C++ dom_sid_parse_talloc函数代码示例

static bool test_sids2unixids1(TALLOC_CTX *memctx, struct idmap_domain *dom)
{
	NTSTATUS status;
	struct id_map uid_map, gid_map, **test_maps;

	ZERO_STRUCT(uid_map);
	ZERO_STRUCT(gid_map);

	/* create two mappings for a UID and GID */

	uid_map.sid = dom_sid_parse_talloc(memctx, DOM_SID4 "-1000");
	uid_map.xid.type = ID_TYPE_UID;

	gid_map.sid = dom_sid_parse_talloc(memctx, DOM_SID4 "-1001");
	gid_map.xid.type = ID_TYPE_GID;

	status = idmap_tdb_common_new_mapping(dom, &uid_map);
	if(!NT_STATUS_IS_OK(status)) {
		DEBUG(0, ("test_sids2unixids1: could not create uid map!\n"));
		return false;
	}

	status = idmap_tdb_common_new_mapping(dom, &gid_map);
	if(!NT_STATUS_IS_OK(status)) {
		DEBUG(0, ("test_sids2unixids1: could not create gid map!\n"));
		return false;
	}

	/* now read them back  */
	test_maps = talloc_zero_array(memctx, struct id_map*, 3);

	test_maps[0] = talloc(test_maps, struct id_map);
	test_maps[1] = talloc(test_maps, struct id_map);
	test_maps[2] = NULL;

	test_maps[0]->sid = talloc(test_maps, struct dom_sid);
	test_maps[1]->sid = talloc(test_maps, struct dom_sid);
	sid_copy(test_maps[0]->sid, uid_map.sid);
	sid_copy(test_maps[1]->sid, gid_map.sid);

	status = idmap_tdb_common_sids_to_unixids(dom, test_maps);
	if(!NT_STATUS_IS_OK(status)) {
		DEBUG(0, ("test_sids2sunixids1: sids2unixids failed!\n"));
		talloc_free(test_maps);
		return false;
	}

	if(test_maps[0]->xid.id!=uid_map.xid.id ||
	    test_maps[1]->xid.id!=gid_map.xid.id ) {
		DEBUG(0, ("test_sids2unixids1: sid2unixid returned wrong xid!\n"));
		talloc_free(test_maps);
		return false;
	}

	DEBUG(0, ("test_sids2unixids1: PASSED!\n"));

	talloc_free(test_maps);

	return true;
}

static NTSTATUS lookup_well_known_names(TALLOC_CTX *mem_ctx, const char *domain,
                                        const char *name, const char **authority_name,
                                        struct dom_sid **sid, uint32_t *rtype)
{
    int i;
    for (i=0; well_known[i].sid; i++) {
        if (domain) {
            if (strcasecmp_m(domain, well_known[i].domain) == 0
                    && strcasecmp_m(name, well_known[i].name) == 0) {
                *authority_name = well_known[i].domain;
                *sid = dom_sid_parse_talloc(mem_ctx, well_known[i].sid);
                *rtype = well_known[i].rtype;
                return NT_STATUS_OK;
            }
        } else {
            if (strcasecmp_m(name, well_known[i].name) == 0) {
                *authority_name = well_known[i].domain;
                *sid = dom_sid_parse_talloc(mem_ctx, well_known[i].sid);
                *rtype = well_known[i].rtype;
                return NT_STATUS_OK;
            }
        }
    }
    return NT_STATUS_NOT_FOUND;
}

static bool desc_ace_has_generic(TALLOC_CTX *mem_ctx,
			     struct security_ace *ace)
{
	struct dom_sid *co, *cg;
	co = dom_sid_parse_talloc(mem_ctx,  SID_CREATOR_OWNER);
	cg = dom_sid_parse_talloc(mem_ctx,  SID_CREATOR_GROUP);
	if (ace->access_mask & SEC_GENERIC_ALL || ace->access_mask & SEC_GENERIC_READ ||
	    ace->access_mask & SEC_GENERIC_WRITE || ace->access_mask & SEC_GENERIC_EXECUTE) {
		return true;
	}
	if (dom_sid_equal(&ace->trustee, co) || dom_sid_equal(&ace->trustee, cg)) {
		return true;
	}
	return false;
}

/*
  convert a string to a dom_sid, returning a talloc'd dom_sid
*/
struct dom_sid *dom_sid_parse_length(TALLOC_CTX *mem_ctx, const DATA_BLOB *sid)
{
	char p[sid->length+1];
	memcpy(p, sid->data, sid->length);
	p[sid->length] = '\0';
	return dom_sid_parse_talloc(mem_ctx, p);
}

static PyObject *py_samdb_set_domain_sid(PyLdbObject *self, PyObject *args)
{ 
	PyObject *py_ldb, *py_sid;
	struct ldb_context *ldb;
	struct dom_sid *sid;
	bool ret;

	if (!PyArg_ParseTuple(args, "OO", &py_ldb, &py_sid))
		return NULL;
	
