1 files changed, 23 insertions, 140 deletions

diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 0004aa87033..d9f7efe39b8 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -1,5 +1,6 @@
 /* 
-   Unix SMB/CIFS implementation.
+   Unix SMB/Netbios implementation.
+   Version 1.9.
    Samba utility functions
    Copyright (C) Andrew Tridgell 1992-1998
    Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
@@ -22,9 +23,7 @@
 
 #include "includes.h"
 
-/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
-   equal to the domain SID when we are a DC, otherwise its our
-   workstation SID */
+
 DOM_SID global_sam_sid;
 extern pstring global_myname;
 extern fstring global_myworkgroup;
@@ -62,6 +61,7 @@ static known_sid_users everyone_users[] = {
 
 static known_sid_users creator_owner_users[] = {
 	{ 0, SID_NAME_ALIAS, "Creator Owner" },
+	{ 1, SID_NAME_ALIAS, "Creator Group" },
 	{0, (enum SID_NAME_USE)0, NULL}};
 
 static known_sid_users nt_authority_users[] = {
@@ -360,16 +360,6 @@ char *sid_to_string(fstring sidstr_out, DOM_SID *sid)
   return sidstr_out;
 }
 
-/*
-  useful function for debug lines
-*/
-const char *sid_string_static(DOM_SID *sid)
-{
-	static fstring sid_str;
-	sid_to_string(sid_str, sid);
-	return sid_str;
-}
-
 /*****************************************************************
  Convert a string to a SID. Returns True on success, False on fail.
 *****************************************************************/  
@@ -380,20 +370,21 @@ BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
   char *p, *q;
   /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
   uint32 ia;
-  
+
+
   if (StrnCaseCmp( sidstr, "S-", 2)) {
     DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr));
     return False;
   }
 
   memset((char *)sidout, '\0', sizeof(DOM_SID));
-
+  
   q = p = strdup(sidstr + 2);
   if (p == NULL) {
     DEBUG(0, ("string_to_sid: out of memory!\n"));
     return False;
   }
-
+  
   if (!next_token(&p, tok, "-", sizeof(tok))) {
     DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
     SAFE_FREE(q);
@@ -431,6 +422,8 @@ BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
 	sid_append_rid(sidout, (uint32)strtoul(tok, NULL, 10));
   }
 
+  DEBUG(7,("string_to_sid: converted SID %s ok\n", sidstr));
+
   SAFE_FREE(q);
   return True;
 }
@@ -516,11 +509,12 @@ DOM_SID *sid_dup(DOM_SID *src)
 /*****************************************************************
  Write a sid out into on-the-wire format.
 *****************************************************************/  
+
 BOOL sid_linearize(char *outbuf, size_t len, DOM_SID *sid)
 {
 	size_t i;
 
-	if (len < sid_size(sid))
+	if(len < sid_size(sid))
 		return False;
 
 	SCVAL(outbuf,0,sid->sid_rev_num);
@@ -533,45 +527,6 @@ BOOL sid_linearize(char *outbuf, size_t len, DOM_SID *sid)
 }
 
 /*****************************************************************
- parse a on-the-wire SID to a DOM_SID
-*****************************************************************/  
-BOOL sid_parse(char *inbuf, size_t len, DOM_SID *sid)
-{
-	int i;
-	if (len < 8) return False;
-	sid->sid_rev_num = CVAL(inbuf, 0);
-	sid->num_auths = CVAL(inbuf, 1);
-	memcpy(sid->id_auth, inbuf+2, 6);
-	if (len < 8 + sid->num_auths*4) return False;
-	for (i=0;i<sid->num_auths;i++) {
-		sid->sub_auths[i] = IVAL(inbuf, 8+i*4);
-	}
-	return True;
-}
-
-
-/*****************************************************************
- Compare the auth portion of two sids.
-*****************************************************************/  
-int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2)
-{
-	int i;
-
-	if (sid1 == sid2) return 0;
-	if (!sid1) return -1;
-	if (!sid2) return 1;
-
-	if (sid1->sid_rev_num != sid2->sid_rev_num)
-		return sid1->sid_rev_num - sid2->sid_rev_num;
-
-	for (i = 0; i < 6; i++)
-		if (sid1->id_auth[i] != sid2->id_auth[i])
-			return sid1->id_auth[i] - sid2->id_auth[i];
-
-	return 0;
-}
-
-/*****************************************************************
  Compare two sids.
 *****************************************************************/  
 int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2)
@@ -583,36 +538,28 @@ int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2)
 	if (!sid2) return 1;
 
