LCOV - code coverage report
Current view: top level - util - well_known_sids.c (source / functions) Hit Total Coverage
Test: .coverage.total Lines: 81 84 96.4 %
Date: 2015-10-19 Functions: 10 10 100.0 %

          Line data    Source code
       1             : /*
       2             :     Authors:
       3             :         Sumit Bose <sbose@redhat.com>
       4             : 
       5             :     Copyright (C) 2013 Red Hat
       6             : 
       7             :     Translate well-known SIDs to domains and names
       8             : 
       9             :     This program is free software; you can redistribute it and/or modify
      10             :     it under the terms of the GNU General Public License as published by
      11             :     the Free Software Foundation; either version 3 of the License, or
      12             :     (at your option) any later version.
      13             : 
      14             :     This program is distributed in the hope that it will be useful,
      15             :     but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :     GNU General Public License for more details.
      18             : 
      19             :     You should have received a copy of the GNU General Public License
      20             :     along with this program.  If not, see <http://www.gnu.org/licenses/>.
      21             : */
      22             : 
      23             : #include "util/util.h"
      24             : #include "util/strtonum.h"
      25             : 
      26             : /* Well-Known SIDs are documented in section 2.4.2.4 "Well-Known SID
      27             :  * Structures" of the "[MS-DTYP]: Windows Data Types" document. */
      28             : 
      29             : #define DOM_SID_PREFIX "S-1-5-21-"
      30             : #define DOM_SID_PREFIX_LEN (sizeof(DOM_SID_PREFIX) - 1)
      31             : 
      32             : #define BUILTIN_SID_PREFIX "S-1-5-32-"
      33             : #define BUILTIN_SID_PREFIX_LEN (sizeof(BUILTIN_SID_PREFIX) - 1)
      34             : #define BUILTIN_DOM_NAME "BUILTIN"
      35             : 
      36             : #define NT_SID_PREFIX "S-1-5-"
      37             : #define NT_SID_PREFIX_LEN (sizeof(NT_SID_PREFIX) - 1)
      38             : #define NT_DOM_NAME "NT AUTHORITY"
      39             : 
      40             : #define SPECIAL_SID_PREFIX "S-1-"
      41             : #define SPECIAL_SID_PREFIX_LEN (sizeof(SPECIAL_SID_PREFIX) - 1)
      42             : #define NULL_DOM_NAME "NULL AUTHORITY"
      43             : #define WORLD_DOM_NAME "WORLD AUTHORITY"
      44             : #define LOCAL_DOM_NAME "LOCAL AUTHORITY"
      45             : #define CREATOR_DOM_NAME "CREATOR AUTHORITY"
      46             : 
      47             : #define NT_MAP_ENTRY(rid, name) {rid, NT_SID_PREFIX #rid, name}
      48             : #define BUILTIN_MAP_ENTRY(rid, name) {rid, BUILTIN_SID_PREFIX #rid, name}
      49             : #define SPECIAL_MAP_ENTRY(id_auth, rid, dom, name) \
      50             :    {(48 + id_auth), (48 + rid), SPECIAL_SID_PREFIX #id_auth "-" #rid, dom, name}
      51             : 
      52             : struct rid_sid_name {
      53             :     uint32_t rid;
      54             :     const char *sid;
      55             :     const char *name;
      56             : };
      57             : 
      58             : struct special_map {
      59             :     const char id_auth;
      60             :     char rid;
      61             :     const char *sid;
      62             :     const char *dom;
      63             :     const char *name;
      64             : };
      65             : 
      66             : struct rid_sid_name builtin_map[] = {
      67             :     BUILTIN_MAP_ENTRY(544, "Administrators"),
      68             :     BUILTIN_MAP_ENTRY(545, "Users"),
      69             :     BUILTIN_MAP_ENTRY(546, "Guests"),
      70             :     BUILTIN_MAP_ENTRY(547, "Power Users"),
      71             :     BUILTIN_MAP_ENTRY(548, "Account Operators"),
      72             :     BUILTIN_MAP_ENTRY(549, "Server Operators"),
      73             :     BUILTIN_MAP_ENTRY(550, "Print Operators"),
      74             :     BUILTIN_MAP_ENTRY(551, "Backup Operators"),
      75             :     BUILTIN_MAP_ENTRY(552, "Replicator"),
      76             :     BUILTIN_MAP_ENTRY(554, "Pre-Windows 2000 Compatible Access"),
