summaryrefslogtreecommitdiff
path: root/source3/lib/privileges.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-30 13:24:43 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-09-11 18:46:10 +1000
commite0cbc68c0a29bc036949adb7be5e140edd07a3b2 (patch)
tree3b73dbdb8971a510601125fb4a0bed7d2a656493 /source3/lib/privileges.c
parent2bb7b827d60424aaccd12bd811d4a42de72f0185 (diff)
downloadsamba-e0cbc68c0a29bc036949adb7be5e140edd07a3b2.tar.gz
samba-e0cbc68c0a29bc036949adb7be5e140edd07a3b2.tar.bz2
samba-e0cbc68c0a29bc036949adb7be5e140edd07a3b2.zip
s3-privs Rework privilege enumeration to also use new DB format
Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/lib/privileges.c')
-rw-r--r--source3/lib/privileges.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index 42fccf8b71..5988480cc0 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -173,20 +173,33 @@ static int priv_traverse_fn(struct db_record *rec, void *state)
/* check to see if we are looking for a particular privilege */
- if ( !se_priv_equal(&priv->privilege, &se_priv_none) ) {
+ fstrcpy( sid_string, (char *)&(rec->key.dptr[strlen(PRIVPREFIX)]) );
+
+ if (priv->privilege != 0) {
uint64_t mask;
- se_priv_copy( &mask, (uint64_t*)rec->value.dptr );
+ if (rec->value.dsize == 4*4) {
+ DEBUG(3, ("get_privileges: Should not have obtained old-style privileges record for SID "
+ "[%s]\n", sid_string));
+ return 0;
+ }
+
+ if (rec->value.dsize != sizeof( uint64_t ) ) {
+ DEBUG(3, ("get_privileges: Invalid privileges record assigned to SID "
+ "[%s]\n", sid_string));
+ return 0;
+ }
+
+ mask = BVAL(rec->value.dptr, 0);
/* if the SID does not have the specified privilege
then just return */
- if ( !is_privilege_assigned( &mask, &priv->privilege) )
+ if ((mask & priv->privilege) == 0) {
return 0;
+ }
}
- fstrcpy( sid_string, (char *)&(rec->key.dptr[strlen(PRIVPREFIX)]) );
-
/* this is a last ditch safety check to preventing returning
and invalid SID (i've somehow run into this on development branches) */