summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/util_seaccess.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index e9de51632d..351e93dc7a 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -26,11 +26,22 @@
extern int DEBUGLEVEL;
+/* Everyone = S-1-1-0 */
+
+static DOM_SID everyone_sid = {
+ 1, /* sid_rev_num */
+ 1, /* num_auths */
+ { 0, 0, 0, 0, 0, 1}, /* id_auth[6] */
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} /* sub_auth[15] */
+};
+
/*
* Guest token used when there is no NT_USER_TOKEN available.
*/
-static DOM_SID builtin_guest = {
+/* Guest = S-1-5-32-546 */
+
+static DOM_SID guest_sid = {
1, /* sid_rev_num */
2, /* num_auths */
{ 0, 0, 0, 0, 0, 5}, /* id_auth[6] */
@@ -39,11 +50,12 @@ static DOM_SID builtin_guest = {
static NT_USER_TOKEN guest_token = {
1,
- &builtin_guest
+ &guest_sid
};
/**********************************************************************************
Check if this ACE has a SID in common with the token.
+ The SID "Everyone" always matches.
**********************************************************************************/
static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace)
@@ -51,9 +63,10 @@ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace)
size_t i;
for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&ace->sid, &token->user_sids[i])) {
+ if (sid_equal(&ace->sid, &everyone_sid))
+ return True;
+ if (sid_equal(&ace->sid, &token->user_sids[i]))
return True;
- }
}
return False;