From 5d35fe6f711985ac337da812bdbde006172bf256 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 20 Nov 2004 00:29:04 +0000 Subject: r3885: Add security descriptor comparison to our RPC-SAMSYNC test. We now verify that the security descriptor found in the SamSync is the same as what is available over SAMR. Unfortunately, the administrator seems unable to retrieve the SACL on the security descriptor, so I've added a new function to compare with a mask. Andrew Bartlett (This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f) --- source4/libcli/security/security_descriptor.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source4/libcli/security/security_descriptor.c') diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c index 5ed5ef5c76..a4056e5e71 100644 --- a/source4/libcli/security/security_descriptor.c +++ b/source4/libcli/security/security_descriptor.c @@ -224,3 +224,24 @@ BOOL security_descriptor_equal(const struct security_descriptor *sd1, return True; } + +/* + compare two security descriptors, but allow certain (missing) parts + to be masked out of the comparison +*/ +BOOL security_descriptor_mask_equal(const struct security_descriptor *sd1, + const struct security_descriptor *sd2, + uint32 mask) +{ + if (sd1 == sd2) return True; + if (!sd1 || !sd2) return False; + if (sd1->revision != sd2->revision) return False; + if ((sd1->type & mask) != (sd2->type & mask)) return False; + + if (!dom_sid_equal(sd1->owner_sid, sd2->owner_sid)) return False; + if (!dom_sid_equal(sd1->group_sid, sd2->group_sid)) return False; + if ((mask & SEC_DESC_DACL_PRESENT) && !security_acl_equal(sd1->dacl, sd2->dacl)) return False; + if ((mask & SEC_DESC_SACL_PRESENT) && !security_acl_equal(sd1->sacl, sd2->sacl)) return False; + + return True; +} -- cgit