diff options
32 files changed, 119 insertions, 121 deletions
diff --git a/libgpo/gpext/gpext.c b/libgpo/gpext/gpext.c index 9a09337871..6b81575024 100644 --- a/libgpo/gpext/gpext.c +++ b/libgpo/gpext/gpext.c @@ -594,7 +594,7 @@ NTSTATUS init_gp_extensions(TALLOC_CTX *mem_ctx) } if (!reg_ctx) { - NT_USER_TOKEN *token; + struct security_token *token; token = registry_create_system_token(mem_ctx); NT_STATUS_HAVE_NO_MEMORY(token); @@ -678,7 +678,7 @@ void debug_gpext_header(int lvl, NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t flags, - const NT_USER_TOKEN *token, + const struct security_token *token, struct GROUP_POLICY_OBJECT *gpo_list, const char *extension_guid, const char *snapin_guid) @@ -692,7 +692,7 @@ NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads, NTSTATUS gpext_process_extension(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t flags, - const NT_USER_TOKEN *token, + const struct security_token *token, struct registry_key *root_key, struct GROUP_POLICY_OBJECT *gpo, const char *extension_guid, diff --git a/libgpo/gpext/gpext.h b/libgpo/gpext/gpext.h index 60d9bab8ea..ce999a110e 100644 --- a/libgpo/gpext/gpext.h +++ b/libgpo/gpext/gpext.h @@ -65,7 +65,7 @@ struct gp_extension_methods { TALLOC_CTX *mem_ctx, uint32_t flags, struct registry_key *root_key, - const NT_USER_TOKEN *token, + const struct security_token *token, struct GROUP_POLICY_OBJECT *gpo, const char *extension_guid, const char *snapin_guid); @@ -73,7 +73,7 @@ struct gp_extension_methods { NTSTATUS (*process_group_policy2)(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t flags, - const NT_USER_TOKEN *token, + const struct security_token *token, struct GROUP_POLICY_OBJECT *gpo_list, const char *extension_guid); @@ -109,14 +109,14 @@ void debug_gpext_header(int lvl, NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t flags, - const NT_USER_TOKEN *token, + const struct security_token *token, struct GROUP_POLICY_OBJECT *gpo_list, const char *extension_guid, const char *snapin_guid); NTSTATUS gpext_process_extension(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, uint32_t flags, - const NT_USER_TOKEN *token, + const struct security_token *token, struct registry_key *root_key, struct GROUP_POLICY_OBJECT *gpo, const char *extension_guid, diff --git a/libgpo/gpo.h b/libgpo/gpo.h index ba9e0b7962..e6443825ec 100644 --- a/libgpo/gpo.h +++ b/libgpo/gpo.h @@ -156,7 +156,7 @@ struct gp_registry_entries { }; struct gp_registry_context { - const NT_USER_TOKEN *token; + const struct security_token *token; const char *path; struct registry_key *curr_key; }; @@ -215,18 +215,18 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads, ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *dn, - NT_USER_TOKEN **token); + struct security_token **token); ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *dn, uint32_t flags, - const NT_USER_TOKEN *token, + const struct security_token *token, struct GROUP_POLICY_OBJECT **gpo_list); /* The following definitions come from libgpo/gpo_sec.c */ NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo, - const NT_USER_TOKEN *token); + const struct security_token *token); /* The following definitions come from libgpo/gpo_util.c */ @@ -245,14 +245,14 @@ void dump_gpo_list(ADS_STRUCT *ads, void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link); ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, - const NT_USER_TOKEN *token, + const struct security_token *token, struct registry_key *root_key, struct GROUP_POLICY_OBJECT *gpo, const char *extension_guid_filter, uint32_t flags); ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, - const NT_USER_TOKEN *token, + const struct security_token *token, struct GROUP_POLICY_OBJECT *gpo_list, const char *extensions_guid_filter, uint32_t flags); @@ -282,7 +282,7 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char *dn, - NT_USER_TOKEN **token); + struct security_token **token); #include "../libgpo/gpext/gpext.h" diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c index 26a091d18c..c509642892 100644 --- a/libgpo/gpo_ldap.c +++ b/libgpo/gpo_ldap.c @@ -552,7 +552,7 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads, struct GP_LINK *gp_link, enum GPO_LINK_TYPE link_type, bool only_add_forced_gpos, - const NT_USER_TOKEN *token) + const struct security_token *token) { ADS_STATUS status; int i; @@ -619,7 +619,7 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads, ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *dn, - NT_USER_TOKEN **token) + struct security_token **token) { ADS_STATUS status; struct dom_sid object_sid; @@ -628,7 +628,7 @@ ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads, size_t num_ad_token_sids = 0; struct dom_sid *token_sids; uint32_t num_token_sids = 0; - NT_USER_TOKEN *new_token = NULL; + struct security_token *new_token = NULL; int i; status = ads_get_tokensids(ads, mem_ctx, dn, @@ -710,7 +710,7 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *dn, uint32_t flags, - const NT_USER_TOKEN *token, + const struct security_token *token, struct GROUP_POLICY_OBJECT **gpo_list) { /* (L)ocal (S)ite (D)omain (O)rganizational(U)nit */ diff --git a/libgpo/gpo_sec.c b/libgpo/gpo_sec.c index 6b5e77f20a..099dbaaa77 100644 --- a/libgpo/gpo_sec.c +++ b/libgpo/gpo_sec.c @@ -101,7 +101,7 @@ static bool gpo_sd_check_read_access_bits(uint32_t access_mask) ****************************************************************/ static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace, - const NT_USER_TOKEN *token) + const struct security_token *token) { char *sid_str; @@ -123,7 +123,7 @@ static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace, ****************************************************************/ static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace, - const NT_USER_TOKEN *token) + const struct security_token *token) { char *sid_str; @@ -146,7 +146,7 @@ static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace, ****************************************************************/ static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace, - const NT_USER_TOKEN *token) + const struct security_token *token) { switch (ace->type) { case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: @@ -162,7 +162,7 @@ static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace, ****************************************************************/ NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo, - const NT_USER_TOKEN *token) + const struct security_token *token) { struct security_descriptor *sd = gpo->security_descriptor; struct security_acl *dacl = NULL; diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c index 195f61cf27..3320d97b21 100644 --- a/libgpo/gpo_util.c +++ b/libgpo/gpo_util.c @@ -448,7 +448,7 @@ static bool gpo_get_gp_ext_from_gpo(TALLOC_CTX *mem_ctx, ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, - const NT_USER_TOKEN *token, + const struct security_token *token, struct registry_key *root_key, struct GROUP_POLICY_OBJECT *gpo, const char *extension_guid_filter, @@ -505,7 +505,7 @@ ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads, static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, - const NT_USER_TOKEN *token, + const struct security_token *token, struct registry_key *root_key, struct GROUP_POLICY_OBJECT *gpo_list, const char *extensions_guid, @@ -543,7 +543,7 @@ static ADS_STATUS gpo_process_gpo_list_by_ext(ADS_STRUCT *ads, ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, - const NT_USER_TOKEN *token, + const struct security_token *token, struct GROUP_POLICY_OBJECT *gpo_list, const char *extensions_guid_filter, uint32_t flags) @@ -840,9 +840,9 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char *dn, - NT_USER_TOKEN **token) + struct security_token **token) { - NT_USER_TOKEN *ad_token = NULL; + struct security_token *ad_token = NULL; ADS_STATUS status; #if _SAMBA_BUILD_ == 4 struct auth_session_info *info; diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 9dbe04f4ca..5e3091c7ae 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -388,7 +388,7 @@ bool make_user_info_guest(struct auth_usersupplied_info **user_info) return NT_STATUS_IS_OK(nt_status) ? True : False; } -static NTSTATUS log_nt_token(NT_USER_TOKEN *token) +static NTSTATUS log_nt_token(struct security_token *token) { TALLOC_CTX *frame = talloc_stackframe(); char *command; @@ -929,7 +929,7 @@ const struct auth_serversupplied_info *get_server_info_system(void) bool copy_current_user(struct current_user *dst, struct current_user *src) { gid_t *groups; - NT_USER_TOKEN *nt_token; + struct security_token *nt_token; groups = (gid_t *)memdup(src->ut.groups, sizeof(gid_t) * src->ut.ngroups); diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index e9eee90d70..46637b348b 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -31,10 +31,10 @@ #include "../librpc/gen_ndr/netlogon.h" /**************************************************************************** - Check for a SID in an NT_USER_TOKEN + Check for a SID in an struct security_token ****************************************************************************/ -bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token ) +bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token ) { int i; @@ -49,7 +49,7 @@ bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token return False; } -bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) +bool nt_token_check_domain_rid( struct security_token *token, uint32 rid ) { struct dom_sid domain_sid; @@ -79,7 +79,7 @@ bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) Create a copy if your need to change it. ******************************************************************************/ -NT_USER_TOKEN *get_root_nt_token( void ) +struct security_token *get_root_nt_token( void ) { struct security_token *token, *for_cache; struct dom_sid u_sid, g_sid; @@ -649,10 +649,10 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result, } /**************************************************************************** - prints a NT_USER_TOKEN to debug output. + prints a struct security_token to debug output. ****************************************************************************/ -void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token) +void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token) { size_t i; diff --git a/source3/include/auth.h b/source3/include/auth.h index 659c6be103..94bd026709 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -34,7 +34,7 @@ struct auth_serversupplied_info { /* NT group information taken from the info3 structure */ - NT_USER_TOKEN *ptok; + struct security_token *ptok; /* This is the final session key, as used by SMB signing, and * (truncated to 16 bytes) encryption on the SAMR and LSA pipes diff --git a/source3/include/proto.h b/source3/include/proto.h index 76ef9aa36d..9ee09eb7fe 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -241,9 +241,9 @@ NTSTATUS pass_check(const struct passwd *pass, /* The following definitions come from auth/token_util.c */ -bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token ); -bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ); -NT_USER_TOKEN *get_root_nt_token( void ); +bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token ); +bool nt_token_check_domain_rid( struct security_token *token, uint32 rid ); +struct security_token *get_root_nt_token( void ); NTSTATUS add_aliases(const struct dom_sid *domain_sid, struct security_token *token); NTSTATUS create_builtin_users(const struct dom_sid *sid); @@ -258,7 +258,7 @@ NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx, struct netr_SamInfo3 *info3, struct extra_auth_info *extra, struct security_token **ntok); -void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token); +void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token); void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid, int n_groups, gid_t *groups); @@ -663,8 +663,8 @@ void dump_se_priv( int dbg_cl, int dbg_lvl, const uint64_t *mask ); bool is_privilege_assigned(const uint64_t *privileges, const uint64_t *check); const char* get_privilege_dispname( const char *name ); -bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege); -bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege); +bool user_has_privileges(const struct security_token *token, const uint64_t *privilege); +bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege); int count_all_privileges( void ); struct lsa_LUIDAttribute get_privilege_luid( uint64_t *mask ); const char *luid_to_privilege_name(const struct lsa_LUID *set); @@ -756,7 +756,7 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser size_t *psize); bool set_share_security(const char *share_name, struct security_descriptor *psd); bool delete_share_security(const char *servicename); -bool share_access_check(const NT_USER_TOKEN *token, const char *sharename, +bool share_access_check(const struct security_token *token, const char *sharename, uint32 desired_access); bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd); @@ -1286,12 +1286,12 @@ void smb_nscd_flush_group_cache(void); /* The following definitions come from lib/util_nttoken.c */ -NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken); +struct security_token *dup_nt_token(TALLOC_CTX *mem_ctx, const struct security_token *ptoken); NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx, const struct security_token *token_1, const struct security_token *token_2, struct security_token **token_out); -bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace); +bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace); /* The following definitions come from lib/util_pw.c */ @@ -1314,7 +1314,7 @@ bool pull_reg_multi_sz(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, const char ** void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping); void security_acl_map_generic(struct security_acl *sa, const struct generic_mapping *mapping); void se_map_standard(uint32 *access_mask, const struct standard_mapping *mapping); -NTSTATUS se_access_check(const struct security_descriptor *sd, const NT_USER_TOKEN *token, +NTSTATUS se_access_check(const struct security_descriptor *sd, const struct security_token *token, uint32 acc_desired, uint32 *acc_granted); /* The following definitions come from lib/util_sec.c */ @@ -1339,7 +1339,7 @@ bool is_setuid_root(void) ; /* The following definitions come from lib/util_sid.c */ const char *sid_type_lookup(uint32 sid_type) ; -NT_USER_TOKEN *get_system_token(void) ; +struct security_token *get_system_token(void) ; char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid); char *sid_string_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); char *sid_string_dbg(const struct dom_sid *sid); @@ -1368,7 +1368,7 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx, uint32 rid, uint32 **pp_rids, size_t *p_num); bool is_null_sid(const struct dom_sid *sid); -bool is_sid_in_token(const NT_USER_TOKEN *token, const struct dom_sid *sid); +bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid); NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, struct dom_sid **user_sids, @@ -4450,11 +4450,11 @@ bool init_service_op_table( void ); /* The following definitions come from services/services_db.c */ void svcctl_init_keys( void ); -struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token ); -bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, NT_USER_TOKEN *token ); -const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token ); -const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token ); -struct regval_ctr *svcctl_fetch_regvalues( const char *name, NT_USER_TOKEN *token ); +struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, struct security_token *token ); +bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, struct security_token *token ); +const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, struct security_token *token ); +const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, struct security_token *token ); +struct regval_ctr *svcctl_fetch_regvalues( const char *name, struct security_token *token ); /* The following definitions come from services/svc_netlogon.c */ @@ -5033,7 +5033,7 @@ void reply_nttranss(struct smb_request *req); NTSTATUS smb1_file_se_access_check(connection_struct *conn, const struct security_descriptor *sd, - const NT_USER_TOKEN *token, + const struct security_token *token, uint32_t access_desired, uint32_t *access_granted); NTSTATUS fd_close(files_struct *fsp); @@ -5409,7 +5409,7 @@ void server_encryption_shutdown(void); bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2); bool push_sec_ctx(void); -void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token); +void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token); void set_root_sec_ctx(void); bool pop_sec_ctx(void); void init_sec_ctx(void); @@ -5575,7 +5575,7 @@ bool unbecome_user(void); uid_t get_current_uid(connection_struct *conn); gid_t get_current_gid(connection_struct *conn); const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn); -const NT_USER_TOKEN *get_current_nttok(connection_struct *conn); +const struct security_token *get_current_nttok(connection_struct *conn); uint16_t get_current_vuid(connection_struct *conn); /* The following definitions come from smbd/utmp.c */ @@ -5666,11 +5666,11 @@ struct tevent_req *fncall_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, int fncall_recv(struct tevent_req *req, int *perr); /* The following definitions come from rpc_server/srv_samr_nt.c */ -NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token, +NTSTATUS access_check_object( struct security_descriptor *psd, struct security_token *token, uint64_t *rights, uint32 rights_mask, uint32 des_access, uint32 *acc_granted, const char *debug); -void map_max_allowed_access(const NT_USER_TOKEN *nt_token, +void map_max_allowed_access(const struct security_token *nt_token, const struct unix_user_token *unix_token, uint32_t *pacc_requested); diff --git a/source3/include/registry.h b/source3/include/registry.h index 303b7ed06d..66a364d97d 100644 --- a/source3/include/registry.h +++ b/source3/include/registry.h @@ -49,7 +49,7 @@ struct registry_ops { bool (*store_values)( const char *key, struct regval_ctr *val ); bool (*reg_access_check)( const char *keyname, uint32 requested, uint32 *granted, - const NT_USER_TOKEN *token ); + const struct security_token *token ); WERROR (*get_secdesc)(TALLOC_CTX *mem_ctx, const char *key, struct security_descriptor **psecdesc); WERROR (*set_secdesc)(const char *key, diff --git a/source3/include/smb.h b/source3/include/smb.h index e9b85beab1..62c901c021 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -232,8 +232,6 @@ extern const struct dom_sid global_sid_Unix_Groups; #define PRIMARY_USER_SID_INDEX 0 #define PRIMARY_GROUP_SID_INDEX 1 -typedef struct security_token NT_USER_TOKEN; - typedef struct unix_user_token { uid_t uid; gid_t gid; @@ -551,7 +549,7 @@ struct current_user { connection_struct *conn; uint16 vuid; UNIX_USER_TOKEN ut; - NT_USER_TOKEN *nt_user_token; + struct security_token *nt_user_token; }; struct smbd_smb2_request; diff --git a/source3/lib/privileges_basic.c b/source3/lib/privileges_basic.c index 4922435a95..c6705c5f55 100644 --- a/source3/lib/privileges_basic.c +++ b/source3/lib/privileges_basic.c @@ -281,7 +281,7 @@ const char* get_privilege_dispname( const char *name ) at a time here. *****************************************************************************/ -bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege) +bool user_has_privileges(const struct security_token *token, const uint64_t *privilege) { if ( !token ) return False; @@ -294,7 +294,7 @@ bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege) at a time here. *****************************************************************************/ -bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege) +bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege) { if ( !token ) return False; diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 1b137a66db..3c19e77fcc 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -407,7 +407,7 @@ bool delete_share_security(const char *servicename) Can this user access with share with the required permissions ? ********************************************************************/ -bool share_access_check(const NT_USER_TOKEN *token, const char *sharename, +bool share_access_check(const