The branch, master has been updated
via 6cf29b3... s4:security Change struct security_token->sids from
struct dom_sid * to struct dom_sid
from abcfc11... s3:pdbtest Fix command name of pdbtest
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6cf29b3e4f3880882eb7df45dbcfaf7bd2b8d9f4
Author: Andrew Bartlett <[email protected]>
Date: Fri Aug 20 12:15:15 2010 +1000
s4:security Change struct security_token->sids from struct dom_sid * to
struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/security.idl | 2 +-
source4/auth/system_session.c | 26 ++++++++------
source4/dsdb/samdb/ldb_modules/acl.c | 2 +-
source4/dsdb/samdb/ldb_modules/operational.c | 2 +-
source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +-
source4/dsdb/samdb/samdb.c | 47 ++++++++++++--------------
source4/dsdb/samdb/samdb_privilege.c | 2 +-
source4/kdc/kpasswdd.c | 6 ++--
source4/lib/policy/gp_ldap.c | 2 +-
source4/libcli/security/create_descriptor.c | 8 ++--
source4/libcli/security/security_token.c | 6 ++--
source4/ntvfs/unixuid/vfs_unixuid.c | 2 +-
source4/rpc_server/drsuapi/getncchanges.c | 2 +-
source4/rpc_server/drsuapi/updaterefs.c | 4 +-
source4/rpc_server/handles.c | 4 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 2 +-
source4/utils/ntlm_auth.c | 2 +-
17 files changed, 61 insertions(+), 60 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 5594542..b8b35d2 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -470,7 +470,7 @@ interface security
typedef [public] struct {
uint32 num_sids;
- [size_is(num_sids)] dom_sid *sids[*];
+ [size_is(num_sids)] dom_sid sids[*];
udlong privilege_mask;
} security_token;
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 4712702..bec22c1 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -48,11 +48,11 @@ static NTSTATUS create_token(TALLOC_CTX *mem_ctx,
ptoken = security_token_initialise(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(ptoken);
- ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 5);
+ ptoken->sids = talloc_array(ptoken, struct dom_sid, n_groupSIDs + 5);
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
- ptoken->sids[PRIMARY_USER_SID_INDEX] = talloc_reference(ptoken,
user_sid);
- ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken,
group_sid);
+ ptoken->sids[PRIMARY_USER_SID_INDEX] = *user_sid;
+ ptoken->sids[PRIMARY_GROUP_SID_INDEX] = *group_sid;
ptoken->privilege_mask = 0;
/*
@@ -60,15 +60,19 @@ static NTSTATUS create_token(TALLOC_CTX *mem_ctx,
* The only difference between guest and "anonymous"
* is the addition of Authenticated_Users.
*/
- ptoken->sids[2] = dom_sid_parse_talloc(ptoken->sids, SID_WORLD);
- NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[2]);
- ptoken->sids[3] = dom_sid_parse_talloc(ptoken->sids, SID_NT_NETWORK);
- NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[3]);
+
+ if (!dom_sid_parse(SID_WORLD, &ptoken->sids[2])) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ if (!dom_sid_parse(SID_NT_NETWORK, &ptoken->sids[3])) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
ptoken->num_sids = 4;
if (is_authenticated) {
- ptoken->sids[4] = dom_sid_parse_talloc(ptoken->sids,
SID_NT_AUTHENTICATED_USERS);
- NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[4]);
+ if (!dom_sid_parse(SID_NT_AUTHENTICATED_USERS,
&ptoken->sids[4])) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
ptoken->num_sids++;
}
@@ -77,13 +81,13 @@ static NTSTATUS create_token(TALLOC_CTX *mem_ctx,
for (check_sid_idx = 1;
check_sid_idx < ptoken->num_sids;
check_sid_idx++) {
- if (dom_sid_equal(ptoken->sids[check_sid_idx],
groupSIDs[i])) {
+ if (dom_sid_equal(&ptoken->sids[check_sid_idx],
groupSIDs[i])) {
break;
