[PATCH] server: rewrite to use all attributes for group in create_token

Mon May 6 10:08:55 CDT 2019

Based on patch from Sebastian Lackner <sebastian at fds-team.de>

Signed-off-by: Vijay Kiran Kamuju <infyquest at gmail.com>
---
 server/token.c | 29 +++++------------------------
 1 file changed, 5 insertions(+), 24 deletions(-)

diff --git a/server/token.c b/server/token.c
index e0f28c6da6e..550eec377d5 100644
--- a/server/token.c
+++ b/server/token.c
@@ -125,13 +125,7 @@ struct privilege
 struct group
 {
     struct list entry;
-    unsigned    enabled  : 1; /* is the sid currently enabled? */
-    unsigned    def      : 1; /* is the sid enabled by default? */
-    unsigned    logon    : 1; /* is this a logon sid? */
-    unsigned    mandatory: 1; /* is this sid always enabled? */
-    unsigned    owner    : 1; /* can this sid be an owner of an object? */
-    unsigned    resource : 1; /* is this a domain-local group? */
-    unsigned    deny_only: 1; /* is this a sid that should be use for denying only? */
+    unsigned    attributes;
     SID         sid;
 };
 
@@ -584,13 +578,7 @@ static struct token *create_token( unsigned primary, const SID *user,
                 return NULL;
             }
             memcpy( &group->sid, groups[i].Sid, security_sid_len( groups[i].Sid ));
-            group->enabled = TRUE;
-            group->def = TRUE;
-            group->logon = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0;
-            group->mandatory = (groups[i].Attributes & SE_GROUP_MANDATORY) != 0;
-            group->owner = (groups[i].Attributes & SE_GROUP_OWNER) != 0;
-            group->resource = FALSE;
-            group->deny_only = FALSE;
+            group->attributes = (groups[i].Attributes | SE_GROUP_VALID_ATTRIBUTES);
             list_add_tail( &token->groups, &group->entry );
             /* Use first owner capable group as owner and primary group */
             if (!token->primary_group && group->owner)
@@ -963,8 +951,8 @@ int token_sid_present( struct token *token, const SID *sid, int deny )
 
     LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry )
     {
-        if (!group->enabled) continue;
-        if (group->deny_only && !deny) continue;
+        if (!(group->attributes & SE_GROUP_ENABLED)) continue;
+        if ((group->attributes & SE_GROUP_USE_FOR_DENY_ONLY) && !deny) continue;
 
         if (security_equal_sid( &group->sid, sid )) return TRUE;
     }
@@ -1498,14 +1486,7 @@ DECL_HANDLER(get_token_groups)
                 LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry )
                 {
 
-                    *attr_ptr = 0;
-                    if (group->mandatory) *attr_ptr |= SE_GROUP_MANDATORY;
-                    if (group->def) *attr_ptr |= SE_GROUP_ENABLED_BY_DEFAULT;
-                    if (group->enabled) *attr_ptr |= SE_GROUP_ENABLED;
-                    if (group->owner) *attr_ptr |= SE_GROUP_OWNER;
-                    if (group->deny_only) *attr_ptr |= SE_GROUP_USE_FOR_DENY_ONLY;
-                    if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE;
-                    if (group->logon) *attr_ptr |= SE_GROUP_LOGON_ID;
+                    *attr_ptr = group->attributes;
 
                     memcpy(sid_ptr, &group->sid, security_sid_len( &group->sid ));
 
-- 
2.17.0


