From 2b05ba77b4e072bb1c584738cc79538166444fd3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 9 Feb 2011 16:52:35 +1100 Subject: s3-auth Rename cryptic 'ptok' to security_token This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell --- source3/auth/auth_util.c | 36 ++++++++++++++-------------- source3/include/auth.h | 2 +- source3/lib/afs.c | 2 +- source3/modules/vfs_acl_common.c | 4 ++-- source3/modules/vfs_smb_traffic_analyzer.c | 2 +- source3/printing/nt_printing.c | 6 ++--- source3/rpc_server/rpc_ncacn_np.c | 2 +- source3/rpc_server/rpc_server.c | 4 ++-- source3/rpc_server/srv_epmapper.c | 2 +- source3/rpc_server/srv_eventlog_nt.c | 4 ++-- source3/rpc_server/srv_lsa_nt.c | 16 ++++++------- source3/rpc_server/srv_netlog_nt.c | 4 ++-- source3/rpc_server/srv_pipe.c | 4 ++-- source3/rpc_server/srv_samr_nt.c | 36 ++++++++++++++-------------- source3/rpc_server/srv_spoolss_nt.c | 38 +++++++++++++++--------------- source3/rpc_server/srv_srvsvc_nt.c | 18 +++++++------- source3/rpc_server/srv_svcctl_nt.c | 4 ++-- source3/rpc_server/srv_winreg_nt.c | 8 +++---- source3/rpc_server/srv_wkssvc_nt.c | 16 ++++++------- source3/smbd/password.c | 2 +- source3/smbd/service.c | 8 +++---- source3/smbd/sesssetup.c | 4 ++-- source3/smbd/smb2_sesssetup.c | 2 +- source3/smbd/trans2.c | 18 +++++++------- source3/smbd/uid.c | 18 +++++++------- 25 files changed, 130 insertions(+), 130 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index c319edf57f..0b8f950389 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -458,14 +458,14 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info) &server_info->utok.uid, &server_info->utok.gid, &server_info->unix_name, - &server_info->ptok); + &server_info->security_token); } else { status = create_local_nt_token_from_info3(server_info, server_info->guest, server_info->info3, &server_info->extra, - &server_info->ptok); + &server_info->security_token); } if (!NT_STATUS_IS_OK(status)) { @@ -479,9 +479,9 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info) /* Start at index 1, where the groups start. */ - for (i=1; iptok->num_sids; i++) { + for (i=1; isecurity_token->num_sids; i++) { gid_t gid; - struct dom_sid *sid = &server_info->ptok->sids[i]; + struct dom_sid *sid = &server_info->security_token->sids[i]; if (!sid_to_gid(sid, &gid)) { DEBUG(10, ("Could not convert SID %s to gid, " @@ -508,25 +508,25 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info) uid_to_unix_users_sid(server_info->utok.uid, &tmp_sid); - add_sid_to_array_unique(server_info->ptok, &tmp_sid, - &server_info->ptok->sids, - &server_info->ptok->num_sids); + add_sid_to_array_unique(server_info->security_token, &tmp_sid, + &server_info->security_token->sids, + &server_info->security_token->num_sids); for ( i=0; iutok.ngroups; i++ ) { gid_to_unix_groups_sid(server_info->utok.groups[i], &tmp_sid); - add_sid_to_array_unique(server_info->ptok, &tmp_sid, - &server_info->ptok->sids, - &server_info->ptok->num_sids); + add_sid_to_array_unique(server_info->security_token, &tmp_sid, + &server_info->security_token->sids, + &server_info->security_token->num_sids); } - security_token_debug(DBGC_AUTH, 10, server_info->ptok); + security_token_debug(DBGC_AUTH, 10, server_info->security_token); debug_unix_user_token(DBGC_AUTH, 10, server_info->utok.uid, server_info->utok.gid, server_info->utok.ngroups, server_info->utok.groups); - status = log_nt_token(server_info->ptok); + status = log_nt_token(server_info->security_token); return status; } @@ -771,10 +771,10 @@ static NTSTATUS make_new_server_info_system(TALLOC_CTX *mem_ctx, (*server_info)->system = true; - status = add_sid_to_array_unique((*server_info)->ptok->sids, + status = add_sid_to_array_unique((*server_info)->security_token->sids, &global_sid_System, - &(*server_info)->ptok->sids, - &(*server_info)->ptok->num_sids); + &(*server_info)->security_token->sids, + &(*server_info)->security_token->num_sids); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE((*server_info)); return status; @@ -847,9 +847,9 @@ struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, dst->utok.groups = NULL; } - if (src->ptok) { - dst->ptok = dup_nt_token(dst, src->ptok); - if (!dst->ptok) { + if (src->security_token) { + dst->security_token = dup_nt_token(dst, src->security_token); + if (!dst->security_token) { TALLOC_FREE(dst); return NULL; } diff --git a/source3/include/auth.h b/source3/include/auth.h index a123a3b59b..baf55605a7 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -34,7 +34,7 @@ struct auth_serversupplied_info { /* NT group information taken from the info3 structure */ - struct security_token *ptok; + struct security_token *security_token; /* This is the final session key, as used by SMB signing, and * (truncated to 16 