diff options
| author | Gerald Carter <jerry@samba.org> | 2006-03-15 05:50:52 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:15:30 -0500 |
| commit | f39c02e945dcb93cb156b9e28656d1cd4b0483da (patch) | |
| tree | 0ef1a65de51c05b59485049af3100722262602e4 | |
| parent | d6eebce490cfa7b17f9ca2779744db2924f1d165 (diff) | |
| download | samba-f39c02e945dcb93cb156b9e28656d1cd4b0483da.tar.gz samba-f39c02e945dcb93cb156b9e28656d1cd4b0483da.tar.xz samba-f39c02e945dcb93cb156b9e28656d1cd4b0483da.zip | |
r14432: Give in and grant BUILT\Administrators all privileges
(This used to be commit b6170910604dba6533b727de8d7f0cc75256d14f)
| -rw-r--r-- | source3/lib/account_pol.c | 7 | ||||
| -rw-r--r-- | source3/lib/privileges.c | 20 |
2 files changed, 25 insertions, 2 deletions
diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c index 75a1d62ee79..0694b1c3f88 100644 --- a/source3/lib/account_pol.c +++ b/source3/lib/account_pol.c @@ -288,12 +288,17 @@ BOOL init_account_policy(void) /* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */ privilege_create_account( &global_sid_World ); - privilege_create_account( &global_sid_Builtin_Administrators ); privilege_create_account( &global_sid_Builtin_Account_Operators ); privilege_create_account( &global_sid_Builtin_Server_Operators ); privilege_create_account( &global_sid_Builtin_Print_Operators ); privilege_create_account( &global_sid_Builtin_Backup_Operators ); + /* BUILTIN\Administrators get everything -- *always* */ + + if ( !grant_all_privileges( &global_sid_Builtin_Administrators ) ) { + DEBUG(0,("init_account_policy: Failed to grant privileges to BUILTIN\\Administrators!\n")); + } + return True; } diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index ee69613df0e..d77d7857d72 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -867,9 +867,27 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) /******************************************************************* *******************************************************************/ -BOOL is_privileged_sid( DOM_SID *sid ) +BOOL is_privileged_sid( const DOM_SID *sid ) { SE_PRIV mask; return get_privileges( sid, &mask ); } + +/******************************************************************* +*******************************************************************/ + +BOOL grant_all_privileges( const DOM_SID *sid ) +{ + int i; + SE_PRIV mask; + uint32 num_privs = count_all_privileges(); + + se_priv_copy( &mask, &se_priv_none ); + + for ( i=0; i<num_privs; i++ ) { + se_priv_add(&mask, &privs[i].se_priv); + } + + return grant_privilege( sid, &mask ); +} |