-/*
- * Create a NT token for the user, expanding local aliases
- */
-
-static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
- const DOM_SID *group_sid,
- BOOL is_guest,
- int num_groupsids,
- const DOM_SID *groupsids)
-{
- TALLOC_CTX *tmp_ctx;
- struct nt_user_token *result = NULL;
- int i;
- NTSTATUS status;
-
- tmp_ctx = talloc_new(mem_ctx);
- if (tmp_ctx == NULL) {
- DEBUG(0, ("talloc_new failed\n"));
- return NULL;
- }
-
- result = TALLOC_ZERO_P(tmp_ctx, NT_USER_TOKEN);
- if (result == NULL) {
- DEBUG(0, ("talloc failed\n"));
- goto done;
- }
-
- /* First create the default SIDs */
-
- add_sid_to_array(result, user_sid,
- &result->user_sids, &result->num_sids);
- add_sid_to_array(result, group_sid,
- &result->user_sids, &result->num_sids);
- add_sid_to_array(result, &global_sid_World,
- &result->user_sids, &result->num_sids);
- add_sid_to_array(result, &global_sid_Network,
- &result->user_sids, &result->num_sids);
-
- if (is_guest) {
- add_sid_to_array(result, &global_sid_Builtin_Guests,
- &result->user_sids, &result->num_sids);
- } else {
- add_sid_to_array(result, &global_sid_Authenticated_Users,
- &result->user_sids, &result->num_sids);
- }
-
- /* Now the SIDs we got from authentication. These are the ones from
- * the info3 struct or from the pdb_enum_group_memberships, depending
- * on who authenticated the user. */
-
- for (i=0; i<num_groupsids; i++) {
- add_sid_to_array_unique(result, &groupsids[i],
- &result->user_sids, &result->num_sids);
- }
-
- if (lp_winbind_nested_groups()) {
-
- /* Now add the aliases. First the one from our local SAM */
-
- status = add_aliases(tmp_ctx, get_global_sam_sid(), result);
-
- if (!NT_STATUS_IS_OK(status)) {
- result = NULL;
- goto done;
- }
-
- /* Finally the builtin ones */
-
- status = add_aliases(tmp_ctx, &global_sid_Builtin, result);
-
- if (!NT_STATUS_IS_OK(status)) {
- result = NULL;
- goto done;
- }
- } else {
-
- /* Play jerry's trick to auto-add local admins if we're a
- * domain admin. */
-
- DOM_SID dom_admins;
- BOOL domain_mode = False;
-
- if (IS_DC) {
- sid_compose(&dom_admins, get_global_sam_sid(),
- DOMAIN_GROUP_RID_ADMINS);
- domain_mode = True;
- }
- if ((lp_server_role() == ROLE_DOMAIN_MEMBER) &&
- (secrets_fetch_domain_sid(lp_workgroup(), &dom_admins))) {
- sid_append_rid(&dom_admins, DOMAIN_GROUP_RID_ADMINS);
- domain_mode = True;
- }
-
- if (domain_mode) {
- for (i=0; i<result->num_sids; i++) {
- if (sid_equal(&dom_admins,
- &result->user_sids[i])) {
- add_sid_to_array_unique(
- result,
- &global_sid_Builtin_Administrators,
- &result->user_sids,
- &result->num_sids);
- break;
- }
- }
-
- }
- }
-
- get_privileges_for_sids(&result->privileges, result->user_sids,
- result->num_sids);
-
- talloc_steal(mem_ctx, result);
-
- done:
- TALLOC_FREE(tmp_ctx);
- return result;
-}
-