libcli/security/security_token.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    security descriptor utility functions
   5
   6    Copyright (C) Andrew Tridgell                2004
   7    Copyright (C) Andrew Bartlett                2010
   8    Copyright (C) Stefan Metzmacher              2005
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #include "includes.h"
  25 #include "libcli/security/security_token.h"
  26 #include "libcli/security/dom_sid.h"
  27 #include "libcli/security/privileges.h"
  28
  29 /*
  30   return a blank security token
  31 */
  32 struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
  33 {
  34         struct security_token *st;
  35
  36         st = talloc_zero(mem_ctx, struct security_token);
  37         if (!st) {
  38                 return NULL;
  39         }
  40
  41         return st;
  42 }
  43
  44 /****************************************************************************
  45  prints a struct security_token to debug output.
  46 ****************************************************************************/
  47 void security_token_debug(int dbg_class, int dbg_lev, const struct security_token *token)
  48 {
  49         uint32_t i;
  50
  51         if (!token) {
  52                 DEBUGC(dbg_class, dbg_lev, ("Security token: (NULL)\n"));
  53                 return;
  54         }
  55
  56         DEBUGC(dbg_class, dbg_lev, ("Security token SIDs (%lu):\n",
  57                                        (unsigned long)token->num_sids));
  58         for (i = 0; i < token->num_sids; i++) {
  59                 struct dom_sid_buf sidbuf;
  60                 DEBUGADDC(dbg_class,
  61                           dbg_lev,
  62                           ("  SID[%3lu]: %s\n", (unsigned long)i,
  63                            dom_sid_str_buf(&token->sids[i], &sidbuf)));
  64         }
  65
  66         security_token_debug_privileges(dbg_class, dbg_lev, token);
  67 }
  68
  69 /* These really should be cheaper... */
  70
  71 bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
  72 {
  73         if (token->sids && dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX], sid)) {
  74                 return true;
  75         }
  76         return false;
  77 }
  78
  79 bool security_token_is_sid_string(const struct security_token *token, const char *sid_string)
  80 {
  81         bool ret;
  82         struct dom_sid sid;
  83
  84         ret = dom_sid_parse(sid_string, &sid);
  85         if (!ret) {
  86                 return false;
  87         }
  88
  89         ret = security_token_is_sid(token, &sid);
  90         return ret;
  91 }
  92
  93 bool security_token_is_system(const struct security_token *token)
  94 {
  95         return security_token_is_sid(token, &global_sid_System);
  96 }
  97
  98 bool security_token_is_anonymous(const struct security_token *token)
  99 {
 100         return security_token_is_sid(token, &global_sid_Anonymous);
 101 }
 102
 103 bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
 104 {
 105         uint32_t i;
 106         for (i = 0; i < token->num_sids; i++) {
 107                 if (dom_sid_equal(&token->sids[i], sid)) {
 108                         return true;
 109                 }
 110         }
 111         return false;
 112 }
 113
 114 bool security_token_has_sid_string(const struct security_token *token, const char *sid_string)
 115 {
 116         bool ret;
 117         struct dom_sid sid;
 118
 119         ret = dom_sid_parse(sid_string, &sid);
 120         if (!ret) {
 121                 return false;
 122         }
 123
 124         ret = security_token_has_sid(token, &sid);
 125         return ret;
 126 }
 127
 128 bool security_token_has_builtin_guests(const struct security_token *token)
 129 {
 130         return security_token_has_sid(token, &global_sid_Builtin_Guests);
 131 }
 132
 133 bool security_token_has_builtin_administrators(const struct security_token *token)
 134 {
 135         return security_token_has_sid(token, &global_sid_Builtin_Administrators);
 136 }
 137
 138 bool security_token_has_nt_authenticated_users(const struct security_token *token)
 139 {
 140         return security_token_has_sid(token, &global_sid_Authenticated_Users);
 141 }
 142
 143 bool security_token_has_enterprise_dcs(const struct security_token *token)
 144 {
 145         return security_token_has_sid(token, &global_sid_Enterprise_DCs);
 146 }