diff options
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/util_seaccess.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index f10c84c276..ec1b56ae86 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -30,7 +30,7 @@ extern int DEBUGLEVEL; Check if this ACE has a SID in common with the token. **********************************************************************************/ -static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) +static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) { size_t i; @@ -204,7 +204,7 @@ void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) "Access-Checking" document in MSDN. *****************************************************************************/ -BOOL se_access_check(SEC_DESC *sd, struct current_user *user, +BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, uint32 acc_desired, uint32 *acc_granted, NTSTATUS *status) { @@ -212,17 +212,20 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, size_t i; SEC_ACL *the_acl; fstring sid_str; - NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token; uint32 tmp_acc_desired = acc_desired; if (!status || !acc_granted) return False; + if (!token) + token = &anonymous_token; + *status = NT_STATUS_OK; *acc_granted = 0; - DEBUG(10,("se_access_check: requested access %x, for uid %u\n", - (unsigned int)acc_desired, (unsigned int)user->uid )); + DEBUG(10,("se_access_check: requested access %x, for NT token with %u entries and first sid %s.\n", + (unsigned int)acc_desired, (unsigned int)token->num_sids, + sid_to_string(sid_str, &token->user_sids[0]))); /* * No security descriptor or security descriptor with no DACL |