/src/samba/source3/lib/util_wellknown.c

Source
/*
   Unix SMB/CIFS implementation.
   Lookup routines for well-known SIDs
   Copyright (C) Andrew Tridgell 1992-1998
   Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
   Copyright (C) Jeremy Allison  1999
   Copyright (C) Volker Lendecke 2005

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "includes.h"
#include "../libcli/security/security.h"

struct rid_name_map {
  uint32_t rid;
  const char *name;
};

struct sid_name_map_info
{
  const struct dom_sid *sid;
  const char *name;
  const struct rid_name_map *known_users;
};

static const struct rid_name_map everyone_users[] = {
  { 0, "Everyone" },
  { 0, NULL}};

static const struct rid_name_map local_authority_users[] = {
  { 0, "Local" },
  { 1, "Console Logon" },
  { 0, NULL}};

static const struct rid_name_map creator_owner_users[] = {
  { 0, "Creator Owner" },
  { 1, "Creator Group" },
  { 2, "Creator Owner Server" },
  { 3, "Creator Group Server" },
  { 4, "Owner Rights" },
  { 0, NULL}};

static const struct rid_name_map nt_authority_users[] = {
  {  1, "Dialup" },
  {  2, "Network"},
  {  3, "Batch"},
  {  4, "Interactive"},
  {  6, "Service"},
  {  7, "Anonymous Logon"},
  {  8, "Proxy"},
  {  9, "Enterprise Domain Controllers"},
  { 10, "Self"},
  { 11, "Authenticated Users"},
  { 12, "Restricted"},
  { 13, "Terminal Server User"},
  { 14, "Remote Interactive Logon"},
  { 15, "This Organization"},
  { 17, "IUSR"},
  { 18, "SYSTEM"},
  { 19, "Local Service"},
  { 20, "Network Service"},
  {  0,  NULL}};

static struct sid_name_map_info special_domains[] = {
  { &global_sid_World_Domain, "", everyone_users },
  { &global_sid_Local_Authority, "", local_authority_users },
  { &global_sid_Creator_Owner_Domain, "", creator_owner_users },
  { &global_sid_NT_Authority, "NT Authority", nt_authority_users },
  { NULL, NULL, NULL }};

bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name)
{
  int i;

  for (i=0; special_domains[i].sid != NULL; i++) {
    if (dom_sid_equal(sid, special_domains[i].sid)) {
      if (name != NULL) {
        *name = special_domains[i].name;
      }
      return True;
    }
  }
  return False;
}

bool sid_check_is_in_wellknown_domain(const struct dom_sid *sid)
{
  struct dom_sid dom_sid;

  sid_copy(&dom_sid, sid);
  sid_split_rid(&dom_sid, NULL);

  return sid_check_is_wellknown_domain(&dom_sid, NULL);
}

/**************************************************************************
 Looks up a known username from one of the known domains.
***************************************************************************/

bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
        const char **domain, const char **name)
{
  int i;
  struct dom_sid dom_sid;
  uint32_t rid;
  const struct rid_name_map *users = NULL;
  struct dom_sid_buf buf;

  sid_copy(&dom_sid, sid);
  if (!sid_split_rid(&dom_sid, &rid)) {
    DEBUG(2, ("Could not split rid from SID\n"));
    return False;
  }

  for (i=0; special_domains[i].sid != NULL; i++) {
    if (dom_sid_equal(&dom_sid, special_domains[i].sid)) {
      *domain = talloc_strdup(mem_ctx,
            special_domains[i].name);
      users = special_domains[i].known_users;
      break;
    }
  }

  if (users == NULL) {
    DEBUG(10, ("SID %s is no special sid\n",
         dom_sid_str_buf(sid, &buf)));
    return False;
  }

  for (i=0; users[i].name != NULL; i++) {
    if (rid == users[i].rid) {
      *name = talloc_strdup(mem_ctx, users[i].name);
      return True;
    }
  }

