diff options
author | Gerald Carter <jerry@samba.org> | 2005-01-17 20:27:29 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:55 -0500 |
commit | ade3ef6f0435a06d602519c012ffa6a0b0fbec71 (patch) | |
tree | d9519f0f1bdcc18c2f3291e2895a7417513bf257 /source3 | |
parent | 46e5effea948931509283cb84b27007d34b521c8 (diff) | |
download | samba-ade3ef6f0435a06d602519c012ffa6a0b0fbec71.tar.gz samba-ade3ef6f0435a06d602519c012ffa6a0b0fbec71.tar.bz2 samba-ade3ef6f0435a06d602519c012ffa6a0b0fbec71.zip |
r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilege
(noty enfornced yet though)
* add 'enable privileges (off by default) to control whether or
not any privuleges can be assigned to SIDs
(This used to be commit cf63519169d2f3c56a6acf46b9257f4c11d5ea74)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/include/privileges.h | 2 | ||||
-rw-r--r-- | source3/lib/privileges.c | 113 | ||||
-rw-r--r-- | source3/param/loadparm.c | 9 |
3 files changed, 36 insertions, 88 deletions
diff --git a/source3/include/privileges.h b/source3/include/privileges.h index b4972c7a60..85087f624f 100644 --- a/source3/include/privileges.h +++ b/source3/include/privileges.h @@ -45,6 +45,8 @@ #define SE_MACHINE_ACCOUNT { { 0x00000010, 0x00000000, 0x00000000, 0x00000000 } } #define SE_PRINT_OPERATOR { { 0x00000020, 0x00000000, 0x00000000, 0x00000000 } } #define SE_ADD_USERS { { 0x00000040, 0x00000000, 0x00000000, 0x00000000 } } +#define SE_DISK_OPERATOR { { 0x00000080, 0x00000000, 0x00000000, 0x00000000 } } +#define SE_REMOTE_SHUTDOWN { { 0x00000100, 0x00000000, 0x00000000, 0x00000000 } } #if 0 /* not needed currently */ diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 973e9acc65..b84800a0e1 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -31,23 +31,23 @@ static SE_PRIV se_priv_all = SE_ALL_PRIVS; static SE_PRIV se_priv_end = SE_END; static SE_PRIV se_priv_none = SE_NONE; - -#define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) \ - { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) - PRIVS privs[] = { - {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from the network"}, +#if 0 /* usrmgr will display these twice if you include them. We don't + use them but we'll keep the bitmasks reserved in privileges.h anyways */ + + {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from network"}, {SE_INTERACTIVE_LOGON, "SeInteractiveLogonRight", "Log on locally"}, {SE_BATCH_LOGON, "SeBatchLogonRight", "Log on as a batch job"}, {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service"}, - +#endif {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain"}, - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Admin"}, + {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Manage printers"}, {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain"}, + {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Force shutdown from a remote system"}, + {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares"}, {SE_END, "", ""} }; - #if 0 /* not needed currently */ PRIVS privs[] = { @@ -74,12 +74,9 @@ PRIVS privs[] = { {SE_AUDIT, "SeAuditPrivilege", "Audit"}, {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"}, - {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"}, {SE_UNDOCK, "SeUndockPrivilege", "Undock"}, {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"}, {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"}, - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Operator"}, - {SE_ADD_USERS, "SeAddUsersPrivilege", "Add Users"}, {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"} {SE_END, "", ""} }; @@ -181,6 +178,12 @@ static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; TDB_DATA key, data; + + /* Fail if the admin has not enable privileges */ + + if ( !lp_enable_privileges() ) { + return False; + } if ( !tdb ) return False; @@ -203,6 +206,7 @@ static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) se_priv_copy( mask, (SE_PRIV*)data.dptr ); + return True; } @@ -427,29 +431,6 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) return NT_STATUS_OK; } -#if 0 /* JERRY - not used */ -/*************************************************************************** - Retrieve the SIDs assigned to a given privilege -****************************************************************************/ - - NTSTATUS priv_get_sids(const char *privname, DOM_SID **sids, int *num_sids) -{ - TDB_CONTEXT *tdb = get_account_pol_tdb(); - PRIV_SID_LIST priv; - - ZERO_STRUCT(priv); - - tdb_traverse( tdb, priv_traverse_fn, &priv); - - /* give the memory away; caller will free */ - - *sids = priv.sids.list; - *num_sids = priv.sids.count; - - return NT_STATUS_OK; -} -#endif - /*************************************************************************** Add privilege to sid ****************************************************************************/ @@ -563,20 +544,19 @@ NTSTATUS privilege_create_account(const DOM_SID *sid ) ****************************************************************************/ NTSTATUS privilege_set_init(PRIVILEGE_SET *priv_set) { - NTSTATUS ret; TALLOC_CTX *mem_ctx; ZERO_STRUCTP( priv_set ); mem_ctx = talloc_init("privilege set"); - ALLOC_CHECK(mem_ctx, ret, done, "init_privilege"); + if ( !mem_ctx ) { + DEBUG(0,("privilege_set_init: failed to initialize talloc ctx!