mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
This commit is contained in:
Andrew Bartlett
parent
4bfc8d3b1a
commit
d1bb21b0d5
@ -594,7 +594,7 @@ NTSTATUS init_gp_extensions(TALLOC_CTX *mem_ctx)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!reg_ctx) {
|
if (!reg_ctx) {
|
||||||
NT_USER_TOKEN *token;
|
struct security_token *token;
|
||||||
|
|
||||||
token = registry_create_system_token(mem_ctx);
|
token = registry_create_system_token(mem_ctx);
|
||||||
NT_STATUS_HAVE_NO_MEMORY(token);
|
NT_STATUS_HAVE_NO_MEMORY(token);
|
||||||
@ -678,7 +678,7 @@ void debug_gpext_header(int lvl,
|
|||||||
NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads,
|
NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
uint32_t flags,
|
uint32_t flags,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct GROUP_POLICY_OBJECT *gpo_list,
|
struct GROUP_POLICY_OBJECT *gpo_list,
|
||||||
const char *extension_guid,
|
const char *extension_guid,
|
||||||
const char *snapin_guid)
|
const char *snapin_guid)
|
||||||
@ -692,7 +692,7 @@ NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads,
|
|||||||
NTSTATUS gpext_process_extension(ADS_STRUCT *ads,
|
NTSTATUS gpext_process_extension(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
uint32_t flags,
|
uint32_t flags,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct registry_key *root_key,
|
struct registry_key *root_key,
|
||||||
struct GROUP_POLICY_OBJECT *gpo,
|
struct GROUP_POLICY_OBJECT *gpo,
|
||||||
const char *extension_guid,
|
const char *extension_guid,
|
||||||
|
|||||||
@ -65,7 +65,7 @@ struct gp_extension_methods {
|
|||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
uint32_t flags,
|
uint32_t flags,
|
||||||
struct registry_key *root_key,
|
struct registry_key *root_key,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct GROUP_POLICY_OBJECT *gpo,
|
struct GROUP_POLICY_OBJECT *gpo,
|
||||||
const char *extension_guid,
|
const char *extension_guid,
|
||||||
const char *snapin_guid);
|
const char *snapin_guid);
|
||||||
@ -73,7 +73,7 @@ struct gp_extension_methods {
|
|||||||
NTSTATUS (*process_group_policy2)(ADS_STRUCT *ads,
|
NTSTATUS (*process_group_policy2)(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
uint32_t flags,
|
uint32_t flags,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct GROUP_POLICY_OBJECT *gpo_list,
|
struct GROUP_POLICY_OBJECT *gpo_list,
|
||||||
const char *extension_guid);
|
const char *extension_guid);
|
||||||
|
|
||||||
@ -109,14 +109,14 @@ void debug_gpext_header(int lvl,
|
|||||||
NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads,
|
NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
uint32_t flags,
|
uint32_t flags,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct GROUP_POLICY_OBJECT *gpo_list,
|
struct GROUP_POLICY_OBJECT *gpo_list,
|
||||||
const char *extension_guid,
|
const char *extension_guid,
|
||||||
const char *snapin_guid);
|
const char *snapin_guid);
|
||||||
NTSTATUS gpext_process_extension(ADS_STRUCT *ads,
|
NTSTATUS gpext_process_extension(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
uint32_t flags,
|
uint32_t flags,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct registry_key *root_key,
|
struct registry_key *root_key,
|
||||||
struct GROUP_POLICY_OBJECT *gpo,
|
struct GROUP_POLICY_OBJECT *gpo,
|
||||||
const char *extension_guid,
|
const char *extension_guid,
|
||||||
|
|||||||
14
libgpo/gpo.h
14
libgpo/gpo.h
@ -156,7 +156,7 @@ struct gp_registry_entries {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct gp_registry_context {
|
struct gp_registry_context {
|
||||||
const NT_USER_TOKEN *token;
|
const struct security_token *token;
|
||||||
const char *path;
|
const char *path;
|
||||||
struct registry_key *curr_key;
|
struct registry_key *curr_key;
|
||||||
};
|
};
|
||||||
@ -215,18 +215,18 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
|
|||||||
ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
|
ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const char *dn,
|
const char *dn,
|
||||||
NT_USER_TOKEN **token);
|
struct security_token **token);
|
||||||
ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const char *dn,
|
const char *dn,
|
||||||
uint32_t flags,
|
uint32_t flags,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct GROUP_POLICY_OBJECT **gpo_list);
|
struct GROUP_POLICY_OBJECT **gpo_list);
|
||||||
|
|
||||||
/* The following definitions come from libgpo/gpo_sec.c */
|
/* The following definitions come from libgpo/gpo_sec.c */
|
||||||
|
|
||||||
NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
|
NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
|
||||||
const NT_USER_TOKEN *token);
|
const struct security_token *token);
|
||||||
|
|
||||||
/* The following definitions come from libgpo/gpo_util.c */
|
/* The following definitions come from libgpo/gpo_util.c */
|
||||||
|
|
||||||
@ -245,14 +245,14 @@ void dump_gpo_list(ADS_STRUCT *ads,
|
|||||||
void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link);
|
void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link);
|
||||||
ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
|
ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct registry_key *root_key,
|
struct registry_key *root_key,
|
||||||
struct GROUP_POLICY_OBJECT *gpo,
|
struct GROUP_POLICY_OBJECT *gpo,
|
||||||
const char *extension_guid_filter,
|
const char *extension_guid_filter,
|
||||||
uint32_t flags);
|
uint32_t flags);
|
||||||
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
|
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct GROUP_POLICY_OBJECT *gpo_list,
|
struct GROUP_POLICY_OBJECT *gpo_list,
|
||||||
const char *extensions_guid_filter,
|
const char *extensions_guid_filter,
|
||||||
uint32_t flags);
|
uint32_t flags);
|
||||||
@ -282,7 +282,7 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
|
|||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
const char *dn,
|
const char *dn,
|
||||||
NT_USER_TOKEN **token);
|
struct security_token **token);
|
||||||
|
|
||||||
|
|
||||||
#include "../libgpo/gpext/gpext.h"
|
#include "../libgpo/gpext/gpext.h"
|
||||||
|
|||||||
@ -552,7 +552,7 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
|
|||||||
struct GP_LINK *gp_link,
|
struct GP_LINK *gp_link,
|
||||||
enum GPO_LINK_TYPE link_type,
|
enum GPO_LINK_TYPE link_type,
|
||||||
bool only_add_forced_gpos,
|
bool only_add_forced_gpos,
|
||||||
const NT_USER_TOKEN *token)
|
const struct security_token *token)
|
||||||
{
|
{
|
||||||
ADS_STATUS status;
|
ADS_STATUS status;
|
||||||
int i;
|
int i;
|
||||||
@ -619,7 +619,7 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
|
|||||||
ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
|
ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const char *dn,
|
const char *dn,
|
||||||
NT_USER_TOKEN **token)
|
struct security_token **token)
|
||||||
{
|
{
|
||||||
ADS_STATUS status;
|
ADS_STATUS status;
|
||||||
struct dom_sid object_sid;
|
struct dom_sid object_sid;
|
||||||
@ -628,7 +628,7 @@ ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
|
|||||||
size_t num_ad_token_sids = 0;
|
