summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-11-23 23:48:17 +0100
committerVolker Lendecke <vl@samba.org>2008-11-24 11:39:03 +0100
commit907f126d3e84b7acddf70f8da12010d6b22d8e99 (patch)
tree62c046002cca3f8f99a3ff72d1f428db3a05487f
parent6f840dd678f8f19b84c042816e75e85d1077904e (diff)
downloadsamba-907f126d3e84b7acddf70f8da12010d6b22d8e99.tar.gz
samba-907f126d3e84b7acddf70f8da12010d6b22d8e99.tar.bz2
samba-907f126d3e84b7acddf70f8da12010d6b22d8e99.zip
Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS!
-rw-r--r--source3/include/ntdomain.h6
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/rpc_server/srv_dfs_nt.c4
-rw-r--r--source3/rpc_server/srv_eventlog_nt.c4
-rw-r--r--source3/rpc_server/srv_lsa_nt.c42
-rw-r--r--source3/rpc_server/srv_ntsvcs_nt.c3
-rw-r--r--source3/rpc_server/srv_pipe.c50
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c10
-rw-r--r--source3/rpc_server/srv_samr_nt.c74
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c41
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c48
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c20
-rw-r--r--source3/rpc_server/srv_winreg_nt.c10
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c4
-rw-r--r--source3/smbd/uid.c6
15 files changed, 132 insertions, 191 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index e6c97c69dc..1684e2d432 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -231,12 +231,6 @@ typedef struct pipes_struct {
struct dcinfo *dc; /* Keeps the creds data from netlogon. */
/*
- * Unix user name and credentials used when a pipe is authenticated.
- */
-
- struct current_user pipe_user;
-
- /*
* Set to true when an RPC bind has been done on this pipe.
*/
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 605066f763..a02672351c 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6966,7 +6966,6 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p);
bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
uint32 *p_ss_padding_len, NTSTATUS *pstatus);
bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len);
-struct current_user *get_current_user(struct current_user *user, pipes_struct *p);
void free_pipe_rpc_context( PIPE_RPC_FNS *list );
bool api_pipe_request(pipes_struct *p);
diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c
index 661d262dc4..bef8d83103 100644
--- a/source3/rpc_server/srv_dfs_nt.c
+++ b/source3/rpc_server/srv_dfs_nt.c
@@ -48,7 +48,7 @@ WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r)
NTSTATUS status;
TALLOC_CTX *ctx = talloc_tos();
- if (p->pipe_user.ut.uid != sec_initial_uid()) {
+ if (p->server_info->utok.uid != sec_initial_uid()) {
DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
return WERR_ACCESS_DENIED;
}
@@ -113,7 +113,7 @@ WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r)
TALLOC_CTX *ctx = talloc_tos();
char *altpath = NULL;
- if (p->pipe_user.ut.uid != sec_initial_uid()) {
+ if (p->server_info->utok.uid != sec_initial_uid()) {
DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n"));
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index 4ff10390f7..d12b490d21 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -209,7 +209,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn
elog->logname = talloc_strdup( elog, ELOG_APPL );
/* do the access check */
- if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
+ if ( !elog_check_access( elog, p->server_info->ptok ) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
@@ -227,7 +227,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn
/* now do the access check. Close the tdb if we fail here */
- if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) {
+ if ( !elog_check_access( elog, p->server_info->ptok ) ) {
elog_close_tdb( elog->etdb, False );
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index f4e891ca8c..05452112ca 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -381,9 +381,10 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p,
/* get the generic lsa policy SD until we store it */
lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
- status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted);
+ status = se_access_check(psd, p->server_info->ptok, des_access,
+ &acc_granted);
if (!NT_STATUS_IS_OK(status)) {
- if (p->pipe_user.ut.uid != sec_initial_uid()) {
+ if (p->server_info->utok.uid != sec_initial_uid()) {
return status;
}
DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n",
@@ -393,7 +394,7 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p,
/* This is needed for lsa_open_account and rpcclient .... :-) */
- if (p->pipe_user.ut.uid == sec_initial_uid())
+ if (p->server_info->utok.uid == sec_initial_uid())
acc_granted = LSA_POLICY_ALL_ACCESS;
/* associate the domain SID with the (unique) handle. */
@@ -432,9 +433,10 @@ NTSTATUS _lsa_OpenPolicy(pipes_struct *p,
/* get the generic lsa policy SD until we store it */
lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
- status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted);
+ status = se_access_check(psd, p->server_info->ptok, des_access,
+ &acc_granted);
if (!NT_STATUS_IS_OK(status)) {
- if (p->pipe_user.ut.uid != sec_initial_uid()) {
+ if (p->server_info->utok.uid != sec_initial_uid()) {
return status;
}
DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n",
@@ -1539,8 +1541,9 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p,
/* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
- if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ if ( p->server_info->utok.uid != sec_initial_uid()
+ && !nt_token_check_domain_rid( p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS ) )
return NT_STATUS_ACCESS_DENIED;
if ( is_privileged_sid( r->in.sid ) )
@@ -1726,8 +1729,9 @@ NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p,
/* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
- if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ if ( p->server_info->utok.uid != sec_initial_uid()
+ && !nt_token_check_domain_rid( p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS ) )
return NT_STATUS_ACCESS_DENIED;
if (!pdb_getgrsid(&map, info->sid))
@@ -1755,8 +1759,9 @@ NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p,
/* check to see if the pipe_user is root or a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
- if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ if ( p->server_info->utok.uid != sec_initial_uid()
+ && !nt_token_check_domain_rid( p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
@@ -1795,8 +1800,9 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p,
/* check to see if the pipe_user is root or a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
- if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ if ( p->server_info->utok.uid != sec_initial_uid()
+ && !nt_token_check_domain_rid( p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
@@ -1952,8 +1958,9 @@ NTSTATUS _lsa_AddAccountRights(pipes_struct *p,
/* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
- if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ if ( p->server_info->utok.uid != sec_initial_uid()
+ && !nt_token_check_domain_rid( p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
@@ -2001,8 +2008,9 @@ NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p,
/* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
- if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ if ( p->server_info->utok.uid != sec_initial_uid()
+ && !nt_token_check_domain_rid( p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_ntsvcs_nt.c b/source3/rpc_server/srv_ntsvcs_nt.c
index abeb2ca856..f2c85bbd3e 100644
--- a/source3/rpc_server/srv_ntsvcs_nt.c
+++ b/source3/rpc_server/srv_ntsvcs_nt.c
@@ -116,7 +116,8 @@ WERROR _PNP_GetDeviceRegProp(pipes_struct *p,
return WERR_GENERAL_FAILURE;
ptr++;
- if ( !(values = svcctl_fetch_regvalues( ptr, p->pipe_user.nt_user_token )) )
+ if ( !(values = svcctl_fetch_regvalues(
+ ptr, p->server_info->ptok)))
return WERR_GENERAL_FAILURE;
if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) ) {
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 2c31d7b3f1..5610e0bf71 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -614,11 +614,6 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
ZERO_STRUCT(reply);
- /* Set up for non-authenticated user. */
- TALLOC_FREE(p->pipe_user.nt_user_token);
- p->pipe_user.ut.ngroups = 0;
- SAFE_FREE( p->pipe_user.ut.groups);
-
/* this has to be done as root in order to verify the password */
become_root();
status = auth_ntlmssp_update(a, *p_resp_blob, &reply);
@@ -656,29 +651,8 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
"workstation: %s\n", a->ntlmssp_state->user,
a->ntlmssp_state->domain, a->ntlmssp_state->workstation));
- /*
- * Store the UNIX credential data (uid/gid pair) in the pipe structure.
