1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
|
/*
* Unix SMB/CIFS implementation.
*
* default privileges backend for passdb
*
* Copyright (C) Andrew Tridgell 2003
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 675
* Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
/*
this is a local implementation of a privileges backend, with
privileges stored in a tdb. Most passdb implementations will
probably use this backend, although some (such as pdb_ldap) will
store the privileges in another manner.
The basic principle is that the backend should store a list of SIDs
associated with each right, where a right is a string name such as
'SeTakeOwnershipPrivilege'. The SIDs can be of any type, and do not
need to belong to the local domain.
The way this is used is that certain places in the code which
require access control will ask the privileges backend 'does this
user have the following privilege'. The 'user' will be a NT_TOKEN,
which is essentially just a list of SIDs. If any of those SIDs are
listed in the list of SIDs for that privilege then the answer will
be 'yes'. That will usually mean that the user gets unconditional
access to that functionality, regradless of any ACLs. In this way
privileges act in a similar fashion to unix setuid bits.
*/
/*
The terms 'right' and 'privilege' are used interchangably in this
file. This follows MSDN convention where the LSA calls are calls on
'rights', which really means privileges. My apologies for the
confusion.
*/
/* 15 seconds seems like an ample time for timeouts on the privileges db */
#define LOCK_TIMEOUT 15
/* the tdb handle for the privileges database */
static TDB_CONTEXT *tdb;
/* initialise the privilege database */
BOOL privilege_init(void)
{
tdb = tdb_open_log(lock_path("privilege.tdb"), 0, TDB_DEFAULT,
O_RDWR|O_CREAT, 0600);
if (!tdb) {
DEBUG(0,("Failed to open privilege database\n"));
return False;
}
return True;
}
/*
lock the record for a particular privilege (write lock)
*/
static NTSTATUS privilege_lock_right(const char *right)
{
if (tdb_lock_bystring(tdb, right, LOCK_TIMEOUT) != 0) {
return NT_STATUS_INTERNAL_ERROR;
}
return NT_STATUS_OK;
}
/*
unlock the record for a particular privilege (write lock)
*/
static void privilege_unlock_right(const char *right)
{
tdb_unlock_bystring(tdb, right);
}
/*
return a list of SIDs that have a particular right
*/
NTSTATUS privilege_enum_account_with_right(const char *right,
uint32 *count,
DOM_SID **sids)
{
TDB_DATA data;
char *p;
int i;
if (!tdb) {
return NT_STATUS_INTERNAL_ERROR;
}
data = tdb_fetch_bystring(tdb, right);
if (!data.dptr) {
*count = 0;
*sids = NULL;
return NT_STATUS_OK;
}
/* count them */
for (i=0, p=data.dptr; p<data.dptr+data.dsize; i++) {
p += strlen(p) + 1;
}
*count = i;
/* allocate and parse */
*sids = SMB_MALLOC_ARRAY(DOM_SID, *count);
if (! *sids) {
return NT_STATUS_NO_MEMORY;
}
for (i=0, p=data.dptr; p<data.dptr+data.dsize; i++) {
if (!string_to_sid(&(*sids)[i], p)) {
free(data.dptr);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
p += strlen(p) + 1;
}
free(data.dptr);
return NT_STATUS_OK;
}
/*
set what accounts have a given right - this is an internal interface
*/
static NTSTATUS privilege_set_accounts_with_right(const char *right,
uint32 count,
DOM_SID *sids)
{
TDB_DATA data;
char *p;
int i;
if (!tdb) {
return NT_STATUS_INTERNAL_ERROR;
}
/* allocate the maximum size that we might use */
