summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-02-09 16:52:35 +1100
committerAndrew Tridgell <tridge@samba.org>2011-02-10 06:51:06 +0100
commit2b05ba77b4e072bb1c584738cc79538166444fd3 (patch)
tree51d3c787ac9415e049138604495bcd40b80b03f7 /source3
parentd66150c14def46711a15a35b4734e8f438b6dad6 (diff)
downloadsamba-2b05ba77b4e072bb1c584738cc79538166444fd3.tar.gz
samba-2b05ba77b4e072bb1c584738cc79538166444fd3.tar.bz2
samba-2b05ba77b4e072bb1c584738cc79538166444fd3.zip
s3-auth Rename cryptic 'ptok' to security_token
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_util.c36
-rw-r--r--source3/include/auth.h2
-rw-r--r--source3/lib/afs.c2
-rw-r--r--source3/modules/vfs_acl_common.c4
-rw-r--r--source3/modules/vfs_smb_traffic_analyzer.c2
-rw-r--r--source3/printing/nt_printing.c6
-rw-r--r--source3/rpc_server/rpc_ncacn_np.c2
-rw-r--r--source3/rpc_server/rpc_server.c4
-rw-r--r--source3/rpc_server/srv_epmapper.c2
-rw-r--r--source3/rpc_server/srv_eventlog_nt.c4
-rw-r--r--source3/rpc_server/srv_lsa_nt.c16
-rw-r--r--source3/rpc_server/srv_netlog_nt.c4
-rw-r--r--source3/rpc_server/srv_pipe.c4
-rw-r--r--source3/rpc_server/srv_samr_nt.c36
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c38
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c18
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c4
-rw-r--r--source3/rpc_server/srv_winreg_nt.c8
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c16
-rw-r--r--source3/smbd/password.c2
-rw-r--r--source3/smbd/service.c8
-rw-r--r--source3/smbd/sesssetup.c4
-rw-r--r--source3/smbd/smb2_sesssetup.c2
-rw-r--r--source3/smbd/trans2.c18
-rw-r--r--source3/smbd/uid.c18
25 files changed, 130 insertions, 130 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index c319edf57f..0b8f950389 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -458,14 +458,14 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info)
&server_info->utok.uid,
&server_info->utok.gid,
&server_info->unix_name,
- &server_info->ptok);
+ &server_info->security_token);
} else {
status = create_local_nt_token_from_info3(server_info,
server_info->guest,
server_info->info3,
&server_info->extra,
- &server_info->ptok);
+ &server_info->security_token);
}
if (!NT_STATUS_IS_OK(status)) {
@@ -479,9 +479,9 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info)
/* Start at index 1, where the groups start. */
- for (i=1; i<server_info->ptok->num_sids; i++) {
+ for (i=1; i<server_info->security_token->num_sids; i++) {
gid_t gid;
- struct dom_sid *sid = &server_info->ptok->sids[i];
+ struct dom_sid *sid = &server_info->security_token->sids[i];
if (!sid_to_gid(sid, &gid)) {
DEBUG(10, ("Could not convert SID %s to gid, "
@@ -508,25 +508,25 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info)
uid_to_unix_users_sid(server_info->utok.uid, &tmp_sid);
- add_sid_to_array_unique(server_info->ptok, &tmp_sid,
- &server_info->ptok->sids,
- &server_info->ptok->num_sids);
+ add_sid_to_array_unique(server_info->security_token, &tmp_sid,
+ &server_info->security_token->sids,
+ &server_info->security_token->num_sids);
for ( i=0; i<server_info->utok.ngroups; i++ ) {
gid_to_unix_groups_sid(server_info->utok.groups[i], &tmp_sid);
- add_sid_to_array_unique(server_info->ptok, &tmp_sid,
- &server_info->ptok->sids,
- &server_info->ptok->num_sids);
+ add_sid_to_array_unique(server_info->security_token, &tmp_sid,
+ &server_info->security_token->sids,
+ &server_info->security_token->num_sids);
}
- security_token_debug(DBGC_AUTH, 10, server_info->ptok);
+ security_token_debug(DBGC_AUTH, 10, server_info->security_token);
debug_unix_user_token(DBGC_AUTH, 10,
server_info->utok.uid,
server_info->utok.gid,
server_info->utok.ngroups,
server_info->utok.groups);
- status = log_nt_token(server_info->ptok);
+ status = log_nt_token(server_info->security_token);
return status;
}
@@ -771,10 +771,10 @@ static NTSTATUS make_new_server_info_system(TALLOC_CTX *mem_ctx,
(*server_info)->system = true;
- status = add_sid_to_array_unique((*server_info)->ptok->sids,
+ status = add_sid_to_array_unique((*server_info)->security_token->sids,
&global_sid_System,
- &(*server_info)->ptok->sids,
- &(*server_info)->ptok->num_sids);
+ &(*server_info)->security_token->sids,
+ &(*server_info)->security_token->num_sids);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE((*server_info));
return status;
@@ -847,9 +847,9 @@ struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
dst->utok.groups = NULL;
}
- if (src->ptok) {
- dst->ptok = dup_nt_token(dst, src->ptok);
- if (!dst->ptok) {
+ if (src->security_token) {
+ dst->security_token = dup_nt_token(dst, src->security_token);