struct security_token *token, const char *sharename, uint32 desired_access) { uint32 granted; diff --git a/source3/lib/util_nttoken.c b/source3/lib/util_nttoken.c index 3be5634a06..8efebaf9eb 100644 --- a/source3/lib/util_nttoken.c +++ b/source3/lib/util_nttoken.c @@ -31,14 +31,14 @@ Duplicate a SID token. ****************************************************************************/ -NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken) +struct security_token *dup_nt_token(TALLOC_CTX *mem_ctx, const struct security_token *ptoken) { - NT_USER_TOKEN *token; + struct security_token *token; if (!ptoken) return NULL; - token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN); + token = TALLOC_ZERO_P(mem_ctx, struct security_token); if (token == NULL) { DEBUG(0, ("talloc failed\n")); return NULL; @@ -120,7 +120,7 @@ NTSTATUS merge_nt_token(TALLOC_CTX *mem_ctx, Check if this struct security_ace has a SID in common with the token. ********************************************************************/ -bool token_sid_in_ace(const NT_USER_TOKEN *token, const struct security_ace *ace) +bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace) { size_t i; diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index b81db43d03..3bedec6865 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -22,7 +22,7 @@ #include "includes.h" -extern NT_USER_TOKEN anonymous_token; +extern struct security_token anonymous_token; /* Map generic access rights to object specific rights. This technique is used to give meaning to assigning read, write, execute and all access to @@ -106,7 +106,7 @@ void se_map_standard(uint32 *access_mask, const struct standard_mapping *mapping perform a SEC_FLAG_MAXIMUM_ALLOWED access check */ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, - const NT_USER_TOKEN *token) + const struct security_token *token) { uint32_t denied = 0, granted = 0; unsigned i; @@ -154,7 +154,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, to by the access_granted pointer. */ NTSTATUS se_access_check(const struct security_descriptor *sd, - const NT_USER_TOKEN *token, + const struct security_token *token, uint32_t access_desired, uint32_t *access_granted) { diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 459636d5fc..0e5c204378 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -107,11 +107,11 @@ static struct dom_sid anon_sid_array[3] = { { 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}, { 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}, { 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} }; -NT_USER_TOKEN anonymous_token = { 3, anon_sid_array, SE_NONE }; +struct security_token anonymous_token = { 3, anon_sid_array, SE_NONE }; static struct dom_sid system_sid_array[1] = { { 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} }; -NT_USER_TOKEN system_token = { 1, system_sid_array, SE_ALL_PRIVS }; +struct security_token system_token = { 1, system_sid_array, SE_ALL_PRIVS }; /**************************************************************************** Lookup string names for SID types. @@ -153,7 +153,7 @@ const char *sid_type_lookup(uint32 sid_type) Create the SYSTEM token. ***************************************************************************/ -NT_USER_TOKEN *get_system_token(void) +struct security_token *get_system_token(void) { return &system_token; } @@ -668,7 +668,7 @@ bool is_null_sid(const struct dom_sid *sid) return sid_equal(sid, &null_sid); } -bool is_sid_in_token(const NT_USER_TOKEN *token, const struct dom_sid *sid) +bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid) { int i; diff --git a/source3/registry/reg_util_token.c b/source3/registry/reg_util_token.c index f8cd5c590f..898b64b2a7 100644 --- a/source3/registry/reg_util_token.c +++ b/source3/registry/reg_util_token.c @@ -28,16 +28,16 @@ * - disk operators privilege */ NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx, - NT_USER_TOKEN **ptoken) + struct security_token **ptoken) { NTSTATUS status; - NT_USER_TOKEN *token = NULL; + struct security_token *token = NULL; if (ptoken == NULL) { return NT_STATUS_INVALID_PARAMETER; } - token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN); + token = TALLOC_ZERO_P(mem_ctx, struct security_token); if (token == NULL) { DEBUG(1, ("talloc failed\n")); status = NT_STATUS_NO_MEMORY; diff --git a/source3/registry/reg_util_token.h b/source3/registry/reg_util_token.h index 80cec49fcc..558c78728a 100644 --- a/source3/registry/reg_util_token.h +++ b/source3/registry/reg_util_token.h @@ -21,6 +21,6 @@ #define _REG_UTIL_TOKEN_H NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx, - NT_USER_TOKEN **ptoken); + struct security_token **ptoken); #endif /* _REG_UTIL_TOKEN_H */ diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 33212b961f..1fc9337a56 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -69,7 +69,7 @@ static EVENTLOG_INFO *find_eventlog_info_by_hnd( struct pipes_struct * p, /******************************************************************** ********************************************************************/ -static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) +static