size_t num_ad_token_sids = 0;
|
||||||
struct dom_sid *token_sids;
|
struct dom_sid *token_sids;
|
||||||
uint32_t num_token_sids = 0;
|
uint32_t num_token_sids = 0;
|
||||||
NT_USER_TOKEN *new_token = NULL;
|
struct security_token *new_token = NULL;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
status = ads_get_tokensids(ads, mem_ctx, dn,
|
status = ads_get_tokensids(ads, mem_ctx, dn,
|
||||||
@ -710,7 +710,7 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
|
|||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const char *dn,
|
const char *dn,
|
||||||
uint32_t flags,
|
uint32_t flags,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct GROUP_POLICY_OBJECT **gpo_list)
|
struct GROUP_POLICY_OBJECT **gpo_list)
|
||||||
{
|
{
|
||||||
/* (L)ocal (S)ite (D)omain (O)rganizational(U)nit */
|
/* (L)ocal (S)ite (D)omain (O)rganizational(U)nit */
|
||||||
|
|||||||
@ -101,7 +101,7 @@ static bool gpo_sd_check_read_access_bits(uint32_t access_mask)
|
|||||||
****************************************************************/
|
****************************************************************/
|
||||||
|
|
||||||
static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
|
static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
|
||||||
const NT_USER_TOKEN *token)
|
const struct security_token *token)
|
||||||
{
|
{
|
||||||
char *sid_str;
|
char *sid_str;
|
||||||
|
|
||||||
@ -123,7 +123,7 @@ static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
|
|||||||
****************************************************************/
|
****************************************************************/
|
||||||
|
|
||||||
static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
|
static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
|
||||||
const NT_USER_TOKEN *token)
|
const struct security_token *token)
|
||||||
{
|
{
|
||||||
char *sid_str;
|
char *sid_str;
|
||||||
|
|
||||||
@ -146,7 +146,7 @@ static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
|
|||||||
****************************************************************/
|
****************************************************************/
|
||||||
|
|
||||||
static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
|
static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
|
||||||
const NT_USER_TOKEN *token)
|
const struct security_token *token)
|
||||||
{
|
{
|
||||||
switch (ace->type) {
|
switch (ace->type) {
|
||||||
case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
|
case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
|
||||||
@ -162,7 +162,7 @@ static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
|
|||||||
****************************************************************/
|
****************************************************************/
|
||||||
|
|
||||||
NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
|
NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
|
||||||
const NT_USER_TOKEN *token)
|
const struct security_token *token)
|
||||||
{
|
{
|
||||||
struct security_descriptor *sd = gpo->security_descriptor;
|
struct security_descriptor *sd = gpo->security_descriptor;
|
||||||
struct security_acl *dacl = NULL;
|
struct security_acl *dacl = NULL;
|
||||||
|
|||||||
@ -448,7 +448,7 @@ static bool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx,
|
|||||||
|
|
||||||
ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
|
ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct registry_key *root_key,
|
struct registry_key *root_key,
|
||||||
struct GROUP_POLICY_OBJECT *gpo,
|
struct GROUP_POLICY_OBJECT *gpo,
|
||||||
const char *extension_guid_filter,
|
const char *extension_guid_filter,
|
||||||
@ -505,7 +505,7 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
|
|||||||
|
|
||||||
static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads,
|
static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct registry_key *root_key,
|
struct registry_key *root_key,
|
||||||
struct GROUP_POLICY_OBJECT *gpo_list,
|
struct GROUP_POLICY_OBJECT *gpo_list,
|
||||||
const char *extensions_guid,
|
const char *extensions_guid,
|
||||||
@ -543,7 +543,7 @@ static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads,
|
|||||||
|
|
||||||
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
|
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
|
||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
struct GROUP_POLICY_OBJECT *gpo_list,
|
struct GROUP_POLICY_OBJECT *gpo_list,
|
||||||
const char *extensions_guid_filter,
|
const char *extensions_guid_filter,
|
||||||
uint32_t flags)
|
uint32_t flags)
|
||||||
@ -840,9 +840,9 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
|
|||||||
TALLOC_CTX *mem_ctx,
|
TALLOC_CTX *mem_ctx,
|
||||||
struct loadparm_context *lp_ctx,
|
struct loadparm_context *lp_ctx,
|
||||||
const char *dn,
|
const char *dn,
|
||||||
NT_USER_TOKEN **token)
|
struct security_token **token)
|
||||||
{
|
{
|
||||||
NT_USER_TOKEN *ad_token = NULL;
|
struct security_token *ad_token = NULL;
|
||||||
ADS_STATUS status;
|
ADS_STATUS status;
|
||||||
#if _SAMBA_BUILD_ == 4
|
#if _SAMBA_BUILD_ == 4
|
||||||
struct auth_session_info *info;
|
struct auth_session_info *info;
|
||||||
|
|||||||
@ -388,7 +388,7 @@ bool make_user_info_guest(struct auth_usersupplied_info **user_info)
|
|||||||
return NT_STATUS_IS_OK(nt_status) ? True : False;
|
return NT_STATUS_IS_OK(nt_status) ? True : False;
|
||||||
}
|
}
|
||||||
|
|
||||||
static NTSTATUS log_nt_token(NT_USER_TOKEN *token)
|
static NTSTATUS log_nt_token(struct security_token *token)
|
||||||
{
|
{
|
||||||
TALLOC_CTX *frame = talloc_stackframe();
|
TALLOC_CTX *frame = talloc_stackframe();
|
||||||
char *command;
|
char *command;
|
||||||
@ -929,7 +929,7 @@ const struct auth_serversupplied_info *get_server_info_system(void)
|
|||||||
bool copy_current_user(struct current_user *dst, struct current_user *src)
|
bool copy_current_user(struct current_user *dst, struct current_user *src)
|
||||||
{
|
{
|
||||||
gid_t *groups;
|
gid_t *groups;
|
||||||
NT_USER_TOKEN *nt_token;
|
struct security_token *nt_token;
|
||||||
|
|
||||||
groups = (gid_t *)memdup(src->ut.groups,
|
groups = (gid_t *)memdup(src->ut.groups,
|
||||||
sizeof(gid_t) * src->ut.ngroups);
|
sizeof(gid_t) * src->ut.ngroups);
|
||||||
|
|||||||
@ -31,10 +31,10 @@
|
|||||||
#include "../librpc/gen_ndr/netlogon.h"
|
#include "../librpc/gen_ndr/netlogon.h"
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
Check for a SID in an NT_USER_TOKEN
|
Check for a SID in an struct security_token
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token )
|
bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token )
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
@ -49,7 +49,7 @@ bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid )
|
bool nt_token_check_domain_rid( struct security_token *token, uint32 rid )
|
||||||
{
|
{
|
||||||
struct dom_sid domain_sid;
|
struct dom_sid domain_sid;
|
||||||
|
|
||||||
@ -79,7 +79,7 @@ bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid )
|
|||||||
Create a copy if your need to change it.
|
Create a copy if your need to change it.
