summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2002-08-29 16:38:43 +0000
committerJelmer Vernooij <jelmer@samba.org>2002-08-29 16:38:43 +0000
commit8e729a4d846f8cd4ee5bea549c1abbcf1653b3b3 (patch)
treecf163579486df385989c4aceea114a4021fd7cf4 /source3/lib
parent52ea319236d9aab761aa1429e285ae1eead2589b (diff)
downloadsamba-8e729a4d846f8cd4ee5bea549c1abbcf1653b3b3.tar.gz
samba-8e729a4d846f8cd4ee5bea549c1abbcf1653b3b3.tar.bz2
samba-8e729a4d846f8cd4ee5bea549c1abbcf1653b3b3.zip
Move samr_make_sam_obj_sd to lib/util_seaccess.c. samtest now compiles and
links successfully! (This used to be commit 0ea4bcb6b772a0d95d20f7c1a2a0c08a0ba9e466)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/util_seaccess.c41
1 files changed, 41 insertions, 0 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 5aef69e554..87711ff5ad 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -21,6 +21,8 @@
#include "includes.h"
+extern DOM_SID global_sid_Builtin;
+
/**********************************************************************************
Check if this ACE has a SID in common with the token.
**********************************************************************************/
@@ -442,3 +444,42 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
return sdb;
}
+
+/*******************************************************************
+ samr_make_sam_obj_sd
+ ********************************************************************/
+
+NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
+{
+ extern DOM_SID global_sid_World;
+ DOM_SID adm_sid;
+ DOM_SID act_sid;
+
+ SEC_ACE ace[3];
+ SEC_ACCESS mask;
+
+ SEC_ACL *psa = NULL;
+
+ sid_copy(&adm_sid, &global_sid_Builtin);
+ sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+
+ sid_copy(&act_sid, &global_sid_Builtin);
+ sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
+
+ /*basic access for every one*/
+ init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ);
+ init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+ /*full access for builtin aliases Administrators and Account Operators*/
+ init_sec_access(&mask, SAMR_ALL_ACCESS);
+ init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+ if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ return NT_STATUS_OK;
+}