summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/rpc_ncacn_np.c2
-rw-r--r--source3/rpc_server/rpc_server.c4
-rw-r--r--source3/rpc_server/srv_epmapper.c2
-rw-r--r--source3/rpc_server/srv_eventlog_nt.c4
-rw-r--r--source3/rpc_server/srv_lsa_nt.c16
-rw-r--r--source3/rpc_server/srv_netlog_nt.c4
-rw-r--r--source3/rpc_server/srv_pipe.c4
-rw-r--r--source3/rpc_server/srv_samr_nt.c36
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c38
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c18
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c4
-rw-r--r--source3/rpc_server/srv_winreg_nt.c8
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c16
13 files changed, 78 insertions, 78 deletions
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index c35fa847ad..c5c7f617f8 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -648,7 +648,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
}
/* Send the named_pipe_auth server the user's full token */
- session_info->security_token = server_info->ptok;
+ session_info->security_token = server_info->security_token;
session_info->session_key = server_info->user_session_key;
val.sam3 = server_info->info3;
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index a0da354fd3..992e5a3e82 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -118,10 +118,10 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
return -1;
}
- /* Now override the server_info->ptok with the exact
+ /* Now override the server_info->security_token with the exact
* security_token we were given from the other side,
* regardless of what we just calculated */
- p->server_info->ptok = talloc_move(p->server_info, &session_info->security_token);
+ p->server_info->security_token = talloc_move(p->server_info, &session_info->security_token);
/* Also set the session key to the correct value */
p->server_info->user_session_key = session_info->session_key;
diff --git a/source3/rpc_server/srv_epmapper.c b/source3/rpc_server/srv_epmapper.c
index 58a6e1190f..5bfb176b84 100644
--- a/source3/rpc_server/srv_epmapper.c
+++ b/source3/rpc_server/srv_epmapper.c
@@ -206,7 +206,7 @@ static uint32_t build_ep_list(TALLOC_CTX *mem_ctx,
static bool is_priviledged_pipe(struct auth_serversupplied_info *info) {
/* If the user is not root, or has the system token, fail */
if ((info->utok.uid != sec_initial_uid()) &&
- !security_token_is_system(info->ptok)) {
+ !security_token_is_system(info->security_token)) {
return false;
}
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index 64da67ab7b..ff8a49526e 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -236,7 +236,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct
elog->logname = talloc_strdup( elog, ELOG_APPL );
/* do the access check */
- if ( !elog_check_access( elog, p->server_info->ptok ) ) {
+ if ( !elog_check_access( elog, p->server_info->security_token ) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
@@ -254,7 +254,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct
/* now do the access check. Close the tdb if we fail here */
- if ( !elog_check_access( elog, p->server_info->ptok ) ) {
+ if ( !elog_check_access( elog, p->server_info->security_token ) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index feec3661a2..53baba31ca 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -376,7 +376,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
NTSTATUS status;
/* Work out max allowed. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -390,7 +390,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
return status;
}
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
&acc_granted, "_lsa_OpenPolicy2" );
if (!NT_STATUS_IS_OK(status)) {
@@ -1710,7 +1710,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
}
/* Work out max allowed. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&r->in.access_mask);
@@ -1724,7 +1724,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
return status;
}
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, r->in.access_mask,
&acc_granted, "_lsa_CreateAccount");
if (!NT_STATUS_IS_OK(status)) {
@@ -1779,7 +1779,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
* handle - so don't check against policy handle. */
/* Work out max allowed. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -1794,7 +1794,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
return status;
}
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
&acc_granted, "_lsa_OpenAccount" );
if (!NT_STATUS_IS_OK(status)) {
@@ -2153,7 +2153,7 @@ NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p,
* on the account sid. We don't check here so just use the latter. JRA.
*/
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW,
&acc_granted, "_lsa_AddAccountRights" );
@@ -2223,7 +2223,7 @@ NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p,
* and DELETE on the account sid.
*/
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
LSA_ACCOUNT_VIEW|SEC_STD_DELETE,
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index b366af7224..b55c74adfc 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -208,8 +208,8 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
case NETLOGON_CONTROL_CHANGE_PASSWORD:
case NETLOGON_CONTROL_REDISCOVER:
if ((geteuid() != sec_initial_uid()) &&
- !nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_RID_ADMINS) &&
- !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->ptok) &&
+ !nt_token_check_domain_rid(p->server_info->security_token, DOMAIN_RID_ADMINS) &&
+ !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->security_token) &&
!(acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST))) {
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 98de58c557..57b5a0fac5 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -657,7 +657,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
return false;
}
- if ((*server_info)->ptok == NULL) {
+ if ((*server_info)->security_token == NULL) {
DEBUG(1, ("Auth module failed to provide nt_user_token\n"));
return false;
}
@@ -752,7 +752,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx,
return status;
}
- if ((*server_info)->ptok == NULL) {
+ if ((*server_info)->security_token == NULL) {
status = create_local_token(*server_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to create local user token (%s)\n",
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 5087ec322a..4e6d94d957 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -561,7 +561,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
}
/*check if access can be granted as requested by client. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -572,7 +572,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
* Users with SeAddUser get the ability to manipulate groups
* and aliases.