}
}
if (check_sid_idx == ptoken->num_sids) {
- ptoken->sids[ptoken->num_sids++] =
talloc_reference(ptoken->sids, groupSIDs[i]);
+ ptoken->sids[ptoken->num_sids++] = *groupSIDs[i];
}
}
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c
b/source4/dsdb/samdb/ldb_modules/acl.c
index 55d252b..826884f 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -710,7 +710,7 @@ static int acl_check_self_membership(TALLOC_CTX *mem_ctx,
}
/* if we are adding/deleting ourselves, check for self membership */
ret = dsdb_find_dn_by_sid(ldb, mem_ctx,
-
acl_user_token(module)->sids[PRIMARY_USER_SID_INDEX],
+
&acl_user_token(module)->sids[PRIMARY_USER_SID_INDEX],
&user_dn);
if (ret != LDB_SUCCESS) {
return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c
b/source4/dsdb/samdb/ldb_modules/operational.c
index c1da400..56fb272 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -181,7 +181,7 @@ static int construct_token_groups(struct ldb_module *module,
for (i = 1; i < session_info->security_token->num_sids; i++) {
ret = samdb_msg_add_dom_sid(ldb, msg, msg,
"tokenGroups",
-
session_info->security_token->sids[i]);
+
&session_info->security_token->sids[i]);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c
b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 3e5a946..0949b83 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -392,7 +392,7 @@ static int rootdse_add_dynamic(struct ldb_module *module,
struct ldb_message *ms
for (i = 0; i < session_info->security_token->num_sids;
i++) {
if (samdb_msg_add_dom_sid(ldb, msg, msg,
"tokenGroups",
-
session_info->security_token->sids[i]) != 0) {
+
&session_info->security_token->sids[i]) != 0) {
goto failed;
}
}
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 0a2d5c3..ddcd0d2 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -159,17 +159,17 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
ptoken->privilege_mask = 0;
- ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 6
/* over-allocate */);
+ ptoken->sids = talloc_array(ptoken, struct dom_sid, n_groupSIDs + 6 /*
over-allocate */);
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
ptoken->num_sids = 1;
- ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid *,
ptoken->num_sids + 1);
+ ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid,
ptoken->num_sids + 1);
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
- ptoken->sids[PRIMARY_USER_SID_INDEX] = talloc_reference(ptoken,
user_sid);
+ ptoken->sids[PRIMARY_USER_SID_INDEX] = *user_sid;
if (!dom_sid_equal(user_sid, group_sid)) {
- ptoken->sids[PRIMARY_GROUP_SID_INDEX] =
talloc_reference(ptoken, group_sid);
+ ptoken->sids[PRIMARY_GROUP_SID_INDEX] = *group_sid;
ptoken->num_sids++;
}
@@ -180,38 +180,37 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
*/
if (session_info_flags & AUTH_SESSION_INFO_DEFAULT_GROUPS) {
- ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct
dom_sid *, ptoken->num_sids + 1);
+ ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct
dom_sid, ptoken->num_sids + 2);
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
- ptoken->sids[ptoken->num_sids] =
dom_sid_parse_talloc(ptoken->sids, SID_WORLD);
- NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+ if (!dom_sid_parse(SID_WORLD, &ptoken->sids[ptoken->num_sids]))
{
+ return NT_STATUS_INTERNAL_ERROR;
+ }
ptoken->num_sids++;
- ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct
dom_sid *, ptoken->num_sids + 1);
- NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
-
- ptoken->sids[ptoken->num_sids] =
dom_sid_parse_talloc(ptoken->sids, SID_NT_NETWORK);
- NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+ if (!dom_sid_parse(SID_NT_NETWORK,
