summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-01-26 20:36:44 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:55:12 -0500
commit46d8ff2320a1c195c3b54c57f5bf172c8473a741 (patch)
treee82641aeeb068339919bc69287e1db936b20e293 /source3/lib
parent02c25a2683204d8b20a1e69ea354b9e08b0fd94d (diff)
downloadsamba-46d8ff2320a1c195c3b54c57f5bf172c8473a741.tar.gz
samba-46d8ff2320a1c195c3b54c57f5bf172c8473a741.tar.bz2
samba-46d8ff2320a1c195c3b54c57f5bf172c8473a741.zip
r5015: (based on abartlet's original patch to restrict password changes)
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/privileges.c78
1 files changed, 74 insertions, 4 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index ea81f9fce0..4feb730fee 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -114,7 +114,7 @@ BOOL se_priv_copy( SE_PRIV *dst, const SE_PRIV *src )
combine 2 SE_PRIV structures and store the resulting set in mew_mask
****************************************************************************/
-static void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv )
+void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv )
{
int i;
@@ -128,7 +128,7 @@ static void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv )
in mew_mask
****************************************************************************/
-static void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv )
+void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv )
{
int i;
@@ -159,6 +159,23 @@ static BOOL se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 )
return ( memcmp(mask1, mask2, sizeof(SE_PRIV)) == 0 );
}
+/***************************************************************************
+ check if a SE_PRIV has any assigned privileges
+****************************************************************************/
+
+static BOOL se_priv_empty( const SE_PRIV *mask )
+{
+ SE_PRIV p1;
+ int i;
+
+ se_priv_copy( &p1, mask );
+
+ for ( i=0; i<SE_PRIV_MASKSIZE; i++ ) {
+ p1.mask[i] &= se_priv_all.mask[i];
+ }
+
+ return se_priv_equal( &p1, &se_priv_none );
+}
/***************************************************************************
dump an SE_PRIV structure to the log files
@@ -252,13 +269,20 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask )
check if the privilege is in the privilege list
****************************************************************************/
-static BOOL is_privilege_assigned( SE_PRIV *privileges, SE_PRIV *check )
+static BOOL is_privilege_assigned( SE_PRIV *privileges, const SE_PRIV *check )
{
SE_PRIV p1, p2;
if ( !privileges || !check )
return False;
+ /* everyone has privileges if you aren't checking for any */
+
+ if ( se_priv_empty( check ) ) {
+ DEBUG(1,("is_privilege_assigned: no privileges in check_mask!\n"));
+ return True;
+ }
+
se_priv_copy( &p1, check );
/* invert the SE_PRIV we want to check for and remove that from the
@@ -273,6 +297,39 @@ static BOOL is_privilege_assigned( SE_PRIV *privileges, SE_PRIV *check )
}
/****************************************************************************
+ check if the privilege is in the privilege list
+****************************************************************************/
+
+static BOOL is_any_privilege_assigned( SE_PRIV *privileges, const SE_PRIV *check )
+{
+ SE_PRIV p1, p2;
+
+ if ( !privileges || !check )
+ return False;
+
+ /* everyone has privileges if you aren't checking for any */
+
+ if ( se_priv_empty( check ) ) {
+ DEBUG(1,("is_any_privilege_assigned: no privileges in check_mask!\n"));
+ return True;
+ }
+
+ se_priv_copy( &p1, check );
+
+ /* invert the SE_PRIV we want to check for and remove that from the
+ original set. If we are left with the SE_PRIV we are checking
+ for then return True */
+
+ se_priv_invert( &p1, check );
+ se_priv_copy( &p2, privileges );
+ se_priv_remove( &p2, &p1 );
+
+ /* see if we have any bits left */
+
+ return !se_priv_empty( &p2 );
+}
+
+/****************************************************************************
add a privilege to a privilege array
****************************************************************************/
@@ -633,7 +690,7 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l
at a time here.
*****************************************************************************/
-BOOL user_has_privileges(NT_USER_TOKEN *token, SE_PRIV *privilege)
+BOOL user_has_privileges(NT_USER_TOKEN *token, const SE_PRIV *privilege)
{
if ( !token )
return False;
@@ -642,6 +699,19 @@ BOOL user_has_privileges(NT_USER_TOKEN *token, SE_PRIV *privilege)
}
/****************************************************************************
+ Does the user have any of the specified privileges ? We only deal with one privilege
+ at a time here.
+*****************************************************************************/
+
+BOOL user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege)
+{
+ if ( !token )
+ return False;
+
+ return is_any_privilege_assigned( &token->privileges, privilege );
+}
+
+/****************************************************************************
Convert a LUID to a named string
****************************************************************************/