diff options
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/rpc_ncacn_np.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/rpc_server.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_epmapper.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_eventlog_nt.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 16 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 36 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 38 | ||||
-rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 18 | ||||
-rw-r--r-- | source3/rpc_server/srv_svcctl_nt.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_winreg_nt.c | 8 | ||||
-rw-r--r-- | source3/rpc_server/srv_wkssvc_nt.c | 16 |
13 files changed, 78 insertions, 78 deletions
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index c35fa847ad..c5c7f617f8 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -648,7 +648,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, } /* Send the named_pipe_auth server the user's full token */ - session_info->security_token = server_info->ptok; + session_info->security_token = server_info->security_token; session_info->session_key = server_info->user_session_key; val.sam3 = server_info->info3; diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index a0da354fd3..992e5a3e82 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -118,10 +118,10 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, return -1; } - /* Now override the server_info->ptok with the exact + /* Now override the server_info->security_token with the exact * security_token we were given from the other side, * regardless of what we just calculated */ - p->server_info->ptok = talloc_move(p->server_info, &session_info->security_token); + p->server_info->security_token = talloc_move(p->server_info, &session_info->security_token); /* Also set the session key to the correct value */ p->server_info->user_session_key = session_info->session_key; diff --git a/source3/rpc_server/srv_epmapper.c b/source3/rpc_server/srv_epmapper.c index 58a6e1190f..5bfb176b84 100644 --- a/source3/rpc_server/srv_epmapper.c +++ b/source3/rpc_server/srv_epmapper.c @@ -206,7 +206,7 @@ static uint32_t build_ep_list(TALLOC_CTX *mem_ctx, static bool is_priviledged_pipe(struct auth_serversupplied_info *info) { /* If the user is not root, or has the system token, fail */ if ((info->utok.uid != sec_initial_uid()) && - !security_token_is_system(info->ptok)) { + !security_token_is_system(info->security_token)) { return false; } diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 64da67ab7b..ff8a49526e 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -236,7 +236,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct elog->logname = talloc_strdup( elog, ELOG_APPL ); /* do the access check */ - if ( !elog_check_access( elog, p->server_info->ptok ) ) { + if ( !elog_check_access( elog, p->server_info->security_token ) ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } @@ -254,7 +254,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct /* now do the access check. Close the tdb if we fail here */ - if ( !elog_check_access( elog, p->server_info->ptok ) ) { + if ( !elog_check_access( elog, p->server_info->security_token ) ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index feec3661a2..53baba31ca 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -376,7 +376,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p, NTSTATUS status; /* Work out max allowed. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -390,7 +390,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p, return status; } - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access, &acc_granted, "_lsa_OpenPolicy2" ); if (!NT_STATUS_IS_OK(status)) { @@ -1710,7 +1710,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p, } /* Work out max allowed. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &r->in.access_mask); @@ -1724,7 +1724,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p, return status; } - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, r->in.access_mask, &acc_granted, "_lsa_CreateAccount"); if (!NT_STATUS_IS_OK(status)) { @@ -1779,7 +1779,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p, * handle - so don't check against policy handle. */ /* Work out max allowed. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -1794,7 +1794,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p, return status; } - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access, &acc_granted, "_lsa_OpenAccount" ); if (!NT_STATUS_IS_OK(status)) { @@ -2153,7 +2153,7 @@ NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p, * on the account sid. We don't check here so just use the latter. JRA. */ - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW, &acc_granted, "_lsa_AddAccountRights" ); @@ -2223,7 +2223,7 @@ NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p, * and DELETE on the account sid. */ - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| LSA_ACCOUNT_VIEW|SEC_STD_DELETE, diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index b366af7224..b55c74adfc 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -208,8 +208,8 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p, case NETLOGON_CONTROL_CHANGE_PASSWORD: case NETLOGON_CONTROL_REDISCOVER: if ((geteuid() != sec_initial_uid()) && - !nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_RID_ADMINS) && - !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->ptok) && + !nt_token_check_domain_rid(p->server_info->security_token, DOMAIN_RID_ADMINS) && + !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->security_token) && !(acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST))) { return WERR_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 98de58c557..57b5a0fac5 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -657,7 +657,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx, return false; } - if ((*server_info)->ptok == NULL) { + if ((*server_info)->security_token == NULL) { DEBUG(1, ("Auth module failed to provide nt_user_token\n")); return false; } @@ -752,7 +752,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx, return status; } - if ((*server_info)->ptok == NULL) { + if ((*server_info)->security_token == NULL) { status = create_local_token(*server_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to create local user token (%s)\n", diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 5087ec322a..4e6d94d957 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -561,7 +561,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, } /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -572,7 +572,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, * Users with SeAddUser get the ability to manipulate groups * and aliases. */ - if (security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) { + if (security_token_has_privilege(p->server_info->security_token, SEC_PRIV_ADD_USERS)) { extra_access |= (SAMR_DOMAIN_ACCESS_CREATE_GROUP | SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | @@ -585,7 +585,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, * SAMR_DOMAIN_ACCESS_CREATE_USER access. */ - status = access_check_object( psd, p->server_info->ptok, + status = access_check_object( psd, p->server_info->security_token, SEC_PRIV_MACHINE_ACCOUNT, SEC_PRIV_ADD_USERS, extra_access, des_access, &acc_granted, "_samr_OpenDomain" ); @@ -2296,7 +2296,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, return NT_STATUS_NO_SUCH_USER; /* check if access can be granted as requested by client. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -2345,7 +2345,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, * DOMAIN_RID_ADMINS. */ if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) { - if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok, + if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->security_token, DOMAIN_RID_ADMINS)) { des_access &= ~GENERIC_RIGHTS_USER_WRITE; extra_access = GENERIC_RIGHTS_USER_WRITE; @@ -2358,7 +2358,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, TALLOC_FREE(sampass); - nt_status = access_check_object(psd, p->server_info->ptok, + nt_status = access_check_object(psd, p->server_info->security_token, needed_priv_1, needed_priv_2, GENERIC_RIGHTS_USER_WRITE, des_access, &acc_granted, "_samr_OpenUser"); @@ -3860,19 +3860,19 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, can_add_account = true; } else if (acb_info & ACB_WSTRUST) { needed_priv = SEC_PRIV_MACHINE_ACCOUNT; - can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT); + can_add_account = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_MACHINE_ACCOUNT); } else if (acb_info & ACB_NORMAL && (account[strlen(account)-1] != '$')) { /* usrmgr.exe (and net rpc trustdom grant) creates a normal user account for domain trusts and changes the ACB flags later */ needed_priv = SEC_PRIV_ADD_USERS; - can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS); + can_add_account = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_ADD_USERS); } else if (lp_enable_privileges()) { /* implicit assumption of a BDC or domain trust account here * (we already check the flags earlier) */ /* only Domain Admins can add a BDC or domain trust */ can_add_account = nt_token_check_domain_rid( - p->server_info->ptok, + p->server_info->security_token, DOMAIN_RID_ADMINS ); } @@ -3902,7 +3902,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, sid_compose(&sid, get_global_sam_sid(), *r->out.rid); - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -3917,7 +3917,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, * just assume we have all the rights we need ? */ - nt_status = access_check_object(psd, p->server_info->ptok, + nt_status = access_check_object(psd, p->server_info->security_token, needed_priv, SEC_PRIV_INVALID, GENERIC_RIGHTS_USER_WRITE, des_access, &acc_granted, "_samr_CreateUser2"); @@ -3985,7 +3985,7 @@ NTSTATUS _samr_Connect(struct pipes_struct *p, was observed from a win98 client trying to enumerate users (when configured user level access control on shares) --jerry */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -4047,14 +4047,14 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); se_map_generic(&des_access, &sam_generic_mapping); - nt_status = access_check_object(psd, p->server_info->ptok, + nt_status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access, &acc_granted, fn); @@ -4262,14 +4262,14 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p, /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0); se_map_generic(&des_access,&ali_generic_mapping); - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID, GENERIC_RIGHTS_ALIAS_ALL_ACCESS, des_access, &acc_granted, "_samr_OpenAlias"); @@ -6336,14 +6336,14 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, } /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0); se_map_generic(&des_access,&grp_generic_mapping); - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID, GENERIC_RIGHTS_GROUP_ALL_ACCESS, des_access, &acc_granted, "_samr_OpenGroup"); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index a06e643cb8..e2fc670d50 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -462,7 +462,7 @@ static WERROR delete_printer_handle(struct pipes_struct *p, struct policy_handle return WERR_BADFID; } - result = delete_printer_hook(p->mem_ctx, p->server_info->ptok, + result = delete_printer_hook(p->mem_ctx, p->server_info->security_token, Printer->sharename, p->msg_ctx); if (!W_ERROR_IS_OK(result)) { return result; @@ -1802,13 +1802,13 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, and not a printer admin, then fail */ if ((p->server_info->utok.uid != sec_initial_uid()) && - !