&ptoken->sids[ptoken->num_sids])) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
ptoken->num_sids++;
-
-
}
if (session_info_flags & AUTH_SESSION_INFO_AUTHENTICATED) {
- ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct
dom_sid *, ptoken->num_sids + 1);
+ ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct
dom_sid, ptoken->num_sids + 1);
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
- ptoken->sids[ptoken->num_sids] =
dom_sid_parse_talloc(ptoken->sids, SID_NT_AUTHENTICATED_USERS);
- NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+ if (!dom_sid_parse(SID_NT_AUTHENTICATED_USERS,
&ptoken->sids[ptoken->num_sids])) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
ptoken->num_sids++;
}
if (session_info_flags & AUTH_SESSION_INFO_ENTERPRISE_DC) {
- ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct
dom_sid *, ptoken->num_sids + 1);
+ ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct
dom_sid, ptoken->num_sids + 1);
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
- ptoken->sids[ptoken->num_sids] =
dom_sid_parse_talloc(ptoken->sids, SID_NT_ENTERPRISE_DCS);
- NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+ if (!dom_sid_parse(SID_NT_ENTERPRISE_DCS,
&ptoken->sids[ptoken->num_sids])) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
ptoken->num_sids++;
}
@@ -220,19 +219,17 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
for (check_sid_idx = 1;
check_sid_idx < ptoken->num_sids;
check_sid_idx++) {
- if (dom_sid_equal(ptoken->sids[check_sid_idx],
groupSIDs[i])) {
+ if (dom_sid_equal(&ptoken->sids[check_sid_idx],
groupSIDs[i])) {
break;
}
}
if (check_sid_idx == ptoken->num_sids) {
- ptoken->sids = talloc_realloc(ptoken, ptoken->sids,
struct dom_sid *, ptoken->num_sids + 1);
+ ptoken->sids = talloc_realloc(ptoken, ptoken->sids,
struct dom_sid, ptoken->num_sids + 1);
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
- ptoken->sids[ptoken->num_sids] =
talloc_reference(ptoken->sids, groupSIDs[i]);
-
NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+ ptoken->sids[ptoken->num_sids] = *groupSIDs[i];
ptoken->num_sids++;
-
}
}
diff --git a/source4/dsdb/samdb/samdb_privilege.c
b/source4/dsdb/samdb/samdb_privilege.c
index 38e5a33..fd74133 100644
--- a/source4/dsdb/samdb/samdb_privilege.c
+++ b/source4/dsdb/samdb/samdb_privilege.c
@@ -119,7 +119,7 @@ NTSTATUS samdb_privilege_setup(struct tevent_context
*ev_ctx,
for (i=0;i<token->num_sids;i++) {
status = samdb_privilege_setup_sid(pdb, mem_ctx,
- token, token->sids[i]);
+ token, &token->sids[i]);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
return status;
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 36ddb65..7148428 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -224,11 +224,11 @@ static bool kpasswdd_change_password(struct kdc_server
*kdc,
DEBUG(3, ("Changing password of %s\\%s (%s)\n",
session_info->server_info->domain_name,
session_info->server_info->account_name,
- dom_sid_string(mem_ctx,
session_info->security_token->sids[PRIMARY_USER_SID_INDEX])));
+ dom_sid_string(mem_ctx,
&session_info->security_token->sids[PRIMARY_USER_SID_INDEX])));
/* Performs the password change */
status = samdb_set_password_sid(samdb, mem_ctx,
-
session_info->security_token->sids[PRIMARY_USER_SID_INDEX],
+
&session_info->security_token->sids[PRIMARY_USER_SID_INDEX],
password, NULL, NULL,
oldLmHash, oldNtHash, /* this is a user
password change */
&reject_reason,
@@ -382,7 +382,7 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
DEBUG(3, ("%s\\%s (%s) is changing password of %s\n",
session_info->server_info->domain_name,
session_info->server_info->account_name,
- dom_sid_string(mem_ctx,