      77             :     BUILTIN_MAP_ENTRY(555, "Remote Desktop Users"),
      78             :     BUILTIN_MAP_ENTRY(556, "Network Configuration Operators"),
      79             :     BUILTIN_MAP_ENTRY(557, "Incoming Forest Trust Builders"),
      80             :     BUILTIN_MAP_ENTRY(558, "Performance Monitor Users"),
      81             :     BUILTIN_MAP_ENTRY(559, "Performance Log Users"),
      82             :     BUILTIN_MAP_ENTRY(560, "Windows Authorization Access Group"),
      83             :     BUILTIN_MAP_ENTRY(561, "Terminal Server License Servers"),
      84             :     BUILTIN_MAP_ENTRY(562, "Distributed COM Users"),
      85             :     BUILTIN_MAP_ENTRY(568, "IIS_IUSRS"),
      86             :     BUILTIN_MAP_ENTRY(569, "Cryptographic Operators"),
      87             :     BUILTIN_MAP_ENTRY(573, "Event Log Readers"),
      88             :     BUILTIN_MAP_ENTRY(574, "Certificate Service DCOM Access"),
      89             :     BUILTIN_MAP_ENTRY(575, "RDS Remote Access Servers"),
      90             :     BUILTIN_MAP_ENTRY(576, "RDS Endpoint Servers"),
      91             :     BUILTIN_MAP_ENTRY(577, "RDS Management Servers"),
      92             :     BUILTIN_MAP_ENTRY(578, "Hyper-V Admins"),
      93             :     BUILTIN_MAP_ENTRY(579, "Access Control Assistance OPS"),
      94             :     BUILTIN_MAP_ENTRY(580, "Remote Management Users"),
      95             : 
      96             :     {UINT32_MAX, NULL, NULL}
      97             : };
      98             : 
      99             : struct rid_sid_name nt_map[] = {
     100             :     NT_MAP_ENTRY(1, "DIALUP"),
     101             :     NT_MAP_ENTRY(2, "NETWORK"),
     102             :     NT_MAP_ENTRY(3, "BATCH"),
     103             :     NT_MAP_ENTRY(4, "INTERACTIVE"),
     104             :     NT_MAP_ENTRY(6, "SERVICE"),
     105             :     NT_MAP_ENTRY(7, "ANONYMOUS LOGON"),
     106             :     NT_MAP_ENTRY(8, "PROXY"),
     107             :     NT_MAP_ENTRY(9, "ENTERPRISE DOMAIN CONTROLLERS"),
     108             :     NT_MAP_ENTRY(10, "SELF"),
     109             :     NT_MAP_ENTRY(11, "Authenticated Users"),
     110             :     NT_MAP_ENTRY(12, "RESTRICTED"),
     111             :     NT_MAP_ENTRY(13, "TERMINAL SERVER USER"),
     112             :     NT_MAP_ENTRY(14, "REMOTE INTERACTIVE LOGON"),
     113             :     NT_MAP_ENTRY(15, "This Organization"),
     114             :     NT_MAP_ENTRY(17, "IUSR"),
     115             :     NT_MAP_ENTRY(18, "SYSTEM"),
     116             :     NT_MAP_ENTRY(19, "LOCAL SERVICE"),
     117             :     NT_MAP_ENTRY(20, "NETWORK SERVICE"),
     118             : 
     119             :     {UINT32_MAX, NULL, NULL}
     120             : };
     121             : 
     122             : /* The code to handle the SIDs of the Null, World, Local and Creator
     123             :  * Authorities (id_auth=0,1,2,3 respectively) is optimized to handle only
     124             :  * single digit id_auth and rid. */
     125             : 
     126             : struct special_map sp_map[] = {
     127             :     SPECIAL_MAP_ENTRY(0, 0, NULL_DOM_NAME, "NULL SID"),
     128             :     SPECIAL_MAP_ENTRY(1, 0, WORLD_DOM_NAME, "Everyone"),
     129             :     SPECIAL_MAP_ENTRY(2, 0, LOCAL_DOM_NAME, "LOCAL"),
     130             :     SPECIAL_MAP_ENTRY(2, 1, LOCAL_DOM_NAME, "CONSOLE LOGON"),
     131             :     SPECIAL_MAP_ENTRY(3, 0, CREATOR_DOM_NAME, "CREATOR OWNER"),
     132             :     SPECIAL_MAP_ENTRY(3, 1, CREATOR_DOM_NAME, "CREATOR GROUP"),
     133             :     SPECIAL_MAP_ENTRY(3, 2, CREATOR_DOM_NAME, "CREATOR OWNER SERVER"),
     134             :     SPECIAL_MAP_ENTRY(3, 3, CREATOR_DOM_NAME, "CREATOR GROUP SERVER"),
     135             :     SPECIAL_MAP_ENTRY(3, 4, CREATOR_DOM_NAME, "OWNER RIGHTS"),
     136             :     SPECIAL_MAP_ENTRY(18,1, "ASSERTED IDENTITY", "AUTHENTICATION ASSERTION"),
     137             :     SPECIAL_MAP_ENTRY(18,2, "ASSERTED IDENTITY", "SERVICE ASSERTION"),
     138             : 
     139             :     {'\0', '\0', NULL, NULL, NULL}
     140             : };
     141             : 
     142           7 : static errno_t handle_special_sids(const char *sid, const char **dom,
     143             :                                    const char **name)
