sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-25 17:57:42 +03:00
Code

s3-auth: Split out get_user_sid_info3_and_extra() from create_local_nt_token_from_info3()

Browse Source 
This will allow us to get the SID in another location for logging

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2017-03-01 11:22:43 +13:00
parent eacb5aead7
commit 4a99143a2b
2 changed files with 29 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source3/auth/proto.h
View File

@ -359,6 +359,9 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
bool is_guest,
int num_groupsids,
const struct dom_sid *groupsids);
NTSTATUS get_user_sid_info3_and_extra(const struct netr_SamInfo3 *info3,
const struct extra_auth_info *extra,
struct dom_sid *sid);
NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx,
bool is_guest,
const struct netr_SamInfo3 *info3,

41
source3/auth/token_util.c
View File

@ -211,6 +211,28 @@ static NTSTATUS add_builtin_administrators(struct security_token *token,
static NTSTATUS finalize_local_nt_token(struct security_token *result,
bool is_guest);
NTSTATUS get_user_sid_info3_and_extra(const struct netr_SamInfo3 *info3,
const struct extra_auth_info *extra,
struct dom_sid *sid)
{
/* USER SID */
if (info3->base.rid == (uint32_t)(-1)) {
/* this is a signal the user was fake and generated,
* the actual SID we want to use is stored in the extra
* sids */
if (is_null_sid(&extra->user_sid)) {
/* we couldn't find the user sid, bail out */
DEBUG(3, ("Invalid user SID\n"));
return NT_STATUS_UNSUCCESSFUL;
}
sid_copy(sid, &extra->user_sid);
} else {
sid_copy(sid, info3->base.domain_sid);
sid_append_rid(sid, info3->base.rid);
}
return NT_STATUS_OK;
}
NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx,
bool is_guest,
const struct netr_SamInfo3 *info3,
@ -241,21 +263,10 @@ NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx,
}
usrtok->num_sids = 2;
/* USER SID */
if (info3->base.rid == (uint32_t)(-1)) {
/* this is a signal the user was fake and generated,
* the actual SID we want to use is stored in the extra
* sids */
if (is_null_sid(&extra->user_sid)) {
/* we couldn't find the user sid, bail out */
DEBUG(3, ("Invalid user SID\n"));
TALLOC_FREE(usrtok);
return NT_STATUS_UNSUCCESSFUL;
}
sid_copy(&usrtok->sids[0], &extra->user_sid);
} else {
sid_copy(&usrtok->sids[0], info3->base.domain_sid);
sid_append_rid(&usrtok->sids[0], info3->base.rid);
status = get_user_sid_info3_and_extra(info3, extra, &usrtok->sids[0]);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(usrtok);
return status;
}
/* GROUP SID */