+ if (!dst->security_token) {
TALLOC_FREE(dst);
return NULL;
}
diff --git a/source3/include/auth.h b/source3/include/auth.h
index a123a3b59b..baf55605a7 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -34,7 +34,7 @@ struct auth_serversupplied_info {
/* NT group information taken from the info3 structure */
- struct security_token *ptok;
+ struct security_token *security_token;
/* This is the final session key, as used by SMB signing, and
* (truncated to 16 bytes) encryption on the SAMR and LSA pipes
diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index 7b3e610306..117f6fa0b7 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -240,7 +240,7 @@ bool afs_login(connection_struct *conn)
return false;
}
- user_sid = &conn->server_info->ptok->user_sids[0];
+ user_sid = &conn->server_info->security_token->user_sids[0];
afs_username = talloc_string_sub(talloc_tos(),
afs_username,
"%s",
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index c89ca7a806..003be02b9c 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -462,8 +462,8 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
&psd,
&size,
parent_desc,
- &handle->conn->server_info->ptok->sids[PRIMARY_USER_SID_INDEX],
- &handle->conn->server_info->ptok->sids[PRIMARY_GROUP_SID_INDEX],
+ &handle->conn->server_info->security_token->sids[PRIMARY_USER_SID_INDEX],
+ &handle->conn->server_info->security_token->sids[PRIMARY_GROUP_SID_INDEX],
is_directory);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index 8cde7f42b7..6b41affb06 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -330,7 +330,7 @@ static char *smb_traffic_analyzer_create_string( TALLOC_CTX *ctx,
* anonymized if needed, by the calling function.
*/
usersid = dom_sid_string( common_data_count_str,
- &handle->conn->server_info->ptok->sids[0]);
+ &handle->conn->server_info->security_token->sids[0]);
sidstr = smb_traffic_analyzer_anonymize(
common_data_count_str,
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 671aca6a51..68be518b96 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -2093,7 +2093,7 @@ bool print_access_check(const struct auth_serversupplied_info *server_info,
/* Always allow root or SE_PRINT_OPERATROR to do anything */
if (server_info->utok.uid == sec_initial_uid()
- || security_token_has_privilege(server_info->ptok, SEC_PRIV_PRINT_OPERATOR)) {
+ || security_token_has_privilege(server_info->security_token, SEC_PRIV_PRINT_OPERATOR)) {
return True;
}
@@ -2149,7 +2149,7 @@ bool print_access_check(const struct auth_serversupplied_info *server_info,
}
/* Check access */
- status = se_access_check(secdesc, server_info->ptok, access_type,
+ status = se_access_check(secdesc, server_info->security_token, access_type,
&access_granted);
DEBUG(4, ("access check was %s\n", NT_STATUS_IS_OK(status) ? "SUCCESS" : "FAILURE"));
@@ -2159,7 +2159,7 @@ bool print_access_check(const struct auth_serversupplied_info *server_info,
if (!NT_STATUS_IS_OK(status) &&
(token_contains_name_in_list(uidtoname(server_info->utok.uid),
server_info->info3->base.domain.string,
- NULL, server_info->ptok,
+ NULL, server_info->security_token,
lp_printer_admin(snum)))) {
talloc_destroy(mem_ctx);
return True;
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index c35fa847ad..c5c7f617f8 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -648,7 +648,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
}
/* Send the named_pipe_auth server the user's full token */
- session_info->security_token = server_info->ptok;
+ session_info->security_token = server_info->security_token;
session_info->session_key = server_info->user_session_key;
val.sam3 = server_info->info3;
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index a0da354fd3..992e5a3e82 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -118,10 +118,10 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
return -1;
}
- /* Now override the server_info->ptok with the exact
+ /* Now override the server_info->security_token with the exact
* security_token we were given from the other side,
* regardless of what we just calculated */
- p->server_info->ptok = talloc_move(p->server_info, &session_info->security_token);
+ p->server_info->security_token = talloc_move(p->server_info, &session_info->security_token);
/* Also set the session key to the correct value */
p->server_info->user_session_key = session_info->session_key;
diff --git a/source3/rpc_server/srv_epmapper.c b/source3/rpc_server/srv_epmapper.c
index 58a6e1190f..5bfb176b84 100644
--- a/source3/rpc_server/srv_epmapper.c
+++ b/source3/rpc_server/srv_epmapper.c
@@ -206,7 +206,7 @@ static uint32_t build_ep_list(TALLOC_CTX *mem_ctx,
