2 Unix SMB/CIFS implementation.
3 Samba utility functions
5 Copyright (C) Stefan (metze) Metzmacher 2002-2004
6 Copyright (C) Andrew Tridgell 1992-2004
7 Copyright (C) Jeremy Allison 1999
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #include "libcli/security/security.h"
27 /*****************************************************************
28 Compare the auth portion of two sids.
29 *****************************************************************/
31 static int dom_sid_compare_auth(const struct dom_sid
*sid1
, const struct dom_sid
*sid2
)
42 if (sid1
->sid_rev_num
!= sid2
->sid_rev_num
)
43 return sid1
->sid_rev_num
- sid2
->sid_rev_num
;
45 for (i
= 0; i
< 6; i
++)
46 if (sid1
->id_auth
[i
] != sid2
->id_auth
[i
])
47 return sid1
->id_auth
[i
] - sid2
->id_auth
[i
];
52 /*****************************************************************
54 *****************************************************************/
56 static int dom_sid_compare(const struct dom_sid
*sid1
, const struct dom_sid
*sid2
)
67 /* Compare most likely different rids, first: i.e start at end */
68 if (sid1
->num_auths
!= sid2
->num_auths
)
69 return sid1
->num_auths
- sid2
->num_auths
;
71 for (i
= sid1
->num_auths
-1; i
>= 0; --i
)
72 if (sid1
->sub_auths
[i
] != sid2
->sub_auths
[i
])
73 return sid1
->sub_auths
[i
] - sid2
->sub_auths
[i
];
75 return dom_sid_compare_auth(sid1
, sid2
);
78 /*****************************************************************
80 *****************************************************************/
82 BOOL
dom_sid_equal(const struct dom_sid
*sid1
, const struct dom_sid
*sid2
)
84 return dom_sid_compare(sid1
, sid2
) == 0;
88 convert a dom_sid to a string
90 char *dom_sid_string(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*sid
)
97 return talloc_strdup(mem_ctx
, "(NULL SID)");
100 maxlen
= sid
->num_auths
* 11 + 25;
101 ret
= talloc_size(mem_ctx
, maxlen
);
102 if (!ret
) return talloc_strdup(mem_ctx
, "(SID ERR)");
104 ia
= (sid
->id_auth
[5]) +
105 (sid
->id_auth
[4] << 8 ) +
106 (sid
->id_auth
[3] << 16) +
107 (sid
->id_auth
[2] << 24);
109 ofs
= snprintf(ret
, maxlen
, "S-%u-%lu",
110 (uint_t
)sid
->sid_rev_num
, (unsigned long)ia
);
112 for (i
= 0; i
< sid
->num_auths
; i
++) {
113 ofs
+= snprintf(ret
+ ofs
, maxlen
- ofs
, "-%lu", (unsigned long)sid
->sub_auths
[i
]);
121 convert a string to a dom_sid, returning a talloc'd dom_sid
123 struct dom_sid
*dom_sid_parse_talloc(TALLOC_CTX
*mem_ctx
, const char *sidstr
)
126 uint_t rev
, ia
, num_sub_auths
, i
;
129 if (strncasecmp(sidstr
, "S-", 2)) {
135 rev
= strtol(sidstr
, &p
, 10);
141 ia
= strtol(sidstr
, &p
, 10);
148 for (i
=0;sidstr
[i
];i
++) {
149 if (sidstr
[i
] == '-') num_sub_auths
++;
152 ret
= talloc_p(mem_ctx
, struct dom_sid
);
157 ret
->sub_auths
= talloc_array_p(mem_ctx
, uint32_t, num_sub_auths
);
158 if (!ret
->sub_auths
) {
162 ret
->sid_rev_num
= rev
;
165 ret
->id_auth
[2] = ia
>> 24;
166 ret
->id_auth
[3] = ia
>> 16;
167 ret
->id_auth
[4] = ia
>> 8;
168 ret
->id_auth
[5] = ia
;
169 ret
->num_auths
= num_sub_auths
;
171 for (i
=0;i
<num_sub_auths
;i
++) {
172 if (sidstr
[0] != '-') {
176 ret
->sub_auths
[i
] = strtoul(sidstr
, &p
, 10);
187 copy a dom_sid structure
189 struct dom_sid
*dom_sid_dup(TALLOC_CTX
*mem_ctx
, const struct dom_sid
*dom_sid
)
193 ret
= talloc_p(mem_ctx
, struct dom_sid
);
198 ret
->sub_auths
= talloc_array_p(ret
, uint32_t, dom_sid
->num_auths
);
199 if (!ret
->sub_auths
) {
203 ret
->sid_rev_num
= dom_sid
->sid_rev_num
;
204 ret
->id_auth
[0] = dom_sid
->id_auth
[0];
205 ret
->id_auth
[1] = dom_sid
->id_auth
[1];
206 ret
->id_auth
[2] = dom_sid
->id_auth
[2];
207 ret
->id_auth
[3] = dom_sid
->id_auth
[3];
208 ret
->id_auth
[4] = dom_sid
->id_auth
[4];
209 ret
->id_auth
[5] = dom_sid
->id_auth
[5];
210 ret
->num_auths
= dom_sid
->num_auths
;
212 for (i
=0;i
<dom_sid
->num_auths
;i
++) {
213 ret
->sub_auths
[i
] = dom_sid
->sub_auths
[i
];
220 add a rid to a domain dom_sid to make a full dom_sid. This function
221 returns a new sid in the suppplied memory context
223 struct dom_sid
*dom_sid_add_rid(TALLOC_CTX
*mem_ctx
,
224 const struct dom_sid
*domain_sid
,
229 sid
= talloc_p(mem_ctx
, struct dom_sid
);
230 if (!sid
) return NULL
;
234 sid
->sub_auths
= talloc_array_p(sid
, uint32_t, sid
->num_auths
+1);
235 if (!sid
->sub_auths
) {
238 memcpy(sid
->sub_auths
, domain_sid
->sub_auths
, sid
->num_auths
*sizeof(uint32_t));
239 sid
->sub_auths
[sid
->num_auths
] = rid
;
247 return True if the 2nd sid is in the domain given by the first sid
249 BOOL
dom_sid_in_domain(const struct dom_sid
*domain_sid
,
250 const struct dom_sid
*sid
)
254 if (!domain_sid
|| !sid
) {
258 if (domain_sid
->num_auths
> sid
->num_auths
) {
262 for (i
= domain_sid
->num_auths
-1; i
>= 0; --i
) {
263 if (domain_sid
->sub_auths
[i
] != sid
->sub_auths
[i
]) {
268 return dom_sid_compare_auth(domain_sid
, sid
) == 0;