  DEBUG(10, ("RID of special SID %s not found\n",
       dom_sid_str_buf(sid, &buf)));

  return False;
}

/**************************************************************************
 Try and map a name to one of the well known SIDs.
***************************************************************************/

bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
         struct dom_sid *sid, const char **pdomain)
{
  int i, j;
  const char *domain = *pdomain;

  DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain, name));

  for (i=0; special_domains[i].sid != NULL; i++) {
    const struct rid_name_map *users =
      special_domains[i].known_users;

    if (domain[0] != '\0') {
      if (!strequal(domain, special_domains[i].name)) {
        continue;
      }
    }

    if (users == NULL)
      continue;

    for (j=0; users[j].name != NULL; j++) {
      if ( strequal(users[j].name, name) ) {
        sid_compose(sid, special_domains[i].sid,
              users[j].rid);
        *pdomain = talloc_strdup(
          mem_ctx, special_domains[i].name);
        return True;
      }
    }
  }

  return False;
}

Line	Count	Source
1		/*
2		Unix SMB/CIFS implementation.
3		Lookup routines for well-known SIDs
4		Copyright (C) Andrew Tridgell 1992-1998
5		Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
6		Copyright (C) Jeremy Allison 1999
7		Copyright (C) Volker Lendecke 2005
8
9		This program is free software; you can redistribute it and/or modify
10		it under the terms of the GNU General Public License as published by
11		the Free Software Foundation; either version 3 of the License, or
12		(at your option) any later version.
13
14		This program is distributed in the hope that it will be useful,
15		but WITHOUT ANY WARRANTY; without even the implied warranty of
16		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		GNU General Public License for more details.
18
19		You should have received a copy of the GNU General Public License
20		along with this program. If not, see <http://www.gnu.org/licenses/>.
21		*/
22
23		#include "includes.h"
24		#include "../libcli/security/security.h"
25
26		struct rid_name_map {
27		uint32_t rid;
28		const char *name;
29		};
30
31		struct sid_name_map_info
32		{
33		const struct dom_sid *sid;
34		const char *name;
35		const struct rid_name_map *known_users;
36		};
37
38		static const struct rid_name_map everyone_users[] = {
39		{ 0, "Everyone" },
40		{ 0, NULL}};
41
42		static const struct rid_name_map local_authority_users[] = {
43		{ 0, "Local" },
44		{ 1, "Console Logon" },
45		{ 0, NULL}};
46
47		static const struct rid_name_map creator_owner_users[] = {
48		{ 0, "Creator Owner" },
49		{ 1, "Creator Group" },
50		{ 2, "Creator Owner Server" },
51		{ 3, "Creator Group Server" },
52		{ 4, "Owner Rights" },
53		{ 0, NULL}};
54
55		static const struct rid_name_map nt_authority_users[] = {
56		{ 1, "Dialup" },
57		{ 2, "Network"},
58		{ 3, "Batch"},
59		{ 4, "Interactive"},
60		{ 6, "Service"},
61		{ 7, "Anonymous Logon"},
62		{ 8, "Proxy"},
63		{ 9, "Enterprise Domain Controllers"},
64		{ 10, "Self"},
65		{ 11, "Authenticated Users"},
66		{ 12, "Restricted"},
67		{ 13, "Terminal Server User"},
68		{ 14, "Remote Interactive Logon"},
69		{ 15, "This Organization"},
70		{ 17, "IUSR"},
71		{ 18, "SYSTEM"},
72		{ 19, "Local Service"},
73		{ 20, "Network Service"},
74		{ 0, NULL}};
75
76		static struct sid_name_map_info special_domains[] = {