static bool is_priviledged_pipe(struct auth_serversupplied_info *info) {
/* If the user is not root, or has the system token, fail */
if ((info->utok.uid != sec_initial_uid()) &&
- !security_token_is_system(info->ptok)) {
+ !security_token_is_system(info->security_token)) {
return false;
}
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index 64da67ab7b..ff8a49526e 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -236,7 +236,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct
elog->logname = talloc_strdup( elog, ELOG_APPL );
/* do the access check */
- if ( !elog_check_access( elog, p->server_info->ptok ) ) {
+ if ( !elog_check_access( elog, p->server_info->security_token ) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
@@ -254,7 +254,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct
/* now do the access check. Close the tdb if we fail here */
- if ( !elog_check_access( elog, p->server_info->ptok ) ) {
+ if ( !elog_check_access( elog, p->server_info->security_token ) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index feec3661a2..53baba31ca 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -376,7 +376,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
NTSTATUS status;
/* Work out max allowed. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -390,7 +390,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
return status;
}
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
&acc_granted, "_lsa_OpenPolicy2" );
if (!NT_STATUS_IS_OK(status)) {
@@ -1710,7 +1710,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
}
/* Work out max allowed. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&r->in.access_mask);
@@ -1724,7 +1724,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
return status;
}
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, r->in.access_mask,
&acc_granted, "_lsa_CreateAccount");
if (!NT_STATUS_IS_OK(status)) {
@@ -1779,7 +1779,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
* handle - so don't check against policy handle. */
/* Work out max allowed. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -1794,7 +1794,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
return status;
}
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
&acc_granted, "_lsa_OpenAccount" );
if (!NT_STATUS_IS_OK(status)) {
@@ -2153,7 +2153,7 @@ NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p,
* on the account sid. We don't check here so just use the latter. JRA.
*/
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW,
&acc_granted, "_lsa_AddAccountRights" );
@@ -2223,7 +2223,7 @@ NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p,
* and DELETE on the account sid.
*/
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
LSA_ACCOUNT_VIEW|SEC_STD_DELETE,
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index b366af7224..b55c74adfc 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -208,8 +208,8 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
case NETLOGON_CONTROL_CHANGE_PASSWORD:
case NETLOGON_CONTROL_REDISCOVER:
if ((geteuid() != sec_initial_uid()) &&
- !nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_RID_ADMINS) &&
- !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->ptok) &&
+ !nt_token_check_domain_rid(p->server_info->security_token, DOMAIN_RID_ADMINS) &&
+ !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->security_token) &&
!(acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST))) {
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 98de58c557..57b5a0fac5 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -657,7 +657,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
return false;
}
- if ((*server_info)->ptok == NULL) {
+ if ((*server_info)->security_token == NULL) {
DEBUG(1, ("Auth module failed to provide nt_user_token\n"));
return false;
}
@@ -752,7 +752,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx,
return status;
}
- if ((*server_info)->ptok == NULL) {
+ if ((*server_info)->security_token == NULL) {
status = create_local_token(*server_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to create local user token (%s)\n",
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 5087ec322a..4e6d94d957 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -561,7 +561,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
}
/*check if access can be granted as requested by client. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -572,7 +572,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
* Users with SeAddUser get the ability to manipulate groups
* and aliases.
