}
if (!reg_ctx) {
- NT_USER_TOKEN *token;
+ struct security_token *token;
token = registry_create_system_token(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(token);
NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
uint32_t flags,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list,
const char *extension_guid,
const char *snapin_guid)
NTSTATUS gpext_process_extension(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
uint32_t flags,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct registry_key *root_key,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid,
TALLOC_CTX *mem_ctx,
uint32_t flags,
struct registry_key *root_key,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid,
const char *snapin_guid);
NTSTATUS (*process_group_policy2)(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
uint32_t flags,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list,
const char *extension_guid);
NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
uint32_t flags,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list,
const char *extension_guid,
const char *snapin_guid);
NTSTATUS gpext_process_extension(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
uint32_t flags,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct registry_key *root_key,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid,
};
struct gp_registry_context {
- const NT_USER_TOKEN *token;
+ const struct security_token *token;
const char *path;
struct registry_key *curr_key;
};
ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const char *dn,
- NT_USER_TOKEN **token);
+ struct security_token **token);
ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const char *dn,
uint32_t flags,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT **gpo_list);
/* The following definitions come from libgpo/gpo_sec.c */
NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
- const NT_USER_TOKEN *token);
+ const struct security_token *token);
/* The following definitions come from libgpo/gpo_util.c */
void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link);
ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct registry_key *root_key,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid_filter,
uint32_t flags);
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list,
const char *extensions_guid_filter,
uint32_t flags);
TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *dn,
- NT_USER_TOKEN **token);
+ struct security_token **token);
#include "../libgpo/gpext/gpext.h"
struct GP_LINK *gp_link,
enum GPO_LINK_TYPE link_type,
bool only_add_forced_gpos,
- const NT_USER_TOKEN *token)
+ const struct security_token *token)
{
ADS_STATUS status;
int i;
ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
const char *dn,
- NT_USER_TOKEN **token)
+ struct security_token **token)
{
ADS_STATUS status;
struct dom_sid object_sid;
size_t num_ad_token_sids = 0;
struct dom_sid *token_sids;
uint32_t num_token_sids = 0;
- NT_USER_TOKEN *new_token = NULL;
+ struct security_token *new_token = NULL;
int i;
status = ads_get_tokensids(ads, mem_ctx, dn,
TALLOC_CTX *mem_ctx,
const char *dn,
uint32_t flags,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT **gpo_list)
{
/* (L)ocal (S)ite (D)omain (O)rganizational(U)nit */
****************************************************************/
static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
- const NT_USER_TOKEN *token)
+ const struct security_token *token)
{
char *sid_str;
****************************************************************/
static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
- const NT_USER_TOKEN *token)
+ const struct security_token *token)
{
char *sid_str;
****************************************************************/
static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
- const NT_USER_TOKEN *token)
+ const struct security_token *token)
{
switch (ace->type) {
case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
****************************************************************/
NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
- const NT_USER_TOKEN *token)
+ const struct security_token *token)
{
struct security_descriptor *sd = gpo->security_descriptor;
struct security_acl *dacl = NULL;
ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct registry_key *root_key,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid_filter,
static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct registry_key *root_key,
struct GROUP_POLICY_OBJECT *gpo_list,
const char *extensions_guid,
ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
TALLOC_CTX *mem_ctx,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list,
const char *extensions_guid_filter,
uint32_t flags)
TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *dn,
- NT_USER_TOKEN **token)
+ struct security_token **token)
{
- NT_USER_TOKEN *ad_token = NULL;
+ struct security_token *ad_token = NULL;
ADS_STATUS status;
#if _SAMBA_BUILD_ == 4
struct auth_session_info *info;
return NT_STATUS_IS_OK(nt_status) ? True : False;
}
-static NTSTATUS log_nt_token(NT_USER_TOKEN *token)
+static NTSTATUS log_nt_token(struct security_token *token)
{
TALLOC_CTX *frame = talloc_stackframe();
char *command;
bool copy_current_user(struct current_user *dst, struct current_user *src)
{
gid_t *groups;
- NT_USER_TOKEN *nt_token;
+ struct security_token *nt_token;
groups = (gid_t *)memdup(src->ut.groups,
sizeof(gid_t) * src->ut.ngroups);
#include "../librpc/gen_ndr/netlogon.h"
/****************************************************************************
- Check for a SID in an NT_USER_TOKEN
+ Check for a SID in an struct security_token
****************************************************************************/
-bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token )
+bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token )
{
int i;
return False;
}
-bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid )
+bool nt_token_check_domain_rid( struct security_token *token, uint32 rid )
{
struct dom_sid domain_sid;
Create a copy if your need to change it.
