NT_USER_TOKEN *get_root_nt_token( void )
{
- struct nt_user_token *token, *for_cache;
+ struct security_token *token, *for_cache;
struct dom_sid u_sid, g_sid;
struct passwd *pw;
void *cache_data;
if (cache_data != NULL) {
return talloc_get_type_abort(
- cache_data, struct nt_user_token);
+ cache_data, struct security_token);
}
if ( !(pw = sys_getpwuid(0)) ) {
*/
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
- struct nt_user_token *token)
+ struct security_token *token)
{
uint32 *aliases;
size_t i, num_aliases;
/*******************************************************************
*******************************************************************/
-static NTSTATUS add_builtin_administrators(struct nt_user_token *token,
+static NTSTATUS add_builtin_administrators(struct security_token *token,
const struct dom_sid *dom_sid)
{
struct dom_sid domadm;
return status;
}
-static NTSTATUS finalize_local_nt_token(struct nt_user_token *result,
+static NTSTATUS finalize_local_nt_token(struct security_token *result,
bool is_guest);
NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx,
bool is_guest,
struct netr_SamInfo3 *info3,
struct extra_auth_info *extra,
- struct nt_user_token **ntok)
+ struct security_token **ntok)
{
- struct nt_user_token *usrtok = NULL;
+ struct security_token *usrtok = NULL;
NTSTATUS status;
int i;
DEBUG(10, ("Create local NT token for %s\n",
info3->base.account_name.string));
- usrtok = talloc_zero(mem_ctx, struct nt_user_token);
+ usrtok = talloc_zero(mem_ctx, struct security_token);
if (!usrtok) {
DEBUG(0, ("talloc failed\n"));
return NT_STATUS_NO_MEMORY;
Create a NT token for the user, expanding local aliases
*******************************************************************/
-struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
+struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
const struct dom_sid *user_sid,
bool is_guest,
int num_groupsids,
const struct dom_sid *groupsids)
{
- struct nt_user_token *result = NULL;
+ struct security_token *result = NULL;
int i;
NTSTATUS status;
DEBUG(10, ("Create local NT token for %s\n",
sid_string_dbg(user_sid)));
- if (!(result = TALLOC_ZERO_P(mem_ctx, struct nt_user_token))) {
+ if (!(result = TALLOC_ZERO_P(mem_ctx, struct security_token))) {
DEBUG(0, ("talloc failed\n"));
return NULL;
}
return result;
}
-static NTSTATUS finalize_local_nt_token(struct nt_user_token *result,
+static NTSTATUS finalize_local_nt_token(struct security_token *result,
bool is_guest)
{
struct dom_sid dom_sid;
bool is_guest,
uid_t *uid, gid_t *gid,
char **found_username,
- struct nt_user_token **token)
+ struct security_token **token)
{
NTSTATUS result = NT_STATUS_NO_SUCH_USER;
TALLOC_CTX *tmp_ctx = talloc_stackframe();
uid_t uid;
gid_t gid;
char *found_username;
- struct nt_user_token *token;
+ struct security_token *token;
bool result;
TALLOC_CTX *mem_ctx = talloc_stackframe();
bool is_guest,
uid_t *uid, gid_t *gid,
char **found_username,
- struct nt_user_token **token);
+ struct security_token **token);
bool user_in_group_sid(const char *username, const struct dom_sid *group_sid);
bool user_in_group(const char *username, const char *groupname);
NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid );
NT_USER_TOKEN *get_root_nt_token( void );
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
- struct nt_user_token *token);
+ struct security_token *token);
NTSTATUS create_builtin_users(const struct dom_sid *sid);
NTSTATUS create_builtin_administrators(const struct dom_sid *sid);
-struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
+struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
const struct dom_sid *user_sid,
bool is_guest,
int num_groupsids,
bool is_guest,
struct netr_SamInfo3 *info3,
struct extra_auth_info *extra,
- struct nt_user_token **ntok);
+ struct security_token **ntok);
void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token);
void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
int n_groups, gid_t *groups);
NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken);
NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
- const struct nt_user_token *token_1,
- const struct nt_user_token *token_2,
- struct nt_user_token **token_out);
+ const struct security_token *token_1,
+ const struct security_token *token_2,
+ struct security_token **token_out);
bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace);
/* The following definitions come from lib/util_pw.c */
bool token_contains_name_in_list(const char *username,
const char *domain,
const char *sharename,
- const struct nt_user_token *token,
+ const struct security_token *token,
const char **list);
bool user_ok_token(const char *username, const char *domain,
- const struct nt_user_token *token, int snum);
+ const struct security_token *token, int snum);
bool is_share_read_only_for_token(const char *username,
const char *domain,
- const struct nt_user_token *token,
+ const struct security_token *token,
connection_struct *conn);
/* The following definitions come from smbd/srvstr.c */
struct registry_key_handle *key;
struct regsubkey_ctr *subkeys;
struct regval_ctr *values;
- struct nt_user_token *token;
+ struct security_token *token;
};
WERROR reg_openhive(TALLOC_CTX *mem_ctx, const char *hive,
uint32 desired_access,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct registry_key **pkey);
WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent,
const char *name, uint32 desired_access,
WERROR reg_savekey(struct registry_key *key, const char *fname);
WERROR reg_deleteallvalues(struct registry_key *key);
WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
- uint32 desired_access, const struct nt_user_token *token,
+ uint32 desired_access, const struct security_token *token,
struct registry_key **pkey);
WERROR reg_deletekey_recursive(TALLOC_CTX *ctx,
struct registry_key *parent,
const char *path);
WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
uint32 desired_access,
- const struct nt_user_token *token,
+ const struct security_token *token,
enum winreg_CreateAction *paction,
struct registry_key **pkey);
-WERROR reg_delete_path(const struct nt_user_token *token,
+WERROR reg_delete_path(const struct security_token *token,
const char *orig_path);
/* The following definitions come from registry/reg_init_basic.c */
#include "librpc/gen_ndr/epmapper.h"
#include "librpc/gen_ndr/dcerpc.h"
+#include "librpc/gen_ndr/security.h"
struct lsa_dom_info {
bool valid;
#define PRIMARY_USER_SID_INDEX 0
#define PRIMARY_GROUP_SID_INDEX 1
-typedef struct nt_user_token {
- uint32_t num_sids;
- struct dom_sid *sids;
- uint64_t privilege_mask;
-} NT_USER_TOKEN;
+typedef struct security_token NT_USER_TOKEN;
typedef struct unix_user_token {
uid_t uid;
static WERROR smbconf_reg_init(struct smbconf_ctx *ctx, const char *path)
{
WERROR werr = WERR_OK;
- struct nt_user_token *token;
+ struct security_token *token;
if (path == NULL) {
path = KEY_SMBCONF;
struct registry_key *new_key = NULL;
TALLOC_CTX* mem_ctx = talloc_stackframe();
enum winreg_CreateAction action;
- struct nt_user_token *token;
+ struct security_token *token;
werr = ntstatus_to_werror(registry_create_admin_token(ctx, &token));
if (!W_ERROR_IS_OK(werr)) {
****************************************************************************/
NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx,
- const struct nt_user_token *token_1,
- const struct nt_user_token *token_2,
- struct nt_user_token **token_out)
+ const struct security_token *token_1,
+ const struct security_token *token_2,
+ struct security_token **token_out)
{
- struct nt_user_token *token = NULL;
+ struct security_token *token = NULL;
NTSTATUS status;
int i;
return NT_STATUS_INVALID_PARAMETER;
}
- token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
+ token = TALLOC_ZERO_P(mem_ctx, struct security_token);
NT_STATUS_HAVE_NO_MEMORY(token);
for (i=0; i < token_1->num_sids; i++) {
****************************************************************/
static WERROR reg_apply_registry(TALLOC_CTX *mem_ctx,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct registry_key *root_key,
uint32_t flags,
struct gp_registry_entry *entries,
TALLOC_CTX *mem_ctx,
uint32_t flags,
struct registry_key *root_key,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid,
const char *snapin_guid)
****************************************************************/
static WERROR scripts_apply(TALLOC_CTX *mem_ctx,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct registry_key *root_key,
uint32_t flags,
const char *section,
#if 0
if (flags & GPO_INFO_FLAG_MACHINE) {
- struct nt_user_token *tmp_token;
+ struct security_token *tmp_token;
