NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
struct lsa_OpenPolicy2 *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
struct security_descriptor *psd = NULL;
size_t sd_size;
uint32_t des_access = r->in.access_mask;
}
/* Work out max allowed. */
- map_max_allowed_access(p->session_info->security_token,
- p->session_info->unix_token,
+ map_max_allowed_access(session_info->security_token,
+ session_info->unix_token,
&des_access);
/* map the generic bits to the lsa policy ones */
return status;
}
- status = access_check_object(psd, p->session_info->security_token,
+ status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
&acc_granted, "_lsa_OpenPolicy2" );
if (!NT_STATUS_IS_OK(status)) {
NTSTATUS _lsa_OpenSecret(struct pipes_struct *p,
struct lsa_OpenSecret *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
struct security_descriptor *psd;
NTSTATUS status;
uint32_t acc_granted;
}
/* Work out max allowed. */
- map_max_allowed_access(p->session_info->security_token,
- p->session_info->unix_token,
+ map_max_allowed_access(session_info->security_token,
+ session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
return status;
}
- status = access_check_object(psd, p->session_info->security_token,
+ status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
r->in.access_mask,
&acc_granted, "_lsa_OpenSecret");
struct trustdom_info *info,
struct policy_handle *handle)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
struct security_descriptor *psd = NULL;
size_t sd_size;
uint32_t acc_granted;
* handle - so don't check against policy handle. */
/* Work out max allowed. */
- map_max_allowed_access(p->session_info->security_token,
- p->session_info->unix_token,
+ map_max_allowed_access(session_info->security_token,
+ session_info->unix_token,
&access_mask);
/* map the generic bits to the lsa account ones */
return status;
}
- status = access_check_object(psd, p->session_info->security_token,
+ status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
access_mask, &acc_granted,
"_lsa_OpenTrustedDomain");
TALLOC_CTX *mem_ctx, DATA_BLOB *auth_blob,
struct trustDomainPasswords *auth_struct)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
enum ndr_err_code ndr_err;
DATA_BLOB lsession_key;
gnutls_cipher_hd_t cipher_hnd = NULL;
int rc;
bool encrypted;
- encrypted =
- dcerpc_is_transport_encrypted(p->session_info);
+ encrypted = dcerpc_is_transport_encrypted(session_info);
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED &&
!encrypted) {
return NT_STATUS_ACCESS_DENIED;
}
- status = session_extract_session_key(p->session_info, &lsession_key, KEY_USE_16BYTES);
+ status = session_extract_session_key(
+ session_info, &lsession_key, KEY_USE_16BYTES);
if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_INVALID_PARAMETER;
}
NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p,
struct lsa_CreateTrustedDomainEx2 *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
struct lsa_info *policy;
NTSTATUS status;
uint32_t acc_granted;
return NT_STATUS_ACCESS_DENIED;
}
- if (p->session_info->unix_token->uid != sec_initial_uid() &&
- !nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS)) {
+ if (session_info->unix_token->uid != sec_initial_uid() &&
+ !nt_token_check_domain_rid(
+ session_info->security_token, DOMAIN_RID_ADMINS)) {
return NT_STATUS_ACCESS_DENIED;
}
/* Work out max allowed. */
- map_max_allowed_access(p->session_info->security_token,
- p->session_info->unix_token,
+ map_max_allowed_access(session_info->security_token,
+ session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
return status;
}
- status = access_check_object(psd, p->session_info->security_token,
+ status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
r->in.access_mask, &acc_granted,
"_lsa_CreateTrustedDomainEx2");
NTSTATUS _lsa_CreateSecret(struct pipes_struct *p,
struct lsa_CreateSecret *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
NTSTATUS status;
struct lsa_info *handle;
uint32_t acc_granted;
}
/* Work out max allowed. */
- map_max_allowed_access(p->session_info->security_token,
- p->session_info->unix_token,
+ map_max_allowed_access(session_info->security_token,
+ session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
return status;
}
- status = access_check_object(psd, p->session_info->security_token,
+ status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
r->in.access_mask,
&acc_granted, "_lsa_CreateSecret");
NTSTATUS _lsa_SetSecret(struct pipes_struct *p,
struct lsa_SetSecret *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
NTSTATUS status;
struct lsa_info *info = NULL;
DATA_BLOB blob_new, blob_old;
return NT_STATUS_ACCESS_DENIED;
}
- status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
+ status = session_extract_session_key(
+ session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
return status;
}
NTSTATUS _lsa_QuerySecret(struct pipes_struct *p,
struct lsa_QuerySecret *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
struct lsa_info *info = NULL;
DATA_BLOB blob_new, blob_old;
DATA_BLOB blob_new_crypt, blob_old_crypt;
return status;
}
- status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
+ status = session_extract_session_key(
+ session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
return status;
}
NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
struct lsa_GetUserName *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
const char *username, *domname;
struct lsa_String *account_name = NULL;
struct lsa_String *authority_name = NULL;
return NT_STATUS_INVALID_PARAMETER;
}
- if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) {
+ if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
/*
* I'm 99% sure this is not the right place to do this,
* global_sid_Anonymous should probably be put into the token
return NT_STATUS_NO_MEMORY;
}
} else {
- username = p->session_info->unix_info->sanitized_username;
- domname = p->session_info->info->domain_name;
+ username = session_info->unix_info->sanitized_username;
+ domname = session_info->info->domain_name;
}
account_name = talloc(p->mem_ctx, struct lsa_String);
NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
struct lsa_CreateAccount *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
NTSTATUS status;
struct lsa_info *handle;
uint32_t acc_granted;
}
/* Work out max allowed. */
- map_max_allowed_access(p->session_info->security_token,
- p->session_info->unix_token,
+ map_max_allowed_access(session_info->security_token,
+ session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
return status;
}
- status = access_check_object(psd, p->session_info->security_token,
+ status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, r->in.access_mask,
&acc_granted, "_lsa_CreateAccount");
if (!NT_STATUS_IS_OK(status)) {
NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
struct lsa_OpenAccount *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
struct security_descriptor *psd = NULL;
size_t sd_size;
uint32_t des_access = r->in.access_mask;
* handle - so don't check against policy handle. */
/* Work out max allowed. */
- map_max_allowed_access(p->session_info->security_token,
- p->session_info->unix_token,
+ map_max_allowed_access(session_info->security_token,
+ session_info->unix_token,
&des_access);
/* map the generic bits to the lsa account ones */
return status;
}
- status = access_check_object(psd, p->session_info->security_token,
+ status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
&acc_granted, "_lsa_OpenAccount" );
if (!NT_STATUS_IS_OK(status)) {
NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p,
struct lsa_AddAccountRights *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
int i = 0;
uint32_t acc_granted = 0;
struct security_descriptor *psd = NULL;
* on the account sid. We don't check here so just use the latter. JRA.
*/
- status = access_check_object(psd, p->session_info->security_token,
+ status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW,
&acc_granted, "_lsa_AddAccountRights" );
NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p,
struct lsa_RemoveAccountRights *r)
{
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
int i = 0;
struct security_descriptor *psd = NULL;
size_t sd_size;
* and DELETE on the account sid.
*/
- status = access_check_object(psd, p->session_info->security_token,
+ status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
LSA_ACCOUNT_VIEW|SEC_STD_DELETE,
git.samba.org / samba.git / blobdiff