	PyErr_LDB_OR_RAISE(py_ldb, ldb);

	sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
	if (sid == NULL) {
		PyErr_NoMemory();
		return NULL;
	}

	ret = samdb_set_domain_sid(ldb, sid);
	talloc_free(sid);
	if (!ret) {
		PyErr_SetString(PyExc_RuntimeError, "set_domain_sid failed");
		return NULL;
	} 
	Py_RETURN_NONE;
}

NTSTATUS wbsrv_samba3_lookupsid(struct wbsrv_samba3_call *s3call)
{
	struct composite_context *ctx;
	struct wbsrv_service *service =
		s3call->wbconn->listen_socket->service;
	struct dom_sid *sid;

	DEBUG(5, ("wbsrv_samba3_lookupsid called\n"));

	sid = dom_sid_parse_talloc(s3call, s3call->request.data.sid);
	if (sid == NULL) {
		DEBUG(5, ("Could not parse sid %s\n",
			  s3call->request.data.sid));
		return NT_STATUS_NO_MEMORY;
	}

	ctx = wb_cmd_lookupsid_send(s3call, service, sid);
	NT_STATUS_HAVE_NO_MEMORY(ctx);

	/* setup the callbacks */
	ctx->async.fn = lookupsid_recv_name;
	ctx->async.private_data	= s3call;
	s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
	return NT_STATUS_OK;
}

static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
				 struct netr_SamInfo3 *info3)
{
	NTSTATUS status;
	struct dom_sid *system_sid;

	/* Set account name */
	init_lsa_String(&info3->base.account_name, "SYSTEM");

	/* Set domain name */
	init_lsa_StringLarge(&info3->base.logon_domain, "NT AUTHORITY");


	/* The SID set here will be overwirtten anyway, but try and make it SID_NT_SYSTEM anyway */
	/* Domain sid is NT_AUTHORITY */
	
	system_sid = dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM);
	if (system_sid == NULL) {
		return NT_STATUS_NO_MEMORY;
	}
	
	status = dom_sid_split_rid(mem_ctx, system_sid, &info3->base.domain_sid, 
				   &info3->base.rid);
	TALLOC_FREE(system_sid);
	if (!NT_STATUS_IS_OK(status)) {
		return status;
	}
	
	/* Primary gid is the same */
	info3->base.primary_gid = info3->base.rid;

	return NT_STATUS_OK;
}

static void desc_expand_generic(TALLOC_CTX *mem_ctx,
				struct security_ace *new_ace,
				struct dom_sid *owner,
				struct dom_sid *group)
{
	struct dom_sid *co, *cg;
	co = dom_sid_parse_talloc(mem_ctx,  SID_CREATOR_OWNER);
	cg = dom_sid_parse_talloc(mem_ctx,  SID_CREATOR_GROUP);
	new_ace->access_mask = map_generic_rights_ds(new_ace->access_mask);
	if (dom_sid_equal(&new_ace->trustee, co)) {
		new_ace->trustee = *owner;
	}
	if (dom_sid_equal(&new_ace->trustee, cg)) {
		new_ace->trustee = *group;
	}
	new_ace->flags = 0x0;
}

/*
  do some samr ops using the schannel connection
 */
static BOOL test_samr_ops(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
{
	NTSTATUS status;
	struct samr_GetDomPwInfo r;
	struct samr_Connect connect;
	struct samr_OpenDomain opendom;
	int i;
	struct lsa_String name;
	struct policy_handle handle;
	struct policy_handle domain_handle;

	name.string = lp_workgroup();
	r.in.domain_name = &name;

	connect.in.system_name = 0;
	connect.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	connect.out.connect_handle = &handle;
	
	printf("Testing Connect and OpenDomain on BUILTIN\n");

	status = dcerpc_samr_Connect(p, mem_ctx, &connect);
	if (!NT_STATUS_IS_OK(status)) {
		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
			printf("Connect failed (expected, schannel mapped to anonymous): %s\n",
			       nt_errstr(status));
		} else {
			printf("Connect failed - %s\n", nt_errstr(status));
			return False;
		}
	} else {
		opendom.in.connect_handle = &handle;
		opendom.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
		opendom.in.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32");
		opendom.out.domain_handle = &domain_handle;
		
		status = dcerpc_samr_OpenDomain(p, mem_ctx, &opendom);
		if (!NT_STATUS_IS_OK(status)) {
			printf("OpenDomain failed - %s\n", nt_errstr(status));
			return False;
		}
	}

	printf("Testing GetDomPwInfo with name %s\n", r.in.domain_name->string);
	
