svn commit: samba r14894 - in branches/SAMBA_4_0/source: dsdb/samdb libcli/security

metze at samba.org metze at samba.org
Mon Apr 3 15:18:14 GMT 2006


Author: metze
Date: 2006-04-03 15:18:12 +0000 (Mon, 03 Apr 2006)
New Revision: 14894

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14894

Log:
- add some 'const'
- remove sid_active_in_token() was the same as security_token_has_sid()
- rename some functions

metze
Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c
   branches/SAMBA_4_0/source/libcli/security/access_check.c
   branches/SAMBA_4_0/source/libcli/security/privilege.c
   branches/SAMBA_4_0/source/libcli/security/security_token.c


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c	2006-04-03 14:58:13 UTC (rev 14893)
+++ branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c	2006-04-03 15:18:12 UTC (rev 14894)
@@ -63,7 +63,7 @@
 				 priv_str));
 			continue;
 		}
-		sec_privilege_set(token, privilege);
+		security_token_set_privilege(token, privilege);
 	}
 
 	return NT_STATUS_OK;

Modified: branches/SAMBA_4_0/source/libcli/security/access_check.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/access_check.c	2006-04-03 14:58:13 UTC (rev 14893)
+++ branches/SAMBA_4_0/source/libcli/security/access_check.c	2006-04-03 15:18:12 UTC (rev 14894)
@@ -25,22 +25,6 @@
 
 
 /*
-  check if a sid is in the supplied token
-*/
-static BOOL sid_active_in_token(const struct dom_sid *sid, 
-				const struct security_token *token)
-{
-	int i;
-	for (i=0;i<token->num_sids;i++) {
-		if (dom_sid_equal(sid, token->sids[i])) {
-			return True;
-		}
-	}
-	return False;
-}
-
-
-/*
   perform a SEC_FLAG_MAXIMUM_ALLOWED access check
 */
 static uint32_t access_check_max_allowed(const struct security_descriptor *sd, 
@@ -49,9 +33,9 @@
 	uint32_t denied = 0, granted = 0;
 	unsigned i;
 	
-	if (sid_active_in_token(sd->owner_sid, token)) {
+	if (security_token_has_sid(token, sd->owner_sid)) {
 		granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
-	} else if (sec_privilege_check(token, SEC_PRIV_RESTORE)) {
+	} else if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
 		granted |= SEC_STD_DELETE;
 	}
 
@@ -62,7 +46,7 @@
 			continue;
 		}
 
-		if (!sid_active_in_token(&ace->trustee, token)) {
+		if (!security_token_has_sid(token, &ace->trustee)) {
 			continue;
 		}
 
@@ -105,7 +89,7 @@
 	}
 
 	if (access_desired & SEC_FLAG_SYSTEM_SECURITY) {
-		if (sec_privilege_check(token, SEC_PRIV_SECURITY)) {
+		if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
 			bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
 		} else {
 			return NT_STATUS_ACCESS_DENIED;
@@ -125,11 +109,11 @@
 
 	/* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
 	if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
-	    sid_active_in_token(sd->owner_sid, token)) {
+	    security_token_has_sid(token, sd->owner_sid)) {
 		bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
 	}
 	if ((bits_remaining & SEC_STD_DELETE) &&
-	    sec_privilege_check(token, SEC_PRIV_RESTORE)) {
+	    security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
 		bits_remaining &= ~SEC_STD_DELETE;
 	}
 
@@ -141,7 +125,7 @@
 			continue;
 		}
 
-		if (!sid_active_in_token(&ace->trustee, token)) {
+		if (!security_token_has_sid(token, &ace->trustee)) {
 			continue;
 		}
 

Modified: branches/SAMBA_4_0/source/libcli/security/privilege.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/privilege.c	2006-04-03 14:58:13 UTC (rev 14893)
+++ branches/SAMBA_4_0/source/libcli/security/privilege.c	2006-04-03 15:18:12 UTC (rev 14894)
@@ -194,7 +194,7 @@
 /*
   return True if a security_token has a particular privilege bit set
 */
-BOOL sec_privilege_check(const struct security_token *token, enum sec_privilege privilege)
+BOOL security_token_has_privilege(const struct security_token *token, enum sec_privilege privilege)
 {
 	uint64_t mask;
 
