summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/auth_util.c24
-rw-r--r--source4/lib/util_sid.c85
-rw-r--r--source4/librpc/idl/misc.idl30
-rw-r--r--source4/smbd/process.c2
4 files changed, 40 insertions, 101 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index d5d75e6aa5..8a10a33b0c 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -26,16 +26,9 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
-extern struct dom_sid *global_sid_World;
-extern struct dom_sid *global_sid_Anonymous;
-extern struct dom_sid *global_sid_Network;
-extern struct dom_sid *global_sid_Builtin_Guests;
-extern struct dom_sid *global_sid_Authenticated_Users;
-
/****************************************************************************
Create an auth_usersupplied_data structure
****************************************************************************/
-
static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
const char *smb_name,
const char *internal_username,
@@ -459,15 +452,14 @@ NTSTATUS create_nt_user_token(TALLOC_CTX *mem_ctx,
* The only difference between guest and "anonymous" (which we
* don't really support) is the addition of Authenticated_Users.
*/
-
- ptoken->user_sids[2] = global_sid_World;
- ptoken->user_sids[3] = global_sid_Network;
+ ptoken->user_sids[2] = dom_sid_parse_talloc(mem_ctx, SID_WORLD);
+ ptoken->user_sids[3] = dom_sid_parse_talloc(mem_ctx, SID_NETWORK);
if (is_guest) {
- ptoken->user_sids[4] = global_sid_Builtin_Guests;
+ ptoken->user_sids[4] = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN_GUESTS);
ptoken->num_sids++;
} else {
- ptoken->user_sids[4] = global_sid_Authenticated_Users;
+ ptoken->user_sids[4] = dom_sid_parse_talloc(mem_ctx, SID_AUTHENTICATED_USERS);
ptoken->num_sids++;
}
@@ -516,11 +508,12 @@ NTSTATUS make_server_info(auth_serversupplied_info **server_info, const char *us
/***************************************************************************
Make (and fill) a user_info struct for a guest login.
***************************************************************************/
-
NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
{
NTSTATUS nt_status;
static const char zeros[16];
+ struct dom_sid *sid_Anonymous;
+ struct dom_sid *sid_Builtin_Guests;
nt_status = make_server_info(server_info, "");
@@ -529,9 +522,12 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
}
(*server_info)->guest = True;
+
+ sid_Anonymous = dom_sid_parse_talloc((*server_info)->mem_ctx, SID_ANONYMOUS);
+ sid_Builtin_Guests = dom_sid_parse_talloc((*server_info)->mem_ctx, SID_BUILTIN_GUESTS);
if (!NT_STATUS_IS_OK(nt_status = create_nt_user_token((*server_info)->mem_ctx,
- global_sid_Anonymous, global_sid_Builtin_Guests,
+ sid_Anonymous, sid_Builtin_Guests,
0, NULL,
True, &(*server_info)->ptok))) {
DEBUG(1,("check_sam_security: create_nt_user_token failed with '%s'\n", nt_errstr(nt_status)));
diff --git a/source4/lib/util_sid.c b/source4/lib/util_sid.c
index c370beed5f..6eb19b59e6 100644
--- a/source4/lib/util_sid.c
+++ b/source4/lib/util_sid.c
@@ -24,40 +24,6 @@
#include "includes.h"
-/*
- * Some useful sids
- */
-
-struct dom_sid *global_sid_World_Domain; /* Everyone domain */
-struct dom_sid *global_sid_World; /* Everyone */
-struct dom_sid *global_sid_Creator_Owner_Domain; /* Creator Owner domain */
-struct dom_sid *global_sid_NT_Authority; /* NT Authority */
-struct dom_sid *global_sid_System; /* System */
-struct dom_sid *global_sid_NULL; /* NULL sid */
-struct dom_sid *global_sid_Authenticated_Users; /* All authenticated rids */
-struct dom_sid *global_sid_Network; /* Network rids */
-
-struct dom_sid *global_sid_Creator_Owner; /* Creator Owner */
-struct dom_sid *global_sid_Creator_Group; /* Creator Group */
-struct dom_sid *global_sid_Anonymous; /* Anonymous login */
-
-struct dom_sid *global_sid_Builtin; /* Local well-known domain */
-struct dom_sid *global_sid_Builtin_Administrators; /* Builtin administrators */
-struct dom_sid *global_sid_Builtin_Users; /* Builtin users */
-struct dom_sid *global_sid_Builtin_Guests; /* Builtin guest users */
-struct dom_sid *global_sid_Builtin_Power_Users; /* Builtin power users */
-struct dom_sid *global_sid_Builtin_Account_Operators; /* Builtin account operators */
-struct dom_sid *global_sid_Builtin_Server_Operators; /* Builtin server operators */
-struct dom_sid *global_sid_Builtin_Print_Operators; /* Builtin print operators */
-struct dom_sid *global_sid_Builtin_Backup_Operators; /* Builtin backup operators */
-struct dom_sid *global_sid_Builtin_Replicator; /* Builtin replicator */
-
-#define SECURITY_NULL_SID_AUTHORITY 0
-#define SECURITY_WORLD_SID_AUTHORITY 1
-#define SECURITY_LOCAL_SID_AUTHORITY 2
-#define SECURITY_CREATOR_SID_AUTHORITY 3
-#define SECURITY_NT_AUTHORITY 5
-
/****************************************************************************
Lookup string names for SID types.
