s4:torture/vfs/fruit: enable AAPL extensions in a bunch of tests

[samba.git] / libgpo / gpo_sec.c

diff --git a/libgpo/gpo_sec.c b/libgpo/gpo_sec.c
index 6b5e77f20a63dac63cc9cb461fe680856f703c57..98ee8eb3cc9c307d78298709b44cca41e9c2474f 100644 (file)
--- a/libgpo/gpo_sec.c
+++ b/libgpo/gpo_sec.c
@@ -18,14 +18,10 @@
  */
 
 #include "includes.h"
-#include "libcli/security/dom_sid.h"
+#include "libcli/security/security.h"
 #include "../libgpo/gpo.h"
-#if _SAMBA_BUILD_ == 4
-#include "libgpo/ads_convenience.h"
-#include "librpc/gen_ndr/security.h"
-#include "librpc/gen_ndr/ndr_misc.h"
-#include "../libcli/security/secace.h"
-#endif
+#include "auth.h"
+#include "../librpc/ndr/libndr.h"
 
 /****************************************************************
 ****************************************************************/
@@ -51,11 +47,15 @@ static bool gpo_sd_check_agp_object_guid(const struct security_ace_object *objec
                                       &ext_right_apg_guid)) {
                                return true;
                        }
+
+                       FALL_THROUGH;
                case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
                        if (GUID_equal(&object->inherited_type.inherited_type,
                                       &ext_right_apg_guid)) {
                                return true;
                        }
+
+                       FALL_THROUGH;
                default:
                        break;
        }
@@ -101,13 +101,13 @@ static bool gpo_sd_check_read_access_bits(uint32_t access_mask)
 ****************************************************************/
 
 static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
-                                              const NT_USER_TOKEN *token)
+                                              const struct security_token *token)
 {
        char *sid_str;
 
        if (gpo_sd_check_agp_object(ace) &&
            gpo_sd_check_agp_access_bits(ace->access_mask) &&
-           nt_token_check_sid(&ace->trustee, token)) {
+           security_token_has_sid(token, &ace->trustee)) {
                sid_str = dom_sid_string(NULL, &ace->trustee);
                DEBUG(10,("gpo_sd_check_ace_denied_object: "
                        "Access denied as of ace for %s\n",
@@ -123,13 +123,13 @@ static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
 ****************************************************************/
 
 static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
-                                               const NT_USER_TOKEN *token)
+                                               const struct security_token *token)
 {
        char *sid_str;
 
        if (gpo_sd_check_agp_object(ace) &&
            gpo_sd_check_agp_access_bits(ace->access_mask) &&
-           nt_token_check_sid(&ace->trustee, token)) {
+           security_token_has_sid(token, &ace->trustee)) {
                sid_str = dom_sid_string(NULL, &ace->trustee);
                DEBUG(10,("gpo_sd_check_ace_allowed_object: "
                        "Access granted as of ace for %s\n",
@@ -146,7 +146,7 @@ static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
 ****************************************************************/
 
 static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
-                                const NT_USER_TOKEN *token)
+                                const struct security_token *token)
 {
        switch (ace->type) {
                case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
@@ -162,7 +162,7 @@ static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
 ****************************************************************/
 
 NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
-                                     const NT_USER_TOKEN *token)
+                                     const struct security_token *token)
 {
        struct security_descriptor *sd = gpo->security_descriptor;
        struct security_acl *dacl = NULL;