r4805: Last planned change to the privileges infrastructure:

[samba.git] / source3 / auth / auth_util.c

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index d985c0a54fcadb4af27427a49d28a8fa4f97c280..4a23ec8adc5a1e595215d1aef6faf2eb5716d1a6 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -493,6 +493,8 @@ void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
        for (i = 0; i < token->num_sids; i++)
                DEBUGADDC(dbg_class, dbg_lev, ("SID[%3lu]: %s\n", (unsigned long)i, 
                                               sid_to_string(sid_str, &token->user_sids[i])));
+
+       dump_se_priv( dbg_class, dbg_lev, &token->privileges );
 }
 
 /****************************************************************************
@@ -583,6 +585,10 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro
                        ptoken->num_sids--;
                }
        }
+
+       /* add privileges assigned to this user */
+
+       get_privileges_for_sids( &ptoken->privileges, ptoken->user_sids, ptoken->num_sids );
        
        debug_nt_user_token(DBGC_AUTH, 10, ptoken);
        
@@ -1324,11 +1330,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
                (*server_info)->user_session_key = data_blob(info3->user_sess_key, sizeof(info3->user_sess_key));
        }
 
-       if (memcmp(info3->padding, zeros, sizeof(zeros)) == 0) {
+       if (memcmp(info3->lm_sess_key, zeros, 8) == 0) {
                (*server_info)->lm_session_key = data_blob(NULL, 0);
        } else {
-               (*server_info)->lm_session_key = data_blob(info3->padding, 16);
-       }
+               (*server_info)->lm_session_key = data_blob(info3->lm_sess_key, sizeof(info3->lm_sess_key));
+       } 
+
        return NT_STATUS_OK;
 }
 
@@ -1409,12 +1416,13 @@ BOOL make_auth_methods(struct auth_context *auth_context, auth_methods **auth_me
 
 void delete_nt_token(NT_USER_TOKEN **pptoken)
 {
-    if (*pptoken) {
-           NT_USER_TOKEN *ptoken = *pptoken;
-           SAFE_FREE( ptoken->user_sids );
-           ZERO_STRUCTP(ptoken);
-    }
-    SAFE_FREE(*pptoken);
+       if (*pptoken) {
+               NT_USER_TOKEN *ptoken = *pptoken;
+
+               SAFE_FREE( ptoken->user_sids );
+               ZERO_STRUCTP(ptoken);
+       }
+       SAFE_FREE(*pptoken);
 }
 
 /****************************************************************************
@@ -1428,21 +1436,58 @@ NT_USER_TOKEN *dup_nt_token(NT_USER_TOKEN *ptoken)
        if (!ptoken)
                return NULL;
 
-    if ((token = SMB_MALLOC_P(NT_USER_TOKEN)) == NULL)
-        return NULL;
-
-    ZERO_STRUCTP(token);
+       if ((token = SMB_MALLOC_P(NT_USER_TOKEN)) == NULL)
+               return NULL;
 
-    if ((token->user_sids = (DOM_SID *)memdup( ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids )) == NULL) {
-        SAFE_FREE(token);
-        return NULL;
-    }
+       ZERO_STRUCTP(token);
+       
+       token->user_sids = (DOM_SID *)memdup( ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids );
+       
+       if ( !token ) {
+               SAFE_FREE(token);
+               return NULL;
+       }
 
-    token->num_sids = ptoken->num_sids;
+       token->num_sids = ptoken->num_sids;
+       
+       /* copy the privileges; don't consider failure to be critical here */
+       
+       if ( !se_priv_copy( &token->privileges, &ptoken->privileges ) ) {
+               DEBUG(0,("dup_nt_token: Failure to copy SE_PRIV!.  Continuing with 0 privileges assigned.\n"));
+       }
 
        return token;
 }
 
+/****************************************************************************
+ Check for a SID in an NT_USER_TOKEN
+****************************************************************************/
+
+BOOL nt_token_check_sid ( DOM_SID *sid, NT_USER_TOKEN *token )
+{
+       int i;
+       
+       if ( !sid || !token )
+               return False;
+       
+       for ( i=0; i<token->num_sids; i++ ) {
+               if ( sid_equal( sid, &token->user_sids[i] ) )
+                       return True;
+       }
+
+       return False;
+}
+
+BOOL nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) 
+{
+       DOM_SID domain_sid;
+
+       sid_copy( &domain_sid, get_global_sam_sid() );
+       sid_append_rid( &domain_sid, rid );
+       
+       return nt_token_check_sid( &domain_sid, token );\
+}
+
 /**
  * Verify whether or not given domain is trusted.
  *