*/
- if (security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) {
+ if (security_token_has_privilege(p->server_info->security_token, SEC_PRIV_ADD_USERS)) {
extra_access |= (SAMR_DOMAIN_ACCESS_CREATE_GROUP |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
@@ -585,7 +585,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
* SAMR_DOMAIN_ACCESS_CREATE_USER access.
*/
- status = access_check_object( psd, p->server_info->ptok,
+ status = access_check_object( psd, p->server_info->security_token,
SEC_PRIV_MACHINE_ACCOUNT, SEC_PRIV_ADD_USERS,
extra_access, des_access,
&acc_granted, "_samr_OpenDomain" );
@@ -2296,7 +2296,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
return NT_STATUS_NO_SUCH_USER;
/* check if access can be granted as requested by client. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -2345,7 +2345,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
* DOMAIN_RID_ADMINS.
*/
if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
- if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok,
+ if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->security_token,
DOMAIN_RID_ADMINS)) {
des_access &= ~GENERIC_RIGHTS_USER_WRITE;
extra_access = GENERIC_RIGHTS_USER_WRITE;
@@ -2358,7 +2358,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
TALLOC_FREE(sampass);
- nt_status = access_check_object(psd, p->server_info->ptok,
+ nt_status = access_check_object(psd, p->server_info->security_token,
needed_priv_1, needed_priv_2,
GENERIC_RIGHTS_USER_WRITE, des_access,
&acc_granted, "_samr_OpenUser");
@@ -3860,19 +3860,19 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
can_add_account = true;
} else if (acb_info & ACB_WSTRUST) {
needed_priv = SEC_PRIV_MACHINE_ACCOUNT;
- can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT);
+ can_add_account = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_MACHINE_ACCOUNT);
} else if (acb_info & ACB_NORMAL &&
(account[strlen(account)-1] != '$')) {
/* usrmgr.exe (and net rpc trustdom grant) creates a normal user
account for domain trusts and changes the ACB flags later */
needed_priv = SEC_PRIV_ADD_USERS;
- can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS);
+ can_add_account = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_ADD_USERS);
} else if (lp_enable_privileges()) {
/* implicit assumption of a BDC or domain trust account here
* (we already check the flags earlier) */
/* only Domain Admins can add a BDC or domain trust */
can_add_account = nt_token_check_domain_rid(
- p->server_info->ptok,
+ p->server_info->security_token,
DOMAIN_RID_ADMINS );
}
@@ -3902,7 +3902,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
sid_compose(&sid, get_global_sam_sid(), *r->out.rid);
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -3917,7 +3917,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
* just assume we have all the rights we need ?
