diff options
| author | Volker Lendecke <vlendec@samba.org> | 2007-09-08 20:30:51 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:30:36 -0500 |
| commit | 54d3c7f61d612ca041aafc0fba964e0431cbf463 (patch) | |
| tree | ec8474d9987fec697cb9875ada625e3afb0a4e92 /source3/lib | |
| parent | 325b342f313369a8cbd8c7851ddcbe37d8ee4470 (diff) | |
| download | samba-54d3c7f61d612ca041aafc0fba964e0431cbf463.tar.gz samba-54d3c7f61d612ca041aafc0fba964e0431cbf463.tar.xz samba-54d3c7f61d612ca041aafc0fba964e0431cbf463.zip | |
r25040: Add "net sam rights"
Not strictly in the SAM, but close enough. This command acts directly on
the local tdb, no running smbd required
This also changes the root-only check to a warning
(This used to be commit 0c5657b5eff60e3c52de8fbb4ce9346d0341854c)
Diffstat (limited to 'source3/lib')
| -rw-r--r-- | source3/lib/privileges.c | 33 | ||||
| -rw-r--r-- | source3/lib/util_sid.c | 7 |
2 files changed, 39 insertions, 1 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 34bca18b202..b2e145e819c 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -31,6 +31,7 @@ typedef struct { } SID_LIST; typedef struct { + TALLOC_CTX *mem_ctx; SE_PRIV privilege; SID_LIST sids; } PRIV_SID_LIST; @@ -183,7 +184,8 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s return 0; } - if (!add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count )) { + if (!add_sid_to_array( priv->mem_ctx, &sid, &priv->sids.list, + &priv->sids.count )) { return 0; } @@ -217,6 +219,35 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) return NT_STATUS_OK; } +/********************************************************************* + Retrieve list of SIDs granted a particular privilege +*********************************************************************/ + +NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx, + DOM_SID **sids, int *num_sids) +{ + TDB_CONTEXT *tdb = get_account_pol_tdb(); + PRIV_SID_LIST priv; + + if (!tdb) { + return NT_STATUS_ACCESS_DENIED; + } + + ZERO_STRUCT(priv); + + se_priv_copy(&priv.privilege, mask); + priv.mem_ctx = mem_ctx; + + tdb_traverse( tdb, priv_traverse_fn, &priv); + + /* give the memory away; caller will free */ + + *sids = priv.sids.list; + *num_sids = priv.sids.count; + + return NT_STATUS_OK; +} + /*************************************************************************** Add privilege to sid ****************************************************************************/ diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 7c6fc9b217c..85cb96bd604 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -207,6 +207,13 @@ const char *sid_string_static(const DOM_SID *sid) return sid_str; } +char *sid_string_tos(const DOM_SID *sid) +{ + fstring sid_str; + sid_to_string(sid_str, sid); + return talloc_strdup(talloc_tos(), sid_str); +} + /***************************************************************** Convert a string to a SID. Returns True on success, False on fail. *****************************************************************/ |