libcli/security Move most of security_token.c to common code.

author Andrew Bartlett <abartlet@samba.org>

Fri, 17 Sep 2010 02:59:24 +0000 (12:59 +1000)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 12 Oct 2010 02:54:16 +0000 (02:54 +0000)
author Andrew Bartlett <abartlet@samba.org>
Fri, 17 Sep 2010 02:59:24 +0000 (12:59 +1000)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 12 Oct 2010 02:54:16 +0000 (02:54 +0000)
diff --git a/source4/libcli/security/security_token.c b/libcli/security/security_token.c

similarity index 73%

rename from source4/libcli/security/security_token.c

rename to libcli/security/security_token.c

index 9d37475c7a5cca1644889c07bab94523fa0b6db0..4e5aff87da55bb16d4f7716cf8dece252eaace9f 100644 (file)
--- a/source4/libcli/security/security_token.c
+++ b/libcli/security/security_token.c
@@ -1,28 +1,30 @@
-/* 
+/*
     Unix SMB/CIFS implementation.
  
     security descriptor utility functions
  
     Copyright (C) Andrew Tridgell               2004
+   Copyright (C) Andrew Bartlett               2010
     Copyright (C) Stefan Metzmacher             2005
-      
+
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
     the Free Software Foundation; either version 3 of the License, or
     (at your option) any later version.
-   
+
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
-   
+
     You should have received a copy of the GNU General Public License
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
  
  #include "includes.h"
-#include "libcli/security/security.h"
-#include "auth/session.h"
+#include "libcli/security/security_token.h"
+#include "libcli/security/dom_sid.h"
+#include "libcli/security/privileges.h"
  
  /*
    return a blank security token
@@ -57,10 +59,10 @@ void security_token_debug(int dbg_lev, const struct security_token *token)
                 return;
         }
  
-       DEBUG(dbg_lev, ("Security token SIDs (%lu):\n", 
+       DEBUG(dbg_lev, ("Security token SIDs (%lu):\n",
                                        (unsigned long)token->num_sids));
         for (i = 0; i < token->num_sids; i++) {
-               DEBUGADD(dbg_lev, ("  SID[%3lu]: %s\n", (unsigned long)i, 
+               DEBUGADD(dbg_lev, ("  SID[%3lu]: %s\n", (unsigned long)i,
                            dom_sid_string(mem_ctx, &token->sids[i])));
         }
  
@@ -91,12 +93,12 @@ bool security_token_is_sid_string(const struct security_token *token, const char
         return ret;
  }
  
-bool security_token_is_system(const struct security_token *token) 
+bool security_token_is_system(const struct security_token *token)
  {
         return security_token_is_sid_string(token, SID_NT_SYSTEM);
  }
  
-bool security_token_is_anonymous(const struct security_token *token) 
+bool security_token_is_anonymous(const struct security_token *token)
  {
         return security_token_is_sid_string(token, SID_NT_ANONYMOUS);
  }
@@ -138,44 +140,3 @@ bool security_token_has_enterprise_dcs(const struct security_token *token)
  {
         return security_token_has_sid_string(token, SID_NT_ENTERPRISE_DCS);
  }
-
-enum security_user_level security_session_user_level(struct auth_session_info *session_info,
-                                                    const struct dom_sid *domain_sid)
-{
-       if (!session_info) {
-               return SECURITY_ANONYMOUS;
-       }
-       
-       if (security_token_is_system(session_info->security_token)) {
-               return SECURITY_SYSTEM;
-       }
-
-       if (security_token_is_anonymous(session_info->security_token)) {
-               return SECURITY_ANONYMOUS;
-       }
-
-       if (security_token_has_builtin_administrators(session_info->security_token)) {
-               return SECURITY_ADMINISTRATOR;
-       }
-
-       if (domain_sid) {
-               struct dom_sid *rodc_dcs;
-               rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS);
-               if (security_token_has_sid(session_info->security_token, rodc_dcs)) {
-                       talloc_free(rodc_dcs);
-                       return SECURITY_RO_DOMAIN_CONTROLLER;
-               }
-               talloc_free(rodc_dcs);
-       }
-
-       if (security_token_has_enterprise_dcs(session_info->security_token)) {
-               return SECURITY_DOMAIN_CONTROLLER;
-       }
-
-       if (security_token_has_nt_authenticated_users(session_info->security_token)) {
-               return SECURITY_USER;
-       }
-
-       return SECURITY_ANONYMOUS;
-}
-
diff --git a/libcli/security/security_token.h b/libcli/security/security_token.h

new file mode 100644 (file)

