/*
- Unix SMB/Netbios implementation.
- Version 2.0
+ Unix SMB/CIFS implementation.
Copyright (C) Luke Kenneth Casson Leighton 1996-2000.
Copyright (C) Tim Potter 2000.
Copyright (C) Re-written by Jeremy Allison 2000.
#include "nterr.h"
#include "sids.h"
-extern int DEBUGLEVEL;
-
/**********************************************************************************
Check if this ACE has a SID in common with the token.
**********************************************************************************/
-static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace)
+static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
{
size_t i;
for (i = 0; i < token->num_sids; i++) {
- if (sid_equal(&ace->sid, &token->user_sids[i]))
+ if (sid_equal(&ace->trustee, &token->user_sids[i]))
return True;
}
"Access-Checking" document in MSDN.
*****************************************************************************/
-BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
+BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
uint32 acc_desired, uint32 *acc_granted,
NTSTATUS *status)
{
size_t i;
SEC_ACL *the_acl;
fstring sid_str;
- NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token;
uint32 tmp_acc_desired = acc_desired;
if (!status || !acc_granted)
return False;
+ if (!token)
+ token = &anonymous_token;
+
*status = NT_STATUS_OK;
*acc_granted = 0;
- DEBUG(10,("se_access_check: requested access %x, for uid %u\n",
- (unsigned int)acc_desired, (unsigned int)user->uid ));
+ DEBUG(10,("se_access_check: requested access 0x%08x, for NT token with %u entries and first sid %s.\n",
+ (unsigned int)acc_desired, (unsigned int)token->num_sids,
+ sid_to_string(sid_str, &token->user_sids[0])));
/*
* No security descriptor or security descriptor with no DACL
/* The user sid is the first in the token */
- DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[0]) ));
+ DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &token->user_sids[PRIMARY_USER_SID_INDEX]) ));
for (i = 1; i < token->num_sids; i++) {
DEBUG(3, ("se_access_check: also %s\n",
DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
(unsigned int)i, ace->type, ace->flags,
- sid_to_string(sid_str, &ace->sid),
+ sid_to_string(sid_str, &ace->trustee),
(unsigned int) ace->info.mask,
(unsigned int)tmp_acc_desired ));
continue;
init_sec_access(&new_ace->info, ace->info.mask);
- init_sec_ace(new_ace, &ace->sid, ace->type,
+ init_sec_ace(new_ace, &ace->trustee, ace->type,
new_ace->info, new_flags);
- sid_to_string(sid_str, &ace->sid);
+ sid_to_string(sid_str, &ace->trustee);
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n", sid_str,