diff options
author | Jeremy Allison <jra@samba.org> | 2008-10-31 10:51:05 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2008-11-18 10:06:46 +0100 |
commit | 494d194539f1c955dc99f85b80c0cd5ac84affc6 (patch) | |
tree | 3134c17fe106f860b340cebb8fa546d596e25b5b /source/rpc_server | |
parent | a75e727c8bd2bf881de263954a0f6d1f06e6f780 (diff) | |
download | samba-494d194539f1c955dc99f85b80c0cd5ac84affc6.tar.gz |
Unify se_access_check with the S4 code. Will make
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier
for files.
Jeremy.
(cherry picked from commit 82a25d224b63148c4f9d38ae477328b12a5a03a6)
Diffstat (limited to 'source/rpc_server')
-rw-r--r-- | source/rpc_server/srv_eventlog_nt.c | 11 | ||||
-rw-r--r-- | source/rpc_server/srv_lsa_nt.c | 6 | ||||
-rw-r--r-- | source/rpc_server/srv_samr_nt.c | 4 | ||||
-rw-r--r-- | source/rpc_server/srv_svcctl_nt.c | 6 |
4 files changed, 13 insertions, 14 deletions
diff --git a/source/rpc_server/srv_eventlog_nt.c b/source/rpc_server/srv_eventlog_nt.c index 0e2bcf41269..e56a2e90950 100644 --- a/source/rpc_server/srv_eventlog_nt.c +++ b/source/rpc_server/srv_eventlog_nt.c @@ -71,8 +71,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) { char *tdbname = elog_tdbname(talloc_tos(), info->logname ); SEC_DESC *sec_desc; - bool ret; - NTSTATUS ntstatus; + NTSTATUS status; if ( !tdbname ) return False; @@ -97,15 +96,15 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) /* run the check, try for the max allowed */ - ret = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, - &info->access_granted, &ntstatus ); + status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, + &info->access_granted); if ( sec_desc ) TALLOC_FREE( sec_desc ); - if ( !ret ) { + if (!NT_STATUS_IS_OK(status)) { DEBUG(8,("elog_check_access: se_access_check() return %s\n", - nt_errstr( ntstatus))); + nt_errstr(status))); return False; } diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index 77eecaf9f85..0176d16fbc2 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -379,7 +379,8 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) { + status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + if (!NT_STATUS_IS_OK(status)) { if (p->pipe_user.ut.uid != sec_initial_uid()) { return status; } @@ -429,7 +430,8 @@ NTSTATUS _lsa_OpenPolicy(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) { + status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + if (!NT_STATUS_IS_OK(status)) { if (p->pipe_user.ut.uid != sec_initial_uid()) { return status; } diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index ef40aa08da1..38b0b0a31b7 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -186,8 +186,10 @@ static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token, /* check the security descriptor first */ - if ( se_access_check(psd, token, des_access, acc_granted, &status) ) + status = se_access_check(psd, token, des_access, acc_granted); + if (NT_STATUS_IS_OK(status)) { goto done; + } /* give root a free pass */ diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c index a57d0ff4a4f..9898277b9a5 100644 --- a/source/rpc_server/srv_svcctl_nt.c +++ b/source/rpc_server/srv_svcctl_nt.c @@ -122,16 +122,12 @@ static struct service_control_op* find_service_by_name( const char *name ) static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, uint32 access_desired, uint32 *access_granted ) { - NTSTATUS result; - if ( geteuid() == sec_initial_uid() ) { DEBUG(5,("svcctl_access_check: using root's token\n")); token = get_root_nt_token(); } - se_access_check( sec_desc, token, access_desired, access_granted, &result ); - - return result; + return se_access_check( sec_desc, token, access_desired, access_granted); } /******************************************************************** |