From a879a4610dac03b814ad40800f408416d250c6be Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 18 Sep 2010 12:55:31 +1000
Subject: libcli/auth Merge source4/libcli/security and util_sid.c into the
 common code

This should ensure we only have one copy of these core functions
in the tree.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 source3/Makefile.in              |   5 +-
 source3/include/proto.h          |  18 ---
 source3/include/smb.h            |  26 ----
 source3/lib/util_sid.c           | 314 +--------------------------------------
 source3/winbindd/winbindd_util.c |   2 +-
 5 files changed, 5 insertions(+), 360 deletions(-)

(limited to 'source3')

diff --git a/source3/Makefile.in b/source3/Makefile.in
index a73ce26a3ab..491c1a9f6a5 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -470,14 +470,15 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
 	  lib/module.o lib/events.o @LIBTEVENT_OBJ0@ \
 	  lib/server_contexts.o \
 	  lib/ldap_escape.o @CHARSET_STATIC@ \
-	  lib/secdesc.o ../libcli/security/access_check.o ../libcli/security/secace.o \
+	  lib/secdesc.o ../libcli/security/access_check.o \
+	  ../libcli/security/secace.o ../libcli/security/object_tree.o \
 	  ../libcli/security/sddl.o \
 	  ../libcli/security/secacl.o @PTHREADPOOL_OBJ@ \
 	  lib/fncall.o \
 	  libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
 	  lib/file_id.o lib/idmap_cache.o \
 	  ../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o \
-	  ../libcli/security/security_token.o
+	  ../libcli/security/security_token.o ../libcli/security/util_sid.o
 
 LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o
 LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 81e19095211..3725ea3fa81 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1258,31 +1258,13 @@ bool is_setuid_root(void) ;
 
 /* The following definitions come from lib/util_sid.c  */
 
-const char *sid_type_lookup(uint32 sid_type) ;
-const struct security_token *get_system_token(void) ;
 char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid);
 char *sid_string_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
 char *sid_string_dbg(const struct dom_sid *sid);
 char *sid_string_tos(const struct dom_sid *sid);
-bool string_to_sid(struct dom_sid *sidout, const char *sidstr);
-bool sid_append_rid(struct dom_sid *sid, uint32 rid);
-bool sid_compose(struct dom_sid *dst, const struct dom_sid *domain_sid, uint32 rid);
-bool sid_split_rid(struct dom_sid *sid, uint32 *rid);
-bool sid_peek_rid(const struct dom_sid *sid, uint32 *rid);
-bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32 *rid);
-void sid_copy(struct dom_sid *dst, const struct dom_sid *src);
 bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid);
-bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid);
 bool non_mappable_sid(struct dom_sid *sid);
 char *sid_binstring_hex(const struct dom_sid *sid);
-NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
-			  struct dom_sid **sids, uint32_t *num);
-NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
-				 struct dom_sid **sids, uint32_t *num_sids);
-void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t *num);
-bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
-				    uint32 rid, uint32 **pp_rids, size_t *p_num);
-bool is_null_sid(const struct dom_sid *sid);
 NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
 			      const struct netr_SamInfo3 *info3,
 			      struct dom_sid **user_sids,
diff --git a/source3/include/smb.h b/source3/include/smb.h
index ae93bbbe7ee..07a53de8e6e 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -193,32 +193,6 @@ struct lsa_name_info {
 	int dom_idx;
 };
 
