2 Unix SMB/CIFS implementation.
3 Samba utility functions
5 Copyright (C) Stefan (metze) Metzmacher 2002-2004
6 Copyright (C) Andrew Tridgell 1992-2004
7 Copyright (C) Jeremy Allison 1999
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/security.h"
26 /*****************************************************************
27 Compare the auth portion of two sids.
28 *****************************************************************/
30 static int dom_sid_compare_auth(const struct dom_sid
*sid1
,
31 const struct dom_sid
*sid2
)
42 if (sid1
->sid_rev_num
!= sid2
->sid_rev_num
)
43 return sid1
->sid_rev_num
- sid2
->sid_rev_num
;
45 for (i
= 0; i
< 6; i
++)
46 if (sid1
->id_auth
[i
] != sid2
->id_auth
[i
])
47 return sid1
->id_auth
[i
] - sid2
->id_auth
[i
];
52 /*****************************************************************
54 *****************************************************************/
56 int dom_sid_compare(const struct dom_sid
*sid1
, const struct dom_sid
*sid2
)
67 /* Compare most likely different rids, first: i.e start at end */
68 if (sid1
->num_auths
!= sid2
->num_auths
)
69 return sid1
->num_auths
- sid2
->num_auths
;
71 for (i
= sid1
->num_auths
-1; i
>= 0; --i
)
72 if (sid1
->sub_auths
[i
] != sid2
->sub_auths
[i
])
73 return sid1
->sub_auths
[i
] - sid2
->sub_auths
[i
];
75 return dom_sid_compare_auth(sid1
, sid2
);
78 /*****************************************************************
80 *****************************************************************/
82 bool dom_sid_equal(const struct dom_sid
*sid1
, const struct dom_sid
*sid2
)
84 return dom_sid_compare(sid1
, sid2
) == 0;
87 /* Yes, I did think about multibyte issues here, and for all I can see there's
88 * none of those for parsing a SID. */
91 bool dom_sid_parse(const char *sidstr
, struct dom_sid
*ret
)
93 uint_t rev
, ia
, num_sub_auths
, i
;
96 if (strncasecmp(sidstr
, "S-", 2)) {
102 rev
= strtol(sidstr
, &p
, 10);
108 ia
= strtol(sidstr
, &p
, 10);
115 for (i
=0;sidstr
[i
];i
++) {
116 if (sidstr
[i
] == '-') num_sub_auths
++;
119 ret
->sid_rev_num
= rev
;
122 ret
->id_auth
[2] = ia
>> 24;
123 ret
->id_auth
[3] = ia
>> 16;
124 ret
->id_auth
[4] = ia
>> 8;
125 ret
->id_auth
[5] = ia
;
126 ret
->num_auths
= num_sub_auths
;
128 for (i
=0;i
<num_sub_auths
;i
++) {
129 if (sidstr
[0] != '-') {
133 ret
->sub_auths
[i
] = strtoul(sidstr
, &p
, 10);
144 convert a string to a dom_sid, returning a talloc'd dom_sid
146 struct dom_sid
*dom_sid_parse_talloc(TALLOC_CTX
*mem_ctx
, const char *sidstr
)
149 ret
= talloc(mem_ctx
, struct dom_sid
);
153 if (!dom_sid_parse(sidstr
, ret
)) {
162 convert a string to a dom_sid, returning a talloc'd dom_sid
164 struct dom_sid
*dom_sid_parse_length(TALLOC_CTX
*mem_ctx
, const DATA_BLOB
*sid
)
167 char *p
= talloc_strndup(mem_ctx
, (char *)sid
->data
, sid
->length
);
171 ret
= dom_sid_parse_talloc(mem_ctx
, p
);
177 copy a dom_sid structure
179 struct dom_sid
*dom_sid_dup(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*dom_sid
)
188 ret
= talloc(mem_ctx
, struct dom_sid
);
193 ret
->sid_rev_num
= dom_sid
->sid_rev_num
;
194 ret
->id_auth
[0] = dom_sid
->id_auth
[0];
195 ret
->id_auth
[1] = dom_sid
->id_auth
[1];
196 ret
->id_auth
[2] = dom_sid
->id_auth
[2];
197 ret
->id_auth
[3] = dom_sid
->id_auth
[3];
198 ret
->id_auth
[4] = dom_sid
->id_auth
[4];
199 ret
->id_auth
[5] = dom_sid
->id_auth
[5];
200 ret
->num_auths
= dom_sid
->num_auths
;
202 for (i
=0;i
<dom_sid
->num_auths
;i
++) {
203 ret
->sub_auths
[i
] = dom_sid
->sub_auths
[i
];
210 add a rid to a domain dom_sid to make a full dom_sid. This function
211 returns a new sid in the supplied memory context
213 struct dom_sid
*dom_sid_add_rid(TALLOC_CTX
*mem_ctx
,
214 const struct dom_sid
*domain_sid
,
219 sid
= talloc(mem_ctx
, struct dom_sid
);
220 if (!sid
) return NULL
;
224 sid
->sub_auths
[sid
->num_auths
] = rid
;
231 Split up a SID into its domain and RID part
233 NTSTATUS
dom_sid_split_rid(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*sid
,
234 struct dom_sid
**domain
, uint32_t *rid
)
236 if (sid
->num_auths
== 0) {
237 return NT_STATUS_INVALID_PARAMETER
;
241 if (!(*domain
= dom_sid_dup(mem_ctx
, sid
))) {
242 return NT_STATUS_NO_MEMORY
;
245 (*domain
)->num_auths
-= 1;
249 *rid
= sid
->sub_auths
[sid
->num_auths
- 1];
256 return true if the 2nd sid is in the domain given by the first sid
258 bool dom_sid_in_domain(const struct dom_sid
*domain_sid
,
259 const struct dom_sid
*sid
)
263 if (!domain_sid
|| !sid
) {
267 if (domain_sid
->num_auths
> sid
->num_auths
) {
271 for (i
= domain_sid
->num_auths
-1; i
>= 0; --i
) {
272 if (domain_sid
->sub_auths
[i
] != sid
->sub_auths
[i
]) {
277 return dom_sid_compare_auth(domain_sid
, sid
) == 0;
281 convert a dom_sid to a string
283 char *dom_sid_string(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*sid
)
290 return talloc_strdup(mem_ctx
, "(NULL SID)");
293 maxlen
= sid
->num_auths
* 11 + 25;
294 ret
= talloc_array(mem_ctx
, char, maxlen
);
295 if (!ret
) return talloc_strdup(mem_ctx
, "(SID ERR)");
297 ia
= (sid
->id_auth
[5]) +
298 (sid
->id_auth
[4] << 8 ) +
299 (sid
->id_auth
[3] << 16) +
300 (sid
->id_auth
[2] << 24);
302 ofs
= snprintf(ret
, maxlen
, "S-%u-%lu",
303 (unsigned int)sid
->sid_rev_num
, (unsigned long)ia
);
305 for (i
= 0; i
< sid
->num_auths
; i
++) {
306 ofs
+= snprintf(ret
+ ofs
, maxlen
- ofs
, "-%lu",
307 (unsigned long)sid
->sub_auths
[i
]);