diff options
Diffstat (limited to 'source3/lib/util_seaccess.c')
-rw-r--r-- | source3/lib/util_seaccess.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index e9de51632d..351e93dc7a 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -26,11 +26,22 @@ extern int DEBUGLEVEL; +/* Everyone = S-1-1-0 */ + +static DOM_SID everyone_sid = { + 1, /* sid_rev_num */ + 1, /* num_auths */ + { 0, 0, 0, 0, 0, 1}, /* id_auth[6] */ + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} /* sub_auth[15] */ +}; + /* * Guest token used when there is no NT_USER_TOKEN available. */ -static DOM_SID builtin_guest = { +/* Guest = S-1-5-32-546 */ + +static DOM_SID guest_sid = { 1, /* sid_rev_num */ 2, /* num_auths */ { 0, 0, 0, 0, 0, 5}, /* id_auth[6] */ @@ -39,11 +50,12 @@ static DOM_SID builtin_guest = { static NT_USER_TOKEN guest_token = { 1, - &builtin_guest + &guest_sid }; /********************************************************************************** Check if this ACE has a SID in common with the token. + The SID "Everyone" always matches. **********************************************************************************/ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) @@ -51,9 +63,10 @@ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->sid, &token->user_sids[i])) { + if (sid_equal(&ace->sid, &everyone_sid)) + return True; + if (sid_equal(&ace->sid, &token->user_sids[i])) return True; - } } return False; |