2025-01-13 13:18:06 +03:00 · 0001-01-01 00:00:00 +00:00 · 0001-01-01 00:00:00 +00:00 · b3a1038ac1
commit b3a1038ac1
parent 5a4a7cd472
1 changed files with 17 additions and 4 deletions
--- a/source/lib/util_seaccess.c
+++ b/source/lib/util_seaccess.c
@ -26,11 +26,22 @@

 extern int DEBUGLEVEL;

+/* Everyone = S-1-1-0 */
+
+static DOM_SID everyone_sid = {
+	1, /* sid_rev_num */
+	1, /* num_auths */
+	{ 0, 0, 0, 0, 0, 1}, /* id_auth[6] */
+	{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} /* sub_auth[15] */
+};
+
 /*
 * Guest token used when there is no NT_USER_TOKEN available.
 */

-static DOM_SID builtin_guest = {
+/* Guest = S-1-5-32-546 */
+
+static DOM_SID guest_sid = {
 	1, /* sid_rev_num */
 	2, /* num_auths */
 	{ 0, 0, 0, 0, 0, 5}, /* id_auth[6] */
@ -39,11 +50,12 @@ static DOM_SID builtin_guest = {

 static NT_USER_TOKEN guest_token = {
 	1,
-	&builtin_guest
+	&guest_sid
 };

 /**********************************************************************************
 Check if this ACE has a SID in common with the token.
+ The SID "Everyone" always matches.
 **********************************************************************************/

 static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace)
@ -51,9 +63,10 @@ static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace)
 	size_t i;

 	for (i = 0; i < token->num_sids; i++) {
-		if (sid_equal(&ace->sid, &token->user_sids[i])) {
+		if (sid_equal(&ace->sid, &everyone_sid))
+			return True;
+		if (sid_equal(&ace->sid, &token->user_sids[i]))
 			return True;
-		}
 	}

 	return False;