git.samba.org
/
metze
/
samba
/
wip.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
libcli/security: tree and replace sid are not optional to sec_access_check_ds()
[metze/samba/wip.git]
/
libcli
/
security
/
access_check.c
diff --git
a/libcli/security/access_check.c
b/libcli/security/access_check.c
index 936ffca242e6b6e7682f97dc3815e54715ee8fe9..7d4785f73c7defffafab65952da51441be5a876b 100644
(file)
--- a/
libcli/security/access_check.c
+++ b/
libcli/security/access_check.c
@@
-465,7
+465,7
@@
NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
continue;
}
continue;
}
- if (dom_sid_equal(&ace->trustee, &self_sid)
&& replace_sid
) {
+ if (dom_sid_equal(&ace->trustee, &self_sid)) {
trustee = replace_sid;
} else {
trustee = &ace->trustee;
trustee = replace_sid;
} else {
trustee = &ace->trustee;
@@
-477,9
+477,7
@@
NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
switch (ace->type) {
case SEC_ACE_TYPE_ACCESS_ALLOWED:
switch (ace->type) {
case SEC_ACE_TYPE_ACCESS_ALLOWED:
- if (tree) {
- object_tree_modify_access(tree, ace->access_mask);
- }
+ object_tree_modify_access(tree, ace->access_mask);
bits_remaining &= ~ace->access_mask;
break;
bits_remaining &= ~ace->access_mask;
break;
@@
-497,16
+495,14
@@
NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
*/
type = get_ace_object_type(ace);
*/
type = get_ace_object_type(ace);
- if (!tree) {
- continue;
- }
-
if (!type) {
node = tree;
} else {
if (!type) {
node = tree;
} else {
- if (!(node = get_object_tree_by_GUID(tree, type))) {
- continue;
- }
+ node = get_object_tree_by_GUID(tree, type);
+ }
+
+ if (node == NULL) {
+ continue;
}
if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
}
if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {