diff options
author | Jeremy Allison <jra@samba.org> | 2001-09-26 00:05:03 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2001-09-26 00:05:03 +0000 |
commit | 0f4281b9b4a4056e9e087deb15e60ea482af7a74 (patch) | |
tree | 209555a82bbba203434a9818785f780bdca15890 /source3/lib | |
parent | 6ddcd8a3bcef32694d9d753ff91cced71f5ca3a8 (diff) | |
download | samba-0f4281b9b4a4056e9e087deb15e60ea482af7a74.tar.gz samba-0f4281b9b4a4056e9e087deb15e60ea482af7a74.tar.bz2 samba-0f4281b9b4a4056e9e087deb15e60ea482af7a74.zip |
Added Elrond patch to make se_access_check use NT datastructures, not Samba.
Jeremy.
(This used to be commit bca6419447e926e51aeecf3e484228f640cecb84)
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/util_seaccess.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index f10c84c276..ec1b56ae86 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -30,7 +30,7 @@ extern int DEBUGLEVEL; Check if this ACE has a SID in common with the token. **********************************************************************************/ -static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) +static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) { size_t i; @@ -204,7 +204,7 @@ void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) "Access-Checking" document in MSDN. *****************************************************************************/ -BOOL se_access_check(SEC_DESC *sd, struct current_user *user, +BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, uint32 acc_desired, uint32 *acc_granted, NTSTATUS *status) { @@ -212,17 +212,20 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, size_t i; SEC_ACL *the_acl; fstring sid_str; - NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token; uint32 tmp_acc_desired = acc_desired; if (!status || !acc_granted) return False; + if (!token) + token = &anonymous_token; + *status = NT_STATUS_OK; *acc_granted = 0; - DEBUG(10,("se_access_check: requested access %x, for uid %u\n", - (unsigned int)acc_desired, (unsigned int)user->uid )); + DEBUG(10,("se_access_check: requested access %x, for NT token with %u entries and first sid %s.\n", + (unsigned int)acc_desired, (unsigned int)token->num_sids, + sid_to_string(sid_str, &token->user_sids[0]))); /* * No security descriptor or security descriptor with no DACL |