summaryrefslogtreecommitdiff
path: root/libcli
diff options
context:
space:
mode:
authorRalph Boehme <slow@samba.org>2014-10-14 13:54:05 +0200
committerJeremy Allison <jra@samba.org>2014-12-04 22:11:08 +0100
commit2ab6b43da63715350db8675bd3804e64f4241bca (patch)
tree08a91de64345110ae75aabcc3a167f2feb461190 /libcli
parent549ee51674a3a50f866bcf37b3ae58f5e8a9080e (diff)
downloadsamba-2ab6b43da63715350db8675bd3804e64f4241bca.tar.gz
libcli/security: add a function that checks for MS NFS ACEs
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r--libcli/security/security_descriptor.c22
-rw-r--r--libcli/security/security_descriptor.h2
2 files changed, 24 insertions, 0 deletions
diff --git a/libcli/security/security_descriptor.c b/libcli/security/security_descriptor.c
index 8304b208528..a75942c0770 100644
--- a/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
@@ -595,3 +595,25 @@ struct security_ace *security_ace_create(TALLOC_CTX *mem_ctx,
return ace;
}
+
+/*******************************************************************
+ Check for MS NFS ACEs in a sd
+*******************************************************************/
+bool security_descriptor_with_ms_nfs(const struct security_descriptor *psd)
+{
+ int i;
+
+ if (psd->dacl == NULL) {
+ return false;
+ }
+
+ for (i = 0; i < psd->dacl->num_aces; i++) {
+ if (dom_sid_compare_domain(
+ &global_sid_Unix_NFS,
+ &psd->dacl->aces[i].trustee) == 0) {
+ return true;
+ }
+ }
+
+ return false;
+}
diff --git a/libcli/security/security_descriptor.h b/libcli/security/security_descriptor.h
index 1c7f893ead8..87643bc945a 100644
--- a/libcli/security/security_descriptor.h
+++ b/libcli/security/security_descriptor.h
@@ -81,4 +81,6 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx,
struct dom_sid *default_group, /* valid only for DS, NULL for the other RSs */
uint32_t (*generic_map)(uint32_t access_mask));
+bool security_descriptor_with_ms_nfs(const struct security_descriptor *psd);
+
#endif /* __SECURITY_DESCRIPTOR_H__ */