summaryrefslogtreecommitdiff
path: root/libcli/security
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2013-01-16 09:49:20 +0100
committerStefan Metzmacher <metze@samba.org>2013-01-21 16:12:45 +0100
commita359aef0837781c42bf9dbcdd069796c72cc94c7 (patch)
tree16f95734f8c6461c5d6d6fa15401a4de73424f58 /libcli/security
parenta3fffde368fa0c6594f7fd5309e0b20d3fa7c68e (diff)
downloadsamba-a359aef0837781c42bf9dbcdd069796c72cc94c7.tar.gz
libcli/security: avoid usage of dom_sid_parse_talloc() in sec_access_check_ds()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli/security')
-rw-r--r--libcli/security/access_check.c12
1 files changed, 4 insertions, 8 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 83b7f9bd6cb..f0a7b665c75 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -389,7 +389,9 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
uint32_t bits_remaining;
struct object_tree *node;
const struct GUID *type;
- struct dom_sid *ps_sid = dom_sid_parse_talloc(NULL, SID_NT_SELF);
+ struct dom_sid self_sid;
+
+ dom_sid_parse(SID_NT_SELF, &self_sid);
*access_granted = access_desired;
bits_remaining = access_desired;
@@ -406,7 +408,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
} else {
- talloc_free(ps_sid);
return NT_STATUS_PRIVILEGE_NOT_HELD;
}
}
@@ -430,7 +431,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
*access_granted = access_desired;
- talloc_free(ps_sid);
return NT_STATUS_OK;
}
@@ -447,7 +447,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
continue;
}
- if (dom_sid_equal(&ace->trustee, ps_sid) && replace_sid) {
+ if (dom_sid_equal(&ace->trustee, &self_sid) && replace_sid) {
trustee = replace_sid;
} else {
trustee = &ace->trustee;
@@ -467,7 +467,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
break;
case SEC_ACE_TYPE_ACCESS_DENIED:
if (bits_remaining & ace->access_mask) {
- talloc_free(ps_sid);
return NT_STATUS_ACCESS_DENIED;
}
break;
@@ -495,12 +494,10 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
object_tree_modify_access(node, ace->access_mask);
if (node->remaining_access == 0) {
- talloc_free(ps_sid);
return NT_STATUS_OK;
}
} else {
if (node->remaining_access & ace->access_mask){
- talloc_free(ps_sid);
return NT_STATUS_ACCESS_DENIED;
}
}
@@ -511,7 +508,6 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
}
done:
- talloc_free(ps_sid);
if (bits_remaining != 0) {
return NT_STATUS_ACCESS_DENIED;
}