 	/* compare most likely different rids, first: i.e start at end */
-	if (sid1->num_auths != sid2->num_auths)
-		return sid1->num_auths - sid2->num_auths;
-
 	for (i = sid1->num_auths-1; i >= 0; --i)
 		if (sid1->sub_auths[i] != sid2->sub_auths[i])
 			return sid1->sub_auths[i] - sid2->sub_auths[i];
 
-	return sid_compare_auth(sid1, sid2);
-}
-
-/*****************************************************************
-see if 2 SIDs are in the same domain
-this just compares the leading sub-auths
-*****************************************************************/  
-int sid_compare_domain(const DOM_SID *sid1, const DOM_SID *sid2)
-{
-	int n, i;
+	if (sid1->num_auths != sid2->num_auths)
+		return sid1->num_auths - sid2->num_auths;
 
-	n = MIN(sid1->num_auths, sid2->num_auths);
+	if (sid1->sid_rev_num != sid2->sid_rev_num)
+		return sid1->sid_rev_num - sid2->sid_rev_num;
 
-	for (i = n-1; i >= 0; --i)
-		if (sid1->sub_auths[i] != sid2->sub_auths[i])
-			return sid1->sub_auths[i] - sid2->sub_auths[i];
+	for (i = 0; i < 6; i++)
+		if (sid1->id_auth[i] != sid2->id_auth[i])
+			return sid1->id_auth[i] - sid2->id_auth[i];
 
-	return sid_compare_auth(sid1, sid2);
+	return 0;
 }
 
+
 /*****************************************************************
  Compare two sids.
 *****************************************************************/  
+
 BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
 {
 	return sid_compare(sid1, sid2) == 0;
@@ -620,53 +567,6 @@ BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
 
 
 /*****************************************************************
- Check if the SID is our domain SID (S-1-5-21-x-y-z).
-*****************************************************************/  
-BOOL sid_check_is_domain(const DOM_SID *sid)
-{
-	return sid_equal(sid, &global_sam_sid);
-}
-
-
-/*****************************************************************
- Check if the SID is the builtin SID (S-1-5-32).
-*****************************************************************/  
-BOOL sid_check_is_builtin(const DOM_SID *sid)
-{
-	return sid_equal(sid, &global_sid_Builtin);
-}
-
-
-/*****************************************************************
- Check if the SID is our domain SID (S-1-5-21-x-y-z).
-*****************************************************************/  
-BOOL sid_check_is_in_our_domain(const DOM_SID *sid)
-{
-	DOM_SID dom_sid;
-	uint32 rid;
-
-	sid_copy(&dom_sid, sid);
-	sid_split_rid(&dom_sid, &rid);
-	
-	return sid_equal(&dom_sid, &global_sam_sid);
-}
-
-/*****************************************************************
- Check if the SID is our domain SID (S-1-5-21-x-y-z).
-*****************************************************************/  
-BOOL sid_check_is_in_builtin(const DOM_SID *sid)
-{
-	DOM_SID dom_sid;
-	uint32 rid;
-
-	sid_copy(&dom_sid, sid);
-	sid_split_rid(&dom_sid, &rid);
-	
-	return sid_equal(&dom_sid, &global_sid_Builtin);
-}
-
-
-/*****************************************************************
  Calculates size of a sid.
 *****************************************************************/  
 
@@ -693,7 +593,7 @@ BOOL non_mappable_sid(DOM_SID *sid)
 	if (sid_equal(&dom, &global_sid_Builtin))
 		return True;
 
-	if (sid_equal(&dom, &global_sid_Creator_Owner_Domain))
+    if (sid_equal(&dom, &global_sid_Creator_Owner_Domain))
 		return True;
  
 	if (sid_equal(&dom, &global_sid_NT_Authority))
@@ -701,20 +601,3 @@ BOOL non_mappable_sid(DOM_SID *sid)
 
 	return False;
 }
-
-/*
-  return the binary string representation of a DOM_SID
-  caller must free
-*/
-char *sid_binstring(DOM_SID *sid)
-{
-	char *buf, *s;
-	int len = sid_size(sid);
-	buf = malloc(len);
-	if (!buf) return NULL;
-	sid_linearize(buf, len, sid);
-	s = binary_string(buf, len);
-	free(buf);
-	return s;
-}
-