LCOV - code coverage report
Current view: top level - libcli/security - security_token.c (source / functions) Hit Total Coverage
Test: coverage report for recycleplus df22b230 Lines: 50 51 98.0 %
Date: 2024-02-14 10:14:15 Functions: 11 11 100.0 % 

          Line data    Source code
       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    security descriptor utility functions
       5             : 
       6             :    Copyright (C) Andrew Tridgell                2004
       7             :    Copyright (C) Andrew Bartlett                2010
       8             :    Copyright (C) Stefan Metzmacher              2005
       9             : 
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             : 
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             : 
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include "libcli/security/security_token.h"
      26             : #include "libcli/security/dom_sid.h"
      27             : #include "libcli/security/privileges.h"
      28             : 
      29             : /*
      30             :   return a blank security token
      31             : */
      32       74364 : struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
      33             : {
      34       74364 :         struct security_token *st = talloc_zero(
      35             :                 mem_ctx, struct security_token);
      36       74364 :         return st;
      37             : }
      38             : 
      39             : /****************************************************************************
      40             :  prints a struct security_token to debug output.
      41             : ****************************************************************************/
      42      233902 : void security_token_debug(int dbg_class, int dbg_lev, const struct security_token *token)
      43             : {
      44             :         uint32_t i;
      45             : 
      46      233902 :         if (!token) {
      47      130287 :                 DEBUGC(dbg_class, dbg_lev, ("Security token: (NULL)\n"));
      48      130287 :                 return;
      49             :         }
      50             : 
      51      103615 :         DEBUGC(dbg_class, dbg_lev, ("Security token SIDs (%lu):\n",
      52             :                                        (unsigned long)token->num_sids));
      53      992470 :         for (i = 0; i < token->num_sids; i++) {
      54             :                 struct dom_sid_buf sidbuf;
      55      888855 :                 DEBUGADDC(dbg_class,
      56             :                           dbg_lev,
      57             :                           ("  SID[%3lu]: %s\n", (unsigned long)i,
      58             :                            dom_sid_str_buf(&token->sids[i], &sidbuf)));
      59             :         }
      60             : 
      61      103615 :         security_token_debug_privileges(dbg_class, dbg_lev, token);
      62             : }
      63             : 
      64             : /* These really should be cheaper... */
      65             : 
      66    70211247 : bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
      67             : {
      68    70211247 :         if (token->sids == NULL) {
      69           0 :                 return false;
      70             :         }
      71    70211247 :         if (dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX], sid)) {
      72    35729731 :                 return true;
      73             :         }
      74    34481516 :         return false;
      75             : }
      76             : 
      77    52125656 : bool security_token_is_system(const struct security_token *token)
      78             : {
      79    52125656 :         return security_token_is_sid(token, &global_sid_System);
      80             : }
      81             : 
      82    18081192 : bool security_token_is_anonymous(const struct security_token *token)
      83             : {
      84    18081192 :         return security_token_is_sid(token, &global_sid_Anonymous);
      85             : }
      86             : 
      87    80948447 : bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
      88             : {
      89             :         uint32_t i;
      90   757240152 :         for (i = 0; i < token->num_sids; i++) {
      91   722867507 :                 if (dom_sid_equal(&token->sids[i], sid)) {
      92    46575802 :                         return true;
      93             :                 }
      94             :         }
      95    34372645 :         return false;
      96             : }
      97             : 
      98        6072 : size_t security_token_count_flag_sids(const struct security_token *token,
      99             :                                       const struct dom_sid *prefix_sid,
     100             :                                       size_t num_flags,
     101             :                                       const struct dom_sid **_flag_sid)
     102             : {
     103        6072 :         const size_t num_auths_expected = prefix_sid->num_auths + num_flags;
     104        6072 :         const struct dom_sid *found = NULL;
     105        6072 :         size_t num = 0;
     106             :         uint32_t i;
     107             : 
     108        6072 :         SMB_ASSERT(num_auths_expected <= ARRAY_SIZE(prefix_sid->sub_auths));
     109             : 
     110       73980 :         for (i = 0; i < token->num_sids; i++) {
     111       67908 :                 const struct dom_sid *sid = &token->sids[i];
     112             :                 int cmp;
     113             : 
     114       67908 :                 if ((size_t)sid->num_auths != num_auths_expected) {
     115       49321 :                         continue;
     116             :                 }
     117             : 
     118       18587 :                 cmp = dom_sid_compare_domain(sid, prefix_sid);
     119       18587 :                 if (cmp != 0) {
     120       17511 :                         continue;
     121             :                 }
     122             : 
     123        1076 :                 num += 1;
     124        1076 :                 found = sid;
     125             :         }
     126             : 
     127        6072 :         if ((num == 1) && (_flag_sid != NULL)) {
     128        1076 :                 *_flag_sid = found;
     129             :         }
     130             : 
     131        6072 :         return num;
     132             : }
     133             : 
     134    16293533 : bool security_token_has_builtin_guests(const struct security_token *token)
     135             : {
     136    16293533 :         return security_token_has_sid(token, &global_sid_Builtin_Guests);
     137             : }
     138             : 
     139    16328939 : bool security_token_has_builtin_administrators(const struct security_token *token)
     140             : {
     141    16328939 :         return security_token_has_sid(token, &global_sid_Builtin_Administrators);
     142             : }
     143             : 
     144    16293537 : bool security_token_has_nt_authenticated_users(const struct security_token *token)
     145             : {
     146    16293537 :         return security_token_has_sid(token, &global_sid_Authenticated_Users);
     147             : }
     148             : 
     149      457969 : bool security_token_has_enterprise_dcs(const struct security_token *token)
     150             : {
     151      457969 :         return security_token_has_sid(token, &global_sid_Enterprise_DCs);
     152             : }

Generated by: LCOV version 1.14