\n")); + return NT_STATUS_NO_MEMORY; + } priv_set->mem_ctx = mem_ctx; - ret = NT_STATUS_OK; - -done: - return ret; + return NT_STATUS_OK; } /**************************************************************************** @@ -614,7 +594,6 @@ void privilege_set_free(PRIVILEGE_SET *priv_set) NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la, int count) { - NTSTATUS ret; int i; /* don't crash if the source pointer is NULL (since we don't @@ -624,7 +603,10 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l return NT_STATUS_OK; *new_la = TALLOC_ARRAY(mem_ctx, LUID_ATTR, count); - ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr"); + if ( !*new_la ) { + DEBUG(0,("dup_luid_attr: failed to alloc new LUID_ATTR array [%d]\n", count)); + return NT_STATUS_NO_MEMORY; + } for (i=0; i<count; i++) { (*new_la)[i].luid.high = old_la[i].luid.high; @@ -632,38 +614,8 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l (*new_la)[i].attr = old_la[i].attr; } - ret = NT_STATUS_OK; - -done: - return ret; -} - -#if 0 /* not used */ -/**************************************************************************** - Performa deep copy of a PRIVILEGE_SET structure. Assumes an initialized - destination structure. -*****************************************************************************/ - - BOOL dup_privilege_set( PRIVILEGE_SET *dest, PRIVILEGE_SET *src ) -{ - NTSTATUS result; - - if ( !dest || !src ) - return False; - - result = dup_luid_attr( dest->mem_ctx, &dest->set, src->set, src->count ); - if ( !NT_STATUS_IS_OK(result) ) { - DEBUG(0,("dup_privilege_set: Failed to dup LUID_ATTR array [%s]\n", - nt_errstr(result) )); - return False; - } - - dest->control = src->control; - dest->count = src->count; - - return True; + return NT_STATUS_OK; } -#endif /**************************************************************************** Does the user have the specified privilege ? We only deal with one privilege @@ -732,21 +684,6 @@ int count_all_privileges( void ) return count; } -#if 0 /* not used */ -/******************************************************************* - return True is the SID has an entry in the account_pol.tdb -*******************************************************************/ - - BOOL is_privileged_sid( DOM_SID *sid ) -{ - SE_PRIV mask; - - /* check if the lookup succeeds */ - - return get_privileges( sid, &mask ); -} -#endif - /******************************************************************* *******************************************************************/ diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index e6beebedb8..8531b2fdd1 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -291,6 +291,7 @@ typedef struct BOOL bKernelChangeNotify; BOOL bUseKerberosKeytab; BOOL bDeferSharingViolations; + BOOL bEnablePrivileges; int restrict_anonymous; int name_cache_timeout; int client_signing; @@ -809,6 +810,7 @@ static struct parm_struct parm_table[] = { {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE}, {"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE}, {"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED}, + {"enable privileges", P_BOOL, P_GLOBAL, &Globals.bEnablePrivileges, NULL, NULL, FLAG_ADVANCED}, {"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, FLAG_ADVANCED}, {"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, FLAG_ADVANCED}, @@ -1538,6 +1540,12 @@ static void init_globals(void) Globals.bDeferSharingViolations = True; string_set(&Globals.smb_ports, SMB_PORTS); + + /* don't enable privileges by default since Domain + Admins can then assign thr rights to perform certain + operations as root */ + + Globals.bEnablePrivileges = False; } static TALLOC_CTX *lp_talloc; @@ -1775,6 +1783,7 @@ FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups) FN_GLOBAL_BOOL(lp_kernel_change_notify, &Globals.bKernelChangeNotify) FN_GLOBAL_BOOL(lp_use_kerberos_keytab, &Globals.bUseKerberosKeytab) FN_GLOBAL_BOOL(lp_defer_sharing_violations, &Globals.bDeferSharingViolations) +FN_GLOBAL_BOOL(lp_enable_privileges, &Globals.bEnablePrivileges) FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level) FN_GLOBAL_INTEGER(lp_max_ttl, &Globals.max_ttl) FN_GLOBAL_INTEGER(lp_max_wins_ttl, &Globals.max_wins_ttl) |