From 762e7e1dff89cc14b0130fc9a22038b0845630a2 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 6 Oct 2003 01:24:48 +0000 Subject: split some security related functions in their own files. (no need to include all of smbd files to use some basic sec functions) also minor compile fixes (This used to be commit 66074d3b097d8cf2a231bf08c7f4db62da68189d) --- source3/lib/privileges.c | 345 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 345 insertions(+) create mode 100644 source3/lib/privileges.c (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c new file mode 100644 index 0000000000..1c23d9e40e --- /dev/null +++ b/source3/lib/privileges.c @@ -0,0 +1,345 @@ +/* + Unix SMB/CIFS implementation. + Privileges handling functions + Copyright (C) Jean François Micouleau 1998-2001 + Copyright (C) Simo Sorce 2002-2003 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* defines */ + +#define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) +#define NTSTATUS_CHECK(err, label, str1, str2) do { if (!NT_STATUS_IS_OK(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0) + +/**************************************************************************** + Check if a user is a mapped group. + + This function will check if the group SID is mapped onto a + system managed gid or onto a winbind manged sid. + In the first case it will be threated like a mapped group + and the backend should take the member list with a getgrgid + and ignore any user that have been possibly set into the group + object. + + In the second case, the group is a fully SAM managed group + served back to the system through winbind. In this case the + members of a Local group are "unrolled" to cope with the fact + that unix cannot contain groups inside groups. + The backend MUST never call any getgr* / getpw* function or + loops with winbind may happen. + ****************************************************************************/ + +#if 0 +NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) +{ + NTSTATUS result; + gid_t id; + + /* look if mapping exist, do not make idmap alloc an uid if SID is not found */ + result = idmap_get_gid_from_sid(&id, sid, False); + if (NT_STATUS_IS_OK(result)) { + *mapped = gid_is_in_winbind_range(id); + } else { + *mapped = False; + } + + return result; +} +#endif + +/**************************************************************************** + duplicate alloc luid_attr + ****************************************************************************/ +NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la) +{ + NTSTATUS ret; + + *new_la = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR)); + ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr"); + + (*new_la)->luid.high = old_la->luid.high; + (*new_la)->luid.low = old_la->luid.low; + (*new_la)->attr = old_la->attr; + + ret = NT_STATUS_OK; + +done: + return ret; +} + +/**************************************************************************** + initialise a privilege list + ****************************************************************************/ +NTSTATUS init_privilege(PRIVILEGE_SET **priv_set) +{ + NTSTATUS ret; + TALLOC_CTX *mem_ctx = talloc_init("privilege set"); + ALLOC_CHECK(mem_ctx, ret, done, "init_privilege"); + + *priv_set = talloc_zero(mem_ctx, sizeof(PRIVILEGE_SET)); + ALLOC_CHECK(*priv_set, ret, done, "init_privilege"); + + (*priv_set)->mem_ctx = mem_ctx; + + ret = NT_STATUS_OK; + +done: + return ret; +} + +NTSTATUS init_priv_with_ctx(TALLOC_CTX *mem_ctx, PRIVILEGE_SET **priv_set) +{ + NTSTATUS ret; + + *priv_set = talloc_zero(mem_ctx, sizeof(PRIVILEGE_SET)); + ALLOC_CHECK(*priv_set, ret, done, "init_privilege"); + + (*priv_set)->mem_ctx = mem_ctx; + (*priv_set)->ext_ctx = True; + + ret = NT_STATUS_OK; + +done: + return ret; +} + +void reset_privilege(PRIVILEGE_SET *priv_set) +{ + priv_set->count = 0; + priv_set->control = 0; + priv_set->set = NULL; +} + +void destroy_privilege(PRIVILEGE_SET **priv_set) +{ + reset_privilege(*priv_set); + if (!((*priv_set)->ext_ctx)) + /* mem_ctx is local, destroy it */ + talloc_destroy((*priv_set)->mem_ctx); + *priv_set = NULL; +} + +/**************************************************************************** + add a privilege to a privilege array + ****************************************************************************/ +NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +{ + NTSTATUS ret; + LUID_ATTR *new_set; + + /* check if the privilege is not already in the list */ + if (NT_STATUS_IS_OK(check_priv_in_privilege(priv_set, set))) + return NT_STATUS_UNSUCCESSFUL; + + /* we can allocate memory to add the new privilege */ + + new_set = (LUID_ATTR *)talloc_realloc(priv_set->mem_ctx, priv_set->set, (priv_set->count + 1) * (sizeof(LUID_ATTR))); + ALLOC_CHECK(new_set, ret, done, "add_privilege"); + + new_set[priv_set->count].luid.high = set.luid.high; + new_set[priv_set->count].luid.low = set.luid.low; + new_set[priv_set->count].attr = set.attr; + + priv_set->count++; + priv_set->set = new_set; + + ret = NT_STATUS_OK; + +done: + return ret; +} + +/**************************************************************************** + add all the privileges to a privilege array + ****************************************************************************/ +NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set) +{ + NTSTATUS result = NT_STATUS_OK; + LUID_ATTR set; + + set.attr = 0; + set.luid.high = 0; + + /* TODO: set a proper list of privileges */ + set.luid.low = SE_PRIV_ADD_USERS; + result = add_privilege(priv_set, set); + NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); + + set.luid.low = SE_PRIV_ADD_MACHINES; + result = add_privilege(priv_set, set); + NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); + + set.luid.low = SE_PRIV_PRINT_OPERATOR; + result = add_privilege(priv_set, set); + NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); + +done: + return result; +} + +/**************************************************************************** + check if the privilege list is empty + ****************************************************************************/ +NTSTATUS check_empty_privilege(PRIVILEGE_SET *priv_set) +{ + if (!priv_set) + return NT_STATUS_INVALID_PARAMETER; + + if (priv_set->count == 0) + return NT_STATUS_OK; + + return NT_STATUS_UNSUCCESSFUL; +} + +/**************************************************************************** + check if the privilege is in the privilege list + ****************************************************************************/ +NTSTATUS check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +{ + int i; + + if (!priv_set) + return NT_STATUS_INVALID_PARAMETER; + + /* if the list is empty, obviously we can't have it */ + if (NT_STATUS_IS_OK(check_empty_privilege(priv_set))) + return NT_STATUS_UNSUCCESSFUL; + + for (i = 0; i < priv_set->count; i++) { + LUID_ATTR *cur_set; + + cur_set = &priv_set->set[i]; + /* check only the low and high part. Checking the attr field has no meaning */ + if ( (cur_set->luid.low == set.luid.low) && + (cur_set->luid.high == set.luid.high) ) { + return NT_STATUS_OK; + } + } + + return NT_STATUS_UNSUCCESSFUL; +} + +/**************************************************************************** + remove a privilege from a privilege array + ****************************************************************************/ +NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +{ + NTSTATUS ret; + LUID_ATTR *new_set; + LUID_ATTR *old_set; + int i,j; + + if (!priv_set) + return NT_STATUS_INVALID_PARAMETER; + + /* check if the privilege is in the list */ + if (!NT_STATUS_IS_OK(check_priv_in_privilege(priv_set, set))) + return NT_STATUS_UNSUCCESSFUL; + + /* special case if it's the only privilege in the list */ + if (priv_set->count == 1) { + reset_privilege(priv_set); + return NT_STATUS_OK; + } + + /* + * the privilege is there, create a new list, + * and copy the other privileges + */ + + old_set = priv_set->set; + + new_set = (LUID_ATTR *)talloc(priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); + ALLOC_CHECK(new_set, ret, done, "remove_privilege"); + + for (i=0, j=0; i < priv_set->count; i++) { + if ( (old_set[i].luid.low == set.luid.low) && + (old_set[i].luid.high == set.luid.high) ) { + continue; + } + + new_set[j].luid.low = old_set[i].luid.low; + new_set[j].luid.high = old_set[i].luid.high; + new_set[j].attr = old_set[i].attr; + + j++; + } + + if (j != priv_set->count - 1) { + DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n")); + DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j)); + return NT_STATUS_INTERNAL_ERROR; + } + + /* ok everything is fine */ + + priv_set->count--; + priv_set->set = new_set; + + ret = NT_STATUS_OK; + +done: + return ret; +} + +/**************************************************************************** + duplicates a privilege array + the new privilege set must be passed inited + (use init_privilege or init_priv_with_ctx) + ****************************************************************************/ +NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) +{ + NTSTATUS ret; + LUID_ATTR *new_set; + LUID_ATTR *old_set; + int i; + + if (!new_priv_set || !priv_set) + return NT_STATUS_INVALID_PARAMETER; + + /* special case if there are no privileges in the list */ + if (priv_set->count == 0) { + return NT_STATUS_OK; + } + + /* + * create a new list, + * and copy the other privileges + */ + + old_set = priv_set->set; + + new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); + ALLOC_CHECK(new_set, ret, done, "dup_priv_set"); + + for (i=0; i < priv_set->count; i++) { + + new_set[i].luid.low = old_set[i].luid.low; + new_set[i].luid.high = old_set[i].luid.high; + new_set[i].attr = old_set[i].attr; + } + + new_priv_set->count = priv_set->count; + new_priv_set->control = priv_set->control; + new_priv_set->set = new_set; + + ret = NT_STATUS_OK; + +done: + return ret; +} -- cgit From b12866dfc702fa7e585838c0baa98b6a7615f2eb Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 14 Oct 2003 03:47:34 +0000 Subject: Delete unused label to fix compiler warning. (This used to be commit e34d21af3882a034810737039dbaae4d45e2645c) --- source3/lib/privileges.