- */
-
- p->pipe_user.ut.uid = a->server_info->utok.uid;
- p->pipe_user.ut.gid = a->server_info->utok.gid;
-
- p->pipe_user.ut.ngroups = a->server_info->utok.ngroups;
- if (p->pipe_user.ut.ngroups) {
- if (!(p->pipe_user.ut.groups = (gid_t *)memdup(
- a->server_info->utok.groups,
- sizeof(gid_t) * p->pipe_user.ut.ngroups))) {
- DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
- return False;
- }
- }
-
- if (a->server_info->ptok) {
- p->pipe_user.nt_user_token =
- dup_nt_token(NULL, a->server_info->ptok);
- } else {
+ if (a->server_info->ptok == NULL) {
DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
- p->pipe_user.nt_user_token = NULL;
return False;
}
@@ -1711,11 +1685,6 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
case RPC_ANONYMOUS_AUTH_TYPE:
/* Unauthenticated bind request. */
- /* Get the authenticated pipe user from current_user */
- if (!copy_current_user(&p->pipe_user, &current_user)) {
- DEBUG(10, ("Could not copy current user\n"));
- goto err_exit;
- }
/* We're finished - no more packets. */
p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
/* We must set the pipe auth_level here also. */
@@ -2226,23 +2195,6 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
}
/****************************************************************************
- Return a user struct for a pipe user.
-****************************************************************************/
-
-struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
-{
- if (p->pipe_bound &&
- (p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP ||
- (p->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
- memcpy(user, &p->pipe_user, sizeof(struct current_user));
- } else {
- memcpy(user, &current_user, sizeof(struct current_user));
- }
-
- return user;
-}
-
-/****************************************************************************
Find the set of RPC functions associated with this context_id
****************************************************************************/
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index d359b9b339..03a0f72b33 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -162,13 +162,6 @@ static struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
p->endian = RPC_LITTLE_ENDIAN;
- ZERO_STRUCT(p->pipe_user);
-
- p->pipe_user.vuid = vuid;
- p->pipe_user.ut.uid = (uid_t)-1;
- p->pipe_user.ut.gid = (gid_t)-1;
- p->pipe_user.nt_user_token = dup_nt_token(NULL, server_info->ptok);
-
/*
* Initialize the outgoing RPC data buffer with no memory.
*/
@@ -900,9 +893,6 @@ static int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
/* Free the handles database. */
close_policy_by_pipe(p);
- TALLOC_FREE(p->pipe_user.nt_user_token);
- SAFE_FREE(p->pipe_user.ut.groups);
-
DLIST_REMOVE(InternalPipes, p);
ZERO_STRUCTP(p);
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 62ac1cb5c3..3cc86edd62 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -632,7 +632,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
return status;
/*check if access can be granted as requested by client. */
- map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+ map_max_allowed_access(p->server_info->ptok, &des_access);
make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 );
se_map_generic( &des_access, &dom_generic_mapping );
@@ -640,7 +640,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
se_priv_copy( &se_rights, &se_machine_account );
se_priv_add( &se_rights, &se_add_users );
- status = access_check_samr_object( psd, p->pipe_user.nt_user_token,
+ status = access_check_samr_object( psd, p->server_info->ptok,
&se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access,
&acc_granted, "_samr_OpenDomain" );
@@ -2166,7 +2166,7 @@ NTSTATUS _samr_OpenUser(pipes_struct *p,
/* check if access can be granted as requested by client. */
- map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+ map_max_allowed_access(p->server_info->ptok, &des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW);
se_map_generic(&des_access, &usr_generic_mapping);
@@ -2174,7 +2174,7 @@ NTSTATUS _samr_OpenUser(pipes_struct *p,
se_priv_copy( &se_rights, &se_machine_account );
se_priv_add( &se_rights, &se_add_users );
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ nt_status = access_check_samr_object(psd, p->server_info->ptok,
&se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
