summaryrefslogtreecommitdiff
path: root/source4/libcli/security
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-11-20 00:29:04 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:06:01 -0500
commit5d35fe6f711985ac337da812bdbde006172bf256 (patch)
tree9f9ae277aa9823e00b898c68b78c7e232b9e3906 /source4/libcli/security
parentd95a256d1b7f579666c852740d32ba0f446a4c66 (diff)
downloadsamba-5d35fe6f711985ac337da812bdbde006172bf256.tar.gz
samba-5d35fe6f711985ac337da812bdbde006172bf256.tar.bz2
samba-5d35fe6f711985ac337da812bdbde006172bf256.zip
r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We now
verify that the security descriptor found in the SamSync is the same as what is available over SAMR. Unfortunately, the administrator seems unable to retrieve the SACL on the security descriptor, so I've added a new function to compare with a mask. Andrew Bartlett (This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
Diffstat (limited to 'source4/libcli/security')
-rw-r--r--source4/libcli/security/security_descriptor.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c
index 5ed5ef5c76..a4056e5e71 100644
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -224,3 +224,24 @@ BOOL security_descriptor_equal(const struct security_descriptor *sd1,
return True;
}
+
+/*
+ compare two security descriptors, but allow certain (missing) parts
+ to be masked out of the comparison
+*/
+BOOL security_descriptor_mask_equal(const struct security_descriptor *sd1,
+ const struct security_descriptor *sd2,
+ uint32 mask)
+{
+ if (sd1 == sd2) return True;
+ if (!sd1 || !sd2) return False;
+ if (sd1->revision != sd2->revision) return False;
+ if ((sd1->type & mask) != (sd2->type & mask)) return False;
+
+ if (!dom_sid_equal(sd1->owner_sid, sd2->owner_sid)) return False;
+ if (!dom_sid_equal(sd1->group_sid, sd2->group_sid)) return False;
+ if ((mask & SEC_DESC_DACL_PRESENT) && !security_acl_equal(sd1->dacl, sd2->dacl)) return False;
+ if ((mask & SEC_DESC_SACL_PRESENT) && !security_acl_equal(sd1->sacl, sd2->sacl)) return False;
+
+ return True;
+}