diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-05-27 13:21:35 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:56:20 -0500 |
commit | 56e74a7c3f30b8dcc84f5246b44fc7393fd7ccf3 (patch) | |
tree | 19acfa2e5ed37da332cc91fc941c2d2e70304dfa | |
parent | 2b63af824846d3de9bc0d93b4c28f0fa8c786e34 (diff) | |
download | samba-56e74a7c3f30b8dcc84f5246b44fc7393fd7ccf3.tar.gz samba-56e74a7c3f30b8dcc84f5246b44fc7393fd7ccf3.tar.bz2 samba-56e74a7c3f30b8dcc84f5246b44fc7393fd7ccf3.zip |
r924: got rid of the global well-known SIDs, instead using const defines in misc.idl
(This used to be commit ce7920a5fac0dbccb01402129c341b410a032e60)
-rw-r--r-- | source4/auth/auth_util.c | 24 | ||||
-rw-r--r-- | source4/lib/util_sid.c | 85 | ||||
-rw-r--r-- | source4/librpc/idl/misc.idl | 30 | ||||
-rw-r--r-- | source4/smbd/process.c | 2 |
4 files changed, 40 insertions, 101 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index d5d75e6aa5..8a10a33b0c 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -26,16 +26,9 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -extern struct dom_sid *global_sid_World; -extern struct dom_sid *global_sid_Anonymous; -extern struct dom_sid *global_sid_Network; -extern struct dom_sid *global_sid_Builtin_Guests; -extern struct dom_sid *global_sid_Authenticated_Users; - /**************************************************************************** Create an auth_usersupplied_data structure ****************************************************************************/ - static NTSTATUS make_user_info(auth_usersupplied_info **user_info, const char *smb_name, const char *internal_username, @@ -459,15 +452,14 @@ NTSTATUS create_nt_user_token(TALLOC_CTX *mem_ctx, * The only difference between guest and "anonymous" (which we * don't really support) is the addition of Authenticated_Users. */ - - ptoken->user_sids[2] = global_sid_World; - ptoken->user_sids[3] = global_sid_Network; + ptoken->user_sids[2] = dom_sid_parse_talloc(mem_ctx, SID_WORLD); + ptoken->user_sids[3] = dom_sid_parse_talloc(mem_ctx, SID_NETWORK); if (is_guest) { - ptoken->user_sids[4] = global_sid_Builtin_Guests; + ptoken->user_sids[4] = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN_GUESTS); ptoken->num_sids++; } else { - ptoken->user_sids[4] = global_sid_Authenticated_Users; + ptoken->user_sids[4] = dom_sid_parse_talloc(mem_ctx, SID_AUTHENTICATED_USERS); ptoken->num_sids++; } @@ -516,11 +508,12 @@ NTSTATUS make_server_info(auth_serversupplied_info **server_info, const char *us /*************************************************************************** Make (and fill) a user_info struct for a guest login. ***************************************************************************/ - NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info) { NTSTATUS nt_status; static const char zeros[16]; + struct dom_sid *sid_Anonymous; + struct dom_sid *sid_Builtin_Guests; nt_status = make_server_info(server_info, ""); @@ -529,9 +522,12 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info) } (*server_info)->guest = True; + + sid_Anonymous = dom_sid_parse_talloc((*server_info)->mem_ctx, SID_ANONYMOUS); + sid_Builtin_Guests = dom_sid_parse_talloc((*server_info)->mem_ctx, SID_BUILTIN_GUESTS); if (!NT_STATUS_IS_OK(nt_status = create_nt_user_token((*server_info)->mem_ctx, - global_sid_Anonymous, global_sid_Builtin_Guests, + sid_Anonymous, sid_Builtin_Guests, 0, NULL, True, &(*server_info)->ptok))) { DEBUG(1,("check_sam_security: create_nt_user_token failed with '%s'\n", nt_errstr(nt_status))); diff --git a/source4/lib/util_sid.c b/source4/lib/util_sid.c index c370beed5f..6eb19b59e6 100644 --- a/source4/lib/util_sid.c +++ b/source4/lib/util_sid.c @@ -24,40 +24,6 @@ #include "includes.h" -/* - * Some useful sids - */ - -struct dom_sid *global_sid_World_Domain; /* Everyone domain */ -struct dom_sid *global_sid_World; /* Everyone */ -struct dom_sid *global_sid_Creator_Owner_Domain; /* Creator Owner domain */ -struct dom_sid *global_sid_NT_Authority; /* NT Authority */ -struct dom_sid *global_sid_System; /* System */ -struct dom_sid *global_sid_NULL; /* NULL sid */ -struct dom_sid *global_sid_Authenticated_Users; /* All authenticated rids */ -struct dom_sid *global_sid_Network; /* Network rids */ - -struct dom_sid *global_sid_Creator_Owner; /* Creator Owner */ -struct dom_sid *global_sid_Creator_Group; /* Creator Group */ -struct dom_sid *global_sid_Anonymous; /* Anonymous login */ - -struct dom_sid *global_sid_Builtin; /* Local well-known domain */ -struct dom_sid *global_sid_Builtin_Administrators; /* Builtin administrators */ -struct dom_sid *global_sid_Builtin_Users; /* Builtin users */ -struct dom_sid *global_sid_Builtin_Guests; /* Builtin guest users */ -struct dom_sid *global_sid_Builtin_Power_Users; /* Builtin power users */ -struct dom_sid *global_sid_Builtin_Account_Operators; /* Builtin account operators */ -struct dom_sid *global_sid_Builtin_Server_Operators; /* Builtin server operators */ -struct dom_sid *global_sid_Builtin_Print_Operators; /* Builtin print