static NTSTATUS add_local_groups(struct security_token *result,
bool is_guest);
static NTSTATUS finalize_local_nt_token(struct security_token *result,
- bool is_guest);
+ uint32_t session_info_flags);
NTSTATUS get_user_sid_info3_and_extra(const struct netr_SamInfo3 *info3,
const struct extra_auth_info *extra,
struct security_token **ntok)
{
struct security_token *usrtok = NULL;
+ uint32_t session_info_flags = 0;
NTSTATUS status;
int i;
return status;
}
- status = finalize_local_nt_token(usrtok, is_guest);
+ session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
+ if (!is_guest) {
+ session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+ }
+
+ status = finalize_local_nt_token(usrtok, session_info_flags);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Failed to finalize nt token\n"));
TALLOC_FREE(usrtok);
struct security_token *result = NULL;
int i;
NTSTATUS status;
+ uint32_t session_info_flags = 0;
DEBUG(10, ("Create local NT token for %s\n",
sid_string_dbg(user_sid)));
return NULL;
}
- status = finalize_local_nt_token(result, is_guest);
+ session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
+ if (!is_guest) {
+ session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+ }
+
+ status = finalize_local_nt_token(result, session_info_flags);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(result);
return NULL;
}
static NTSTATUS finalize_local_nt_token(struct security_token *result,
- bool is_guest)
+ uint32_t session_info_flags)
{
struct dom_sid _dom_sid = { 0, };
struct dom_sid *domain_sid = NULL;
return NT_STATUS_INVALID_TOKEN;
}
- /* Add in BUILTIN sids */
-
- status = add_sid_to_array(result, &global_sid_World,
- &result->sids, &result->num_sids);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
- status = add_sid_to_array(result, &global_sid_Network,
- &result->sids, &result->num_sids);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ if (session_info_flags & AUTH_SESSION_INFO_DEFAULT_GROUPS) {
+ status = add_sid_to_array(result, &global_sid_World,
+ &result->sids, &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ status = add_sid_to_array(result, &global_sid_Network,
+ &result->sids, &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
}
/*
return NT_STATUS_OK;
}
- if (!is_guest) {
+ if (session_info_flags & AUTH_SESSION_INFO_AUTHENTICATED) {
status = add_sid_to_array(result,
&global_sid_Authenticated_Users,
&result->sids,
}
}
+ /* Add in BUILTIN sids */
+
become_root();
ok = secrets_fetch_domain_sid(lp_workgroup(), &_dom_sid);
if (ok) {
unbecome_root();
}
- /* Add privileges based on current user sids */
- get_privileges_for_sids(&result->privilege_mask, result->sids,
- result->num_sids);
+ if (session_info_flags & AUTH_SESSION_INFO_SIMPLE_PRIVILEGES) {
+ if (security_token_has_builtin_administrators(result)) {
+ result->privilege_mask = ~0;
+ }
+ } else {
+ /* Add privileges based on current user sids */
+ get_privileges_for_sids(&result->privilege_mask, result->sids,
+ result->num_sids);
+ }
return NT_STATUS_OK;
}