1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00

s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM

By making this specific to the only use case, merging with the SYSTEM
token for GPOs, we avoid having to merge the claims, as there are none
for SYSTEM.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2023-09-15 12:08:20 +12:00
parent d9e268db0c
commit c8c86b8103
3 changed files with 14 additions and 10 deletions

View File

@ -578,8 +578,8 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
if (!ADS_ERR_OK(status)) { if (!ADS_ERR_OK(status)) {
return status; return status;
} }
ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(), ntstatus = merge_with_system_token(mem_ctx, ad_token,
token); token);
if (!NT_STATUS_IS_OK(ntstatus)) { if (!NT_STATUS_IS_OK(ntstatus)) {
return ADS_ERROR_NT(ntstatus); return ADS_ERROR_NT(ntstatus);
} }

View File

@ -394,10 +394,9 @@ void smb_nscd_flush_group_cache(void);
/* The following definitions come from lib/util_nttoken.c */ /* The following definitions come from lib/util_nttoken.c */
NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx, NTSTATUS merge_with_system_token(TALLOC_CTX *mem_ctx,
const struct security_token *token_1, const struct security_token *token_1,
const struct security_token *token_2, struct security_token **token_out);
struct security_token **token_out);
bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace); bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace);
/* The following definitions come from lib/util_sec.c */ /* The following definitions come from lib/util_sec.c */

View File

@ -32,11 +32,11 @@
merge NT tokens merge NT tokens
****************************************************************************/ ****************************************************************************/
NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx, NTSTATUS merge_with_system_token(TALLOC_CTX *mem_ctx,
const struct security_token *token_1, const struct security_token *token_1,
const struct security_token *token_2, struct security_token **token_out)
struct security_token **token_out)
{ {
const struct security_token *token_2 = get_system_token();
struct security_token *token = NULL; struct security_token *token = NULL;
NTSTATUS status; NTSTATUS status;
uint32_t i; uint32_t i;
@ -76,6 +76,11 @@ NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
token->rights_mask |= token_1->rights_mask; token->rights_mask |= token_1->rights_mask;
token->rights_mask |= token_2->rights_mask; token->rights_mask |= token_2->rights_mask;
/*
* We don't need to merge claims as the system token has no
* claims
*/
*token_out = token; *token_out = token;
return NT_STATUS_OK; return NT_STATUS_OK;