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
NT_USER_TOKEN *get_root_nt_token( void )
|
struct security_token *get_root_nt_token( void )
|
||||||
{
|
{
|
||||||
struct security_token *token, *for_cache;
|
struct security_token *token, *for_cache;
|
||||||
struct dom_sid u_sid, g_sid;
|
struct dom_sid u_sid, g_sid;
|
||||||
@ -649,10 +649,10 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
prints a NT_USER_TOKEN to debug output.
|
prints a struct security_token to debug output.
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
|
void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
|
|||||||
@ -34,7 +34,7 @@ struct auth_serversupplied_info {
|
|||||||
|
|
||||||
/* NT group information taken from the info3 structure */
|
/* NT group information taken from the info3 structure */
|
||||||
|
|
||||||
NT_USER_TOKEN *ptok;
|
struct security_token *ptok;
|
||||||
|
|
||||||
/* This is the final session key, as used by SMB signing, and
|
/* This is the final session key, as used by SMB signing, and
|
||||||
* (truncated to 16 bytes) encryption on the SAMR and LSA pipes
|
* (truncated to 16 bytes) encryption on the SAMR and LSA pipes
|
||||||
|
|||||||
@ -241,9 +241,9 @@ NTSTATUS pass_check(const struct passwd *pass,
|
|||||||
|
|
||||||
/* The following definitions come from auth/token_util.c */
|
/* The following definitions come from auth/token_util.c */
|
||||||
|
|
||||||
bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token );
|
bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token );
|
||||||
bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid );
|
bool nt_token_check_domain_rid( struct security_token *token, uint32 rid );
|
||||||
NT_USER_TOKEN *get_root_nt_token( void );
|
struct security_token *get_root_nt_token( void );
|
||||||
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
|
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
|
||||||
struct security_token *token);
|
struct security_token *token);
|
||||||
NTSTATUS create_builtin_users(const struct dom_sid *sid);
|
NTSTATUS create_builtin_users(const struct dom_sid *sid);
|
||||||
@ -258,7 +258,7 @@ NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx,
|
|||||||
struct netr_SamInfo3 *info3,
|
struct netr_SamInfo3 *info3,
|
||||||
struct extra_auth_info *extra,
|
struct extra_auth_info *extra,
|
||||||
struct security_token **ntok);
|
struct security_token **ntok);
|
||||||
void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token);
|
void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token);
|
||||||
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
|
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
|
||||||
int n_groups, gid_t *groups);
|
int n_groups, gid_t *groups);
|
||||||
|
|
||||||
@ -663,8 +663,8 @@ void dump_se_priv( int dbg_cl, int dbg_lvl, const uint64_t *mask );
|
|||||||
bool is_privilege_assigned(const uint64_t *privileges,
|
bool is_privilege_assigned(const uint64_t *privileges,
|
||||||
const uint64_t *check);
|
const uint64_t *check);
|
||||||
const char* get_privilege_dispname( const char *name );
|
const char* get_privilege_dispname( const char *name );
|
||||||
bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege);
|
bool user_has_privileges(const struct security_token *token, const uint64_t *privilege);
|
||||||
bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege);
|
bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege);
|
||||||
int count_all_privileges( void );
|
int count_all_privileges( void );
|
||||||
struct lsa_LUIDAttribute get_privilege_luid( uint64_t *mask );
|
struct lsa_LUIDAttribute get_privilege_luid( uint64_t *mask );
|
||||||
const char *luid_to_privilege_name(const struct lsa_LUID *set);
|
const char *luid_to_privilege_name(const struct lsa_LUID *set);
|
||||||
@ -756,7 +756,7 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser
|
|||||||
size_t *psize);
|
size_t *psize);
|
||||||
bool set_share_security(const char *share_name, struct security_descriptor *psd);
|
bool set_share_security(const char *share_name, struct security_descriptor *psd);
|
||||||
bool delete_share_security(const char *servicename);
|
bool delete_share_security(const char *servicename);
|
||||||
bool share_access_check(const NT_USER_TOKEN *token, const char *sharename,
|
bool share_access_check(const struct security_token *token, const char *sharename,
|
||||||
uint32 desired_access);
|
uint32 desired_access);
|
||||||
bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd);
|
bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd);
|
||||||
|
|
||||||
@ -1286,12 +1286,12 @@ void smb_nscd_flush_group_cache(void);
|
|||||||
|
|
||||||
/* The following definitions come from lib/util_nttoken.c */
|
/* The following definitions come from lib/util_nttoken.c */
|
||||||
|
|
||||||
NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken);
|
struct security_token *dup_nt_token(TALLOC_CTX *mem_ctx, const struct security_token *ptoken);
|
||||||
NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
|
NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
|
||||||
const struct security_token *token_1,
|
const struct security_token *token_1,
|
||||||
const struct security_token *token_2,
|
const struct security_token *token_2,
|
||||||
struct security_token **token_out);
|
struct security_token **token_out);
|
||||||
bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace);
|
bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace);
|
||||||
|
|
||||||
/* The following definitions come from lib/util_pw.c */
|
/* The following definitions come from lib/util_pw.c */
|
||||||
|
|
||||||
@ -1314,7 +1314,7 @@ bool pull_reg_multi_sz(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const char **
|
|||||||
void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping);
|
void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping);
|
||||||
void security_acl_map_generic(struct security_acl *sa, const struct generic_mapping *mapping);
|
void security_acl_map_generic(struct security_acl *sa, const struct generic_mapping *mapping);
|
||||||
void se_map_standard(uint32 *access_mask, const struct standard_mapping *mapping);
|
void se_map_standard(uint32 *access_mask, const struct standard_mapping *mapping);
|
||||||
NTSTATUS se_access_check(const struct security_descriptor *sd, const NT_USER_TOKEN *token,
|
NTSTATUS se_access_check(const struct security_descriptor *sd, const struct security_token *token,
|
||||||
uint32 acc_desired, uint32 *acc_granted);
|
uint32 acc_desired, uint32 *acc_granted);
|
||||||
|
|
||||||
/* The following definitions come from lib/util_sec.c */
|
/* The following definitions come from lib/util_sec.c */
|
||||||
@ -1339,7 +1339,7 @@ bool is_setuid_root(void) ;
|
|||||||
/* The following definitions come from lib/util_sid.c */
|
/* The following definitions come from lib/util_sid.c */
|
||||||
|
|
||||||
const char *sid_type_lookup(uint32 sid_type) ;
|
const char *sid_type_lookup(uint32 sid_type) ;
|
||||||
NT_USER_TOKEN *get_system_token(void) ;
|
struct security_token *get_system_token(void) ;
|
||||||
char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid);
|
char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid);
