diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-07-15 14:59:14 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-20 09:17:10 +1000 |
| commit | 6d741e918f145c6ec62c22358aabc8162db108fd (patch) | |
| tree | 4d562524b2ff71892911331d707e23045984b0d3 /source3/rpc_server/lsa | |
| parent | f16d8f4eb86ecc4741c25e5ed87b2ea4c6717a31 (diff) | |
| download | samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.gz samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.bz2 samba-6d741e918f145c6ec62c22358aabc8162db108fd.zip | |
s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/rpc_server/lsa')
| -rw-r--r-- | source3/rpc_server/lsa/srv_lsa_nt.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index 2342a0e8aa..fa018b424f 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -434,7 +434,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p, /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); /* map the generic bits to the lsa policy ones */ @@ -1504,7 +1504,7 @@ static NTSTATUS _lsa_OpenTrustedDomain_base(struct pipes_struct *p, /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &access_mask); /* map the generic bits to the lsa account ones */ @@ -1701,14 +1701,14 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - if (p->session_info->utok.uid != sec_initial_uid() && + if (p->session_info->unix_token->uid != sec_initial_uid() && !nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS)) { return NT_STATUS_ACCESS_DENIED; } /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &r->in.access_mask); /* map the generic bits to the lsa policy ones */ @@ -2466,7 +2466,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p, /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &r->in.access_mask); /* map the generic bits to the lsa policy ones */ @@ -2530,7 +2530,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p, /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); /* map the generic bits to the lsa account ones */ |