******************************************************************************/
-NT_USER_TOKEN *get_root_nt_token( void )
+struct security_token *get_root_nt_token( void )
{
struct security_token *token, *for_cache;
struct dom_sid u_sid, g_sid;
}
/****************************************************************************
- prints a NT_USER_TOKEN to debug output.
+ prints a struct security_token to debug output.
****************************************************************************/
-void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
+void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token)
{
size_t i;
/* NT group information taken from the info3 structure */
- NT_USER_TOKEN *ptok;
+ struct security_token *ptok;
/* This is the final session key, as used by SMB signing, and
* (truncated to 16 bytes) encryption on the SAMR and LSA pipes
/* The following definitions come from auth/token_util.c */
-bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token );
-bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid );
-NT_USER_TOKEN *get_root_nt_token( void );
+bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token );
+bool nt_token_check_domain_rid( struct security_token *token, uint32 rid );
+struct security_token *get_root_nt_token( void );
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
struct security_token *token);
NTSTATUS create_builtin_users(const struct dom_sid *sid);
struct netr_SamInfo3 *info3,
struct extra_auth_info *extra,
struct security_token **ntok);
-void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token);
+void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token);
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
int n_groups, gid_t *groups);
bool is_privilege_assigned(const uint64_t *privileges,
const uint64_t *check);
const char* get_privilege_dispname( const char *name );
-bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege);
-bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege);
+bool user_has_privileges(const struct security_token *token, const uint64_t *privilege);
+bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege);
int count_all_privileges( void );
struct lsa_LUIDAttribute get_privilege_luid( uint64_t *mask );
const char *luid_to_privilege_name(const struct lsa_LUID *set);
size_t *psize);
bool set_share_security(const char *share_name, struct security_descriptor *psd);
bool delete_share_security(const char *servicename);
-bool share_access_check(const NT_USER_TOKEN *token, const char *sharename,
+bool share_access_check(const struct security_token *token, const char *sharename,
uint32 desired_access);
bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd);
/* The following definitions come from lib/util_nttoken.c */
-NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken);
+struct security_token *dup_nt_token(TALLOC_CTX *mem_ctx, const struct security_token *ptoken);
NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
const struct security_token *token_1,
const struct security_token *token_2,
struct security_token **token_out);
-bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace);
+bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace);
/* The following definitions come from lib/util_pw.c */
void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping);
void security_acl_map_generic(struct security_acl *sa, const struct generic_mapping *mapping);
void se_map_standard(uint32 *access_mask, const struct standard_mapping *mapping);
-NTSTATUS se_access_check(const struct security_descriptor *sd, const NT_USER_TOKEN *token,
+NTSTATUS se_access_check(const struct security_descriptor *sd, const struct security_token *token,
uint32 acc_desired, uint32 *acc_granted);
/* The following definitions come from lib/util_sec.c */
/* The following definitions come from lib/util_sid.c */
const char *sid_type_lookup(uint32 sid_type) ;
-NT_USER_TOKEN *get_system_token(void) ;
+struct security_token *get_system_token(void) ;
char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid);
char *sid_string_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
char *sid_string_dbg(const struct dom_sid *sid);
bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
uint32 rid, uint32 **pp_rids, size_t *p_num);
bool is_null_sid(const struct dom_sid *sid);
-bool is_sid_in_token(const NT_USER_TOKEN *token, const struct dom_sid *sid);
+bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid);
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
struct dom_sid **user_sids,
/* The following definitions come from services/services_db.c */