|
||||||
char *sid_string_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
|
char *sid_string_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
|
||||||
char *sid_string_dbg(const struct dom_sid *sid);
|
char *sid_string_dbg(const struct dom_sid *sid);
|
||||||
@ -1368,7 +1368,7 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t
|
|||||||
bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
|
bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
|
||||||
uint32 rid, uint32 **pp_rids, size_t *p_num);
|
uint32 rid, uint32 **pp_rids, size_t *p_num);
|
||||||
bool is_null_sid(const struct dom_sid *sid);
|
bool is_null_sid(const struct dom_sid *sid);
|
||||||
bool is_sid_in_token(const NT_USER_TOKEN *token, const struct dom_sid *sid);
|
bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid);
|
||||||
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
|
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
|
||||||
const struct netr_SamInfo3 *info3,
|
const struct netr_SamInfo3 *info3,
|
||||||
struct dom_sid **user_sids,
|
struct dom_sid **user_sids,
|
||||||
@ -4450,11 +4450,11 @@ bool init_service_op_table( void );
|
|||||||
/* The following definitions come from services/services_db.c */
|
/* The following definitions come from services/services_db.c */
|
||||||
|
|
||||||
void svcctl_init_keys( void );
|
void svcctl_init_keys( void );
|
||||||
struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
|
struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, struct security_token *token );
|
||||||
bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, NT_USER_TOKEN *token );
|
bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, struct security_token *token );
|
||||||
const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
|
const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, struct security_token *token );
|
||||||
const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
|
const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, struct security_token *token );
|
||||||
struct regval_ctr *svcctl_fetch_regvalues( const char *name, NT_USER_TOKEN *token );
|
struct regval_ctr *svcctl_fetch_regvalues( const char *name, struct security_token *token );
|
||||||
|
|
||||||
/* The following definitions come from services/svc_netlogon.c */
|
/* The following definitions come from services/svc_netlogon.c */
|
||||||
|
|
||||||
@ -5033,7 +5033,7 @@ void reply_nttranss(struct smb_request *req);
|
|||||||
|
|
||||||
NTSTATUS smb1_file_se_access_check(connection_struct *conn,
|
NTSTATUS smb1_file_se_access_check(connection_struct *conn,
|
||||||
const struct security_descriptor *sd,
|
const struct security_descriptor *sd,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
uint32_t access_desired,
|
uint32_t access_desired,
|
||||||
uint32_t *access_granted);
|
uint32_t *access_granted);
|
||||||
NTSTATUS fd_close(files_struct *fsp);
|
NTSTATUS fd_close(files_struct *fsp);
|
||||||
@ -5409,7 +5409,7 @@ void server_encryption_shutdown(void);
|
|||||||
|
|
||||||
bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2);
|
bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2);
|
||||||
bool push_sec_ctx(void);
|
bool push_sec_ctx(void);
|
||||||
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token);
|
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token);
|
||||||
void set_root_sec_ctx(void);
|
void set_root_sec_ctx(void);
|
||||||
bool pop_sec_ctx(void);
|
bool pop_sec_ctx(void);
|
||||||
void init_sec_ctx(void);
|
void init_sec_ctx(void);
|
||||||
@ -5575,7 +5575,7 @@ bool unbecome_user(void);
|
|||||||
uid_t get_current_uid(connection_struct *conn);
|
uid_t get_current_uid(connection_struct *conn);
|
||||||
gid_t get_current_gid(connection_struct *conn);
|
gid_t get_current_gid(connection_struct *conn);
|
||||||
const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn);
|
const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn);
|
||||||
const NT_USER_TOKEN *get_current_nttok(connection_struct *conn);
|
const struct security_token *get_current_nttok(connection_struct *conn);
|
||||||
uint16_t get_current_vuid(connection_struct *conn);
|
uint16_t get_current_vuid(connection_struct *conn);
|
||||||
|
|
||||||
/* The following definitions come from smbd/utmp.c */
|
/* The following definitions come from smbd/utmp.c */
|
||||||
@ -5666,11 +5666,11 @@ struct tevent_req *fncall_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
|
|||||||
int fncall_recv(struct tevent_req *req, int *perr);
|
int fncall_recv(struct tevent_req *req, int *perr);
|
||||||
|
|
||||||
/* The following definitions come from rpc_server/srv_samr_nt.c */
|
/* The following definitions come from rpc_server/srv_samr_nt.c */
|
||||||
NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token,
|
NTSTATUS access_check_object( struct security_descriptor *psd, struct security_token *token,
|
||||||
uint64_t *rights, uint32 rights_mask,
|
uint64_t *rights, uint32 rights_mask,
|
||||||
uint32 des_access, uint32 *acc_granted,
|
uint32 des_access, uint32 *acc_granted,
|
||||||
const char *debug);
|
const char *debug);
|
||||||
void map_max_allowed_access(const NT_USER_TOKEN *nt_token,
|
void map_max_allowed_access(const struct security_token *nt_token,
|
||||||
const struct unix_user_token *unix_token,
|
const struct unix_user_token *unix_token,
|
||||||
uint32_t *pacc_requested);
|
uint32_t *pacc_requested);
|
||||||
|
|
||||||
|
|||||||
@ -49,7 +49,7 @@ struct registry_ops {
|
|||||||
bool (*store_values)( const char *key, struct regval_ctr *val );
|
bool (*store_values)( const char *key, struct regval_ctr *val );
|
||||||
bool (*reg_access_check)( const char *keyname, uint32 requested,
|
bool (*reg_access_check)( const char *keyname, uint32 requested,
|
||||||
uint32 *granted,
|
uint32 *granted,
|
||||||
const NT_USER_TOKEN *token );
|
const struct security_token *token );
|
||||||
WERROR (*get_secdesc)(TALLOC_CTX *mem_ctx, const char *key,
|
WERROR (*get_secdesc)(TALLOC_CTX *mem_ctx, const char *key,
|
||||||
struct security_descriptor **psecdesc);
|
struct security_descriptor **psecdesc);
|
||||||
WERROR (*set_secdesc)(const char *key,
|
WERROR (*set_secdesc)(const char *key,
|
||||||
|
|||||||
@ -232,8 +232,6 @@ extern const struct dom_sid global_sid_Unix_Groups;
|
|||||||
#define PRIMARY_USER_SID_INDEX 0
|
#define PRIMARY_USER_SID_INDEX 0
|
||||||
#define PRIMARY_GROUP_SID_INDEX 1
|
#define PRIMARY_GROUP_SID_INDEX 1
|
||||||
|
|
||||||
typedef struct security_token NT_USER_TOKEN;
|
|
||||||
|
|
||||||
typedef struct unix_user_token {
|
typedef struct unix_user_token {
|
||||||
uid_t uid;
|
uid_t uid;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
@ -551,7 +549,7 @@ struct current_user {
|
|||||||
connection_struct *conn;
|
connection_struct *conn;
|
||||||
uint16 vuid;
|
uint16 vuid;
|
||||||
UNIX_USER_TOKEN ut;
|
UNIX_USER_TOKEN ut;
|
||||||
NT_USER_TOKEN *nt_user_token;
|
struct security_token *nt_user_token;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct smbd_smb2_request;
|
struct smbd_smb2_request;
|
||||||
|
|||||||
@ -281,7 +281,7 @@ const char* get_privilege_dispname( const char *name )
|
|||||||
at a time here.