     144             : {
     145             :     size_t c;
     146             : 
     147           7 :     if (!isdigit(sid[SPECIAL_SID_PREFIX_LEN])
     148           6 :             || sid[SPECIAL_SID_PREFIX_LEN + 1] != '-'
     149           4 :             || !isdigit(sid[SPECIAL_SID_PREFIX_LEN + 2])
     150           3 :             || sid[SPECIAL_SID_PREFIX_LEN + 3] != '\0' ) {
     151           5 :         return EINVAL;
     152             :     }
     153             : 
     154           4 :     for (c = 0; sp_map[c].name != NULL; c++) {
     155           4 :         if (sid[SPECIAL_SID_PREFIX_LEN] == sp_map[c].id_auth
     156           2 :                 && sid[SPECIAL_SID_PREFIX_LEN + 2] == sp_map[c].rid) {
     157           2 :             *name = sp_map[c].name;
     158           2 :             *dom = sp_map[c].dom;
     159           2 :             return EOK;
     160             :         }
     161             :     }
     162             : 
     163           0 :     return EINVAL;
     164             : }
     165             : 
     166           3 : static errno_t handle_special_names(const char *dom, const char *name,
     167             :                                     const char **sid)
     168             : {
     169             :     size_t c;
     170             : 
     171          13 :     for (c = 0; sp_map[c].name != NULL; c++) {
     172          13 :         if (strcmp(name, sp_map[c].name) == 0
     173           3 :                 && strcmp(dom, sp_map[c].dom) == 0) {
     174           3 :             *sid = sp_map[c].sid;
     175           3 :             return EOK;
     176             :         }
     177             :     }
     178             : 
     179           0 :     return EINVAL;
     180             : }
     181             : 
     182          11 : static errno_t handle_rid_to_name_map(const char *sid, size_t prefix_len,
     183             :                                       struct rid_sid_name *map,
     184             :                                       const char* dom_name, const char **dom,
     185             :                                       const char **name)
     186             : {
     187             :     uint32_t rid;
     188             :     char *endptr;
     189             :     size_t c;
     190             : 
     191          11 :     errno = 0;
     192          11 :     rid = (uint32_t) strtouint32(sid + prefix_len, &endptr, 10);
     193          11 :     if (errno != 0 || *endptr != '\0') {
     194           2 :         return EINVAL;
     195             :     }
     196             : 
     197         142 :     for (c = 0; map[c].name != NULL; c++) {
     198         137 :         if (rid == map[c].rid) {
     199           4 :             *name = map[c].name;
     200           4 :             *dom = dom_name;
     201           4 :             return EOK;
     202             :         }
     203             :     }
     204             : 
     205           5 :     return EINVAL;
     206             : }
     207             : 
     208           8 : static errno_t handle_name_to_sid_map(const char *name,
     209             :                                       struct rid_sid_name *map,
     210             :                                       const char **sid)
     211             : {
     212             :     size_t c;
     213             : 
     214         167 :     for (c = 0; map[c].name != NULL; c++) {
     215         163 :         if (strcmp(name, map[c].name) == 0) {
     216           4 :             *sid = map[c].sid;
     217           4 :             return EOK;
     218             :         }
     219             :     }
     220             : 
     221           4 :     return EINVAL;
     222             : }
     223             : 
     224           5 : static errno_t handle_nt_sids(const char *sid, const char **dom,
     225             :                               const char **name)
     226             : {
     227           5 :     return handle_rid_to_name_map(sid, NT_SID_PREFIX_LEN, nt_map, NT_DOM_NAME,
     228             :                                   dom, name);
     229             : }
     230             : 
     231           2 : static errno_t handle_nt_names(const char *name, const char **sid)
     232             : {
