s3-auth: Split out get_user_sid_info3_and_extra() from create_local_nt_token_from_info3()

This will allow us to get the SID in another location for logging

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 0f600a6bca4da105790d583303522d1706270805..b64ebed4e07ee9307e290ff782d3fe58d27f0124 100644 (file)
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -359,6 +359,9 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
                                            bool is_guest,
                                            int num_groupsids,
                                            const struct dom_sid *groupsids);
+NTSTATUS get_user_sid_info3_and_extra(const struct netr_SamInfo3 *info3,
+                                     const struct extra_auth_info *extra,
+                                     struct dom_sid *sid);
 NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx,
                                          bool is_guest,
                                          const struct netr_SamInfo3 *info3,

diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 77b63e4ba63893541bf0d12b14a1bd7a73416f00..03c4b646007b8d1f61e6a76aea5938ff6e5cf56a 100644 (file)
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -211,6 +211,28 @@ static NTSTATUS add_builtin_administrators(struct security_token *token,
 static NTSTATUS finalize_local_nt_token(struct security_token *result,
                                        bool is_guest);
 
+NTSTATUS get_user_sid_info3_and_extra(const struct netr_SamInfo3 *info3,
+                                     const struct extra_auth_info *extra,
+                                     struct dom_sid *sid)
+{
+       /* USER SID */
+       if (info3->base.rid == (uint32_t)(-1)) {
+               /* this is a signal the user was fake and generated,
+                * the actual SID we want to use is stored in the extra
+                * sids */
+               if (is_null_sid(&extra->user_sid)) {
+                       /* we couldn't find the user sid, bail out */
+                       DEBUG(3, ("Invalid user SID\n"));
+                       return NT_STATUS_UNSUCCESSFUL;
+               }
+               sid_copy(sid, &extra->user_sid);
+       } else {
+               sid_copy(sid, info3->base.domain_sid);
+               sid_append_rid(sid, info3->base.rid);
+       }
+       return NT_STATUS_OK;
+}
+
 NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx,
                                          bool is_guest,
                                          const struct netr_SamInfo3 *info3,
@@ -241,21 +263,10 @@ NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx,
        }
        usrtok->num_sids = 2;
 
-       /* USER SID */
-       if (info3->base.rid == (uint32_t)(-1)) {
-               /* this is a signal the user was fake and generated,
-                * the actual SID we want to use is stored in the extra
-                * sids */
-               if (is_null_sid(&extra->user_sid)) {
-                       /* we couldn't find the user sid, bail out */
-                       DEBUG(3, ("Invalid user SID\n"));
-                       TALLOC_FREE(usrtok);
-                       return NT_STATUS_UNSUCCESSFUL;
-               }
-               sid_copy(&usrtok->sids[0], &extra->user_sid);
-       } else {
-               sid_copy(&usrtok->sids[0], info3->base.domain_sid);
-               sid_append_rid(&usrtok->sids[0], info3->base.rid);
+       status = get_user_sid_info3_and_extra(info3, extra, &usrtok->sids[0]);
+       if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(usrtok);
+               return status;
        }
 
        /* GROUP SID */