sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-03 01:18:10 +03:00
Code

s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM

Browse Source 
By making this specific to the only use case, merging with the SYSTEM
token for GPOs, we avoid having to merge the claims, as there are none
for SYSTEM.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2023-09-15 12:08:20 +12:00
parent d9e268db0c
commit c8c86b8103
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libgpo/gpo_util.c
View File

@ -578,8 +578,8 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
if (!ADS_ERR_OK(status)) {
return status;
}
ntstatus = merge_nt_token(mem_ctx, ad_token, get_system_token(),
token);
ntstatus = merge_with_system_token(mem_ctx, ad_token,
token);
if (!NT_STATUS_IS_OK(ntstatus)) {
return ADS_ERROR_NT(ntstatus);
}

7
source3/include/proto.h
View File

@ -394,10 +394,9 @@ void smb_nscd_flush_group_cache(void);
/* The following definitions come from lib/util_nttoken.c */
NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
const struct security_token *token_1,
const struct security_token *token_2,
struct security_token **token_out);
NTSTATUS merge_with_system_token(TALLOC_CTX *mem_ctx,
const struct security_token *token_1,
struct security_token **token_out);
bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace);
/* The following definitions come from lib/util_sec.c */

13
source3/lib/util_nttoken.c
View File

@ -32,11 +32,11 @@
merge NT tokens
****************************************************************************/
NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
const struct security_token *token_1,
const struct security_token *token_2,
struct security_token **token_out)
NTSTATUS merge_with_system_token(TALLOC_CTX *mem_ctx,
const struct security_token *token_1,
struct security_token **token_out)
{
const struct security_token *token_2 = get_system_token();
struct security_token *token = NULL;
NTSTATUS status;
uint32_t i;
@ -76,6 +76,11 @@ NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
token->rights_mask |= token_1->rights_mask;
token->rights_mask |= token_2->rights_mask;
/*
* We don't need to merge claims as the system token has no
* claims
*/
*token_out = token;
return NT_STATUS_OK;