*/
- if (security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) {
+ if (security_token_has_privilege(p->server_info->security_token, SEC_PRIV_ADD_USERS)) {
extra_access |= (SAMR_DOMAIN_ACCESS_CREATE_GROUP |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
@@ -585,7 +585,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
* SAMR_DOMAIN_ACCESS_CREATE_USER access.
*/
- status = access_check_object( psd, p->server_info->ptok,
+ status = access_check_object( psd, p->server_info->security_token,
SEC_PRIV_MACHINE_ACCOUNT, SEC_PRIV_ADD_USERS,
extra_access, des_access,
&acc_granted, "_samr_OpenDomain" );
@@ -2296,7 +2296,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
return NT_STATUS_NO_SUCH_USER;
/* check if access can be granted as requested by client. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -2345,7 +2345,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
* DOMAIN_RID_ADMINS.
*/
if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
- if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok,
+ if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->security_token,
DOMAIN_RID_ADMINS)) {
des_access &= ~GENERIC_RIGHTS_USER_WRITE;
extra_access = GENERIC_RIGHTS_USER_WRITE;
@@ -2358,7 +2358,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
TALLOC_FREE(sampass);
- nt_status = access_check_object(psd, p->server_info->ptok,
+ nt_status = access_check_object(psd, p->server_info->security_token,
needed_priv_1, needed_priv_2,
GENERIC_RIGHTS_USER_WRITE, des_access,
&acc_granted, "_samr_OpenUser");
@@ -3860,19 +3860,19 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
can_add_account = true;
} else if (acb_info & ACB_WSTRUST) {
needed_priv = SEC_PRIV_MACHINE_ACCOUNT;
- can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT);
+ can_add_account = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_MACHINE_ACCOUNT);
} else if (acb_info & ACB_NORMAL &&
(account[strlen(account)-1] != '$')) {
/* usrmgr.exe (and net rpc trustdom grant) creates a normal user
account for domain trusts and changes the ACB flags later */
needed_priv = SEC_PRIV_ADD_USERS;
- can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS);
+ can_add_account = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_ADD_USERS);
} else if (lp_enable_privileges()) {
/* implicit assumption of a BDC or domain trust account here
* (we already check the flags earlier) */
/* only Domain Admins can add a BDC or domain trust */
can_add_account = nt_token_check_domain_rid(
- p->server_info->ptok,
+ p->server_info->security_token,
DOMAIN_RID_ADMINS );
}
@@ -3902,7 +3902,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
sid_compose(&sid, get_global_sam_sid(), *r->out.rid);
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -3917,7 +3917,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
* just assume we have all the rights we need ?
*/
- nt_status = access_check_object(psd, p->server_info->ptok,
+ nt_status = access_check_object(psd, p->server_info->security_token,
needed_priv, SEC_PRIV_INVALID,
GENERIC_RIGHTS_USER_WRITE, des_access,
&acc_granted, "_samr_CreateUser2");
@@ -3985,7 +3985,7 @@ NTSTATUS _samr_Connect(struct pipes_struct *p,
was observed from a win98 client trying to enumerate users (when configured
user level access control on shares) --jerry */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
@@ -4047,14 +4047,14 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
se_map_generic(&des_access, &sam_generic_mapping);
- nt_status = access_check_object(psd, p->server_info->ptok,
+ nt_status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID,
0, des_access, &acc_granted, fn);
@@ -4262,14 +4262,14 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p,
/*check if access can be granted as requested by client. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0);
se_map_generic(&des_access,&ali_generic_mapping);
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID,
GENERIC_RIGHTS_ALIAS_ALL_ACCESS,
des_access, &acc_granted, "_samr_OpenAlias");
@@ -6336,14 +6336,14 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
}
/*check if access can be granted as requested by client. */
- map_max_allowed_access(p->server_info->ptok,
+ map_max_allowed_access(p->server_info->security_token,
&p->server_info->utok,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0);
se_map_generic(&des_access,&grp_generic_mapping);
- status = access_check_object(psd, p->server_info->ptok,
+ status = access_check_object(psd, p->server_info->security_token,
SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID, GENERIC_RIGHTS_GROUP_ALL_ACCESS,
des_access, &acc_granted, "_samr_OpenGroup");
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index a06e643cb8..e2fc670d50 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -462,7 +462,7 @@ static WERROR delete_printer_handle(struct pipes_struct *p, struct policy_handle
return WERR_BADFID;
}
- result = delete_printer_hook(p->mem_ctx, p->server_info->ptok,
+ result = delete_printer_hook(p->mem_ctx, p->server_info->security_token,
Printer->sharename, p->msg_ctx);
if (!W_ERROR_IS_OK(result)) {
return result;
