smb_sid.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* NT Security Identifier (SID) library functions.
*/
#ifndef _KERNEL
#include <stdio.h>
#include <strings.h>
#include <stdlib.h>
#include <syslog.h>
#else /* _KERNEL */
#endif /* _KERNEL */
#include <smbsrv/ntstatus.h>
/*
* nt_sid_is_valid
*
* Check that a sid is valid. The checking is minimal: check the pointer
* is valid and that the revision and sub-authority count is legal.
* Returns 1 if the sid appears to be valid. Otherwise 0.
*/
int
{
if (sid == 0)
return (0);
}
/*
* nt_sid_length
*
* Returns the number of bytes required to hold the sid.
*/
int
{
if (sid == 0)
return (0);
}
/*
* nt_sid_dup
*
* Make a duplicate of the specified sid. The memory for the new sid is
* allocated using malloc so the caller should call free when it is no
* longer required. A pointer to the new sid is returned.
*/
nt_sid_t *
{
int size;
int i;
if (sid == 0)
return (0);
+ sizeof (DWORD);
return (0);
return (new_sid);
}
/*
* nt_sid_splice
*
* Make a full user sid from the domain sid and the user relative id
* (rid). The memory for the new sid is allocated using malloc so the
* caller should call free when it is no longer required. A pointer
* to the new sid is returned.
*/
nt_sid_t *
{
int size;
int i;
if (domain_sid == 0)
return (0);
+ sizeof (DWORD);
return (0);
++sid->SubAuthCount;
return (sid);
}
/*
* nt_sid_get_rid
*
* Return the Relative Id (RID) from the specified SID. It is the
* caller's responsibility to ensure that this is an appropriate SID.
* All we do here is return the last sub-authority from the SID.
*/
int
{
if (!nt_sid_is_valid(sid))
return (-1);
if (sid->SubAuthCount == 0) {
return (-1);
}
if (rid)
return (0);
}
/*
* nt_sid_split
*
* Take a full user sid and split it into the domain sid and the user
* relative id (rid). The original sid is modified in place - use
* nt_sid_dup before calling this function to preserve the original SID.
*/
int
{
if (!nt_sid_is_valid(sid)) {
return (-1);
}
if (sid->SubAuthCount == 0) {
return (-1);
}
--sid->SubAuthCount;
if (rid)
return (0);
}
/*
* nt_sid_gen_null_sid
*
* This function allocates a SID structure and initializes it as the
* well-known Null SID (S-1-0-0). A pointer to the SID is returned.
* As the memory for this structure is obtained via malloc, it is the
* caller's responsibility to free the memory when it is no longer
* required. If malloc fails, a null pointer is returned.
*/
nt_sid_t *
nt_sid_gen_null_sid(void)
{
int size;
return (0);
}
return (sid);
}
/*
* nt_sid_is_equal
*
* Compare two SIDs and return a boolean result. The checks are ordered
* such that components that are more likely to differ are checked
* first. For example, after checking that the SIDs contain the same
* SubAuthCount, we check the sub-authorities in reverse order because
* the RID is the most likely differentiator between two SIDs, i.e.
* they are probably going to be in the same domain.
*
* Returns 1 if the SIDs are equal. Otherwise returns 0.
*/
int
{
int i;
return (0);
return (0);
return (0);
return (0);
return (1);
}
/*
* nt_sid_is_indomain
*
* Check if given SID is in given domain.
* Returns 1 on success. Otherwise returns 0.
*/
int
{
int i;
if (sid == 0 || domain_sid == 0) {
return (0);
}
return (0);
return (0);
return (0);
return (1);
}
#ifndef _KERNEL
/*
* nt_sid_is_local
*
* Check a SID to see if it belongs to the local domain. This is almost
* the same as checking that two SIDs are equal except that we don't
* care if the specified SID contains extra sub-authorities. We're only
* interested in the domain part.
*
* Returns 1 if the SIDs are equal. Otherwise returns 0.
*/
int
{
}
/*
* nt_sid_is_builtin
*
* Check a SID to see if it belongs to the builtin domain.
