From 46a32687da249174a666d9166fccbe705c8beba0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 9 Jan 2005 12:55:25 +0000 Subject: r4620: - add interface functions to the auth subsystem so that callers doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847) --- source4/libcli/security/security_token.c | 45 ++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 20 deletions(-) (limited to 'source4/libcli/security') diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c index 7bd533dbee..b9baf796df 100644 --- a/source4/libcli/security/security_token.c +++ b/source4/libcli/security/security_token.c @@ -4,6 +4,7 @@ security descriptror utility functions Copyright (C) Andrew Tridgell 2004 + Copyright (C) Stefan Metzmacher 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -48,42 +49,46 @@ struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx) Create the SID list for this user. ****************************************************************************/ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, - struct dom_sid *user_sid, struct dom_sid *group_sid, - int n_groupSIDs, struct dom_sid **groupSIDs, - BOOL is_guest, struct security_token **token) + struct dom_sid *user_sid, + struct dom_sid *group_sid, + int n_groupSIDs, + struct dom_sid **groupSIDs, + BOOL is_authenticated, + struct security_token **token) { struct security_token *ptoken; int i; NTSTATUS status; ptoken = security_token_initialise(mem_ctx); - if (ptoken == NULL) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(ptoken); ptoken->sids = talloc_array_p(ptoken, struct dom_sid *, n_groupSIDs + 5); - if (!ptoken->sids) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(ptoken->sids); - ptoken->user_sid = user_sid; - ptoken->group_sid = group_sid; + ptoken->user_sid = talloc_reference(ptoken, user_sid); + ptoken->group_sid = talloc_reference(ptoken, group_sid); ptoken->privilege_mask = 0; - ptoken->sids[0] = user_sid; - ptoken->sids[1] = group_sid; + ptoken->sids[0] = ptoken->user_sid; + ptoken->sids[1] = ptoken->group_sid; /* * Finally add the "standard" SIDs. - * The only difference between guest and "anonymous" (which we - * don't really support) is the addition of Authenticated_Users. + * The only difference between guest and "anonymous" + * is the addition of Authenticated_Users. */ ptoken->sids[2] = dom_sid_parse_talloc(mem_ctx, SID_WORLD); + NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[2]); ptoken->sids[3] = dom_sid_parse_talloc(mem_ctx, SID_NT_NETWORK); - ptoken->sids[4] = dom_sid_parse_talloc(mem_ctx, - is_guest?SID_BUILTIN_GUESTS: - SID_NT_AUTHENTICATED_USERS); - ptoken->num_sids = 5; + NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[3]); + ptoken->num_sids = 4; + + if (is_authenticated) { + ptoken->sids[4] = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHENTICATED_USERS); + NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[4]); + ptoken->num_sids++; + } for (i = 0; i < n_groupSIDs; i++) { size_t check_sid_idx; @@ -96,7 +101,7 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx, } if (check_sid_idx == ptoken->num_sids) { - ptoken->sids[ptoken->num_sids++] = groupSIDs[i]; + ptoken->sids[ptoken->num_sids++] = talloc_reference(ptoken, groupSIDs[i]); } } -- cgit