diff options
| author | Jean-François Micouleau <jfm@samba.org> | 2001-11-29 16:05:05 +0000 |
|---|---|---|
| committer | Jean-François Micouleau <jfm@samba.org> | 2001-11-29 16:05:05 +0000 |
| commit | fac01bda8bb4f52b930496c362f55aca5b112240 (patch) | |
| tree | 14657fee45b97fc453596e62bb9f64e26c26de94 /source3/utils | |
| parent | 3a921f37b737cab0729cc904e514647406e6f01c (diff) | |
| download | samba-fac01bda8bb4f52b930496c362f55aca5b112240.tar.gz samba-fac01bda8bb4f52b930496c362f55aca5b112240.tar.bz2 samba-fac01bda8bb4f52b930496c362f55aca5b112240.zip | |
Changed again how the privilege list is handled in the group mapping code.
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It
makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP
struct as some privilege showing in USRMGR.EXE are not real privs but a
bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT
3.1 box to verify, but I'm too lazy (yes I still have my CDs).
Added 3 more LSA calls: SetSystemAccount, AddPrivileges and
RemovePrivileges, we can manage all this privilege from UserManager.
Time to change the NT_USER_TOKEN struct and add checks in all the rpc
functions. Fun, fun, fun.
J.F.
(This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/smbgroupedit.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c index b6138fa576..9d42d2fc92 100644 --- a/source3/utils/smbgroupedit.c +++ b/source3/utils/smbgroupedit.c @@ -62,7 +62,7 @@ static void usage(void) **********************************************************/ int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcomment, char *privilege) { - uint32 se_priv[PRIV_ALL_INDEX]; + PRIVILEGE_SET se_priv; gid_t gid; DOM_SID sid; fstring string_sid; @@ -85,11 +85,11 @@ int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcom else fstrcpy(comment, ntcomment); - init_privilege(se_priv); + init_privilege(&se_priv); if (privilege!=NULL) - convert_priv_from_text(se_priv, privilege); + convert_priv_from_text(&se_priv, privilege); - if(!add_initial_entry(gid, string_sid, sid_type, name, comment, se_priv)) + if(!add_initial_entry(gid, string_sid, sid_type, name, comment, se_priv, PR_ACCESS_FROM_NETWORK)) return -1; return 0; @@ -103,7 +103,7 @@ int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char DOM_SID sid; GROUP_MAP map; gid_t gid; - uint32 se_priv[PRIV_ALL_INDEX]; + PRIVILEGE_SET se_priv; string_to_sid(&sid, sid_string); @@ -140,12 +140,8 @@ int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char fstrcpy(map.comment, groupdesc); /* Change the privilege if new one */ - if (privilege!=NULL) { - int i; - convert_priv_from_text(se_priv, privilege); - for(i=0; i<PRIV_ALL_INDEX; i++) - map.privileges[i]=se_priv[i]; - } + if (privilege!=NULL) + convert_priv_from_text(&map.priv_set, privilege); if (!add_mapping_entry(&map, TDB_REPLACE)) { printf("Count not update group database\n"); @@ -190,7 +186,8 @@ int listgroup(enum SID_NAME_USE sid_type, BOOL long_list) for (i=0; i<entries; i++) { decode_sid_name_use(group_type, (map[i]).sid_name_use); sid_to_string(string_sid, &map[i].sid); - convert_priv_to_text(map[i].privileges, priv_text); + convert_priv_to_text(&(map[i].priv_set), priv_text); + free_privilege(&(map[i].priv_set)); if (!long_list) printf("%s (%s) -> %s\n", map[i].nt_name, string_sid, gidtoname(map[i].gid)); |