&acc_granted, "_samr_OpenUser");
@@ -3179,7 +3179,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
{
se_priv_copy( &se_rights, &se_machine_account );
can_add_account = user_has_privileges(
- p->pipe_user.nt_user_token, &se_rights );
+ p->server_info->ptok, &se_rights );
}
/* usrmgr.exe (and net rpc trustdom grant) creates a normal user
account for domain trusts and changes the ACB flags later */
@@ -3188,7 +3188,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
{
se_priv_copy( &se_rights, &se_add_users );
can_add_account = user_has_privileges(
- p->pipe_user.nt_user_token, &se_rights );
+ p->server_info->ptok, &se_rights );
}
else /* implicit assumption of a BDC or domain trust account here
* (we already check the flags earlier) */
@@ -3197,13 +3197,13 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
/* only Domain Admins can add a BDC or domain trust */
se_priv_copy( &se_rights, &se_priv_none );
can_add_account = nt_token_check_domain_rid(
- p->pipe_user.nt_user_token,
+ p->server_info->ptok,
DOMAIN_GROUP_RID_ADMINS );
}
}
DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n",
- uidtoname(p->pipe_user.ut.uid),
+ uidtoname(p->server_info->utok.uid),
can_add_account ? "True":"False" ));
/********** BEGIN Admin BLOCK **********/
@@ -3228,13 +3228,13 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p,
sid_compose(&sid, get_global_sam_sid(), *r->out.rid);
- map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+ map_max_allowed_access(p->server_info->ptok, &des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
&sid, SAMR_USR_RIGHTS_WRITE_PW);
se_map_generic(&des_access, &usr_generic_mapping);
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ nt_status = access_check_samr_object(psd, p->server_info->ptok,
&se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
&acc_granted, "_samr_CreateUser2");
@@ -3291,7 +3291,7 @@ NTSTATUS _samr_Connect(pipes_struct *p,
was observed from a win98 client trying to enumerate users (when configured
user level access control on shares) --jerry */
- map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+ map_max_allowed_access(p->server_info->ptok, &des_access);
se_map_generic( &des_access, &sam_generic_mapping );
info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN);
@@ -3327,12 +3327,12 @@ NTSTATUS _samr_Connect2(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+ map_max_allowed_access(p->server_info->ptok, &des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
se_map_generic(&des_access, &sam_generic_mapping);
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ nt_status = access_check_samr_object(psd, p->server_info->ptok,
NULL, 0, des_access, &acc_granted, "_samr_Connect2");
if ( !NT_STATUS_IS_OK(nt_status) )
@@ -3378,12 +3378,12 @@ NTSTATUS _samr_Connect4(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+ map_max_allowed_access(p->server_info->ptok, &des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
se_map_generic(&des_access, &sam_generic_mapping);
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ nt_status = access_check_samr_object(psd, p->server_info->ptok,
NULL, 0, des_access, &acc_granted, "_samr_Connect4");
if ( !NT_STATUS_IS_OK(nt_status) )
@@ -3429,12 +3429,12 @@ NTSTATUS _samr_Connect5(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+ map_max_allowed_access(p->server_info->ptok, &des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
se_map_generic(&des_access, &sam_generic_mapping);
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ nt_status = access_check_samr_object(psd, p->server_info->ptok,
NULL, 0, des_access, &acc_granted, "_samr_Connect5");
if ( !NT_STATUS_IS_OK(nt_status) )
@@ -3598,7 +3598,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p,
/*check if access can be granted as requested by client. */
- map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+ map_max_allowed_access(p->server_info->ptok, &des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0);
se_map_generic(&des_access,&ali_generic_mapping);
@@ -3606,7 +3606,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p,
se_priv_copy( &se_rights, &se_add_users );
- status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ status = access_check_samr_object(psd, p->server_info->ptok,
&se_rights, GENERIC_RIGHTS_ALIAS_WRITE, des_access,