bool elog_check_access( EVENTLOG_INFO *info, struct security_token *token ) { char *tdbname = elog_tdbname(talloc_tos(), info->logname ); struct security_descriptor *sec_desc; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 87e50a5d40..7755b3b7c3 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -179,7 +179,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, struct security_descriptor level of access for further checks. ********************************************************************/ -NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token, +NTSTATUS access_check_object( struct security_descriptor *psd, struct security_token *token, uint64_t *rights, uint32 rights_mask, uint32 des_access, uint32 *acc_granted, const char *debug ) @@ -241,7 +241,7 @@ done: Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set. ********************************************************************/ -void map_max_allowed_access(const NT_USER_TOKEN *nt_token, +void map_max_allowed_access(const struct security_token *nt_token, const struct unix_user_token *unix_token, uint32_t *pacc_requested) { diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 9a9e3f52f1..58896b3c49 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -150,7 +150,7 @@ const struct standard_mapping printserver_std_mapping = { struct xcv_api_table { const char *name; - WERROR(*fn) (TALLOC_CTX *mem_ctx, NT_USER_TOKEN *token, DATA_BLOB *in, DATA_BLOB *out, uint32_t *needed); + WERROR(*fn) (TALLOC_CTX *mem_ctx, struct security_token *token, DATA_BLOB *in, DATA_BLOB *out, uint32_t *needed); }; static void prune_printername_cache(void); @@ -357,7 +357,7 @@ static bool close_printer_handle(struct pipes_struct *p, struct policy_handle *h Delete a printer given a handle. ****************************************************************************/ -static WERROR delete_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, +static WERROR delete_printer_hook(TALLOC_CTX *ctx, struct security_token *token, const char *sharename, struct messaging_context *msg_ctx) { @@ -5859,7 +5859,7 @@ static bool check_printer_ok(TALLOC_CTX *mem_ctx, /**************************************************************************** ****************************************************************************/ -static WERROR add_port_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *portname, const char *uri) +static WERROR add_port_hook(TALLOC_CTX *ctx, struct security_token *token, const char *portname, const char *uri) { char *cmd = lp_addport_cmd(); char *command = NULL; @@ -5908,7 +5908,7 @@ static WERROR add_port_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *p /**************************************************************************** ****************************************************************************/ -static bool add_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, +static bool add_printer_hook(TALLOC_CTX *ctx, struct security_token *token, struct spoolss_SetPrinterInfo2 *info2, const char *remote_machine, struct messaging_context *msg_ctx) @@ -9540,7 +9540,7 @@ static bool push_monitorui_buf(TALLOC_CTX *mem_ctx, DATA_BLOB *buf, *******************************************************************/ static WERROR xcvtcp_monitorui(TALLOC_CTX *mem_ctx, - NT_USER_TOKEN *token, DATA_BLOB *in, + struct security_token *token, DATA_BLOB *in, DATA_BLOB *out, uint32_t *needed) { const char *dllname = "tcpmonui.dll"; @@ -9595,7 +9595,7 @@ static bool pull_port_data_2(TALLOC_CTX *mem_ctx, *******************************************************************/ static WERROR xcvtcp_addport(TALLOC_CTX *mem_ctx, - NT_USER_TOKEN *token, DATA_BLOB *in, + struct security_token *token, DATA_BLOB *in, DATA_BLOB *out, uint32_t *needed) { struct spoolss_PortData1 port1; @@ -9687,7 +9687,7 @@ struct xcv_api_table xcvtcp_cmds[] = { }; static WERROR process_xcvtcp_command(TALLOC_CTX *mem_ctx, - NT_USER_TOKEN *token, const char *command, + struct security_token *token, const char *command, DATA_BLOB *inbuf, DATA_BLOB *outbuf, uint32_t *needed ) @@ -9709,7 +9709,7 @@ static WERROR process_xcvtcp_command(TALLOC_CTX *mem_ctx, #if 0 /* don't support management using the "Local Port" monitor */ static WERROR xcvlocal_monitorui(TALLOC_CTX *mem_ctx, - NT_USER_TOKEN *token, DATA_BLOB *in, + struct security_token *token, DATA_BLOB *in, DATA_BLOB *out, uint32_t *needed) { const char *dllname = "localui.dll"; @@ -9746,7 +9746,7 @@ struct xcv_api_table xcvlocal_cmds[] = { *******************************************************************/ static WERROR process_xcvlocal_command(TALLOC_CTX *mem_ctx, - NT_USER_TOKEN *token, const char *command, + struct security_token *token, const char *command, DATA_BLOB *inbuf, DATA_BLOB *outbuf, uint32_t *needed) { diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index e605109282..e55978c660 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -123,7 +123,7 @@ static struct service_control_op* find_service_by_name( const char *name ) /******************************************************************** ********************************************************************/ -static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, NT_USER_TOKEN *token, +static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, struct security_token *token, uint32 access_desired, uint32 *access_granted ) { if ( geteuid() == sec_initial_uid() ) { @@ -387,7 +387,7 @@ WERROR _svcctl_QueryServiceStatus(struct pipes_struct *p, /******************************************************************** ********************************************************************/ -static int enumerate_status( TALLOC_CTX *ctx, struct ENUM_SERVICE_STATUSW **status, NT_USER_TOKEN *token ) +static int enumerate_status( TALLOC_CTX *ctx, struct ENUM_SERVICE_STATUSW **status, struct security_token *token ) { int num_services = 0; int i; @@ -430,7 +430,7 @@ WERROR _svcctl_EnumServicesStatusW(struct pipes_struct *p, size_t buffer_size = 0; WERROR result = WERR_OK; SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle ); - NT_USER_TOKEN *token = p->server_info->ptok; + struct security_token *token = p->server_info->ptok; DATA_BLOB blob = data_blob_null; /* perform access checks */ @@ -642,7 +642,7 @@ WERROR _svcctl_QueryServiceStatusEx(struct pipes_struct *p, static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, struct QUERY_SERVICE_CONFIG *config, - NT_USER_TOKEN *token ) + struct security_token *token ) { struct regval_ctr *values; struct regval_blob *val; diff --git a/source3/services/services_db.c b/source3/services/services_db.c index 2672b95bca..0afc6c16b4 100644 --- a/source3/services/services_db.c +++ b/source3/services/services_db.c @@ -502,7 +502,7 @@ void svcctl_init_keys( void ) in case of any failure. ********************************************************************/ -struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token ) +struct security_descriptor *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, struct security_token *token ) { struct registry_key_handle *key = NULL; struct regval_ctr *values = NULL; @@ -564,7 +564,7 @@ done: Wrapper to make storing a Service sd easier ********************************************************************/ -bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, NT_USER_TOKEN *token ) +bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_descriptor *sec_desc, struct security_token *token ) { struct registry_key_handle *key = NULL; WERROR wresult; @@ -618,7 +618,7 @@ bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, struct security_desc /******************************************************************** ********************************************************************/ -const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token ) +const char *svcctl_lookup_dispname(TALLOC_CTX *ctx, const char *name, struct security_token *token ) { const char *display_name = NULL; struct registry_key_handle *key = NULL; @@ -671,7 +671,7 @@ fail: /******************************************************************** ********************************************************************/ -const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *token ) +const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, struct security_token *token ) { const char *description = NULL; struct registry_key_handle *key = NULL; @@ -722,7 +722,7 @@ const char *svcctl_lookup_description(TALLOC_CTX *ctx, const char *name, NT_USER /******************************************************************** ********************************************************************/ -struct regval_ctr *svcctl_fetch_regvalues(const char *name, NT_USER_TOKEN *token) +struct regval_ctr *svcctl_fetch_regvalues(const char *name, struct security_token *token) { struct registry_key_handle *key = NULL; struct regval_ctr *values = NULL; diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index c4d65aa565..923dd1763c 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -85,7 +85,7 @@ extern struct smb_srv_trans_enc_ctx *srv_trans_enc_ctx; struct sec_ctx { UNIX_USER_TOKEN ut; - NT_USER_TOKEN *token; + struct security_token *token; }; /* A stack of security contexts. We include the current context as being the first one, so there is room for another MAX_SEC_CTX_DEPTH more. */ diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 2009d2ab15..e9f0e6cd4f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -56,7 +56,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, NTSTATUS smb1_file_se_access_check(struct connection_struct *conn, const struct security_descriptor *sd, - const NT_USER_TOKEN *token, + const struct security_token *token, uint32_t access_desired, uint32_t *access_granted) { diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 4b9e5d4727..017613cf1e 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -300,7 +300,7 @@ static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *grou Set the current security context to a given user. ****************************************************************************/ -void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token) +void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token) { struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index