bytes) encryption on the SAMR and LSA pipes diff --git a/source3/lib/afs.c b/source3/lib/afs.c index 7b3e610306..117f6fa0b7 100644 --- a/source3/lib/afs.c +++ b/source3/lib/afs.c @@ -240,7 +240,7 @@ bool afs_login(connection_struct *conn) return false; } - user_sid = &conn->server_info->ptok->user_sids[0]; + user_sid = &conn->server_info->security_token->user_sids[0]; afs_username = talloc_string_sub(talloc_tos(), afs_username, "%s", diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index c89ca7a806..003be02b9c 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -462,8 +462,8 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, &psd, &size, parent_desc, - &handle->conn->server_info->ptok->sids[PRIMARY_USER_SID_INDEX], - &handle->conn->server_info->ptok->sids[PRIMARY_GROUP_SID_INDEX], + &handle->conn->server_info->security_token->sids[PRIMARY_USER_SID_INDEX], + &handle->conn->server_info->security_token->sids[PRIMARY_GROUP_SID_INDEX], is_directory); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 8cde7f42b7..6b41affb06 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -330,7 +330,7 @@ static char *smb_traffic_analyzer_create_string( TALLOC_CTX *ctx, * anonymized if needed, by the calling function. */ usersid = dom_sid_string( common_data_count_str, - &handle->conn->server_info->ptok->sids[0]); + &handle->conn->server_info->security_token->sids[0]); sidstr = smb_traffic_analyzer_anonymize( common_data_count_str, diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 671aca6a51..68be518b96 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -2093,7 +2093,7 @@ bool print_access_check(const struct auth_serversupplied_info *server_info, /* Always allow root or SE_PRINT_OPERATROR to do anything */ if (server_info->utok.uid == sec_initial_uid() - || security_token_has_privilege(server_info->ptok, SEC_PRIV_PRINT_OPERATOR)) { + || security_token_has_privilege(server_info->security_token, SEC_PRIV_PRINT_OPERATOR)) { return True; } @@ -2149,7 +2149,7 @@ bool print_access_check(const struct auth_serversupplied_info *server_info, } /* Check access */ - status = se_access_check(secdesc, server_info->ptok, access_type, + status = se_access_check(secdesc, server_info->security_token, access_type, &access_granted); DEBUG(4, ("access check was %s\n", NT_STATUS_IS_OK(status) ? "SUCCESS" : "FAILURE")); @@ -2159,7 +2159,7 @@ bool print_access_check(const struct auth_serversupplied_info *server_info, if (!NT_STATUS_IS_OK(status) && (token_contains_name_in_list(uidtoname(server_info->utok.uid), server_info->info3->base.domain.string, - NULL, server_info->ptok, + NULL, server_info->security_token, lp_printer_admin(snum)))) { talloc_destroy(mem_ctx); return True; diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index c35fa847ad..c5c7f617f8 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -648,7 +648,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, } /* Send the named_pipe_auth server the user's full token */ - session_info->security_token = server_info->ptok; + session_info->security_token = server_info->security_token; session_info->session_key = server_info->user_session_key; val.sam3 = server_info->info3; diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index a0da354fd3..992e5a3e82 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -118,10 +118,10 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, return -1; } - /* Now override the server_info->ptok with the exact + /* Now override the server_info->security_token with the exact * security_token we were given from the other side, * regardless of what we just calculated */ - p->server_info->ptok = talloc_move(p->server_info, &session_info->security_token); + p->server_info->security_token = talloc_move(p->server_info, &session_info->security_token); /* Also set the session key to the correct value */ p->server_info->user_session_key = session_info->session_key; diff --git a/source3/rpc_server/srv_epmapper.c b/source3/rpc_server/srv_epmapper.c index 58a6e1190f..5bfb176b84 100644 --- a/source3/rpc_server/srv_epmapper.c +++ b/source3/rpc_server/srv_epmapper.c @@ -206,7 +206,7 @@ static uint32_t build_ep_list(TALLOC_CTX *mem_ctx, static bool is_priviledged_pipe(struct auth_serversupplied_info *info) { /* If the user is not root, or has the system token, fail */ if ((info->utok.uid != sec_initial_uid()) && - !security_token_is_system(info->ptok)) { + !security_token_is_system(info->security_token)) { return false; } diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 64da67ab7b..ff8a49526e 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -236,7 +236,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct elog->logname = talloc_strdup( elog, ELOG_APPL ); /* do the access check */ - if ( !elog_check_access( elog, p->server_info->ptok ) ) { + if ( !elog_check_access( elog, p->server_info->security_token ) ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } @@ -254,7 +254,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct /* now do the access check. Close the tdb if we fail here */ - if ( !elog_check_access( elog, p->server_info->ptok ) ) { + if ( !elog_check_access( elog, p->server_info->security_token ) ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index feec3661a2..53baba31ca 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -376,7 +376,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p, NTSTATUS status; /* Work out max allowed. