libcli/security: tree and replace sid are not optional to sec_access_check_ds()
authorStefan Metzmacher <metze@samba.org>
Wed, 16 Jan 2013 09:07:45 +0000 (10:07 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 29 Jan 2013 21:03:15 +0000 (22:03 +0100)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
libcli/security/access_check.c

index 936ffca242e6b6e7682f97dc3815e54715ee8fe9..7d4785f73c7defffafab65952da51441be5a876b 100644 (file)
@@ -465,7 +465,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                        continue;
                }
 
-               if (dom_sid_equal(&ace->trustee, &self_sid) && replace_sid) {
+               if (dom_sid_equal(&ace->trustee, &self_sid)) {
                        trustee = replace_sid;
                } else {
                        trustee = &ace->trustee;
@@ -477,9 +477,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
 
                switch (ace->type) {
                case SEC_ACE_TYPE_ACCESS_ALLOWED:
-                       if (tree) {
-                               object_tree_modify_access(tree, ace->access_mask);
-                       }
+                       object_tree_modify_access(tree, ace->access_mask);
 
                        bits_remaining &= ~ace->access_mask;
                        break;
@@ -497,16 +495,14 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                         */
                        type = get_ace_object_type(ace);
 
-                       if (!tree) {
-                               continue;
-                       }
-
                        if (!type) {
                                node = tree;
                        } else {
-                               if (!(node = get_object_tree_by_GUID(tree, type))) {
-                                       continue;
-                               }
+                               node = get_object_tree_by_GUID(tree, type);
+                       }
+
+                       if (node == NULL) {
+                               continue;
                        }
 
                        if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {