2 Unix SMB/CIFS implementation.
3 Samba utility functions
5 Copyright (C) Stefan (metze) Metzmacher 2002-2004
6 Copyright (C) Andrew Tridgell 1992-2004
7 Copyright (C) Jeremy Allison 1999
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/security.h"
27 /*****************************************************************
28 Compare the auth portion of two sids.
29 *****************************************************************/
31 static int dom_sid_compare_auth(const struct dom_sid
*sid1
,
32 const struct dom_sid
*sid2
)
43 if (sid1
->sid_rev_num
!= sid2
->sid_rev_num
)
44 return sid1
->sid_rev_num
- sid2
->sid_rev_num
;
46 for (i
= 0; i
< 6; i
++)
47 if (sid1
->id_auth
[i
] != sid2
->id_auth
[i
])
48 return sid1
->id_auth
[i
] - sid2
->id_auth
[i
];
53 /*****************************************************************
55 *****************************************************************/
57 int dom_sid_compare(const struct dom_sid
*sid1
, const struct dom_sid
*sid2
)
68 /* Compare most likely different rids, first: i.e start at end */
69 if (sid1
->num_auths
!= sid2
->num_auths
)
70 return sid1
->num_auths
- sid2
->num_auths
;
72 for (i
= sid1
->num_auths
-1; i
>= 0; --i
)
73 if (sid1
->sub_auths
[i
] != sid2
->sub_auths
[i
])
74 return sid1
->sub_auths
[i
] - sid2
->sub_auths
[i
];
76 return dom_sid_compare_auth(sid1
, sid2
);
79 /*****************************************************************
81 *****************************************************************/
83 bool dom_sid_equal(const struct dom_sid
*sid1
, const struct dom_sid
*sid2
)
85 return dom_sid_compare(sid1
, sid2
) == 0;
88 /* Yes, I did think about multibyte issues here, and for all I can see there's
89 * none of those for parsing a SID. */
92 bool dom_sid_parse(const char *sidstr
, struct dom_sid
*ret
)
94 unsigned int rev
, ia
, num_sub_auths
, i
;
97 if (strncasecmp(sidstr
, "S-", 2)) {
103 rev
= strtol(sidstr
, &p
, 10);
109 ia
= strtol(sidstr
, &p
, 10);
116 for (i
=0;sidstr
[i
];i
++) {
117 if (sidstr
[i
] == '-') num_sub_auths
++;
120 ret
->sid_rev_num
= rev
;
123 ret
->id_auth
[2] = ia
>> 24;
124 ret
->id_auth
[3] = ia
>> 16;
125 ret
->id_auth
[4] = ia
>> 8;
126 ret
->id_auth
[5] = ia
;
127 ret
->num_auths
= num_sub_auths
;
129 for (i
=0;i
<num_sub_auths
;i
++) {
130 if (sidstr
[0] != '-') {
134 ret
->sub_auths
[i
] = strtoul(sidstr
, &p
, 10);
145 convert a string to a dom_sid, returning a talloc'd dom_sid
147 struct dom_sid
*dom_sid_parse_talloc(TALLOC_CTX
*mem_ctx
, const char *sidstr
)
150 ret
= talloc(mem_ctx
, struct dom_sid
);
154 if (!dom_sid_parse(sidstr
, ret
)) {
163 convert a string to a dom_sid, returning a talloc'd dom_sid
165 struct dom_sid
*dom_sid_parse_length(TALLOC_CTX
*mem_ctx
, const DATA_BLOB
*sid
)
168 char *p
= talloc_strndup(mem_ctx
, (char *)sid
->data
, sid
->length
);
172 ret
= dom_sid_parse_talloc(mem_ctx
, p
);
178 copy a dom_sid structure
180 struct dom_sid
*dom_sid_dup(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*dom_sid
)
189 ret
= talloc(mem_ctx
, struct dom_sid
);
194 ret
->sid_rev_num
= dom_sid
->sid_rev_num
;
195 ret
->id_auth
[0] = dom_sid
->id_auth
[0];
196 ret
->id_auth
[1] = dom_sid
->id_auth
[1];
197 ret
->id_auth
[2] = dom_sid
->id_auth
[2];
198 ret
->id_auth
[3] = dom_sid
->id_auth
[3];
199 ret
->id_auth
[4] = dom_sid
->id_auth
[4];
200 ret
->id_auth
[5] = dom_sid
->id_auth
[5];
201 ret
->num_auths
= dom_sid
->num_auths
;
203 for (i
=0;i
<dom_sid
->num_auths
;i
++) {
204 ret
->sub_auths
[i
] = dom_sid
->sub_auths
[i
];
211 add a rid to a domain dom_sid to make a full dom_sid. This function
212 returns a new sid in the supplied memory context
214 struct dom_sid
*dom_sid_add_rid(TALLOC_CTX
*mem_ctx
,
215 const struct dom_sid
*domain_sid
,
220 sid
= talloc(mem_ctx
, struct dom_sid
);
221 if (!sid
) return NULL
;
225 sid
->sub_auths
[sid
->num_auths
] = rid
;
232 Split up a SID into its domain and RID part
234 NTSTATUS
dom_sid_split_rid(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*sid
,
235 struct dom_sid
**domain
, uint32_t *rid
)
237 if (sid
->num_auths
== 0) {
238 return NT_STATUS_INVALID_PARAMETER
;
242 if (!(*domain
= dom_sid_dup(mem_ctx
, sid
))) {
243 return NT_STATUS_NO_MEMORY
;
246 (*domain
)->num_auths
-= 1;
250 *rid
= sid
->sub_auths
[sid
->num_auths
- 1];
257 return true if the 2nd sid is in the domain given by the first sid
259 bool dom_sid_in_domain(const struct dom_sid
*domain_sid
,
260 const struct dom_sid
*sid
)
264 if (!domain_sid
|| !sid
) {
268 if (domain_sid
->num_auths
> sid
->num_auths
) {
272 for (i
= domain_sid
->num_auths
-1; i
>= 0; --i
) {
273 if (domain_sid
->sub_auths
[i
] != sid
->sub_auths
[i
]) {
278 return dom_sid_compare_auth(domain_sid
, sid
) == 0;
282 convert a dom_sid to a string
284 char *dom_sid_string(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*sid
)
291 return talloc_strdup(mem_ctx
, "(NULL SID)");
294 maxlen
= sid
->num_auths
* 11 + 25;
295 ret
= talloc_array(mem_ctx
, char, maxlen
);
296 if (!ret
) return talloc_strdup(mem_ctx
, "(SID ERR)");
298 ia
= (sid
->id_auth
[5]) +
299 (sid
->id_auth
[4] << 8 ) +
300 (sid
->id_auth
[3] << 16) +
301 (sid
->id_auth
[2] << 24);
303 ofs
= snprintf(ret
, maxlen
, "S-%u-%lu",
304 (unsigned int)sid
->sid_rev_num
, (unsigned long)ia
);
306 for (i
= 0; i
< sid
->num_auths
; i
++) {
307 ofs
+= snprintf(ret
+ ofs
, maxlen
- ofs
, "-%lu",
308 (unsigned long)sid
->sub_auths
[i
]);