diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2002-08-29 16:38:43 +0000 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2002-08-29 16:38:43 +0000 |
commit | 8e729a4d846f8cd4ee5bea549c1abbcf1653b3b3 (patch) | |
tree | cf163579486df385989c4aceea114a4021fd7cf4 /source3/lib | |
parent | 52ea319236d9aab761aa1429e285ae1eead2589b (diff) | |
download | samba-8e729a4d846f8cd4ee5bea549c1abbcf1653b3b3.tar.gz samba-8e729a4d846f8cd4ee5bea549c1abbcf1653b3b3.tar.bz2 samba-8e729a4d846f8cd4ee5bea549c1abbcf1653b3b3.zip |
Move samr_make_sam_obj_sd to lib/util_seaccess.c. samtest now compiles and
links successfully!
(This used to be commit 0ea4bcb6b772a0d95d20f7c1a2a0c08a0ba9e466)
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/util_seaccess.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 5aef69e554..87711ff5ad 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -21,6 +21,8 @@ #include "includes.h" +extern DOM_SID global_sid_Builtin; + /********************************************************************************** Check if this ACE has a SID in common with the token. **********************************************************************************/ @@ -442,3 +444,42 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, return sdb; } + +/******************************************************************* + samr_make_sam_obj_sd + ********************************************************************/ + +NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, SAMR_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} |