*/
- nt_status = access_check_object(psd, p->server_info->ptok,
+ nt_status = access_check_object(psd, p->server_info->security_token,
needed_priv, SEC_PRIV_INVALID,
GENERIC_RIGHTS_USER_WRITE, des_access,
&acc_granted, "_samr_CreateUser2");
@@ -3985,7 +3985,7 @@ NTSTATUS _samr_Connect(struct pipes_struct *p,
was observed from a win98 client trying to enumerate users (when configured
user level access control on shares) --jerry */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -4047,14 +4047,14 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
se_map_generic(&des_access, &sam_generic_mapping);
- nt_status = access_check_object(psd, p->server_info->ptok,
+ nt_status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID,
0, des_access, &acc_granted, fn);
@@ -4262,14 +4262,14 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p,
/*check if access can be granted as requested by client. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0);
se_map_generic(&des_access,&ali_generic_mapping);
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID,
GENERIC_RIGHTS_ALIAS_ALL_ACCESS,
des_access, &acc_granted, "_samr_OpenAlias");
@@ -6336,14 +6336,14 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
}
/*check if access can be granted as requested by client. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0);
se_map_generic(&des_access,&grp_generic_mapping);
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID, GENERIC_RIGHTS_GROUP_ALL_ACCESS,
des_access, &acc_granted, "_samr_OpenGroup");
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index a06e643cb8..e2fc670d50 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -462,7 +462,7 @@ static WERROR delete_printer_handle(struct pipes_struct *p, struct policy_handle
return WERR_BADFID;
}
- result = delete_printer_hook(p->mem_ctx, p->server_info->ptok,
+ result = delete_printer_hook(p->mem_ctx, p->server_info->security_token,
Printer->sharename, p->msg_ctx);
if (!W_ERROR_IS_OK(result)) {
return result;
@@ -1802,13 +1802,13 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
- !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->ptok) &&
+ !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
+ !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->security_token) &&
!token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(snum))) {
close_printer_handle(p, r->out.handle);
ZERO_STRUCTP(r->out.handle);
@@ -1874,7 +1874,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
}
if (!user_ok_token(uidtoname(p->server_info->utok.uid), NULL,
- p->server_info->ptok, snum) ||
+ p->server_info->security_token, snum) ||
!print_access_check(p->server_info,
p->msg_ctx,
snum,
@@ -2050,12 +2050,12 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
and not a printer admin, then fail */
if ( (p->server_info->utok.uid != sec_initial_uid())
- && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR)
+ && !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
@@ -2155,12 +2155,12 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
and not a printer admin, then fail */
if ( (p->server_info->utok.uid != sec_initial_uid())
- && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR)
+ && !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok, lp_printer_admin(-1)) )
+ p->server_info->security_token, lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
}
@@ -6519,7 +6519,7 @@ static WERROR update_printer(struct pipes_struct *p,
!strequal(printer->location, old_printer->location)) )
{
/* add_printer_hook() will call reload_services() */
- if (!add_printer_hook(tmp_ctx, p->server_info->ptok,
+ if (!add_printer_hook(tmp_ctx, p->server_info->security_token,
printer, p->client_id->addr,
p->msg_ctx)) {
result = WERR_ACCESS_DENIED;
@@ -7836,7 +7836,7 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p,
trying to add a printer like this --jerry */
if (*lp_addprinter_cmd() ) {
- if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok,
+ if ( !add_printer_hook(p->mem_ctx, p->server_info->security_token,
info2, p->client_id->addr,
p->msg_ctx) ) {
return WERR_ACCESS_DENIED;
@@ -8428,11 +8428,11 @@ WERROR _spoolss_AddForm(struct pipes_struct *p,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
@@ -8496,11 +8496,11 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p,
}
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
@@ -8560,11 +8560,11 @@ WERROR _spoolss_SetForm(struct pipes_struct *p,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
@@ -9984,14 +9984,14 @@ WERROR _spoolss_XcvData(struct pipes_struct *p,
switch ( Printer->printer_type ) {
case SPLHND_PORTMON_TCP:
werror = process_xcvtcp_command(p->mem_ctx,
- p->server_info->ptok,
+ p->server_info->security_token,
r->in.function_name,
&r->in.in_data, &out_data,
r->out.needed);
break;
case SPLHND_PORTMON_LOCAL:
werror = process_xcvlocal_command(p->mem_ctx,
- p->server_info->ptok,
+ p->server_info->security_token,
r->in.function_name,
&r->in.in_data, &out_data,
r->out.needed);
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index fe325d2a33..d5858ca418 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -520,7 +520,7 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
