diff options
author | Andrew Bartlett <abartlet@samba.org> | 2017-03-01 11:22:43 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:26 +0200 |
commit | 4a99143a2b2b45e4dfb17695dbfa946d327fea9b (patch) | |
tree | 3ab73f008ad480040cab994bc61f1e202bb3941a /source3/auth | |
parent | eacb5aead71299b6bebbddbaf7c9a3d545f9151b (diff) | |
download | samba-4a99143a2b2b45e4dfb17695dbfa946d327fea9b.tar.gz |
s3-auth: Split out get_user_sid_info3_and_extra() from create_local_nt_token_from_info3()
This will allow us to get the SID in another location for logging
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/proto.h | 3 | ||||
-rw-r--r-- | source3/auth/token_util.c | 41 |
2 files changed, 29 insertions, 15 deletions
diff --git a/source3/auth/proto.h b/source3/auth/proto.h index 0f600a6bca4..b64ebed4e07 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -359,6 +359,9 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx, bool is_guest, int num_groupsids, const struct dom_sid *groupsids); +NTSTATUS get_user_sid_info3_and_extra(const struct netr_SamInfo3 *info3, + const struct extra_auth_info *extra, + struct dom_sid *sid); NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx, bool is_guest, const struct netr_SamInfo3 *info3, diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 77b63e4ba63..03c4b646007 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -211,6 +211,28 @@ static NTSTATUS add_builtin_administrators(struct security_token *token, static NTSTATUS finalize_local_nt_token(struct security_token *result, bool is_guest); +NTSTATUS get_user_sid_info3_and_extra(const struct netr_SamInfo3 *info3, + const struct extra_auth_info *extra, + struct dom_sid *sid) +{ + /* USER SID */ + if (info3->base.rid == (uint32_t)(-1)) { + /* this is a signal the user was fake and generated, + * the actual SID we want to use is stored in the extra + * sids */ + if (is_null_sid(&extra->user_sid)) { + /* we couldn't find the user sid, bail out */ + DEBUG(3, ("Invalid user SID\n")); + return NT_STATUS_UNSUCCESSFUL; + } + sid_copy(sid, &extra->user_sid); + } else { + sid_copy(sid, info3->base.domain_sid); + sid_append_rid(sid, info3->base.rid); + } + return NT_STATUS_OK; +} + NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx, bool is_guest, const struct netr_SamInfo3 *info3, @@ -241,21 +263,10 @@ NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX *mem_ctx, } usrtok->num_sids = 2; - /* USER SID */ - if (info3->base.rid == (uint32_t)(-1)) { - /* this is a signal the user was fake and generated, - * the actual SID we want to use is stored in the extra - * sids */ - if (is_null_sid(&extra->user_sid)) { - /* we couldn't find the user sid, bail out */ - DEBUG(3, ("Invalid user SID\n")); - TALLOC_FREE(usrtok); - return NT_STATUS_UNSUCCESSFUL; - } - sid_copy(&usrtok->sids[0], &extra->user_sid); - } else { - sid_copy(&usrtok->sids[0], info3->base.domain_sid); - sid_append_rid(&usrtok->sids[0], info3->base.rid); + status = get_user_sid_info3_and_extra(info3, extra, &usrtok->sids[0]); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(usrtok); + return status; } /* GROUP SID */ |