diff options
author | Jeremy Allison <jra@samba.org> | 2000-08-10 17:48:15 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2000-08-10 17:48:15 +0000 |
commit | 1e46bde597eb77ed708649585d6125f8e82dde31 (patch) | |
tree | 23888d150d315c63ea30abd5da5164d36a4479ca | |
parent | 536a055a9a7c6c43cd24477319f5851fb83dcb5d (diff) | |
download | samba-1e46bde597eb77ed708649585d6125f8e82dde31.tar.gz samba-1e46bde597eb77ed708649585d6125f8e82dde31.tar.bz2 samba-1e46bde597eb77ed708649585d6125f8e82dde31.zip |
Removed requirement that sid have an owner before being interpreted.
Thanks to Elrond for pointing this out.
Jeremy.
(This used to be commit 1d9a5494f8214b8d6171073f4090687a8535d78c)
-rw-r--r-- | source3/lib/util_seaccess.c | 27 |
1 files changed, 9 insertions, 18 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 354f7f2fae..486db7c8c8 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -229,30 +229,21 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, return True; } - - /* We must know the owner sid */ - - if (sd->owner_sid == NULL) { - DEBUG(1, ("no owner for security descriptor\n")); - *acc_granted = 0; - *status = NT_STATUS_ACCESS_DENIED; - DEBUG(5, ("se_access_check: no owner sid, access denied\n")); - return False; - } - /* The user sid is the first in the token */ DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[0]) )); /* Is the token the owner of the SID ? */ - for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&token->user_sids[i], sd->owner_sid)) { - /* - * The owner always has SEC_RIGHTS_WRITE_DAC. - */ - if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC) - tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC; + if (sd->owner_sid) { + for (i = 0; i < token->num_sids; i++) { + if (sid_equal(&token->user_sids[i], sd->owner_sid)) { + /* + * The owner always has SEC_RIGHTS_WRITE_DAC. + */ + if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC) + tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC; + } } } |