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) && - !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->ptok) && + !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && + !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->security_token) && !token_contains_name_in_list( uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(snum))) { close_printer_handle(p, r->out.handle); ZERO_STRUCTP(r->out.handle); @@ -1874,7 +1874,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, } if (!user_ok_token(uidtoname(p->server_info->utok.uid), NULL, - p->server_info->ptok, snum) || + p->server_info->security_token, snum) || !print_access_check(p->server_info, p->msg_ctx, snum, @@ -2050,12 +2050,12 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p, and not a printer admin, then fail */ if ( (p->server_info->utok.uid != sec_initial_uid()) - && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) + && !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(-1)) ) { return WERR_ACCESS_DENIED; @@ -2155,12 +2155,12 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p, and not a printer admin, then fail */ if ( (p->server_info->utok.uid != sec_initial_uid()) - && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) + && !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, lp_printer_admin(-1)) ) + p->server_info->security_token, lp_printer_admin(-1)) ) { return WERR_ACCESS_DENIED; } @@ -6519,7 +6519,7 @@ static WERROR update_printer(struct pipes_struct *p, !strequal(printer->location, old_printer->location)) ) { /* add_printer_hook() will call reload_services() */ - if (!add_printer_hook(tmp_ctx, p->server_info->ptok, + if (!add_printer_hook(tmp_ctx, p->server_info->security_token, printer, p->client_id->addr, p->msg_ctx)) { result = WERR_ACCESS_DENIED; @@ -7836,7 +7836,7 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p, trying to add a printer like this --jerry */ if (*lp_addprinter_cmd() ) { - if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok, + if ( !add_printer_hook(p->mem_ctx, p->server_info->security_token, info2, p->client_id->addr, p->msg_ctx) ) { return WERR_ACCESS_DENIED; @@ -8428,11 +8428,11 @@ WERROR _spoolss_AddForm(struct pipes_struct *p, and not a printer admin, then fail */ if ((p->server_info->utok.uid != sec_initial_uid()) && - !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) && + !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(snum))) { DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n")); return WERR_ACCESS_DENIED; @@ -8496,11 +8496,11 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p, } if ((p->server_info->utok.uid != sec_initial_uid()) && - !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) && + !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(snum))) { DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n")); return WERR_ACCESS_DENIED; @@ -8560,11 +8560,11 @@ WERROR _spoolss_SetForm(struct pipes_struct *p, and not a printer admin, then fail */ if ((p->server_info->utok.uid != sec_initial_uid()) && - !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) && + !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(snum))) { DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n")); return WERR_ACCESS_DENIED; @@ -9984,14 +9984,14 @@ WERROR _spoolss_XcvData(struct pipes_struct *p, switch ( Printer->printer_type ) { case SPLHND_PORTMON_TCP: werror = process_xcvtcp_command(p->mem_ctx, - p->server_info->ptok, + p->server_info->security_token, r->in.function_name, &r->in.in_data, &out_data, r->out.needed); break; case SPLHND_PORTMON_LOCAL: werror = process_xcvlocal_command(p->mem_ctx, - p->server_info->ptok, + p->server_info->security_token, r->in.function_name, &r->in.in_data, &out_data, r->out.needed); diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index fe325d2a33..d5858ca418 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -520,7 +520,7 @@ static bool is_enumeration_allowed(struct pipes_struct *p, if (!lp_access_based_share_enum(snum)) return true; - return share_access_check(p->server_info->ptok, lp_servicename(snum), + return share_access_check(p->server_info->security_token, lp_servicename(snum), FILE_READ_DATA); } @@ -1055,7 +1055,7 @@ WERROR _srvsvc_NetFileEnum(struct pipes_struct *p, } if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1, ("Enumerating files only allowed for " "administrators\n")); return WERR_ACCESS_DENIED; @@ -1214,7 +1214,7 @@ WERROR _srvsvc_NetConnEnum(struct pipes_struct *p, DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__)); if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1, ("Enumerating connections only allowed for " "administrators\n")); return WERR_ACCESS_DENIED; @@ -1252,7 +1252,7 @@ WERROR _srvsvc_NetSessEnum(struct pipes_struct *p, DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__)); if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1, ("Enumerating sessions only allowed for " "administrators\n")); return WERR_ACCESS_DENIED; @@ -1311,7 +1311,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p, /* fail out now if you are not root or not a domain admin */ if ((p->server_info->utok.uid != sec_initial_uid()) && - ( ! nt_token_check_domain_rid(p->server_info->ptok, + ( ! nt_token_check_domain_rid(p->server_info->security_token, DOMAIN_RID_ADMINS))) { goto done; @@ -1579,7 +1579,7 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p, if (lp_print_ok(snum)) return WERR_ACCESS_DENIED; - is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR); + is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR); /* fail