libcli/security Provide a common, top level libcli/security/security.h

[sfrench/samba-autobuild/.git] / libgpo / gpo_sec.c

diff --git a/libgpo/gpo_sec.c b/libgpo/gpo_sec.c
index 5547f1e0cb9433191aed9af64567dc9276d1693d..e0304d464a53fe185e7b7436543efb19e7bb1dc6 100644 (file)
--- a/libgpo/gpo_sec.c
+++ b/libgpo/gpo_sec.c
@@ -18,13 +18,13 @@
  */
 
 #include "includes.h"
-#include "libcli/security/dom_sid.h"
+#include "libcli/security/security.h"
+#include "../libgpo/gpo.h"
 #if _SAMBA_BUILD_ == 4
 #include "libgpo/ads_convenience.h"
 #include "librpc/gen_ndr/security.h"
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "../libcli/security/secace.h"
-#include "../libgpo/gpo.h"
 #endif
 
 /****************************************************************
@@ -80,11 +80,7 @@ static bool gpo_sd_check_agp_object(const struct security_ace *ace)
 
 static bool gpo_sd_check_agp_access_bits(uint32_t access_mask)
 {
-#if _SAMBA_BUILD_ == 4
        return (access_mask & SEC_ADS_CONTROL_ACCESS);
-#else
-       return (access_mask & SEC_RIGHTS_EXTENDED);
-#endif
 }
 
 #if 0
@@ -105,7 +101,7 @@ static bool gpo_sd_check_read_access_bits(uint32_t access_mask)
 ****************************************************************/
 
 static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
-                                              const NT_USER_TOKEN *token)
+                                              const struct security_token *token)
 {
        char *sid_str;
 
@@ -127,7 +123,7 @@ static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
 ****************************************************************/
 
 static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
-                                               const NT_USER_TOKEN *token)
+                                               const struct security_token *token)
 {
        char *sid_str;
 
@@ -150,7 +146,7 @@ static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
 ****************************************************************/
 
 static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
-                                const NT_USER_TOKEN *token)
+                                const struct security_token *token)
 {
        switch (ace->type) {
                case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
@@ -166,7 +162,7 @@ static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
 ****************************************************************/
 
 NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
-                                     const NT_USER_TOKEN *token)
+                                     const struct security_token *token)
 {
        struct security_descriptor *sd = gpo->security_descriptor;
        struct security_acl *dacl = NULL;