d7ede293c1..3b40cefd36 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -538,7 +538,7 @@ const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn) return ¤t_user.ut; } -const NT_USER_TOKEN *get_current_nttok(connection_struct *conn) +const struct security_token *get_current_nttok(connection_struct *conn) { return current_user.nt_user_token; } diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 1941418a1b..b06b7f9771 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -26,9 +26,9 @@ /* The following definitions come from auth/token_util.c */ -bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token ); -bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ); -NT_USER_TOKEN *get_root_nt_token( void ); +bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token ); +bool nt_token_check_domain_rid( struct security_token *token, uint32 rid ); +struct security_token *get_root_nt_token( void ); NTSTATUS add_aliases(const struct dom_sid *domain_sid, struct security_token *token); struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx, @@ -36,7 +36,7 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx, bool is_guest, int num_groupsids, const struct dom_sid *groupsids); -void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token); +void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token); void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid, int n_groups, gid_t *groups); diff --git a/source3/utils/net_registry.c b/source3/utils/net_registry.c index f90d05454b..31703223e9 100644 --- a/source3/utils/net_registry.c +++ b/source3/utils/net_registry.c @@ -41,7 +41,7 @@ static WERROR open_hive(TALLOC_CTX *ctx, const char *path, char **subkeyname) { WERROR werr; - NT_USER_TOKEN *token = NULL; + struct security_token *token = NULL; char *hivename = NULL; char *tmp_subkeyname = NULL; TALLOC_CTX *tmp_ctx = talloc_stackframe(); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 4dd00d3dc2..671f7e81e9 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -4114,7 +4114,7 @@ static NTSTATUS rpc_aliaslist_internals(struct net_context *c, return result; } -static void init_user_token(NT_USER_TOKEN *token, struct dom_sid *user_sid) +static void init_user_token(struct security_token *token, struct dom_sid *user_sid) { token->num_sids = 4; @@ -4130,12 +4130,12 @@ static void init_user_token(NT_USER_TOKEN *token, struct dom_sid *user_sid) sid_copy(&token->sids[3], &global_sid_Authenticated_Users); } -static void free_user_token(NT_USER_TOKEN *token) +static void free_user_token(struct security_token *token) { SAFE_FREE(token->sids); } -static void add_sid_to_token(NT_USER_TOKEN *token, struct dom_sid *sid) +static void add_sid_to_token(struct security_token *token, struct dom_sid *sid) { if (is_sid_in_token(token, sid)) return; @@ -4152,7 +4152,7 @@ static void add_sid_to_token(NT_USER_TOKEN *token, struct dom_sid *sid) struct user_token { fstring name; - NT_USER_TOKEN token; + struct security_token token; }; static void dump_user_token(struct user_token *token) @@ -4178,7 +4178,7 @@ static bool is_alias_member(struct dom_sid *sid, struct full_alias *alias) return false; } -static void collect_sid_memberships(NT_USER_TOKEN *token, struct dom_sid sid) +static void collect_sid_memberships(struct security_token *token, struct dom_sid sid) { int i; @@ -4195,7 +4195,7 @@ static void collect_sid_memberships(NT_USER_TOKEN *token, struct dom_sid sid) * add them to the token. */ -static void collect_alias_memberships(NT_USER_TOKEN *token) +static void collect_alias_memberships(struct security_token *token) { int num_global_sids = token->num_sids; int i; @@ -4205,7 +4205,7 @@ static void collect_alias_memberships(NT_USER_TOKEN *token) } } -static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *token) +static bool get_user_sids(const char *domain, const char *user, struct security_token *token) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; enum wbcSidType type; diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index c4f02a07f6..ae6401379a 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -26,9 +26,9 @@ /* The following definitions come from auth/token_util.c */ -bool nt_token_check_sid ( const struct dom_sid *sid, const NT_USER_TOKEN *token ); -bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ); -NT_USER_TOKEN *get_root_nt_token( void ); +bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token *token ); +bool nt_token_check_domain_rid( struct security_token *token, uint32 rid ); +struct security_token *get_root_nt_token( void ); NTSTATUS add_aliases(const struct dom_sid *domain_sid, struct security_token *token); struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx, @@ -36,7 +36,7 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx, bool is_guest, int num_groupsids, const struct dom_sid *groupsids); -void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token); +void debug_nt_user_token(int dbg_class, int dbg_lev, struct security_token *token); void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid, int n_groups, gid_t *groups); |