* Returns 1 if the SID is a builtin SID. Otherwise returns 0.
*/
int
{
if (domain == 0)
return (0);
}
#endif /* _KERNEL */
/*
* nt_sid_is_domain_equal
*
* Compare two SIDs's domain and return a boolean result.
*
* Returns 1 if the domain SID are the same. Otherwise returns 0.
*/
int
{
int i, n;
return (0);
return (0);
return (0);
n = pSid1->SubAuthCount;
n -= 1; /* don't compare last SubAuthority[] (aka RID) */
for (i = 0; i < n; i++)
return (0);
return (1);
}
/*
* nt_sid_logf
*
* Format a sid and write it to the system log. See nt_sid_format
* for format information.
*/
void
{
char *s;
if ((s = nt_sid_format(sid)) == 0)
return;
MEM_FREE("libnt", s);
}
/*
* nt_sid_format
*
* Format a sid and return it as a string. The memory for the string is
* allocated using malloc so the caller should call free when it is no
* longer required. A pointer to the string is returned.
*/
char *
{
int i;
char *fmtbuf;
char *p;
if (sid == 0)
return (0);
return (0);
p = fmtbuf;
while (*p)
++p;
for (i = 0; i < NT_SID_AUTH_MAX; ++i) {
while (*p)
++p;
}
}
while (*p)
++p;
}
return (fmtbuf);
}
/*
* nt_sid_format2
*
* Format a sid and return it in the passed buffer.
*/
void
{
int i;
char *p;
return;
p = fmtbuf;
while (*p)
++p;
for (i = 0; i < NT_SID_AUTH_MAX; ++i) {
while (*p)
++p;
}
}
while (*p)
++p;
}
}
/*
* nt_sid_strtosid
*
* Converts a SID in string form to a SID structure. There are lots of
* simplifying assumptions in here. The memory for the SID is allocated
* as if it was the largest possible SID; the caller is responsible for
* freeing the memory when it is no longer required. We assume that the
* string starts with "S-1-" and that the authority is held in the last
* byte, which should be okay for most situations. It also assumes the
* sub-authorities are in decimal format.
*
* On success, a pointer to a SID is returned. Otherwise a null pointer
* is returned.
*
* XXX this function may have endian issues
*/
nt_sid_t *
nt_sid_strtosid(char *sidstr)
{
char *p;
int size;
BYTE i;
#ifdef _KERNEL
long sua;
#endif /* _KERNEL */
if (sidstr == 0) {
return (0);
}
return (0);
}
return (0);
}
#ifndef _KERNEL
#else /* _KERNEL */
sua = 0;
#endif /* _KERNEL */
while (*p && *p == '-')
++p;
if (*p < '0' || *p > '9') {
return (0);
}
#ifndef _KERNEL
#else /* _KERNEL */
sua = 0;
#endif /* _KERNEL */
while (*p && *p != '-')
++p;
}
sid->SubAuthCount = i;
return (sid);
}
/*
* nt_sid_name_use
*
* Returns the text name for a SID_NAME_USE value. The SID_NAME_USE
* provides the context for a SID, i.e. the type of resource to which
* it refers.
*/
char *
nt_sid_name_use(unsigned int snu_id)
{
static char *snu_name[] = {
"SidTypeSidPrefix",
"SidTypeUser",
"SidTypeGroup",
"SidTypeDomain",
"SidTypeAlias",
"SidTypeWellKnownGroup",
"SidTypeDeletedAccount",
"SidTypeInvalid",
"SidTypeUnknown"
};
else {
return (snu_name[SidTypeUnknown]);
}
}
/*
* nt_sid_copy
*
* Copy information of srcsid to dessid. The buffer should be allocated
* for dessid before passing to this function. The size of buffer for
* dessid should be specified in the buflen.
*
* Returns total bytes of information copied. If there is an error, 0
* will be returned.
*/
int
{
unsigned n_bytes;
return (0);
return (0);
return (n_bytes);
}