2 * Unix SMB/CIFS implementation.
3 * Authentication utility functions
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Andrew Bartlett 2001
6 * Copyright (C) Jeremy Allison 2000-2001
7 * Copyright (C) Rafal Szczesniak 2002
8 * Copyright (C) Volker Lendecke 2006
9 * Copyright (C) Michael Adam 2007
10 * Copyright (C) Guenther Deschner 2007
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 3 of the License, or
15 * (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 /* function(s) moved from auth/auth_util.c to minimize linker deps */
30 /****************************************************************************
31 Duplicate a SID token.
32 ****************************************************************************/
34 NT_USER_TOKEN
*dup_nt_token(TALLOC_CTX
*mem_ctx
, const NT_USER_TOKEN
*ptoken
)
41 token
= TALLOC_ZERO_P(mem_ctx
, NT_USER_TOKEN
);
43 DEBUG(0, ("talloc failed\n"));
47 if (ptoken
->user_sids
&& ptoken
->num_sids
) {
48 token
->user_sids
= (DOM_SID
*)talloc_memdup(
49 token
, ptoken
->user_sids
, sizeof(DOM_SID
) * ptoken
->num_sids
);
51 if (token
->user_sids
== NULL
) {
52 DEBUG(0, ("talloc_memdup failed\n"));
56 token
->num_sids
= ptoken
->num_sids
;
59 /* copy the privileges; don't consider failure to be critical here */
61 if ( !se_priv_copy( &token
->privileges
, &ptoken
->privileges
) ) {
62 DEBUG(0,("dup_nt_token: Failure to copy SE_PRIV!. "
63 "Continuing with 0 privileges assigned.\n"));
69 /****************************************************************************
71 ****************************************************************************/
73 NTSTATUS
merge_nt_token(TALLOC_CTX
*mem_ctx
,
74 const struct nt_user_token
*token_1
,
75 const struct nt_user_token
*token_2
,
76 struct nt_user_token
**token_out
)
78 struct nt_user_token
*token
= NULL
;
82 if (!token_1
|| !token_2
|| !token_out
) {
83 return NT_STATUS_INVALID_PARAMETER
;
86 token
= TALLOC_ZERO_P(mem_ctx
, struct nt_user_token
);
87 NT_STATUS_HAVE_NO_MEMORY(token
);
89 for (i
=0; i
< token_1
->num_sids
; i
++) {
90 status
= add_sid_to_array_unique(mem_ctx
,
91 &token_1
->user_sids
[i
],
94 if (!NT_STATUS_IS_OK(status
)) {
100 for (i
=0; i
< token_2
->num_sids
; i
++) {
101 status
= add_sid_to_array_unique(mem_ctx
,
102 &token_2
->user_sids
[i
],
105 if (!NT_STATUS_IS_OK(status
)) {
111 se_priv_add(&token
->privileges
, &token_1
->privileges
);
112 se_priv_add(&token
->privileges
, &token_2
->privileges
);
119 /*******************************************************************
120 Check if this ACE has a SID in common with the token.
121 ********************************************************************/
123 bool token_sid_in_ace(const NT_USER_TOKEN
*token
, const struct security_ace
*ace
)
127 for (i
= 0; i
< token
->num_sids
; i
++) {
128 if (sid_equal(&ace
->trustee
, &token
->user_sids
[i
]))