summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2008-10-31 10:51:45 -0700
committerJeremy Allison <jra@samba.org>2008-10-31 10:51:45 -0700
commit8344e945742ff343702b9667e26082c560014523 (patch)
tree1e63530a7e4d96b47abaab0192f1f302b6aefb2e /source3/rpc_server
parent161cb81911fe8877bfefd8bd3553f0b3166299fb (diff)
downloadsamba-8344e945742ff343702b9667e26082c560014523.tar.gz
samba-8344e945742ff343702b9667e26082c560014523.tar.bz2
samba-8344e945742ff343702b9667e26082c560014523.zip
Unify se_access_check with the S4 code. Will make
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy.
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_eventlog_nt.c11
-rw-r--r--source3/rpc_server/srv_lsa_nt.c6
-rw-r--r--source3/rpc_server/srv_samr_nt.c4
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c6
4 files changed, 13 insertions, 14 deletions
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index 0e2bcf4126..e56a2e9095 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -71,8 +71,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
{
char *tdbname = elog_tdbname(talloc_tos(), info->logname );
SEC_DESC *sec_desc;
- bool ret;
- NTSTATUS ntstatus;
+ NTSTATUS status;
if ( !tdbname )
return False;
@@ -97,15 +96,15 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
/* run the check, try for the max allowed */
- ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
- &info->access_granted, &ntstatus );
+ status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS,
+ &info->access_granted);
if ( sec_desc )
TALLOC_FREE( sec_desc );
- if ( !ret ) {
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(8,("elog_check_access: se_access_check() return %s\n",
- nt_errstr( ntstatus)));
+ nt_errstr(status)));
return False;
}
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 3addf91494..f4e891ca8c 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -381,7 +381,8 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p,
/* get the generic lsa policy SD until we store it */
lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
- if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) {
+ status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted);
+ if (!NT_STATUS_IS_OK(status)) {
if (p->pipe_user.ut.uid != sec_initial_uid()) {
return status;
}
@@ -431,7 +432,8 @@ NTSTATUS _lsa_OpenPolicy(pipes_struct *p,
/* get the generic lsa policy SD until we store it */
lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
- if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) {
+ status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted);
+ if (!NT_STATUS_IS_OK(status)) {
if (p->pipe_user.ut.uid != sec_initial_uid()) {
return status;
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 386e081d4a..97da3a4f3d 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -186,8 +186,10 @@ static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token,
/* check the security descriptor first */
- if ( se_access_check(psd, token, des_access, acc_granted, &status) )
+ status = se_access_check(psd, token, des_access, acc_granted);
+ if (NT_STATUS_IS_OK(status)) {
goto done;
+ }
/* give root a free pass */
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index a7215ac686..cb6657400f 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -123,16 +123,12 @@ static struct service_control_op* find_service_by_name( const char *name )
static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
uint32 access_desired, uint32 *access_granted )
{
- NTSTATUS result;
-
if ( geteuid() == sec_initial_uid() ) {
DEBUG(5,("svcctl_access_check: using root's token\n"));
token = get_root_nt_token();
}
- se_access_check( sec_desc, token, access_desired, access_granted, &result );
-
- return result;
+ return se_access_check( sec_desc, token, access_desired, access_granted);
}
/********************************************************************