index 0000000..87978e2
--- /dev/null
+++ b/libcli/security/security_token.h
@@ -0,0 +1,60 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   security descriptor utility functions
+
+   Copyright (C) Andrew Tridgell               2004
+   Copyright (C) Andrew Bartlett               2010
+   Copyright (C) Stefan Metzmacher             2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBCLI_SECURITY_SECURITY_TOKEN_H_
+#define _LIBCLI_SECURITY_SECURITY_TOKEN_H_
+
+#include "librpc/gen_ndr/security.h"
+
+#define PRIMARY_USER_SID_INDEX 0
+#define PRIMARY_GROUP_SID_INDEX 1
+
+/*
+  return a blank security token
+*/
+struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx);
+
+/****************************************************************************
+ prints a struct security_token to debug output.
+****************************************************************************/
+void security_token_debug(int dbg_lev, const struct security_token *token);
+
+bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid);
+
+bool security_token_is_sid_string(const struct security_token *token, const char *sid_string);
+
+bool security_token_is_system(const struct security_token *token);
+
+bool security_token_is_anonymous(const struct security_token *token);
+
+bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid);
+
+bool security_token_has_sid_string(const struct security_token *token, const char *sid_string);
+
+bool security_token_has_builtin_administrators(const struct security_token *token);
+
+bool security_token_has_nt_authenticated_users(const struct security_token *token);
+
+bool security_token_has_enterprise_dcs(const struct security_token *token);
+
+#endif
diff --git a/libcli/security/wscript_build b/libcli/security/wscript_build

index 8efb751560fecff2270f3f725fda6600110d3aef..5dac9019fb7e5138c8748874e909b61b0ee0c650 100644 (file)
--- a/libcli/security/wscript_build
+++ b/libcli/security/wscript_build
@@ -2,7 +2,7 @@
  
  
  bld.SAMBA_SUBSYSTEM('LIBSECURITY_COMMON',
-       source='dom_sid.c display_sec.c secace.c secacl.c security_descriptor.c sddl.c privileges.c',
+       source='dom_sid.c display_sec.c secace.c secacl.c security_descriptor.c sddl.c privileges.c security_token.c',
         deps='talloc LIBNDR'
         )
  
diff --git a/source4/libcli/security/security.h b/source4/libcli/security/security.h

index dc5e3ca736980eeead232937075dc8ed072e0838..12c95f1d83df79f52effa072626b2f6d895d26cc 100644 (file)
--- a/source4/libcli/security/security.h
+++ b/source4/libcli/security/security.h
@@ -49,6 +49,7 @@ struct object_tree {
  #include "libcli/security/secacl.h"
  #include "libcli/security/proto.h"
  #include "libcli/security/security_descriptor.h"
+#include "libcli/security/security_token.h"
  #include "libcli/security/sddl.h"
  #include "libcli/security/privileges.h"
  
diff --git a/source4/libcli/security/session.c b/source4/libcli/security/session.c

new file mode 100644 (file)

index 0000000..cd09b6d
--- /dev/null
+++ b/source4/libcli/security/session.c
@@ -0,0 +1,64 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   session_info utility functions
+
+   Copyright (C) Andrew Bartlett 2008-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/session.h"
+#include "libcli/security/security.h"
+
+enum security_user_level security_session_user_level(struct auth_session_info *session_info,
+                                                    const struct dom_sid *domain_sid)
+{
+       if (!session_info) {
+               return SECURITY_ANONYMOUS;
+       }
+
+       if (security_token_is_system(session_info->security_token)) {
+               return SECURITY_SYSTEM;
+       }
+
+       if (security_token_is_anonymous(session_info->security_token)) {
+               return SECURITY_ANONYMOUS;
+       }
+
+       if (security_token_has_builtin_administrators(session_info->security_token)) {
+               return SECURITY_ADMINISTRATOR;
+       }
+
+       if (domain_sid) {
+               struct dom_sid *rodc_dcs;
+               rodc_dcs = dom_sid_add_rid(session_info, domain_sid, DOMAIN_RID_READONLY_DCS);
+               if (security_token_has_sid(session_info->security_token, rodc_dcs)) {
+                       talloc_free(rodc_dcs);
+                       return SECURITY_RO_DOMAIN_CONTROLLER;
+               }
+               talloc_free(rodc_dcs);
+       }
+
+       if (security_token_has_enterprise_dcs(session_info->security_token)) {
+               return SECURITY_DOMAIN_CONTROLLER;
+       }
+
+       if (security_token_has_nt_authenticated_users(session_info->security_token)) {
+               return SECURITY_USER;
+       }
+
+       return SECURITY_ANONYMOUS;
+}
diff --git a/source4/libcli/security/wscript_build b/source4/libcli/security/wscript_build

index 5d53022137d2367bebc6e69c56f0b7ae467977fe..4187bcbebe02b5a3a5202d115d5c672f1328c556 100644 (file)
--- a/source4/libcli/security/wscript_build
+++ b/source4/libcli/security/wscript_build
@@ -1,7 +1,7 @@
  #!/usr/bin/env python
  
  bld.SAMBA_SUBSYSTEM('LIBSECURITY',
-       source='security_token.c access_check.c create_descriptor.c object_tree.c',
+       source='access_check.c create_descriptor.c object_tree.c session.c',
         autoproto='proto.h',
         public_deps='LIBNDR LIBSECURITY_COMMON'
         )
author	Andrew Bartlett <abartlet@samba.org>
	Fri, 17 Sep 2010 02:59:24 +0000 (12:59 +1000)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 12 Oct 2010 02:54:16 +0000 (02:54 +0000)
libcli/security/security_token.c	[moved from source4/libcli/security/security_token.c with 73% similarity]	patch \| blob \| history
libcli/security/security_token.h	[new file with mode: 0644]	patch \| blob
libcli/security/wscript_build		patch \| blob \| history
source4/libcli/security/security.h		patch \| blob \| history
source4/libcli/security/session.c	[new file with mode: 0644]	patch \| blob
source4/libcli/security/wscript_build		patch \| blob \| history