From 152ea280f1982831c31071eec5c5a17f072073b0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 17 Jul 2006 08:05:02 +0000 Subject: r17082: Add a test that walks and tests denying tconX access via the share security descriptor. This is something that W2k3 does _not_ pass and probably is not expected to, it seems the don't check access at tconX time. Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the length of the sd can be encoded in idl. As metze says, there's probably more to the share secdesc, this needs more testing. This one is here to walk the samba3 code. Volker (This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5) --- source4/libcli/security/dom_sid.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'source4/libcli/security') diff --git a/source4/libcli/security/dom_sid.c b/source4/libcli/security/dom_sid.c index 951c0f5956..54242eb515 100644 --- a/source4/libcli/security/dom_sid.c +++ b/source4/libcli/security/dom_sid.c @@ -215,6 +215,24 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, return sid; } +/* + Split up a SID into its domain and RID part +*/ +NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, + struct dom_sid **domain, uint32_t *rid) +{ + if (sid->num_auths == 0) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!(*domain = dom_sid_dup(mem_ctx, sid))) { + return NT_STATUS_NO_MEMORY; + } + + (*domain)->num_auths -= 1; + *rid = (*domain)->sub_auths[(*domain)->num_auths]; + return NT_STATUS_OK; +} /* return True if the 2nd sid is in the domain given by the first sid -- cgit