void svcctl_init_keys( void );
-struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
-bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, NT_USER_TOKEN *token );
-const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
-const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token );
-struct regval_ctr *svcctl_fetch_regvalues( const char *name, NT_USER_TOKEN *token );
+struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, struct security_token *token );
+bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, struct security_token *token );
+const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, struct security_token *token );
+const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, struct security_token *token );
+struct regval_ctr *svcctl_fetch_regvalues( const char *name, struct security_token *token );
/* The following definitions come from services/svc_netlogon.c */
NTSTATUS smb1_file_se_access_check(connection_struct *conn,
const struct security_descriptor *sd,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
uint32_t access_desired,
uint32_t *access_granted);
NTSTATUS fd_close(files_struct *fsp);
bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2);
bool push_sec_ctx(void);
-void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token);
+void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token);
void set_root_sec_ctx(void);
bool pop_sec_ctx(void);
void init_sec_ctx(void);
uid_t get_current_uid(connection_struct *conn);
gid_t get_current_gid(connection_struct *conn);
const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn);
-const NT_USER_TOKEN *get_current_nttok(connection_struct *conn);
+const struct security_token *get_current_nttok(connection_struct *conn);
uint16_t get_current_vuid(connection_struct *conn);
/* The following definitions come from smbd/utmp.c */
int fncall_recv(struct tevent_req *req, int *perr);
/* The following definitions come from rpc_server/srv_samr_nt.c */
-NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token,
+NTSTATUS access_check_object( struct security_descriptor *psd, struct security_token *token,
uint64_t *rights, uint32 rights_mask,
uint32 des_access, uint32 *acc_granted,
const char *debug);
-void map_max_allowed_access(const NT_USER_TOKEN *nt_token,
+void map_max_allowed_access(const struct security_token *nt_token,
const struct unix_user_token *unix_token,
uint32_t *pacc_requested);
bool (*store_values)( const char *key, struct regval_ctr *val );
bool (*reg_access_check)( const char *keyname, uint32 requested,
uint32 *granted,
- const NT_USER_TOKEN *token );
+ const struct security_token *token );
WERROR (*get_secdesc)(TALLOC_CTX *mem_ctx, const char *key,
struct security_descriptor **psecdesc);
WERROR (*set_secdesc)(const char *key,
#define PRIMARY_USER_SID_INDEX 0
#define PRIMARY_GROUP_SID_INDEX 1
-typedef struct security_token NT_USER_TOKEN;
-
typedef struct unix_user_token {
uid_t uid;
gid_t gid;
connection_struct *conn;
uint16 vuid;
UNIX_USER_TOKEN ut;
- NT_USER_TOKEN *nt_user_token;
+ struct security_token *nt_user_token;
};
struct smbd_smb2_request;
at a time here.
*****************************************************************************/
-bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege)
+bool user_has_privileges(const struct security_token *token, const uint64_t *privilege)
{
if ( !token )
return False;
at a time here.
*****************************************************************************/
-bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege)
+bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege)
{
if ( !token )
return False;
Can this user access with share with the required permissions ?
********************************************************************/
-bool share_access_check(const NT_USER_TOKEN *token, const char *sharename,
+bool share_access_check(const struct security_token *token, const char *sharename,
uint32 desired_access)
{
uint32 granted;
Duplicate a SID token.
****************************************************************************/
-NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken)
+struct security_token *dup_nt_token(TALLOC_CTX *mem_ctx, const struct security_token *ptoken)
{
- NT_USER_TOKEN *token;
+ struct security_token *token;
if (!ptoken)
return NULL;
- token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN);
+ token = TALLOC_ZERO_P(mem_ctx, struct security_token);
if (token == NULL) {
DEBUG(0, ("talloc failed\n"));
return NULL;
Check if this struct security_ace has a SID in common with the token.
