search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r4549: got rid of a lot more uses of plain talloc(), instead using
[Samba/gebeck_regimport.git] / source4 / libcli / security / dom_sid.c
blobd76f9fa2392bec46383df4f48484fd12368208c6
1 /*
2 Unix SMB/CIFS implementation.
3 Samba utility functions
4
5 Copyright (C) Stefan (metze) Metzmacher 2002-2004
6 Copyright (C) Andrew Tridgell 1992-2004
7 Copyright (C) Jeremy Allison 1999
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25 #include "libcli/security/security.h"
26
27 /*****************************************************************
28 Compare the auth portion of two sids.
29 *****************************************************************/
30
31 static int dom_sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2)
32 {
33 int i;
34
35 if (sid1 == sid2)
36 return 0;
37 if (!sid1)
38 return -1;
39 if (!sid2)
40 return 1;
41
42 if (sid1->sid_rev_num != sid2->sid_rev_num)
43 return sid1->sid_rev_num - sid2->sid_rev_num;
44
45 for (i = 0; i < 6; i++)
46 if (sid1->id_auth[i] != sid2->id_auth[i])
47 return sid1->id_auth[i] - sid2->id_auth[i];
48
49 return 0;
50 }
51
52 /*****************************************************************
53 Compare two sids.
54 *****************************************************************/
55
56 static int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
57 {
58 int i;
59
60 if (sid1 == sid2)
61 return 0;
62 if (!sid1)
63 return -1;
64 if (!sid2)
65 return 1;
66
67 /* Compare most likely different rids, first: i.e start at end */
68 if (sid1->num_auths != sid2->num_auths)
69 return sid1->num_auths - sid2->num_auths;
70
71 for (i = sid1->num_auths-1; i >= 0; --i)
72 if (sid1->sub_auths[i] != sid2->sub_auths[i])
73 return sid1->sub_auths[i] - sid2->sub_auths[i];
74
75 return dom_sid_compare_auth(sid1, sid2);
76 }
77
78 /*****************************************************************
79 Compare two sids.
80 *****************************************************************/
81
82 BOOL dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2)
83 {
84 return dom_sid_compare(sid1, sid2) == 0;
85 }
86
87 /*
88 convert a dom_sid to a string
89 */
90 char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
91 {
92 int i, ofs, maxlen;
93 uint32_t ia;
94 char *ret;
95
96 if (!sid) {
97 return talloc_strdup(mem_ctx, "(NULL SID)");
98 }
99
100 maxlen = sid->num_auths * 11 + 25;
101 ret = talloc_size(mem_ctx, maxlen);
102 if (!ret) return talloc_strdup(mem_ctx, "(SID ERR)");
103
104 ia = (sid->id_auth[5]) +
105 (sid->id_auth[4] << 8 ) +
106 (sid->id_auth[3] << 16) +
107 (sid->id_auth[2] << 24);
108
109 ofs = snprintf(ret, maxlen, "S-%u-%lu",
110 (uint_t)sid->sid_rev_num, (unsigned long)ia);
111
112 for (i = 0; i < sid->num_auths; i++) {
113 ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu", (unsigned long)sid->sub_auths[i]);
114 }
115
116 return ret;
117 }
118
119
120 /*
121 convert a string to a dom_sid, returning a talloc'd dom_sid
122 */
123 struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
124 {
125 struct dom_sid *ret;
126 uint_t rev, ia, num_sub_auths, i;
127 char *p;
128