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -390,7 +390,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p, return status; } - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access, &acc_granted, "_lsa_OpenPolicy2" ); if (!NT_STATUS_IS_OK(status)) { @@ -1710,7 +1710,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p, } /* Work out max allowed. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &r->in.access_mask); @@ -1724,7 +1724,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p, return status; } - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, r->in.access_mask, &acc_granted, "_lsa_CreateAccount"); if (!NT_STATUS_IS_OK(status)) { @@ -1779,7 +1779,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p, * handle - so don't check against policy handle. */ /* Work out max allowed. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -1794,7 +1794,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p, return status; } - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access, &acc_granted, "_lsa_OpenAccount" ); if (!NT_STATUS_IS_OK(status)) { @@ -2153,7 +2153,7 @@ NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p, * on the account sid. We don't check here so just use the latter. JRA. */ - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW, &acc_granted, "_lsa_AddAccountRights" ); @@ -2223,7 +2223,7 @@ NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p, * and DELETE on the account sid. */ - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| LSA_ACCOUNT_VIEW|SEC_STD_DELETE, diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index b366af7224..b55c74adfc 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -208,8 +208,8 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p, case NETLOGON_CONTROL_CHANGE_PASSWORD: case NETLOGON_CONTROL_REDISCOVER: if ((geteuid() != sec_initial_uid()) && - !nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_RID_ADMINS) && - !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->ptok) && + !nt_token_check_domain_rid(p->server_info->security_token, DOMAIN_RID_ADMINS) && + !nt_token_check_sid(&global_sid_Builtin_Administrators, p->server_info->security_token) && !(acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST))) { return WERR_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 98de58c557..57b5a0fac5 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -657,7 +657,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx, return false; } - if ((*server_info)->ptok == NULL) { + if ((*server_info)->security_token == NULL) { DEBUG(1, ("Auth module failed to provide nt_user_token\n")); return false; } @@ -752,7 +752,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx, return status; } - if ((*server_info)->ptok == NULL) { + if ((*server_info)->security_token == NULL) { status = create_local_token(*server_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to create local user token (%s)\n", diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 5087ec322a..4e6d94d957 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -561,7 +561,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, } /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -572,7 +572,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, * Users with SeAddUser get the ability to manipulate groups * and aliases. */ - if (security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS)) { + if (security_token_has_privilege(p->server_info->security_token, SEC_PRIV_ADD_USERS)) { extra_access |= (SAMR_DOMAIN_ACCESS_CREATE_GROUP | SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | @@ -585,7 +585,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, * SAMR_DOMAIN_ACCESS_CREATE_USER access. */ - status = access_check_object( psd, p->server_info->ptok, + status = access_check_object( psd, p->server_info->security_token, SEC_PRIV_MACHINE_ACCOUNT, SEC_PRIV_ADD_USERS, extra_access, des_access, &acc_granted, "_samr_OpenDomain" ); @@ -2296,7 +2296,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, return NT_STATUS_NO_SUCH_USER; /* check if access can be granted as requested by client. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -2345,7 +2345,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, * DOMAIN_RID_ADMINS. */ if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) { - if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->ptok, + if (lp_enable_privileges() && nt_token_check_domain_rid(p->server_info->security_token, DOMAIN_RID_ADMINS)) { des_access &= ~GENERIC_RIGHTS_USER_WRITE; extra_access = GENERIC_RIGHTS_USER_WRITE; @@ -2358,7 +2358,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, TALLOC_FREE(sampass); - nt_status = access_check_object(psd, p->server_info->ptok, + nt_status = access_check_object(psd, p->server_info->security_token, needed_priv_1, needed_priv_2, GENERIC_RIGHTS_USER_WRITE, des_access, &acc_granted, "_samr_OpenUser"); @@ -3860,19 +3860,19 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, can_add_account = true; } else if (acb_info & ACB_WSTRUST) { needed_priv = SEC_PRIV_MACHINE_ACCOUNT; - can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_MACHINE_ACCOUNT); + can_add_account = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_MACHINE_ACCOUNT); } else if (acb_info & ACB_NORMAL && (account[strlen(account)-1] != '$')) { /* usrmgr.exe (and net rpc trustdom grant) creates a normal user account for domain trusts and changes the ACB flags later */ needed_priv = SEC_PRIV_ADD_USERS; - can_add_account = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_ADD_USERS); + can_add_account = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_ADD_USERS); } else if (lp_enable_privileges()) { /* implicit assumption of a BDC or domain trust account here * (we already check the flags earlier) */ /* only Domain Admins can add a BDC or domain trust */ can_add_account = nt_token_check_domain_rid( - p->server_info->ptok, + p->server_info->security_token, DOMAIN_RID_ADMINS ); } @@ -3902,7 +3902,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, sid_compose(&sid, get_global_sam_sid(), *r->out.rid); - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -3917,7 +3917,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, * just assume we have all the rights we need ? */ - nt_status = access_check_object(psd, p->server_info->ptok, + nt_status = access_check_object(psd, p->server_info->security_token, needed_priv, SEC_PRIV_INVALID, GENERIC_RIGHTS_USER_WRITE, des_access, &acc_granted, "_samr_CreateUser2"); @@ -3985,7 +3985,7 @@ NTSTATUS _samr_Connect(struct pipes_struct *p, was observed from a win98 client trying to enumerate users (when configured user level access control on shares) --jerry */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); @@ -4047,14 +4047,14 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); se_map_generic(&des_access, &sam_generic_mapping); - nt_status = access_check_object(psd, p->server_info->ptok, + nt_status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access, &acc_granted, fn); @@ -4262,14 +4262,14 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p, /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0); se_map_generic(&des_access,&ali_generic_mapping); - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID, GENERIC_RIGHTS_ALIAS_ALL_ACCESS, des_access, &acc_granted, "_samr_OpenAlias"); @@ -6336,14 +6336,14 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, } /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->server_info->ptok, + map_max_allowed_access(p->server_info->security_token, &p->server_info->utok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0); se_map_generic(&des_access,&grp_generic_mapping); - status = access_check_object(psd, p->server_info->ptok, + status = access_check_object(psd, p->server_info->security_token, SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID, GENERIC_RIGHTS_GROUP_ALL_ACCESS, des_access, &acc_granted, "_samr_OpenGroup"); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index a06e643cb8..e2fc670d50 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -462,7 +462,7 @@ static WERROR delete_printer_handle(struct pipes_struct *p, struct policy_handle return WERR_BADFID; } - result = delete_printer_hook(p->mem_ctx, p->server_info->ptok, + result = delete_printer_hook(p->mem_ctx, p->server_info->security_token, Printer->sharename, p->msg_ctx); if (!W_ERROR_IS_OK(result)) { return result; @@ -1802,13 +1802,13 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, and not a printer admin, then fail */ if ((p->server_info->utok.uid != sec_initial_uid()) && - !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) && - !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->ptok) && + !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && + !