diff options
author | Jeremy Allison <jra@samba.org> | 2009-10-17 10:36:33 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2009-10-17 10:36:33 -0700 |
commit | 7c51fa6d699a653cafa90df8e44911b576118ebd (patch) | |
tree | 543bf9ca698e03eff81104898b33e77f1abed319 /source4/torture/util_smb.c | |
parent | cc3a6770c77ec8fe1cd63bf4c682853c56201f0c (diff) | |
parent | 3e3214fd91471bca5b6c4d3782e922d252d588fb (diff) | |
download | samba-7c51fa6d699a653cafa90df8e44911b576118ebd.tar.gz samba-7c51fa6d699a653cafa90df8e44911b576118ebd.tar.bz2 samba-7c51fa6d699a653cafa90df8e44911b576118ebd.zip |
Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba
Diffstat (limited to 'source4/torture/util_smb.c')
-rw-r--r-- | source4/torture/util_smb.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/source4/torture/util_smb.c b/source4/torture/util_smb.c index 99b00d2329..b6f2bee635 100644 --- a/source4/torture/util_smb.c +++ b/source4/torture/util_smb.c @@ -33,6 +33,8 @@ #include "auth/credentials/credentials.h" #include "libcli/resolve/resolve.h" #include "param/param.h" +#include "libcli/security/security.h" +#include "libcli/util/clilsa.h" /** @@ -61,7 +63,7 @@ NTSTATUS create_directory_handle(struct smbcli_tree *tree, const char *dname, in mem_ctx = talloc_named_const(tree, 0, "create_directory_handle"); io.generic.level = RAW_OPEN_NTCREATEX; - io.ntcreatex.in.root_fid = 0; + io.ntcreatex.in.root_fid.fnum = 0; io.ntcreatex.in.flags = 0; io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL; io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY; @@ -927,3 +929,37 @@ NTSTATUS torture_second_tcon(TALLOC_CTX *mem_ctx, talloc_free(tmp_ctx); return NT_STATUS_OK; } + +/* + a wrapper around smblsa_sid_check_privilege, that tries to take + account of the fact that the lsa privileges calls don't expand + group memberships, using an explicit check for administrator. There + must be a better way ... + */ +NTSTATUS torture_check_privilege(struct smbcli_state *cli, + const char *sid_str, + const char *privilege) +{ + struct dom_sid *sid; + TALLOC_CTX *tmp_ctx = talloc_new(cli); + uint32_t rid; + NTSTATUS status; + + sid = dom_sid_parse_talloc(tmp_ctx, sid_str); + if (sid == NULL) { + talloc_free(tmp_ctx); + return NT_STATUS_INVALID_SID; + } + + status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid); + NT_STATUS_NOT_OK_RETURN_AND_FREE(status, tmp_ctx); + + if (rid == DOMAIN_RID_ADMINISTRATOR) { + /* assume the administrator has them all */ + return NT_STATUS_OK; + } + + talloc_free(tmp_ctx); + + return smblsa_sid_check_privilege(cli, sid_str, privilege); +} |