	/* do several ops to test credential chaining */
	for (i=0;i<5;i++) {
		status = dcerpc_samr_GetDomPwInfo(p, mem_ctx, &r);
		if (!NT_STATUS_IS_OK(status)) {
			if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
				printf("GetDomPwInfo op %d failed - %s\n", i, nt_errstr(status));
				return False;
			}
		}
	}

	return True;
}

/*
  convert a string to a dom_sid, returning a talloc'd dom_sid
*/
struct dom_sid *dom_sid_parse_length(TALLOC_CTX *mem_ctx, const DATA_BLOB *sid)
{
	struct dom_sid *ret;
	char *p = talloc_strndup(mem_ctx, (char *)sid->data, sid->length);
	if (!p) {
		return NULL;
	}
	ret = dom_sid_parse_talloc(mem_ctx, p);
	talloc_free(p);
	return ret;
}

bool security_token_is_sid_string(const struct security_token *token, const char *sid_string)
{
	bool ret;
	struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
	if (!sid) return false;

	ret = security_token_is_sid(token, sid);

	talloc_free(sid);
	return ret;
}

/*
  decode a SID
  It can either be a special 2 letter code, or in S-* format
*/
static struct dom_sid *sddl_decode_sid(TALLOC_CTX *mem_ctx, const char **sddlp,
				       const struct dom_sid *domain_sid)
{
	const char *sddl = (*sddlp);
	int i;

	/* see if its in the numeric format */
	if (strncmp(sddl, "S-", 2) == 0) {
		struct dom_sid *sid;
		char *sid_str;
		size_t len = strspn(sddl+2, "-0123456789");
		sid_str = talloc_strndup(mem_ctx, sddl, len+2);
		if (!sid_str) {
			return NULL;
		}
		(*sddlp) += len+2;
		sid = dom_sid_parse_talloc(mem_ctx, sid_str);
		talloc_free(sid_str);
		return sid;
	}

	/* now check for one of the special codes */
	for (i=0;i<ARRAY_SIZE(sid_codes);i++) {
		if (strncmp(sid_codes[i].code, sddl, 2) == 0) break;
	}
	if (i == ARRAY_SIZE(sid_codes)) {
		DEBUG(1,("Unknown sddl sid code '%2.2s'\n", sddl));
		return NULL;
	}

	(*sddlp) += 2;

	if (sid_codes[i].sid == NULL) {
		return dom_sid_add_rid(mem_ctx, domain_sid, sid_codes[i].rid);
	}

	return dom_sid_parse_talloc(mem_ctx, sid_codes[i].sid);
}

/*
  test the SidToGid interface
*/
static bool test_sidtogid(struct torture_context *tctx, struct dcerpc_pipe *p)
{
	NTSTATUS status;
	struct unixinfo_SidToGid r;
	struct dom_sid *sid;
	uint64_t gid;

	sid = dom_sid_parse_talloc(tctx, "S-1-5-32-1234-5432");
	r.in.sid = *sid;
	r.out.gid = &gid;

	status = dcerpc_unixinfo_SidToGid(p, tctx, &r);
	if (NT_STATUS_EQUAL(NT_STATUS_NONE_MAPPED, status)) {
	} else torture_assert_ntstatus_ok(tctx, status, "SidToGid failed");

	return true;
}

static bool nbt_netlogon_packet_check(struct torture_context *tctx,
				      struct nbt_netlogon_packet *r)
{
	torture_assert_int_equal(tctx, r->command, LOGON_SAM_LOGON_REQUEST, "command");
	torture_assert_int_equal(tctx, r->req.logon.request_count, 0, "request_count");
	torture_assert_str_equal(tctx, r->req.logon.computer_name, "LENNY", "computer_name");
	torture_assert_str_equal(tctx, r->req.logon.user_name, "LENNY$", "user_name");
	torture_assert_str_equal(tctx, r->req.logon.mailslot_name, "\\MAILSLOT\\NET\\GETDC52EAA8C0", "mailslot_name");
	torture_assert_int_equal(tctx, r->req.logon.acct_control, 0x00000080, "acct_control");
	torture_assert_int_equal(tctx, r->req.logon.sid_size, 24, "sid_size");
	torture_assert_int_equal(tctx, r->req.logon._pad.length, 2, "_pad.length");
	torture_assert_sid_equal(tctx, &r->req.logon.sid, dom_sid_parse_talloc(tctx, "S-1-5-21-4284042908-2889457889-3672286761"), "sid");
	torture_assert_int_equal(tctx, r->req.logon.nt_version, NETLOGON_NT_VERSION_1, "nt_version");
	torture_assert_int_equal(tctx, r->req.logon.lmnt_token, 0xffff, "lmnt_token");
	torture_assert_int_equal(tctx, r->req.logon.lm20_token, 0xffff, "lm20_token");

	return true;
}

static PyObject *py_admin_session(PyObject *module, PyObject *args)
{
	PyObject *py_lp_ctx;
	PyObject *py_sid;
	struct loadparm_context *lp_ctx = NULL;
	struct auth_session_info *session;
	struct dom_sid *domain_sid = NULL;
	if (!PyArg_ParseTuple(args, "OO", &py_lp_ctx, &py_sid))
		return NULL;

	lp_ctx = lp_from_py_object(py_lp_ctx);
	if (lp_ctx == NULL)
		return NULL;

	domain_sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
	session = admin_session(NULL, lp_ctx, domain_sid);

	return PyAuthSession_FromSession(session);
}