libgpo: fix the build of gpext plugins.

[ira/wip.git] / libgpo / gpo_sec.c

diff --git a/libgpo/gpo_sec.c b/libgpo/gpo_sec.c
index 15bd2881d50b0dbf76846baf302ef9a87ce6c843..5547f1e0cb9433191aed9af64567dc9276d1693d 100644 (file)
--- a/libgpo/gpo_sec.c
+++ b/libgpo/gpo_sec.c
@@ -18,9 +18,14 @@
  */
 
 #include "includes.h"
+#include "libcli/security/dom_sid.h"
+#if _SAMBA_BUILD_ == 4
+#include "libgpo/ads_convenience.h"
 #include "librpc/gen_ndr/security.h"
 #include "librpc/gen_ndr/ndr_misc.h"
+#include "../libcli/security/secace.h"
 #include "../libgpo/gpo.h"
+#endif
 
 /****************************************************************
 ****************************************************************/
@@ -75,7 +80,11 @@ static bool gpo_sd_check_agp_object(const struct security_ace *ace)
 
 static bool gpo_sd_check_agp_access_bits(uint32_t access_mask)
 {
+#if _SAMBA_BUILD_ == 4
+       return (access_mask & SEC_ADS_CONTROL_ACCESS);
+#else
        return (access_mask & SEC_RIGHTS_EXTENDED);
+#endif
 }
 
 #if 0
@@ -96,14 +105,18 @@ static bool gpo_sd_check_read_access_bits(uint32_t access_mask)
 ****************************************************************/
 
 static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
-                                              const struct nt_user_token *token)
+                                              const NT_USER_TOKEN *token)
 {
+       char *sid_str;
+
        if (gpo_sd_check_agp_object(ace) &&
            gpo_sd_check_agp_access_bits(ace->access_mask) &&
            nt_token_check_sid(&ace->trustee, token)) {
+               sid_str = dom_sid_string(NULL, &ace->trustee);
                DEBUG(10,("gpo_sd_check_ace_denied_object: "
                        "Access denied as of ace for %s\n",
-                       sid_string_dbg(&ace->trustee)));
+                       sid_str));
+               talloc_free(sid_str);
                return NT_STATUS_ACCESS_DENIED;
        }
 
@@ -114,14 +127,19 @@ static NTSTATUS gpo_sd_check_ace_denied_object(const struct security_ace *ace,
 ****************************************************************/
 
 static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
-                                               const struct nt_user_token *token)
+                                               const NT_USER_TOKEN *token)
 {
+       char *sid_str;
+
        if (gpo_sd_check_agp_object(ace) &&
            gpo_sd_check_agp_access_bits(ace->access_mask) &&
            nt_token_check_sid(&ace->trustee, token)) {
+               sid_str = dom_sid_string(NULL, &ace->trustee);
                DEBUG(10,("gpo_sd_check_ace_allowed_object: "
                        "Access granted as of ace for %s\n",
-                       sid_string_dbg(&ace->trustee)));
+                       sid_str));
+               talloc_free(sid_str);
+
                return NT_STATUS_OK;
        }
 
@@ -132,7 +150,7 @@ static NTSTATUS gpo_sd_check_ace_allowed_object(const struct security_ace *ace,
 ****************************************************************/
 
 static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
-                                const struct nt_user_token *token)
+                                const NT_USER_TOKEN *token)
 {
        switch (ace->type) {
                case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
@@ -148,7 +166,7 @@ static NTSTATUS gpo_sd_check_ace(const struct security_ace *ace,
 ****************************************************************/
 
 NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
-                                     const struct nt_user_token *token)
+                                     const NT_USER_TOKEN *token)
 {
        struct security_descriptor *sd = gpo->security_descriptor;
        struct security_acl *dacl = NULL;