summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2007-09-08 20:30:51 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:30:36 -0500
commit54d3c7f61d612ca041aafc0fba964e0431cbf463 (patch)
treeec8474d9987fec697cb9875ada625e3afb0a4e92 /source3/lib
parent325b342f313369a8cbd8c7851ddcbe37d8ee4470 (diff)
downloadsamba-54d3c7f61d612ca041aafc0fba964e0431cbf463.tar.gz
samba-54d3c7f61d612ca041aafc0fba964e0431cbf463.tar.bz2
samba-54d3c7f61d612ca041aafc0fba964e0431cbf463.zip
r25040: Add "net sam rights"
Not strictly in the SAM, but close enough. This command acts directly on the local tdb, no running smbd required This also changes the root-only check to a warning (This used to be commit 0c5657b5eff60e3c52de8fbb4ce9346d0341854c)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/privileges.c33
-rw-r--r--source3/lib/util_sid.c7
2 files changed, 39 insertions, 1 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index 34bca18b20..b2e145e819 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -31,6 +31,7 @@ typedef struct {
} SID_LIST;
typedef struct {
+ TALLOC_CTX *mem_ctx;
SE_PRIV privilege;
SID_LIST sids;
} PRIV_SID_LIST;
@@ -183,7 +184,8 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s
return 0;
}
- if (!add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count )) {
+ if (!add_sid_to_array( priv->mem_ctx, &sid, &priv->sids.list,
+ &priv->sids.count )) {
return 0;
}
@@ -217,6 +219,35 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids)
return NT_STATUS_OK;
}
+/*********************************************************************
+ Retrieve list of SIDs granted a particular privilege
+*********************************************************************/
+
+NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx,
+ DOM_SID **sids, int *num_sids)
+{
+ TDB_CONTEXT *tdb = get_account_pol_tdb();
+ PRIV_SID_LIST priv;
+
+ if (!tdb) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ ZERO_STRUCT(priv);
+
+ se_priv_copy(&priv.privilege, mask);
+ priv.mem_ctx = mem_ctx;
+
+ tdb_traverse( tdb, priv_traverse_fn, &priv);
+
+ /* give the memory away; caller will free */
+
+ *sids = priv.sids.list;
+ *num_sids = priv.sids.count;
+
+ return NT_STATUS_OK;
+}
+
/***************************************************************************
Add privilege to sid
****************************************************************************/
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 7c6fc9b217..85cb96bd60 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -207,6 +207,13 @@ const char *sid_string_static(const DOM_SID *sid)
return sid_str;
}
+char *sid_string_tos(const DOM_SID *sid)
+{
+ fstring sid_str;
+ sid_to_string(sid_str, sid);
+ return talloc_strdup(talloc_tos(), sid_str);
+}
+
/*****************************************************************
Convert a string to a SID. Returns True on success, False on fail.
*****************************************************************/