From b5b1c52a9850de18e756cdd073cf5f44f26882fe Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 30 Dec 2004 20:34:20 +0000 Subject: r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40) --- source4/auth/auth_util.c | 132 ++++++----------------------------------------- 1 file changed, 16 insertions(+), 116 deletions(-) (limited to 'source4/auth') diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 9af4410a93..04c36143dd 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -24,7 +24,7 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_samr.h" #include "librpc/gen_ndr/ndr_netlogon.h" -#include "librpc/gen_ndr/ndr_security.h" +#include "libcli/security/security.h" #include "auth/auth.h" #undef DBGC_CLASS @@ -297,121 +297,7 @@ BOOL make_user_info_guest(TALLOC_CTX *mem_ctx, return NT_STATUS_IS_OK(nt_status) ? True : False; } -/**************************************************************************** - prints a struct security_token to debug output. -****************************************************************************/ -void debug_security_token(int dbg_class, int dbg_lev, const struct security_token *token) -{ - TALLOC_CTX *mem_ctx; - - size_t i; - - if (!token) { - DEBUGC(dbg_class, dbg_lev, ("Security token: (NULL)\n")); - return; - } - - mem_ctx = talloc_init("debug_security_token()"); - if (!mem_ctx) { - return; - } - - DEBUGC(dbg_class, dbg_lev, ("Security token of user %s\n", - dom_sid_string(mem_ctx, token->user_sid) )); - DEBUGADDC(dbg_class, dbg_lev, ("contains %lu SIDs\n", - (unsigned long)token->num_sids)); - for (i = 0; i < token->num_sids; i++) { - DEBUGADDC(dbg_class, dbg_lev, - ("SID[%3lu]: %s\n", (unsigned long)i, - dom_sid_string(mem_ctx, token->sids[i]))); - } - - talloc_destroy(mem_ctx); -} - -/**************************************************************************** - prints a struct auth_session_info security token to debug output. -****************************************************************************/ -void debug_session_info(int dbg_class, int dbg_lev, - const struct auth_session_info *session_info) -{ - if (!session_info) { - DEBUGC(dbg_class, dbg_lev, ("Session Info: (NULL)\n")); - return; - } - debug_security_token(dbg_class, dbg_lev, session_info->security_token); -} - -/**************************************************************************** - Create the SID list for this user. -****************************************************************************/ -NTSTATUS create_security_token(TALLOC_CTX *mem_ctx, - struct dom_sid *user_sid, struct dom_sid *group_sid, - int n_groupSIDs, struct dom_sid **groupSIDs, - BOOL is_guest, struct security_token **token) -{ - struct security_token *ptoken; - int i; - NTSTATUS status; - - ptoken = security_token_initialise(mem_ctx); - if (ptoken == NULL) { - return NT_STATUS_NO_MEMORY; - } - - ptoken->sids = talloc_array_p(ptoken, struct dom_sid *, n_groupSIDs + 5); - if (!ptoken->sids) { - return NT_STATUS_NO_MEMORY; - } - - ptoken->user_sid = user_sid; - ptoken->group_sid = group_sid; - ptoken->privilege_mask = 0; - - ptoken->sids[0] = user_sid; - ptoken->sids[1] = group_sid; - - /* - * Finally add the "standard" SIDs. - * The only difference between guest and "anonymous" (which we - * don't really support) is the addition of Authenticated_Users. - */ - ptoken->sids[2] = dom_sid_parse_talloc(mem_ctx, SID_WORLD); - ptoken->sids[3] = dom_sid_parse_talloc(mem_ctx, SID_NT_NETWORK); - ptoken->sids[4] = dom_sid_parse_talloc(mem_ctx, - is_guest?SID_BUILTIN_GUESTS: - SID_NT_AUTHENTICATED_USERS); - ptoken->num_sids = 5; - - for (i = 0; i < n_groupSIDs; i++) { - size_t check_sid_idx; - for (check_sid_idx = 1; - check_sid_idx < ptoken->num_sids; - check_sid_idx++) { - if (dom_sid_equal(ptoken->sids[check_sid_idx], groupSIDs[i])) { - break; - } - } - - if (check_sid_idx == ptoken->num_sids) { - ptoken->sids[ptoken->num_sids++] = groupSIDs[i]; - } - } - - /* setup the privilege mask for this token */ - status = samdb_privilege_setup(ptoken); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(ptoken); - return status; - } - - debug_security_token(DBGC_AUTH, 10, ptoken); - - *token = ptoken; - - return NT_STATUS_OK; -} /*************************************************************************** Make a user_info struct @@ -640,7 +526,7 @@ NTSTATUS make_session_info(TALLOC_CTX *mem_ctx, /* we should search for local groups here */ - nt_status = create_security_token((*session_info), + nt_status = security_token_create((*session_info), server_info->user_sid, server_info->primary_group_sid, server_info->n_domain_groups, @@ -662,6 +548,20 @@ void free_session_info(struct auth_session_info **session_info) *session_info = NULL; } +/**************************************************************************** + prints a struct auth_session_info security token to debug output. +****************************************************************************/ +void auth_session_info_debug(int dbg_lev, + const struct auth_session_info *session_info) +{ + if (!session_info) { + DEBUGC(dbg_class, dbg_lev, ("Session Info: (NULL)\n")); + return; + } + + security_token_debug(dbg_lev, session_info->security_token); +} + /** * Squash an NT_STATUS in line with security requirements. * In an attempt to avoid giving the whole game away when users -- cgit