data.dptr = SMB_MALLOC(count * ((MAXSUBAUTHS*11) + 30));
if (!data.dptr) {
return NT_STATUS_NO_MEMORY;
}
p = data.dptr;
for (i=0;i<count;i++) {
sid_to_string(p, &sids[i]);
p += strlen(p) + 1;
}
data.dsize = PTR_DIFF(p, data.dptr);
if (tdb_store_bystring(tdb, right, data, TDB_REPLACE) != 0) {
free(data.dptr);
return NT_STATUS_INTERNAL_ERROR;
}
free(data.dptr);
return NT_STATUS_OK;
}
/*
add a SID to the list of SIDs for a right
*/
NTSTATUS privilege_add_account_right(const char *right,
DOM_SID *sid)
{
NTSTATUS status;
DOM_SID *current_sids;
uint32 current_count;
int i;
status = privilege_lock_right(right);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
status = privilege_enum_account_with_right(right, ¤t_count, ¤t_sids);
if (!NT_STATUS_IS_OK(status)) {
privilege_unlock_right(right);
return status;
}
/* maybe that SID is already listed? this is not an error */
for (i=0;i<current_count;i++) {
if (sid_equal(¤t_sids[i], sid)) {
privilege_unlock_right(right);
free(current_sids);
return NT_STATUS_OK;
}
}
/* add it in */
current_sids = SMB_REALLOC_ARRAY(current_sids, DOM_SID, current_count+1);
if (!current_sids) {
privilege_unlock_right(right);
return NT_STATUS_NO_MEMORY;
}
sid_copy(¤t_sids[current_count], sid);
current_count++;
status = privilege_set_accounts_with_right(right, current_count, current_sids);
free(current_sids);
privilege_unlock_right(right);
return status;
}
/*
remove a SID from the list of SIDs for a right
*/
NTSTATUS privilege_remove_account_right(const char *right,
DOM_SID *sid)
{
NTSTATUS status;
DOM_SID *current_sids;
uint32 current_count;
int i;
status = privilege_lock_right(right);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
status = privilege_enum_account_with_right(right, ¤t_count, ¤t_sids);
if (!NT_STATUS_IS_OK(status)) {
privilege_unlock_right(right);
return status;
}
for (i=0;i<current_count;i++) {
if (sid_equal(¤t_sids[i], sid)) {
/* found it - so remove it */
if (current_count-i > 1) {
memmove(¤t_sids[i], ¤t_sids[i+1],
sizeof(current_sids[0]) * ((current_count-i)-1));
}
current_count--;
status = privilege_set_accounts_with_right(right,
current_count,
current_sids);
free(current_sids);
privilege_unlock_right(right);
return status;
}
}
/* removing a right that you don't have is not an error */
safe_free(current_sids);
privilege_unlock_right(right);
return NT_STATUS_OK;
}
/*
an internal function for checking if a SID has a right
*/
static BOOL privilege_sid_has_right(DOM_SID *sid, const char *right)
{
NTSTATUS status;
uint32 count;
DOM_SID *sids;
int i;
status = privilege_enum_account_with_right(right, &count, &sids);
if (!NT_STATUS_IS_OK(status)) {
return False;
}
for (i=0;i<count;i++) {
if (sid_equal(sid, &sids[i])) {
free(sids);
return True;
}
}
safe_free(sids);
return False;
}
/*
list the rights for an account. This involves traversing the database
*/
NTSTATUS privilege_enum_account_rights(DOM_SID *sid,
uint32 *count,
char ***rights)
{
TDB_DATA key, nextkey;
char *right;
if (!tdb) {
return NT_STATUS_INTERNAL_ERROR;
}
*rights = NULL;
*count = 0;
for (key = tdb_firstkey(tdb); key.dptr; key = nextkey) {
nextkey = tdb_nextkey(tdb, key);
right = key.dptr;
if (privilege_sid_has_right(sid, right)) {
(*rights) = SMB_REALLOC_ARRAY(*rights,char *, (*count)+1);
if (! *rights) {
safe_free(nextkey.dptr);
free(key.dptr);
return NT_STATUS_NO_MEMORY;
}
(*rights)[*count] = SMB_STRDUP(right);
(*count)++;
}
free(key.dptr);
}
return NT_STATUS_OK;
}
|