     233           2 :     return handle_name_to_sid_map(name, nt_map, sid);
     234             : }
     235             : 
     236           6 : static errno_t handle_builtin_sids(const char *sid, const char **dom,
     237             :                                    const char **name)
     238             : {
     239           6 :     return handle_rid_to_name_map(sid, BUILTIN_SID_PREFIX_LEN, builtin_map,
     240             :                                   BUILTIN_DOM_NAME, dom, name);
     241             : }
     242             : 
     243           6 : static errno_t handle_builtin_names(const char *name, const char **sid)
     244             : {
     245           6 :     return handle_name_to_sid_map(name, builtin_map, sid);
     246             : }
     247             : 
     248          27 : errno_t well_known_sid_to_name(const char *sid, const char **dom,
     249             :                                const char **name)
     250             : {
     251             :     int ret;
     252             : 
     253          27 :     if (sid == NULL || dom == NULL || name == NULL) {
     254           1 :         return EINVAL;
     255             :     }
     256             : 
     257          26 :     if (strncmp(sid, DOM_SID_PREFIX, DOM_SID_PREFIX_LEN) == 0) {
     258           6 :         ret = ENOENT;
     259          20 :     } else if (strncmp(sid, BUILTIN_SID_PREFIX, BUILTIN_SID_PREFIX_LEN) == 0) {
     260           6 :         ret = handle_builtin_sids(sid, dom, name);
     261           6 :         if (ret != EOK) {
     262           3 :             DEBUG(SSSDBG_OP_FAILURE, "handle_builtin_sids failed.\n");
     263             :         }
     264          14 :     } else if (strncmp(sid, NT_SID_PREFIX, NT_SID_PREFIX_LEN) == 0) {
     265           5 :         ret = handle_nt_sids(sid, dom, name);
     266           5 :         if (ret != EOK) {
     267           4 :             DEBUG(SSSDBG_OP_FAILURE, "handle_nt_sids failed.\n");
     268             :         }
     269           9 :     } else if (strncmp(sid, SPECIAL_SID_PREFIX, SPECIAL_SID_PREFIX_LEN) == 0) {
     270           7 :         ret = handle_special_sids(sid, dom, name);
     271           7 :         if (ret != EOK) {
     272           5 :             DEBUG(SSSDBG_OP_FAILURE, "handle_special_sids failed.\n");
     273             :         }
     274             :     } else {
     275           2 :         ret = EINVAL;
     276             :     }
     277             : 
     278          26 :     return ret;
     279             : }
     280             : 
     281          15 : errno_t name_to_well_known_sid(const char *dom, const char *name,
     282             :                                const char **sid)
     283             : {
     284             :     int ret;
     285             : 
     286          15 :     if (sid == NULL || dom == NULL || name == NULL) {
     287           2 :         return EINVAL;
     288             :     }
     289             : 
     290          13 :     if (strcmp(dom, NT_DOM_NAME) == 0) {
     291           2 :         ret = handle_nt_names(name, sid);
     292           2 :         if (ret != EOK) {
     293           1 :             DEBUG(SSSDBG_OP_FAILURE, "handle_nt_name failed.\n");
     294             :         }
     295          11 :     } else if (strcmp(dom, BUILTIN_DOM_NAME) == 0) {
     296           6 :         ret = handle_builtin_names(name, sid);
     297           6 :         if (ret != EOK) {
     298           3 :             DEBUG(SSSDBG_OP_FAILURE, "handle_builtin_name failed.\n");
     299             :         }
     300           5 :     } else if (strcmp(dom, NULL_DOM_NAME) == 0
     301           5 :                 || strcmp(dom, WORLD_DOM_NAME) == 0
     302           5 :                 || strcmp(dom, LOCAL_DOM_NAME) == 0
     303           4 :                 || strcmp(dom, CREATOR_DOM_NAME) == 0) {
     304           3 :         ret = handle_special_names(dom, name, sid);
     305           6 :         if (ret != EOK) {
     306           0 :             DEBUG(SSSDBG_OP_FAILURE, "handle_special_name failed.\n");
     307             :         }
     308             :     } else {
     309           2 :         ret = ENOENT;
     310             :     }
     311             : 
     312          13 :     return ret;
     313             : }

Generated by: LCOV version 1.10