|
at a time here.
|
||||||
*****************************************************************************/
|
*****************************************************************************/
|
||||||
|
|
||||||
bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege)
|
bool user_has_privileges(const struct security_token *token, const uint64_t *privilege)
|
||||||
{
|
{
|
||||||
if ( !token )
|
if ( !token )
|
||||||
return False;
|
return False;
|
||||||
@ -294,7 +294,7 @@ bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege)
|
|||||||
at a time here.
|
at a time here.
|
||||||
*****************************************************************************/
|
*****************************************************************************/
|
||||||
|
|
||||||
bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege)
|
bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege)
|
||||||
{
|
{
|
||||||
if ( !token )
|
if ( !token )
|
||||||
return False;
|
return False;
|
||||||
|
|||||||
@ -407,7 +407,7 @@ bool delete_share_security(const char *servicename)
|
|||||||
Can this user access with share with the required permissions ?
|
Can this user access with share with the required permissions ?
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
bool share_access_check(const NT_USER_TOKEN *token, const char *sharename,
|
bool share_access_check(const struct security_token *token, const char *sharename,
|
||||||
uint32 desired_access)
|
uint32 desired_access)
|
||||||
{
|
{
|
||||||
uint32 granted;
|
uint32 granted;
|
||||||
|
|||||||
@ -31,14 +31,14 @@
|
|||||||
Duplicate a SID token.
|
Duplicate a SID token.
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken)
|
struct security_token *dup_nt_token(TALLOC_CTX *mem_ctx, const struct security_token *ptoken)
|
||||||
{
|
{
|
||||||
NT_USER_TOKEN *token;
|
struct security_token *token;
|
||||||
|
|
||||||
if (!ptoken)
|
if (!ptoken)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN);
|
token = TALLOC_ZERO_P(mem_ctx, struct security_token);
|
||||||
if (token == NULL) {
|
if (token == NULL) {
|
||||||
DEBUG(0, ("talloc failed\n"));
|
DEBUG(0, ("talloc failed\n"));
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -120,7 +120,7 @@ NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
|
|||||||
Check if this struct security_ace has a SID in common with the token.
|
Check if this struct security_ace has a SID in common with the token.
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace)
|
bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace)
|
||||||
{
|
{
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
|
|||||||
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
|
||||||
extern NT_USER_TOKEN anonymous_token;
|
extern struct security_token anonymous_token;
|
||||||
|
|
||||||
/* Map generic access rights to object specific rights. This technique is
|
/* Map generic access rights to object specific rights. This technique is
|
||||||
used to give meaning to assigning read, write, execute and all access to
|
used to give meaning to assigning read, write, execute and all access to
|
||||||
@ -106,7 +106,7 @@ void se_map_standard(uint32 *access_mask, const struct standard_mapping *mapping
|
|||||||
perform a SEC_FLAG_MAXIMUM_ALLOWED access check
|
perform a SEC_FLAG_MAXIMUM_ALLOWED access check
|
||||||
*/
|
*/
|
||||||
static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
|
static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
|
||||||
const NT_USER_TOKEN *token)
|
const struct security_token *token)
|
||||||
{
|
{
|
||||||
uint32_t denied = 0, granted = 0;
|
uint32_t denied = 0, granted = 0;
|
||||||
unsigned i;
|
unsigned i;
|
||||||
@ -154,7 +154,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
|
|||||||
to by the access_granted pointer.
|
to by the access_granted pointer.
|
||||||
*/
|
*/
|
||||||
NTSTATUS se_access_check(const struct security_descriptor *sd,
|
NTSTATUS se_access_check(const struct security_descriptor *sd,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
uint32_t access_desired,
|
uint32_t access_desired,
|
||||||
uint32_t *access_granted)
|
uint32_t *access_granted)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -107,11 +107,11 @@ static struct dom_sid anon_sid_array[3] =
|
|||||||
{ { 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
|
{ { 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
|
||||||
{ 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
|
{ 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
|
||||||
{ 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
|
{ 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
|
||||||
NT_USER_TOKEN anonymous_token = { 3, anon_sid_array, SE_NONE };
|
struct security_token anonymous_token = { 3, anon_sid_array, SE_NONE };
|
||||||
|
|
||||||
static struct dom_sid system_sid_array[1] =
|
static struct dom_sid system_sid_array[1] =
|
||||||
{ { 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
|
{ { 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
|
||||||
NT_USER_TOKEN system_token = { 1, system_sid_array, SE_ALL_PRIVS };
|
struct security_token system_token = { 1, system_sid_array, SE_ALL_PRIVS };
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
Lookup string names for SID types.
|
Lookup string names for SID types.
|
||||||
@ -153,7 +153,7 @@ const char *sid_type_lookup(uint32 sid_type)
|
|||||||
Create the SYSTEM token.
|
Create the SYSTEM token.
|
||||||
***************************************************************************/
|
***************************************************************************/
|
||||||
|
|
||||||
NT_USER_TOKEN *get_system_token(void)
|
struct security_token *get_system_token(void)
|
||||||
{
|
{
|
||||||
return &system_token;
|
return &system_token;
|
||||||
}
|
}
|
||||||
@ -668,7 +668,7 @@ bool is_null_sid(const struct dom_sid *sid)
|
|||||||
return sid_equal(sid, &null_sid);
|
return sid_equal(sid, &null_sid);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool is_sid_in_token(const NT_USER_TOKEN *token, const struct dom_sid *sid)
|
bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
|||||||
@ -28,16 +28,16 @@
|
|||||||
* - disk operators privilege
|
* - disk operators privilege
|
||||||
*/
|
*/
|
||||||
NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
|
NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
|
||||||
NT_USER_TOKEN **ptoken)
|
struct security_token **ptoken)
|
||||||
{
|
{
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
NT_USER_TOKEN *token = NULL;
|
struct security_token *token = NULL;
|
||||||
|
|
||||||
if (ptoken == NULL) {
|
if (ptoken == NULL) {
|
||||||
return NT_STATUS_INVALID_PARAMETER;
|
return NT_STATUS_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN);
|
token = TALLOC_ZERO_P(mem_ctx, struct security_token);
|
||||||
if (token == NULL) {
|
if (token == NULL) {
|
||||||
DEBUG(1, ("talloc failed\n"));
|
DEBUG(1, ("talloc failed\n"));
|
||||||
status = NT_STATUS_NO_MEMORY;
|
status = NT_STATUS_NO_MEMORY;
|
||||||
|
|||||||
@ -21,6 +21,6 @@
|
|||||||
#define _REG_UTIL_TOKEN_H
|
#define _REG_UTIL_TOKEN_H
|
||||||
|
|
||||||
NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
|
NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
|
||||||
NT_USER_TOKEN **ptoken);
|
struct security_token **ptoken);
|
||||||
|
|
||||||
#endif /* _REG_UTIL_TOKEN_H */
|
#endif /* _REG_UTIL_TOKEN_H */
|
||||||
|
|||||||
@ -69,7 +69,7 @@ static EVENTLOG_INFO *find_eventlog_info_by_hnd( struct pipes_struct * p,
|
|||||||
/********************************************************************
|
/********************************************************************
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
|
static bool elog_check_access( EVENTLOG_INFO *info, struct security_token *token )
|
||||||
{
|
{
|
||||||
char *tdbname = elog_tdbname(talloc_tos(), info->logname );
|
char *tdbname = elog_tdbname(talloc_tos(), info->logname );
|
||||||
struct security_descriptor *sec_desc;
|
struct security_descriptor *sec_desc;
|
||||||
|
|||||||
@ -179,7 +179,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, struct security_descriptor
|
|||||||
level of access for further checks.