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 1c23d9e40e..1ed583382d 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -188,7 +188,6 @@ NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set) result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); -done: return result; } -- cgit From b754e4af39d8a720a45dbc6b472211b4ca2eefcc Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 4 Dec 2003 04:31:29 +0000 Subject: don't crash on a NULL priviledge pointer; patch from Jianliang Lu (This used to be commit 2742e813fea2366f91bec62dca407f65ad5c4623) --- source3/lib/privileges.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 1ed583382d..b9d4df301d 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -69,6 +69,12 @@ NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR * { NTSTATUS ret; + /* don't crash if the source pointer is NULL (since we don't + do priviledges now anyways) */ + + if ( !old_la ) + return NT_STATUS_OK; + *new_la = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR)); ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr"); -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/lib/privileges.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index b9d4df301d..2b8d7613c1 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -75,7 +75,7 @@ NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR * if ( !old_la ) return NT_STATUS_OK; - *new_la = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR)); + *new_la = TALLOC_P(mem_ctx, LUID_ATTR); ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr"); (*new_la)->luid.high = old_la->luid.high; @@ -97,7 +97,7 @@ NTSTATUS init_privilege(PRIVILEGE_SET **priv_set) TALLOC_CTX *mem_ctx = talloc_init("privilege set"); ALLOC_CHECK(mem_ctx, ret, done, "init_privilege"); - *priv_set = talloc_zero(mem_ctx, sizeof(PRIVILEGE_SET)); + *priv_set = TALLOC_ZERO_P(mem_ctx, PRIVILEGE_SET); ALLOC_CHECK(*priv_set, ret, done, "init_privilege"); (*priv_set)->mem_ctx = mem_ctx; @@ -112,7 +112,7 @@ NTSTATUS init_priv_with_ctx(TALLOC_CTX *mem_ctx, PRIVILEGE_SET **priv_set) { NTSTATUS ret; - *priv_set = talloc_zero(mem_ctx, sizeof(PRIVILEGE_SET)); + *priv_set = TALLOC_ZERO_P(mem_ctx, PRIVILEGE_SET); ALLOC_CHECK(*priv_set, ret, done, "init_privilege"); (*priv_set)->mem_ctx = mem_ctx; @@ -154,7 +154,7 @@ NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) /* we can allocate memory to add the new privilege */ - new_set = (LUID_ATTR *)talloc_realloc(priv_set->mem_ctx, priv_set->set, (priv_set->count + 1) * (sizeof(LUID_ATTR))); + new_set = TALLOC_REALLOC_ARRAY(priv_set->mem_ctx, priv_set->set, LUID_ATTR, priv_set->count + 1); ALLOC_CHECK(new_set, ret, done, "add_privilege"); new_set[priv_set->count].luid.high = set.luid.high; @@ -269,7 +269,7 @@ NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) old_set = priv_set->set; - new_set = (LUID_ATTR *)talloc(priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); + new_set = TALLOC_ARRAY(priv_set->mem_ctx, LUID_ATTR, priv_set->count - 1); ALLOC_CHECK(new_set, ret, done, "remove_privilege"); for (i=0, j=0; i < priv_set->count; i++) { @@ -329,7 +329,7 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) old_set = priv_set->set; - new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); + new_set = TALLOC_ARRAY(new_priv_set->mem_ctx, LUID_ATTR, priv_set->count - 1); ALLOC_CHECK(new_set, ret, done, "dup_priv_set"); for (i=0; i < priv_set->count; i++) { -- cgit From d94d87472ca2f3875caa146424caa178ce20274f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 13 Jan 2005 18:20:37 +0000 Subject: r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c) --- source3/lib/privileges.c | 647 +++++++++++++++++++++++++++++++---------------- 1 file changed, 429 insertions(+), 218 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 2b8d7613c1..eabb652c3e 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -3,6 +3,7 @@ Privileges handling functions Copyright (C) Jean François Micouleau 1998-2001 Copyright (C) Simo Sorce 2002-2003 + Copyright (C) Gerald (Jerry) Carter 2004 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,138 +20,152 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + #include "includes.h" -/* defines */ +#define PRIVPREFIX "PRIV_" -#define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define NTSTATUS_CHECK(err, label, str1, str2) do { if (!NT_STATUS_IS_OK(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0) - -/**************************************************************************** - Check if a user is a mapped group. - - This function will check if the group SID is mapped onto a - system managed gid or onto a winbind manged sid. - In the first case it will be threated like a mapped group - and the backend should take the member list with a getgrgid - and ignore any user that have been possibly set into the group - object. - - In the second case, the group is a fully SAM managed group - served back to the system through winbind. In this case the - members of a Local group are "unrolled" to cope with the fact - that unix cannot contain groups inside groups. - The backend MUST never call any getgr* / getpw* function or - loops with winbind may happen. - ****************************************************************************/ - -#if 0 -NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) -{ - NTSTATUS result; - gid_t id; - - /* look if mapping exist, do not make idmap alloc an uid if SID is not found */ - result = idmap_get_gid_from_sid(&id, sid, False); - if (NT_STATUS_IS_OK(result)) { - *mapped = gid_is_in_winbind_range(id); - } else { - *mapped = False; - } +#define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) \ + { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) + +PRIVS privs[] = { + {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from the network"}, + {SE_INTERACTIVE_LOGON, "SeInteractiveLogonRight", "Log on locally"}, + {SE_BATCH_LOGON, "SeBatchLogonRight", "Log on as a batch job"}, + {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service"}, + + {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain"}, + {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Admin"}, + {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain"}, + + {SE_END, "", ""} +}; + - return result; -} +#if 0 /* not needed currently */ +PRIVS privs[] = { + {SE_ASSIGN_PRIMARY_TOKEN, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"}, + {SE_CREATE_TOKEN, "SeCreateTokenPrivilege", "Create Token"}, + {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"}, + {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"}, + {SE_UNSOLICITED_INPUT, "SeUnsolicitedInputPrivilege", "Unsolicited Input"}, + {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Can add Machine Accounts to the Domain"}, + {SE_TCB, "SeTcbPrivilege", "Act as part of the operating system"}, + {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, + {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, + {SE_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"}, + {SE_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"}, + {SE_SYSTEM_TIME, "SeSystemtimePrivilege", "System Time"}, + {SE_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"}, + {SE_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"}, + {SE_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"}, + {SE_CREATE_PERMANENT, "SeCreatePermanentPrivilege", "Create Permanent"}, + {SE_BACKUP, "SeBackupPrivilege", "Backup Privilege"}, + {SE_RESTORE, "SeRestorePrivilege", "Restore Privilege"}, + {SE_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"}, + {SE_DEBUG, "SeDebugPrivilege", "Debug Privilege"}, + {SE_AUDIT, "SeAuditPrivilege", "Audit"}, + {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, + {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"}, + {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"}, + {SE_UNDOCK, "SeUndockPrivilege", "Undock"}, + {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"}, + {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"}, + {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Operator"}, + {SE_ADD_USERS, "SeAddUsersPrivilege", "Add Users"}, + {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"} + {SE_END, "", ""} +}; #endif -/**************************************************************************** - duplicate alloc luid_attr - ****************************************************************************/ -NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la) -{ - NTSTATUS ret; +typedef struct priv_sid_list { + uint32 se_priv; + SID_LIST sids; +} PRIV_SID_LIST; - /* don't crash if the source pointer is NULL (since we don't - do priviledges now anyways) */ +/*************************************************************************** + Retrieve the privilege mask (set) for a given SID +****************************************************************************/ - if ( !old_la ) - return NT_STATUS_OK; +static uint32 get_privileges( const DOM_SID *sid ) +{ + TDB_CONTEXT *tdb = get_account_pol_tdb(); + fstring keystr; + uint32 priv_mask; + + if ( !tdb ) + return 0; - *new_la = TALLOC_P(mem_ctx, LUID_ATTR); - ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr"); + fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); - (*new_la)->luid.high = old_la->luid.high; - (*new_la)->luid.low = old_la->luid.low; - (*new_la)->attr = old_la->attr; + if ( !tdb_fetch_uint32( tdb, keystr, &priv_mask ) ) { + DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n", + sid_string_static(sid))); + return 0; + } - ret = NT_STATUS_OK; - -done: - return ret; + return priv_mask; } -/**************************************************************************** - initialise a privilege list - ****************************************************************************/ -NTSTATUS init_privilege(PRIVILEGE_SET **priv_set) -{ - NTSTATUS ret; - TALLOC_CTX *mem_ctx = talloc_init("privilege set"); - ALLOC_CHECK(mem_ctx, ret, done, "init_privilege"); - - *priv_set = TALLOC_ZERO_P(mem_ctx, PRIVILEGE_SET); - ALLOC_CHECK(*priv_set, ret, done, "init_privilege"); +/*************************************************************************** + Store the privilege mask (set) for a given SID +****************************************************************************/ - (*priv_set)->mem_ctx = mem_ctx; +static BOOL set_privileges( const DOM_SID *sid, uint32 mask ) +{ + TDB_CONTEXT *tdb = get_account_pol_tdb(); + fstring keystr; + + if ( !tdb ) + return False; - ret = NT_STATUS_OK; + fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); -done: - return ret; + return tdb_store_uint32( tdb, keystr, mask ); } -NTSTATUS init_priv_with_ctx(TALLOC_CTX *mem_ctx, PRIVILEGE_SET **priv_set) +/**************************************************************************** + check if the privilege is in the privilege list +****************************************************************************/ + +static BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) { - NTSTATUS ret; + int i; - *priv_set = TALLOC_ZERO_P(mem_ctx, PRIVILEGE_SET); - ALLOC_CHECK(*priv_set, ret, done, "init_privilege"); + if ( !priv_set ) + return False; - (*priv_set)->mem_ctx = mem_ctx; - (*priv_set)->ext_ctx = True; + for ( i = 0; i < priv_set->count; i++ ) { + LUID_ATTR *cur_set; - ret = NT_STATUS_OK; + cur_set = &priv_set->set[i]; -done: - return ret; -} + /* check only the low and high part. Checking the attr + field has no meaning */ -void reset_privilege(PRIVILEGE_SET *priv_set) -{ - priv_set->count = 0; - priv_set->control = 0; - priv_set->set = NULL; -} + if ( (cur_set->luid.low == set.luid.low) + && (cur_set->luid.high == set.luid.high) ) + { + return True; + } + } -void destroy_privilege(PRIVILEGE_SET **priv_set) -{ - reset_privilege(*priv_set); - if (!((*priv_set)->ext_ctx)) - /* mem_ctx is local, destroy it */ - talloc_destroy((*priv_set)->mem_ctx); - *priv_set = NULL; + return False; } /**************************************************************************** add a privilege to a privilege array ****************************************************************************/ -NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) + +static NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) { NTSTATUS ret; LUID_ATTR *new_set; /* check if the privilege is not already in the list */ - if (NT_STATUS_IS_OK(check_priv_in_privilege(priv_set, set))) - return NT_STATUS_UNSUCCESSFUL; + + if ( check_priv_in_privilege(priv_set, set) ) + return NT_STATUS_OK; /* we can allocate memory to add the new privilege */ @@ -170,132 +185,222 @@ done: return ret; } -/**************************************************************************** - add all the privileges to a privilege array - ****************************************************************************/ -NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set) +/********************************************************************* + Generate the LUID_ATTR structure based on a bitmask +*********************************************************************/ + +static LUID_ATTR get_privilege_luid( uint32 mask ) { - NTSTATUS result = NT_STATUS_OK; - LUID_ATTR set; + LUID_ATTR priv_luid; + + priv_luid.attr = 0; + priv_luid.luid.high = 0; + priv_luid.luid.low = mask; + + return priv_luid; +} - set.attr = 0; - set.luid.high = 0; +/********************************************************************* + Convert a privilege mask to an LUID_ATTR[] and add the privileges to + the PRIVILEGE_SET +*********************************************************************/ - /* TODO: set a proper list of privileges */ - set.luid.low = SE_PRIV_ADD_USERS; - result = add_privilege(priv_set, set); - NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); +static void add_privilege_set( PRIVILEGE_SET *privset, uint32 mask ) +{ + LUID_ATTR luid; + int i; + + for (i=0; privs[i].se_priv != SE_END; i++) { - set.luid.low = SE_PRIV_ADD_MACHINES; - result = add_privilege(priv_set, set); - NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); + /* skip if the privilege is not part of the mask */ - set.luid.low = SE_PRIV_PRINT_OPERATOR; - result = add_privilege(priv_set, set); - NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); + if ( !(mask & privs[i].se_priv) ) + continue; - return result; + /* remove the bit from the mask */ + + mask &= ~privs[i].se_priv; + + luid = get_privilege_luid( privs[i].se_priv ); + + add_privilege( privset, luid ); + } + + /* log an error if we have anything left at this point */ + if ( mask ) + DEBUG(0,("add_privilege_set: leftover bits! [0x%x]\n", mask )); } -/**************************************************************************** - check if the privilege list is empty - ****************************************************************************/ -NTSTATUS check_empty_privilege(PRIVILEGE_SET *priv_set) +/********************************************************************* + get a list of all privleges for all sids the in list +*********************************************************************/ + +void get_privileges_for_sids(PRIVILEGE_SET *privset, DOM_SID *slist, int scount) { - if (!priv_set) - return NT_STATUS_INVALID_PARAMETER; + uint32 priv_mask; + int i; + + for ( i=0; icount == 0) - return NT_STATUS_OK; + /* don't add unless we actually have a privilege assigned */ - return NT_STATUS_UNSUCCESSFUL; + if ( priv_mask == 0 ) + continue; + + DEBUG(5,("get_privileges_for_sids: sid = %s, privilege mask = 0x%x\n", + sid_string_static(&slist[i]), priv_mask)); + + add_privilege_set( privset, priv_mask ); + } } -/**************************************************************************** - check if the privilege is in the privilege list - ****************************************************************************/ -NTSTATUS check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) + +/********************************************************************* + travseral functions for privilege_enumerate_accounts +*********************************************************************/ + +static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) { - int i; + PRIV_SID_LIST *priv = state; + int prefixlen = strlen(PRIVPREFIX); + DOM_SID sid; + fstring sid_string; - if (!priv_set) - return NT_STATUS_INVALID_PARAMETER; + /* check we have a PRIV_+SID entry */ - /* if the list is empty, obviously we can't have it */ - if (NT_STATUS_IS_OK(check_empty_privilege(priv_set))) - return NT_STATUS_UNSUCCESSFUL; + if ( strncmp(key.dptr, PRIVPREFIX, prefixlen) != 0) + return 0; + + /* check to see if we are looking for a particular privilege */ - for (i = 0; i < priv_set->count; i++) { - LUID_ATTR *cur_set; + if ( priv->se_priv != SE_NONE ) { + uint32 mask = SVAL(data.dptr, 0); + + /* if the SID does not have the specified privilege + then just return */ + + if ( !