2 Unix SMB/Netbios implementation.
4 Samba utility functions
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 extern int DEBUGLEVEL;
28 /*****************************************************************
29 Convert a SID to an ascii string.
30 *****************************************************************/
32 char *sid_to_string(pstring sidstr_out, const DOM_SID *sid)
36 /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
37 uint32 ia = (sid->id_auth[5]) +
38 (sid->id_auth[4] << 8 ) +
39 (sid->id_auth[3] << 16) +
40 (sid->id_auth[2] << 24);
42 slprintf(sidstr_out, sizeof(pstring) - 1, "S-%u-%lu", (unsigned int)sid->sid_rev_num, (unsigned long)ia);
44 for (i = 0; i < sid->num_auths; i++)
46 slprintf(subauth, sizeof(subauth)-1, "-%lu", (unsigned long)sid->sub_auths[i]);
47 pstrcat(sidstr_out, subauth);
50 DEBUG(7,("sid_to_string returning %s\n", sidstr_out));
54 /*****************************************************************
55 Convert a string to a SID. Returns True on success, False on fail.
56 *****************************************************************/
58 BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
60 const char *p = sidstr;
61 /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
64 memset((char *)sidout, '\0', sizeof(DOM_SID));
66 if (StrnCaseCmp( sidstr, "S-", 2))
68 DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr));
72 if ((p = strchr(p, '-')) == NULL)
74 DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
80 /* Get the revision number. */
81 sidout->sid_rev_num = (uint8)strtoul(p,NULL,10);
83 if ((p = strchr(p, '-')) == NULL)
85 DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
91 /* identauth in decimal should be < 2^32 */
92 ia = (uint32)strtoul(p,NULL,10);
94 /* NOTE - the ia value is in big-endian format. */
95 sidout->id_auth[0] = 0;
96 sidout->id_auth[1] = 0;
97 sidout->id_auth[2] = (ia & 0xff000000) >> 24;
98 sidout->id_auth[3] = (ia & 0x00ff0000) >> 16;
99 sidout->id_auth[4] = (ia & 0x0000ff00) >> 8;
100 sidout->id_auth[5] = (ia & 0x000000ff);
102 sidout->num_auths = 0;
104 while (((p = strchr(p, '-')) != NULL) && sidout->num_auths < MAXSUBAUTHS)
108 * NOTE - the subauths are in native machine-endian format. They
109 * are converted to little-endian when linearized onto the wire.
111 sid_append_rid(sidout, (uint32)strtoul(p, NULL, 10));
117 /*****************************************************************
118 add a rid to the end of a sid
119 *****************************************************************/
120 BOOL sid_append_rid(DOM_SID *sid, uint32 rid)
122 if (sid->num_auths < MAXSUBAUTHS)
124 sid->sub_auths[sid->num_auths++] = rid;
130 /*****************************************************************
131 removes the last rid from the end of a sid
132 *****************************************************************/
133 BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
135 if (sid->num_auths > 0)
140 (*rid) = sid->sub_auths[sid->num_auths];
147 /*****************************************************************
149 *****************************************************************/
150 void sid_copy(DOM_SID *sid1, const DOM_SID *sid2)
154 for (i = 0; i < 6; i++)
156 sid1->id_auth[i] = sid2->id_auth[i];
159 for (i = 0; i < sid2->num_auths; i++)
161 sid1->sub_auths[i] = sid2->sub_auths[i];
164 sid1->num_auths = sid2->num_auths;
165 sid1->sid_rev_num = sid2->sid_rev_num;
168 /*****************************************************************
169 compare two sids up to the auths of the first sid
170 *****************************************************************/
171 BOOL sid_front_equal(const DOM_SID *sid1, const DOM_SID *sid2)
175 /* compare most likely different rids, first: i.e start at end */
176 for (i = sid1->num_auths-1; i >= 0; --i)
178 if (sid1->sub_auths[i] != sid2->sub_auths[i]) return False;
181 if (sid1->num_auths > sid2->num_auths ) return False;
182 if (sid1->sid_rev_num != sid2->sid_rev_num) return False;
184 for (i = 0; i < 6; i++)
186 if (sid1->id_auth[i] != sid2->id_auth[i]) return False;
192 /*****************************************************************
194 *****************************************************************/
195 BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
199 /* compare most likely different rids, first: i.e start at end */
200 for (i = sid1->num_auths-1; i >= 0; --i)
202 if (sid1->sub_auths[i] != sid2->sub_auths[i]) return False;
205 if (sid1->num_auths != sid2->num_auths ) return False;
206 if (sid1->sid_rev_num != sid2->sid_rev_num) return False;
208 for (i = 0; i < 6; i++)
210 if (sid1->id_auth[i] != sid2->id_auth[i]) return False;
217 /*****************************************************************
218 calculates size of a sid
219 *****************************************************************/
220 int sid_size(const DOM_SID *sid)
226 return sid->num_auths * sizeof(uint32) + 8;
230 /*****************************************************************
231 Duplicates a sid - mallocs the target.
232 *****************************************************************/
234 DOM_SID *sid_dup(const DOM_SID *src)
241 if((dst = (DOM_SID*)malloc(sizeof(DOM_SID))) != NULL) {
242 memset(dst, '\0', sizeof(DOM_SID));
250 /****************************************************************************
251 Read a SID from a file.
252 ****************************************************************************/
254 static BOOL read_sid_from_file(int fd, char *sid_file, DOM_SID *sid)
259 memset(fline, '\0', sizeof(fline));
261 if (read(fd, fline, sizeof(fline) -1 ) < 0) {
262 DEBUG(0,("unable to read file %s. Error was %s\n",
263 sid_file, strerror(errno) ));
268 * Convert to the machine SID.
