CVE-2018-10919 security: Move object-specific access checks into separate function
commit21d628e045712405663e77e6e01084234df6a99c
authorTim Beale <timbeale@catalyst.net.nz>
Thu, 19 Jul 2018 04:03:36 +0000 (19 16:03 +1200)
committerKarolin Seeger <kseeger@samba.org>
Tue, 14 Aug 2018 11:57:15 +0000 (14 13:57 +0200)
treea27753d5f32b0f7e9657c71aa68067f53e118034
parentbe4c0938b0f47d246d3aaacdc6c9a3fedf8ab6e0
CVE-2018-10919 security: Move object-specific access checks into separate function

Object-specific access checks refer to a specific section of the
MS-ADTS, and the code closely matches the spec. We need to extend this
logic to properly handle the Control-Access Right (CR), so it makes
sense to split the logic out into its own function.

This patch just moves the code, and should not alter the logic (apart
from ading in the boolean grant_access return variable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
libcli/security/access_check.c