mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
r14894: - add some 'const'
- remove sid_active_in_token() was the same as security_token_has_sid()
- rename some functions
metze
(This used to be commit 81390dcda5
)
This commit is contained in:
parent
5559f5e3e5
commit
1ac990ddcf
@ -63,7 +63,7 @@ static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx,
|
||||
priv_str));
|
||||
continue;
|
||||
}
|
||||
sec_privilege_set(token, privilege);
|
||||
security_token_set_privilege(token, privilege);
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
|
@ -24,22 +24,6 @@
|
||||
#include "libcli/security/security.h"
|
||||
|
||||
|
||||
/*
|
||||
check if a sid is in the supplied token
|
||||
*/
|
||||
static BOOL sid_active_in_token(const struct dom_sid *sid,
|
||||
const struct security_token *token)
|
||||
{
|
||||
int i;
|
||||
for (i=0;i<token->num_sids;i++) {
|
||||
if (dom_sid_equal(sid, token->sids[i])) {
|
||||
return True;
|
||||
}
|
||||
}
|
||||
return False;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
perform a SEC_FLAG_MAXIMUM_ALLOWED access check
|
||||
*/
|
||||
@ -49,9 +33,9 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
|
||||
uint32_t denied = 0, granted = 0;
|
||||
unsigned i;
|
||||
|
||||
if (sid_active_in_token(sd->owner_sid, token)) {
|
||||
if (security_token_has_sid(token, sd->owner_sid)) {
|
||||
granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
|
||||
} else if (sec_privilege_check(token, SEC_PRIV_RESTORE)) {
|
||||
} else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
|
||||
granted |= SEC_STD_DELETE;
|
||||
}
|
||||
|
||||
@ -62,7 +46,7 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!sid_active_in_token(&ace->trustee, token)) {
|
||||
if (!security_token_has_sid(token, &ace->trustee)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -105,7 +89,7 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
|
||||
}
|
||||
|
||||
if (access_desired & SEC_FLAG_SYSTEM_SECURITY) {
|
||||
if (sec_privilege_check(token, SEC_PRIV_SECURITY)) {
|
||||
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
|
||||
bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
|
||||
} else {
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
@ -125,11 +109,11 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
|
||||
|
||||
/* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
|
||||
if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
|
||||
sid_active_in_token(sd->owner_sid, token)) {
|
||||
security_token_has_sid(token, sd->owner_sid)) {
|
||||
bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
|
||||
}
|
||||
if ((bits_remaining & SEC_STD_DELETE) &&
|
||||
sec_privilege_check(token, SEC_PRIV_RESTORE)) {
|
||||
security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
|
||||
bits_remaining &= ~SEC_STD_DELETE;
|
||||
}
|
||||
|
||||
@ -141,7 +125,7 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!sid_active_in_token(&ace->trustee, token)) {
|
||||
if (!security_token_has_sid(token, &ace->trustee)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -194,7 +194,7 @@ static uint64_t sec_privilege_mask(enum sec_privilege privilege)
|
||||
/*
|
||||
return True if a security_token has a particular privilege bit set
|
||||
*/
|
||||
BOOL sec_privilege_check(const struct security_token *token, enum sec_privilege privilege)
|
||||
BOOL security_token_has_privilege(const struct security_token *token, enum sec_privilege privilege)
|
||||
{
|
||||
uint64_t mask;
|
||||
|
||||
@ -212,7 +212,7 @@ BOOL sec_privilege_check(const struct security_token *token, enum sec_privilege
|
||||
/*
|
||||
set a bit in the privilege mask
|
||||
*/
|
||||
void sec_privilege_set(struct security_token *token, enum sec_privilege privilege)
|
||||
void security_token_set_privilege(struct security_token *token, enum sec_privilege privilege)
