The two routines are identical, so there is no need to keep both.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
lib/fncall.o \
libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
lib/file_id.o lib/idmap_cache.o \
- ../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o
+ ../libcli/security/dom_sid.o ../libcli/security/security_descriptor.o \
+ ../libcli/security/security_token.o
LIB_DUMMY_OBJ = lib/dummysmbd.o lib/dummyroot.o
LIB_NONSMBD_OBJ = $(LIB_OBJ) $(LIB_DUMMY_OBJ)
bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
uint32 rid, uint32 **pp_rids, size_t *p_num);
bool is_null_sid(const struct dom_sid *sid);
-bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid);
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
struct dom_sid **user_sids,
uint32_t denied = 0, granted = 0;
unsigned i;
- if (is_sid_in_token(token, sd->owner_sid)) {
+ if (security_token_has_sid(token, sd->owner_sid)) {
granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
} else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
granted |= SEC_STD_DELETE;
continue;
}
- if (!is_sid_in_token(token, &ace->trustee)) {
+ if (!security_token_has_sid(token, &ace->trustee)) {
continue;
}
/* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
- is_sid_in_token(token, sd->owner_sid)) {
+ security_token_has_sid(token, sd->owner_sid)) {
bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
}
if ((bits_remaining & SEC_STD_DELETE) &&
continue;
}
- if (!is_sid_in_token(token, &ace->trustee)) {
+ if (!security_token_has_sid(token, &ace->trustee)) {
continue;
}
return dom_sid_equal(sid, &null_sid);
}
-bool is_sid_in_token(const struct security_token *token, const struct dom_sid *sid)
-{
- int i;
-
- for (i=0; i<token->num_sids; i++) {
- if (dom_sid_compare(sid, &token->sids[i]) == 0)
- return true;
- }
- return false;
-}
-
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
struct dom_sid **user_sids,
/* Full Access for 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
- if (is_sid_in_token(nt_token, &global_sid_Builtin_Administrators) ||
- is_sid_in_token(nt_token, &global_sid_Builtin_Account_Operators)) {
+ if (security_token_has_sid(nt_token, &global_sid_Builtin_Administrators) ||
+ security_token_has_sid(nt_token, &global_sid_Builtin_Account_Operators)) {
*pacc_requested |= GENERIC_ALL_ACCESS;
return;
}
struct dom_sid domadmin_sid;
sid_compose(&domadmin_sid, get_global_sam_sid(),
DOMAIN_RID_ADMINS);
- if (is_sid_in_token(nt_token, &domadmin_sid)) {
+ if (security_token_has_sid(nt_token, &domadmin_sid)) {
*pacc_requested |= GENERIC_ALL_ACCESS;
return;
}
static void add_sid_to_token(struct security_token *token, struct dom_sid *sid)
{
- if (is_sid_in_token(token, sid))
+ if (security_token_has_sid(token, sid))
return;
token->sids = SMB_REALLOC_ARRAY(token->sids, struct dom_sid, token->num_sids+1);