&acc_granted, "_samr_OpenAlias");
@@ -4165,20 +4165,20 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p,
acb_info = pdb_get_acct_ctrl(pwd);
if (acb_info & ACB_WSTRUST)
- has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token,
+ has_enough_rights = user_has_privileges(p->server_info->ptok,
&se_machine_account);
else if (acb_info & ACB_NORMAL)
- has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token,
+ has_enough_rights = user_has_privileges(p->server_info->ptok,
&se_add_users);
else if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
if (lp_enable_privileges()) {
- has_enough_rights = nt_token_check_domain_rid(p->pipe_user.nt_user_token,
+ has_enough_rights = nt_token_check_domain_rid(p->server_info->ptok,
DOMAIN_GROUP_RID_ADMINS);
}
}
DEBUG(5, ("_samr_SetUserInfo: %s does%s possess sufficient rights\n",
- uidtoname(p->pipe_user.ut.uid),
+ uidtoname(p->server_info->utok.uid),
has_enough_rights ? "" : " not"));
/* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */
@@ -4556,7 +4556,7 @@ NTSTATUS _samr_AddAliasMember(pipes_struct *p,
DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
se_priv_copy( &se_rights, &se_add_users );
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
@@ -4606,7 +4606,7 @@ NTSTATUS _samr_DeleteAliasMember(pipes_struct *p,
sid_string_dbg(&alias_sid)));
se_priv_copy( &se_rights, &se_add_users );
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
@@ -4661,7 +4661,7 @@ NTSTATUS _samr_AddGroupMember(pipes_struct *p,
}
se_priv_copy( &se_rights, &se_add_users );
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
@@ -4719,7 +4719,7 @@ NTSTATUS _samr_DeleteGroupMember(pipes_struct *p,
}
se_priv_copy( &se_rights, &se_add_users );
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
@@ -4790,9 +4790,9 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
/* For machine accounts it's the SeMachineAccountPrivilege that counts. */
if ( acb_info & ACB_WSTRUST ) {
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_machine_account );
} else {
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_add_users );
}
/******** BEGIN SeAddUsers BLOCK *********/
@@ -4864,7 +4864,7 @@ NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p,
}
se_priv_copy( &se_rights, &se_add_users );
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
@@ -4939,7 +4939,7 @@ NTSTATUS _samr_DeleteDomAlias(pipes_struct *p,
DEBUG(10, ("lookup on Local SID\n"));
se_priv_copy( &se_rights, &se_add_users );
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
@@ -5008,7 +5008,7 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p,
}
se_priv_copy( &se_rights, &se_add_users );
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
@@ -5082,7 +5082,7 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
name = r->in.alias_name->string;
se_priv_copy( &se_rights, &se_add_users );
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
+ can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights );
result = can_create(p->mem_ctx, name);
if (!NT_STATUS_IS_OK(result)) {
@@ -5294,7 +5294,7 @@ NTSTATUS _samr_SetGroupInfo(pipes_struct *p,
return NT_STATUS_INVALID_INFO_CLASS;
}
- can_mod_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
+ can_mod_accounts = user_has_privileges( p->server_info->ptok, &se_add_users );
/******** BEGIN SeAddUsers BLOCK *********/
@@ -5396,7 +5396,7 @@ NTSTATUS _samr_SetAliasInfo(pipes_struct *p,
return NT_STATUS_INVALID_INFO_CLASS;
}
- can_mod_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
+ can_mod_accounts = user_has_privileges( p->server_info->ptok, &se_add_users );
/******** BEGIN SeAddUsers BLOCK *********/
@@ -5484,14 +5484,14 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
return status;
/*check if access can be granted as requested by client. */
- map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
+ map_max_allowed_access(p->server_info->ptok, &des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0);
se_map_generic(&des_access,&grp_generic_mapping);
se_priv_copy( &se_rights, &se_add_users );
- status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ status = access_check_samr_object(psd, p->server_info->ptok,
&se_rights, GENERIC_RIGHTS_GROUP_WRITE, des_access,
&acc_granted, "_samr_OpenGroup");
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 46aed7ce65..744de67db4 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -388,7 +388,8 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