(mask & priv->se_priv) ) + return 0; + } + + fstrcpy( sid_string, &key.dptr[strlen(PRIVPREFIX)] ); - cur_set = &priv_set->set[i]; - /* check only the low and high part. Checking the attr field has no meaning */ - if ( (cur_set->luid.low == set.luid.low) && - (cur_set->luid.high == set.luid.high) ) { - return NT_STATUS_OK; - } + if ( !string_to_sid(&sid, sid_string) ) { + DEBUG(0,("travsersal_fn_enum__acct: Could not convert SID [%s]\n", + sid_string)); + return 0; } - return NT_STATUS_UNSUCCESSFUL; + add_sid_to_array( &sid, &priv->sids.list, &priv->sids.count ); + + return 0; } -/**************************************************************************** - remove a privilege from a privilege array - ****************************************************************************/ -NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +/********************************************************************* + Retreive list of privileged SIDs (for _lsa_enumerate_accounts() +*********************************************************************/ + +NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) { - NTSTATUS ret; - LUID_ATTR *new_set; - LUID_ATTR *old_set; - int i,j; + TDB_CONTEXT *tdb = get_account_pol_tdb(); + PRIV_SID_LIST priv; + + ZERO_STRUCT(priv); + priv.se_priv = SE_NONE; - if (!priv_set) - return NT_STATUS_INVALID_PARAMETER; + tdb_traverse( tdb, priv_traverse_fn, &priv); - /* check if the privilege is in the list */ - if (!NT_STATUS_IS_OK(check_priv_in_privilege(priv_set, set))) - return NT_STATUS_UNSUCCESSFUL; + /* give the memory away; caller will free */ + + *sids = priv.sids.list; + *num_sids = priv.sids.count; - /* special case if it's the only privilege in the list */ - if (priv_set->count == 1) { - reset_privilege(priv_set); - return NT_STATUS_OK; - } + return NT_STATUS_OK; +} + +/*************************************************************************** + Retrieve the SIDs assigned to a given privilege +****************************************************************************/ - /* - * the privilege is there, create a new list, - * and copy the other privileges - */ +NTSTATUS priv_get_sids(const char *privname, DOM_SID **sids, int *num_sids) +{ + TDB_CONTEXT *tdb = get_account_pol_tdb(); + PRIV_SID_LIST priv; + + ZERO_STRUCT(priv); + priv.se_priv = + - old_set = priv_set->set; + tdb_traverse( tdb, priv_traverse_fn, &priv); - new_set = TALLOC_ARRAY(priv_set->mem_ctx, LUID_ATTR, priv_set->count - 1); - ALLOC_CHECK(new_set, ret, done, "remove_privilege"); + /* give the memory away; caller will free */ + + *sids = priv.sids.list; + *num_sids = priv.sids.count; - for (i=0, j=0; i < priv_set->count; i++) { - if ( (old_set[i].luid.low == set.luid.low) && - (old_set[i].luid.high == set.luid.high) ) { - continue; - } - - new_set[j].luid.low = old_set[i].luid.low; - new_set[j].luid.high = old_set[i].luid.high; - new_set[j].attr = old_set[i].attr; + return NT_STATUS_OK; +} - j++; - } +/*************************************************************************** + Add privilege to sid +****************************************************************************/ + +BOOL grant_privilege(const DOM_SID *sid, uint32 priv_mask) +{ + uint32 old_mask, new_mask; - if (j != priv_set->count - 1) { - DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n")); - DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j)); - return NT_STATUS_INTERNAL_ERROR; - } - - /* ok everything is fine */ + old_mask = get_privileges( sid ); - priv_set->count--; - priv_set->set = new_set; + new_mask = old_mask | priv_mask; + + DEBUG(10,("grant_privilege: %s, orig priv set = 0x%x, new privilege set = 0x%x\n", + sid_string_static(sid), old_mask, new_mask )); + return set_privileges( sid, new_mask ); +} + +/*************************************************************************** + Remove privilege from sid +****************************************************************************/ + +BOOL revoke_privilege(const DOM_SID *sid, uint32 priv_mask) +{ + uint32 old_mask, new_mask; + + old_mask = get_privileges( sid ); + + new_mask = old_mask & ~priv_mask; + + DEBUG(10,("revoke_privilege: %s, orig priv set = 0x%x, new priv set = 0x%x\n", + sid_string_static(sid), old_mask, new_mask )); + + return set_privileges( sid, new_mask ); +} + +/*************************************************************************** + Retrieve the SIDs assigned to a given privilege +****************************************************************************/ + +NTSTATUS privilege_create_account(const DOM_SID *sid ) +{ + return ( grant_privilege( sid, SE_NONE ) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL); +} + +/**************************************************************************** + initialise a privilege list and set the talloc context + ****************************************************************************/ +NTSTATUS privilege_set_init(PRIVILEGE_SET *priv_set) +{ + NTSTATUS ret; + + ZERO_STRUCTP( priv_set ); + + TALLOC_CTX *mem_ctx = talloc_init("privilege set"); + ALLOC_CHECK(mem_ctx, ret, done, "init_privilege"); + + priv_set->mem_ctx = mem_ctx; + ret = NT_STATUS_OK; done: @@ -303,48 +408,154 @@ done: } /**************************************************************************** - duplicates a privilege array - the new privilege set must be passed inited - (use init_privilege or init_priv_with_ctx) + initialise a privilege list and with someone else's talloc context +****************************************************************************/ + +NTSTATUS privilege_set_init_by_ctx(TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set) +{ + ZERO_STRUCTP( priv_set ); + + priv_set->mem_ctx = mem_ctx; + priv_set->ext_ctx = True; + + return NT_STATUS_OK; +} + +/**************************************************************************** + Free all memory used by a PRIVILEGE_SET +****************************************************************************/ + +void privilege_set_free(PRIVILEGE_SET *priv_set) +{ + if ( !priv_set ) + return; + + if ( !( priv_set->ext_ctx ) ) + talloc_destroy( priv_set->mem_ctx ); + + ZERO_STRUCTP( priv_set ); +} + +/**************************************************************************** + duplicate alloc luid_attr ****************************************************************************/ -NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) + +NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la, int count) { NTSTATUS ret; - LUID_ATTR *new_set; - LUID_ATTR *old_set; int i; - if (!new_priv_set || !priv_set) - return NT_STATUS_INVALID_PARAMETER; + /* don't crash if the source pointer is NULL (since we don't + do priviledges now anyways) */ - /* special case if there are no privileges in the list */ - if (priv_set->count == 0) { + if ( !old_la ) return NT_STATUS_OK; - } - - /* - * create a new list, - * and copy the other privileges - */ - old_set = priv_set->set; - - new_set = TALLOC_ARRAY(new_priv_set->mem_ctx, LUID_ATTR, priv_set->count - 1); - ALLOC_CHECK(new_set, ret, done, "dup_priv_set"); + *new_la = TALLOC_ARRAY(mem_ctx, LUID_ATTR, count); + ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr"); - for (i=0; i < priv_set->count; i++) { - - new_set[i].luid.low = old_set[i].luid.low; - new_set[i].luid.high = old_set[i].luid.high; - new_set[i].attr = old_set[i].attr; + for (i=0; icount = priv_set->count; - new_priv_set->control = priv_set->control; - new_priv_set->set = new_set; ret = NT_STATUS_OK; done: return ret; } + +/**************************************************************************** + Performa deep copy of a PRIVILEGE_SET structure. Assumes an initialized + destination structure. +*****************************************************************************/ + +BOOL dup_privilege_set( PRIVILEGE_SET *dest, PRIVILEGE_SET *src ) +{ + NTSTATUS result; + + if ( !dest || !src ) + return False; + + result = dup_luid_attr( dest->mem_ctx, &dest->set, src->set, src->count ); + if ( !NT_STATUS_IS_OK(result) ) { + DEBUG(0,("dup_privilege_set: Failed to dup LUID_ATTR array [%s]\n", + nt_errstr(result) )); + return False; + } + + dest->control = src->control; + dest->count = src->count; + + return True; +} + +/**************************************************************************** + Does the user have the specified privilege ? We only deal with one privilege + at a time here. +*****************************************************************************/ + +BOOL user_has_privilege(NT_USER_TOKEN *token, uint32 privilege) +{ + return check_priv_in_privilege( &token->privileges, get_privilege_luid(privilege) ); +} + +/**************************************************************************** + Convert a LUID to a named string +****************************************************************************/ + +char* luid_to_privilege_name(const LUID *set) +{ + static fstring name; + int i = 0; + + if (set->high != 0) + return NULL; + + for ( i=0; privs[i].se_priv!=SE_END; i++ ) { + if (set->low == privs[i].se_priv) { + fstrcpy(name, privs[i].name); + return name; + } + } + + return NULL; +} + +/**************************************************************************** + Convert an LUID to a 32-bit mask +****************************************************************************/ + +uint32 luid_to_privilege_mask(const LUID *set) +{ + int i = 0; + + if (set->high != 0) + return SE_END; + + for ( i=0; privs[i].se_priv != SE_END; i++ ) { + if (set->low == privs[i].se_priv) + return privs[i].se_priv; + } + + return SE_END; +} + +/******************************************************************* + return the number of elements in the privlege array +*******************************************************************/ + +int count_all_privileges( void ) +{ + static int count; + + if ( count ) + return count; + + /* loop over the array and count it */ + for ( count=0; privs[count].se_priv != SE_END; count++ ) ; + + return count; +} + -- cgit From 8a24c39d76fc599874037fee8997a7cb7be996cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 14 Jan 2005 08:14:22 +0000 Subject: r4731: Fix the build (This used to be commit 340d7f317332f159460d04db8ccc75116c83d234) --- source3/lib/privileges.