@@ -1802,13 +1802,13 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
- !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->ptok) &&
+ !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
+ !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->security_token) &&
!token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(snum))) {
close_printer_handle(p, r->out.handle);
ZERO_STRUCTP(r->out.handle);
@@ -1874,7 +1874,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
}
if (!user_ok_token(uidtoname(p->server_info->utok.uid), NULL,
- p->server_info->ptok, snum) ||
+ p->server_info->security_token, snum) ||
!print_access_check(p->server_info,
p->msg_ctx,
snum,
@@ -2050,12 +2050,12 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
and not a printer admin, then fail */
if ( (p->server_info->utok.uid != sec_initial_uid())
- && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR)
+ && !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
@@ -2155,12 +2155,12 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
and not a printer admin, then fail */
if ( (p->server_info->utok.uid != sec_initial_uid())
- && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR)
+ && !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok, lp_printer_admin(-1)) )
+ p->server_info->security_token, lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
}
@@ -6519,7 +6519,7 @@ static WERROR update_printer(struct pipes_struct *p,
!strequal(printer->location, old_printer->location)) )
{
/* add_printer_hook() will call reload_services() */
- if (!add_printer_hook(tmp_ctx, p->server_info->ptok,
+ if (!add_printer_hook(tmp_ctx, p->server_info->security_token,
printer, p->client_id->addr,
p->msg_ctx)) {
result = WERR_ACCESS_DENIED;
@@ -7836,7 +7836,7 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p,
trying to add a printer like this --jerry */
if (*lp_addprinter_cmd() ) {
- if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok,
+ if ( !add_printer_hook(p->mem_ctx, p->server_info->security_token,
info2, p->client_id->addr,
p->msg_ctx) ) {
return WERR_ACCESS_DENIED;
@@ -8428,11 +8428,11 @@ WERROR _spoolss_AddForm(struct pipes_struct *p,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
@@ -8496,11 +8496,11 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p,
}
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
@@ -8560,11 +8560,11 @@ WERROR _spoolss_SetForm(struct pipes_struct *p,
and not a printer admin, then fail */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
NULL,
- p->server_info->ptok,
+ p->server_info->security_token,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
@@ -9984,14 +9984,14 @@ WERROR _spoolss_XcvData(struct pipes_struct *p,
switch ( Printer->printer_type ) {
case SPLHND_PORTMON_TCP:
werror = process_xcvtcp_command(p->mem_ctx,
- p->server_info->ptok,
+ p->server_info->security_token,
r->in.function_name,
&r->in.in_data, &out_data,
r->out.needed);
break;
case SPLHND_PORTMON_LOCAL:
werror = process_xcvlocal_command(p->mem_ctx,
- p->server_info->ptok,
+ p->server_info->security_token,
r->in.function_name,
&r->in.in_data, &out_data,
r->out.needed);
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index fe325d2a33..d5858ca418 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -520,7 +520,7 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
if (!lp_access_based_share_enum(snum))
return true;
- return share_access_check(p->server_info->ptok, lp_servicename(snum),
+ return share_access_check(p->server_info->security_token, lp_servicename(snum),
FILE_READ_DATA);
}
@@ -1055,7 +1055,7 @@ WERROR _srvsvc_NetFileEnum(struct pipes_struct *p,
}
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1, ("Enumerating files only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
@@ -1214,7 +1214,7 @@ WERROR _srvsvc_NetConnEnum(struct pipes_struct *p,
DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__));
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1, ("Enumerating connections only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
@@ -1252,7 +1252,7 @@ WERROR _srvsvc_NetSessEnum(struct pipes_struct *p,
DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__));
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1, ("Enumerating sessions only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
@@ -1311,7 +1311,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p,
/* fail out now if you are not root or not a domain admin */
if ((p->server_info->utok.uid != sec_initial_uid()) &&
- ( ! nt_token_check_domain_rid(p->server_info->ptok,
+ ( ! nt_token_check_domain_rid(p->server_info->security_token,
DOMAIN_RID_ADMINS))) {
goto done;
@@ -1579,7 +1579,7 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p,
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR);
/* fail out now if you are not root and not a disk op */
@@ -1782,7 +1782,7 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p,
*r->out.parm_error = 0;
}
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR);
if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
@@ -1988,7 +1988,7 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p,
if (lp_print_ok(snum))
return WERR_ACCESS_DENIED;
