summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-08-08 21:51:22 +0000
committerJeremy Allison <jra@samba.org>2000-08-08 21:51:22 +0000
commitb4d1e192cdcd42de504f5a6ef27f61f6c0e350f0 (patch)
tree84d8ffc90335daecd718a15702d623c48976807c
parent0cabe327ef1f3e5439384b5e73e328404e869a92 (diff)
downloadsamba-b4d1e192cdcd42de504f5a6ef27f61f6c0e350f0.tar.gz
samba-b4d1e192cdcd42de504f5a6ef27f61f6c0e350f0.tar.xz
samba-b4d1e192cdcd42de504f5a6ef27f61f6c0e350f0.zip
Added SID "Everyone" S-1-1-0 as always matching if present in an ACE.
Jeremy. (This used to be commit b3a1038ac1bfb0c32e64f6cb26e5e46fbda794a2)
-rw-r--r--source3/lib/util_seaccess.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index e9de51632d..351e93dc7a 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -26,11 +26,22 @@
extern int DEBUGLEVEL;
+/* Everyone = S-1-1-0 */
+
+static DOM_SID everyone_sid = {
+ 1, /* sid_rev_num */
+ 1, /* num_auths */
+ { 0, 0, 0, 0, 0, 1}, /* id_auth[6] */
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} /* sub_auth[15] */
+};
+
/*
* Guest token used when there is no NT_USER_TOKEN available.
*/
-static DOM_SID builtin_guest = {
+/* Guest = S-1-5-32-546 */
+
+static DOM_SID guest_sid = {
1, /* sid_rev_num */
2, /* num_auths */
{ 0, 0, 0, 0, 0, 5}, /* id_auth[6] */
@@ -39,11 +50,12 @@ static DOM_SID builtin_guest = {
static NT_USER_TOKEN guest_token = {
1,
- &builtin_guest
+ &guest_sid
};
/**********************************************************************************
Check if this ACE has a SID in common with the token.
+ The SID "Everyone" always matches.
**********************************************************************************/
static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace)
@@ -51,9 +63,10 @@ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace)
size_t i;
for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&ace->sid, &token->user_sids[i])) {
+ if (sid_equal(&ace->sid, &everyone_sid))
+ return True;
+ if (sid_equal(&ace->sid, &token->user_sids[i]))
return True;
- }
}
return False;