diff options
| author | Gerald Carter <jerry@samba.org> | 2005-01-15 02:20:30 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:53 -0500 |
| commit | 7bf1312287cc1ec6b97917ba25fc60d6db09f26c (patch) | |
| tree | 29d634feee187c249c42877d92053939819256be /source/lib/privileges.c | |
| parent | 85731706c9d794e8bd3f26ce9b1f881c1ee6a3ba (diff) | |
| download | samba-7bf1312287cc1ec6b97917ba25fc60d6db09f26c.tar.gz samba-7bf1312287cc1ec6b97917ba25fc60d6db09f26c.tar.xz samba-7bf1312287cc1ec6b97917ba25fc60d6db09f26c.zip | |
r4742: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code
Diffstat (limited to 'source/lib/privileges.c')
| -rw-r--r-- | source/lib/privileges.c | 77 |
1 files changed, 65 insertions, 12 deletions
diff --git a/source/lib/privileges.c b/source/lib/privileges.c index f35d16f30f4..09a868fc277 100644 --- a/source/lib/privileges.c +++ b/source/lib/privileges.c @@ -87,24 +87,25 @@ typedef struct priv_sid_list { Retrieve the privilege mask (set) for a given SID ****************************************************************************/ -static uint32 get_privileges( const DOM_SID *sid ) +static uint32 get_privileges( const DOM_SID *sid, uint32 *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; uint32 priv_mask; if ( !tdb ) - return 0; + return False; fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); if ( !tdb_fetch_uint32( tdb, keystr, &priv_mask ) ) { DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n", sid_string_static(sid))); - return 0; + return False; } - return priv_mask; + *mask = priv_mask; + return True; } /*************************************************************************** @@ -241,13 +242,11 @@ void get_privileges_for_sids(PRIVILEGE_SET *privset, DOM_SID *slist, int scount) int i; for ( i=0; i<scount; i++ ) { - priv_mask = get_privileges( &slist[i] ); - /* don't add unless we actually have a privilege assigned */ - if ( priv_mask == 0 ) + if ( !get_privileges( &slist[i], &priv_mask ) ) continue; - + DEBUG(5,("get_privileges_for_sids: sid = %s, privilege mask = 0x%x\n", sid_string_static(&slist[i]), priv_mask)); @@ -350,9 +349,10 @@ BOOL grant_privilege(const DOM_SID *sid, uint32 priv_mask) { uint32 old_mask, new_mask; - old_mask = get_privileges( sid ); - - new_mask = old_mask | priv_mask; + if ( get_privileges( sid, &old_mask ) ) + new_mask = old_mask | priv_mask; + else + new_mask = priv_mask; DEBUG(10,("grant_privilege: %s, orig priv set = 0x%x, new privilege set = 0x%x\n", sid_string_static(sid), old_mask, new_mask )); @@ -360,6 +360,25 @@ BOOL grant_privilege(const DOM_SID *sid, uint32 priv_mask) return set_privileges( sid, new_mask ); } +/********************************************************************* + Add a privilege based on its name +*********************************************************************/ + +BOOL grant_privilege_by_name(DOM_SID *sid, const char *name) +{ + int i; + + for ( i = 0; privs[i].se_priv != SE_END; i++ ) { + if ( strequal(privs[i].name, name) ) { + return grant_privilege( sid, privs[i].se_priv ); + } + } + + DEBUG(3, ("grant_privilege_by_name: No Such Privilege Found (%s)\n", name)); + + return False; +} + /*************************************************************************** Remove privilege from sid ****************************************************************************/ @@ -368,7 +387,10 @@ BOOL revoke_privilege(const DOM_SID *sid, uint32 priv_mask) { uint32 old_mask, new_mask; - old_mask = get_privileges( sid ); + if ( get_privileges( sid, &old_mask ) ) + new_mask = old_mask | priv_mask; + else + new_mask = priv_mask; new_mask = old_mask & ~priv_mask; @@ -378,6 +400,25 @@ BOOL revoke_privilege(const DOM_SID *sid, uint32 priv_mask) return set_privileges( sid, new_mask ); } +/********************************************************************* + Add a privilege based on its name +*********************************************************************/ + +BOOL revoke_privilege_by_name(DOM_SID *sid, const char *name) +{ + int i; + + for ( i = 0; privs[i].se_priv != SE_END; i++ ) { + if ( strequal(privs[i].name, name) ) { + return revoke_privilege( sid, privs[i].se_priv ); + } + } + + DEBUG(3, ("revoke_privilege_by_name: No Such Privilege Found (%s)\n", name)); + + return False; +} + /*************************************************************************** Retrieve the SIDs assigned to a given privilege ****************************************************************************/ @@ -560,3 +601,15 @@ int count_all_privileges( void ) return count; } +/******************************************************************* +*******************************************************************/ + +BOOL is_privileged_sid( DOM_SID *sid ) +{ + int mask; + + /* check if the lookup succeeds */ + + return get_privileges( sid, &mask ); +} + |