summaryrefslogtreecommitdiff
path: root/source4/libcli/security
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/security')
-rw-r--r--source4/libcli/security/security_token.c45
1 files changed, 25 insertions, 20 deletions
diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c
index 7bd533dbee..b9baf796df 100644
--- a/source4/libcli/security/security_token.c
+++ b/source4/libcli/security/security_token.c
@@ -4,6 +4,7 @@
security descriptror utility functions
Copyright (C) Andrew Tridgell 2004
+ Copyright (C) Stefan Metzmacher 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -48,42 +49,46 @@ struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
Create the SID list for this user.
****************************************************************************/
NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
- struct dom_sid *user_sid, struct dom_sid *group_sid,
- int n_groupSIDs, struct dom_sid **groupSIDs,
- BOOL is_guest, struct security_token **token)
+ struct dom_sid *user_sid,
+ struct dom_sid *group_sid,
+ int n_groupSIDs,
+ struct dom_sid **groupSIDs,
+ BOOL is_authenticated,
+ struct security_token **token)
{
struct security_token *ptoken;
int i;
NTSTATUS status;
ptoken = security_token_initialise(mem_ctx);
- if (ptoken == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
+ NT_STATUS_HAVE_NO_MEMORY(ptoken);
ptoken->sids = talloc_array_p(ptoken, struct dom_sid *, n_groupSIDs + 5);
- if (!ptoken->sids) {
- return NT_STATUS_NO_MEMORY;
- }
+ NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
- ptoken->user_sid = user_sid;
- ptoken->group_sid = group_sid;
+ ptoken->user_sid = talloc_reference(ptoken, user_sid);
+ ptoken->group_sid = talloc_reference(ptoken, group_sid);
ptoken->privilege_mask = 0;
- ptoken->sids[0] = user_sid;
- ptoken->sids[1] = group_sid;
+ ptoken->sids[0] = ptoken->user_sid;
+ ptoken->sids[1] = ptoken->group_sid;
/*
* Finally add the "standard" SIDs.
- * The only difference between guest and "anonymous" (which we
- * don't really support) is the addition of Authenticated_Users.
+ * The only difference between guest and "anonymous"
+ * is the addition of Authenticated_Users.
*/
ptoken->sids[2] = dom_sid_parse_talloc(mem_ctx, SID_WORLD);
+ NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[2]);
ptoken->sids[3] = dom_sid_parse_talloc(mem_ctx, SID_NT_NETWORK);
- ptoken->sids[4] = dom_sid_parse_talloc(mem_ctx,
- is_guest?SID_BUILTIN_GUESTS:
- SID_NT_AUTHENTICATED_USERS);
- ptoken->num_sids = 5;
+ NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[3]);
+ ptoken->num_sids = 4;
+
+ if (is_authenticated) {
+ ptoken->sids[4] = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHENTICATED_USERS);
+ NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[4]);
+ ptoken->num_sids++;
+ }
for (i = 0; i < n_groupSIDs; i++) {
size_t check_sid_idx;
@@ -96,7 +101,7 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
}
if (check_sid_idx == ptoken->num_sids) {
- ptoken->sids[ptoken->num_sids++] = groupSIDs[i];
+ ptoken->sids[ptoken->num_sids++] = talloc_reference(ptoken, groupSIDs[i]);
}
}
generated by cgit (git 2.34.1) at 2025-02-20 10:00:54 +0000