-/* Some well-known SIDs */
-extern const struct dom_sid global_sid_World_Domain;
-extern const struct dom_sid global_sid_World;
-extern const struct dom_sid global_sid_Creator_Owner_Domain;
-extern const struct dom_sid global_sid_NT_Authority;
-extern const struct dom_sid global_sid_System;
-extern const struct dom_sid global_sid_NULL;
-extern const struct dom_sid global_sid_Authenticated_Users;
-extern const struct dom_sid global_sid_Network;
-extern const struct dom_sid global_sid_Creator_Owner;
-extern const struct dom_sid global_sid_Creator_Group;
-extern const struct dom_sid global_sid_Anonymous;
-extern const struct dom_sid global_sid_Builtin;
-extern const struct dom_sid global_sid_Builtin_Administrators;
-extern const struct dom_sid global_sid_Builtin_Users;
-extern const struct dom_sid global_sid_Builtin_Guests;
-extern const struct dom_sid global_sid_Builtin_Power_Users;
-extern const struct dom_sid global_sid_Builtin_Account_Operators;
-extern const struct dom_sid global_sid_Builtin_Server_Operators;
-extern const struct dom_sid global_sid_Builtin_Print_Operators;
-extern const struct dom_sid global_sid_Builtin_Backup_Operators;
-extern const struct dom_sid global_sid_Builtin_Replicator;
-extern const struct dom_sid global_sid_Builtin_PreWin2kAccess;
-extern const struct dom_sid global_sid_Unix_Users;
-extern const struct dom_sid global_sid_Unix_Groups;
-
 /*
  * The complete list of SIDS belonging to this user.
  * Created when a vuid is registered.
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 25933116c45..bb9e2e98f97 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -25,132 +25,8 @@
 #include "includes.h"
 #include "../librpc/gen_ndr/ndr_security.h"
 #include "../librpc/gen_ndr/netlogon.h"
-#include "../libcli/security/dom_sid.h"
-
-/*
- * Some useful sids, more well known sids can be found at
- * http://support.microsoft.com/kb/243330/EN-US/
- */
-
-
-const struct dom_sid global_sid_World_Domain =               /* Everyone domain */
-{ 1, 0, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_World =                      /* Everyone */
-{ 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Creator_Owner_Domain =       /* Creator Owner domain */
-{ 1, 0, {0,0,0,0,0,3}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_NT_Authority =    		/* NT Authority */
-{ 1, 0, {0,0,0,0,0,5}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_System =			/* System */
-{ 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_NULL =            		/* NULL sid */
-{ 1, 1, {0,0,0,0,0,0}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Authenticated_Users =	/* All authenticated rids */
-{ 1, 1, {0,0,0,0,0,5}, {11,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-#if 0
-/* for documentation */
-const struct dom_sid global_sid_Restriced =			/* Restriced Code */
-{ 1, 1, {0,0,0,0,0,5}, {12,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-#endif
-const struct dom_sid global_sid_Network =			/* Network rids */
-{ 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-
-const struct dom_sid global_sid_Creator_Owner =		/* Creator Owner */
-{ 1, 1, {0,0,0,0,0,3}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Creator_Group =		/* Creator Group */
-{ 1, 1, {0,0,0,0,0,3}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Anonymous =			/* Anonymous login */
-{ 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-
-const struct dom_sid global_sid_Builtin = 			/* Local well-known domain */
-{ 1, 1, {0,0,0,0,0,5}, {32,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_Administrators =	/* Builtin administrators */
-{ 1, 2, {0,0,0,0,0,5}, {32,544,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_Users =		/* Builtin users */
-{ 1, 2, {0,0,0,0,0,5}, {32,545,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_Guests =		/* Builtin guest users */
-{ 1, 2, {0,0,0,0,0,5}, {32,546,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_Power_Users =	/* Builtin power users */
-{ 1, 2, {0,0,0,0,0,5}, {32,547,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_Account_Operators =	/* Builtin account operators */
-{ 1, 2, {0,0,0,0,0,5}, {32,548,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_Server_Operators =	/* Builtin server operators */
-{ 1, 2, {0,0,0,0,0,5}, {32,549,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_Print_Operators =	/* Builtin print operators */
-{ 1, 2, {0,0,0,0,0,5}, {32,550,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_Backup_Operators =	/* Builtin backup operators */
-{ 1, 2, {0,0,0,0,0,5}, {32,551,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_Replicator =		/* Builtin replicator */
-{ 1, 2, {0,0,0,0,0,5}, {32,552,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Builtin_PreWin2kAccess =	/* Builtin pre win2k access */
-{ 1, 2, {0,0,0,0,0,5}, {32,554,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-
-const struct dom_sid global_sid_Unix_Users =			/* Unmapped Unix users */
-{ 1, 1, {0,0,0,0,0,22}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-const struct dom_sid global_sid_Unix_Groups =			/* Unmapped Unix groups */
-{ 1, 1, {0,0,0,0,0,22}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-
-/* Unused, left here for documentary purposes */
-#if 0
-#define SECURITY_NULL_SID_AUTHORITY    0
-#define SECURITY_WORLD_SID_AUTHORITY   1
-#define SECURITY_LOCAL_SID_AUTHORITY   2
-#define SECURITY_CREATOR_SID_AUTHORITY 3
-#define SECURITY_NT_AUTHORITY          5
-#endif
-
-static struct dom_sid system_sid_array[1] =
-{ { 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
-static const struct security_token system_token = {
-	.num_sids       = ARRAY_SIZE(system_sid_array),
-	.sids           = system_sid_array,
-	.privilege_mask = SE_ALL_PRIVS
-};
-
-/****************************************************************************
- Lookup string names for SID types.
-****************************************************************************/
-
-static const struct {
-	enum lsa_SidType sid_type;
-	const char *string;
-} sid_name_type[] = {
-	{SID_NAME_USER, "User"},
-	{SID_NAME_DOM_GRP, "Domain Group"},
-	{SID_NAME_DOMAIN, "Domain"},
-	{SID_NAME_ALIAS, "Local Group"},
-	{SID_NAME_WKN_GRP, "Well-known Group"},
-	{SID_NAME_DELETED, "Deleted Account"},
-	{SID_NAME_INVALID, "Invalid Account"},
-	{SID_NAME_UNKNOWN, "UNKNOWN"},
-	{SID_NAME_COMPUTER, "Computer"},
-
- 	{(enum lsa_SidType)0, NULL}
-};
-
-const char *sid_type_lookup(uint32 sid_type) 
-{
-	int i = 0;
-
-	/* Look through list */
-	while(sid_name_type[i].sid_type != 0) {
-		if (sid_name_type[i].sid_type == sid_type)
-			return sid_name_type[i].string;
-		i++;
-	}
+#include "../libcli/security/security.h"
 
