diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-01-27 07:57:27 +1300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-03-20 10:03:37 +0100 |
commit | 26b79d2749b49b4b2e9d517e34aaa750ac552426 (patch) | |
tree | bb1ba95c0819c7503b77fc8de2a49aa1d059c1d1 | |
parent | 8712a2dc972fd336fa6d3c5f6fdc4901b01e8c41 (diff) | |
download | samba-26b79d2749b49b4b2e9d517e34aaa750ac552426.tar.gz |
CVE-2023-0614 libcli/security: Make some parameters const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Updated to add const to sec_access_check_ds()
instead of the sec_access_check_ds_implicit_owner() wrapper
found in 4.18 and later]
-rw-r--r-- | libcli/security/access_check.c | 10 | ||||
-rw-r--r-- | libcli/security/access_check.h | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index 322f4fdb0c6..6508b6f3fe3 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -394,7 +394,7 @@ NTSTATUS se_file_access_check(const struct security_descriptor *sd, return NT_STATUS_OK; } -static const struct GUID *get_ace_object_type(struct security_ace *ace) +static const struct GUID *get_ace_object_type(const struct security_ace *ace) { if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) { return &ace->object.object.type.type; @@ -412,7 +412,7 @@ static const struct GUID *get_ace_object_type(struct security_ace *ace) * rights to the object/attribute * @returns NT_STATUS_OK, unless access was denied */ -static NTSTATUS check_object_specific_access(struct security_ace *ace, +static NTSTATUS check_object_specific_access(const struct security_ace *ace, struct object_tree *tree, bool *grant_access) { @@ -505,7 +505,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, uint32_t access_desired, uint32_t *access_granted, struct object_tree *tree, - struct dom_sid *replace_sid) + const struct dom_sid *replace_sid) { uint32_t i; uint32_t bits_remaining; @@ -556,8 +556,8 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, /* check each ace in turn. */ for (i=0; bits_remaining && i < sd->dacl->num_aces; i++) { - struct dom_sid *trustee; - struct security_ace *ace = &sd->dacl->aces[i]; + const struct dom_sid *trustee; + const struct security_ace *ace = &sd->dacl->aces[i]; NTSTATUS status; bool grant_access = false; diff --git a/libcli/security/access_check.h b/libcli/security/access_check.h index 952589dacb7..04ea2127b61 100644 --- a/libcli/security/access_check.h +++ b/libcli/security/access_check.h @@ -74,7 +74,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, uint32_t access_desired, uint32_t *access_granted, struct object_tree *tree, - struct dom_sid *replace_sid); + const struct dom_sid *replace_sid); bool insert_in_object_tree(TALLOC_CTX *mem_ctx, const struct GUID *guid, |