svn commit: samba r14840 - in branches/SAMBA_4_0/source: dsdb/samdb dsdb/samdb/ldb_modules libcli/security

metze at samba.org metze at samba.org
Fri Mar 31 11:05:34 GMT 2006 

Author: metze
Date: 2006-03-31 11:05:33 +0000 (Fri, 31 Mar 2006)
New Revision: 14840

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14840

Log:
- rename some functions
- stack specific functions on top of generic ones

metze
Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
   branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c
   branches/SAMBA_4_0/source/libcli/security/security_token.c


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c	2006-03-31 10:37:49 UTC (rev 14839)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c	2006-03-31 11:05:33 UTC (rev 14840)
@@ -65,19 +65,22 @@
 		return ANONYMOUS;
 	}
 	
-	if (is_system_token(session_info->security_token)) {
+	if (security_token_is_system(session_info->security_token)) {
 		return SYSTEM;
 	}
 
-	if (is_administrator_token(session_info->security_token)) {
+	if (security_token_is_anonymous(session_info->security_token)) {
+		return ANONYMOUS;
+	}
+
+	if (security_token_has_builtin_administrators(session_info->security_token)) {
 		return ADMINISTRATOR;
 	}
-	if (is_authenticated_token(session_info->security_token)) {
+
+	if (security_token_has_nt_authenticated_users(session_info->security_token)) {
 		return USER;
 	}
-	if (is_anonymous_token(session_info->security_token)) {
-		return ANONYMOUS;
-	}
+
 	return ANONYMOUS;
 }
 

Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c	2006-03-31 10:37:49 UTC (rev 14839)
+++ branches/SAMBA_4_0/source/dsdb/samdb/samdb_privilege.c	2006-03-31 11:05:33 UTC (rev 14840)
@@ -83,12 +83,12 @@
 	NTSTATUS status;
 
 	/* Shortcuts to prevent recursion and avoid lookups */
-	if (is_system_token(token)) {
+	if (security_token_is_system(token)) {
 		token->privilege_mask = ~0;
 		return NT_STATUS_OK;
 	}
 
-	if (is_anonymous_token(token)) {
+	if (security_token_is_anonymous(token)) {
 		token->privilege_mask = 0;
 		return NT_STATUS_OK;
 	}

Modified: branches/SAMBA_4_0/source/libcli/security/security_token.c
===================================================================
--- branches/SAMBA_4_0/source/libcli/security/security_token.c	2006-03-31 10:37:49 UTC (rev 14839)
+++ branches/SAMBA_4_0/source/libcli/security/security_token.c	2006-03-31 11:05:33 UTC (rev 14840)
@@ -170,55 +170,65 @@
 
 /* These really should be cheaper... */
 
-BOOL is_system_token(struct security_token *token) 
+BOOL security_token_is_sid(struct security_token *token, const struct dom_sid *sid)
 {
-	TALLOC_CTX *mem_ctx = talloc_new(token);
-	if (dom_sid_equal(token->user_sid, dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM))) {
-		talloc_free(mem_ctx);
+	if (dom_sid_equal(token->user_sid, sid)) {
 		return True;
 	}
-	talloc_free(mem_ctx);
 	return False;
 }
 
-BOOL is_anonymous_token(struct security_token *token) 
+BOOL security_token_is_sid_string(struct security_token *token, const char *sid_string)
 {
-	TALLOC_CTX *mem_ctx = talloc_new(token);
-	if (dom_sid_equal(token->user_sid, dom_sid_parse_talloc(mem_ctx, SID_NT_ANONYMOUS))) {
-		talloc_free(mem_ctx);
-		return True;
-	}
-	talloc_free(mem_ctx);
-	return False;
+	BOOL ret;
+	struct dom_sid *sid = dom_sid_parse_talloc(token, sid_string);
+	if (!sid) return False;
+
+	ret = security_token_is_sid(token, sid);
+
+	talloc_free(sid);
+	return ret;
 }
 
-BOOL is_authenticated_token(struct security_token *token)
+BOOL security_token_is_system(struct security_token *token) 
 {
-	TALLOC_CTX *mem_ctx = talloc_new(token);
-	int i;
-	struct dom_sid *authenticated = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHENTICATED_USERS);
-	for (i = 0; i < token->num_sids; i++) {
-		if (dom_sid_equal(token->sids[i], authenticated)) {
-			talloc_free(mem_ctx);
-			return True;
-		}
-	}
-	talloc_free(mem_ctx);
-	return False;
+	return security_token_is_sid_string(token, SID_NT_SYSTEM);
 }
 
-BOOL is_administrator_token(struct security_token *token) 
+BOOL security_token_is_anonymous(struct security_token *token) 
 {
-	TALLOC_CTX *mem_ctx = talloc_new(token);
+	return security_token_is_sid_string(token, SID_NT_ANONYMOUS);
+}
+
+BOOL security_token_has_sid(struct security_token *token, struct dom_sid *sid)
+{
 	int i;
-	struct dom_sid *administrators = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN_ADMINISTRATORS);
 	for (i = 0; i < token->num_sids; i++) {
-		if (dom_sid_equal(token->sids[i], administrators)) {
-			talloc_free(mem_ctx);
+		if (dom_sid_equal(token->sids[i], sid)) {
 			return True;
 		}
 	}
-	talloc_free(mem_ctx);
 	return False;
 }
 
+BOOL security_token_has_sid_string(struct security_token *token, const char *sid_string)
+{
+	BOOL ret;
+	struct dom_sid *sid = dom_sid_parse_talloc(token, sid_string);
+	if (!sid) return False;
+
+	ret = security_token_has_sid(token, sid);
+
+	talloc_free(sid);
+	return ret;
+}
+
+BOOL security_token_has_builtin_administrators(struct security_token *token)
+{
+	return security_token_has_sid_string(token, SID_BUILTIN_ADMINISTRATORS);
+}
+
+BOOL security_token_has_nt_authenticated_users(struct security_token *token)
+{
+	return security_token_has_sid_string(token, SID_NT_AUTHENTICATED_USERS);
+}

More information about the samba-cvs mailing list