129 if (strncasecmp(sidstr, "S-", 2)) {
130 return NULL;
131 }
132
133 sidstr += 2;
134
135 rev = strtol(sidstr, &p, 10);
136 if (*p != '-') {
137 return NULL;
138 }
139 sidstr = p+1;
140
141 ia = strtol(sidstr, &p, 10);
142 if (p == sidstr) {
143 return NULL;
144 }
145 sidstr = p;
146
147 num_sub_auths = 0;
148 for (i=0;sidstr[i];i++) {
149 if (sidstr[i] == '-') num_sub_auths++;
150 }
151
152 ret = talloc_p(mem_ctx, struct dom_sid);
153 if (!ret) {
154 return NULL;
155 }
156
157 ret->sub_auths = talloc_array_p(mem_ctx, uint32_t, num_sub_auths);
158 if (!ret->sub_auths) {
159 return NULL;
160 }
161
162 ret->sid_rev_num = rev;
163 ret->id_auth[0] = 0;
164 ret->id_auth[1] = 0;
165 ret->id_auth[2] = ia >> 24;
166 ret->id_auth[3] = ia >> 16;
167 ret->id_auth[4] = ia >> 8;
168 ret->id_auth[5] = ia;
169 ret->num_auths = num_sub_auths;
170
171 for (i=0;i<num_sub_auths;i++) {
172 if (sidstr[0] != '-') {
173 return NULL;
174 }
175 sidstr++;
176 ret->sub_auths[i] = strtoul(sidstr, &p, 10);
177 if (p == sidstr) {
178 return NULL;
179 }
180 sidstr = p;
181 }
182
183 return ret;
184 }
185
186 /*
187 copy a dom_sid structure
188 */
189 struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
190 {
191 struct dom_sid *ret;
192 int i;
193 ret = talloc_p(mem_ctx, struct dom_sid);
194 if (!ret) {
195 return NULL;
196 }
197
198 ret->sub_auths = talloc_array_p(ret, uint32_t, dom_sid->num_auths);
199 if (!ret->sub_auths) {
200 return NULL;
201 }
202
203 ret->sid_rev_num = dom_sid->sid_rev_num;
204 ret->id_auth[0] = dom_sid->id_auth[0];
205 ret->id_auth[1] = dom_sid->id_auth[1];
206 ret->id_auth[2] = dom_sid->id_auth[2];
207 ret->id_auth[3] = dom_sid->id_auth[3];
208 ret->id_auth[4] = dom_sid->id_auth[4];
209 ret->id_auth[5] = dom_sid->id_auth[5];
210 ret->num_auths = dom_sid->num_auths;
211
212 for (i=0;i<dom_sid->num_auths;i++) {
213 ret->sub_auths[i] = dom_sid->sub_auths[i];
214 }
215
216 return ret;
217 }
218
219 /*
220 add a rid to a domain dom_sid to make a full dom_sid. This function
221 returns a new sid in the suppplied memory context
222 */
223 struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
224 const struct dom_sid *domain_sid,
225 uint32_t rid)
226 {
227 struct dom_sid *sid;
228
229 sid = talloc_p(mem_ctx, struct dom_sid);
230 if (!sid) return NULL;
231
232 *sid = *domain_sid;
233
234 sid->sub_auths = talloc_array_p(sid, uint32_t, sid->num_auths+1);
235 if (!sid->sub_auths) {
236 return NULL;
237 }
238 memcpy(sid->sub_auths, domain_sid->sub_auths, sid->num_auths*sizeof(uint32_t));
239 sid->sub_auths[sid->num_auths] = rid;
240 sid->num_auths++;
241
242 return sid;
243 }
244
245
246 /*
247 return True if the 2nd sid is in the domain given by the first sid
248 */
249 BOOL dom_sid_in_domain(const struct dom_sid *domain_sid,
250 const struct dom_sid *sid)
251 {
252 int i;
253
254 if (!domain_sid || !sid) {
255 return False;
256 }
257
258 if (domain_sid->num_auths > sid->num_auths) {
259 return False;
260 }
261
262 for (i = domain_sid->num_auths-1; i >= 0; --i) {
263 if (domain_sid->sub_auths[i] != sid->sub_auths[i]) {
264 return False;
265 }
266 }
267
268 return dom_sid_compare_auth(domain_sid, sid) == 0;
269 }
reg import