From 2ab6b43da63715350db8675bd3804e64f4241bca Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Tue, 14 Oct 2014 13:54:05 +0200 Subject: [PATCH] libcli/security: add a function that checks for MS NFS ACEs Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- libcli/security/security_descriptor.c | 22 ++++++++++++++++++++++ libcli/security/security_descriptor.h | 2 ++ 2 files changed, 24 insertions(+) diff --git a/libcli/security/security_descriptor.c b/libcli/security/security_descriptor.c index 8304b208528..a75942c0770 100644 --- a/libcli/security/security_descriptor.c +++ b/libcli/security/security_descriptor.c @@ -595,3 +595,25 @@ struct security_ace *security_ace_create(TALLOC_CTX *mem_ctx, return ace; } + +/******************************************************************* + Check for MS NFS ACEs in a sd +*******************************************************************/ +bool security_descriptor_with_ms_nfs(const struct security_descriptor *psd) +{ + int i; + + if (psd->dacl == NULL) { + return false; + } + + for (i = 0; i < psd->dacl->num_aces; i++) { + if (dom_sid_compare_domain( + &global_sid_Unix_NFS, + &psd->dacl->aces[i].trustee) == 0) { + return true; + } + } + + return false; +} diff --git a/libcli/security/security_descriptor.h b/libcli/security/security_descriptor.h index 1c7f893ead8..87643bc945a 100644 --- a/libcli/security/security_descriptor.h +++ b/libcli/security/security_descriptor.h @@ -81,4 +81,6 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx, struct dom_sid *default_group, /* valid only for DS, NULL for the other RSs */ uint32_t (*generic_map)(uint32_t access_mask)); +bool security_descriptor_with_ms_nfs(const struct security_descriptor *psd); + #endif /* __SECURITY_DESCRIPTOR_H__ */ -- 2.11.4.GIT