2 * Unix SMB/CIFS implementation.
3 * Authentication utility functions
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Andrew Bartlett 2001
6 * Copyright (C) Jeremy Allison 2000-2001
7 * Copyright (C) Rafal Szczesniak 2002
8 * Copyright (C) Volker Lendecke 2006
9 * Copyright (C) Michael Adam 2007
10 * Copyright (C) Guenther Deschner 2007
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 3 of the License, or
15 * (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 /* function(s) moved from auth/auth_util.c to minimize linker deps */
30 /****************************************************************************
31 Duplicate a SID token.
32 ****************************************************************************/
34 NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken)
41 token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN);
43 DEBUG(0, ("talloc failed\n"));
47 if (ptoken->user_sids && ptoken->num_sids) {
48 token->user_sids = (DOM_SID *)talloc_memdup(
49 token, ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids );
51 if (token->user_sids == NULL) {
52 DEBUG(0, ("talloc_memdup failed\n"));
56 token->num_sids = ptoken->num_sids;
59 /* copy the privileges; don't consider failure to be critical here */
61 if ( !se_priv_copy( &token->privileges, &ptoken->privileges ) ) {
62 DEBUG(0,("dup_nt_token: Failure to copy SE_PRIV!. "
63 "Continuing with 0 privileges assigned.\n"));
69 /****************************************************************************
71 ****************************************************************************/
73 NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
74 const struct nt_user_token *token_1,
75 const struct nt_user_token *token_2,
76 struct nt_user_token **token_out)
78 struct nt_user_token *token = NULL;
82 if (!token_1 || !token_2 || !token_out) {
83 return NT_STATUS_INVALID_PARAMETER;
86 token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
87 NT_STATUS_HAVE_NO_MEMORY(token);
89 for (i=0; i < token_1->num_sids; i++) {
90 status = add_sid_to_array_unique(mem_ctx,
91 &token_1->user_sids[i],
94 if (!NT_STATUS_IS_OK(status)) {
100 for (i=0; i < token_2->num_sids; i++) {
101 status = add_sid_to_array_unique(mem_ctx,
102 &token_2->user_sids[i],
105 if (!NT_STATUS_IS_OK(status)) {
111 se_priv_add(&token->privileges, &token_1->privileges);
112 se_priv_add(&token->privileges, &token_2->privileges);
119 /*******************************************************************
120 Check if this ACE has a SID in common with the token.
121 ********************************************************************/
123 bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace)
127 for (i = 0; i < token->num_sids; i++) {
128 if (sid_equal(&ace->trustee, &token->user_sids[i]))