libcli/security Use static SIDs rather than parsing from strings

author Andrew Bartlett <abartlet@samba.org>

Mon, 20 Sep 2010 21:14:38 +0000 (07:14 +1000)

committer Andrew Tridgell <tridge@samba.org>

Thu, 14 Oct 2010 02:35:05 +0000 (02:35 +0000)
author Andrew Bartlett <abartlet@samba.org>
Mon, 20 Sep 2010 21:14:38 +0000 (07:14 +1000)
committer Andrew Tridgell <tridge@samba.org>
Thu, 14 Oct 2010 02:35:05 +0000 (02:35 +0000)
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h

index 8c60f761e44dc901b4dcf9e3d5485f5c9d48a284..3d1161fdc73b691143deec1de2550c994ad999e2 100644 (file)
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -30,6 +30,7 @@ extern const struct dom_sid global_sid_World_Domain;
  extern const struct dom_sid global_sid_World;
  extern const struct dom_sid global_sid_Creator_Owner_Domain;
  extern const struct dom_sid global_sid_NT_Authority;
+extern const struct dom_sid global_sid_Enterprise_DCs;
  extern const struct dom_sid global_sid_System;
  extern const struct dom_sid global_sid_NULL;
  extern const struct dom_sid global_sid_Authenticated_Users;
diff --git a/libcli/security/security_token.c b/libcli/security/security_token.c

index 03dc528b93db9b50a79b83f57ade45e112e6cd43..40f13820eecd6c41e6f0f4d0a6db87583069ce4a 100644 (file)
--- a/libcli/security/security_token.c
+++ b/libcli/security/security_token.c
@@ -95,12 +95,12 @@ bool security_token_is_sid_string(const struct security_token *token, const char
  
  bool security_token_is_system(const struct security_token *token)
  {
-       return security_token_is_sid_string(token, SID_NT_SYSTEM);
+       return security_token_is_sid(token, &global_sid_System);
  }
  
  bool security_token_is_anonymous(const struct security_token *token)
  {
-       return security_token_is_sid_string(token, SID_NT_ANONYMOUS);
+       return security_token_is_sid(token, &global_sid_Anonymous);
  }
  
  bool security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
@@ -128,15 +128,15 @@ bool security_token_has_sid_string(const struct security_token *token, const cha
  
  bool security_token_has_builtin_administrators(const struct security_token *token)
  {
-       return security_token_has_sid_string(token, SID_BUILTIN_ADMINISTRATORS);
+       return security_token_has_sid(token, &global_sid_Builtin_Administrators);
  }
  
  bool security_token_has_nt_authenticated_users(const struct security_token *token)
  {
-       return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS);
+       return security_token_has_sid(token, &global_sid_Authenticated_Users);
  }
  
  bool security_token_has_enterprise_dcs(const struct security_token *token)
  {
-       return security_token_has_sid_string(token, SID_NT_ENTERPRISE_DCS);
+       return security_token_has_sid(token, &global_sid_Enterprise_DCs);
  }
diff --git a/source4/rpc_server/srvsvc/dcesrv_srvsvc.c b/source4/rpc_server/srvsvc/dcesrv_srvsvc.c

index cf3651780dd31b67de5beb633c5c4821c76f5077..41d89a9f56638886a7df11763a98acc8fbcb53bc 100644 (file)
--- a/source4/rpc_server/srvsvc/dcesrv_srvsvc.c
+++ b/source4/rpc_server/srvsvc/dcesrv_srvsvc.c
@@ -33,7 +33,7 @@
  #define SRVSVC_CHECK_ADMIN_ACCESS do { \
         struct security_token *t = dce_call->conn->auth_state.session_info->security_token; \
         if (!security_token_has_builtin_administrators(t) && \
-           !security_token_has_sid_string(t, SID_BUILTIN_SERVER_OPERATORS)) { \
+           !security_token_has_sid(t, &global_sid_Builtin_Server_Operators)) { \
                 return WERR_ACCESS_DENIED; \
         } \
  } while (0)
author	Andrew Bartlett <abartlet@samba.org>
	Mon, 20 Sep 2010 21:14:38 +0000 (07:14 +1000)
committer	Andrew Tridgell <tridge@samba.org>
	Thu, 14 Oct 2010 02:35:05 +0000 (02:35 +0000)
libcli/security/dom_sid.h		patch \| blob \| history
libcli/security/security_token.c		patch \| blob \| history
source4/rpc_server/srvsvc/dcesrv_srvsvc.c		patch \| blob \| history