diff options
-rw-r--r-- | source3/Makefile.in | 3 | ||||
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/lib/util_seaccess.c | 8 | ||||
-rw-r--r-- | source3/lib/util_sid.c | 11 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 6 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 2 |
6 files changed, 10 insertions, 21 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 4d2587fdaa..18335cf1c7 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -476,7 +476,8 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \ lib/fncall.o \ libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \ lib/file_id.o lib/idmap_cache.o \ - ../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o + ../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o \ + ../libcli/security/security_token.o LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ) diff --git a/source3/include/proto.h b/source3/include/proto.h index 6094742c8b..b40f32a0b9 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1292,7 +1292,6 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx, uint32 rid, uint32 **pp_rids, size_t *p_num); bool is_null_sid(const struct dom_sid *sid); -bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid); NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, struct dom_sid **user_sids, diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 13032b8779..af7ba24194 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -110,7 +110,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, uint32_t denied = 0, granted = 0; unsigned i; - if (is_sid_in_token(token, sd->owner_sid)) { + if (security_token_has_sid(token, sd->owner_sid)) { granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; } else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) { granted |= SEC_STD_DELETE; @@ -127,7 +127,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, continue; } - if (!is_sid_in_token(token, &ace->trustee)) { + if (!security_token_has_sid(token, &ace->trustee)) { continue; } @@ -198,7 +198,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */ if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) && - is_sid_in_token(token, sd->owner_sid)) { + security_token_has_sid(token, sd->owner_sid)) { bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE); } if ((bits_remaining & SEC_STD_DELETE) && @@ -218,7 +218,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, continue; } - if (!is_sid_in_token(token, &ace->trustee)) { + if (!security_token_has_sid(token, &ace->trustee)) { continue; } diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index d28333f9da..25933116c4 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -441,17 +441,6 @@ bool is_null_sid(const struct dom_sid *sid) return dom_sid_equal(sid, &null_sid); } -bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid) -{ - int i; - - for (i=0; i<token->num_sids; i++) { - if (dom_sid_compare(sid, &token->sids[i]) == 0) - return true; - } - return false; -} - NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, struct dom_sid **user_sids, diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 874a9214f2..a04584e7c1 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -269,8 +269,8 @@ void map_max_allowed_access(const struct security_token *nt_token, /* Full Access for 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */ - if (is_sid_in_token(nt_token, &global_sid_Builtin_Administrators) || - is_sid_in_token(nt_token, &global_sid_Builtin_Account_Operators)) { + if (security_token_has_sid(nt_token, &global_sid_Builtin_Administrators) || + security_token_has_sid(nt_token, &global_sid_Builtin_Account_Operators)) { *pacc_requested |= GENERIC_ALL_ACCESS; return; } @@ -280,7 +280,7 @@ void map_max_allowed_access(const struct security_token *nt_token, struct dom_sid domadmin_sid; sid_compose(&domadmin_sid, get_global_sam_sid(), DOMAIN_RID_ADMINS); - if (is_sid_in_token(nt_token, &domadmin_sid)) { + if (security_token_has_sid(nt_token, &domadmin_sid)) { *pacc_requested |= GENERIC_ALL_ACCESS; return; } diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index d6fa4ab418..c60887c319 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -4138,7 +4138,7 @@ static void free_user_token(struct security_token *token) static void add_sid_to_token(struct security_token *token, struct dom_sid *sid) { - if (is_sid_in_token(token, sid)) + if (security_token_has_sid(token, sid)) return; token->sids = SMB_REALLOC_ARRAY(token->sids, struct dom_sid, token->num_sids+1); |