summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-09-26 00:05:03 +0000
committerJeremy Allison <jra@samba.org>2001-09-26 00:05:03 +0000
commit0f4281b9b4a4056e9e087deb15e60ea482af7a74 (patch)
tree209555a82bbba203434a9818785f780bdca15890 /source3/lib
parent6ddcd8a3bcef32694d9d753ff91cced71f5ca3a8 (diff)
downloadsamba-0f4281b9b4a4056e9e087deb15e60ea482af7a74.tar.gz
samba-0f4281b9b4a4056e9e087deb15e60ea482af7a74.tar.bz2
samba-0f4281b9b4a4056e9e087deb15e60ea482af7a74.zip
Added Elrond patch to make se_access_check use NT datastructures, not Samba.
Jeremy. (This used to be commit bca6419447e926e51aeecf3e484228f640cecb84)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/util_seaccess.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index f10c84c276..ec1b56ae86 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -30,7 +30,7 @@ extern int DEBUGLEVEL;
Check if this ACE has a SID in common with the token.
**********************************************************************************/
-static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace)
+static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
{
size_t i;
@@ -204,7 +204,7 @@ void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping)
"Access-Checking" document in MSDN.
*****************************************************************************/
-BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
+BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
uint32 acc_desired, uint32 *acc_granted,
NTSTATUS *status)
{
@@ -212,17 +212,20 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
size_t i;
SEC_ACL *the_acl;
fstring sid_str;
- NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token;
uint32 tmp_acc_desired = acc_desired;
if (!status || !acc_granted)
return False;
+ if (!token)
+ token = &anonymous_token;
+
*status = NT_STATUS_OK;
*acc_granted = 0;
- DEBUG(10,("se_access_check: requested access %x, for uid %u\n",
- (unsigned int)acc_desired, (unsigned int)user->uid ));
+ DEBUG(10,("se_access_check: requested access %x, for NT token with %u entries and first sid %s.\n",
+ (unsigned int)acc_desired, (unsigned int)token->num_sids,
+ sid_to_string(sid_str, &token->user_sids[0])));
/*
* No security descriptor or security descriptor with no DACL