diff options
| author | Simo Sorce <idra@samba.org> | 2004-03-01 16:10:28 +0000 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2004-03-01 16:10:28 +0000 |
| commit | eebc94d84af736bb1fdd8e0c511237b0da978e7a (patch) | |
| tree | 3d39c50ac039a7fc56d677b90e60421f7d6fc878 /source3/auth | |
| parent | f986f33aa13f8672e2154f29906f657c023777dc (diff) | |
| download | samba-eebc94d84af736bb1fdd8e0c511237b0da978e7a.tar.gz samba-eebc94d84af736bb1fdd8e0c511237b0da978e7a.tar.bz2 samba-eebc94d84af736bb1fdd8e0c511237b0da978e7a.zip | |
Ok here it is my latest work on privileges
This patch add privilege support for samba
Currently it is implemented only for tdbsam backend but estending it to
other sam backends is straightforward.
I must make a big thank to JFM for his teachings on the matter and the
functions at the base of this work.
At thye moment only samr_create_user honours SeAddUsersPrivilege and
SeMachineAccountPrivilege to permit any user to add machines and/or users to
the server.
The command "net priv" has been provided to manipulate the privileges
database.
There are still many things to do (like support in "net rpc vampire") but
the working core is here.
Feel free to comment/extend on this work.
Of course I will deny that any bug may affect this code :-)
Simo.
This patch adds also my patch about add share command enhancements.
(This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_util.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 4a23593936..018d3b1851 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -827,6 +827,23 @@ static NTSTATUS add_user_groups(auth_serversupplied_info **server_info, } /*************************************************************************** +Fill a server_info struct from a SAM_ACCOUNT with its privileges +***************************************************************************/ + +static NTSTATUS add_privileges(auth_serversupplied_info **server_info) +{ + PRIVILEGE_SET *privs = NULL; + + init_privilege(&privs); + if (!pdb_get_privilege_set((*server_info)->ptok, privs)) + return NT_STATUS_UNSUCCESSFUL; + + (*server_info)->privs = privs; + + return NT_STATUS_OK; +} + +/*************************************************************************** Make (and fill) a user_info struct from a SAM_ACCOUNT ***************************************************************************/ @@ -860,6 +877,11 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, return nt_status; } + if (!NT_STATUS_IS_OK(nt_status = add_privileges(server_info))) { + free_server_info(server_info); + return nt_status; + } + (*server_info)->sam_fill_level = SAM_FILL_ALL; DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", pdb_get_username(sampass), |