From a879a4610dac03b814ad40800f408416d250c6be Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 18 Sep 2010 12:55:31 +1000 Subject: libcli/auth Merge source4/libcli/security and util_sid.c into the common code This should ensure we only have one copy of these core functions in the tree. Andrew Bartlett Signed-off-by: Andrew Tridgell --- libcli/security/access_check.h | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'libcli/security/access_check.h') diff --git a/libcli/security/access_check.h b/libcli/security/access_check.h index 548e5a1437..700f981879 100644 --- a/libcli/security/access_check.h +++ b/libcli/security/access_check.h @@ -21,7 +21,7 @@ along with this program. If not, see . */ -#include "libcli/security/security_token.h" +#include "librpc/gen_ndr/security.h" /* Map generic access rights to object specific rights. This technique is used to give meaning to assigning read, write, execute and all access to @@ -51,3 +51,28 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, const struct security_token *token, uint32_t access_desired, uint32_t *access_granted); + +/* modified access check for the purposes of DS security + * Lots of code duplication, it will ve united in just one + * function eventually */ + +NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, + const struct security_token *token, + uint32_t access_desired, + uint32_t *access_granted, + struct object_tree *tree, + struct dom_sid *replace_sid); + +bool insert_in_object_tree(TALLOC_CTX *mem_ctx, + const struct GUID *guid, + uint32_t init_access, + struct object_tree **root, + struct object_tree **new_node); + +/* search by GUID */ +struct object_tree *get_object_tree_by_GUID(struct object_tree *root, + const struct GUID *guid); + +/* Change the granted access per each ACE */ +void object_tree_modify_access(struct object_tree *root, + uint32_t access); -- cgit