From 8344e945742ff343702b9667e26082c560014523 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 31 Oct 2008 10:51:45 -0700 Subject: Unify se_access_check with the S4 code. Will make calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy. --- source3/rpc_server/srv_eventlog_nt.c | 11 +++++------ source3/rpc_server/srv_lsa_nt.c | 6 ++++-- source3/rpc_server/srv_samr_nt.c | 4 +++- source3/rpc_server/srv_svcctl_nt.c | 6 +----- 4 files changed, 13 insertions(+), 14 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 0e2bcf4126..e56a2e9095 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -71,8 +71,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) { char *tdbname = elog_tdbname(talloc_tos(), info->logname ); SEC_DESC *sec_desc; - bool ret; - NTSTATUS ntstatus; + NTSTATUS status; if ( !tdbname ) return False; @@ -97,15 +96,15 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) /* run the check, try for the max allowed */ - ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, - &info->access_granted, &ntstatus ); + status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, + &info->access_granted); if ( sec_desc ) TALLOC_FREE( sec_desc ); - if ( !ret ) { + if (!NT_STATUS_IS_OK(status)) { DEBUG(8,("elog_check_access: se_access_check() return %s\n", - nt_errstr( ntstatus))); + nt_errstr(status))); return False; } diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 3addf91494..f4e891ca8c 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -381,7 +381,8 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) { + status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + if (!NT_STATUS_IS_OK(status)) { if (p->pipe_user.ut.uid != sec_initial_uid()) { return status; } @@ -431,7 +432,8 @@ NTSTATUS _lsa_OpenPolicy(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) { + status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + if (!NT_STATUS_IS_OK(status)) { if (p->pipe_user.ut.uid != sec_initial_uid()) { return status; } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 386e081d4a..97da3a4f3d 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -186,8 +186,10 @@ static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token, /* check the security descriptor first */ - if ( se_access_check(psd, token, des_access, acc_granted, &status) ) + status = se_access_check(psd, token, des_access, acc_granted); + if (NT_STATUS_IS_OK(status)) { goto done; + } /* give root a free pass */ diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index a7215ac686..cb6657400f 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -123,16 +123,12 @@ static struct service_control_op* find_service_by_name( const char *name ) static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, uint32 access_desired, uint32 *access_granted ) { - NTSTATUS result; - if ( geteuid() == sec_initial_uid() ) { DEBUG(5,("svcctl_access_check: using root's token\n")); token = get_root_nt_token(); } - se_access_check( sec_desc, token, access_desired, access_granted, &result ); - - return result; + return se_access_check( sec_desc, token, access_desired, access_granted); } /******************************************************************** -- cgit