summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-08-10 17:48:15 +0000
committerJeremy Allison <jra@samba.org>2000-08-10 17:48:15 +0000
commit1e46bde597eb77ed708649585d6125f8e82dde31 (patch)
tree23888d150d315c63ea30abd5da5164d36a4479ca /source3
parent536a055a9a7c6c43cd24477319f5851fb83dcb5d (diff)
downloadsamba-1e46bde597eb77ed708649585d6125f8e82dde31.tar.gz
samba-1e46bde597eb77ed708649585d6125f8e82dde31.tar.bz2
samba-1e46bde597eb77ed708649585d6125f8e82dde31.zip
Removed requirement that sid have an owner before being interpreted.
Thanks to Elrond for pointing this out. Jeremy. (This used to be commit 1d9a5494f8214b8d6171073f4090687a8535d78c)
Diffstat (limited to 'source3')
-rw-r--r--source3/lib/util_seaccess.c27
1 files changed, 9 insertions, 18 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 354f7f2fae..486db7c8c8 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -229,30 +229,21 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
return True;
}
-
- /* We must know the owner sid */
-
- if (sd->owner_sid == NULL) {
- DEBUG(1, ("no owner for security descriptor\n"));
- *acc_granted = 0;
- *status = NT_STATUS_ACCESS_DENIED;
- DEBUG(5, ("se_access_check: no owner sid, access denied\n"));
- return False;
- }
-
/* The user sid is the first in the token */
DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[0]) ));
/* Is the token the owner of the SID ? */
- for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&token->user_sids[i], sd->owner_sid)) {
- /*
- * The owner always has SEC_RIGHTS_WRITE_DAC.
- */
- if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC)
- tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC;
+ if (sd->owner_sid) {
+ for (i = 0; i < token->num_sids; i++) {
+ if (sid_equal(&token->user_sids[i], sd->owner_sid)) {
+ /*
+ * The owner always has SEC_RIGHTS_WRITE_DAC.
+ */
+ if (tmp_acc_desired & SEC_RIGHTS_WRITE_DAC)
+ tmp_acc_desired &= ~SEC_RIGHTS_WRITE_DAC;
+ }
}
}