|
level of access for further checks.
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token,
|
NTSTATUS access_check_object( struct security_descriptor *psd, struct security_token *token,
|
||||||
uint64_t *rights, uint32 rights_mask,
|
uint64_t *rights, uint32 rights_mask,
|
||||||
uint32 des_access, uint32 *acc_granted,
|
uint32 des_access, uint32 *acc_granted,
|
||||||
const char *debug )
|
const char *debug )
|
||||||
@ -241,7 +241,7 @@ done:
|
|||||||
Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
|
Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
void map_max_allowed_access(const NT_USER_TOKEN *nt_token,
|
void map_max_allowed_access(const struct security_token *nt_token,
|
||||||
const struct unix_user_token *unix_token,
|
const struct unix_user_token *unix_token,
|
||||||
uint32_t *pacc_requested)
|
uint32_t *pacc_requested)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -150,7 +150,7 @@ const struct standard_mapping printserver_std_mapping = {
|
|||||||
|
|
||||||
struct xcv_api_table {
|
struct xcv_api_table {
|
||||||
const char *name;
|
const char *name;
|
||||||
WERROR(*fn) (TALLOC_CTX *mem_ctx, NT_USER_TOKEN *token, DATA_BLOB *in, DATA_BLOB *out, uint32_t *needed);
|
WERROR(*fn) (TALLOC_CTX *mem_ctx, struct security_token *token, DATA_BLOB *in, DATA_BLOB *out, uint32_t *needed);
|
||||||
};
|
};
|
||||||
|
|
||||||
static void prune_printername_cache(void);
|
static void prune_printername_cache(void);
|
||||||
@ -357,7 +357,7 @@ static bool close_printer_handle(struct pipes_struct *p, struct policy_handle *h
|
|||||||
Delete a printer given a handle.
|
Delete a printer given a handle.
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
static WERROR delete_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token,
|
static WERROR delete_printer_hook(TALLOC_CTX *ctx, struct security_token *token,
|
||||||
const char *sharename,
|
const char *sharename,
|
||||||
struct messaging_context *msg_ctx)
|
struct messaging_context *msg_ctx)
|
||||||
{
|
{
|
||||||
@ -5859,7 +5859,7 @@ static bool check_printer_ok(TALLOC_CTX *mem_ctx,
|
|||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
static WERROR add_port_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *portname, const char *uri)
|
static WERROR add_port_hook(TALLOC_CTX *ctx, struct security_token *token, const char *portname, const char *uri)
|
||||||
{
|
{
|
||||||
char *cmd = lp_addport_cmd();
|
char *cmd = lp_addport_cmd();
|
||||||
char *command = NULL;
|
char *command = NULL;
|
||||||
@ -5908,7 +5908,7 @@ static WERROR add_port_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *p
|
|||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
static bool add_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token,
|
static bool add_printer_hook(TALLOC_CTX *ctx, struct security_token *token,
|
||||||
struct spoolss_SetPrinterInfo2 *info2,
|
struct spoolss_SetPrinterInfo2 *info2,
|
||||||
const char *remote_machine,
|
const char *remote_machine,
|
||||||
struct messaging_context *msg_ctx)
|
struct messaging_context *msg_ctx)
|
||||||
@ -9540,7 +9540,7 @@ static bool push_monitorui_buf(TALLOC_CTX *mem_ctx, DATA_BLOB *buf,
|
|||||||
*******************************************************************/
|
*******************************************************************/
|
||||||
|
|
||||||
static WERROR xcvtcp_monitorui(TALLOC_CTX *mem_ctx,
|
static WERROR xcvtcp_monitorui(TALLOC_CTX *mem_ctx,
|
||||||
NT_USER_TOKEN *token, DATA_BLOB *in,
|
struct security_token *token, DATA_BLOB *in,
|
||||||
DATA_BLOB *out, uint32_t *needed)
|
DATA_BLOB *out, uint32_t *needed)
|
||||||
{
|
{
|
||||||
const char *dllname = "tcpmonui.dll";
|
const char *dllname = "tcpmonui.dll";
|
||||||
@ -9595,7 +9595,7 @@ static bool pull_port_data_2(TALLOC_CTX *mem_ctx,
|
|||||||
*******************************************************************/
|
*******************************************************************/
|
||||||
|
|
||||||
static WERROR xcvtcp_addport(TALLOC_CTX *mem_ctx,
|
static WERROR xcvtcp_addport(TALLOC_CTX *mem_ctx,
|
||||||
NT_USER_TOKEN *token, DATA_BLOB *in,
|
struct security_token *token, DATA_BLOB *in,
|
||||||
DATA_BLOB *out, uint32_t *needed)
|
DATA_BLOB *out, uint32_t *needed)
|
||||||
{
|
{
|
||||||
struct spoolss_PortData1 port1;
|
struct spoolss_PortData1 port1;
|
||||||
@ -9687,7 +9687,7 @@ struct xcv_api_table xcvtcp_cmds[] = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
static WERROR process_xcvtcp_command(TALLOC_CTX *mem_ctx,
|
static WERROR process_xcvtcp_command(TALLOC_CTX *mem_ctx,
|
||||||
NT_USER_TOKEN *token, const char *command,
|
struct security_token *token, const char *command,
|
||||||
DATA_BLOB *inbuf,
|
DATA_BLOB *inbuf,
|
||||||
DATA_BLOB *outbuf,
|
DATA_BLOB *outbuf,
|
||||||
uint32_t *needed )
|
uint32_t *needed )
|
||||||
@ -9709,7 +9709,7 @@ static WERROR process_xcvtcp_command(TALLOC_CTX *mem_ctx,
|
|||||||
#if 0 /* don't support management using the "Local Port" monitor */
|
#if 0 /* don't support management using the "Local Port" monitor */
|
||||||
|
|
||||||
static WERROR xcvlocal_monitorui(TALLOC_CTX *mem_ctx,
|
static WERROR xcvlocal_monitorui(TALLOC_CTX *mem_ctx,
|
||||||
NT_USER_TOKEN *token, DATA_BLOB *in,
|
struct security_token *token, DATA_BLOB *in,
|
||||||
DATA_BLOB *out, uint32_t *needed)
|
DATA_BLOB *out, uint32_t *needed)
|
||||||
{
|
{
|
||||||
const char *dllname = "localui.dll";
|
const char *dllname = "localui.dll";
|
||||||
@ -9746,7 +9746,7 @@ struct xcv_api_table xcvlocal_cmds[] = {
|
|||||||
*******************************************************************/
|
*******************************************************************/
|
||||||
|
|
||||||
static WERROR process_xcvlocal_command(TALLOC_CTX *mem_ctx,
|
static WERROR process_xcvlocal_command(TALLOC_CTX *mem_ctx,
|
||||||
NT_USER_TOKEN *token, const char *command,
|
struct security_token *token, const char *command,
|
||||||
DATA_BLOB *inbuf, DATA_BLOB *outbuf,
|
DATA_BLOB *inbuf, DATA_BLOB *outbuf,
|
||||||
uint32_t *needed)
|
uint32_t *needed)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -123,7 +123,7 @@ static struct service_control_op* find_service_by_name( const char *name )
|
|||||||
/********************************************************************
