From df316e3cd931baaa3793a260b5f2e70cb8235580 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 29 Sep 2002 06:07:58 +0000 Subject: Remove sam/api.c. In order to reduce complexity, this patch removes the upper layer of the SAM API. Also, we remove the function pointers on the sam context - there really is no point making these replaceable - that's for the modules. Move a number of functions in include/interface.c around to allow for use of 'static' and to keep the external API in one chunk, at the bottem. All these functions were renamed to remove the context_sam -> sam Consequential changes in the samtest module, and back out metze's change for ACB filtering, becouse I think it belongs in the SAM backeds. (But I will take debate on this one). Changes to the lib/util_sid.c code to create a 'system' token, and make it a SAM_ASSERT() enforced requirement to have a token on those calls that specify it. samtest now uses this. We should have a samtest call to set your own token. We also need to extend our se_access code to cover the things that Win2k is returning in it's access tokens. Currently our system token doesn't pass, due to unexpected flags. (When running sam_ads against Win2k) Andrew Bartlett (This used to be commit b9036900d0bb227ec16c6a5792c18ef943dcf015) --- source3/lib/util_sid.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'source3/lib') diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 18260be870..9e533eb9fd 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -34,6 +34,7 @@ DOM_SID global_sid_World_Domain; /* Everyone domain */ DOM_SID global_sid_World; /* Everyone */ DOM_SID global_sid_Creator_Owner_Domain; /* Creator Owner domain */ DOM_SID global_sid_NT_Authority; /* NT Authority */ +DOM_SID global_sid_System; /* System */ DOM_SID global_sid_NULL; /* NULL sid */ DOM_SID global_sid_Authenticated_Users; /* All authenticated rids */ DOM_SID global_sid_Network; /* Network rids */ @@ -58,6 +59,12 @@ NT_USER_TOKEN anonymous_token = { anon_sid_array }; +static DOM_SID system_sid_array[4]; +NT_USER_TOKEN system_token = { + 4, + system_sid_array +}; + /**************************************************************************** Lookup string names for SID types. ****************************************************************************/ @@ -101,6 +108,10 @@ const char *sid_type_lookup(uint32 sid_type) void generate_wellknown_sids(void) { + static BOOL initialised = False; + if (initialised) + return; + string_to_sid(&global_sid_Builtin, "S-1-5-32"); string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544"); string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545"); @@ -111,6 +122,7 @@ void generate_wellknown_sids(void) string_to_sid(&global_sid_Creator_Owner, "S-1-3-0"); string_to_sid(&global_sid_Creator_Group, "S-1-3-1"); string_to_sid(&global_sid_NT_Authority, "S-1-5"); + string_to_sid(&global_sid_System, "S-1-5-18"); string_to_sid(&global_sid_NULL, "S-1-0-0"); string_to_sid(&global_sid_Authenticated_Users, "S-1-5-11"); string_to_sid(&global_sid_Network, "S-1-5-2"); @@ -120,6 +132,20 @@ void generate_wellknown_sids(void) sid_copy( &anonymous_token.user_sids[0], &global_sid_World); sid_copy( &anonymous_token.user_sids[1], &global_sid_Network); sid_copy( &anonymous_token.user_sids[2], &global_sid_Anonymous); + + /* Create the system token. */ + sid_copy( &system_token.user_sids[0], &global_sid_World); + sid_copy( &system_token.user_sids[1], &global_sid_Authenticated_Users); + sid_copy( &system_token.user_sids[2], &global_sid_Builtin_Administrators); + sid_copy( &system_token.user_sids[3], &global_sid_System); + + initialised = True; +} + +NT_USER_TOKEN *get_system_token(void) +{ + generate_wellknown_sids(); /* The token is initialised here */ + return &system_token; } /************************************************************************** -- cgit