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->security_token) && !token_contains_name_in_list( uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(snum))) { close_printer_handle(p, r->out.handle); ZERO_STRUCTP(r->out.handle); @@ -1874,7 +1874,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, } if (!user_ok_token(uidtoname(p->server_info->utok.uid), NULL, - p->server_info->ptok, snum) || + p->server_info->security_token, snum) || !print_access_check(p->server_info, p->msg_ctx, snum, @@ -2050,12 +2050,12 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p, and not a printer admin, then fail */ if ( (p->server_info->utok.uid != sec_initial_uid()) - && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) + && !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(-1)) ) { return WERR_ACCESS_DENIED; @@ -2155,12 +2155,12 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p, and not a printer admin, then fail */ if ( (p->server_info->utok.uid != sec_initial_uid()) - && !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) + && !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, lp_printer_admin(-1)) ) + p->server_info->security_token, lp_printer_admin(-1)) ) { return WERR_ACCESS_DENIED; } @@ -6519,7 +6519,7 @@ static WERROR update_printer(struct pipes_struct *p, !strequal(printer->location, old_printer->location)) ) { /* add_printer_hook() will call reload_services() */ - if (!add_printer_hook(tmp_ctx, p->server_info->ptok, + if (!add_printer_hook(tmp_ctx, p->server_info->security_token, printer, p->client_id->addr, p->msg_ctx)) { result = WERR_ACCESS_DENIED; @@ -7836,7 +7836,7 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p, trying to add a printer like this --jerry */ if (*lp_addprinter_cmd() ) { - if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok, + if ( !add_printer_hook(p->mem_ctx, p->server_info->security_token, info2, p->client_id->addr, p->msg_ctx) ) { return WERR_ACCESS_DENIED; @@ -8428,11 +8428,11 @@ WERROR _spoolss_AddForm(struct pipes_struct *p, and not a printer admin, then fail */ if ((p->server_info->utok.uid != sec_initial_uid()) && - !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) && + !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(snum))) { DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n")); return WERR_ACCESS_DENIED; @@ -8496,11 +8496,11 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p, } if ((p->server_info->utok.uid != sec_initial_uid()) && - !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) && + !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(snum))) { DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n")); return WERR_ACCESS_DENIED; @@ -8560,11 +8560,11 @@ WERROR _spoolss_SetForm(struct pipes_struct *p, and not a printer admin, then fail */ if ((p->server_info->utok.uid != sec_initial_uid()) && - !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) && + !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), p->server_info->info3->base.domain.string, NULL, - p->server_info->ptok, + p->server_info->security_token, lp_printer_admin(snum))) { DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n")); return WERR_ACCESS_DENIED; @@ -9984,14 +9984,14 @@ WERROR _spoolss_XcvData(struct pipes_struct *p, switch ( Printer->printer_type ) { case SPLHND_PORTMON_TCP: werror = process_xcvtcp_command(p->mem_ctx, - p->server_info->ptok, + p->server_info->security_token, r->in.function_name, &r->in.in_data, &out_data, r->out.needed); break; case SPLHND_PORTMON_LOCAL: werror = process_xcvlocal_command(p->mem_ctx, - p->server_info->ptok, + p->server_info->security_token, r->in.function_name, &r->in.in_data, &out_data, r->out.needed); diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index fe325d2a33..d5858ca418 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -520,7 +520,7 @@ static bool is_enumeration_allowed(struct pipes_struct *p, if (!lp_access_based_share_enum(snum)) return true; - return share_access_check(p->server_info->ptok, lp_servicename(snum), + return share_access_check(p->server_info->security_token, lp_servicename(snum), FILE_READ_DATA); } @@ -1055,7 +1055,7 @@ WERROR _srvsvc_NetFileEnum(struct pipes_struct *p, } if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1, ("Enumerating files only allowed for " "administrators\n")); return WERR_ACCESS_DENIED; @@ -1214,7 +1214,7 @@ WERROR _srvsvc_NetConnEnum(struct pipes_struct *p, DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__)); if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1, ("Enumerating connections only allowed for " "administrators\n")); return WERR_ACCESS_DENIED; @@ -1252,7 +1252,7 @@ WERROR _srvsvc_NetSessEnum(struct pipes_struct *p, DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__)); if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1, ("Enumerating