1 /*
2 Unix SMB/CIFS implementation.
3 Translate BUILTIN names to SIDs and vice versa
4 Copyright (C) Volker Lendecke 2005
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "../libcli/security/security.h"
22
23 struct rid_name_map {
24 uint32_t rid;
25 const char *name;
26 };
27
28 static const struct rid_name_map builtin_aliases[] = {
29 { BUILTIN_RID_ADMINISTRATORS, "Administrators" },
30 { BUILTIN_RID_USERS, "Users" },
31 { BUILTIN_RID_GUESTS, "Guests" },
32 { BUILTIN_RID_POWER_USERS, "Power Users" },
33 { BUILTIN_RID_ACCOUNT_OPERATORS, "Account Operators" },
34 { BUILTIN_RID_SERVER_OPERATORS, "Server Operators" },
35 { BUILTIN_RID_PRINT_OPERATORS, "Print Operators" },
36 { BUILTIN_RID_BACKUP_OPERATORS, "Backup Operators" },
37 { BUILTIN_RID_REPLICATOR, "Replicator" },
38 { BUILTIN_RID_RAS_SERVERS, "RAS Servers" },
39 { BUILTIN_RID_PRE_2K_ACCESS,
40 "Pre-Windows 2000 Compatible Access" },
41 { BUILTIN_RID_REMOTE_DESKTOP_USERS,
42 "Remote Desktop Users" },
43 { BUILTIN_RID_NETWORK_CONF_OPERATORS,
44 "Network Configuration Operators" },
45 { BUILTIN_RID_INCOMING_FOREST_TRUST,
46 "Incoming Forest Trust Builders" },
47 { BUILTIN_RID_PERFMON_USERS,
48 "Performance Monitor Users" },
49 { BUILTIN_RID_PERFLOG_USERS,
50 "Performance Log Users" },
51 { BUILTIN_RID_AUTH_ACCESS,
52 "Windows Authorization Access Group" },
53 { BUILTIN_RID_TS_LICENSE_SERVERS,
54 "Terminal Server License Servers" },
55 { BUILTIN_RID_DISTRIBUTED_COM_USERS,
56 "Distributed COM Users" },
57 { BUILTIN_RID_CRYPTO_OPERATORS,
58 "Cryptographic Operators" },
59 { BUILTIN_RID_EVENT_LOG_READERS,
60 "Event Log Readers" },
61 { BUILTIN_RID_CERT_SERV_DCOM_ACCESS,
62 "Certificate Service DCOM Access" },
63 { 0, NULL}};
64
65 /*******************************************************************
66 Look up a rid in the BUILTIN domain
67 ********************************************************************/
lookup_builtin_rid(TALLOC_CTX * mem_ctx,uint32_t rid,const char ** name)68 bool lookup_builtin_rid(TALLOC_CTX *mem_ctx, uint32_t rid, const char **name)
69 {
70 const struct rid_name_map *aliases = builtin_aliases;
71
72 while (aliases->name != NULL) {
73 if (rid == aliases->rid) {
74 *name = talloc_strdup(mem_ctx, aliases->name);
75 return True;
76 }
77 aliases++;
78 }
79
80 return False;
81 }
82
83 /*******************************************************************
84 Look up a name in the BUILTIN domain
85 ********************************************************************/
lookup_builtin_name(const char * name,uint32_t * rid)86 bool lookup_builtin_name(const char *name, uint32_t *rid)
87 {
88 const struct rid_name_map *aliases = builtin_aliases;
89
90 while (aliases->name != NULL) {
91 if (strequal(name, aliases->name)) {
92 *rid = aliases->rid;
93 return True;
94 }
95 aliases++;
96 }
97
98 return False;
99 }
100
101 /*****************************************************************
102 Return the name of the BUILTIN domain
103 *****************************************************************/
104
builtin_domain_name(void)105 const char *builtin_domain_name(void)
106 {
107 return "BUILTIN";
108 }
109
110 /*****************************************************************
111 Check if the SID is the builtin SID (S-1-5-32).
112 *****************************************************************/
113
sid_check_is_builtin(const struct dom_sid * sid)114 bool sid_check_is_builtin(const struct dom_sid *sid)
115 {
116 return dom_sid_equal(sid, &global_sid_Builtin);
117 }
118
119 /*****************************************************************
120 Check if the SID is one of the builtin SIDs (S-1-5-32-a).
121 *****************************************************************/
122
sid_check_is_in_builtin(const struct dom_sid * sid)123 bool sid_check_is_in_builtin(const struct dom_sid *sid)
124 {
125 struct dom_sid dom_sid;
126
127 sid_copy(&dom_sid, sid);
128 sid_split_rid(&dom_sid, NULL);
129
130 return sid_check_is_builtin(&dom_sid);
131 }
132
133 /********************************************************************
134 Check if the SID is one of the well-known builtin SIDs (S-1-5-32-x)
135 *********************************************************************/
136
sid_check_is_wellknown_builtin(const struct dom_sid * sid)137 bool sid_check_is_wellknown_builtin(const struct dom_sid *sid)
138 {
139 struct dom_sid dom_sid;
140 const struct rid_name_map *aliases = builtin_aliases;
141 uint32_t rid;
142
143 sid_copy(&dom_sid, sid);
144 sid_split_rid(&dom_sid, &rid);
145
146 if (!sid_check_is_builtin(&dom_sid)) {
147 return false;
148 }
149
150 while (aliases->name != NULL) {
151 if (aliases->rid == rid) {
152 return True;
153 }
154 aliases++;
155 }
156
157 return False;
158 }
159