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index eabb652c3e..f35d16f30f 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -393,10 +393,11 @@ NTSTATUS privilege_create_account(const DOM_SID *sid ) NTSTATUS privilege_set_init(PRIVILEGE_SET *priv_set) { NTSTATUS ret; + TALLOC_CTX *mem_ctx; ZERO_STRUCTP( priv_set ); - TALLOC_CTX *mem_ctx = talloc_init("privilege set"); + mem_ctx = talloc_init("privilege set"); ALLOC_CHECK(mem_ctx, ret, done, "init_privilege"); priv_set->mem_ctx = mem_ctx; -- cgit From c727866172b5abb1cab0913eb78f3f1d58fcb9aa Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sat, 15 Jan 2005 02:20:30 +0000 Subject: r4742: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code (This used to be commit 7bf1312287cc1ec6b97917ba25fc60d6db09f26c) --- source3/lib/privileges.c | 77 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 65 insertions(+), 12 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index f35d16f30f..09a868fc27 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -87,24 +87,25 @@ typedef struct priv_sid_list { Retrieve the privilege mask (set) for a given SID ****************************************************************************/ -static uint32 get_privileges( const DOM_SID *sid ) +static uint32 get_privileges( const DOM_SID *sid, uint32 *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; uint32 priv_mask; if ( !tdb ) - return 0; + return False; fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); if ( !tdb_fetch_uint32( tdb, keystr, &priv_mask ) ) { DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n", sid_string_static(sid))); - return 0; + return False; } - return priv_mask; + *mask = priv_mask; + return True; } /*************************************************************************** @@ -241,13 +242,11 @@ void get_privileges_for_sids(PRIVILEGE_SET *privset, DOM_SID *slist, int scount) int i; for ( i=0; i Date: Mon, 17 Jan 2005 15:23:11 +0000 Subject: r4805: Last planned change to the privileges infrastructure: * rewrote the tdb layout of privilege records in account_pol.tdb (allow for 128 bits instead of 32 bit flags) * migrated to using SE_PRIV structure instead of the PRIVILEGE_SET structure. The latter is now used for parsing routines mainly. Still need to incorporate some client support into 'net' so for setting privileges. And make use of the SeAddUserPrivilege right. (This used to be commit 41dc7f7573c6d637e19a01e7ed0e716ac0f1fb15) --- source3/lib/privileges.c | 429 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 309 insertions(+), 120 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 09a868fc27..973e9acc65 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -25,6 +25,13 @@ #define PRIVPREFIX "PRIV_" +#define GENERATE_LUID_LOW(x) (x)+1; + +static SE_PRIV se_priv_all = SE_ALL_PRIVS; +static SE_PRIV se_priv_end = SE_END; +static SE_PRIV se_priv_none = SE_NONE; + + #define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) \ { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) @@ -79,32 +86,123 @@ PRIVS privs[] = { #endif typedef struct priv_sid_list { - uint32 se_priv; + SE_PRIV privilege; SID_LIST sids; } PRIV_SID_LIST; + +/*************************************************************************** + copy an SE_PRIV structure +****************************************************************************/ + +BOOL se_priv_copy( SE_PRIV *dst, SE_PRIV *src ) +{ + if ( !dst || !src ) + return False; + + memcpy( dst, src, sizeof(SE_PRIV) ); + + return True; +} + +/*************************************************************************** + combine 2 SE_PRIV structures and store the resulting set in mew_mask +****************************************************************************/ + +static void se_priv_add( SE_PRIV *mask, SE_PRIV *addpriv ) +{ + int i; + + for ( i=0; imask[i] |= addpriv->mask[i]; + } +} + +/*************************************************************************** + remove one SE_PRIV sytucture from another and store the resulting set + in mew_mask +****************************************************************************/ + +static void se_priv_remove( SE_PRIV *mask, SE_PRIV *removepriv ) +{ + int i; + + for ( i=0; imask[i] &= ~removepriv->mask[i]; + } +} + +/*************************************************************************** + invert a given SE_PRIV and store the set in new_mask +****************************************************************************/ + +static void se_priv_invert( SE_PRIV *new_mask, SE_PRIV *mask ) +{ + SE_PRIV allprivs; + + se_priv_copy( &allprivs, &se_priv_all ); + se_priv_remove( &allprivs, mask ); + se_priv_copy( new_mask, &allprivs ); +} + +/*************************************************************************** + check if 2 SE_PRIV structure are equal +****************************************************************************/ + +static BOOL se_priv_equal( SE_PRIV *mask1, SE_PRIV *mask2 ) +{ + return ( memcmp(mask1, mask2, sizeof(SE_PRIV)) == 0 ); +} + + +/*************************************************************************** + dump an SE_PRIV structure to the log files +****************************************************************************/ + +void dump_se_priv( int dbg_cl, int dbg_lvl, SE_PRIV *mask ) +{ + int i; + + DEBUGADDC( dbg_cl, dbg_lvl,("SE_PRIV ")); + + for ( i=0; imask[i] )); + } + + DEBUGADDC( dbg_cl, dbg_lvl, ("\n")); +} + /*************************************************************************** Retrieve the privilege mask (set) for a given SID ****************************************************************************/ -static uint32 get_privileges( const DOM_SID *sid, uint32 *mask ) +static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; - uint32 priv_mask; + TDB_DATA key, data; if ( !tdb ) return False; + /* PRIV_ (NULL terminated) as the key */ + fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; - if ( !tdb_fetch_uint32( tdb, keystr, &priv_mask ) ) { + data = tdb_fetch( tdb, key ); + + if ( !data.dptr ) { DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n", sid_string_static(sid))); return False; } - *mask = priv_mask; + SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) ); + + se_priv_copy( mask, (SE_PRIV*)data.dptr ); + return True; } @@ -112,66 +210,68 @@ static uint32 get_privileges( const DOM_SID *sid, uint32 *mask ) Store the privilege mask (set) for a given SID ****************************************************************************/ -static BOOL set_privileges( const DOM_SID *sid, uint32 mask ) +static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; + TDB_DATA key, data; if ( !tdb ) return False; + /* PRIV_ (NULL terminated) as the key */ + fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); + key.dptr = keystr; + key.dsize = strlen(keystr) + 1; + + /* no packing. static size structure, just write it out */ + + data.dptr = (char*)mask; + data.dsize = sizeof(SE_PRIV); - return tdb_store_uint32( tdb, keystr, mask ); + return ( tdb_store(tdb, key, data, TDB_REPLACE) != -1 ); } /**************************************************************************** check if the privilege is in the privilege list ****************************************************************************/ -static BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +static BOOL is_privilege_assigned( SE_PRIV *privileges, SE_PRIV *check ) { - int i; + SE_PRIV p1, p2; - if ( !priv_set ) + if ( !privileges || !check ) return False; - - for ( i = 0; i < priv_set->count; i++ ) { - LUID_ATTR *cur_set; - - cur_set = &priv_set->set[i]; - - /* check only the low and high part. Checking the attr - field has no meaning */ - - if ( (cur_set->luid.low == set.luid.low) - && (cur_set->luid.high == set.luid.high) ) - { - return True; - } - } - - return False; + + se_priv_copy( &p1, check ); + + /* invert the SE_PRIV we want to check for and remove that from the + original set. If we are left with the SE_PRIV we are checking + for then return True */ + + se_priv_invert( &p1, check ); + se_priv_copy( &p2, privileges ); + se_priv_remove( &p2, &p1 ); + + return se_priv_equal( &p2, check ); } /**************************************************************************** add a privilege to a privilege array ****************************************************************************/ -static NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +static BOOL privilege_set_add(PRIVILEGE_SET *priv_set, LUID_ATTR set) { - NTSTATUS ret; LUID_ATTR *new_set; - /* check if the privilege is not already in the list */ - - if ( check_priv_in_privilege(priv_set, set) ) - return NT_STATUS_OK; - /* we can allocate memory to add the new privilege */ new_set = TALLOC_REALLOC_ARRAY(priv_set->mem_ctx, priv_set->set, LUID_ATTR, priv_set->count + 1); - ALLOC_CHECK(new_set, ret, done, "add_privilege"); + if ( !new_set ) { + DEBUG(0,("privilege_set_add: failed to allocate memory!