summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-01-15 02:20:30 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:53:53 -0500
commitc727866172b5abb1cab0913eb78f3f1d58fcb9aa (patch)
treee590044485bc3bcbd732e47dcdcd40fa28b90cd4 /source3/lib
parent2c33c41b0c98ee36f5c9b6a368deb1192360fd5b (diff)
downloadsamba-c727866172b5abb1cab0913eb78f3f1d58fcb9aa.tar.gz
samba-c727866172b5abb1cab0913eb78f3f1d58fcb9aa.tar.bz2
samba-c727866172b5abb1cab0913eb78f3f1d58fcb9aa.zip
r4742: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code
(This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/privileges.c77
1 files changed, 65 insertions, 12 deletions
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index f35d16f30f..09a868fc27 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -87,24 +87,25 @@ typedef struct priv_sid_list {
Retrieve the privilege mask (set) for a given SID
****************************************************************************/
-static uint32 get_privileges( const DOM_SID *sid )
+static uint32 get_privileges( const DOM_SID *sid, uint32 *mask )
{
TDB_CONTEXT *tdb = get_account_pol_tdb();
fstring keystr;
uint32 priv_mask;
if ( !tdb )
- return 0;
+ return False;
fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) );
if ( !tdb_fetch_uint32( tdb, keystr, &priv_mask ) ) {
DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n",
sid_string_static(sid)));
- return 0;
+ return False;
}
- return priv_mask;
+ *mask = priv_mask;
+ return True;
}
/***************************************************************************
@@ -241,13 +242,11 @@ void get_privileges_for_sids(PRIVILEGE_SET *privset, DOM_SID *slist, int scount)
int i;
for ( i=0; i<scount; i++ ) {
- priv_mask = get_privileges( &slist[i] );
-
/* don't add unless we actually have a privilege assigned */
- if ( priv_mask == 0 )
+ if ( !get_privileges( &slist[i], &priv_mask ) )
continue;
-
+
DEBUG(5,("get_privileges_for_sids: sid = %s, privilege mask = 0x%x\n",
sid_string_static(&slist[i]), priv_mask));
@@ -350,9 +349,10 @@ BOOL grant_privilege(const DOM_SID *sid, uint32 priv_mask)
{
uint32 old_mask, new_mask;
- old_mask = get_privileges( sid );
-
- new_mask = old_mask | priv_mask;
+ if ( get_privileges( sid, &old_mask ) )
+ new_mask = old_mask | priv_mask;
+ else
+ new_mask = priv_mask;
DEBUG(10,("grant_privilege: %s, orig priv set = 0x%x, new privilege set = 0x%x\n",
sid_string_static(sid), old_mask, new_mask ));
@@ -360,6 +360,25 @@ BOOL grant_privilege(const DOM_SID *sid, uint32 priv_mask)
return set_privileges( sid, new_mask );
}
+/*********************************************************************
+ Add a privilege based on its name
+*********************************************************************/
+
+BOOL grant_privilege_by_name(DOM_SID *sid, const char *name)
+{
+ int i;
+
+ for ( i = 0; privs[i].se_priv != SE_END; i++ ) {
+ if ( strequal(privs[i].name, name) ) {
+ return grant_privilege( sid, privs[i].se_priv );
+ }
+ }
+
+ DEBUG(3, ("grant_privilege_by_name: No Such Privilege Found (%s)\n", name));
+
+ return False;
+}
+
/***************************************************************************
Remove privilege from sid
****************************************************************************/
@@ -368,7 +387,10 @@ BOOL revoke_privilege(const DOM_SID *sid, uint32 priv_mask)
{
uint32 old_mask, new_mask;
- old_mask = get_privileges( sid );
+ if ( get_privileges( sid, &old_mask ) )
+ new_mask = old_mask | priv_mask;
+ else
+ new_mask = priv_mask;
new_mask = old_mask & ~priv_mask;
@@ -378,6 +400,25 @@ BOOL revoke_privilege(const DOM_SID *sid, uint32 priv_mask)
return set_privileges( sid, new_mask );
}
+/*********************************************************************
+ Add a privilege based on its name
+*********************************************************************/
+
+BOOL revoke_privilege_by_name(DOM_SID *sid, const char *name)
+{
+ int i;
+
+ for ( i = 0; privs[i].se_priv != SE_END; i++ ) {
+ if ( strequal(privs[i].name, name) ) {
+ return revoke_privilege( sid, privs[i].se_priv );
+ }
+ }
+
+ DEBUG(3, ("revoke_privilege_by_name: No Such Privilege Found (%s)\n", name));
+
+ return False;
+}
+
/***************************************************************************
Retrieve the SIDs assigned to a given privilege
****************************************************************************/
@@ -560,3 +601,15 @@ int count_all_privileges( void )
return count;
}
+/*******************************************************************
+*******************************************************************/
+
+BOOL is_privileged_sid( DOM_SID *sid )
+{
+ int mask;
+
+ /* check if the lookup succeeds */
+
+ return get_privileges( sid, &mask );
+}
+