summaryrefslogtreecommitdiff
path: root/source4/libcli/security
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-14 13:30:51 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-08-18 09:50:38 +1000
commit7c6ca95bec5141707d4f19e802062731d6789cc5 (patch)
treed6ee504cf0f98ff62b5bac6b19a869f8378c3757 /source4/libcli/security
parent60086dcf9a58525d400b39e9464847d73cbce6d2 (diff)
downloadsamba-7c6ca95bec5141707d4f19e802062731d6789cc5.tar.gz
samba-7c6ca95bec5141707d4f19e802062731d6789cc5.tar.bz2
samba-7c6ca95bec5141707d4f19e802062731d6789cc5.zip
s4:security Remove use of user_sid and group_sid from struct security_token
This makes the structure more like Samba3's NT_USER_TOKEN
Diffstat (limited to 'source4/libcli/security')
-rw-r--r--source4/libcli/security/create_descriptor.c7
-rw-r--r--source4/libcli/security/security_token.c8
2 files changed, 7 insertions, 8 deletions
diff --git a/source4/libcli/security/create_descriptor.c b/source4/libcli/security/create_descriptor.c
index d64de2fe22..cb52d6502e 100644
--- a/source4/libcli/security/create_descriptor.c
+++ b/source4/libcli/security/create_descriptor.c
@@ -367,7 +367,7 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx,
if ((inherit_flags & SEC_OWNER_FROM_PARENT) && parent_sd) {
new_owner = parent_sd->owner_sid;
} else if (!default_owner) {
- new_owner = token->user_sid;
+ new_owner = token->sids[PRIMARY_USER_SID_INDEX];
} else {
new_owner = default_owner;
new_sd->type |= SEC_DESC_OWNER_DEFAULTED;
@@ -379,8 +379,11 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx,
if (!creator_sd || !creator_sd->group_sid){
if ((inherit_flags & SEC_GROUP_FROM_PARENT) && parent_sd) {
new_group = parent_sd->group_sid;
+ } else if (!default_group && token->sids[PRIMARY_GROUP_SID_INDEX]) {
+ new_group = token->sids[PRIMARY_GROUP_SID_INDEX];
} else if (!default_group) {
- new_group = token->group_sid;
+ /* This will happen only for anonymous, which has no other groups */
+ new_group = token->sids[PRIMARY_USER_SID_INDEX];
} else {
new_group = default_group;
new_sd->type |= SEC_DESC_GROUP_DEFAULTED;
diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c
index 7cfb566b91..f9be977a26 100644
--- a/source4/libcli/security/security_token.c
+++ b/source4/libcli/security/security_token.c
@@ -36,8 +36,6 @@ struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
return NULL;
}
- st->user_sid = NULL;
- st->group_sid = NULL;
st->num_sids = 0;
st->sids = NULL;
st->privilege_mask = 0;
@@ -63,9 +61,7 @@ void security_token_debug(int dbg_lev, const struct security_token *token)
return;
}
- DEBUG(dbg_lev, ("Security token of user %s\n",
- dom_sid_string(mem_ctx, token->user_sid) ));
- DEBUGADD(dbg_lev, (" SIDs (%lu):\n",
+ DEBUG(dbg_lev, ("Security token SIDs (%lu):\n",
(unsigned long)token->num_sids));
for (i = 0; i < token->num_sids; i++) {
DEBUGADD(dbg_lev, (" SID[%3lu]: %s\n", (unsigned long)i,
@@ -81,7 +77,7 @@ void security_token_debug(int dbg_lev, const struct security_token *token)
bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
{
- if (dom_sid_equal(token->user_sid, sid)) {
+ if (token->sids && dom_sid_equal(token->sids[PRIMARY_USER_SID_INDEX], sid)) {
return true;
}
return false;