271 fline[sizeof(fline)-1] = '\0';
272 if (!string_to_sid(sid, fline)) {
273 DEBUG(0,("unable to read sid.\n"));
277 sid_to_string(sid_str, sid);
278 DEBUG(5,("read_sid_from_file: sid %s\n", sid_str));
283 /****************************************************************************
284 Generate the global machine sid. Look for the DOMAINNAME.SID file first, if
285 not found then look in smb.conf and use it to create the DOMAINNAME.SID file.
286 ****************************************************************************/
287 BOOL read_sid(char *domain_name, DOM_SID *sid)
295 pstrcpy(sid_file, lp_smb_passwd_file());
297 DEBUG(10,("read_sid: Domain: %s\n", domain_name));
299 if (sid_file[0] == 0)
301 DEBUG(0,("cannot find smb passwd file\n"));
305 p = strrchr(sid_file, '/');
311 if (!directory_exist(sid_file, NULL))
313 if (mkdir(sid_file, 0700) != 0)
315 DEBUG(0,("can't create private directory %s : %s\n",
316 sid_file, strerror(errno)));
321 slprintf(file_name, sizeof(file_name)-1, "%s.SID", domain_name);
323 pstrcat(sid_file, file_name);
325 if ((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) {
326 DEBUG(0,("unable to open or create file %s. Error was %s\n",
327 sid_file, strerror(errno) ));
332 * Check if the file contains data.
335 if (sys_fstat(fd, &st) < 0) {
336 DEBUG(0,("unable to stat file %s. Error was %s\n",
337 sid_file, strerror(errno) ));
349 * We have a valid SID - read it.
352 if (!read_sid_from_file(fd, sid_file, sid))
354 DEBUG(0,("unable to read file %s. Error was %s\n",
355 sid_file, strerror(errno) ));
364 /****************************************************************************
365 Generate the global machine sid. Look for the DOMAINNAME.SID file first, if
366 not found then look in smb.conf and use it to create the DOMAINNAME.SID file.
367 ****************************************************************************/
368 BOOL write_sid(char *domain_name, DOM_SID *sid)
377 pstrcpy(sid_file, lp_smb_passwd_file());
378 sid_to_string(sid_string, sid);
380 DEBUG(10,("write_sid: Domain: %s SID: %s\n", domain_name, sid_string));
381 fstrcat(sid_string, "\n");
383 if (sid_file[0] == 0)
385 DEBUG(0,("cannot find smb passwd file\n"));
389 p = strrchr(sid_file, '/');
395 if (!directory_exist(sid_file, NULL)) {
396 if (mkdir(sid_file, 0700) != 0) {
397 DEBUG(0,("can't create private directory %s : %s\n",
398 sid_file, strerror(errno)));
403 slprintf(file_name, sizeof(file_name)-1, "%s.SID", domain_name);
405 pstrcat(sid_file, file_name);
407 if ((fd = sys_open(sid_file, O_RDWR | O_CREAT, 0644)) == -1) {
408 DEBUG(0,("unable to open or create file %s. Error was %s\n",
409 sid_file, strerror(errno) ));
414 * Check if the file contains data.
417 if (sys_fstat(fd, &st) < 0) {
418 DEBUG(0,("unable to stat file %s. Error was %s\n",
419 sid_file, strerror(errno) ));
427 * We have a valid SID already.
430 DEBUG(0,("SID file %s already exists\n", sid_file));
434 if (!do_file_lock(fd, 60, F_WRLCK))
436 DEBUG(0,("unable to lock file %s. Error was %s\n",
437 sid_file, strerror(errno) ));
443 * At this point we have a blocking lock on the SID
444 * file - check if in the meantime someone else wrote
445 * SID data into the file. If so - they were here first,
449 if (sys_fstat(fd, &st) < 0)
451 DEBUG(0,("unable to stat file %s. Error was %s\n",
452 sid_file, strerror(errno) ));
460 * Unlock as soon as possible to reduce
461 * contention on the exclusive lock.
463 do_file_lock(fd, 60, F_UNLCK);
466 * We have a valid SID already.
469 DEBUG(0,("SID file %s already exists\n", sid_file));
475 * The file is still empty and we have an exlusive lock on it.
476 * Write out out SID data into the file.
479 if (fchmod(fd, 0644) < 0)
481 DEBUG(0,("unable to set correct permissions on file %s. \
482 Error was %s\n", sid_file, strerror(errno) ));
487 if (write(fd, sid_string, strlen(sid_string)) != strlen(sid_string))
489 DEBUG(0,("unable to write file %s. Error was %s\n",
490 sid_file, strerror(errno) ));
499 do_file_lock(fd, 60, F_UNLCK);
504 /****************************************************************************
506 ****************************************************************************/
507 BOOL create_new_sid(DOM_SID *sid)
509 uchar raw_sid_data[12];
514 * Generate the new sid data & turn it into a string.
516 generate_random_buffer(raw_sid_data, 12, True);
518 fstrcpy(sid_string, "S-1-5-21");
519 for(i = 0; i < 3; i++)
522 slprintf(tmp_string, sizeof(tmp_string) - 1, "-%u", IVAL(raw_sid_data, i*4));
523 fstrcat(sid_string, tmp_string);
526 fstrcat(sid_string, "\n");
529 * Ensure our new SID is valid.
532 if (!string_to_sid(sid, sid_string))
534 DEBUG(0,("unable to generate machine SID.\n"));