From 0f4281b9b4a4056e9e087deb15e60ea482af7a74 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 26 Sep 2001 00:05:03 +0000 Subject: Added Elrond patch to make se_access_check use NT datastructures, not Samba. Jeremy. (This used to be commit bca6419447e926e51aeecf3e484228f640cecb84) --- source3/lib/util_seaccess.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'source3/lib/util_seaccess.c') diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index f10c84c276..ec1b56ae86 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -30,7 +30,7 @@ extern int DEBUGLEVEL; Check if this ACE has a SID in common with the token. **********************************************************************************/ -static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace) +static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace) { size_t i; @@ -204,7 +204,7 @@ void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping) "Access-Checking" document in MSDN. *****************************************************************************/ -BOOL se_access_check(SEC_DESC *sd, struct current_user *user, +BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token, uint32 acc_desired, uint32 *acc_granted, NTSTATUS *status) { @@ -212,17 +212,20 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, size_t i; SEC_ACL *the_acl; fstring sid_str; - NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token; uint32 tmp_acc_desired = acc_desired; if (!status || !acc_granted) return False; + if (!token) + token = &anonymous_token; + *status = NT_STATUS_OK; *acc_granted = 0; - DEBUG(10,("se_access_check: requested access %x, for uid %u\n", - (unsigned int)acc_desired, (unsigned int)user->uid )); + DEBUG(10,("se_access_check: requested access %x, for NT token with %u entries and first sid %s.\n", + (unsigned int)acc_desired, (unsigned int)token->num_sids, + sid_to_string(sid_str, &token->user_sids[0]))); /* * No security descriptor or security descriptor with no DACL -- cgit