tmp_token = registry_create_system_token(mem_ctx);
W_ERROR_HAVE_NO_MEMORY(tmp_token);
TALLOC_CTX *mem_ctx,
uint32_t flags,
struct registry_key *root_key,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid,
const char *snapin_guid)
TALLOC_CTX *mem_ctx,
uint32_t flags,
struct registry_key *root_key,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo,
const char *extension_guid,
const char *snapin_guid)
/* The following definitions come from libgpo/gpo_reg.c */
-struct nt_user_token *registry_create_system_token(TALLOC_CTX *mem_ctx);
+struct security_token *registry_create_system_token(TALLOC_CTX *mem_ctx);
WERROR gp_init_reg_ctx(TALLOC_CTX *mem_ctx,
const char *initial_path,
uint32_t desired_access,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct gp_registry_context **reg_ctx);
void gp_free_reg_ctx(struct gp_registry_context *reg_ctx);
WERROR gp_store_reg_subkey(TALLOC_CTX *mem_ctx,
WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx,
uint32_t flags,
const char *dn,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list);
WERROR gp_reg_state_read(TALLOC_CTX *mem_ctx,
uint32_t flags,
struct registry_key *root_key,
struct gp_registry_context *reg_ctx,
struct gp_registry_entry *entry,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32_t flags);
/****************************************************************
****************************************************************/
-struct nt_user_token *registry_create_system_token(TALLOC_CTX *mem_ctx)
+struct security_token *registry_create_system_token(TALLOC_CTX *mem_ctx)
{
- struct nt_user_token *token = NULL;
+ struct security_token *token = NULL;
- token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
+ token = TALLOC_ZERO_P(mem_ctx, struct security_token);
if (!token) {
DEBUG(1,("talloc failed\n"));
return NULL;
WERROR gp_init_reg_ctx(TALLOC_CTX *mem_ctx,
const char *initial_path,
uint32_t desired_access,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct gp_registry_context **reg_ctx)
{
struct gp_registry_context *tmp_ctx;
static WERROR gp_reg_del_groupmembership(TALLOC_CTX *mem_ctx,
struct registry_key *key,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32_t flags)
{
const char *path = NULL;
static WERROR gp_reg_store_groupmembership(TALLOC_CTX *mem_ctx,
struct gp_registry_context *reg_ctx,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32_t flags)
{
struct registry_key *key = NULL;
static WERROR gp_reg_read_groupmembership(TALLOC_CTX *mem_ctx,
struct gp_registry_context *reg_ctx,
const struct dom_sid *object_sid,
- struct nt_user_token **token,
+ struct security_token **token,
uint32_t flags)
{
struct registry_key *key = NULL;
const char *path = NULL;
uint32_t count = 0;
int num_token_sids = 0;
- struct nt_user_token *tmp_token = NULL;
+ struct security_token *tmp_token = NULL;
- tmp_token = TALLOC_ZERO_P(mem_ctx, struct nt_user_token);
+ tmp_token = TALLOC_ZERO_P(mem_ctx, struct security_token);
W_ERROR_HAVE_NO_MEMORY(tmp_token);
path = gp_reg_groupmembership_path(mem_ctx, object_sid, flags);
WERROR gp_reg_state_store(TALLOC_CTX *mem_ctx,
uint32_t flags,
const char *dn,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct GROUP_POLICY_OBJECT *gpo_list)
{
struct gp_registry_context *reg_ctx = NULL;
struct registry_key *root_key,
struct gp_registry_context *reg_ctx,
struct gp_registry_entry *entry,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32_t flags)
{
WERROR werr;
static WERROR regkey_open_onelevel(TALLOC_CTX *mem_ctx,
struct registry_key *parent,
const char *name,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32 access_desired,
struct registry_key **pregkey)
{
WERROR reg_openhive(TALLOC_CTX *mem_ctx, const char *hive,
uint32 desired_access,
- const struct nt_user_token *token,
+ const struct security_token *token,
struct registry_key **pkey)
{
SMB_ASSERT(hive != NULL);
*/
WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
- uint32 desired_access, const struct nt_user_token *token,
+ uint32 desired_access, const struct security_token *token,
struct registry_key **pkey)
{
struct registry_key *hive, *key;
WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
uint32 desired_access,
- const struct nt_user_token *token,
+ const struct security_token *token,
enum winreg_CreateAction *paction,
struct registry_key **pkey)
{
* before. Will not delete a hive.