|
/********************************************************************
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, NT_USER_TOKEN *token,
|
static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, struct security_token *token,
|
||||||
uint32 access_desired, uint32 *access_granted )
|
uint32 access_desired, uint32 *access_granted )
|
||||||
{
|
{
|
||||||
if ( geteuid() == sec_initial_uid() ) {
|
if ( geteuid() == sec_initial_uid() ) {
|
||||||
@ -387,7 +387,7 @@ WERROR _svcctl_QueryServiceStatus(struct pipes_struct *p,
|
|||||||
/********************************************************************
|
/********************************************************************
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
static int enumerate_status( TALLOC_CTX *ctx, struct ENUM_SERVICE_STATUSW **status, NT_USER_TOKEN *token )
|
static int enumerate_status( TALLOC_CTX *ctx, struct ENUM_SERVICE_STATUSW **status, struct security_token *token )
|
||||||
{
|
{
|
||||||
int num_services = 0;
|
int num_services = 0;
|
||||||
int i;
|
int i;
|
||||||
@ -430,7 +430,7 @@ WERROR _svcctl_EnumServicesStatusW(struct pipes_struct *p,
|
|||||||
size_t buffer_size = 0;
|
size_t buffer_size = 0;
|
||||||
WERROR result = WERR_OK;
|
WERROR result = WERR_OK;
|
||||||
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
|
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
|
||||||
NT_USER_TOKEN *token = p->server_info->ptok;
|
struct security_token *token = p->server_info->ptok;
|
||||||
DATA_BLOB blob = data_blob_null;
|
DATA_BLOB blob = data_blob_null;
|
||||||
|
|
||||||
/* perform access checks */
|
/* perform access checks */
|
||||||
@ -642,7 +642,7 @@ WERROR _svcctl_QueryServiceStatusEx(struct pipes_struct *p,
|
|||||||
|
|
||||||
static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name,
|
static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name,
|
||||||
struct QUERY_SERVICE_CONFIG *config,
|
struct QUERY_SERVICE_CONFIG *config,
|
||||||
NT_USER_TOKEN *token )
|
struct security_token *token )
|
||||||
{
|
{
|
||||||
struct regval_ctr *values;
|
struct regval_ctr *values;
|
||||||
struct regval_blob *val;
|
struct regval_blob *val;
|
||||||
|
|||||||
@ -502,7 +502,7 @@ void svcctl_init_keys( void )
|
|||||||
in case of any failure.
|
in case of any failure.
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
|
struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, struct security_token *token )
|
||||||
{
|
{
|
||||||
struct registry_key_handle *key = NULL;
|
struct registry_key_handle *key = NULL;
|
||||||
struct regval_ctr *values = NULL;
|
struct regval_ctr *values = NULL;
|
||||||
@ -564,7 +564,7 @@ done:
|
|||||||
Wrapper to make storing a Service sd easier
|
Wrapper to make storing a Service sd easier
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, NT_USER_TOKEN *token )
|
bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, struct security_token *token )
|
||||||
{
|
{
|
||||||
struct registry_key_handle *key = NULL;
|
struct registry_key_handle *key = NULL;
|
||||||
WERROR wresult;
|
WERROR wresult;
|
||||||
@ -618,7 +618,7 @@ bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_desc
|
|||||||
/********************************************************************
|
/********************************************************************
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
|
const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, struct security_token *token )
|
||||||
{
|
{
|
||||||
const char *display_name = NULL;
|
const char *display_name = NULL;
|
||||||
struct registry_key_handle *key = NULL;
|
struct registry_key_handle *key = NULL;
|
||||||
@ -671,7 +671,7 @@ fail:
|
|||||||
/********************************************************************
|
/********************************************************************
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
|
const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, struct security_token *token )
|
||||||
{
|
{
|
||||||
const char *description = NULL;
|
const char *description = NULL;
|
||||||
struct registry_key_handle *key = NULL;
|
struct registry_key_handle *key = NULL;
|
||||||
@ -722,7 +722,7 @@ const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER
|
|||||||
/********************************************************************
|
/********************************************************************
|
||||||
********************************************************************/
|
********************************************************************/
|
||||||
|
|
||||||
struct regval_ctr *svcctl_fetch_regvalues(const char *name, NT_USER_TOKEN *token)
|
struct regval_ctr *svcctl_fetch_regvalues(const char *name, struct security_token *token)
|
||||||
{
|
{
|
||||||
struct registry_key_handle *key = NULL;
|
struct registry_key_handle *key = NULL;
|
||||||
struct regval_ctr *values = NULL;
|
struct regval_ctr *values = NULL;
|
||||||
|
|||||||
@ -85,7 +85,7 @@ extern struct smb_srv_trans_enc_ctx *srv_trans_enc_ctx;
|
|||||||
|
|
||||||
struct sec_ctx {
|
struct sec_ctx {
|
||||||
UNIX_USER_TOKEN ut;
|
UNIX_USER_TOKEN ut;
|
||||||
NT_USER_TOKEN *token;
|
struct security_token *token;
|
||||||
};
|
};
|
||||||
/* A stack of security contexts. We include the current context as being
|
/* A stack of security contexts. We include the current context as being
|
||||||
the first one, so there is room for another MAX_SEC_CTX_DEPTH more. */
|
the first one, so there is room for another MAX_SEC_CTX_DEPTH more. */
|
||||||
|
|||||||
@ -56,7 +56,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
|
|||||||
|
|
||||||
NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
|
NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
|
||||||
const struct security_descriptor *sd,
|
const struct security_descriptor *sd,
|
||||||
const NT_USER_TOKEN *token,
|
const struct security_token *token,
|
||||||
uint32_t access_desired,
|
uint32_t access_desired,
|
||||||
uint32_t *access_granted)
|
uint32_t *access_granted)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -300,7 +300,7 @@ static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *grou
|
|||||||
Set the current security context to a given user.