if (!lp_access_based_share_enum(snum))
return true;
- return share_access_check(p->server_info->ptok, lp_servicename(snum),
+ return share_access_check(p->server_info->security_token, lp_servicename(snum),
FILE_READ_DATA);
}
@@ -1055,7 +1055,7 @@ WERROR _srvsvc_NetFileEnum(struct pipes_struct *p,
}
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1, ("Enumerating files only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
@@ -1214,7 +1214,7 @@ WERROR _srvsvc_NetConnEnum(struct pipes_struct *p,
DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__));
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1, ("Enumerating connections only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
@@ -1252,7 +1252,7 @@ WERROR _srvsvc_NetSessEnum(struct pipes_struct *p,
DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__));
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1, ("Enumerating sessions only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
@@ -1311,7 +1311,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p,
/* fail out now if you are not root or not a domain admin */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- ( ! nt_token_check_domain_rid(p->server_info->ptok,
+ ( ! nt_token_check_domain_rid(p->server_info->security_token,
DOMAIN_RID_ADMINS))) {
goto done;
@@ -1579,7 +1579,7 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p,
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR);
/* fail out now if you are not root and not a disk op */
@@ -1782,7 +1782,7 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p,
*r->out.parm_error = 0;
}
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR);
if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
@@ -1988,7 +1988,7 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p,
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR);
if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
@@ -2554,7 +2554,7 @@ WERROR _srvsvc_NetFileClose(struct pipes_struct *p,
DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR);
if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) {
return WERR_ACCESS_DENIED;
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index e8e55ca981..b6984d0c5f 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -278,7 +278,7 @@ WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p,
return WERR_NOMEM;
se_map_generic( &r->in.access_mask, &scm_generic_map );
- status = svcctl_access_check( sec_desc, p->server_info->ptok,
+ status = svcctl_access_check( sec_desc, p->server_info->security_token,
r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
@@ -324,7 +324,7 @@ WERROR _svcctl_OpenServiceW(struct pipes_struct *p,
}
se_map_generic( &r->in.access_mask, &svc_generic_map );
- status = svcctl_access_check( sec_desc, p->server_info->ptok,
+ status = svcctl_access_check( sec_desc, p->server_info->security_token,
r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index 298f33ab70..91f050a099 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -68,7 +68,7 @@ static WERROR open_registry_key(struct pipes_struct *p,
if (parent == NULL) {
result = reg_openhive(p->mem_ctx, subkeyname, access_desired,
- p->server_info->ptok, &key);
+ p->server_info->security_token, &key);
}
else {
result = reg_openkey(p->mem_ctx, parent, subkeyname,
@@ -577,7 +577,7 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p,
return WERR_NOMEM;
}
- can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN);
+ can_shutdown = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN);
/* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root
Take the error return from the script and provide it as the Windows return code. */
@@ -614,7 +614,7 @@ WERROR _winreg_AbortSystemShutdown(struct pipes_struct *p,
if (!*abort_shutdown_script)
return WERR_ACCESS_DENIED;
- can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN);
+ can_shutdown = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN);
/********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
@@ -704,7 +704,7 @@ WERROR _winreg_RestoreKey(struct pipes_struct *p,
/* user must posses SeRestorePrivilege for this this proceed */
- if ( !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_RESTORE)) {
+ if ( !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_RESTORE)) {
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index 000b605913..3926ceb27a 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -352,7 +352,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
case 101:
/* Level 101 can be allowed from any logged in user */
if (!nt_token_check_sid(&global_sid_Authenticated_Users,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1,("User not allowed for NetWkstaGetInfo level "
"101\n"));
DEBUGADD(3,(" - does not have sid for Authenticated "
@@ -360,7 +360,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
sid_string_dbg(
&global_sid_Authenticated_Users)));
security_token_debug(DBGC_CLASS, 3,
- p->server_info->ptok);
+ p->server_info->security_token);
return WERR_ACCESS_DENIED;