-	/* Default return */
-	return "SID *TYPE* is INVALID";
-}
-
-/**************************************************************************
- Create the SYSTEM token.
-***************************************************************************/
-
-const struct security_token *get_system_token(void)
-{
-	return &system_token;
-}
 
 /*****************************************************************
  Convert a SID to an ascii string.
@@ -194,83 +70,6 @@ char *sid_string_tos(const struct dom_sid *sid)
 	return sid_string_talloc(talloc_tos(), sid);
 }
 
-bool sid_compose(struct dom_sid *dst, const struct dom_sid *domain_sid, uint32 rid)
-{
-	sid_copy(dst, domain_sid);
-	return sid_append_rid(dst, rid);
-}
-
-/*****************************************************************
- Removes the last rid from the end of a sid
-*****************************************************************/  
-
-bool sid_split_rid(struct dom_sid *sid, uint32 *rid)
-{
-	if (sid->num_auths > 0) {
-		sid->num_auths--;
-		*rid = sid->sub_auths[sid->num_auths];
-		return True;
-	}
-	return False;
-}
-
-/*****************************************************************
- Return the last rid from the end of a sid
-*****************************************************************/  
-
-bool sid_peek_rid(const struct dom_sid *sid, uint32 *rid)
-{
-	if (!sid || !rid)
-		return False;		
-
-	if (sid->num_auths > 0) {
-		*rid = sid->sub_auths[sid->num_auths - 1];
-		return True;
-	}
-	return False;
-}
-
-/*****************************************************************
- Return the last rid from the end of a sid
- and check the sid against the exp_dom_sid  
-*****************************************************************/  
-
-bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32 *rid)
-{
-	if (!exp_dom_sid || !sid || !rid)
-		return False;
-
-	if (sid->num_auths != (exp_dom_sid->num_auths+1)) {
-		return False;
-	}
-
-	if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){
-		*rid=(-1);
-		return False;
-	}
-
-	return sid_peek_rid(sid, rid);
-}
-
-/*****************************************************************
- Copies a sid
-*****************************************************************/  
-
-void sid_copy(struct dom_sid *dst, const struct dom_sid *src)
-{
-	int i;
-
-	ZERO_STRUCTP(dst);
-
-	dst->sid_rev_num = src->sid_rev_num;
-	dst->num_auths = src->num_auths;
-
-	memcpy(&dst->id_auth[0], &src->id_auth[0], sizeof(src->id_auth));
-
-	for (i = 0; i < src->num_auths; i++)
-		dst->sub_auths[i] = src->sub_auths[i];
-}
-
 /*****************************************************************
  Write a sid out into on-the-wire format.
 *****************************************************************/  
@@ -291,22 +90,6 @@ bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid)
 	return True;
 }
 
