static u8 get_de_and_phase(sats_management_t *sats_man,
u8 num_sdiffs, sdiff_t *sdiffs,
double ref_ecef[3],
double *de, double *phase)
{
gnss_signal_t ref_sid = sats_man->sids[0];
u8 num_sats = sats_man->num_sats;
double e0[3];
double phi0 = 0;
/* TODO: Detect if ref_sid is not in sids and return error? */
u8 i;
for (i=0; i<num_sdiffs; i++) {
if (sid_is_equal(sdiffs[i].sid, ref_sid)) {
e0[0] = sdiffs[i].sat_pos[0] - ref_ecef[0];
e0[1] = sdiffs[i].sat_pos[1] - ref_ecef[1];
e0[2] = sdiffs[i].sat_pos[2] - ref_ecef[2];
vector_normalize(3, e0);
phi0 = sdiffs[i].carrier_phase;
break;
}
}
i=1;
u8 j = 0;
while (i < num_sats) {
if (sid_compare(sdiffs[j].sid, sats_man->sids[i]) < 0) {
j++;
}
else if (sid_compare(sdiffs[j].sid, sats_man->sids[i]) > 0) {
/* This should never happen. */
log_warn("sdiffs should be a super set of sats_man sids");
i++;
}
else { /* else they match */
double e[3];
e[0] = sdiffs[j].sat_pos[0] - ref_ecef[0];
e[1] = sdiffs[j].sat_pos[1] - ref_ecef[1];
e[2] = sdiffs[j].sat_pos[2] - ref_ecef[2];
vector_normalize(3, e);
de[(i-1)*3 ] = e[0] - e0[0];
de[(i-1)*3 + 1] = e[1] - e0[1];
de[(i-1)*3 + 2] = e[2] - e0[2];
phase[i-1] = sdiffs[j].carrier_phase - phi0;
i++;
j++;
}
}
return num_sats;
}
NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 *num, DOM_SID *sid)
{
unsigned int i = 0;
unsigned int n_del = 0;
if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER;
if (*num) {
if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0)
return NT_STATUS_NO_MEMORY;
} else {
pp_new[0] = NULL;
}
for (i = 0; i < *num; i ++) {
if (sid_compare(&old[i].trustee, sid) != 0)
sec_ace_copy(&(*pp_new)[i], &old[i]);
else
n_del ++;
}
if (n_del == 0)
return NT_STATUS_NOT_FOUND;
else {
*num -= n_del;
return NT_STATUS_OK;
}
}
/** Comparison function for `sdiff_t` by PRN.
* See `cmp_fn`. */
int cmp_sdiff(const void *a_, const void *b_)
{
const sdiff_t *a = (const sdiff_t *)a_;
const sdiff_t *b = (const sdiff_t *)b_;
return sid_compare(a->sid, b->sid);
}
bool is_sid_in_token(const NT_USER_TOKEN *token, const DOM_SID *sid)
{
int i;
for (i=0; i<token->num_sids; i++) {
if (sid_compare(sid, &token->user_sids[i]) == 0)
return true;
}
return false;
}
void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids)
{
int i;
for (i=0; i<(*num_sids); i++) {
if (sid_compare(sid, &(*sids)[i]) == 0)
return;
}
add_sid_to_array(sid, sids, num_sids);
}
/** Finds the prns of the intersection between old prns and new measurements.
* It returns the length of the intersection
*/
static u8 dgnss_intersect_sats(u8 num_old_sids, const gnss_signal_t *old_sids,
u8 num_sdiffs, const sdiff_t *sdiffs,
u8 *ndx_of_intersection_in_old,
u8 *ndx_of_intersection_in_new)
{
u8 i, j, n = 0;
/* Loop over old_sids and sdiffs and check if a PRN is present in both. */
for (i=0, j=0; i<num_old_sids && j<num_sdiffs; i++, j++) {
if (sid_compare(old_sids[i], sdiffs[j].sid) < 0)
j--;
else if (sid_compare(old_sids[i], sdiffs[j].sid) > 0)
i--;
else {
ndx_of_intersection_in_old[n] = i;
ndx_of_intersection_in_new[n] = j;
n++;
}
}
return n;
}
NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
DOM_SID **sids, size_t *num_sids)
{
size_t i;
for (i=0; i<(*num_sids); i++) {
if (sid_compare(sid, &(*sids)[i]) == 0)
return NT_STATUS_OK;
}
return add_sid_to_array(mem_ctx, sid, sids, num_sids);
}
static int collect_aliasmem(struct db_record *rec, void *priv)
{
struct aliasmem_state *state = (struct aliasmem_state *)priv;
const char *p;
char *alias_string;
TALLOC_CTX *frame;
if (strncmp((const char *)rec->key.dptr, MEMBEROF_PREFIX,