*/
-WERROR reg_delete_path(const struct nt_user_token *token,
+WERROR reg_delete_path(const struct security_token *token,
const char *orig_path)
{
struct registry_key *hive;
static bool smbconf_reg_access_check(const char *keyname, uint32 requested,
uint32 *granted,
- const struct nt_user_token *token)
+ const struct security_token *token)
{
if (!(user_has_privileges(token, &se_disk_operators))) {
return False;
bool regkey_access_check(struct registry_key_handle *key, uint32 requested,
uint32 *granted,
- const struct nt_user_token *token )
+ const struct security_token *token )
{
struct security_descriptor *sec_desc;
NTSTATUS status;
int fetch_reg_values(struct registry_key_handle *key, struct regval_ctr *val);
bool regkey_access_check(struct registry_key_handle *key, uint32 requested,
uint32 *granted,
- const struct nt_user_token *token);
+ const struct security_token *token);
WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, struct registry_key_handle *key,
struct security_descriptor **psecdesc);
WERROR regkey_set_secdesc(struct registry_key_handle *key,
WERROR regkey_open_internal(TALLOC_CTX *ctx,
struct registry_key_handle **regkey,
const char *path,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32 access_desired )
{
struct registry_key *key;
WERROR regkey_open_internal(TALLOC_CTX *ctx,
struct registry_key_handle **regkey,
const char *path,
- const struct nt_user_token *token,
+ const struct security_token *token,
uint32 access_desired );
#endif /* _REG_UTIL_LEGACY_H */
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- struct nt_user_token *token = p->server_info->ptok;
+ struct security_token *token = p->server_info->ptok;
if (!r->in.domain_name) {
return WERR_INVALID_PARAM;
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- struct nt_user_token *token = p->server_info->ptok;
+ struct security_token *token = p->server_info->ptok;
if (!r->in.account || !r->in.encrypted_password) {
return WERR_INVALID_PARAM;
const char *username,
const char *domain,
const char *sharename,
- const struct nt_user_token *token,
+ const struct security_token *token,
const char *name)
{
const char *prefix;
bool token_contains_name_in_list(const char *username,
const char *domain,
const char *sharename,
- const struct nt_user_token *token,
+ const struct security_token *token,
const char **list)
{
TALLOC_CTX *mem_ctx;
*/
bool user_ok_token(const char *username, const char *domain,
- const struct nt_user_token *token, int snum)
+ const struct security_token *token, int snum)
{
if (lp_invalid_users(snum) != NULL) {
if (token_contains_name_in_list(username, domain,
bool is_share_read_only_for_token(const char *username,
const char *domain,
- const struct nt_user_token *token,
+ const struct security_token *token,
connection_struct *conn)
{
int snum = SNUM(conn);
uint32 flags = 0;
struct GROUP_POLICY_OBJECT *gpo;
NTSTATUS result;
- struct nt_user_token *token = NULL;
+ struct security_token *token = NULL;
if (argc < 1 || c->display_usage) {
d_printf("%s\n%s\n%s",
uint32 uac = 0;
uint32 flags = 0;
struct GROUP_POLICY_OBJECT *gpo_list;
- struct nt_user_token *token = NULL;
+ struct security_token *token = NULL;
if (argc < 1 || c->display_usage) {
d_printf("%s\n%s\n%s",
struct GROUP_POLICY_OBJECT *gpo_list;
uint32 uac = 0;
uint32 flags = 0;
- struct nt_user_token *token = NULL;
+ struct security_token *token = NULL;
const char *filter = NULL;
if (argc < 1 || c->display_usage) {
bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid );
NT_USER_TOKEN *get_root_nt_token( void );
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
- struct nt_user_token *token);
-struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
+ struct security_token *token);
+struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
const struct dom_sid *user_sid,
bool is_guest,
int num_groupsids,
const char *p;
struct dom_sid sid;
size_t i;
- struct nt_user_token *token;
+ struct security_token *token;
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS status;
return NT_STATUS_OK;
}
- token = talloc_zero(talloc_tos(), struct nt_user_token);
+ token = talloc_zero(talloc_tos(), struct security_token);
if (token == NULL) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(frame);
bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid );
NT_USER_TOKEN *get_root_nt_token( void );
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
- struct nt_user_token *token);
-struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
+ struct security_token *token);
+struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
const struct dom_sid *user_sid,
bool is_guest,
int num_groupsids,