diff options
author | Jeremy Allison <jra@samba.org> | 2000-08-08 21:51:22 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2000-08-08 21:51:22 +0000 |
commit | b4d1e192cdcd42de504f5a6ef27f61f6c0e350f0 (patch) | |
tree | 84d8ffc90335daecd718a15702d623c48976807c | |
parent | 0cabe327ef1f3e5439384b5e73e328404e869a92 (diff) | |
download | samba-b4d1e192cdcd42de504f5a6ef27f61f6c0e350f0.tar.gz samba-b4d1e192cdcd42de504f5a6ef27f61f6c0e350f0.tar.xz samba-b4d1e192cdcd42de504f5a6ef27f61f6c0e350f0.zip |
Added SID "Everyone" S-1-1-0 as always matching if present in an ACE.
Jeremy.
(This used to be commit b3a1038ac1bfb0c32e64f6cb26e5e46fbda794a2)
-rw-r--r-- | source3/lib/util_seaccess.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index e9de51632d..351e93dc7a 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -26,11 +26,22 @@ extern int DEBUGLEVEL; +/* Everyone = S-1-1-0 */ + +static DOM_SID everyone_sid = { + 1, /* sid_rev_num */ + 1, /* num_auths */ + { 0, 0, 0, 0, 0, 1}, /* id_auth[6] */ + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} /* sub_auth[15] */ +}; + /* * Guest token used when there is no NT_USER_TOKEN available. */ -static DOM_SID builtin_guest = { +/* Guest = S-1-5-32-546 */ + +static DOM_SID guest_sid = { 1, /* sid_rev_num */ 2, /* num_auths */ { 0, 0, 0, 0, 0, 5}, /* id_auth[6] */ @@ -39,11 +50,12 @@ static DOM_SID builtin_guest = { static NT_USER_TOKEN guest_token = { 1, - &builtin_guest + &guest_sid }; /********************************************************************************** Check if this ACE has a SID in common with the token. + The SID "Everyone" always matches. **********************************************************************************/ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) @@ -51,9 +63,10 @@ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->sid, &token->user_sids[i])) { + if (sid_equal(&ace->sid, &everyone_sid)) + return True; + if (sid_equal(&ace->sid, &token->user_sids[i])) return True; - } } return False; |