********************************************************************/
-bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace)
+bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace)
{
size_t i;
#include "includes.h"
-extern NT_USER_TOKEN anonymous_token;
+extern struct security_token anonymous_token;
/* Map generic access rights to object specific rights. This technique is
used to give meaning to assigning read, write, execute and all access to
perform a SEC_FLAG_MAXIMUM_ALLOWED access check
*/
static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
- const NT_USER_TOKEN *token)
+ const struct security_token *token)
{
uint32_t denied = 0, granted = 0;
unsigned i;
to by the access_granted pointer.
*/
NTSTATUS se_access_check(const struct security_descriptor *sd,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
uint32_t access_desired,
uint32_t *access_granted)
{
{ { 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
{ 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
{ 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
-NT_USER_TOKEN anonymous_token = { 3, anon_sid_array, SE_NONE };
+struct security_token anonymous_token = { 3, anon_sid_array, SE_NONE };
static struct dom_sid system_sid_array[1] =
{ { 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
-NT_USER_TOKEN system_token = { 1, system_sid_array, SE_ALL_PRIVS };
+struct security_token system_token = { 1, system_sid_array, SE_ALL_PRIVS };
/****************************************************************************
Lookup string names for SID types.
Create the SYSTEM token.
***************************************************************************/
-NT_USER_TOKEN *get_system_token(void)
+struct security_token *get_system_token(void)
{
return &system_token;
}
return sid_equal(sid, &null_sid);
}
-bool is_sid_in_token(const NT_USER_TOKEN *token, const struct dom_sid *sid)
+bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid)
{
int i;
* - disk operators privilege
*/
NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
- NT_USER_TOKEN **ptoken)
+ struct security_token **ptoken)
{
NTSTATUS status;
- NT_USER_TOKEN *token = NULL;
+ struct security_token *token = NULL;
if (ptoken == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
- token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN);
+ token = TALLOC_ZERO_P(mem_ctx, struct security_token);
if (token == NULL) {
DEBUG(1, ("talloc failed\n"));
status = NT_STATUS_NO_MEMORY;
#define _REG_UTIL_TOKEN_H
NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
- NT_USER_TOKEN **ptoken);
+ struct security_token **ptoken);
#endif /* _REG_UTIL_TOKEN_H */
/********************************************************************
********************************************************************/
-static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
+static bool elog_check_access( EVENTLOG_INFO *info, struct security_token *token )
{
char *tdbname = elog_tdbname(talloc_tos(), info->logname );
struct security_descriptor *sec_desc;
level of access for further checks.
********************************************************************/
-NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token,
+NTSTATUS access_check_object( struct security_descriptor *psd, struct security_token *token,
uint64_t *rights, uint32 rights_mask,
uint32 des_access, uint32 *acc_granted,
const char *debug )
Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set.
********************************************************************/
-void map_max_allowed_access(const NT_USER_TOKEN *nt_token,
+void map_max_allowed_access(const struct security_token *nt_token,
const struct unix_user_token *unix_token,
uint32_t *pacc_requested)
{
struct xcv_api_table {
const char *name;
- WERROR(*fn) (TALLOC_CTX *mem_ctx, NT_USER_TOKEN *token, DATA_BLOB *in, DATA_BLOB *out, uint32_t *needed);
+ WERROR(*fn) (TALLOC_CTX *mem_ctx, struct security_token *token, DATA_BLOB *in, DATA_BLOB *out, uint32_t *needed);
};
static void prune_printername_cache(void);
Delete a printer given a handle.
