diff options
| author | Stefan Metzmacher <metze@samba.org> | 2013-01-16 09:49:20 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2013-01-21 16:12:45 +0100 |
| commit | a359aef0837781c42bf9dbcdd069796c72cc94c7 (patch) | |
| tree | 16f95734f8c6461c5d6d6fa15401a4de73424f58 /libcli/security | |
| parent | a3fffde368fa0c6594f7fd5309e0b20d3fa7c68e (diff) | |
| download | samba-a359aef0837781c42bf9dbcdd069796c72cc94c7.tar.gz | |
libcli/security: avoid usage of dom_sid_parse_talloc() in sec_access_check_ds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli/security')
| -rw-r--r-- | libcli/security/access_check.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index 83b7f9bd6cb..f0a7b665c75 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -389,7 +389,9 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, uint32_t bits_remaining; struct object_tree *node; const struct GUID *type; - struct dom_sid *ps_sid = dom_sid_parse_talloc(NULL, SID_NT_SELF); + struct dom_sid self_sid; + + dom_sid_parse(SID_NT_SELF, &self_sid); *access_granted = access_desired; bits_remaining = access_desired; @@ -406,7 +408,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; } else { - talloc_free(ps_sid); return NT_STATUS_PRIVILEGE_NOT_HELD; } } @@ -430,7 +431,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, /* a NULL dacl allows access */ if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { *access_granted = access_desired; - talloc_free(ps_sid); return NT_STATUS_OK; } @@ -447,7 +447,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, continue; } - if (dom_sid_equal(&ace->trustee, ps_sid) && replace_sid) { + if (dom_sid_equal(&ace->trustee, &self_sid) && replace_sid) { trustee = replace_sid; } else { trustee = &ace->trustee; @@ -467,7 +467,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, break; case SEC_ACE_TYPE_ACCESS_DENIED: if (bits_remaining & ace->access_mask) { - talloc_free(ps_sid); return NT_STATUS_ACCESS_DENIED; } break; @@ -495,12 +494,10 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) { object_tree_modify_access(node, ace->access_mask); if (node->remaining_access == 0) { - talloc_free(ps_sid); return NT_STATUS_OK; } } else { if (node->remaining_access & ace->access_mask){ - talloc_free(ps_sid); return NT_STATUS_ACCESS_DENIED; } } @@ -511,7 +508,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, } done: - talloc_free(ps_sid); if (bits_remaining != 0) { return NT_STATUS_ACCESS_DENIED; } |