|
Set the current security context to a given user.
|
||||||
****************************************************************************/
|
****************************************************************************/
|
||||||
|
|
||||||
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token)
|
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token)
|
||||||
{
|
{
|
||||||
struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
|
struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
|
||||||
|
|
||||||
|
|||||||
@ -538,7 +538,7 @@ const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn)
|
|||||||
return ¤t_user.ut;
|
return ¤t_user.ut;
|
||||||
}
|
}
|
||||||
|
|
||||||
const NT_USER_TOKEN *get_current_nttok(connection_struct *conn)
|
const struct security_token *get_current_nttok(connection_struct *conn)
|
||||||
{
|
{
|
||||||
return current_user.nt_user_token;
|
return current_user.nt_user_token;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -26,9 +26,9 @@
|
|||||||
|
|
||||||
/* The following definitions come from auth/token_util.c */
|
/* The following definitions come from auth/token_util.c */
|
||||||
|
|
||||||
bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token );
|
bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token );
|
||||||
bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid );
|
bool nt_token_check_domain_rid( struct security_token *token, uint32 rid );
|
||||||
NT_USER_TOKEN *get_root_nt_token( void );
|
struct security_token *get_root_nt_token( void );
|
||||||
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
|
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
|
||||||
struct security_token *token);
|
struct security_token *token);
|
||||||
struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
|
struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
|
||||||
@ -36,7 +36,7 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
|
|||||||
bool is_guest,
|
bool is_guest,
|
||||||
int num_groupsids,
|
int num_groupsids,
|
||||||
const struct dom_sid *groupsids);
|
const struct dom_sid *groupsids);
|
||||||
void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token);
|
void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token);
|
||||||
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
|
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
|
||||||
int n_groups, gid_t *groups);
|
int n_groups, gid_t *groups);
|
||||||
|
|
||||||
|
|||||||
@ -41,7 +41,7 @@ static WERROR open_hive(TALLOC_CTX *ctx, const char *path,
|
|||||||
char **subkeyname)
|
char **subkeyname)
|
||||||
{
|
{
|
||||||
WERROR werr;
|
WERROR werr;
|
||||||
NT_USER_TOKEN *token = NULL;
|
struct security_token *token = NULL;
|
||||||
char *hivename = NULL;
|
char *hivename = NULL;
|
||||||
char *tmp_subkeyname = NULL;
|
char *tmp_subkeyname = NULL;
|
||||||
TALLOC_CTX *tmp_ctx = talloc_stackframe();
|
TALLOC_CTX *tmp_ctx = talloc_stackframe();
|
||||||
|
|||||||
@ -4114,7 +4114,7 @@ static NTSTATUS rpc_aliaslist_internals(struct net_context *c,
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void init_user_token(NT_USER_TOKEN *token, struct dom_sid *user_sid)
|
static void init_user_token(struct security_token *token, struct dom_sid *user_sid)
|
||||||
{
|
{
|
||||||
token->num_sids = 4;
|
token->num_sids = 4;
|
||||||
|
|
||||||
@ -4130,12 +4130,12 @@ static void init_user_token(NT_USER_TOKEN *token, struct dom_sid *user_sid)
|
|||||||
sid_copy(&token->sids[3], &global_sid_Authenticated_Users);
|
sid_copy(&token->sids[3], &global_sid_Authenticated_Users);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void free_user_token(NT_USER_TOKEN *token)
|
static void free_user_token(struct security_token *token)
|
||||||
{
|
{
|
||||||
SAFE_FREE(token->sids);
|
SAFE_FREE(token->sids);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void add_sid_to_token(NT_USER_TOKEN *token, struct dom_sid *sid)
|
static void add_sid_to_token(struct security_token *token, struct dom_sid *sid)
|
||||||
{
|
{
|
||||||
if (is_sid_in_token(token, sid))
|
if (is_sid_in_token(token, sid))
|
||||||
return;
|
return;
|
||||||
@ -4152,7 +4152,7 @@ static void add_sid_to_token(NT_USER_TOKEN *token, struct dom_sid *sid)
|
|||||||
|
|
||||||
struct user_token {
|
struct user_token {
|
||||||
fstring name;
|
fstring name;
|
||||||
NT_USER_TOKEN token;
|
struct security_token token;
|
||||||
};
|
};
|
||||||
|
|
||||||
static void dump_user_token(struct user_token *token)
|
static void dump_user_token(struct user_token *token)
|
||||||
@ -4178,7 +4178,7 @@ static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias)
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void collect_sid_memberships(NT_USER_TOKEN *token, struct dom_sid sid)
|
static void collect_sid_memberships(struct security_token *token, struct dom_sid sid)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
@ -4195,7 +4195,7 @@ static void collect_sid_memberships(NT_USER_TOKEN *token, struct dom_sid sid)
|
|||||||
* add them to the token.
|
* add them to the token.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static void collect_alias_memberships(NT_USER_TOKEN *token)
|
static void collect_alias_memberships(struct security_token *token)
|
||||||
{
|
{
|
||||||
int num_global_sids = token->num_sids;
|
int num_global_sids = token->num_sids;
|
||||||
int i;
|
int i;
|
||||||
@ -4205,7 +4205,7 @@ static void collect_alias_memberships(NT_USER_TOKEN *token)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
|
static bool get_user_sids(const char *domain, const char *user, struct security_token *token)
|
||||||
{
|
{
|
||||||
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
|
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
|
||||||
enum wbcSidType type;
|
enum wbcSidType type;
|
||||||
|
|||||||
@ -26,9 +26,9 @@
|
|||||||
|
|
||||||
/* The following definitions come from auth/token_util.c */
|
/* The following definitions come from auth/token_util.c */
|
||||||
|
|
||||||
bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token );
|
bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token );
|
||||||
bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid );
|
bool nt_token_check_domain_rid( struct security_token *token, uint32 rid );
|
||||||
NT_USER_TOKEN *get_root_nt_token( void );
|
struct security_token *get_root_nt_token( void );
|
||||||
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
|
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
|
||||||
struct security_token *token);
|
struct security_token *token);
|
||||||
struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
|
struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
|
||||||
@ -36,7 +36,7 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
|
|||||||
bool is_guest,
|
bool is_guest,
|
||||||
int num_groupsids,
|
int num_groupsids,
|
||||||
const struct dom_sid *groupsids);
|
const struct dom_sid *groupsids);
|
||||||
void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token);
|
void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token);
|
||||||
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
|
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
|
||||||
int n_groups, gid_t *groups);
|
int n_groups, gid_t *groups);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user