sessions only allowed for " "administrators\n")); return WERR_ACCESS_DENIED; @@ -1311,7 +1311,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p, /* fail out now if you are not root or not a domain admin */ if ((p->server_info->utok.uid != sec_initial_uid()) && - ( ! nt_token_check_domain_rid(p->server_info->ptok, + ( ! nt_token_check_domain_rid(p->server_info->security_token, DOMAIN_RID_ADMINS))) { goto done; @@ -1579,7 +1579,7 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p, if (lp_print_ok(snum)) return WERR_ACCESS_DENIED; - is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR); + is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR); /* fail out now if you are not root and not a disk op */ @@ -1782,7 +1782,7 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p, *r->out.parm_error = 0; } - is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR); + is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR); if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; @@ -1988,7 +1988,7 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p, if (lp_print_ok(snum)) return WERR_ACCESS_DENIED; - is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR); + is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR); if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; @@ -2554,7 +2554,7 @@ WERROR _srvsvc_NetFileClose(struct pipes_struct *p, DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__)); - is_disk_op = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_DISK_OPERATOR); + is_disk_op = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_DISK_OPERATOR); if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) { return WERR_ACCESS_DENIED; diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index e8e55ca981..b6984d0c5f 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -278,7 +278,7 @@ WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p, return WERR_NOMEM; se_map_generic( &r->in.access_mask, &scm_generic_map ); - status = svcctl_access_check( sec_desc, p->server_info->ptok, + status = svcctl_access_check( sec_desc, p->server_info->security_token, r->in.access_mask, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); @@ -324,7 +324,7 @@ WERROR _svcctl_OpenServiceW(struct pipes_struct *p, } se_map_generic( &r->in.access_mask, &svc_generic_map ); - status = svcctl_access_check( sec_desc, p->server_info->ptok, + status = svcctl_access_check( sec_desc, p->server_info->security_token, r->in.access_mask, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index 298f33ab70..91f050a099 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -68,7 +68,7 @@ static WERROR open_registry_key(struct pipes_struct *p, if (parent == NULL) { result = reg_openhive(p->mem_ctx, subkeyname, access_desired, - p->server_info->ptok, &key); + p->server_info->security_token, &key); } else { result = reg_openkey(p->mem_ctx, parent, subkeyname, @@ -577,7 +577,7 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p, return WERR_NOMEM; } - can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN); + can_shutdown = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN); /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root Take the error return from the script and provide it as the Windows return code. */ @@ -614,7 +614,7 @@ WERROR _winreg_AbortSystemShutdown(struct pipes_struct *p, if (!*abort_shutdown_script) return WERR_ACCESS_DENIED; - can_shutdown = security_token_has_privilege(p->server_info->ptok, SEC_PRIV_REMOTE_SHUTDOWN); + can_shutdown = security_token_has_privilege(p->server_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN); /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ @@ -704,7 +704,7 @@ WERROR _winreg_RestoreKey(struct pipes_struct *p, /* user must posses SeRestorePrivilege for this this proceed */ - if ( !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_RESTORE)) { + if ( !security_token_has_privilege(p->server_info->security_token, SEC_PRIV_RESTORE)) { return WERR_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index 000b605913..3926ceb27a 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -352,7 +352,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p, case 101: /* Level 101 can be allowed from any logged in user */ if (!nt_token_check_sid(&global_sid_Authenticated_Users, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1,("User not allowed for NetWkstaGetInfo level " "101\n")); DEBUGADD(3,(" - does not have sid for Authenticated " @@ -360,7 +360,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p, sid_string_dbg( &global_sid_Authenticated_Users))); security_token_debug(DBGC_CLASS, 3, - p->server_info->ptok); + p->server_info->security_token); return