static int collect_aliasmem(struct db_record *rec, void *priv) { struct aliasmem_state *state = (struct aliasmem_state *)priv; const char *p; char *alias_string; TALLOC_CTX *frame; if (strncmp((const char *)rec->key.dptr, MEMBEROF_PREFIX, MEMBEROF_PREFIX_LEN) != 0) return 0; p = (const char *)rec->value.dptr; frame = talloc_stackframe(); while (next_token_talloc(frame, &p, &alias_string, " ")) { struct dom_sid alias, member; const char *member_string; uint32_t num_sids; if (!string_to_sid(&alias, alias_string)) continue; if (dom_sid_compare(state->alias, &alias) != 0) continue; /* Ok, we found the alias we're looking for in the membership * list currently scanned. The key represents the alias * member. Add that. */ member_string = strchr((const char *)rec->key.dptr, '/'); /* Above we tested for MEMBEROF_PREFIX which includes the * slash. */ SMB_ASSERT(member_string != NULL); member_string += 1; if (!string_to_sid(&member, member_string)) continue; num_sids = *state->num; if (!NT_STATUS_IS_OK(add_sid_to_array(state->mem_ctx, &member, state->sids, &num_sids))) { /* talloc fail. */ break; } *state->num = num_sids; } TALLOC_FREE(frame); return 0; }
static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) { struct dom_sid *sids; size_t i; size_t num; /* This feels the wrong way round, but the on-disk data structure * dictates it this way. */ if (!NT_STATUS_IS_OK(alias_memberships(member, 1, &sids, &num))) return False; for (i=0; i<num; i++) { if (dom_sid_compare(alias, &sids[i]) == 0) { TALLOC_FREE(sids); return True; } } TALLOC_FREE(sids); return False; }
bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2) { return dom_sid_compare(sid1, sid2) == 0; }
NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context, TALLOC_CTX *mem_ctx, void *server_returned_info, const char *original_user_name, uint32_t session_info_flags, struct auth_session_info **session_info) { struct auth_user_info_dc *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; NTSTATUS nt_status; /* * This is a hack, some callers... * * Some callers pass auth_user_info_dc, the SCHANNEL and * NCALRPC_AS_SYSTEM gensec modules. * * While the reset passes auth3_check_password() returned. */ user_info = talloc_get_type(server_returned_info, struct auth_user_info_dc); if (user_info != NULL) { const struct dom_sid *sid; int cmp; /* * This should only be called from SCHANNEL or NCALRPC_AS_SYSTEM */ if (user_info->num_sids != 1) { return NT_STATUS_INTERNAL_ERROR; } sid = &user_info->sids[PRIMARY_USER_SID_INDEX]; cmp = dom_sid_compare(sid, &global_sid_System); if (cmp == 0) { return make_session_info_system(mem_ctx, session_info); } cmp = dom_sid_compare(sid, &global_sid_Anonymous); if (cmp == 0) { /* * TODO: use auth_anonymous_session_info() here? */ return make_session_info_guest(mem_ctx, session_info); } return NT_STATUS_INTERNAL_ERROR; } server_info = talloc_get_type_abort(server_returned_info, struct auth_serversupplied_info); nt_status = create_local_token(mem_ctx, server_info, NULL, original_user_name, session_info); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("create_local_token failed: %s\n", nt_errstr(nt_status))); return nt_status; } return NT_STATUS_OK; }
static bool same_principal(struct afs_ace *x, struct afs_ace *y) { return ( (x->positive == y->positive) && (dom_sid_compare(&x->sid, &y->sid) == 0) ); }
static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) { NTSTATUS status; struct dom_sid *sids; size_t i, num; bool found = False; char *member_string; char *key; fstring sid_string; if (db->transaction_start(db) != 0) { DEBUG(0, ("transaction_start failed\n")); return NT_STATUS_INTERNAL_DB_CORRUPTION; } status = alias_memberships(member, 1, &sids, &num); if (!NT_STATUS_IS_OK(status)) { goto cancel; } for (i=0; i<num; i++) { if (dom_sid_compare(&sids[i], alias) == 0) { found = True; break; } } if (!found) { TALLOC_FREE(sids); status = NT_STATUS_MEMBER_NOT_IN_ALIAS; goto cancel; } if (i < num) sids[i] = sids[num-1]; num -= 1; sid_to_fstring(sid_string, member); key = talloc_asprintf(sids, "%s%s", MEMBEROF_PREFIX, sid_string); if (key == NULL) { TALLOC_FREE(sids); status = NT_STATUS_NO_MEMORY; goto cancel; } if (num == 0) { status = dbwrap_delete_bystring(db, key); goto commit; } member_string = talloc_strdup(sids, ""); if (member_string == NULL) { TALLOC_FREE(sids); status = NT_STATUS_NO_MEMORY; goto cancel; } for (i=0; i<num; i++) { sid_to_fstring(sid_string, &sids[i]); member_string = talloc_asprintf_append_buffer( member_string, " %s", sid_string); if (member_string == NULL) { TALLOC_FREE(sids); status = NT_STATUS_NO_MEMORY; goto cancel; } } status = dbwrap_store_bystring( db, key, string_term_tdb_data(member_string), 0); commit: TALLOC_FREE(sids); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("dbwrap_store_bystring failed: %s\n", nt_errstr(status))); goto cancel; } if (db->transaction_commit(db) != 0) { DEBUG(0, ("transaction_commit failed\n")); status = NT_STATUS_INTERNAL_DB_CORRUPTION; return status; } return NT_STATUS_OK; cancel: if (db->transaction_cancel(db) != 0) { smb_panic("transaction_cancel failed"); } return status; }