diff options
author | Stefan Metzmacher <metze@samba.org> | 2006-03-31 11:05:33 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:59:41 -0500 |
commit | 8cd973decdc72b852417c55b913faad2a1f52183 (patch) | |
tree | aa220d25b83635a7a9184244b1c2865493ec42d1 | |
parent | 05c53f70f0e4b94cf26a433cb61b1706f7715757 (diff) | |
download | samba-8cd973decdc72b852417c55b913faad2a1f52183.tar.gz samba-8cd973decdc72b852417c55b913faad2a1f52183.tar.bz2 samba-8cd973decdc72b852417c55b913faad2a1f52183.zip |
r14840: - rename some functions
- stack specific functions on top of generic ones
metze
(This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/kludge_acl.c | 15 | ||||
-rw-r--r-- | source4/dsdb/samdb/samdb_privilege.c | 4 | ||||
-rw-r--r-- | source4/libcli/security/security_token.c | 72 |
3 files changed, 52 insertions, 39 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 53acb77899..f7efdb65e4 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -65,19 +65,22 @@ static enum user_is what_is_user(struct ldb_module *module) return ANONYMOUS; } - if (is_system_token(session_info->security_token)) { + if (security_token_is_system(session_info->security_token)) { return SYSTEM; } - if (is_administrator_token(session_info->security_token)) { + if (security_token_is_anonymous(session_info->security_token)) { + return ANONYMOUS; + } + + if (security_token_has_builtin_administrators(session_info->security_token)) { return ADMINISTRATOR; } - if (is_authenticated_token(session_info->security_token)) { + + if (security_token_has_nt_authenticated_users(session_info->security_token)) { return USER; } - if (is_anonymous_token(session_info->security_token)) { - return ANONYMOUS; - } + return ANONYMOUS; } diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c index c1a6f2005b..d4c1471e1c 100644 --- a/source4/dsdb/samdb/samdb_privilege.c +++ b/source4/dsdb/samdb/samdb_privilege.c @@ -83,12 +83,12 @@ _PUBLIC_ NTSTATUS samdb_privilege_setup(struct security_token *token) NTSTATUS status; /* Shortcuts to prevent recursion and avoid lookups */ - if (is_system_token(token)) { + if (security_token_is_system(token)) { token->privilege_mask = ~0; return NT_STATUS_OK; } - if (is_anonymous_token(token)) { + if (security_token_is_anonymous(token)) { token->privilege_mask = 0; return NT_STATUS_OK; } diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c index 7ee3a68916..5fcde246ef 100644 --- a/source4/libcli/security/security_token.c +++ b/source4/libcli/security/security_token.c @@ -170,55 +170,65 @@ void security_token_debug(int dbg_lev, const struct security_token *token) /* These really should be cheaper... */ -BOOL is_system_token(struct security_token *token) +BOOL security_token_is_sid(struct security_token *token, const struct dom_sid *sid) { - TALLOC_CTX *mem_ctx = talloc_new(token); - if (dom_sid_equal(token->user_sid, dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM))) { - talloc_free(mem_ctx); + if (dom_sid_equal(token->user_sid, sid)) { return True; } - talloc_free(mem_ctx); return False; } -BOOL is_anonymous_token(struct security_token *token) +BOOL security_token_is_sid_string(struct security_token *token, const char *sid_string) { - TALLOC_CTX *mem_ctx = talloc_new(token); - if (dom_sid_equal(token->user_sid, dom_sid_parse_talloc(mem_ctx, SID_NT_ANONYMOUS))) { - talloc_free(mem_ctx); - return True; - } - talloc_free(mem_ctx); - return False; + BOOL ret; + struct dom_sid *sid = dom_sid_parse_talloc(token, sid_string); + if (!sid) return False; + + ret = security_token_is_sid(token, sid); + + talloc_free(sid); + return ret; } -BOOL is_authenticated_token(struct security_token *token) +BOOL security_token_is_system(struct security_token *token) { - TALLOC_CTX *mem_ctx = talloc_new(token); - int i; - struct dom_sid *authenticated = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHENTICATED_USERS); - for (i = 0; i < token->num_sids; i++) { - if (dom_sid_equal(token->sids[i], authenticated)) { - talloc_free(mem_ctx); - return True; - } - } - talloc_free(mem_ctx); - return False; + return security_token_is_sid_string(token, SID_NT_SYSTEM); } -BOOL is_administrator_token(struct security_token *token) +BOOL security_token_is_anonymous(struct security_token *token) +{ + return security_token_is_sid_string(token, SID_NT_ANONYMOUS); +} + +BOOL security_token_has_sid(struct security_token *token, struct dom_sid *sid) { - TALLOC_CTX *mem_ctx = talloc_new(token); int i; - struct dom_sid *administrators = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN_ADMINISTRATORS); for (i = 0; i < token->num_sids; i++) { - if (dom_sid_equal(token->sids[i], administrators)) { - talloc_free(mem_ctx); + if (dom_sid_equal(token->sids[i], sid)) { return True; } } - talloc_free(mem_ctx); return False; } +BOOL security_token_has_sid_string(struct security_token *token, const char *sid_string) +{ + BOOL ret; + struct dom_sid *sid = dom_sid_parse_talloc(token, sid_string); + if (!sid) return False; + + ret = security_token_has_sid(token, sid); + + talloc_free(sid); + return ret; +} + +BOOL security_token_has_builtin_administrators(struct security_token *token) +{ + return security_token_has_sid_string(token, SID_BUILTIN_ADMINISTRATORS); +} + +BOOL security_token_has_nt_authenticated_users(struct security_token *token) +{ + return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS); +} |