-/*****************************************************************
- Parse a on-the-wire SID to a struct dom_sid.
-*****************************************************************/  
-
-bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid)
-{
-	enum ndr_err_code ndr_err;
-	DATA_BLOB in = data_blob_const(inbuf, len);
-	ndr_err = ndr_pull_struct_blob_all(&in, NULL, sid,
-					   (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		return false;
-	}
-	return true;
-}
-
 /*****************************************************************
  Returns true if SID is internal (and non-mappable).
 *****************************************************************/
@@ -346,101 +129,6 @@ char *sid_binstring_hex(const struct dom_sid *sid)
 	return s;
 }
 
-/********************************************************************
- Add SID to an array SIDs
-********************************************************************/
-
-NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
-			  struct dom_sid **sids, uint32_t *num)
-{
-	*sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, struct dom_sid,
-					     (*num)+1);
-	if (*sids == NULL) {
-		*num = 0;
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	sid_copy(&((*sids)[*num]), sid);
-	*num += 1;
-
-	return NT_STATUS_OK;
-}
-
-
-/********************************************************************
- Add SID to an array SIDs ensuring that it is not already there
-********************************************************************/
-
-NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
-				 struct dom_sid **sids, uint32_t *num_sids)
-{
-	size_t i;
-
-	for (i=0; i<(*num_sids); i++) {
-		if (dom_sid_compare(sid, &(*sids)[i]) == 0)
-			return NT_STATUS_OK;
-	}
-
-	return add_sid_to_array(mem_ctx, sid, sids, num_sids);
-}
-
-/********************************************************************
- Remove SID from an array
-********************************************************************/
-
-void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t *num)
-{
-	struct dom_sid *sid_list = *sids;
-	size_t i;
-
-	for ( i=0; i<*num; i++ ) {
-
-		/* if we find the SID, then decrement the count
-		   and break out of the loop */
-
-		if ( dom_sid_equal(sid, &sid_list[i]) ) {
-			*num -= 1;
-			break;
-		}
-	}
-
-	/* This loop will copy the remainder of the array 
-	   if i < num of sids ni the array */
-
-	for ( ; i<*num; i++ ) 
-		sid_copy( &sid_list[i], &sid_list[i+1] );
-
-	return;
-}
-
-bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
-				    uint32 rid, uint32 **pp_rids, size_t *p_num)
-{
-	size_t i;
-
-	for (i=0; i<*p_num; i++) {
-		if ((*pp_rids)[i] == rid)
-			return True;
-	}
-
-	*pp_rids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_rids, uint32, *p_num+1);
-
-	if (*pp_rids == NULL) {
-		*p_num = 0;
-		return False;
-	}
-
-	(*pp_rids)[*p_num] = rid;
-	*p_num += 1;
-	return True;
-}
-
-bool is_null_sid(const struct dom_sid *sid)
-{
-	static const struct dom_sid null_sid = {0};
-	return dom_sid_equal(sid, &null_sid);
-}
-
 NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
 			      const struct netr_SamInfo3 *info3,
 			      struct dom_sid **user_sids,
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index aec4cc60a2d..afdce47d2d3 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -31,7 +31,7 @@
 extern struct winbindd_methods cache_methods;
 
 /**
- * @file winbindd_util.c
+ * @file winbindd_util.cq
  *
  * Winbind daemon for NT domain authentication nss module.
  **/
-- 
cgit