From 41951ea78bb24a8aa9e24f36ccb27b639ec37dd5 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Tue, 2 Mar 2004 10:09:52 +0000
Subject: Sorry, forgot to commit an essential piece. (This used to be commit
 fa6500fe773ae1f0aa70f370600b6f7aa7f65f3d)

---
 source3/utils/net_privileges.c | 363 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 363 insertions(+)
 create mode 100644 source3/utils/net_privileges.c

diff --git a/source3/utils/net_privileges.c b/source3/utils/net_privileges.c
new file mode 100644
index 0000000000..2e8bfe0c83
--- /dev/null
+++ b/source3/utils/net_privileges.c
@@ -0,0 +1,363 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell              1992-2000,
+ *  Copyright (C) Jean François Micouleau      1998-2001.
+ *  Copyright (C) Gerald Carter                2003.
+ *  Copyright (C) Simo Sorce                   2003.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+
+#include "includes.h"
+#include "../utils/net.h"
+
+extern PRIVS privs[];
+
+/*********************************************************
+ utility function to parse an integer parameter from 
+ "parameter = value"
+**********************************************************/
+static uint32 get_int_param( const char* param )
+{
+	char *p;
+	
+	p = strchr( param, '=' );
+	if ( !p )
+		return 0;
+		
+	return atoi(p+1);
+}
+
+/*********************************************************
+ utility function to parse an integer parameter from 
+ "parameter = value"
+**********************************************************/
+static char* get_string_param( const char* param )
+{
+	char *p;
+	
+	p = strchr( param, '=' );
+	if ( !p )
+		return NULL;
+		
+	return (p+1);
+}
+
+/*********************************************************
+ Dump a GROUP_MAP entry to stdout (long or short listing)
+**********************************************************/
+
+static void print_priv_entry(const char *privname, const char *description, const char *sid_list)
+{
+	
+	if (!sid_list) {
+		d_printf("Error getting privilege list!\n");
+		return;
+	}
+		
+	if (!description)
+		d_printf("%s\n", privname);
+	else {
+		d_printf("%s\n", privname);
+		d_printf("\tdescription: %s\n", description);
+		d_printf("\tSIDS: %s\n", sid_list);
+	}
+}
+
+/*********************************************************
+ List the groups.
+**********************************************************/
+static int net_priv_list(int argc, const char **argv)
+{
+	BOOL long_list = False;
+	fstring privname = "";
+	fstring sid_string = "";
+	int i;
+	
+	/* get the options */
+	for ( i=0; i<argc; i++ ) {
+		if (!StrCaseCmp(argv[i], "verbose")) {
+			long_list = True;
+		}
+		else if (!StrnCaseCmp(argv[i], "privname", strlen("privname"))) {
+			fstrcpy(privname, get_string_param(argv[i]));
+			if (!privname[0]) {
+				d_printf("must supply a name\n");
+				return -1;
+			}
+		}
+		else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) {
+			fstrcpy(sid_string, get_string_param(argv[i]));
+			if (!sid_string[0]) {
+				d_printf("must supply a SID\n");
+				return -1;
+			}		
+		}
+		else {
+			d_printf("Bad option: %s\n", argv[i]);
+			return -1;
+		}
+	}
+
+	if (*sid_string) {
+		/* list all privileges of a single sid */
+		
+	} else {
+	       	char *sid_list = NULL;
+		
+		if (*privname) {
+			const char *description = NULL;
+
+			if (long_list) {
+				BOOL found = False;
+
+				for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) {
+					if (!StrCaseCmp(privs[i].priv, privname)) {
+						description = privs[i].description;
+						found = True;
+						break;
+					}
+				}
+				if (!found) {
+					d_printf("No such privilege!\n");
+					return -1;
+				}
+			}
+			
+			/* Get the current privilege from the database */
+			pdb_get_privilege_entry(privname, &sid_list);
+			print_priv_entry(privname, description, sid_list);
+
+			SAFE_FREE(sid_list);
+
+		} else for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) {
+
+			if (!pdb_get_privilege_entry(privs[i].priv, &sid_list))
+				continue;
+			if (long_list) {
+				print_priv_entry(privs[i].priv, privs[i].description, sid_list);
+			} else {
+				print_priv_entry(privs[i].priv, NULL, sid_list);
+			}
+
+			SAFE_FREE(sid_list);
+		}
+	}
+
+	return 0;
+}
+
+/*********************************************************
+ Add a sid to a privilege entry
+**********************************************************/
+
+static int net_priv_add(int argc, const char **argv)
+{
+	DOM_SID sid;
+	fstring privname = "";
+	fstring sid_string = "";
+	uint32 rid = 0;	
+	int i;
+	
+	/* get the options */
+	for ( i=0; i<argc; i++ ) {
+		if (!StrnCaseCmp(argv[i], "rid", strlen("rid"))) {
+			rid = get_int_param(argv[i]);
+			if (rid < DOMAIN_GROUP_RID_ADMINS) {
+				d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1);
+				return -1;
+			}
+		}
+		else if (!StrnCaseCmp(argv[i], "privilege", strlen("privilege"))) {
+			BOOL found;
+			int j;
+
+			fstrcpy(privname, get_string_param(argv[i]));
+			if (!privname[0]) {
+				d_printf("must supply a name\n");
+				return -1;
+			}		
+			for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) {
+				if (!StrCaseCmp(privs[j].priv, privname)) {
+					found = True;
+					break;
+				}
+			}
+			if (!found) {
+				d_printf("unknown privilege name");
+				return -1;
+			}
+		}
+		else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) {
+			fstrcpy(sid_string, get_string_param(argv[i]));
+			if (!sid_string[0]) {
+				d_printf("must supply a SID\n");
+				return -1;
+			}		
+		}
+		else {
+			d_printf("Bad option: %s\n", argv[i]);
+			return -1;
+		}
+	}
+
+	if (!privname[0]) {
+		d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n");
+		return -1;
+	}
+	
+	if ((rid == 0) && (sid_string[0] == '\0')) {
+		d_printf("No rid or sid specified\n");
+		d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n");
+		return -1;
+	}
+
+	/* append the rid to our own domain/machine SID if we don't have a full SID */
+	if (!sid_string[0]) {
+		sid_copy(&sid, get_global_sam_sid());
+		sid_append_rid(&sid, rid);
+		sid_to_string(sid_string, &sid);
+	}
+
+	if (!pdb_add_sid_to_privilege(privname, &sid)) {
+		d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname);
+		return -1;
+	}
+
+	d_printf("Successully added SID %s to privilege %s\n", sid_string, privname);
+	return 0;
+}
+
+/*********************************************************
+ Remove a SID froma privilege entry
+**********************************************************/
+
+static int net_priv_remove(int argc, const char **argv)
+{
+	DOM_SID sid;
+	fstring privname = "";
+	fstring sid_string = "";
+	uint32 rid = 0;	
+	int i;
+	
+	/* get the options */
+	for ( i=0; i<argc; i++ ) {
+		if (!StrnCaseCmp(argv[i], "rid", strlen("rid"))) {
+			rid = get_int_param(argv[i]);
+			if (rid < DOMAIN_GROUP_RID_ADMINS) {
+				d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1);
+				return -1;
+			}
+		}
+		else if (!StrnCaseCmp(argv[i], "privilege", strlen("privilege"))) {
+			BOOL found;
+			int j;
+
+			fstrcpy(privname, get_string_param(argv[i]));
+			if (!privname[0]) {
+				d_printf("must supply a name\n");
+				return -1;
+			}		
+			for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) {
+				if (!StrCaseCmp(privs[j].priv, privname)) {
+					found = True;
+					break;
+				}
+			}
+			if (!found) {
+				d_printf("unknown privilege name");
+				return -1;
+			}
+		}
+		else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) {
+			fstrcpy(sid_string, get_string_param(argv[i]));
+			if (!sid_string[0]) {
+				d_printf("must supply a SID\n");
+				return -1;
+			}		
+		}
+		else {
+			d_printf("Bad option: %s\n", argv[i]);
+			return -1;
+		}
+	}
+
+	if (!privname[0]) {
+		d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n");
+		return -1;
+	}
+	
+	if ((rid == 0) && (sid_string[0] == '\0')) {
+		d_printf("No rid or sid specified\n");
+		d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n");
+		return -1;
+	}
+
+	/* append the rid to our own domain/machine SID if we don't have a full SID */
+	if (!sid_string[0]) {
+		sid_copy(&sid, get_global_sam_sid());
+		sid_append_rid(&sid, rid);
+		sid_to_string(sid_string, &sid);
+	}
+
+	if (!pdb_remove_sid_from_privilege(privname, &sid)) {
+		d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname);
+		return -1;
+	}
+
+	d_printf("Successully removed SID %s from privilege %s\n", sid_string, privname);
+	return 0;
+}
+
+int net_help_priv(int argc, const char **argv)
+{
+	d_printf("net priv add sid\n" \
+		 "    Add sid to privilege\n");
+	d_printf("net priv remove sid\n"\
+		 "    Remove sid from privilege\n");
+	d_printf("net priv list\n"\
+		 "    List sids per privilege\n");
+	
+	return -1;
+}
+
+
+/***********************************************************
+ migrated functionality from smbgroupedit
+ **********************************************************/
+int net_priv(int argc, const char **argv)
+{
+	struct functable func[] = {
+		{"add", net_priv_add},
+		{"remove", net_priv_remove},
+		{"list", net_priv_list},
+		{"help", net_help_priv},
+		{NULL, NULL}
+	};
+
+	/* we shouldn't have silly checks like this */
+	if (getuid() != 0) {
+		d_printf("You must be root to edit privilege mappings.\nExiting...\n");
+		return -1;
+	}
+	
+	if ( argc )
+		return net_run_function(argc, argv, func, net_help_priv);
+
+	return net_help_priv(argc, argv);
+}
+
-- 
cgit