s4:upgradeschema.py Cleanup
[Samba/ekacnet.git] / source3 / lib / util_nttoken.c
blob76e7402422a022c31c0fde2e3d8212b443082ea3
1 /*
2 * Unix SMB/CIFS implementation.
3 * Authentication utility functions
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Andrew Bartlett 2001
6 * Copyright (C) Jeremy Allison 2000-2001
7 * Copyright (C) Rafal Szczesniak 2002
8 * Copyright (C) Volker Lendecke 2006
9 * Copyright (C) Michael Adam 2007
10 * Copyright (C) Guenther Deschner 2007
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 3 of the License, or
15 * (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 /* function(s) moved from auth/auth_util.c to minimize linker deps */
28 #include "includes.h"
30 /****************************************************************************
31 Duplicate a SID token.
32 ****************************************************************************/
34 NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken)
36 NT_USER_TOKEN *token;
38 if (!ptoken)
39 return NULL;
41 token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN);
42 if (token == NULL) {
43 DEBUG(0, ("talloc failed\n"));
44 return NULL;
47 if (ptoken->user_sids && ptoken->num_sids) {
48 token->user_sids = (DOM_SID *)talloc_memdup(
49 token, ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids );
51 if (token->user_sids == NULL) {
52 DEBUG(0, ("talloc_memdup failed\n"));
53 TALLOC_FREE(token);
54 return NULL;
56 token->num_sids = ptoken->num_sids;
59 /* copy the privileges; don't consider failure to be critical here */
61 if ( !se_priv_copy( &token->privileges, &ptoken->privileges ) ) {
62 DEBUG(0,("dup_nt_token: Failure to copy SE_PRIV!. "
63 "Continuing with 0 privileges assigned.\n"));
66 return token;
69 /****************************************************************************
70 merge NT tokens
71 ****************************************************************************/
73 NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
74 const struct nt_user_token *token_1,
75 const struct nt_user_token *token_2,
76 struct nt_user_token **token_out)
78 struct nt_user_token *token = NULL;
79 NTSTATUS status;
80 int i;
82 if (!token_1 || !token_2 || !token_out) {
83 return NT_STATUS_INVALID_PARAMETER;
86 token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
87 NT_STATUS_HAVE_NO_MEMORY(token);
89 for (i=0; i < token_1->num_sids; i++) {
90 status = add_sid_to_array_unique(mem_ctx,
91 &token_1->user_sids[i],
92 &token->user_sids,
93 &token->num_sids);
94 if (!NT_STATUS_IS_OK(status)) {
95 TALLOC_FREE(token);
96 return status;
100 for (i=0; i < token_2->num_sids; i++) {
101 status = add_sid_to_array_unique(mem_ctx,
102 &token_2->user_sids[i],
103 &token->user_sids,
104 &token->num_sids);
105 if (!NT_STATUS_IS_OK(status)) {
106 TALLOC_FREE(token);
107 return status;
111 se_priv_add(&token->privileges, &token_1->privileges);
112 se_priv_add(&token->privileges, &token_2->privileges);
114 *token_out = token;
116 return NT_STATUS_OK;
119 /*******************************************************************
120 Check if this ACE has a SID in common with the token.
121 ********************************************************************/
123 bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace)
125 size_t i;
127 for (i = 0; i < token->num_sids; i++) {
128 if (sid_equal(&ace->trustee, &token->user_sids[i]))
129 return true;
132 return false;