     100          71 :         struct dom_sid *sid_array = NULL;
     101          71 :         uint32_t num_sids = 0;
     102             :         uint32_t i;
     103             : 
     104          71 :         if (include_user_group_rid) {
     105           4 :                 if (!sid_compose(&sid, info3->base.domain_sid, info3->base.rid)) {
     106           0 :                         DEBUG(3, ("could not compose user SID from rid 0x%x\n",
     107             :                                   info3->base.rid));
     108           0 :                         return NT_STATUS_INVALID_PARAMETER;
     109             :                 }
     110           4 :                 status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
     111           4 :                 if (!NT_STATUS_IS_OK(status)) {
     112           0 :                         DEBUG(3, ("could not append user SID from rid 0x%x\n",
     113             :                                   info3->base.rid));
     114           0 :                         return status;
     115             :                 }
     116             :         }
     117             : 
     118          71 :         if (!sid_compose(&sid, info3->base.domain_sid, info3->base.primary_gid)) {
     119           0 :                 DEBUG(3, ("could not compose group SID from rid 0x%x\n",
     120             :                           info3->base.primary_gid));
     121           0 :                 return NT_STATUS_INVALID_PARAMETER;
     122             :         }
     123          71 :         status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
     124          71 :         if (!NT_STATUS_IS_OK(status)) {
     125           0 :                 DEBUG(3, ("could not append group SID from rid 0x%x\n",
     126             :                           info3->base.rid));
     127           0 :                 return status;
     128             :         }
     129             : 
     130         261 :         for (i = 0; i < info3->base.groups.count; i++) {
     131             :                 /* Don't add the primary group sid twice. */
     132         190 :                 if (info3->base.primary_gid == info3->base.groups.rids[i].rid) {
     133          25 :                         continue;
     134             :                 }
     135         165 :                 if (!sid_compose(&sid, info3->base.domain_sid,
     136         165 :                                  info3->base.groups.rids[i].rid)) {
     137           0 :                         DEBUG(3, ("could not compose SID from additional group "
     138             :                                   "rid 0x%x\n", info3->base.groups.rids[i].rid));
     139           0 :                         return NT_STATUS_INVALID_PARAMETER;
     140             :                 }
     141         165 :                 status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
     142         165 :                 if (!NT_STATUS_IS_OK(status)) {
     143           0 :                         DEBUG(3, ("could not append SID from additional group "
     144             :                                   "rid 0x%x\n", info3->base.groups.rids[i].rid));
     145           0 :                         return status;
     146             :                 }
     147             :         }
     148             : 
     149             :         /* Copy 'other' sids.  We need to do sid filtering here to
     150             :            prevent possible elevation of privileges.  See:
     151             : 
     152             :            http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
     153             :          */
     154             : 
     155          71 :         for (i = 0; i < info3->sidcount; i++) {
     156             : 
     157           0 :                 if (sid_check_is_in_asserted_identity(info3->sids[i].sid)) {
     158           0 :                         continue;
     159             :                 }
     160             : 
     161           0 :                 status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
     162             :                                       &sid_array, &num_sids);
     163           0 :                 if (!NT_STATUS_IS_OK(status)) {
     164             :                         struct dom_sid_buf buf;
     165           0 :                         DEBUG(3, ("could not add SID to array: %s\n",
     166             :                                   dom_sid_str_buf(info3->sids[i].sid, &buf)));
     167           0 :                         return status;
     168             :                 }
     169             :         }
     170             : 
     171          71 :         *user_sids = sid_array;
     172          71 :         *num_user_sids = num_sids;
     173             : 
     174          71 :         return NT_STATUS_OK;
     175             : }

Generated by: LCOV version 1.13