return WERR_BADFID;
}
- return delete_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, Printer->sharename );
+ return delete_printer_hook(p->mem_ctx, p->server_info->ptok,
+ Printer->sharename );
}
/****************************************************************************
@@ -1656,13 +1657,13 @@ WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ((p->pipe_user.ut.uid != 0) &&
- !user_has_privileges(p->pipe_user.nt_user_token,
+ if ((p->server_info->utok.uid != 0) &&
+ !user_has_privileges(p->server_info->ptok,
&se_printop ) &&
!token_contains_name_in_list(
- uidtoname(p->pipe_user.ut.uid),
+ uidtoname(p->server_info->utok.uid),
NULL, NULL,
- p->pipe_user.nt_user_token,
+ p->server_info->ptok,
lp_printer_admin(snum))) {
close_printer_handle(p, handle);
return WERR_ACCESS_DENIED;
@@ -1715,8 +1716,8 @@ WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u,
return WERR_ACCESS_DENIED;
}
- if (!user_ok_token(uidtoname(p->pipe_user.ut.uid), NULL,
- p->pipe_user.nt_user_token, snum) ||
+ if (!user_ok_token(uidtoname(p->server_info->utok.uid), NULL,
+ p->server_info->ptok, snum) ||
!print_access_check(p->server_info, snum,
printer_default->access_required)) {
DEBUG(3, ("access DENIED for printer open\n"));
@@ -2018,11 +2019,11 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ( (p->pipe_user.ut.uid != 0)
- && !user_has_privileges(p->pipe_user.nt_user_token, &se_printop )
+ if ( (p->server_info->utok.uid != 0)
+ && !user_has_privileges(p->server_info->ptok, &se_printop )
&& !token_contains_name_in_list(
- uidtoname(p->pipe_user.ut.uid), NULL,
- NULL, p->pipe_user.nt_user_token,
+ uidtoname(p->server_info->utok.uid), NULL,
+ NULL, p->server_info->ptok,
lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
@@ -2116,11 +2117,11 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ( (p->pipe_user.ut.uid != 0)
- && !user_has_privileges(p->pipe_user.nt_user_token, &se_printop )
+ if ( (p->server_info->utok.uid != 0)
+ && !user_has_privileges(p->server_info->ptok, &se_printop )
&& !token_contains_name_in_list(
- uidtoname(p->pipe_user.ut.uid), NULL, NULL,
- p->pipe_user.nt_user_token, lp_printer_admin(-1)) )
+ uidtoname(p->server_info->utok.uid), NULL, NULL,
+ p->server_info->ptok, lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
}
@@ -6390,7 +6391,8 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
{
/* add_printer_hook() will call reload_services() */
- if ( !add_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, printer) ) {
+ if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok,
+ printer) ) {
result = WERR_ACCESS_DENIED;
goto done;
}
@@ -7730,7 +7732,8 @@ static WERROR spoolss_addprinterex_level_2( pipes_struct *p, const UNISTR2 *uni_
trying to add a printer like this --jerry */
if (*lp_addprinter_cmd() ) {
- if ( !add_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, printer) ) {
+ if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok,
+ printer) ) {
free_a_printer(&printer,2);
return WERR_ACCESS_DENIED;
}
@@ -9938,10 +9941,10 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X
switch ( Printer->printer_type ) {
case SPLHND_PORTMON_TCP:
- return process_xcvtcp_command( p->pipe_user.nt_user_token, command,
+ return process_xcvtcp_command( p->server_info->ptok, command,
&q_u->indata, &r_u->outdata, &r_u->needed );
case SPLHND_PORTMON_LOCAL:
- return process_xcvlocal_command( p->pipe_user.nt_user_token, command,
+ return process_xcvlocal_command( p->server_info->ptok, command,
&q_u->indata, &r_u->outdata, &r_u->needed );
}
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 274deab88b..bf3669022d 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -262,7 +262,7 @@ static void init_srv_share_info_1(pipes_struct *p, struct srvsvc_NetShareInfo1 *
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
@@ -289,7 +289,7 @@ static void init_srv_share_info_2(pipes_struct *p, struct srvsvc_NetShareInfo2 *
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
path = talloc_asprintf(p->mem_ctx,
@@ -355,7 +355,7 @@ static void init_srv_share_info_501(pipes_struct *p, struct srvsvc_NetShareInfo5
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
@@ -383,7 +383,7 @@ static void init_srv_share_info_502(pipes_struct *p, struct srvsvc_NetShareInfo5
