diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-12-11 05:41:19 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:06:31 -0500 |
| commit | 6ca874f71ad77c82d6e161a3e4772100de2ad6c5 (patch) | |
| tree | 6379d5d502d779df1da563911d40249030268ac6 /source4/libcli/auth | |
| parent | 280bb1cf0fc84c61e20f6f557cecbeba726e2749 (diff) | |
| download | samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.tar.gz samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.tar.bz2 samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.zip | |
r4147: converted from NT_USER_TOKEN to struct security_token
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
Diffstat (limited to 'source4/libcli/auth')
| -rw-r--r-- | source4/libcli/auth/gensec_krb5.c | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/source4/libcli/auth/gensec_krb5.c b/source4/libcli/auth/gensec_krb5.c index c47d4f26b6..602e42a5ff 100644 --- a/source4/libcli/auth/gensec_krb5.c +++ b/source4/libcli/auth/gensec_krb5.c @@ -609,7 +609,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info = NULL; struct PAC_LOGON_INFO *logon_info; - struct nt_user_token *ptoken; + struct security_token *ptoken; struct dom_sid *sid; char *p; char *principal; @@ -684,15 +684,15 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security talloc_free(server_info); - ptoken = talloc_p(session_info, struct nt_user_token); - if (!ptoken) { + ptoken = security_token_initialise(session_info); + if (ptoken == NULL) { return NT_STATUS_NO_MEMORY; } - ptoken->num_sids = 0; - - ptoken->user_sids = talloc_array_p(ptoken, struct dom_sid*, logon_info->groups_count + 2); - if (!ptoken->user_sids) { + ptoken->num_sids = 0; + ptoken->sids = talloc_array_p(ptoken, struct dom_sid *, + logon_info->groups_count + 2); + if (!ptoken->sids) { return NT_STATUS_NO_MEMORY; } @@ -702,21 +702,24 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security sid = dom_sid_dup(server_info, logon_info->dom_sid); server_info->primary_group_sid = dom_sid_add_rid(server_info, sid, logon_info->group_rid); - ptoken->user_sids[0] = talloc_reference(session_info, server_info->user_sid); + ptoken->user_sid = server_info->user_sid; + ptoken->group_sid = server_info->primary_group_sid; + ptoken->sids[0] = talloc_reference(ptoken, ptoken->user_sid); ptoken->num_sids++; - ptoken->user_sids[1] = talloc_reference(session_info, server_info->primary_group_sid); + ptoken->sids[1] = talloc_reference(ptoken, ptoken->group_sid); ptoken->num_sids++; - for (;ptoken->num_sids < (logon_info->groups_count + 2); ptoken->num_sids++) { + for (;ptoken->num_sids < (logon_info->groups_count + 2); + ptoken->num_sids++) { sid = dom_sid_dup(session_info, logon_info->dom_sid); - ptoken->user_sids[ptoken->num_sids] + ptoken->sids[ptoken->num_sids] = dom_sid_add_rid(session_info, sid, logon_info->groups[ptoken->num_sids - 2].rid); } - debug_nt_user_token(DBGC_AUTH, 0, ptoken); + debug_security_token(DBGC_AUTH, 0, ptoken); - session_info->nt_user_token = ptoken; + session_info->security_token = ptoken; } else { TALLOC_CTX *mem_ctx = talloc_named(gensec_krb5_state, 0, "PAC-less session info discovery for %s@%s", username, realm); if (!mem_ctx) { |