Remove sam/api.c.

In order to reduce complexity, this patch removes the upper layer of the SAM
API.  Also, we remove the function pointers on the sam context - there really
is no point making these replaceable - that's for the modules.

Move a number of functions in include/interface.c around to allow for use of
'static' and to keep the external API in one chunk, at the bottem.  All these
functions were renamed to remove the context_sam -> sam

Consequential changes in the samtest module, and back out metze's change for
ACB filtering, becouse I think it belongs in the SAM backeds.  (But I will take
debate on this one).

Changes to the lib/util_sid.c code to create a 'system' token, and make it a
SAM_ASSERT() enforced requirement to have a token on those calls that specify
it.  samtest now uses this.

We should have a samtest call to set your own token.

We also need to extend our se_access code to cover the things that Win2k is
returning in it's access tokens.  Currently our system token doesn't pass, due
to unexpected flags.  (When running sam_ads against Win2k)

Andrew Bartlett
(This used to be commit b9036900d0bb227ec16c6a5792c18ef943dcf015)

1 files changed, 26 insertions, 0 deletions

diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 18260be870..9e533eb9fd 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -34,6 +34,7 @@ DOM_SID global_sid_World_Domain;	    	/* Everyone domain */
 DOM_SID global_sid_World;    				/* Everyone */
 DOM_SID global_sid_Creator_Owner_Domain;    /* Creator Owner domain */
 DOM_SID global_sid_NT_Authority;    		/* NT Authority */
+DOM_SID global_sid_System;    		/* System */
 DOM_SID global_sid_NULL;            		/* NULL sid */
 DOM_SID global_sid_Authenticated_Users;		/* All authenticated rids */
 DOM_SID global_sid_Network;					/* Network rids */
@@ -58,6 +59,12 @@ NT_USER_TOKEN anonymous_token = {
     anon_sid_array
 };
 
+static DOM_SID system_sid_array[4];
+NT_USER_TOKEN system_token = {
+    4,
+    system_sid_array
+};
+
 /****************************************************************************
  Lookup string names for SID types.
 ****************************************************************************/
@@ -101,6 +108,10 @@ const char *sid_type_lookup(uint32 sid_type)
 
 void generate_wellknown_sids(void)
 {
+	static BOOL initialised = False;
+	if (initialised) 
+		return;
+
 	string_to_sid(&global_sid_Builtin, "S-1-5-32");
 	string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544");
 	string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545");
@@ -111,6 +122,7 @@ void generate_wellknown_sids(void)
 	string_to_sid(&global_sid_Creator_Owner, "S-1-3-0");
 	string_to_sid(&global_sid_Creator_Group, "S-1-3-1");
 	string_to_sid(&global_sid_NT_Authority, "S-1-5");
+	string_to_sid(&global_sid_System, "S-1-5-18");
 	string_to_sid(&global_sid_NULL, "S-1-0-0");
 	string_to_sid(&global_sid_Authenticated_Users, "S-1-5-11");
 	string_to_sid(&global_sid_Network, "S-1-5-2");
@@ -120,6 +132,20 @@ void generate_wellknown_sids(void)
 	sid_copy( &anonymous_token.user_sids[0], &global_sid_World);
 	sid_copy( &anonymous_token.user_sids[1], &global_sid_Network);
 	sid_copy( &anonymous_token.user_sids[2], &global_sid_Anonymous);
+
+	/* Create the system token. */
+	sid_copy( &system_token.user_sids[0], &global_sid_World);
+	sid_copy( &system_token.user_sids[1], &global_sid_Authenticated_Users);
+	sid_copy( &system_token.user_sids[2], &global_sid_Builtin_Administrators);
+	sid_copy( &system_token.user_sids[3], &global_sid_System);
+	
+	initialised = True;
+}
+
+NT_USER_TOKEN *get_system_token(void) 
+{
+	generate_wellknown_sids(); /* The token is initialised here */
+	return &system_token;
 }
 
 /**************************************************************************