\n")); + return False; + } new_set[priv_set->count].luid.high = set.luid.high; new_set[priv_set->count].luid.low = set.luid.low; @@ -180,78 +280,79 @@ static NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) priv_set->count++; priv_set->set = new_set; - ret = NT_STATUS_OK; - -done: - return ret; + return True; } /********************************************************************* Generate the LUID_ATTR structure based on a bitmask *********************************************************************/ -static LUID_ATTR get_privilege_luid( uint32 mask ) +LUID_ATTR get_privilege_luid( SE_PRIV *mask ) { LUID_ATTR priv_luid; + int i; priv_luid.attr = 0; priv_luid.luid.high = 0; - priv_luid.luid.low = mask; + + for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { + + /* just use the index+1 (so its non-zero) into the + array as the lower portion of the LUID */ + + if ( se_priv_equal( &privs[i].se_priv, mask ) ) { + priv_luid.luid.low = GENERATE_LUID_LOW(i); + } + } return priv_luid; } /********************************************************************* - Convert a privilege mask to an LUID_ATTR[] and add the privileges to - the PRIVILEGE_SET + Generate the LUID_ATTR structure based on a bitmask *********************************************************************/ -static void add_privilege_set( PRIVILEGE_SET *privset, uint32 mask ) +const char* get_privilege_dispname( const char *name ) { - LUID_ATTR luid; int i; - - for (i=0; privs[i].se_priv != SE_END; i++) { - - /* skip if the privilege is not part of the mask */ - - if ( !(mask & privs[i].se_priv) ) - continue; - - /* remove the bit from the mask */ - mask &= ~privs[i].se_priv; - - luid = get_privilege_luid( privs[i].se_priv ); - - add_privilege( privset, luid ); + for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { + + if ( strequal( privs[i].name, name ) ) { + return privs[i].description; + } } - /* log an error if we have anything left at this point */ - if ( mask ) - DEBUG(0,("add_privilege_set: leftover bits! [0x%x]\n", mask )); + return NULL; } /********************************************************************* get a list of all privleges for all sids the in list *********************************************************************/ -void get_privileges_for_sids(PRIVILEGE_SET *privset, DOM_SID *slist, int scount) +BOOL get_privileges_for_sids(SE_PRIV *privileges, DOM_SID *slist, int scount) { - uint32 priv_mask; + SE_PRIV mask; int i; + BOOL found = False; + + se_priv_copy( privileges, &se_priv_none ); for ( i=0; ise_priv != SE_NONE ) { - uint32 mask = SVAL(data.dptr, 0); + if ( !se_priv_equal(&priv->privilege, &se_priv_none) ) { + SE_PRIV mask; + + se_priv_copy( &mask, (SE_PRIV*)data.dptr ); /* if the SID does not have the specified privilege then just return */ - if ( !(mask & priv->se_priv) ) + if ( !is_privilege_assigned( &mask, &priv->privilege) ) return 0; } @@ -306,7 +414,8 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) PRIV_SID_LIST priv; ZERO_STRUCT(priv); - priv.se_priv = SE_NONE; + + se_priv_copy( &priv.privilege, &se_priv_none ); tdb_traverse( tdb, priv_traverse_fn, &priv); @@ -318,18 +427,17 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) return NT_STATUS_OK; } +#if 0 /* JERRY - not used */ /*************************************************************************** Retrieve the SIDs assigned to a given privilege ****************************************************************************/ -NTSTATUS priv_get_sids(const char *privname, DOM_SID **sids, int *num_sids) + NTSTATUS priv_get_sids(const char *privname, DOM_SID **sids, int *num_sids) { TDB_CONTEXT *tdb = get_account_pol_tdb(); PRIV_SID_LIST priv; ZERO_STRUCT(priv); - priv.se_priv = - tdb_traverse( tdb, priv_traverse_fn, &priv); @@ -340,24 +448,32 @@ NTSTATUS priv_get_sids(const char *privname, DOM_SID **sids, int *num_sids) return NT_STATUS_OK; } +#endif /*************************************************************************** Add privilege to sid ****************************************************************************/ -BOOL grant_privilege(const DOM_SID *sid, uint32 priv_mask) +BOOL grant_privilege(const DOM_SID *sid, SE_PRIV *priv_mask) { - uint32 old_mask, new_mask; + SE_PRIV old_mask, new_mask; if ( get_privileges( sid, &old_mask ) ) - new_mask = old_mask | priv_mask; + se_priv_copy( &new_mask, &old_mask ); else - new_mask = priv_mask; + se_priv_copy( &new_mask, &se_priv_none ); + + se_priv_add( &new_mask, priv_mask ); - DEBUG(10,("grant_privilege: %s, orig priv set = 0x%x, new privilege set = 0x%x\n", - sid_string_static(sid), old_mask, new_mask )); + DEBUG(10,("grant_privilege: %s\n", sid_string_static(sid))); + + DEBUGADD( 10, ("original privilege mask:\n")); + dump_se_priv( DBGC_ALL, 10, &old_mask ); - return set_privileges( sid, new_mask ); + DEBUGADD( 10, ("new privilege mask:\n")); + dump_se_priv( DBGC_ALL, 10, &new_mask ); + + return set_privileges( sid, &new_mask ); } /********************************************************************* @@ -368,9 +484,9 @@ BOOL grant_privilege_by_name(DOM_SID *sid, const char *name) { int i; - for ( i = 0; privs[i].se_priv != SE_END; i++ ) { + for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { if ( strequal(privs[i].name, name) ) { - return grant_privilege( sid, privs[i].se_priv ); + return grant_privilege( sid, &privs[i].se_priv ); } } @@ -383,21 +499,35 @@ BOOL grant_privilege_by_name(DOM_SID *sid, const char *name) Remove privilege from sid ****************************************************************************/ -BOOL revoke_privilege(const DOM_SID *sid, uint32 priv_mask) +BOOL revoke_privilege(const DOM_SID *sid, SE_PRIV *priv_mask) { - uint32 old_mask, new_mask; + SE_PRIV mask; - if ( get_privileges( sid, &old_mask ) ) - new_mask = old_mask | priv_mask; - else - new_mask = priv_mask; + /* if the user has no privileges, then we can't revoke any */ + + if ( !get_privileges( sid, &mask ) ) + return True; + + DEBUG(10,("revoke_privilege: %s\n", sid_string_static(sid))); - new_mask = old_mask & ~priv_mask; + DEBUGADD( 10, ("original privilege mask:\n")); + dump_se_priv( DBGC_ALL, 10, &mask ); - DEBUG(10,("revoke_privilege: %s, orig priv set = 0x%x, new priv set = 0x%x\n", - sid_string_static(sid), old_mask, new_mask )); + se_priv_remove( &mask, priv_mask ); - return set_privileges( sid, new_mask ); + DEBUGADD( 10, ("new privilege mask:\n")); + dump_se_priv( DBGC_ALL, 10, &mask ); + + return set_privileges( sid, &mask ); +} + +/********************************************************************* + Revoke all privileges +*********************************************************************/ + +BOOL revoke_all_privileges( DOM_SID *sid ) +{ + return revoke_privilege( sid, &se_priv_all ); } /********************************************************************* @@ -408,9 +538,9 @@ BOOL revoke_privilege_by_name(DOM_SID *sid, const char *name) { int i; - for ( i = 0; privs[i].se_priv != SE_END; i++ ) { + for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { if ( strequal(privs[i].name, name) ) { - return revoke_privilege( sid, privs[i].se_priv ); + return revoke_privilege( sid, &privs[i].se_priv ); } } @@ -425,7 +555,7 @@ BOOL revoke_privilege_by_name(DOM_SID *sid, const char *name) NTSTATUS privilege_create_account(const DOM_SID *sid ) { - return ( grant_privilege( sid, SE_NONE ) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL); + return ( grant_privilege(sid, &se_priv_none) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL); } /**************************************************************************** @@ -508,12 +638,13 @@ done: return ret; } +#if 0 /* not used */ /**************************************************************************** Performa deep copy of a PRIVILEGE_SET structure. Assumes an initialized destination structure. *****************************************************************************/ -BOOL dup_privilege_set( PRIVILEGE_SET *dest, PRIVILEGE_SET *src ) + BOOL dup_privilege_set( PRIVILEGE_SET *dest, PRIVILEGE_SET *src ) { NTSTATUS result; @@ -532,15 +663,16 @@ BOOL dup_privilege_set( PRIVILEGE_SET *dest, PRIVILEGE_SET *src ) return True; } +#endif /**************************************************************************** Does the user have the specified privilege ? We only deal with one privilege at a time here. *****************************************************************************/ -BOOL user_has_privilege(NT_USER_TOKEN *token, uint32 privilege) +BOOL user_has_privileges(NT_USER_TOKEN *token, SE_PRIV *privilege) { - return check_priv_in_privilege( &token->privileges, get_privilege_luid(privilege) ); + return is_privilege_assigned( &token->privileges, privilege ); } /**************************************************************************** @@ -550,38 +682,37 @@ BOOL user_has_privilege(NT_USER_TOKEN *token, uint32 privilege) char* luid_to_privilege_name(const LUID *set) { static fstring name; - int i = 0; + int max = count_all_privileges(); if (set->high != 0) return NULL; - for ( i=0; privs[i].se_priv!