diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-12-11 05:41:19 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:06:31 -0500 |
| commit | 6ca874f71ad77c82d6e161a3e4772100de2ad6c5 (patch) | |
| tree | 6379d5d502d779df1da563911d40249030268ac6 /source4/libcli/security/access_check.c | |
| parent | 280bb1cf0fc84c61e20f6f557cecbeba726e2749 (diff) | |
| download | samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.tar.gz samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.tar.xz samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.zip | |
r4147: converted from NT_USER_TOKEN to struct security_token
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
Diffstat (limited to 'source4/libcli/security/access_check.c')
| -rw-r--r-- | source4/libcli/security/access_check.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 425a5c2b6d..c646ee693b 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -27,11 +27,12 @@ /* check if a sid is in the supplied token */ -static BOOL sid_active_in_token(struct dom_sid *sid, struct nt_user_token *token) +static BOOL sid_active_in_token(const struct dom_sid *sid, + const struct security_token *token) { int i; for (i=0;i<token->num_sids;i++) { - if (dom_sid_equal(sid, token->user_sids[i])) { + if (dom_sid_equal(sid, token->sids[i])) { return True; } } @@ -42,16 +43,15 @@ static BOOL sid_active_in_token(struct dom_sid *sid, struct nt_user_token *token /* perform a SEC_FLAG_MAXIMUM_ALLOWED access check */ -static uint32_t access_check_max_allowed(struct security_descriptor *sd, - struct nt_user_token *token) +static uint32_t access_check_max_allowed(const struct security_descriptor *sd, + const struct security_token *token) { uint32_t denied = 0, granted = 0; unsigned i; if (sid_active_in_token(sd->owner_sid, token)) { - granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; } - granted |= SEC_STD_DELETE; for (i = 0;i<sd->dacl->num_aces; i++) { struct security_ace *ace = &sd->dacl->aces[i]; @@ -77,8 +77,8 @@ static uint32_t access_check_max_allowed(struct security_descriptor *sd, /* the main entry point for access checking. */ -NTSTATUS sec_access_check(struct security_descriptor *sd, - struct nt_user_token *token, +NTSTATUS sec_access_check(const struct security_descriptor *sd, + const struct security_token *token, uint32_t access_desired, uint32_t *access_granted) { |