rpc: Add global_sid_Samba_NPA_Flags SID

This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ebbb93cc7a57a118b82b8f383d25f1eb022397d6)

diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 568916a159dc5f46d2435e52365a11d0dc74343c..65d8adc71958cf142c6fd150e0127e98052a0e78 100644 (file)
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -66,6 +66,9 @@ extern const struct dom_sid global_sid_Unix_NFS_Mode;
 extern const struct dom_sid global_sid_Unix_NFS_Other;
 extern const struct dom_sid global_sid_Samba_SMB3;
 
+extern const struct dom_sid global_sid_Samba_NPA_Flags;
+#define SAMBA_NPA_FLAGS_NEED_IDLE 1
+
 enum lsa_SidType;
 
 NTSTATUS dom_sid_lookup_predefined_name(const char *name,

diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 15dc50339d11637d8713d7f8e006d789724de9e8..d7adef31cb74abda148e8340a8ecf62d570252cd 100644 (file)
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -162,6 +162,13 @@ const struct dom_sid global_sid_Unix_NFS_Other =           /* Unix other, MS NFS and Appl
 const struct dom_sid global_sid_Samba_SMB3 =
 {1, 1, {0,0,0,0,0,22}, {1397571891, }};
 
+const struct dom_sid global_sid_Samba_NPA_Flags = {1,
+                                                  1,
+                                                  {0, 0, 0, 0, 0, 22},
+                                                  {
+                                                          2041152804,
+                                                  }};
+
 /* Unused, left here for documentary purposes */
 #if 0
 #define SECURITY_NULL_SID_AUTHORITY    0

diff --git a/source3/include/proto.h b/source3/include/proto.h
index f632cf37c087e2e6dc5ba07bdbf67d695e8c0e41..cfc56f1374ee08124a32c143e33748d58c416921 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -445,6 +445,8 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
                              struct dom_sid **user_sids,
                              uint32_t *num_user_sids,
                              bool include_user_group_rid);
+bool security_token_find_npa_flags(const struct security_token *token,
+                                  uint32_t *_flags);
 
 /* The following definitions come from lib/util_sock.c  */
 

diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 75918b440a3d440ef77a92e57c367d1e658ac3af..16312d27ee6aab651a5301d12c2143bcae2af369 100644 (file)
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -173,3 +173,22 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
 
        return NT_STATUS_OK;
 }
+
+bool security_token_find_npa_flags(const struct security_token *token,
+                                  uint32_t *_flags)
+{
+       const struct dom_sid *npa_flags_sid = NULL;
+       size_t num_npa_sids;
+
+       num_npa_sids =
+               security_token_count_flag_sids(token,
+                                              &global_sid_Samba_NPA_Flags,
+                                              1,
+                                              &npa_flags_sid);
+       if (num_npa_sids != 1) {
+               return false;
+       }
+
+       sid_peek_rid(npa_flags_sid, _flags);
+       return true;
+}