MEMBEROF_PREFIX_LEN) != 0)
return 0;
p = (const char *)rec->value.dptr;
frame = talloc_stackframe();
while (next_token_talloc(frame, &p, &alias_string, " ")) {
DOM_SID alias, member;
const char *member_string;
if (!string_to_sid(&alias, alias_string))
continue;
if (sid_compare(state->alias, &alias) != 0)
continue;
/* Ok, we found the alias we're looking for in the membership
* list currently scanned. The key represents the alias
* member. Add that. */
member_string = strchr((const char *)rec->key.dptr, '/');
/* Above we tested for MEMBEROF_PREFIX which includes the
* slash. */
SMB_ASSERT(member_string != NULL);
member_string += 1;
if (!string_to_sid(&member, member_string))
continue;
if (!NT_STATUS_IS_OK(add_sid_to_array(NULL, &member,
state->sids,
state->num)))
{
/* talloc fail. */
break;
}
}
TALLOC_FREE(frame);
return 0;
}
static int ace_compare(SEC_ACE *ace1, SEC_ACE *ace2)
{
if (sec_ace_equal(ace1, ace2))
return 0;
if (ace1->type != ace2->type)
return ace2->type - ace1->type;
if (sid_compare(&ace1->trustee, &ace2->trustee))
return sid_compare(&ace1->trustee, &ace2->trustee);
if (ace1->flags != ace2->flags)
return ace1->flags - ace2->flags;
if (ace1->access_mask != ace2->access_mask)
return ace1->access_mask - ace2->access_mask;
if (ace1->size != ace2->size)
return ace1->size - ace2->size;
return memcmp(ace1, ace2, sizeof(SEC_ACE));
}
NTSTATUS sec_ace_mod_sid(SEC_ACE *ace, size_t num, DOM_SID *sid, uint32 mask)
{
unsigned int i = 0;
if (!ace || !sid) return NT_STATUS_INVALID_PARAMETER;
for (i = 0; i < num; i ++) {
if (sid_compare(&ace[i].trustee, sid) == 0) {
ace[i].access_mask = mask;
return NT_STATUS_OK;
}
}
return NT_STATUS_NOT_FOUND;
}
static BOOL mappable_sid(const DOM_SID *sid)
{
DOM_SID domain_sid;
if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
return True;
if (sid_compare(sid, &global_sid_World) == 0)
return True;
if (sid_compare(sid, &global_sid_Authenticated_Users) == 0)
return True;
if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
return True;
string_to_sid(&domain_sid, "S-1-5-21");
if (sid_compare_domain(sid, &domain_sid) == 0)
return True;
return False;
}
static BOOL fetch_gid_from_cache(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE sidtype)
{
struct gid_sid_cache *pc;
for (pc = gid_sid_cache_head; pc; pc = pc->next) {
if (sid_compare(&pc->sid, psid) == 0) {
fstring sid;
*pgid = pc->gid;
DEBUG(3,("fetch uid from cache %u -> %s\n",
(unsigned int)*pgid, sid_to_string(sid, psid)));
DLIST_PROMOTE(gid_sid_cache_head, pc);
return True;
}
}
return False;
}
static bool is_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
DOM_SID *sids;
size_t i, num;
/* This feels the wrong way round, but the on-disk data structure
* dictates it this way. */
if (!NT_STATUS_IS_OK(alias_memberships(member, 1, &sids, &num)))
return False;
for (i=0; i<num; i++) {
if (sid_compare(alias, &sids[i]) == 0) {
TALLOC_FREE(sids);
return True;
}
}
TALLOC_FREE(sids);
return False;
}
/** Comparison function for `ambiguity_t` by PRN.
* See `cmp_fn`. */
int cmp_amb(const void *a_, const void *b_)
{
const ambiguity_t *a = (const ambiguity_t *)a_;
const ambiguity_t *b = (const ambiguity_t *)b_;
return sid_compare(a->sid, b->sid);
}
int cmp_sdiff_sid(const void *a_, const void *b_)
{
const sdiff_t *a = (const sdiff_t *)a_;
const gnss_signal_t *b = (const gnss_signal_t *)b_;
return sid_compare(a->sid, *b);
}
/** Compare navigation message by PRN.
* This function is designed to be used together with qsort() etc.