out now if you are not root and not a disk op */ @@ -1782,7 +1782,7 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p, *r->out.parm_error = 0; } - is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR); + is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR); if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; @@ -1988,7 +1988,7 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p, if (lp_print_ok(snum)) return WERR_ACCESS_DENIED; - is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR); + is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR); if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; @@ -2554,7 +2554,7 @@ WERROR _srvsvc_NetFileClose(struct pipes_struct *p, DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__)); - is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR); + is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR); if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) { return WERR_ACCESS_DENIED; diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index e8e55ca981..b6984d0c5f 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -278,7 +278,7 @@ WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p, return WERR_NOMEM; se_map_generic( &r->in.access_mask, &scm_generic_map ); - status = svcctl_access_check( sec_desc, p->server_info->ptok, + status = svcctl_access_check( sec_desc, p->server_info->security_token, r->in.access_mask, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); @@ -324,7 +324,7 @@ WERROR _svcctl_OpenServiceW(struct pipes_struct *p, } se_map_generic( &r->in.access_mask, &svc_generic_map ); - status = svcctl_access_check( sec_desc, p->server_info->ptok, + status = svcctl_access_check( sec_desc, p->server_info->security_token, r->in.access_mask, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index 298f33ab70..91f050a099 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -68,7 +68,7 @@ static WERROR open_registry_key(struct pipes_struct *p, if (parent == NULL) { result = reg_openhive(p->mem_ctx, subkeyname, access_desired, - p->server_info->ptok, &key); + p->server_info->security_token, &key); } else { result = reg_openkey(p->mem_ctx, parent, subkeyname, @@ -577,7 +577,7 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p, return WERR_NOMEM; } - can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN); + can_shutdown = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN); /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root Take the error return from the script and provide it as the Windows return code. */ @@ -614,7 +614,7 @@ WERROR _winreg_AbortSystemShutdown(struct pipes_struct *p, if (!*abort_shutdown_script) return WERR_ACCESS_DENIED; - can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN); + can_shutdown = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN); /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ @@ -704,7 +704,7 @@ WERROR _winreg_RestoreKey(struct pipes_struct *p, /* user must posses SeRestorePrivilege for this this proceed */ - if ( !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_RESTORE)) { + if ( !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_RESTORE)) { return WERR_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index 000b605913..3926ceb27a 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -352,7 +352,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p, case 101: /* Level 101 can be allowed from any logged in user */ if (!nt_token_check_sid(&global_sid_Authenticated_Users, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1,("User not allowed for NetWkstaGetInfo level " "101\n")); DEBUGADD(3,(" - does not have sid for Authenticated " @@ -360,7 +360,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p, sid_string_dbg( &global_sid_Authenticated_Users))); security_token_debug(DBGC_CLASS, 3, - p->server_info->ptok); + p->server_info->security_token); return WERR_ACCESS_DENIED; } r->out.info->info101 = create_wks_info_101(p->mem_ctx); @@ -371,14 +371,14 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p, case 102: /* Level 102 Should only be allowed from a domain administrator */ if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1,("User not allowed for NetWkstaGetInfo level " "102\n")); DEBUGADD(3,(" - does not have sid for Administrators " "group %s, sids are:\n", sid_string_dbg(&global_sid_Builtin_Administrators))); security_token_debug(DBGC_CLASS, 3, - p->server_info->ptok); + p->server_info->security_token); return WERR_ACCESS_DENIED; } r->out.info->info102 = create_wks_info_102(p->mem_ctx); @@ -557,12 +557,12 @@ WERROR _wkssvc_NetWkstaEnumUsers(struct pipes_struct *p, { /* This with any level should only be allowed from a domain administrator */ if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1,("User not allowed for NetWkstaEnumUsers\n")); DEBUGADD(3,(" - does not have sid for Administrators group " "%s\n", sid_string_dbg( &global_sid_Builtin_Administrators))); - security_token_debug(DBGC_CLASS, 3, p->server_info->ptok); + security_token_debug(DBGC_CLASS, 3, p->server_info->security_token); return WERR_ACCESS_DENIED; } @@ -813,7 +813,7 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p, char *admin_domain = NULL; char *admin_account = NULL; WERROR werr; - struct security_token *token = p->server_info->ptok; + struct security_token *token = p->server_info->security_token; if (!r->in.domain_name) { return WERR_INVALID_PARAM; @@ -888,7 +888,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p, char *admin_domain = NULL; char *admin_account = NULL; WERROR werr; - struct security_token *token = p->server_info->ptok; + struct security_token *token = p->server_info->security_token; if (!r->in.account || !r->in.encrypted_password) { return WERR_INVALID_PARAM; |