=SE_END; i++ ) { - if (set->low == privs[i].se_priv) { - fstrcpy(name, privs[i].name); - return name; - } - } + if ( set->low > max ) + return NULL; - return NULL; + fstrcpy( name, privs[set->low - 1].name ); + + return name; } /**************************************************************************** Convert an LUID to a 32-bit mask ****************************************************************************/ -uint32 luid_to_privilege_mask(const LUID *set) +SE_PRIV* luid_to_privilege_mask(const LUID *set) { - int i = 0; - + static SE_PRIV mask; + int max = count_all_privileges(); + if (set->high != 0) - return SE_END; + return NULL; - for ( i=0; privs[i].se_priv != SE_END; i++ ) { - if (set->low == privs[i].se_priv) - return privs[i].se_priv; - } + if ( set->low > max ) + return NULL; + + se_priv_copy( &mask, &privs[set->low - 1].se_priv ); - return SE_END; + return &mask; } /******************************************************************* @@ -596,20 +727,78 @@ int count_all_privileges( void ) return count; /* loop over the array and count it */ - for ( count=0; privs[count].se_priv != SE_END; count++ ) ; + for ( count=0; !se_priv_equal(&privs[count].se_priv, &se_priv_end); count++ ) ; return count; } +#if 0 /* not used */ /******************************************************************* + return True is the SID has an entry in the account_pol.tdb *******************************************************************/ -BOOL is_privileged_sid( DOM_SID *sid ) + BOOL is_privileged_sid( DOM_SID *sid ) { - int mask; + SE_PRIV mask; /* check if the lookup succeeds */ return get_privileges( sid, &mask ); } +#endif + +/******************************************************************* +*******************************************************************/ + +BOOL se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask ) +{ + int i; + uint32 num_privs = count_all_privileges(); + LUID_ATTR luid; + + luid.attr = 0; + luid.luid.high = 0; + + for ( i=0; icount; i++ ) { + SE_PRIV r; + + /* sanity check for invalid privilege. we really + only care about the low 32 bits */ + + if ( privset->set[i].luid.high != 0 ) + return False; + + /* make sure :LUID.low is in range */ + if ( privset->set[i].luid.low == 0 || privset->set[i].luid.low > num_privs ) + return False; + + r = privs[privset->set[i].luid.low - 1].se_priv; + se_priv_add( mask, &r ); + } + + return True; +} -- cgit From ade3ef6f0435a06d602519c012ffa6a0b0fbec71 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 17 Jan 2005 20:27:29 +0000 Subject: r4809: * include SeDiskOperatorPrivilege and SeRemoteShutdownPrivilege (noty enfornced yet though) * add 'enable privileges (off by default) to control whether or not any privuleges can be assigned to SIDs (This used to be commit cf63519169d2f3c56a6acf46b9257f4c11d5ea74) --- source3/lib/privileges.c | 113 +++++++++++------------------------------------ 1 file changed, 25 insertions(+), 88 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 973e9acc65..b84800a0e1 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -31,23 +31,23 @@ static SE_PRIV se_priv_all = SE_ALL_PRIVS; static SE_PRIV se_priv_end = SE_END; static SE_PRIV se_priv_none = SE_NONE; - -#define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) \ - { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) - PRIVS privs[] = { - {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from the network"}, +#if 0 /* usrmgr will display these twice if you include them. We don't + use them but we'll keep the bitmasks reserved in privileges.h anyways */ + + {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from network"}, {SE_INTERACTIVE_LOGON, "SeInteractiveLogonRight", "Log on locally"}, {SE_BATCH_LOGON, "SeBatchLogonRight", "Log on as a batch job"}, {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service"}, - +#endif {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain"}, - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Admin"}, + {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Manage printers"}, {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain"}, + {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Force shutdown from a remote system"}, + {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares"}, {SE_END, "", ""} }; - #if 0 /* not needed currently */ PRIVS privs[] = { @@ -74,12 +74,9 @@ PRIVS privs[] = { {SE_AUDIT, "SeAuditPrivilege", "Audit"}, {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"}, - {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"}, {SE_UNDOCK, "SeUndockPrivilege", "Undock"}, {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"}, {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"}, - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Operator"}, - {SE_ADD_USERS, "SeAddUsersPrivilege", "Add Users"}, {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"} {SE_END, "", ""} }; @@ -181,6 +178,12 @@ static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; TDB_DATA key, data; + + /* Fail if the admin has not enable privileges */ + + if ( !lp_enable_privileges() ) { + return False; + } if ( !tdb ) return False; @@ -203,6 +206,7 @@ static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) se_priv_copy( mask, (SE_PRIV*)data.dptr ); + return True; } @@ -427,29 +431,6 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) return NT_STATUS_OK; } -#if 0 /* JERRY - not used */ -/*************************************************************************** - Retrieve the SIDs assigned to a given privilege -****************************************************************************/ - - NTSTATUS priv_get_sids(const char *privname, DOM_SID **sids, int *num_sids) -{ - TDB_CONTEXT *tdb = get_account_pol_tdb(); - PRIV_SID_LIST priv; - - ZERO_STRUCT(priv); - - tdb_traverse( tdb, priv_traverse_fn, &priv); - - /* give the memory away; caller will free */ - - *sids = priv.sids.list; - *num_sids = priv.sids.count; - - return NT_STATUS_OK; -} -#endif - /*************************************************************************** Add privilege to sid ****************************************************************************/ @@ -563,20 +544,19 @@ NTSTATUS privilege_create_account(const DOM_SID *sid ) ****************************************************************************/ NTSTATUS privilege_set_init(PRIVILEGE_SET *priv_set) { - NTSTATUS ret; TALLOC_CTX *mem_ctx; ZERO_STRUCTP( priv_set ); mem_ctx = talloc_init("privilege set"); - ALLOC_CHECK(mem_ctx, ret, done, "init_privilege"); + if ( !mem_ctx ) { + DEBUG(0,("privilege_set_init: failed to initialize talloc ctx!\n")); + return NT_STATUS_NO_MEMORY; + } priv_set->mem_ctx = mem_ctx; - ret = NT_STATUS_OK; - -done: - return ret; + return NT_STATUS_OK; } /**************************************************************************** @@ -614,7 +594,6 @@ void privilege_set_free(PRIVILEGE_SET *priv_set) NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la, int count) { - NTSTATUS ret; int i; /* don't crash if the source pointer is NULL (since we don't @@ -624,7 +603,10 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l return NT_STATUS_OK; *new_la = TALLOC_ARRAY(mem_ctx, LUID_ATTR, count); - ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr"); + if ( !*new_la ) { + DEBUG(0,("dup_luid_attr: failed to alloc new LUID_ATTR array [%d]\n", count)); + return NT_STATUS_NO_MEMORY; + } for (i=0; imem_ctx, &dest->set, src->set, src->count ); - if ( !NT_STATUS_IS_OK(result) ) { - DEBUG(0,("dup_privilege_set: Failed to dup LUID_ATTR array [%s]\n", - nt_errstr(result) )); - return False; - } - - dest->control = src->control; - dest->count = src->count; - - return True; + return NT_STATUS_OK; } -#endif /**************************************************************************** Does the user have the specified privilege ? We only deal with one privilege @@ -732,21 +684,6 @@ int count_all_privileges( void ) return count; } -#if 0 /* not used */ -/******************************************************************* - return True is the SID has an entry in the account_pol.tdb -*******************************************************************/ - - BOOL is_privileged_sid( DOM_SID *sid ) -{ - SE_PRIV mask; - - /* check if the lookup succeeds */ - - return get_privileges( sid, &mask ); -} -#endif - /******************************************************************* *******************************************************************/ -- cgit From b4aaa2ae25c0282287943a43bd0939683dfb2582 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 18 Jan 2005 18:29:28 +0000 Subject: r4822: fix return code when you ask for a non-privileged SID via one of the privileges RPC calls (This used to be commit 3f4f2c80fd157796a7ba56f31f921e8a3ce46bc3) --- source3/lib/privileges.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index b84800a0e1..df785f801e 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -739,3 +739,12 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) return True; } +/******************************************************************* +*******************************************************************/ + +BOOL is_privileged_sid( DOM_SID *sid ) +{ + SE_PRIV mask; + + return get_privileges( sid, &mask ); +} -- cgit From b3757eadf05a4e47a5cd19049ee2c5eecf140c37 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 19 Jan 2005 16:52:19 +0000 Subject: r4849: * finish SeAddUsers support in srv_samr_nt.c * define some const SE_PRIV structure for use when you need a SE_PRIV* to a privilege * fix an annoying compiler warngin in smbfilter.c * translate SIDs to names in 'net rpc rights list accounts' * fix a seg fault in cli_lsa_enum_account_rights caused by me forgetting the precedence of * vs. [] (This used to be commit d25fc84bc2b14da9fcc0f3c8d7baeca83f0ea708) --- source3/lib/privileges.