****************************************************************************/
@@ -93,60 +59,9 @@ const char *sid_type_lookup(uint32_t sid_type)
return "SID *TYPE* is INVALID";
}
-/****************************************************************************
- Creates some useful well known sids
-****************************************************************************/
-
-void generate_wellknown_sids(void)
-{
- static BOOL initialised = False;
- static TALLOC_CTX *mem_ctx;
-
- if (initialised)
- return;
-
- mem_ctx = talloc_init("Well known groups, global static context");
- if (!mem_ctx)
- return;
-
- /* SECURITY_NULL_SID_AUTHORITY */
- global_sid_NULL = dom_sid_parse_talloc(mem_ctx, "S-1-0-0");
-
- /* SECURITY_WORLD_SID_AUTHORITY */
- global_sid_World_Domain = dom_sid_parse_talloc(mem_ctx, "S-1-1");
- global_sid_World = dom_sid_parse_talloc(mem_ctx, "S-1-1-0");
-
- /* SECURITY_CREATOR_SID_AUTHORITY */
- global_sid_Creator_Owner_Domain = dom_sid_parse_talloc(mem_ctx, "S-1-3");
- global_sid_Creator_Owner = dom_sid_parse_talloc(mem_ctx, "S-1-3-0");
- global_sid_Creator_Group = dom_sid_parse_talloc(mem_ctx, "S-1-3-1");
-
- /* SECURITY_NT_AUTHORITY */
- global_sid_NT_Authority = dom_sid_parse_talloc(mem_ctx, "S-1-5");
- global_sid_Network = dom_sid_parse_talloc(mem_ctx, "S-1-5-2");
- global_sid_Anonymous = dom_sid_parse_talloc(mem_ctx, "S-1-5-7");
- global_sid_Authenticated_Users = dom_sid_parse_talloc(mem_ctx, "S-1-5-11");
- global_sid_System = dom_sid_parse_talloc(mem_ctx, "S-1-5-18");
-
- /* SECURITY_BUILTIN_DOMAIN_RID */
- global_sid_Builtin = dom_sid_parse_talloc(mem_ctx, "S-1-5-32");
- global_sid_Builtin_Administrators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-544");
- global_sid_Builtin_Users = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-545");
- global_sid_Builtin_Guests = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-546");
- global_sid_Builtin_Power_Users = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-547");
- global_sid_Builtin_Account_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-548");
- global_sid_Builtin_Server_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-549");
- global_sid_Builtin_Print_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-550");
- global_sid_Builtin_Backup_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-551");
- global_sid_Builtin_Replicator = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-552");
-
- initialised = True;
-}
-
/*****************************************************************
Return the last rid from the end of a sid
*****************************************************************/
-
BOOL sid_peek_rid(const struct dom_sid *sid, uint32_t *rid)
{
if (!sid || !rid)
diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl
index 551803fa8e..c5e0b06a23 100644
--- a/source4/librpc/idl/misc.idl
+++ b/source4/librpc/idl/misc.idl
@@ -7,6 +7,36 @@
[]
interface misc
{
+ /* a NULL sid */
+ const string SID_NULL = "S-1-0-0";
+
+ /* the world domain */
+ const string SID_WORLD_DOMAIN = "S-1-1";
+ const string SID_WORLD = "S-1-1-0";
+
+ /* SECURITY_CREATOR_SID_AUTHORITY */
+ const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
+ const string SID_CREATOR_OWNER = "S-1-3-0";
+ const string SID_CREATOR_GROUP = "S-1-3-1";
+
+ /* SECURITY_NT_AUTHORITY */
+ const string SID_NT_AUTHORITY = "S-1-5";
+ const string SID_NETWORK = "S-1-5-2";
+ const string SID_ANONYMOUS = "S-1-5-7";
+ const string SID_AUTHENTICATED_USERS = "S-1-5-11";
+ const string SID_SYSTEM = "S-1-5-18";
+
+ /* SECURITY_BUILTIN_DOMAIN_RID */
+ const string SID_BUILTIN = "S-1-5-32";
+ const string SID_BUILTIN_ADMINISTRATORS = "S-1-5-32-544";
+ const string SID_BUILTIN_USERS = "S-1-5-32-545";
+ const string SID_BUILTIN_GUESTS = "S-1-5-32-546";
+ const string SID_BUILTIN_POWER_USERS = "S-1-5-32-547";
+ const string SID_BUILTIN_ACCOUNT_OPERATORS = "S-1-5-32-548";
+ const string SID_BUILTIN_SERVER_OPERATORS = "S-1-5-32-549";
+ const string SID_BUILTIN_PRINT_OPERATORS = "S-1-5-32-550";
+ const string SID_BUILTIN_BACKUP_OPERATORS = "S-1-5-32-551";
+ const string SID_BUILTIN_REPLICATOR = "S-1-5-32-552";
typedef [public,noprint] struct {
uint32 time_low;
diff --git a/source4/smbd/process.c b/source4/smbd/process.c
index 8a79daeaf8..232c7c2e88 100644
--- a/source4/smbd/process.c
+++ b/source4/smbd/process.c
@@ -28,8 +28,6 @@ void smbd_process_init(void)
{
TALLOC_CTX *mem_ctx;
- generate_wellknown_sids();
-
mem_ctx = talloc_init("smbd_process_init talloc");
if (!mem_ctx) {
DEBUG(0,("smbd_process_init: ERROR: No memory\n"));