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum));
@@ -422,7 +422,7 @@ static void init_srv_share_info_1004(pipes_struct *p, struct srvsvc_NetShareInfo
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->pipe_user.ut.uid, get_current_username(),
+ p->server_info->utok.uid, get_current_username(),
"", remark);
}
@@ -1225,7 +1225,6 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p,
struct srvsvc_NetSessDel *r)
{
struct sessionid *session_list;
- struct current_user user;
int num_sessions, snum;
const char *username;
const char *machine;
@@ -1246,12 +1245,11 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p,
werr = WERR_ACCESS_DENIED;
- get_current_user(&user, p);
-
/* fail out now if you are not root or not a domain admin */
- if ((user.ut.uid != sec_initial_uid()) &&
- ( ! nt_token_check_domain_rid(p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS))) {
+ if ((p->server_info->utok.uid != sec_initial_uid()) &&
+ ( ! nt_token_check_domain_rid(p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS))) {
goto done;
}
@@ -1263,7 +1261,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p,
NTSTATUS ntstat;
- if (user.ut.uid != sec_initial_uid()) {
+ if (p->server_info->utok.uid != sec_initial_uid()) {
not_root = True;
become_root();
}
@@ -1466,7 +1464,6 @@ char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname)
WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
struct srvsvc_NetShareSetInfo *r)
{
- struct current_user user;
char *command = NULL;
char *share_name = NULL;
char *comment = NULL;
@@ -1510,13 +1507,11 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- get_current_user(&user,p);
-
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
/* fail out now if you are not root and not a disk op */
- if ( user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
switch (r->in.level) {
@@ -1683,7 +1678,6 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p,
WERROR _srvsvc_NetShareAdd(pipes_struct *p,
struct srvsvc_NetShareAdd *r)
{
- struct current_user user;
char *command = NULL;
char *share_name = NULL;
char *comment = NULL;
@@ -1704,11 +1698,9 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p,
*r->out.parm_error = 0;
}
- get_current_user(&user,p);
-
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- if (user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_add_share_cmd() || !*lp_add_share_cmd()) {
@@ -1868,7 +1860,6 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p,
WERROR _srvsvc_NetShareDel(pipes_struct *p,
struct srvsvc_NetShareDel *r)
{
- struct current_user user;
char *command = NULL;
char *share_name = NULL;
int ret;
@@ -1901,11 +1892,9 @@ WERROR _srvsvc_NetShareDel(pipes_struct *p,
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- get_current_user(&user,p);
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
-
- if (user.ut.uid != sec_initial_uid() && !is_disk_op )
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) {
@@ -2409,17 +2398,14 @@ static void enum_file_close_fn( const struct share_mode_entry *e,
WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r)
{
- struct current_user user;
SE_PRIV se_diskop = SE_DISK_OPERATOR;
bool is_disk_op;
DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
- get_current_user(&user,p);
-
- is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop );
+ is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop );
- if (user.ut.uid != sec_initial_uid() && !is_disk_op) {
+ if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) {
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 0bed13e522..6692160ba2 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -272,7 +272,8 @@ WERROR _svcctl_OpenSCManagerW(pipes_struct *p,
return WERR_NOMEM;
se_map_generic( &r->in.access_mask, &scm_generic_map );
- status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted );
+ status = svcctl_access_check( sec_desc, p->server_info->ptok,
+ r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
@@ -309,7 +310,8 @@ WERROR _svcctl_OpenServiceW(pipes_struct *p,
return WERR_NOMEM;
se_map_generic( &r->in.access_mask, &svc_generic_map );
- status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted );
+ status = svcctl_access_check( sec_desc, p->server_info->ptok,
+ r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
@@ -347,7 +349,8 @@ WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p,
