root/source4/libcli/security/security_token.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. security_token_initialise
  2. security_token_debug
  3. security_token_is_sid
  4. security_token_is_sid_string
  5. security_token_is_system
  6. security_token_is_anonymous
  7. security_token_has_sid
  8. security_token_has_sid_string
  9. security_token_has_builtin_administrators
  10. security_token_has_nt_authenticated_users
  11. security_session_user_level

   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    security descriptror utility functions
   5 
   6    Copyright (C) Andrew Tridgell                2004
   7    Copyright (C) Stefan Metzmacher              2005
   8       
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13    
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18    
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 
  23 #include "includes.h"
  24 #include "libcli/security/security.h"
  25 #include "auth/session.h"
  26 
  27 /*
  28   return a blank security token
  29 */
  30 struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
     /* [<][>][^][v][top][bottom][index][help] */
  31 {
  32         struct security_token *st;
  33 
  34         st = talloc(mem_ctx, struct security_token);
  35         if (!st) {
  36                 return NULL;
  37         }
  38 
  39         st->user_sid = NULL;
  40         st->group_sid = NULL;
  41         st->num_sids = 0;
  42         st->sids = NULL;
  43         st->privilege_mask = 0;
  44 
  45         return st;
  46 }
  47 
  48 /****************************************************************************
  49  prints a struct security_token to debug output.
  50 ****************************************************************************/
  51 void security_token_debug(int dbg_lev, const struct security_token *token)
     /* [<][>][^][v][top][bottom][index][help] */
  52 {
  53         TALLOC_CTX *mem_ctx;
  54         int i;
  55 
  56         if (!token) {
  57                 DEBUG(dbg_lev, ("Security token: (NULL)\n"));
  58                 return;
  59         }
  60 
  61         mem_ctx = talloc_init("security_token_debug()");
  62         if (!mem_ctx) {
  63                 return;
  64         }
  65 
  66         DEBUG(dbg_lev, ("Security token of user %s\n",
  67                                     dom_sid_string(mem_ctx, token->user_sid) ));
  68         DEBUGADD(dbg_lev, (" SIDs (%lu):\n", 
  69                                        (unsigned long)token->num_sids));
  70         for (i = 0; i < token->num_sids; i++) {
  71                 DEBUGADD(dbg_lev, ("  SID[%3lu]: %s\n", (unsigned long)i, 
  72                            dom_sid_string(mem_ctx, token->sids[i])));
  73         }
  74 
  75         security_token_debug_privileges(dbg_lev, token);
  76 
  77         talloc_free(mem_ctx);
  78 }
  79 
  80 /* These really should be cheaper... */
  81 
  82 bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
     /* [<][>][^][v][top][bottom][index][help] */
  83 {
  84         if (dom_sid_equal(token->user_sid, sid)) {
  85                 return true;
  86         }
  87         return false;
  88 }
  89 
  90 bool security_token_is_sid_string(const struct security_token *token, const char *sid_string)
     /* [<][>][^][v][top][bottom][index][help] */
  91 {
  92         bool ret;
  93         struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
  94         if (!sid) return false;
  95 
  96         ret = security_token_is_sid(token, sid);
  97 
  98         talloc_free(sid);
  99         return ret;
 100 }
 101 
 102 bool security_token_is_system(const struct security_token *token) 
     /* [<][>][^][v][top][bottom][index][help] */
 103 {
 104         return security_token_is_sid_string(token, SID_NT_SYSTEM);
 105 }
 106 
 107 bool security_token_is_anonymous(const struct security_token *token) 
     /* [<][>][^][v][top][bottom][index][help] */
 108 {
 109         return security_token_is_sid_string(token, SID_NT_ANONYMOUS);
 110 }
 111 
 112 bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
     /* [<][>][^][v][top][bottom][index][help] */
 113 {
 114         int i;
 115         for (i = 0; i < token->num_sids; i++) {
 116                 if (dom_sid_equal(token->sids[i], sid)) {
 117                         return true;
 118                 }
 119         }
 120         return false;
 121 }
 122 
 123 bool security_token_has_sid_string(const struct security_token *token, const char *sid_string)
     /* [<][>][^][v][top][bottom][index][help] */
 124 {
 125         bool ret;
 126         struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
 127         if (!sid) return false;
 128 
 129         ret = security_token_has_sid(token, sid);
 130 
 131         talloc_free(sid);
 132         return ret;
 133 }
 134 
 135 bool security_token_has_builtin_administrators(const struct security_token *token)
     /* [<][>][^][v][top][bottom][index][help] */
 136 {
 137         return security_token_has_sid_string(token, SID_BUILTIN_ADMINISTRATORS);
 138 }
 139 
 140 bool security_token_has_nt_authenticated_users(const struct security_token *token)
     /* [<][>][^][v][top][bottom][index][help] */
 141 {
 142         return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS);
 143 }
 144 
 145 enum security_user_level security_session_user_level(struct auth_session_info *session_info) 
     /* [<][>][^][v][top][bottom][index][help] */
 146 {
 147         if (!session_info) {
 148                 return SECURITY_ANONYMOUS;
 149         }
 150         
 151         if (security_token_is_system(session_info->security_token)) {
 152                 return SECURITY_SYSTEM;
 153         }
 154 
 155         if (security_token_is_anonymous(session_info->security_token)) {
 156                 return SECURITY_ANONYMOUS;
 157         }
 158 
 159         if (security_token_has_builtin_administrators(session_info->security_token)) {
 160                 return SECURITY_ADMINISTRATOR;
 161         }
 162 
 163         if (security_token_has_nt_authenticated_users(session_info->security_token)) {
 164                 return SECURITY_USER;
 165         }
 166 
 167         return SECURITY_ANONYMOUS;
 168 }
 169 

/* [<][>][^][v][top][bottom][index][help] */