Line data    Source code

       1             : /* 
       2             :  *  Unix SMB/CIFS implementation.
       3             :  *  Authentication utility functions
       4             :  *  Copyright (C) Andrew Tridgell 1992-1998
       5             :  *  Copyright (C) Andrew Bartlett 2001-2023
       6             :  *  Copyright (C) Jeremy Allison 2000-2001
       7             :  *  Copyright (C) Rafal Szczesniak 2002
       8             :  *  Copyright (C) Volker Lendecke 2006
       9             :  *  Copyright (C) Michael Adam 2007
      10             :  *  Copyright (C) Guenther Deschner 2007
      11             :  *
      12             :  *  This program is free software; you can redistribute it and/or modify
      13             :  *  it under the terms of the GNU General Public License as published by
      14             :  *  the Free Software Foundation; either version 3 of the License, or
      15             :  *  (at your option) any later version.
      16             :  *  
      17             :  *  This program is distributed in the hope that it will be useful,
      18             :  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
      19             :  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      20             :  *  GNU General Public License for more details.
      21             :  *  
      22             :  *  You should have received a copy of the GNU General Public License
      23             :  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
      24             :  */
      25             : 
      26             : /* function(s) moved from auth/auth_util.c to minimize linker deps */
      27             : 
      28             : #include "includes.h"
      29             : #include "../libcli/security/security.h"
      30             : 
      31             : /****************************************************************************
      32             :  merge NT tokens
      33             : ****************************************************************************/
      34             : 
      35           2 : NTSTATUS merge_with_system_token(TALLOC_CTX *mem_ctx,
      36             :                                  const struct security_token *token_1,
      37             :                                  struct security_token **token_out)
      38             : {
      39           2 :         const struct security_token *token_2 = get_system_token();
      40           2 :         struct security_token *token = NULL;
      41           0 :         NTSTATUS status;
      42           0 :         uint32_t i;
      43             : 
      44           2 :         if (!token_1 || !token_2 || !token_out) {
      45           0 :                 return NT_STATUS_INVALID_PARAMETER;
      46             :         }
      47             : 
      48           2 :         token = talloc_zero(mem_ctx, struct security_token);
      49           2 :         NT_STATUS_HAVE_NO_MEMORY(token);
      50             : 
      51          18 :         for (i=0; i < token_1->num_sids; i++) {
      52          16 :                 status = add_sid_to_array_unique(mem_ctx,
      53          16 :                                                  &token_1->sids[i],
      54             :                                                  &token->sids,
      55             :                                                  &token->num_sids);
      56          16 :                 if (!NT_STATUS_IS_OK(status)) {
      57           0 :                         TALLOC_FREE(token);
      58           0 :                         return status;
      59             :                 }
      60             :         }
      61             : 
      62           4 :         for (i=0; i < token_2->num_sids; i++) {
      63           2 :                 status = add_sid_to_array_unique(mem_ctx,
      64           2 :                                                  &token_2->sids[i],
      65             :                                                  &token->sids,
      66             :                                                  &token->num_sids);
      67           2 :                 if (!NT_STATUS_IS_OK(status)) {
      68           0 :                         TALLOC_FREE(token);
      69           0 :                         return status;
      70             :                 }
      71             :         }
      72             : 
      73           2 :         token->privilege_mask |= token_1->privilege_mask;
      74           2 :         token->privilege_mask |= token_2->privilege_mask;
      75             : 
      76           2 :         token->rights_mask |= token_1->rights_mask;
      77           2 :         token->rights_mask |= token_2->rights_mask;
      78             : 
      79             :         /*
      80             :          * We don't need to merge claims as the system token has no
      81             :          * claims
      82             :          */
      83             : 
      84           2 :         *token_out = token;
      85             : 
      86           2 :         return NT_STATUS_OK;
      87             : }
      88             : 
      89             : /*******************************************************************
      90             :  Check if this struct security_ace has a SID in common with the token.
      91             : ********************************************************************/
      92             : 
      93           0 : bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace)
      94             : {
      95           0 :         size_t i;
      96             : 
      97           0 :         for (i = 0; i < token->num_sids; i++) {
      98           0 :                 if (dom_sid_equal(&ace->trustee, &token->sids[i]))
      99           0 :                         return true;
     100             :         }
     101             : 
     102           0 :         return false;
     103             : }