operators */ -struct dom_sid *global_sid_Builtin_Backup_Operators; /* Builtin backup operators */ -struct dom_sid *global_sid_Builtin_Replicator; /* Builtin replicator */ - -#define SECURITY_NULL_SID_AUTHORITY 0 -#define SECURITY_WORLD_SID_AUTHORITY 1 -#define SECURITY_LOCAL_SID_AUTHORITY 2 -#define SECURITY_CREATOR_SID_AUTHORITY 3 -#define SECURITY_NT_AUTHORITY 5 - /**************************************************************************** Lookup string names for SID types. ****************************************************************************/ @@ -93,60 +59,9 @@ const char *sid_type_lookup(uint32_t sid_type) return "SID *TYPE* is INVALID"; } -/**************************************************************************** - Creates some useful well known sids -****************************************************************************/ - -void generate_wellknown_sids(void) -{ - static BOOL initialised = False; - static TALLOC_CTX *mem_ctx; - - if (initialised) - return; - - mem_ctx = talloc_init("Well known groups, global static context"); - if (!mem_ctx) - return; - - /* SECURITY_NULL_SID_AUTHORITY */ - global_sid_NULL = dom_sid_parse_talloc(mem_ctx, "S-1-0-0"); - - /* SECURITY_WORLD_SID_AUTHORITY */ - global_sid_World_Domain = dom_sid_parse_talloc(mem_ctx, "S-1-1"); - global_sid_World = dom_sid_parse_talloc(mem_ctx, "S-1-1-0"); - - /* SECURITY_CREATOR_SID_AUTHORITY */ - global_sid_Creator_Owner_Domain = dom_sid_parse_talloc(mem_ctx, "S-1-3"); - global_sid_Creator_Owner = dom_sid_parse_talloc(mem_ctx, "S-1-3-0"); - global_sid_Creator_Group = dom_sid_parse_talloc(mem_ctx, "S-1-3-1"); - - /* SECURITY_NT_AUTHORITY */ - global_sid_NT_Authority = dom_sid_parse_talloc(mem_ctx, "S-1-5"); - global_sid_Network = dom_sid_parse_talloc(mem_ctx, "S-1-5-2"); - global_sid_Anonymous = dom_sid_parse_talloc(mem_ctx, "S-1-5-7"); - global_sid_Authenticated_Users = dom_sid_parse_talloc(mem_ctx, "S-1-5-11"); - global_sid_System = dom_sid_parse_talloc(mem_ctx, "S-1-5-18"); - - /* SECURITY_BUILTIN_DOMAIN_RID */ - global_sid_Builtin = dom_sid_parse_talloc(mem_ctx, "S-1-5-32"); - global_sid_Builtin_Administrators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-544"); - global_sid_Builtin_Users = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-545"); - global_sid_Builtin_Guests = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-546"); - global_sid_Builtin_Power_Users = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-547"); - global_sid_Builtin_Account_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-548"); - global_sid_Builtin_Server_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-549"); - global_sid_Builtin_Print_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-550"); - global_sid_Builtin_Backup_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-551"); - global_sid_Builtin_Replicator = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-552"); - - initialised = True; -} - /***************************************************************** Return the last rid from the end of a sid *****************************************************************/ - BOOL sid_peek_rid(const struct dom_sid *sid, uint32_t *rid) { if (!sid || !rid) diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl index 551803fa8e..c5e0b06a23 100644 --- a/source4/librpc/idl/misc.idl +++ b/source4/librpc/idl/misc.idl @@ -7,6 +7,36 @@ [] interface misc { + /* a NULL sid */ + const string SID_NULL = "S-1-0-0"; + + /* the world domain */ + const string SID_WORLD_DOMAIN = "S-1-1"; + const string SID_WORLD = "S-1-1-0"; + + /* SECURITY_CREATOR_SID_AUTHORITY */ + const string SID_CREATOR_OWNER_DOMAIN = "S-1-3"; + const string SID_CREATOR_OWNER = "S-1-3-0"; + const string SID_CREATOR_GROUP = "S-1-3-1"; + + /* SECURITY_NT_AUTHORITY */ + const string SID_NT_AUTHORITY = "S-1-5"; + const string SID_NETWORK = "S-1-5-2"; + const string SID_ANONYMOUS = "S-1-5-7"; + const string SID_AUTHENTICATED_USERS = "S-1-5-11"; + const string SID_SYSTEM = "S-1-5-18"; + + /* SECURITY_BUILTIN_DOMAIN_RID */ + const string SID_BUILTIN = "S-1-5-32"; + const string SID_BUILTIN_ADMINISTRATORS = "S-1-5-32-544"; + const string SID_BUILTIN_USERS = "S-1-5-32-545"; + const string SID_BUILTIN_GUESTS = "S-1-5-32-546"; + const string SID_BUILTIN_POWER_USERS = "S-1-5-32-547"; + const string SID_BUILTIN_ACCOUNT_OPERATORS = "S-1-5-32-548"; + const string SID_BUILTIN_SERVER_OPERATORS = "S-1-5-32-549"; + const string SID_BUILTIN_PRINT_OPERATORS = "S-1-5-32-550"; + const string SID_BUILTIN_BACKUP_OPERATORS = "S-1-5-32-551"; + const string SID_BUILTIN_REPLICATOR = "S-1-5-32-552"; typedef [public,noprint] struct { uint32 time_low; diff --git a/source4/smbd/process.c b/source4/smbd/process.c index 8a79daeaf8..232c7c2e88 100644 --- a/source4/smbd/process.c +++ b/source4/smbd/process.c @@ -28,8 +28,6 @@ void smbd_process_init(void) { TALLOC_CTX *mem_ctx; - generate_wellknown_sids(); - mem_ctx = talloc_init("smbd_process_init talloc"); if (!mem_ctx) { DEBUG(0,("smbd_process_init: ERROR: No memory\n")); |