WERR_ACCESS_DENIED; } r->out.info->info101 = create_wks_info_101(p->mem_ctx); @@ -371,14 +371,14 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p, case 102: /* Level 102 Should only be allowed from a domain administrator */ if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1,("User not allowed for NetWkstaGetInfo level " "102\n")); DEBUGADD(3,(" - does not have sid for Administrators " "group %s, sids are:\n", sid_string_dbg(&global_sid_Builtin_Administrators))); security_token_debug(DBGC_CLASS, 3, - p->server_info->ptok); + p->server_info->security_token); return WERR_ACCESS_DENIED; } r->out.info->info102 = create_wks_info_102(p->mem_ctx); @@ -557,12 +557,12 @@ WERROR _wkssvc_NetWkstaEnumUsers(struct pipes_struct *p, { /* This with any level should only be allowed from a domain administrator */ if (!nt_token_check_sid(&global_sid_Builtin_Administrators, - p->server_info->ptok)) { + p->server_info->security_token)) { DEBUG(1,("User not allowed for NetWkstaEnumUsers\n")); DEBUGADD(3,(" - does not have sid for Administrators group " "%s\n", sid_string_dbg( &global_sid_Builtin_Administrators))); - security_token_debug(DBGC_CLASS, 3, p->server_info->ptok); + security_token_debug(DBGC_CLASS, 3, p->server_info->security_token); return WERR_ACCESS_DENIED; } @@ -813,7 +813,7 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p, char *admin_domain = NULL; char *admin_account = NULL; WERROR werr; - struct security_token *token = p->server_info->ptok; + struct security_token *token = p->server_info->security_token; if (!r->in.domain_name) { return WERR_INVALID_PARAM; @@ -888,7 +888,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p, char *admin_domain = NULL; char *admin_account = NULL; WERROR werr; - struct security_token *token = p->server_info->ptok; + struct security_token *token = p->server_info->security_token; if (!r->in.account || !r->in.encrypted_password) { return WERR_INVALID_PARAM; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 9be2b3b746..9c343badd2 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -293,7 +293,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn, "Real name: %s\n", vuser->server_info->unix_name, vuser->server_info->info3->base.full_name.string)); - if (!vuser->server_info->ptok) { + if (!vuser->server_info->security_token) { DEBUG(1, ("register_existing_vuid: server_info does not " "contain a user_token - cannot continue\n")); goto fail; diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a58f17c070..dfe2c2141f 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -613,7 +613,7 @@ static NTSTATUS create_connection_server_info(struct smbd_server_connection *sco } else { if (!user_ok_token(vuid_serverinfo->unix_name, vuid_serverinfo->info3->base.domain.string, - vuid_serverinfo->ptok, snum)) { + vuid_serverinfo->security_token, snum)) { DEBUG(2, ("user '%s' (from session setup) not " "permitted to access this share " "(%s)\n", @@ -782,7 +782,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, status = find_forced_group( conn->force_user, snum, conn->server_info->unix_name, - &conn->server_info->ptok->sids[1], + &conn->server_info->security_token->sids[1], &conn->server_info->utok.gid); if (!NT_STATUS_IS_OK(status)) { @@ -835,12 +835,12 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, { bool can_write = False; - can_write = share_access_check(conn->server_info->ptok, + can_write = share_access_check(conn->server_info->security_token, lp_servicename(snum), FILE_WRITE_DATA); if (!can_write) { - if (!share_access_check(conn->server_info->ptok, + if (!share_access_check(conn->server_info->security_token, lp_servicename(snum), FILE_READ_DATA)) { /* No access, read or write. */ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 12d046038c..5a1776e698 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -384,7 +384,7 @@ static void reply_spnego_kerberos(struct smb_request *req, /* we need to build the token for the user. make_server_info_guest() already does this */ - if ( !server_info->ptok ) { + if ( !server_info->security_token ) { ret = create_local_token( server_info ); if ( !NT_STATUS_IS_OK(ret) ) { DEBUG(10,("failed to create local token: %s\n", @@ -1643,7 +1643,7 @@ void reply_sesssetup_and_X(struct smb_request *req) return; } - if (!server_info->ptok) { + if (!server_info->security_token) { nt_status = create_local_token(server_info); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index e025f98121..7d029151bc 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -248,7 +248,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, /* we need to build the token for the user. make_server_info_guest() already does this */ - if (!session->server_info->ptok ) { + if (!session->server_info->security_token ) { status = create_local_token(session->server_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("smb2: failed to create local token: %s\n", diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index ed8e9f5642..32c557826e 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3356,7 +3356,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned * in our list of SIDs. */ if (nt_token_check_sid(&global_sid_Builtin_Guests, - conn->server_info->ptok)) { + conn->server_info->security_token)) { flags |= SMB_WHOAMI_GUEST; } @@ -3364,7 +3364,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned * is in our list of SIDs. */ if (nt_token_check_sid(&global_sid_Authenticated_Users, - conn->server_info->ptok)) { + conn->server_info->security_token)) { flags &= ~SMB_WHOAMI_GUEST; } @@ -3382,7 +3382,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned + 4 /* pad/reserved */ + (conn->server_info->utok.ngroups * 8) /* groups list */ - + (conn->server_info->ptok->num_sids * + + (conn->server_info->security_token->num_sids * SID_MAX_SIZE) /* SID list */; @@ -3407,16 +3407,16 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned } SIVAL(pdata, 24, conn->server_info->utok.ngroups); - SIVAL(pdata, 28, conn->server_info->ptok->num_sids); + SIVAL(pdata, 28, conn->server_info->security_token->num_sids); /* We walk the SID list twice, but this call is fairly * infrequent, and I don't expect that it's performance * sensitive -- jpeach */ for (i = 0, sid_bytes = 0; - i < conn->server_info->ptok->num_sids; ++i) { + i < conn->server_info->security_token->num_sids; ++i) { sid_bytes += ndr_size_dom_sid( - &conn->server_info->ptok->sids[i], + &conn->server_info->security_token->sids[i], 0); } @@ -3436,13 +3436,13 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned /* SID list */ for (i = 0; - i < conn->server_info->ptok->num_sids; ++i) { + i < conn->server_info->security_token->num_sids; ++i) { int sid_len = ndr_size_dom_sid( - &conn->server_info->ptok->sids[i], + &conn->server_info->security_token->sids[i], 0); sid_linearize(pdata + data_len, sid_len, - &conn->server_info->ptok->sids[i]); + &conn->server_info->security_token->sids[i]); data_len += sid_len; } diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index b573a6c920..87d85eff83 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -107,17 +107,17 @@ static bool check_user_ok(connection_struct *conn, if (!user_ok_token(server_info->unix_name, server_info->info3->base.domain.string, - server_info->ptok, snum)) + server_info->security_token, snum)) return(False); readonly_share = is_share_read_only_for_token( server_info->unix_name, server_info->info3->base.domain.string, - server_info->ptok, + server_info->security_token, conn); if (!readonly_share && - !share_access_check(server_info->ptok, lp_servicename(snum), + !share_access_check(server_info->security_token, lp_servicename(snum), FILE_WRITE_DATA)) { /* smb.conf allows r/w, but the security descriptor denies * write. Fall back to looking at readonly. */ @@ -126,7 +126,7 @@ static bool check_user_ok(connection_struct *conn, "security descriptor\n")); } - if (!share_access_check(server_info->ptok, lp_servicename(snum), + if (!share_access_check(server_info->security_token, lp_servicename(snum), readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) { return False; @@ -135,7 +135,7 @@ static bool check_user_ok(connection_struct *conn, admin_user = token_contains_name_in_list( server_info->unix_name, server_info->info3->base.domain.string, - NULL, server_info->ptok, lp_admin_users(snum)); + NULL, server_info->security_token, lp_admin_users(snum)); if (valid_vuid) { struct vuid_cache_entry *ent = @@ -327,7 +327,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid) conn->server_info->utok.gid = conn->force_group_gid; gid = conn->force_group_gid; - gid_to_sid(&conn->server_info->ptok + gid_to_sid(&conn->server_info->security_token ->sids[1], gid); break; } @@ -335,7 +335,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid) } else { conn->server_info->utok.gid = conn->force_group_gid; gid = conn->force_group_gid; - gid_to_sid(&conn->server_info->ptok->sids[1], + gid_to_sid(&conn->server_info->security_token->sids[1], gid); } } @@ -347,7 +347,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid) current_user.ut.groups = group_list; set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups, - conn->server_info->ptok); + conn->server_info->security_token); current_user.conn = conn; current_user.vuid = vuid; @@ -389,7 +389,7 @@ bool become_authenticated_pipe_user(struct pipes_struct *p) set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid, p->server_info->utok.ngroups, p->server_info->utok.groups, - p->server_info->ptok); + p->server_info->security_token); return True; } -- cgit