****************************************************************************/
-static WERROR delete_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token,
+static WERROR delete_printer_hook(TALLOC_CTX *ctx, struct security_token *token,
const char *sharename,
struct messaging_context *msg_ctx)
{
/****************************************************************************
****************************************************************************/
-static WERROR add_port_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *portname, const char *uri)
+static WERROR add_port_hook(TALLOC_CTX *ctx, struct security_token *token, const char *portname, const char *uri)
{
char *cmd = lp_addport_cmd();
char *command = NULL;
/****************************************************************************
****************************************************************************/
-static bool add_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token,
+static bool add_printer_hook(TALLOC_CTX *ctx, struct security_token *token,
struct spoolss_SetPrinterInfo2 *info2,
const char *remote_machine,
struct messaging_context *msg_ctx)
*******************************************************************/
static WERROR xcvtcp_monitorui(TALLOC_CTX *mem_ctx,
- NT_USER_TOKEN *token, DATA_BLOB *in,
+ struct security_token *token, DATA_BLOB *in,
DATA_BLOB *out, uint32_t *needed)
{
const char *dllname = "tcpmonui.dll";
*******************************************************************/
static WERROR xcvtcp_addport(TALLOC_CTX *mem_ctx,
- NT_USER_TOKEN *token, DATA_BLOB *in,
+ struct security_token *token, DATA_BLOB *in,
DATA_BLOB *out, uint32_t *needed)
{
struct spoolss_PortData1 port1;
};
static WERROR process_xcvtcp_command(TALLOC_CTX *mem_ctx,
- NT_USER_TOKEN *token, const char *command,
+ struct security_token *token, const char *command,
DATA_BLOB *inbuf,
DATA_BLOB *outbuf,
uint32_t *needed )
#if 0 /* don't support management using the "Local Port" monitor */
static WERROR xcvlocal_monitorui(TALLOC_CTX *mem_ctx,
- NT_USER_TOKEN *token, DATA_BLOB *in,
+ struct security_token *token, DATA_BLOB *in,
DATA_BLOB *out, uint32_t *needed)
{
const char *dllname = "localui.dll";
*******************************************************************/
static WERROR process_xcvlocal_command(TALLOC_CTX *mem_ctx,
- NT_USER_TOKEN *token, const char *command,
+ struct security_token *token, const char *command,
DATA_BLOB *inbuf, DATA_BLOB *outbuf,
uint32_t *needed)
{
/********************************************************************
********************************************************************/
-static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, NT_USER_TOKEN *token,
+static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, struct security_token *token,
uint32 access_desired, uint32 *access_granted )
{
if ( geteuid() == sec_initial_uid() ) {
/********************************************************************
********************************************************************/
-static int enumerate_status( TALLOC_CTX *ctx, struct ENUM_SERVICE_STATUSW **status, NT_USER_TOKEN *token )
+static int enumerate_status( TALLOC_CTX *ctx, struct ENUM_SERVICE_STATUSW **status, struct security_token *token )
{
int num_services = 0;
int i;
size_t buffer_size = 0;
WERROR result = WERR_OK;
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
- NT_USER_TOKEN *token = p->server_info->ptok;
+ struct security_token *token = p->server_info->ptok;
DATA_BLOB blob = data_blob_null;
/* perform access checks */
static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name,
struct QUERY_SERVICE_CONFIG *config,
- NT_USER_TOKEN *token )
+ struct security_token *token )
{
struct regval_ctr *values;
struct regval_blob *val;
in case of any failure.
