From 2f1bc7ddad97b9137ae4cce696bf4e08f9b7ca20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 29 Feb 2008 18:23:53 +0100 Subject: [PATCH] Add gp_get_machine_token(). Guenther --- source/lib/util_nttoken.c | 50 +++++++++++++++++++++++++++++++++++++++ source/libgpo/gpo_util.c | 25 ++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/source/lib/util_nttoken.c b/source/lib/util_nttoken.c index 13c66a5f450..f81191af58a 100644 --- a/source/lib/util_nttoken.c +++ b/source/lib/util_nttoken.c @@ -7,6 +7,7 @@ * Copyright (C) Rafal Szczesniak 2002 * Copyright (C) Volker Lendecke 2006 * Copyright (C) Michael Adam 2007 + * Copyright (C) Guenther Deschner 2007 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -67,3 +68,52 @@ NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken) return token; } +/**************************************************************************** + merge NT tokens +****************************************************************************/ + +NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx, + const struct nt_user_token *token_1, + const struct nt_user_token *token_2, + struct nt_user_token **token_out) +{ + struct nt_user_token *token = NULL; + NTSTATUS status; + int i; + + if (!token_1 || !token_2 || !token_out) { + return NT_STATUS_INVALID_PARAMETER; + } + + token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token); + NT_STATUS_HAVE_NO_MEMORY(token); + + for (i=0; i < token_1->num_sids; i++) { + status = add_sid_to_array_unique(mem_ctx, + &token_1->user_sids[i], + &token->user_sids, + &token->num_sids); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(token); + return status; + } + } + + for (i=0; i < token_2->num_sids; i++) { + status = add_sid_to_array_unique(mem_ctx, + &token_2->user_sids[i], + &token->user_sids, + &token->num_sids); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(token); + return status; + } + } + + se_priv_add(&token->privileges, &token_1->privileges); + se_priv_add(&token->privileges, &token_2->privileges); + + *token_out = token; + + return NT_STATUS_OK; +} diff --git a/source/libgpo/gpo_util.c b/source/libgpo/gpo_util.c index 79f2690245e..b9053d0ae5b 100644 --- a/source/libgpo/gpo_util.c +++ b/source/libgpo/gpo_util.c @@ -750,3 +750,28 @@ NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_SUCH_FILE; } +/**************************************************************** +****************************************************************/ + +ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *dn, + struct nt_user_token **token) +{ + struct nt_user_token *ad_token = NULL; + ADS_STATUS status; + NTSTATUS ntstatus; + + status = ads_get_sid_token(ads, mem_ctx, dn, &ad_token); + if (!ADS_ERR_OK(status)) { + return status; + } + + ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(), + token); + if (!NT_STATUS_IS_OK(ntstatus)) { + return ADS_ERROR_NT(ntstatus); + } + + return ADS_SUCCESS; +}