diff options
| author | Volker Lendecke <vl@samba.org> | 2014-05-27 07:04:38 +0000 |
|---|---|---|
| committer | David Disseldorp <ddiss@samba.org> | 2014-05-27 17:32:12 +0200 |
| commit | e72d8b7acc8d20fe09dcb24298e0839ee1b257f9 (patch) | |
| tree | 2632d9f1119669b669f88ab93df61a3589539d2e | |
| parent | 6218e5cbfe9233935060adb54a6c0e3f47e9dc65 (diff) | |
| download | samba-e72d8b7acc8d20fe09dcb24298e0839ee1b257f9.tar.gz samba-e72d8b7acc8d20fe09dcb24298e0839ee1b257f9.tar.xz samba-e72d8b7acc8d20fe09dcb24298e0839ee1b257f9.zip | |
libcli: Simplify desc_ace_has_generic()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
| -rw-r--r-- | libcli/security/create_descriptor.c | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/libcli/security/create_descriptor.c b/libcli/security/create_descriptor.c index 33c9b10c6bf..03c0658485e 100644 --- a/libcli/security/create_descriptor.c +++ b/libcli/security/create_descriptor.c @@ -107,17 +107,14 @@ static bool object_in_list(struct GUID *object_list, struct GUID *object) /* returns true if the ACE gontains generic information * that needs to be processed additionally */ -static bool desc_ace_has_generic(TALLOC_CTX *mem_ctx, - struct security_ace *ace) +static bool desc_ace_has_generic(struct security_ace *ace) { - struct dom_sid *co, *cg; - co = dom_sid_parse_talloc(mem_ctx, SID_CREATOR_OWNER); - cg = dom_sid_parse_talloc(mem_ctx, SID_CREATOR_GROUP); if (ace->access_mask & SEC_GENERIC_ALL || ace->access_mask & SEC_GENERIC_READ || ace->access_mask & SEC_GENERIC_WRITE || ace->access_mask & SEC_GENERIC_EXECUTE) { return true; } - if (dom_sid_equal(&ace->trustee, co) || dom_sid_equal(&ace->trustee, cg)) { + if (dom_sid_equal(&ace->trustee, &global_sid_Creator_Owner) || + dom_sid_equal(&ace->trustee, &global_sid_Creator_Group)) { return true; } return false; @@ -175,7 +172,7 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx, tmp_acl->aces[tmp_acl->num_aces].flags |= SEC_ACE_FLAG_INHERITED_ACE; /* remove IO flag from the child's ace */ if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY && - !desc_ace_has_generic(tmp_ctx, ace)) { + !desc_ace_has_generic(ace)) { tmp_acl->aces[tmp_acl->num_aces].flags &= ~SEC_ACE_FLAG_INHERIT_ONLY; } @@ -208,7 +205,7 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx, tmp_acl->num_aces++; if (is_container) { if (!(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) && - (desc_ace_has_generic(tmp_ctx, ace))) { + (desc_ace_has_generic(ace))) { tmp_acl->aces = talloc_realloc(tmp_acl, tmp_acl->aces, struct security_ace, @@ -287,7 +284,7 @@ static struct security_acl *process_user_acl(TALLOC_CTX *mem_ctx, /* if the ACE contains CO, CG, GA, GE, GR or GW, and is inheritable * it has to be expanded to two aces, the original as IO, * and another one where these are translated */ - if (desc_ace_has_generic(tmp_ctx, ace)) { + if (desc_ace_has_generic(ace)) { if (!(ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) { desc_expand_generic(&tmp_acl->aces[tmp_acl->num_aces-1], owner, |