session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
+ dom_sid_string(mem_ctx,
&session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
set_password_on_princ));
ret = ldb_transaction_start(samdb);
if (ret != LDB_SUCCESS) {
diff --git a/source4/lib/policy/gp_ldap.c b/source4/lib/policy/gp_ldap.c
index e566ca4..87fde9d 100644
--- a/source4/lib/policy/gp_ldap.c
+++ b/source4/lib/policy/gp_ldap.c
@@ -443,7 +443,7 @@ NTSTATUS gp_list_gpos(struct gp_context *gp_ctx, struct
security_token *token, c
mem_ctx = talloc_new(gp_ctx);
NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
- sid = dom_sid_string(mem_ctx, token->sids[PRIMARY_USER_SID_INDEX]);
+ sid = dom_sid_string(mem_ctx, &token->sids[PRIMARY_USER_SID_INDEX]);
/* Find the user DN and objectclass via the sid from the security token
*/
rv = ldb_search(gp_ctx->ldb_ctx,
diff --git a/source4/libcli/security/create_descriptor.c
b/source4/libcli/security/create_descriptor.c
index cb52d65..ad6a599 100644
--- a/source4/libcli/security/create_descriptor.c
+++ b/source4/libcli/security/create_descriptor.c
@@ -367,7 +367,7 @@ struct security_descriptor
*create_security_descriptor(TALLOC_CTX *mem_ctx,
if ((inherit_flags & SEC_OWNER_FROM_PARENT) && parent_sd) {
new_owner = parent_sd->owner_sid;
} else if (!default_owner) {
- new_owner = token->sids[PRIMARY_USER_SID_INDEX];
+ new_owner = &token->sids[PRIMARY_USER_SID_INDEX];
} else {
new_owner = default_owner;
new_sd->type |= SEC_DESC_OWNER_DEFAULTED;
@@ -379,11 +379,11 @@ struct security_descriptor
*create_security_descriptor(TALLOC_CTX *mem_ctx,
if (!creator_sd || !creator_sd->group_sid){
if ((inherit_flags & SEC_GROUP_FROM_PARENT) && parent_sd) {
new_group = parent_sd->group_sid;
- } else if (!default_group &&
token->sids[PRIMARY_GROUP_SID_INDEX]) {
- new_group = token->sids[PRIMARY_GROUP_SID_INDEX];
+ } else if (!default_group && token->num_sids >
PRIMARY_GROUP_SID_INDEX) {
+ new_group = &token->sids[PRIMARY_GROUP_SID_INDEX];
} else if (!default_group) {
/* This will happen only for anonymous, which has no
other groups */
- new_group = token->sids[PRIMARY_USER_SID_INDEX];
+ new_group = &token->sids[PRIMARY_USER_SID_INDEX];
} else {
new_group = default_group;
new_sd->type |= SEC_DESC_GROUP_DEFAULTED;
diff --git a/source4/libcli/security/security_token.c
b/source4/libcli/security/security_token.c
index f9be977..e5ea598 100644
--- a/source4/libcli/security/security_token.c
+++ b/source4/libcli/security/security_token.c
@@ -65,7 +65,7 @@ void security_token_debug(int dbg_lev, const struct
security_token *token)
(unsigned long)token->num_sids));
for (i = 0; i < token->num_sids; i++) {
DEBUGADD(dbg_lev, (" SID[%3lu]: %s\n", (unsigned long)i,
- dom_sid_string(mem_ctx, token->sids[i])));
+ dom_sid_string(mem_ctx, &token->sids[i])));
}
security_token_debug_privileges(dbg_lev, token);
@@ -77,7 +77,7 @@ void security_token_debug(int dbg_lev, const struct
security_token *token)
bool security_token_is_sid(const struct security_token *token, const struct
dom_sid *sid)
{
- if (token->sids && dom_sid_equal(token->sids[PRIMARY_USER_SID_INDEX],
sid)) {
+ if (token->sids && dom_sid_equal(&token->sids[PRIMARY_USER_SID_INDEX],
sid)) {
return true;
}
return false;
@@ -109,7 +109,7 @@ bool security_token_has_sid(const struct security_token
*token, const struct dom
{
int i;
for (i = 0; i < token->num_sids; i++) {
- if (dom_sid_equal(token->sids[i], sid)) {
+ if (dom_sid_equal(&token->sids[i], sid)) {
return true;
}
}
diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c
b/source4/ntvfs/unixuid/vfs_unixuid.c
index d36ae15..c37b46e 100644
--- a/source4/ntvfs/unixuid/vfs_unixuid.c