@@ -212,7 +212,7 @@
 /*
   set a bit in the privilege mask
 */
-void sec_privilege_set(struct security_token *token, enum sec_privilege privilege)
+void security_token_set_privilege(struct security_token *token, enum sec_privilege privilege)
 {
 	if (privilege < 1 || privilege > 64) {
 		return;
@@ -220,7 +220,7 @@
 	token->privilege_mask |= sec_privilege_mask(privilege);
 }
 
-void sec_privilege_debug(int dbg_lev, const struct security_token *token)
+void security_token_debug_privileges(int dbg_lev, const struct security_token *token)
 {
 	DEBUGADD(dbg_lev, (" Privileges (0x%16llX):\n",
 			    (unsigned long long) token->privilege_mask));

Modified: branches/SAMBA_4_0/source/libcli/security/security_token.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/security_token.c	2006-04-03 14:58:13 UTC (rev 14893)
+++ branches/SAMBA_4_0/source/libcli/security/security_token.c	2006-04-03 15:18:12 UTC (rev 14894)
@@ -148,14 +148,14 @@
 			   dom_sid_string(mem_ctx, token->sids[i])));
 	}
 
-	sec_privilege_debug(dbg_lev, token);
+	security_token_debug_privileges(dbg_lev, token);
 
 	talloc_free(mem_ctx);
 }
 
 /* These really should be cheaper... */
 
-BOOL security_token_is_sid(struct security_token *token, const struct dom_sid *sid)
+BOOL security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
 {
 	if (dom_sid_equal(token->user_sid, sid)) {
 		return True;
@@ -163,10 +163,10 @@
 	return False;
 }
 
-BOOL security_token_is_sid_string(struct security_token *token, const char *sid_string)
+BOOL security_token_is_sid_string(const struct security_token *token, const char *sid_string)
 {
 	BOOL ret;
-	struct dom_sid *sid = dom_sid_parse_talloc(token, sid_string);
+	struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
 	if (!sid) return False;
 
 	ret = security_token_is_sid(token, sid);
@@ -175,17 +175,17 @@
 	return ret;
 }
 
-BOOL security_token_is_system(struct security_token *token) 
+BOOL security_token_is_system(const struct security_token *token) 
 {
 	return security_token_is_sid_string(token, SID_NT_SYSTEM);
 }
 
-BOOL security_token_is_anonymous(struct security_token *token) 
+BOOL security_token_is_anonymous(const struct security_token *token) 
 {
 	return security_token_is_sid_string(token, SID_NT_ANONYMOUS);
 }
 
-BOOL security_token_has_sid(struct security_token *token, struct dom_sid *sid)
+BOOL security_token_has_sid(const struct security_token *token, const struct dom_sid *sid)
 {
 	int i;
 	for (i = 0; i < token->num_sids; i++) {
@@ -196,10 +196,10 @@
 	return False;
 }
 
-BOOL security_token_has_sid_string(struct security_token *token, const char *sid_string)
+BOOL security_token_has_sid_string(const struct security_token *token, const char *sid_string)
 {
 	BOOL ret;
-	struct dom_sid *sid = dom_sid_parse_talloc(token, sid_string);
+	struct dom_sid *sid = dom_sid_parse_talloc(NULL, sid_string);
 	if (!sid) return False;
 
 	ret = security_token_has_sid(token, sid);
@@ -208,12 +208,12 @@
 	return ret;
 }
 
-BOOL security_token_has_builtin_administrators(struct security_token *token)
+BOOL security_token_has_builtin_administrators(const struct security_token *token)
 {
 	return security_token_has_sid_string(token, SID_BUILTIN_ADMINISTRATORS);
 }
 
-BOOL security_token_has_nt_authenticated_users(struct security_token *token)
+BOOL security_token_has_nt_authenticated_users(const struct security_token *token)
 {
 	return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS);
 }



More information about the samba-cvs mailing list