diff options
| author | Simo Sorce <idra@samba.org> | 2004-03-01 16:10:28 +0000 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2004-03-01 16:10:28 +0000 |
| commit | eebc94d84af736bb1fdd8e0c511237b0da978e7a (patch) | |
| tree | 3d39c50ac039a7fc56d677b90e60421f7d6fc878 /source3/passdb/pdb_interface.c | |
| parent | f986f33aa13f8672e2154f29906f657c023777dc (diff) | |
| download | samba-eebc94d84af736bb1fdd8e0c511237b0da978e7a.tar.gz samba-eebc94d84af736bb1fdd8e0c511237b0da978e7a.tar.bz2 samba-eebc94d84af736bb1fdd8e0c511237b0da978e7a.zip | |
Ok here it is my latest work on privileges
This patch add privilege support for samba
Currently it is implemented only for tdbsam backend but estending it to
other sam backends is straightforward.
I must make a big thank to JFM for his teachings on the matter and the
functions at the base of this work.
At thye moment only samr_create_user honours SeAddUsersPrivilege and
SeMachineAccountPrivilege to permit any user to add machines and/or users to
the server.
The command "net priv" has been provided to manipulate the privileges
database.
There are still many things to do (like support in "net rpc vampire") but
the working core is here.
Feel free to comment/extend on this work.
Of course I will deny that any bug may affect this code :-)
Simo.
This patch adds also my patch about add share command enhancements.
(This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)
Diffstat (limited to 'source3/passdb/pdb_interface.c')
| -rw-r--r-- | source3/passdb/pdb_interface.c | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 2005885c45..180db58c2d 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -587,6 +587,86 @@ static NTSTATUS context_delete_trust_passwd(struct pdb_context *context, return trust->methods->delete_trust_passwd(trust->methods, trust); } +static NTSTATUS context_add_sid_to_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + + struct pdb_methods *curmethods; + if ((!context)) { + DEBUG(0, ("invalid pdb_context specified!\n")); + return ret; + } + curmethods = context->pdb_methods; + while (curmethods){ + if (NT_STATUS_IS_OK(ret = curmethods->add_sid_to_privilege(curmethods, priv_name, sid))) { + return ret; + } + curmethods = curmethods->next; + } + + return ret; +} + +static NTSTATUS context_remove_sid_from_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + + struct pdb_methods *curmethods; + if ((!context)) { + DEBUG(0, ("invalid pdb_context specified!\n")); + return ret; + } + curmethods = context->pdb_methods; + while (curmethods){ + if (NT_STATUS_IS_OK(ret = curmethods->remove_sid_from_privilege(curmethods, priv_name, sid))) { + return ret; + } + curmethods = curmethods->next; + } + + return ret; +} + +static NTSTATUS context_get_privilege_set(struct pdb_context *context, NT_USER_TOKEN *token, PRIVILEGE_SET *privset) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + + struct pdb_methods *curmethods; + if ((!context)) { + DEBUG(0, ("invalid pdb_context specified!\n")); + return ret; + } + curmethods = context->pdb_methods; + while (curmethods){ + if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_set(curmethods, token, privset))) { + return ret; + } + curmethods = curmethods->next; + } + + return ret; +} + +static NTSTATUS context_get_privilege_entry(struct pdb_context *context, const char *privname, char **sid_list) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + + struct pdb_methods *curmethods; + if ((!context)) { + DEBUG(0, ("invalid pdb_context specified!\n")); + return ret; + } + curmethods = context->pdb_methods; + while (curmethods){ + if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_entry(curmethods, privname, sid_list))) { + return ret; + } + curmethods = curmethods->next; + } + + return ret; +} + /****************************************************************** Free and cleanup a pdb context, any associated data and anything that the attached modules might have associated. @@ -711,6 +791,10 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_add_trust_passwd = context_add_trust_passwd; (*context)->pdb_update_trust_passwd = context_update_trust_passwd; (*context)->pdb_delete_trust_passwd = context_delete_trust_passwd; + (*context)->pdb_add_sid_to_privilege = context_add_sid_to_privilege; + (*context)->pdb_remove_sid_from_privilege = context_remove_sid_from_privilege; + (*context)->pdb_get_privilege_set = context_get_privilege_set; + (*context)->pdb_get_privilege_entry = context_get_privilege_entry; (*context)->free_fn = free_pdb_context; @@ -1072,6 +1156,54 @@ BOOL pdb_enum_alias_memberships(const DOM_SID *sid, aliases, num)); } +BOOL pdb_add_sid_to_privilege(char *priv_name, DOM_SID *sid) +{ + struct pdb_context *pdb_context = pdb_get_static_context(False); + + if (!pdb_context) { + return False; + } + + return NT_STATUS_IS_OK(pdb_context-> + pdb_add_sid_to_privilege(pdb_context, priv_name, sid)); +} + +BOOL pdb_remove_sid_from_privilege(char *priv_name, DOM_SID *sid) +{ + struct pdb_context *pdb_context = pdb_get_static_context(False); + + if (!pdb_context) { + return False; + } + + return NT_STATUS_IS_OK(pdb_context-> + pdb_remove_sid_from_privilege(pdb_context, priv_name, sid)); +} + +BOOL pdb_get_privilege_set(NT_USER_TOKEN *token, PRIVILEGE_SET *privset) +{ + struct pdb_context *pdb_context = pdb_get_static_context(False); + + if (!pdb_context) { + return False; + } + + return NT_STATUS_IS_OK(pdb_context-> + pdb_get_privilege_set(pdb_context, token, privset)); +} + +BOOL pdb_get_privilege_entry(const char *privname, char **sid_list) +{ + struct pdb_context *pdb_context = pdb_get_static_context(False); + + if (!pdb_context) { + return False; + } + + return NT_STATUS_IS_OK(pdb_context-> + pdb_get_privilege_entry(pdb_context, privname, sid_list)); +} + /*************************************************************** Initialize the static context (at smbd startup etc). @@ -1155,6 +1287,26 @@ static NTSTATUS pdb_default_delete_trust_passwd(struct pdb_methods *methods, con return NT_STATUS_NOT_IMPLEMENTED; } +static NTSTATUS pdb_default_add_sid_to_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_default_remove_sid_from_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_default_get_privilege_set(struct pdb_methods *methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privset) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + +static NTSTATUS pdb_default_get_privilege_entry(struct pdb_methods *methods, const char *privname, char **sid_list) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) { @@ -1193,5 +1345,10 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) (*methods)->update_trust_passwd = pdb_default_update_trust_passwd; (*methods)->delete_trust_passwd = pdb_default_delete_trust_passwd; + (*methods)->add_sid_to_privilege = pdb_default_add_sid_to_privilege; + (*methods)->remove_sid_from_privilege = pdb_default_remove_sid_from_privilege; + (*methods)->get_privilege_set = pdb_default_get_privilege_set; + (*methods)->get_privilege_entry = pdb_default_get_privilege_entry; + return NT_STATUS_OK; } |