+++ b/source4/ntvfs/unixuid/vfs_unixuid.c
@@ -190,7 +190,7 @@ static NTSTATUS nt_token_to_unix_security(struct
ntvfs_module_context *ntvfs,
for (i=0;i<token->num_sids;i++) {
ZERO_STRUCT(ids[i].xid);
- ids[i].sid = token->sids[i];
+ ids[i].sid = &token->sids[i];
ids[i].status = ID_UNKNOWN;
}
diff --git a/source4/rpc_server/drsuapi/getncchanges.c
b/source4/rpc_server/drsuapi/getncchanges.c
index 8648d5d..7a1ccd9 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1019,7 +1019,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct
dcesrv_call_state *dce_call, TALLOC_
return werr;
}
- user_sid =
dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+ user_sid =
&dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
/* for non-administrator replications, check that they have
diff --git a/source4/rpc_server/drsuapi/updaterefs.c
b/source4/rpc_server/drsuapi/updaterefs.c
index 08d49ba..e911838 100644
--- a/source4/rpc_server/drsuapi/updaterefs.c
+++ b/source4/rpc_server/drsuapi/updaterefs.c
@@ -215,11 +215,11 @@ WERROR dcesrv_drsuapi_DsReplicaUpdateRefs(struct
dcesrv_call_state *dce_call, TA
/* check that they are using an DSA objectGUID that they own */
ret = dsdb_validate_dsa_guid(b_state->sam_ctx,
&req->dest_dsa_guid,
-
dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX]);
+
&dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX]);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Refusing DsReplicaUpdateRefs
for sid %s with GUID %s\n",
dom_sid_string(mem_ctx,
-
dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
+
&dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
GUID_string(mem_ctx, &req->dest_dsa_guid)));
return WERR_DS_DRA_ACCESS_DENIED;
}
diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c
index 495d42a..e70510c 100644
--- a/source4/rpc_server/handles.c
+++ b/source4/rpc_server/handles.c
@@ -44,7 +44,7 @@ _PUBLIC_ struct dcesrv_handle *dcesrv_handle_new(struct
dcesrv_connection_contex
struct dcesrv_handle *h;
struct dom_sid *sid;
- sid =
context->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+ sid =
&context->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
h = talloc(context->assoc_group, struct dcesrv_handle);
if (!h) {
@@ -80,7 +80,7 @@ _PUBLIC_ struct dcesrv_handle *dcesrv_handle_fetch(
struct dcesrv_handle *h;
struct dom_sid *sid;
- sid =
context->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+ sid =
&context->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
if (policy_handle_empty(p)) {
/* TODO: we should probably return a NULL handle here */
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c
b/source4/rpc_server/lsa/dcesrv_lsa.c
index 371419f..9c9ad45 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -338,7 +338,7 @@ static NTSTATUS dcesrv_lsa_QuerySecurity(struct
dcesrv_call_state *dce_call, TAL
DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY);
- sid =
dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+ sid =
&dce_call->conn->auth_state.session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
if (h->wire_handle.handle_type == LSA_HANDLE_POLICY) {
status = dcesrv_build_lsa_sd(mem_ctx, &sd, sid, 0);
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index 7d4349f..0d3e2cf 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -617,7 +617,7 @@ static void manage_gensec_request(enum stdio_helper_mode
stdio_helper_mode,
for (i=0; i<session_info->security_token->num_sids; i++) {
struct security_token *token =
session_info->security_token;
const char *sidstr = dom_sid_string(session_info,
- token->sids[i]);
+ &token->sids[i]);
grouplist = talloc_asprintf_append_buffer(grouplist,
"%s,", sidstr);
}
--
Samba Shared Repository