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR);
if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
@@ -2554,7 +2554,7 @@ WERROR _srvsvc_NetFileClose(struct pipes_struct *p,
DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
- is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR);
+ is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR);
if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) {
return WERR_ACCESS_DENIED;
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index e8e55ca981..b6984d0c5f 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -278,7 +278,7 @@ WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p,
return WERR_NOMEM;
se_map_generic( &r->in.access_mask, &scm_generic_map );
- status = svcctl_access_check( sec_desc, p->server_info->ptok,
+ status = svcctl_access_check( sec_desc, p->server_info->security_token,
r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
@@ -324,7 +324,7 @@ WERROR _svcctl_OpenServiceW(struct pipes_struct *p,
}
se_map_generic( &r->in.access_mask, &svc_generic_map );
- status = svcctl_access_check( sec_desc, p->server_info->ptok,
+ status = svcctl_access_check( sec_desc, p->server_info->security_token,
r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index 298f33ab70..91f050a099 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -68,7 +68,7 @@ static WERROR open_registry_key(struct pipes_struct *p,
if (parent == NULL) {
result = reg_openhive(p->mem_ctx, subkeyname, access_desired,
- p->server_info->ptok, &key);
+ p->server_info->security_token, &key);
}
else {
result = reg_openkey(p->mem_ctx, parent, subkeyname,
@@ -577,7 +577,7 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p,
return WERR_NOMEM;
}
- can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN);
+ can_shutdown = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN);
/* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root
Take the error return from the script and provide it as the Windows return code. */
@@ -614,7 +614,7 @@ WERROR _winreg_AbortSystemShutdown(struct pipes_struct *p,
if (!*abort_shutdown_script)
return WERR_ACCESS_DENIED;
- can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN);
+ can_shutdown = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN);
/********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
@@ -704,7 +704,7 @@ WERROR _winreg_RestoreKey(struct pipes_struct *p,
/* user must posses SeRestorePrivilege for this this proceed */
- if ( !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_RESTORE)) {
+ if ( !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_RESTORE)) {
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index 000b605913..3926ceb27a 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -352,7 +352,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
case 101:
/* Level 101 can be allowed from any logged in user */
if (!nt_token_check_sid(&global_sid_Authenticated_Users,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1,("User not allowed for NetWkstaGetInfo level "
"101\n"));
DEBUGADD(3,(" - does not have sid for Authenticated "
@@ -360,7 +360,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
sid_string_dbg(
&global_sid_Authenticated_Users)));
security_token_debug(DBGC_CLASS, 3,
- p->server_info->ptok);
+ p->server_info->security_token);
return WERR_ACCESS_DENIED;
}
r->out.info->info101 = create_wks_info_101(p->mem_ctx);
@@ -371,14 +371,14 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
case 102:
/* Level 102 Should only be allowed from a domain administrator */
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1,("User not allowed for NetWkstaGetInfo level "
"102\n"));
DEBUGADD(3,(" - does not have sid for Administrators "
"group %s, sids are:\n",
sid_string_dbg(&global_sid_Builtin_Administrators)));
security_token_debug(DBGC_CLASS, 3,
- p->server_info->ptok);
+ p->server_info->security_token);
return WERR_ACCESS_DENIED;
}
r->out.info->info102 = create_wks_info_102(p->mem_ctx);
@@ -557,12 +557,12 @@ WERROR _wkssvc_NetWkstaEnumUsers(struct pipes_struct *p,
{
/* This with any level should only be allowed from a domain administrator */
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
- p->server_info->ptok)) {
+ p->server_info->security_token)) {
DEBUG(1,("User not allowed for NetWkstaEnumUsers\n"));
DEBUGADD(3,(" - does not have sid for Administrators group "
"%s\n", sid_string_dbg(
&global_sid_Builtin_Administrators)));
- security_token_debug(DBGC_CLASS, 3, p->server_info->ptok);
+ security_token_debug(DBGC_CLASS, 3, p->server_info->security_token);
return WERR_ACCESS_DENIED;
}
@@ -813,7 +813,7 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- struct security_token *token = p->server_info->ptok;
+ struct security_token *token = p->server_info->security_token;
if (!r->in.domain_name) {
return WERR_INVALID_PARAM;
@@ -888,7 +888,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
- struct security_token *token = p->server_info->ptok;
+ struct security_token *token = p->server_info->security_token;
if (!r->in.account || !r->in.encrypted_password) {
return WERR_INVALID_PARAM;
generated by cgit (git 2.34.1) at 2024-07-02 05:08:49 +0000