uint32_t bits_remaining;
struct object_tree *node;
const struct GUID *type;
- struct dom_sid *ps_sid = dom_sid_parse_talloc(NULL, SID_NT_SELF);
+ struct dom_sid self_sid;
+
+ dom_sid_parse(SID_NT_SELF, &self_sid);
*access_granted = access_desired;
bits_remaining = access_desired;
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
} else {
- talloc_free(ps_sid);
return NT_STATUS_PRIVILEGE_NOT_HELD;
}
}
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
*access_granted = access_desired;
- talloc_free(ps_sid);
return NT_STATUS_OK;
}
continue;
}
- if (dom_sid_equal(&ace->trustee, ps_sid) && replace_sid) {
+ if (dom_sid_equal(&ace->trustee, &self_sid) && replace_sid) {
trustee = replace_sid;
} else {
trustee = &ace->trustee;
break;
case SEC_ACE_TYPE_ACCESS_DENIED:
if (bits_remaining & ace->access_mask) {
- talloc_free(ps_sid);
return NT_STATUS_ACCESS_DENIED;
}
break;
if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
object_tree_modify_access(node, ace->access_mask);
if (node->remaining_access == 0) {
- talloc_free(ps_sid);
return NT_STATUS_OK;
}
} else {
if (node->remaining_access & ace->access_mask){
- talloc_free(ps_sid);
return NT_STATUS_ACCESS_DENIED;
}
}
}
done:
- talloc_free(ps_sid);
if (bits_remaining != 0) {
return NT_STATUS_ACCESS_DENIED;
}