|
||||
{
|
||||
if (privilege < 1 || privilege > 64) {
|
||||
return;
|
||||
@ -220,7 +220,7 @@ void sec_privilege_set(struct security_token *token, enum sec_privilege privileg
|
||||
token->privilege_mask |= sec_privilege_mask(privilege);
|
||||
}
|
||||
|
||||
void sec_privilege_debug(int dbg_lev, const struct security_token *token)
|
||||
void security_token_debug_privileges(int dbg_lev, const struct security_token *token)
|
||||
{
|
||||
DEBUGADD(dbg_lev, (" Privileges (0x%16llX):\n",
|
||||
(unsigned long long) token->privilege_mask));
|
||||
|
@ -148,14 +148,14 @@ void security_token_debug(int dbg_lev, const struct security_token *token)
|
||||
dom_sid_string(mem_ctx, token->sids[i])));
|
||||
}
|
||||
|
||||
sec_privilege_debug(dbg_lev, token);
|
||||
security_token_debug_privileges(dbg_lev, token);
|
||||
|
||||
talloc_free(mem_ctx);
|
||||
}
|
||||
|
||||
/* These really should be cheaper... */
|
||||
|
||||
BOOL security_token_is_sid(struct security_token *token, const struct dom_sid *sid)
|
||||
BOOL security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
|
||||
{
|
||||
if (dom_sid_equal(token->user_sid, sid)) {
|
||||
return True;
|
||||
@ -163,10 +163,10 @@ BOOL security_token_is_sid(struct security_token *token, const struct dom_sid *s
|
||||
return False;
|
||||
}
|
||||
|
||||
BOOL security_token_is_sid_string(struct security_token *token, const char *sid_string)
|
||||
BOOL security_token_is_sid_string(const struct security_token *token, const char *sid_string)
|
||||
{
|
||||
BOOL ret;
|
||||
struct dom_sid *sid = dom_sid_parse_talloc(token, sid_string);
|
||||
struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
|
||||
if (!sid) return False;
|
||||
|
||||
ret = security_token_is_sid(token, sid);
|
||||
@ -175,17 +175,17 @@ BOOL security_token_is_sid_string(struct security_token *token, const char *sid_
|
||||
return ret;
|
||||
}
|
||||
|
||||
BOOL security_token_is_system(struct security_token *token)
|
||||
BOOL security_token_is_system(const struct security_token *token)
|
||||
{
|
||||
return security_token_is_sid_string(token, SID_NT_SYSTEM);
|
||||
}
|
||||
|
||||
BOOL security_token_is_anonymous(struct security_token *token)
|
||||
BOOL security_token_is_anonymous(const struct security_token *token)
|
||||
{
|
||||
return security_token_is_sid_string(token, SID_NT_ANONYMOUS);
|
||||
}
|
||||
|
||||
BOOL security_token_has_sid(struct security_token *token, struct dom_sid *sid)
|
||||
BOOL security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < token->num_sids; i++) {
|
||||
@ -196,10 +196,10 @@ BOOL security_token_has_sid(struct security_token *token, struct dom_sid *sid)
|
||||
return False;
|
||||
}
|
||||
|
||||
BOOL security_token_has_sid_string(struct security_token *token, const char *sid_string)
|
||||
BOOL security_token_has_sid_string(const struct security_token *token, const char *sid_string)
|
||||
{
|
||||
BOOL ret;
|
||||
struct dom_sid *sid = dom_sid_parse_talloc(token, sid_string);
|
||||
struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
|
||||
if (!sid) return False;
|
||||
|
||||
ret = security_token_has_sid(token, sid);
|
||||
@ -208,12 +208,12 @@ BOOL security_token_has_sid_string(struct security_token *token, const char *sid
|
||||
return ret;
|
||||
}
|
||||
|
||||
BOOL security_token_has_builtin_administrators(struct security_token *token)
|
||||
BOOL security_token_has_builtin_administrators(const struct security_token *token)
|
||||
{
|
||||
return security_token_has_sid_string(token, SID_BUILTIN_ADMINISTRATORS);
|
||||
}
|
||||
|
||||
BOOL security_token_has_nt_authenticated_users(struct security_token *token)
|
||||
BOOL security_token_has_nt_authenticated_users(const struct security_token *token)
|
||||
{
|
||||
return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user