service = r->in.service_name;
- display_name = svcctl_lookup_dispname(p->mem_ctx, service, p->pipe_user.nt_user_token );
+ display_name = svcctl_lookup_dispname(p->mem_ctx, service,
+ p->server_info->ptok);
if (!display_name) {
display_name = "";
}
@@ -424,7 +427,7 @@ WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STAT
size_t buffer_size = 0;
WERROR result = WERR_OK;
SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
- NT_USER_TOKEN *token = p->pipe_user.nt_user_token;
+ NT_USER_TOKEN *token = p->server_info->ptok;
/* perform access checks */
@@ -680,7 +683,8 @@ WERROR _svcctl_QueryServiceConfigW(pipes_struct *p,
*r->out.bytes_needed = r->in.buf_size;
- wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query, p->pipe_user.nt_user_token );
+ wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query,
+ p->server_info->ptok);
if ( !W_ERROR_IS_OK(wresult) )
return wresult;
@@ -723,7 +727,8 @@ WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CO
SERVICE_DESCRIPTION desc_buf;
const char *description;
- description = svcctl_lookup_description(p->mem_ctx, info->name, p->pipe_user.nt_user_token );
+ description = svcctl_lookup_description(
+ p->mem_ctx, info->name, p->server_info->ptok);
ZERO_STRUCTP( &desc_buf );
@@ -903,7 +908,8 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
/* store the new SD */
- if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) )
+ if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc,
+ p->server_info->ptok) )
return WERR_ACCESS_DENIED;
return WERR_OK;
diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index 7e842ed54d..1131033b04 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -70,7 +70,7 @@ static WERROR open_registry_key( pipes_struct *p, POLICY_HND *hnd,
if (parent == NULL) {
result = reg_openhive(NULL, subkeyname, access_desired,
- p->pipe_user.nt_user_token, &key);
+ p->server_info->ptok, &key);
}
else {
result = reg_openkey(NULL, parent, subkeyname, access_desired,
@@ -556,7 +556,8 @@ WERROR _winreg_InitiateSystemShutdownEx(pipes_struct *p, struct winreg_InitiateS
return WERR_NOMEM;
}
- can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown );
+ can_shutdown = user_has_privileges( p->server_info->ptok,
+ &se_remote_shutdown );
/* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root
Take the error return from the script and provide it as the Windows return code. */
@@ -594,7 +595,8 @@ WERROR _winreg_AbortSystemShutdown(pipes_struct *p, struct winreg_AbortSystemShu
if (!*abort_shutdown_script)
return WERR_ACCESS_DENIED;
- can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown );
+ can_shutdown = user_has_privileges( p->server_info->ptok,
+ &se_remote_shutdown );
/********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
@@ -682,7 +684,7 @@ WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r)
/* user must posses SeRestorePrivilege for this this proceed */
- if ( !user_has_privileges( p->pipe_user.nt_user_token, &se_restore ) )
+ if ( !user_has_privileges( p->server_info->ptok, &se_restore ) )
return WERR_ACCESS_DENIED;
DEBUG(2,("_winreg_RestoreKey: Restoring [%s] from %s in share %s\n",
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index 0a54b0dd3f..7071b55e7c 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -293,7 +293,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- struct nt_user_token *token = p->pipe_user.nt_user_token;
+ struct nt_user_token *token = p->server_info->ptok;
if (!r->in.domain_name) {
return WERR_INVALID_PARAM;
@@ -368,7 +368,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- struct nt_user_token *token = p->pipe_user.nt_user_token;
+ struct nt_user_token *token = p->server_info->ptok;
if (!r->in.account || !r->in.encrypted_password) {
return WERR_INVALID_PARAM;
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index c238f40cfd..ca7df264e2 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -318,9 +318,9 @@ bool become_authenticated_pipe_user(pipes_struct *p)
if (!push_sec_ctx())
return False;
- set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid,
- p->pipe_user.ut.ngroups, p->pipe_user.ut.groups,
- p->pipe_user.nt_user_token);
+ set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
+ p->server_info->utok.ngroups, p->server_info->utok.groups,
+ p->server_info->ptok);
return True;
}