*/
int nav_meas_cmp(const void *a, const void *b) {
return sid_compare(((navigation_measurement_t *)a)->sid,
((navigation_measurement_t *)b)->sid);
}
static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
NTSTATUS status;
DOM_SID *sids;
size_t i, num;
bool found = False;
char *member_string;
char *key;
fstring sid_string;
if (db->transaction_start(db) != 0) {
DEBUG(0, ("transaction_start failed\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
status = alias_memberships(member, 1, &sids, &num);
if (!NT_STATUS_IS_OK(status)) {
goto cancel;
}
for (i=0; i<num; i++) {
if (sid_compare(&sids[i], alias) == 0) {
found = True;
break;
}
}
if (!found) {
TALLOC_FREE(sids);
status = NT_STATUS_MEMBER_NOT_IN_ALIAS;
goto cancel;
}
if (i < num)
sids[i] = sids[num-1];
num -= 1;
sid_to_fstring(sid_string, member);
key = talloc_asprintf(sids, "%s%s", MEMBEROF_PREFIX, sid_string);
if (key == NULL) {
TALLOC_FREE(sids);
status = NT_STATUS_NO_MEMORY;
goto cancel;
}
if (num == 0) {
status = dbwrap_delete_bystring(db, key);
TALLOC_FREE(sids);
goto cancel;
}
member_string = talloc_strdup(sids, "");
if (member_string == NULL) {
TALLOC_FREE(sids);
status = NT_STATUS_NO_MEMORY;
goto cancel;
}
for (i=0; i<num; i++) {
sid_to_fstring(sid_string, &sids[i]);
member_string = talloc_asprintf_append_buffer(
member_string, " %s", sid_string);
if (member_string == NULL) {
TALLOC_FREE(sids);
status = NT_STATUS_NO_MEMORY;
goto cancel;
}
}
status = dbwrap_store_bystring(
db, key, string_term_tdb_data(member_string), 0);
TALLOC_FREE(sids);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("dbwrap_store_bystring failed: %s\n",
nt_errstr(status)));
goto cancel;
}
if (db->transaction_commit(db) != 0) {
DEBUG(0, ("transaction_commit failed\n"));
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto cancel;
}
return NT_STATUS_OK;
cancel:
if (db->transaction_cancel(db) != 0) {
smb_panic("transaction_cancel failed");
}
return status;
}
bool sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
{
return sid_compare(sid1, sid2) == 0;
}
static BOOL same_principal(struct afs_ace *x, struct afs_ace *y)
{
return ( (x->positive == y->positive) &&
(sid_compare(&x->sid, &y->sid) == 0) );
}
int cmp_amb_sid(const void *a_, const void *b_)
{
const ambiguity_t *a = (const ambiguity_t *)a_;
const gnss_signal_t *b = (const gnss_signal_t *)b_;
return sid_compare(a->sid, *b);
}
static BOOL nt_to_afs_acl(const char *filename,
uint32 security_info_sent,
struct security_descriptor *psd,
uint32 (*nt_to_afs_rights)(const char *filename,
const SEC_ACE *ace),
struct afs_acl *afs_acl)
{
SEC_ACL *dacl;
int i;
/* Currently we *only* look at the dacl */
if (((security_info_sent & DACL_SECURITY_INFORMATION) == 0) ||
(psd->dacl == NULL))
return True;
if (!init_afs_acl(afs_acl))
return False;
dacl = psd->dacl;
for (i = 0; i < dacl->num_aces; i++) {
SEC_ACE *ace = &(dacl->ace[i]);
const char *dom_name, *name;
enum lsa_SidType name_type;
char *p;
if (ace->type != SEC_ACE_TYPE_ACCESS_ALLOWED) {
/* First cut: Only positive ACEs */
return False;
}
if (!mappable_sid(&ace->trustee)) {
DEBUG(10, ("Ignoring unmappable SID %s\n",
sid_string_static(&ace->trustee)));
continue;
}
if (sid_compare(&ace->trustee,
&global_sid_Builtin_Administrators) == 0) {
name = "system:administrators";
} else if (sid_compare(&ace->trustee,
&global_sid_World) == 0) {
name = "system:anyuser";
} else if (sid_compare(&ace->trustee,
&global_sid_Authenticated_Users) == 0) {
name = "system:authuser";
} else if (sid_compare(&ace->trustee,
&global_sid_Builtin_Backup_Operators)
== 0) {
name = "system:backup";
} else {
if (!lookup_sid(tmp_talloc_ctx(), &ace->trustee,
&dom_name, &name, &name_type)) {
DEBUG(1, ("AFSACL: Could not lookup SID %s on file %s\n",
sid_string_static(&ace->trustee), filename));
continue;
}
if ( (name_type == SID_NAME_USER) ||
(name_type == SID_NAME_DOM_GRP) ||
(name_type == SID_NAME_ALIAS) ) {
char *tmp;
tmp = talloc_asprintf(tmp_talloc_ctx(), "%s%s%s",
dom_name, lp_winbind_separator(),
name);
if (tmp == NULL) {
return False;
}
strlower_m(tmp);
name = tmp;
}
if (sidpts) {
/* Expect all users/groups in pts as SIDs */
name = talloc_strdup(
tmp_talloc_ctx(),
sid_string_static(&ace->trustee));
if (name == NULL) {
return False;
}
}
}
while ((p = strchr_m(name, ' ')) != NULL)
*p = space_replacement;
add_afs_ace(afs_acl, True, name,
nt_to_afs_rights(filename, ace));
}
return True;
}
