From 6ca874f71ad77c82d6e161a3e4772100de2ad6c5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 11 Dec 2004 05:41:19 +0000 Subject: r4147: converted from NT_USER_TOKEN to struct security_token this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a) --- source4/libcli/security/access_check.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source4/libcli/security/access_check.c') diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index 425a5c2b6d..c646ee693b 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -27,11 +27,12 @@ /* check if a sid is in the supplied token */ -static BOOL sid_active_in_token(struct dom_sid *sid, struct nt_user_token *token) +static BOOL sid_active_in_token(const struct dom_sid *sid, + const struct security_token *token) { int i; for (i=0;inum_sids;i++) { - if (dom_sid_equal(sid, token->user_sids[i])) { + if (dom_sid_equal(sid, token->sids[i])) { return True; } } @@ -42,16 +43,15 @@ static BOOL sid_active_in_token(struct dom_sid *sid, struct nt_user_token *token /* perform a SEC_FLAG_MAXIMUM_ALLOWED access check */ -static uint32_t access_check_max_allowed(struct security_descriptor *sd, - struct nt_user_token *token) +static uint32_t access_check_max_allowed(const struct security_descriptor *sd, + const struct security_token *token) { uint32_t denied = 0, granted = 0; unsigned i; if (sid_active_in_token(sd->owner_sid, token)) { - granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; } - granted |= SEC_STD_DELETE; for (i = 0;idacl->num_aces; i++) { struct security_ace *ace = &sd->dacl->aces[i]; @@ -77,8 +77,8 @@ static uint32_t access_check_max_allowed(struct security_descriptor *sd, /* the main entry point for access checking. */ -NTSTATUS sec_access_check(struct security_descriptor *sd, - struct nt_user_token *token, +NTSTATUS sec_access_check(const struct security_descriptor *sd, + const struct security_token *token, uint32_t access_desired, uint32_t *access_granted) { -- cgit