}
r->out.info->info101 = create_wks_info_101(p->mem_ctx);
@@ -371,14 +371,14 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
case 102:
/* Level 102 Should only be allowed from a domain administrator */
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1,("User not allowed for NetWkstaGetInfo level "
"102\n"));
DEBUGADD(3,(" - does not have sid for Administrators "
"group %s, sids are:\n",
sid_string_dbg(&global_sid_Builtin_Administrators)));
security_token_debug(DBGC_CLASS, 3,
- p->server_info->ptok);
+ p->server_info->security_token);
return WERR_ACCESS_DENIED;
}
r->out.info->info102 = create_wks_info_102(p->mem_ctx);
@@ -557,12 +557,12 @@ WERROR _wkssvc_NetWkstaEnumUsers(struct pipes_struct *p,
{
/* This with any level should only be allowed from a domain administrator */
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1,("User not allowed for NetWkstaEnumUsers\n"));
DEBUGADD(3,(" - does not have sid for Administrators group "
"%s\n", sid_string_dbg(
&global_sid_Builtin_Administrators)));
- security_token_debug(DBGC_CLASS, 3, p->server_info->ptok);
+ security_token_debug(DBGC_CLASS, 3, p->server_info->security_token);
return WERR_ACCESS_DENIED;
}
@@ -813,7 +813,7 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- struct security_token *token = p->server_info->ptok;
+ struct security_token *token = p->server_info->security_token;
if (!r->in.domain_name) {
return WERR_INVALID_PARAM;
@@ -888,7 +888,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- struct security_token *token = p->server_info->ptok;
+ struct security_token *token = p->server_info->security_token;
if (!r->in.account || !r->in.encrypted_password) {
return WERR_INVALID_PARAM;
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 9be2b3b746..9c343badd2 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -293,7 +293,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
"Real name: %s\n", vuser->server_info->unix_name,
vuser->server_info->info3->base.full_name.string));
- if (!vuser->server_info->ptok) {
+ if (!vuser->server_info->security_token) {
DEBUG(1, ("register_existing_vuid: server_info does not "
"contain a user_token - cannot continue\n"));
goto fail;
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index a58f17c070..dfe2c2141f 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -613,7 +613,7 @@ static NTSTATUS create_connection_server_info(struct smbd_server_connection *sco
} else {
if (!user_ok_token(vuid_serverinfo->unix_name,
vuid_serverinfo->info3->base.domain.string,
- vuid_serverinfo->ptok, snum)) {
+ vuid_serverinfo->security_token, snum)) {
DEBUG(2, ("user '%s' (from session setup) not "
"permitted to access this share "
"(%s)\n",
@@ -782,7 +782,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
status = find_forced_group(
conn->force_user, snum, conn->server_info->unix_name,
- &conn->server_info->ptok->sids[1],
+ &conn->server_info->security_token->sids[1],
&conn->server_info->utok.gid);
if (!NT_STATUS_IS_OK(status)) {
@@ -835,12 +835,12 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
{
bool can_write = False;
- can_write = share_access_check(conn->server_info->ptok,
+ can_write = share_access_check(conn->server_info->security_token,
lp_servicename(snum),
FILE_WRITE_DATA);
if (!can_write) {
- if (!share_access_check(conn->server_info->ptok,
+ if (!share_access_check(conn->server_info->security_token,
lp_servicename(snum),
FILE_READ_DATA)) {
/* No access, read or write. */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 12d046038c..5a1776e698 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -384,7 +384,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
/* we need to build the token for the user. make_server_info_guest()
already does this */
- if ( !server_info->ptok ) {
+ if ( !server_info->security_token ) {
ret = create_local_token( server_info );
if ( !NT_STATUS_IS_OK(ret) ) {
DEBUG(10,("failed to create local token: %s\n",
@@ -1643,7 +1643,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
return;
}
- if (!server_info->ptok) {
+ if (!server_info->security_token) {
nt_status = create_local_token(server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e025f98121..7d029151bc 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -248,7 +248,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
/* we need to build the token for the user. make_server_info_guest()
already does this */
- if (!session->server_info->ptok ) {
+ if (!session->server_info->security_token ) {
status = create_local_token(session->server_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("smb2: failed to create local token: %s\n",
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index ed8e9f5642..32c557826e 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3356,7 +3356,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
* in our list of SIDs.
*/
if (nt_token_check_sid(&global_sid_Builtin_Guests,
- conn->server_info->ptok)) {
+ conn->server_info->security_token)) {
flags |= SMB_WHOAMI_GUEST;
}
@@ -3364,7 +3364,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
* is in our list of SIDs.
