From e72d8b7acc8d20fe09dcb24298e0839ee1b257f9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 27 May 2014 07:04:38 +0000 Subject: libcli: Simplify desc_ace_has_generic() Signed-off-by: Volker Lendecke Reviewed-by: David Disseldorp --- libcli/security/create_descriptor.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'libcli/security') diff --git a/libcli/security/create_descriptor.c b/libcli/security/create_descriptor.c index 33c9b10c6bf..03c0658485e 100644 --- a/libcli/security/create_descriptor.c +++ b/libcli/security/create_descriptor.c @@ -107,17 +107,14 @@ static bool object_in_list(struct GUID *object_list, struct GUID *object) /* returns true if the ACE gontains generic information * that needs to be processed additionally */ -static bool desc_ace_has_generic(TALLOC_CTX *mem_ctx, - struct security_ace *ace) +static bool desc_ace_has_generic(struct security_ace *ace) { - struct dom_sid *co, *cg; - co = dom_sid_parse_talloc(mem_ctx, SID_CREATOR_OWNER); - cg = dom_sid_parse_talloc(mem_ctx, SID_CREATOR_GROUP); if (ace->access_mask & SEC_GENERIC_ALL || ace->access_mask & SEC_GENERIC_READ || ace->access_mask & SEC_GENERIC_WRITE || ace->access_mask & SEC_GENERIC_EXECUTE) { return true; } - if (dom_sid_equal(&ace->trustee, co) || dom_sid_equal(&ace->trustee, cg)) { + if (dom_sid_equal(&ace->trustee, &global_sid_Creator_Owner) || + dom_sid_equal(&ace->trustee, &global_sid_Creator_Group)) { return true; } return false; @@ -175,7 +172,7 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx, tmp_acl->aces[tmp_acl->num_aces].flags |= SEC_ACE_FLAG_INHERITED_ACE; /* remove IO flag from the child's ace */ if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY && - !desc_ace_has_generic(tmp_ctx, ace)) { + !desc_ace_has_generic(ace)) { tmp_acl->aces[tmp_acl->num_aces].flags &= ~SEC_ACE_FLAG_INHERIT_ONLY; } @@ -208,7 +205,7 @@ static struct security_acl *calculate_inherited_from_parent(TALLOC_CTX *mem_ctx, tmp_acl->num_aces++; if (is_container) { if (!(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) && - (desc_ace_has_generic(tmp_ctx, ace))) { + (desc_ace_has_generic(ace))) { tmp_acl->aces = talloc_realloc(tmp_acl, tmp_acl->aces, struct security_ace, @@ -287,7 +284,7 @@ static struct security_acl *process_user_acl(TALLOC_CTX *mem_ctx, /* if the ACE contains CO, CG, GA, GE, GR or GW, and is inheritable * it has to be expanded to two aces, the original as IO, * and another one where these are translated */ - if (desc_ace_has_generic(tmp_ctx, ace)) { + if (desc_ace_has_generic(ace)) { if (!(ace->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) { desc_expand_generic(&tmp_acl->aces[tmp_acl->num_aces-1], owner, -- cgit