Based on patch from Sebastian Lackner sebastian@fds-team.de

Signed-off-by: Vijay Kiran Kamuju infyquest@gmail.com --- server/token.c | 31 ++++++------------------------- 1 file changed, 6 insertions(+), 25 deletions(-)

diff --git a/server/token.c b/server/token.c index e0f28c6da6e..9944e3bb69c 100644 --- a/server/token.c +++ b/server/token.c @@ -125,13 +125,7 @@ struct privilege struct group { struct list entry; - unsigned enabled : 1; /* is the sid currently enabled? */ - unsigned def : 1; /* is the sid enabled by default? */ - unsigned logon : 1; /* is this a logon sid? */ - unsigned mandatory: 1; /* is this sid always enabled? */ - unsigned owner : 1; /* can this sid be an owner of an object? */ - unsigned resource : 1; /* is this a domain-local group? */ - unsigned deny_only: 1; /* is this a sid that should be use for denying only? */ + unsigned attributes; SID sid; };

@@ -584,16 +578,10 @@ static struct token *create_token( unsigned primary, const SID *user, return NULL; } memcpy( &group->sid, groups[i].Sid, security_sid_len( groups[i].Sid )); - group->enabled = TRUE; - group->def = TRUE; - group->logon = (groups[i].Attributes & SE_GROUP_LOGON_ID) != 0; - group->mandatory = (groups[i].Attributes & SE_GROUP_MANDATORY) != 0; - group->owner = (groups[i].Attributes & SE_GROUP_OWNER) != 0; - group->resource = FALSE; - group->deny_only = FALSE; + group->attributes = (groups[i].Attributes | SE_GROUP_VALID_ATTRIBUTES); list_add_tail( &token->groups, &group->entry ); /* Use first owner capable group as owner and primary group */ - if (!token->primary_group && group->owner) + if (!token->primary_group && (group->attributes & SE_GROUP_OWNER)) { token->owner = &group->sid; token->primary_group = &group->sid; @@ -963,8 +951,8 @@ int token_sid_present( struct token *token, const SID *sid, int deny )

LIST_FOR_EACH_ENTRY( group, &token->groups, struct group, entry ) { - if (!group->enabled) continue; - if (group->deny_only && !deny) continue; + if (!(group->attributes & SE_GROUP_ENABLED)) continue; + if ((group->attributes & SE_GROUP_USE_FOR_DENY_ONLY) && !deny) continue;

if (security_equal_sid( &group->sid, sid )) return TRUE; } @@ -1498,14 +1486,7 @@ DECL_HANDLER(get_token_groups) LIST_FOR_EACH_ENTRY( group, &token->groups, const struct group, entry ) {

- *attr_ptr = 0; - if (group->mandatory) *attr_ptr |= SE_GROUP_MANDATORY; - if (group->def) *attr_ptr |= SE_GROUP_ENABLED_BY_DEFAULT; - if (group->enabled) *attr_ptr |= SE_GROUP_ENABLED; - if (group->owner) *attr_ptr |= SE_GROUP_OWNER; - if (group->deny_only) *attr_ptr |= SE_GROUP_USE_FOR_DENY_ONLY; - if (group->resource) *attr_ptr |= SE_GROUP_RESOURCE; - if (group->logon) *attr_ptr |= SE_GROUP_LOGON_ID; + *attr_ptr = group->attributes;

memcpy(sid_ptr, &group->sid, security_sid_len( &group->sid ));