diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-11 12:01:20 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:19 -0500 |
commit | 02a9aa08923e348af2cda9829b64a5f98282164d (patch) | |
tree | d08fcad68289d714f1438162ecd944837aac87d9 | |
parent | dca888e51eb97df60a3af6779b88cfa8d0e34996 (diff) | |
download | samba-02a9aa08923e348af2cda9829b64a5f98282164d.tar.gz samba-02a9aa08923e348af2cda9829b64a5f98282164d.tar.bz2 samba-02a9aa08923e348af2cda9829b64a5f98282164d.zip |
r4150: - add fns for manipulating the privilege_mask in a security_token
- add the hooks in access_check that check the privilege bitmasks for
SEC_STD_DELETE and SEC_FLAG_SYSTEM_SECURITY
(This used to be commit 0fa3764edcabffe8f7d5e40f0097f97d0c4519c4)
-rw-r--r-- | source4/libcli/security/access_check.c | 15 | ||||
-rw-r--r-- | source4/libcli/security/privilege.c | 24 |
2 files changed, 33 insertions, 6 deletions
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c index c646ee693b..4c8bb1bd1f 100644 --- a/source4/libcli/security/access_check.c +++ b/source4/libcli/security/access_check.c @@ -50,7 +50,10 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd, unsigned i; if (sid_active_in_token(sd->owner_sid, token)) { - granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE; + granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL; + } + if (sec_privilege_check(token, SEC_PRIV_RESTORE)) { + granted |= SEC_STD_DELETE; } for (i = 0;i<sd->dacl->num_aces; i++) { @@ -96,17 +99,13 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, bits_remaining = access_desired & ~SEC_STD_DELETE; } -#if 0 - /* this is where we should check for the "system security" privilege, once we - move to the full security_token and not just the nt_user_token */ if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { - if (privilege_in_token(SE_PRIVILEGE_SYSTEM_SECURITY, token)) { + if (sec_privilege_check(token, SEC_PRIV_SECURITY)) { bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; } else { return NT_STATUS_ACCESS_DENIED; } } -#endif /* dacl not present allows access */ if (!(sd->type & SEC_DESC_DACL_PRESENT)) { @@ -124,6 +123,10 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd, sid_active_in_token(sd->owner_sid, token)) { bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL); } + if ((bits_remaining & SEC_STD_DELETE) && + sec_privilege_check(token, SEC_PRIV_RESTORE)) { + bits_remaining &= ~SEC_STD_DELETE; + } /* check each ace in turn. */ for (i=0; bits_remaining && i < sd->dacl->num_aces; i++) { diff --git a/source4/libcli/security/privilege.c b/source4/libcli/security/privilege.c index 1962aaa374..10a51c8b42 100644 --- a/source4/libcli/security/privilege.c +++ b/source4/libcli/security/privilege.c @@ -82,3 +82,27 @@ int sec_privilege_id(const char *name) } return -1; } + + +/* + return True if a security_token has a particular privilege bit set +*/ +BOOL sec_privilege_check(const struct security_token *token, unsigned int privilege) +{ + uint64_t mask = 1; + mask <<= (privilege-1); + if (token->privilege_mask & mask) { + return True; + } + return False; +} + +/* + set a bit in the privilege mask +*/ +void sec_privilege_set(struct security_token *token, unsigned int privilege) +{ + uint64_t mask = 1; + mask <<= (privilege-1); + token->privilege_mask |= mask; +} |