libcli/security/security_token.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    security descriptor utility functions
   5
   6    Copyright (C) Andrew Tridgell                2004
   7    Copyright (C) Andrew Bartlett                2010
   8    Copyright (C) Stefan Metzmacher              2005
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #include "includes.h"
  25 #include "libcli/security/security_token.h"
  26 #include "libcli/security/dom_sid.h"
  27 #include "libcli/security/privileges.h"
  28
  29 /*
  30   return a blank security token
  31 */
  32 struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
  33 {
  34         struct security_token *st;
  35
  36         st = talloc_zero(mem_ctx, struct security_token);
  37         if (!st) {
  38                 return NULL;
  39         }
  40
  41         return st;
  42 }
  43
  44 /****************************************************************************
  45  prints a struct security_token to debug output.
  46 ****************************************************************************/
  47 void security_token_debug(int dbg_class, int dbg_lev, const struct security_token *token)
  48 {
  49         TALLOC_CTX *mem_ctx;
  50         uint32_t i;
  51
  52         if (!token) {
  53                 DEBUGC(dbg_class, dbg_lev, ("Security token: (NULL)\n"));
  54                 return;
  55         }
  56
  57         mem_ctx = talloc_init("security_token_debug()");
  58         if (!mem_ctx) {
  59                 return;
  60         }
  61
  62         DEBUGC(dbg_class, dbg_lev, ("Security token SIDs (%lu):\n",
  63                                        (unsigned long)token->num_sids));
  64         for (i = 0; i < token->num_sids; i++) {
  65                 DEBUGADDC(dbg_class, dbg_lev, ("  SID[%3lu]: %s\n", (unsigned long)i,
  66                            dom_sid_string(mem_ctx, &token->sids[i])));
  67         }
  68
  69         security_token_debug_privileges(dbg_class, dbg_lev, token);
  70
  71         talloc_free(mem_ctx);
  72 }
  73
  74 /* These really should be cheaper... */
  75
  76 bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
  77 {
  78         if (token->sids && dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX], sid)) {
  79                 return true;
  80         }
  81         return false;
  82 }
  83
  84 bool security_token_is_sid_string(const struct security_token *token, const char *sid_string)
  85 {
  86         bool ret;
  87         struct dom_sid sid;
  88
  89         ret = dom_sid_parse(sid_string, &sid);
  90         if (!ret) {
  91                 return false;
  92         }
  93
  94         ret = security_token_is_sid(token, &sid);
  95         return ret;
  96 }
  97
  98 bool security_token_is_system(const struct security_token *token)
  99 {
 100         return security_token_is_sid(token, &global_sid_System);
 101 }
 102
 103 bool security_token_is_anonymous(const struct security_token *token)
 104 {
 105         return security_token_is_sid(token, &global_sid_Anonymous);
 106 }
 107
 108 bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
 109 {
 110         uint32_t i;
 111         for (i = 0; i < token->num_sids; i++) {
 112                 if (dom_sid_equal(&token->sids[i], sid)) {
 113                         return true;
 114                 }
 115         }
 116         return false;
 117 }
 118
 119 bool security_token_has_sid_string(const struct security_token *token, const char *sid_string)
 120 {
 121         bool ret;
 122         struct dom_sid sid;
 123
 124         ret = dom_sid_parse(sid_string, &sid);
 125         if (!ret) {
 126                 return false;
 127         }
 128
 129         ret = security_token_has_sid(token, &sid);
 130         return ret;
 131 }
 132
 133 bool security_token_has_builtin_guests(const struct security_token *token)
 134 {
 135         return security_token_has_sid(token, &global_sid_Builtin_Guests);
 136 }
 137
 138 bool security_token_has_builtin_administrators(const struct security_token *token)
 139 {
 140         return security_token_has_sid(token, &global_sid_Builtin_Administrators);
 141 }
 142
 143 bool security_token_has_nt_authenticated_users(const struct security_token *token)
 144 {
 145         return security_token_has_sid(token, &global_sid_Authenticated_Users);
 146 }
 147
 148 bool security_token_has_enterprise_dcs(const struct security_token *token)
 149 {
 150         return security_token_has_sid(token, &global_sid_Enterprise_DCs);
 151 }