********************************************************************/
-struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
+struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, struct security_token *token )
{
struct registry_key_handle *key = NULL;
struct regval_ctr *values = NULL;
Wrapper to make storing a Service sd easier
********************************************************************/
-bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, NT_USER_TOKEN *token )
+bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, struct security_token *token )
{
struct registry_key_handle *key = NULL;
WERROR wresult;
/********************************************************************
********************************************************************/
-const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
+const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, struct security_token *token )
{
const char *display_name = NULL;
struct registry_key_handle *key = NULL;
/********************************************************************
********************************************************************/
-const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token )
+const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, struct security_token *token )
{
const char *description = NULL;
struct registry_key_handle *key = NULL;
/********************************************************************
********************************************************************/
-struct regval_ctr *svcctl_fetch_regvalues(const char *name, NT_USER_TOKEN *token)
+struct regval_ctr *svcctl_fetch_regvalues(const char *name, struct security_token *token)
{
struct registry_key_handle *key = NULL;
struct regval_ctr *values = NULL;
struct sec_ctx {
UNIX_USER_TOKEN ut;
- NT_USER_TOKEN *token;
+ struct security_token *token;
};
/* A stack of security contexts. We include the current context as being
the first one, so there is room for another MAX_SEC_CTX_DEPTH more. */
NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
const struct security_descriptor *sd,
- const NT_USER_TOKEN *token,
+ const struct security_token *token,
uint32_t access_desired,
uint32_t *access_granted)
{
Set the current security context to a given user.
****************************************************************************/
-void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token)
+void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token)
{
struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
return ¤t_user.ut;
}
-const NT_USER_TOKEN *get_current_nttok(connection_struct *conn)
+const struct security_token *get_current_nttok(connection_struct *conn)
{
return current_user.nt_user_token;
}
/* The following definitions come from auth/token_util.c */
-bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token );
-bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid );
-NT_USER_TOKEN *get_root_nt_token( void );
+bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token );
+bool nt_token_check_domain_rid( struct security_token *token, uint32 rid );
+struct security_token *get_root_nt_token( void );
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
struct security_token *token);
struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
bool is_guest,
int num_groupsids,
const struct dom_sid *groupsids);
-void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token);
+void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token);
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
int n_groups, gid_t *groups);
char **subkeyname)
{
WERROR werr;
- NT_USER_TOKEN *token = NULL;
+ struct security_token *token = NULL;
char *hivename = NULL;
char *tmp_subkeyname = NULL;
TALLOC_CTX *tmp_ctx = talloc_stackframe();
return result;
}
-static void init_user_token(NT_USER_TOKEN *token, struct dom_sid *user_sid)
+static void init_user_token(struct security_token *token, struct dom_sid *user_sid)
{
token->num_sids = 4;
sid_copy(&token->sids[3], &global_sid_Authenticated_Users);
}
-static void free_user_token(NT_USER_TOKEN *token)
+static void free_user_token(struct security_token *token)
{
SAFE_FREE(token->sids);
}
-static void add_sid_to_token(NT_USER_TOKEN *token, struct dom_sid *sid)
+static void add_sid_to_token(struct security_token *token, struct dom_sid *sid)
{
if (is_sid_in_token(token, sid))
return;
struct user_token {
fstring name;
- NT_USER_TOKEN token;
+ struct security_token token;
};
static void dump_user_token(struct user_token *token)
return false;
}
-static void collect_sid_memberships(NT_USER_TOKEN *token, struct dom_sid sid)
+static void collect_sid_memberships(struct security_token *token, struct dom_sid sid)
{
int i;
* add them to the token.
*/
-static void collect_alias_memberships(NT_USER_TOKEN *token)
+static void collect_alias_memberships(struct security_token *token)
{
int num_global_sids = token->num_sids;
int i;
}
}
-static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token)
+static bool get_user_sids(const char *domain, const char *user, struct security_token *token)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
enum wbcSidType type;
/* The following definitions come from auth/token_util.c */
-bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token );
-bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid );
-NT_USER_TOKEN *get_root_nt_token( void );
+bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token );
+bool nt_token_check_domain_rid( struct security_token *token, uint32 rid );
+struct security_token *get_root_nt_token( void );
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
struct security_token *token);
struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
bool is_guest,
int num_groupsids,
const struct dom_sid *groupsids);
-void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token);
+void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token);
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
int n_groups, gid_t *groups);
git.samba.org / abartlet / samba.git / .git / commitdiff