77		{ &global_sid_World_Domain, "", everyone_users },
78		{ &global_sid_Local_Authority, "", local_authority_users },
79		{ &global_sid_Creator_Owner_Domain, "", creator_owner_users },
80		{ &global_sid_NT_Authority, "NT Authority", nt_authority_users },
81		{ NULL, NULL, NULL }};
82
83		bool sid_check_is_wellknown_domain(const struct dom_sid sid, const char *name)
84	0	{
85	0	int i;
86
87	0	for (i=0; special_domains[i].sid != NULL; i++) {
88	0	if (dom_sid_equal(sid, special_domains[i].sid)) {
89	0	if (name != NULL) {
90	0	*name = special_domains[i].name;
91	0	}
92	0	return True;
93	0	}
94	0	}
95	0	return False;
96	0	}
97
98		bool sid_check_is_in_wellknown_domain(const struct dom_sid *sid)
99	0	{
100	0	struct dom_sid dom_sid;
101
102	0	sid_copy(&dom_sid, sid);
103	0	sid_split_rid(&dom_sid, NULL);
104
105	0	return sid_check_is_wellknown_domain(&dom_sid, NULL);
106	0	}
107
108		/**************************************************************************
109		Looks up a known username from one of the known domains.
110		***************************************************************************/
111
112		bool lookup_wellknown_sid(TALLOC_CTX mem_ctx, const struct dom_sid sid,
113		const char domain, const char name)
114	0	{
115	0	int i;
116	0	struct dom_sid dom_sid;
117	0	uint32_t rid;
118	0	const struct rid_name_map *users = NULL;
119	0	struct dom_sid_buf buf;
120
121	0	sid_copy(&dom_sid, sid);
122	0	if (!sid_split_rid(&dom_sid, &rid)) {
123	0	DEBUG(2, ("Could not split rid from SID\n"));
124	0	return False;
125	0	}
126
127	0	for (i=0; special_domains[i].sid != NULL; i++) {
128	0	if (dom_sid_equal(&dom_sid, special_domains[i].sid)) {
129	0	*domain = talloc_strdup(mem_ctx,
130	0	special_domains[i].name);
131	0	users = special_domains[i].known_users;
132	0	break;
133	0	}
134	0	}
135
136	0	if (users == NULL) {
137	0	DEBUG(10, ("SID %s is no special sid\n",
138	0	dom_sid_str_buf(sid, &buf)));
139	0	return False;
140	0	}
141
142	0	for (i=0; users[i].name != NULL; i++) {
143	0	if (rid == users[i].rid) {
144	0	*name = talloc_strdup(mem_ctx, users[i].name);
145	0	return True;
146	0	}
147	0	}
148
149	0	DEBUG(10, ("RID of special SID %s not found\n",
150	0	dom_sid_str_buf(sid, &buf)));
151
152	0	return False;
153	0	}
154
155		/**************************************************************************
156		Try and map a name to one of the well known SIDs.
157		***************************************************************************/
158
159		bool lookup_wellknown_name(TALLOC_CTX mem_ctx, const char name,
160		struct dom_sid sid, const char *pdomain)
161	0	{
162	0	int i, j;
163	0	const char domain = pdomain;
164
165	0	DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain, name));
166
167	0	for (i=0; special_domains[i].sid != NULL; i++) {
168	0	const struct rid_name_map *users =
169	0	special_domains[i].known_users;
170
171	0	if (domain[0] != '\0') {
172	0	if (!strequal(domain, special_domains[i].name)) {
173	0	continue;
174	0	}
175	0	}
176
177	0	if (users == NULL)
178	0	continue;
179
180	0	for (j=0; users[j].name != NULL; j++) {
181	0	if ( strequal(users[j].name, name) ) {
182	0	sid_compose(sid, special_domains[i].sid,
183	0	users[j].rid);
184	0	*pdomain = talloc_strdup(
185	0	mem_ctx, special_domains[i].name);
186	0	return True;
187	0	}
188	0	}
189	0	}
190
191	0	return False;
192	0	}

Coverage Report

Created: 2026-01-16 06:47