From 276364e2a4cee00f4521845347a0b0a371f6b0e6 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 12 Dec 2000 02:36:14 +0000
Subject: Removed the special casing of SIDs in se_access_check. This is now
 done (correctly) when the NT_USER_TOKEN is *created*. Jeremy. (This used to
 be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)

---
 source3/smbd/password.c | 37 ++++++++++++++++++++++++++++---------
 1 file changed, 28 insertions(+), 9 deletions(-)

(limited to 'source3/smbd/password.c')

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 7232bffd11..193653a867 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -166,37 +166,56 @@ char *validated_domain(uint16 vuid)
  Create the SID list for this user.
 ****************************************************************************/
 
-NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
+NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, BOOL is_guest)
 {
+	extern DOM_SID global_sid_World;
+	extern DOM_SID global_sid_Network;
+	extern DOM_SID global_sid_Builtin_Guests;
+	extern DOM_SID global_sid_Authenticated_Users;
 	NT_USER_TOKEN *token;
 	DOM_SID *psids;
 	int i, psid_ndx = 0;
+	size_t num_sids = 0;
 
 	if ((token = (NT_USER_TOKEN *)malloc( sizeof(NT_USER_TOKEN) ) ) == NULL)
 		return NULL;
 
 	ZERO_STRUCTP(token);
 
-	if ((token->user_sids = (DOM_SID *)malloc( (ngroups + 2)*sizeof(DOM_SID))) == NULL) {
+	/* We always have uid/gid plus World and Network and Authenticated Users or Guest SIDs. */
+	num_sids = 5 + ngroups;
+
+	if ((token->user_sids = (DOM_SID *)malloc( num_sids*sizeof(DOM_SID))) == NULL) {
 		free(token);
 		return NULL;
 	}
 
 	psids = token->user_sids;
 
-	token->num_sids = 2;
+	sid_copy( &psids[psid_ndx++], &global_sid_World);
+	sid_copy( &psids[psid_ndx++], &global_sid_Network);
 
-	uid_to_sid( &psids[0], uid);
-	gid_to_sid( &psids[1], gid);
+	/*
+	 * The only difference between guest and "anonymous" (which we
+	 * don't really support) is the addition of Authenticated_Users.
+	 */
+
+	if (is_guest)
+		sid_copy( &psids[psid_ndx++], &global_sid_Builtin_Guests);
+	else
+		sid_copy( &psids[psid_ndx++], &global_sid_Authenticated_Users);
+
+	uid_to_sid( &psids[psid_ndx++], uid);
+	gid_to_sid( &psids[psid_ndx++], gid);
 
 	for (i = 0; i < ngroups; i++) {
 		if (groups[i] != gid) {
-			gid_to_sid( &psids[psid_ndx+2], groups[i]);
-			psid_ndx++;
-			token->num_sids++;
+			gid_to_sid( &psids[psid_ndx++], groups[i]);
 		}
 	}
 
+	token->num_sids = psid_ndx;
+
 	return token;
 }
 
@@ -257,7 +276,7 @@ uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name,
 	get_current_groups( &vuser->n_groups, &vuser->groups);
 
 	/* Create an NT_USER_TOKEN struct for this user. */
-	vuser->nt_user_token = create_nt_token(uid,gid, vuser->n_groups, vuser->groups);
+	vuser->nt_user_token = create_nt_token(uid,gid, vuser->n_groups, vuser->groups, guest);
 
 	next_vuid++;
 	num_validated_vuids++;
-- 
cgit