summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in3
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/lib/util_seaccess.c8
-rw-r--r--source3/lib/util_sid.c11
-rw-r--r--source3/rpc_server/srv_samr_nt.c6
-rw-r--r--source3/utils/net_rpc.c2
6 files changed, 10 insertions, 21 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 4d2587fdaa..18335cf1c7 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -476,7 +476,8 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
lib/fncall.o \
libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
lib/file_id.o lib/idmap_cache.o \
- ../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o
+ ../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o \
+ ../libcli/security/security_token.o
LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o
LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6094742c8b..b40f32a0b9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1292,7 +1292,6 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids, size_t
bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
uint32 rid, uint32 **pp_rids, size_t *p_num);
bool is_null_sid(const struct dom_sid *sid);
-bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid);
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
struct dom_sid **user_sids,
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 13032b8779..af7ba24194 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -110,7 +110,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
uint32_t denied = 0, granted = 0;
unsigned i;
- if (is_sid_in_token(token, sd->owner_sid)) {
+ if (security_token_has_sid(token, sd->owner_sid)) {
granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
} else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
granted |= SEC_STD_DELETE;
@@ -127,7 +127,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
continue;
}
- if (!is_sid_in_token(token, &ace->trustee)) {
+ if (!security_token_has_sid(token, &ace->trustee)) {
continue;
}
@@ -198,7 +198,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
/* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
- is_sid_in_token(token, sd->owner_sid)) {
+ security_token_has_sid(token, sd->owner_sid)) {
bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
}
if ((bits_remaining & SEC_STD_DELETE) &&
@@ -218,7 +218,7 @@ NTSTATUS se_access_check(const struct security_descriptor *sd,
continue;
}
- if (!is_sid_in_token(token, &ace->trustee)) {
+ if (!security_token_has_sid(token, &ace->trustee)) {
continue;
}
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index d28333f9da..25933116c4 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -441,17 +441,6 @@ bool is_null_sid(const struct dom_sid *sid)
return dom_sid_equal(sid, &null_sid);
}
-bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid)
-{
- int i;
-
- for (i=0; i<token->num_sids; i++) {
- if (dom_sid_compare(sid, &token->sids[i]) == 0)
- return true;
- }
- return false;
-}
-
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
struct dom_sid **user_sids,
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 874a9214f2..a04584e7c1 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -269,8 +269,8 @@ void map_max_allowed_access(const struct security_token *nt_token,
/* Full Access for 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
- if (is_sid_in_token(nt_token, &global_sid_Builtin_Administrators) ||
- is_sid_in_token(nt_token, &global_sid_Builtin_Account_Operators)) {
+ if (security_token_has_sid(nt_token, &global_sid_Builtin_Administrators) ||
+ security_token_has_sid(nt_token, &global_sid_Builtin_Account_Operators)) {
*pacc_requested |= GENERIC_ALL_ACCESS;
return;
}
@@ -280,7 +280,7 @@ void map_max_allowed_access(const struct security_token *nt_token,
struct dom_sid domadmin_sid;
sid_compose(&domadmin_sid, get_global_sam_sid(),
DOMAIN_RID_ADMINS);
- if (is_sid_in_token(nt_token, &domadmin_sid)) {
+ if (security_token_has_sid(nt_token, &domadmin_sid)) {
*pacc_requested |= GENERIC_ALL_ACCESS;
return;
}
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index d6fa4ab418..c60887c319 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -4138,7 +4138,7 @@ static void free_user_token(struct security_token *token)
static void add_sid_to_token(struct security_token *token, struct dom_sid *sid)
{
- if (is_sid_in_token(token, sid))
+ if (security_token_has_sid(token, sid))
return;
token->sids = SMB_REALLOC_ARRAY(token->sids, struct dom_sid, token->num_sids+1);