*/
if (nt_token_check_sid(&global_sid_Authenticated_Users,
- conn->server_info->ptok)) {
+ conn->server_info->security_token)) {
flags &= ~SMB_WHOAMI_GUEST;
}
@@ -3382,7 +3382,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
+ 4 /* pad/reserved */
+ (conn->server_info->utok.ngroups * 8)
/* groups list */
- + (conn->server_info->ptok->num_sids *
+ + (conn->server_info->security_token->num_sids *
SID_MAX_SIZE)
/* SID list */;
@@ -3407,16 +3407,16 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
}
SIVAL(pdata, 24, conn->server_info->utok.ngroups);
- SIVAL(pdata, 28, conn->server_info->ptok->num_sids);
+ SIVAL(pdata, 28, conn->server_info->security_token->num_sids);
/* We walk the SID list twice, but this call is fairly
* infrequent, and I don't expect that it's performance
* sensitive -- jpeach
*/
for (i = 0, sid_bytes = 0;
- i < conn->server_info->ptok->num_sids; ++i) {
+ i < conn->server_info->security_token->num_sids; ++i) {
sid_bytes += ndr_size_dom_sid(
- &conn->server_info->ptok->sids[i],
+ &conn->server_info->security_token->sids[i],
0);
}
@@ -3436,13 +3436,13 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
/* SID list */
for (i = 0;
- i < conn->server_info->ptok->num_sids; ++i) {
+ i < conn->server_info->security_token->num_sids; ++i) {
int sid_len = ndr_size_dom_sid(
- &conn->server_info->ptok->sids[i],
+ &conn->server_info->security_token->sids[i],
0);
sid_linearize(pdata + data_len, sid_len,
- &conn->server_info->ptok->sids[i]);
+ &conn->server_info->security_token->sids[i]);
data_len += sid_len;
}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index b573a6c920..87d85eff83 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -107,17 +107,17 @@ static bool check_user_ok(connection_struct *conn,
if (!user_ok_token(server_info->unix_name,
server_info->info3->base.domain.string,
- server_info->ptok, snum))
+ server_info->security_token, snum))
return(False);
readonly_share = is_share_read_only_for_token(
server_info->unix_name,
server_info->info3->base.domain.string,
- server_info->ptok,
+ server_info->security_token,
conn);
if (!readonly_share &&
- !share_access_check(server_info->ptok, lp_servicename(snum),
+ !share_access_check(server_info->security_token, lp_servicename(snum),
FILE_WRITE_DATA)) {
/* smb.conf allows r/w, but the security descriptor denies
* write. Fall back to looking at readonly. */
@@ -126,7 +126,7 @@ static bool check_user_ok(connection_struct *conn,
"security descriptor\n"));
}
- if (!share_access_check(server_info->ptok, lp_servicename(snum),
+ if (!share_access_check(server_info->security_token, lp_servicename(snum),
readonly_share ?
FILE_READ_DATA : FILE_WRITE_DATA)) {
return False;
@@ -135,7 +135,7 @@ static bool check_user_ok(connection_struct *conn,
admin_user = token_contains_name_in_list(
server_info->unix_name,
server_info->info3->base.domain.string,
- NULL, server_info->ptok, lp_admin_users(snum));
+ NULL, server_info->security_token, lp_admin_users(snum));
if (valid_vuid) {
struct vuid_cache_entry *ent =
@@ -327,7 +327,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
conn->server_info->utok.gid =
conn->force_group_gid;
gid = conn->force_group_gid;
- gid_to_sid(&conn->server_info->ptok
+ gid_to_sid(&conn->server_info->security_token
->sids[1], gid);
break;
}
@@ -335,7 +335,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
} else {
conn->server_info->utok.gid = conn->force_group_gid;
gid = conn->force_group_gid;
- gid_to_sid(&conn->server_info->ptok->sids[1],
+ gid_to_sid(&conn->server_info->security_token->sids[1],
gid);
}
}
@@ -347,7 +347,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
current_user.ut.groups = group_list;
set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
- conn->server_info->ptok);
+ conn->server_info->security_token);
current_user.conn = conn;
current_user.vuid = vuid;
@@ -389,7 +389,7 @@ bool become_authenticated_pipe_user(struct pipes_struct *p)
set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
p->server_info->utok.ngroups, p->server_info->utok.groups,
- p->server_info->ptok);
+ p->server_info->security_token);
return True;
}