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index df785f801e..628b2dd325 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -31,6 +31,15 @@ static SE_PRIV se_priv_all = SE_ALL_PRIVS; static SE_PRIV se_priv_end = SE_END; static SE_PRIV se_priv_none = SE_NONE; +/* Define variables for all privileges so we can use the + SE_PRIV* in the various se_priv_XXX() functions */ + +const SE_PRIV se_machine_account = SE_MACHINE_ACCOUNT; +const SE_PRIV se_print_operator = SE_PRINT_OPERATOR; +const SE_PRIV se_add_users = SE_ADD_USERS; +const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; +const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; + PRIVS privs[] = { #if 0 /* usrmgr will display these twice if you include them. We don't use them but we'll keep the bitmasks reserved in privileges.h anyways */ @@ -56,7 +65,6 @@ PRIVS privs[] = { {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"}, {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"}, {SE_UNSOLICITED_INPUT, "SeUnsolicitedInputPrivilege", "Unsolicited Input"}, - {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Can add Machine Accounts to the Domain"}, {SE_TCB, "SeTcbPrivilege", "Act as part of the operating system"}, {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, @@ -92,7 +100,7 @@ typedef struct priv_sid_list { copy an SE_PRIV structure ****************************************************************************/ -BOOL se_priv_copy( SE_PRIV *dst, SE_PRIV *src ) +BOOL se_priv_copy( SE_PRIV *dst, const SE_PRIV *src ) { if ( !dst || !src ) return False; @@ -106,7 +114,7 @@ BOOL se_priv_copy( SE_PRIV *dst, SE_PRIV *src ) combine 2 SE_PRIV structures and store the resulting set in mew_mask ****************************************************************************/ -static void se_priv_add( SE_PRIV *mask, SE_PRIV *addpriv ) +static void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv ) { int i; @@ -120,7 +128,7 @@ static void se_priv_add( SE_PRIV *mask, SE_PRIV *addpriv ) in mew_mask ****************************************************************************/ -static void se_priv_remove( SE_PRIV *mask, SE_PRIV *removepriv ) +static void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv ) { int i; @@ -133,7 +141,7 @@ static void se_priv_remove( SE_PRIV *mask, SE_PRIV *removepriv ) invert a given SE_PRIV and store the set in new_mask ****************************************************************************/ -static void se_priv_invert( SE_PRIV *new_mask, SE_PRIV *mask ) +static void se_priv_invert( SE_PRIV *new_mask, const SE_PRIV *mask ) { SE_PRIV allprivs; @@ -146,7 +154,7 @@ static void se_priv_invert( SE_PRIV *new_mask, SE_PRIV *mask ) check if 2 SE_PRIV structure are equal ****************************************************************************/ -static BOOL se_priv_equal( SE_PRIV *mask1, SE_PRIV *mask2 ) +static BOOL se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 ) { return ( memcmp(mask1, mask2, sizeof(SE_PRIV)) == 0 ); } @@ -156,7 +164,7 @@ static BOOL se_priv_equal( SE_PRIV *mask1, SE_PRIV *mask2 ) dump an SE_PRIV structure to the log files ****************************************************************************/ -void dump_se_priv( int dbg_cl, int dbg_lvl, SE_PRIV *mask ) +void dump_se_priv( int dbg_cl, int dbg_lvl, const SE_PRIV *mask ) { int i; @@ -624,6 +632,9 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l BOOL user_has_privileges(NT_USER_TOKEN *token, SE_PRIV *privilege) { + if ( !token ) + return False; + return is_privilege_assigned( &token->privileges, privilege ); } -- cgit From 33b789f321e2e00f460a232f90ac751433ac9e8d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 25 Jan 2005 23:32:19 +0000 Subject: r4995: fail set_privileges() if 'enable privileges = no' to prevent confused admins who never read what I write :-) (This used to be commit 1d7a636e0e7f8a0bc3d3ae04b40f79db7f08d619) --- source3/lib/privileges.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 628b2dd325..ea81f9fce0 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -228,6 +228,9 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) fstring keystr; TDB_DATA key, data; + if ( !lp_enable_privileges() ) + return False; + if ( !tdb ) return False; -- cgit From 46d8ff2320a1c195c3b54c57f5bf172c8473a741 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 26 Jan 2005 20:36:44 +0000 Subject: r5015: (based on abartlet's original patch to restrict password changes) * added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb) --- source3/lib/privileges.c | 78 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 74 insertions(+), 4 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index ea81f9fce0..4feb730fee 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -114,7 +114,7 @@ BOOL se_priv_copy( SE_PRIV *dst, const SE_PRIV *src ) combine 2 SE_PRIV structures and store the resulting set in mew_mask ****************************************************************************/ -static void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv ) +void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv ) { int i; @@ -128,7 +128,7 @@ static void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv ) in mew_mask ****************************************************************************/ -static void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv ) +void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv ) { int i; @@ -159,6 +159,23 @@ static BOOL se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 ) return ( memcmp(mask1, mask2, sizeof(SE_PRIV)) == 0 ); } +/*************************************************************************** + check if a SE_PRIV has any assigned privileges +****************************************************************************/ + +static BOOL se_priv_empty( const SE_PRIV *mask ) +{ + SE_PRIV p1; + int i; + + se_priv_copy( &p1, mask ); + + for ( i=0; iprivileges, privilege ); } +/**************************************************************************** + Does the user have any of the specified privileges ? We only deal with one privilege + at a time here. +*****************************************************************************/ + +BOOL user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege) +{ + if ( !token ) + return False; + + return is_any_privilege_assigned( &token->privileges, privilege ); +} + /**************************************************************************** Convert a LUID to a named string ****************************************************************************/ -- cgit From a84bb6d1ec0316a39c8b730c40c9215d9d7f959a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 3 Feb 2005 15:14:54 +0000 Subject: r5203: additional changes for BUG 2291 to restrict who can join a BDC and add domain trusts (This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2) --- source3/lib/privileges.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 4feb730fee..3960faecaa 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -29,11 +29,11 @@ static SE_PRIV se_priv_all = SE_ALL_PRIVS; static SE_PRIV se_priv_end = SE_END; -static SE_PRIV se_priv_none = SE_NONE; /* Define variables for all privileges so we can use the SE_PRIV* in the various se_priv_XXX() functions */ +const SE_PRIV se_priv_none = SE_NONE; const SE_PRIV se_machine_account = SE_MACHINE_ACCOUNT; const SE_PRIV se_print_operator = SE_PRINT_OPERATOR; const SE_PRIV se_add_users = SE_ADD_USERS; -- cgit From bfc76114f65964262d1bf04d72cacefc2ae26680 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 17 Feb 2005 22:46:41 +0000 Subject: r5436: small merges from trunk (This used to be commit f17ffdf805ef8afad2b8d63b619c52540001a546) --- source3/lib/privileges.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 3960faecaa..37695b42b4 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -1,7 +1,7 @@ /* Unix SMB/CIFS implementation. Privileges handling functions - Copyright (C) Jean François Micouleau 1998-2001 + Copyright (C) Jean François Micouleau 1998-2001 Copyright (C) Simo Sorce 2002-2003 Copyright (C) Gerald (Jerry) Carter 2004 @@ -27,8 +27,8 @@ #define GENERATE_LUID_LOW(x) (x)+1; -static SE_PRIV se_priv_all = SE_ALL_PRIVS; -static SE_PRIV se_priv_end = SE_END; +static const SE_PRIV se_priv_all = SE_ALL_PRIVS; +static const SE_PRIV se_priv_end = SE_END; /* Define variables for all privileges so we can use the SE_PRIV* in the various se_priv_XXX() functions */ @@ -503,7 +503,7 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) Add privilege to sid ****************************************************************************/ -BOOL grant_privilege(const DOM_SID *sid, SE_PRIV *priv_mask) +BOOL grant_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) { SE_PRIV old_mask, new_mask; @@ -548,7 +548,7 @@ BOOL grant_privilege_by_name(DOM_SID *sid, const char *name) Remove privilege from sid ****************************************************************************/ -BOOL revoke_privilege(const DOM_SID *sid, SE_PRIV *priv_mask) +BOOL revoke_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) { SE_PRIV mask; -- cgit From 0b451e5cab1ff361de255b53bfc968ac175e3420 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 21 Feb 2005 11:21:11 +0000 Subject: r5484: Fix a memleak (This used to be commit 7b9cb0601ce465361618fcc2c88f8195d93f130a) --- source3/lib/privileges.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 37695b42b4..5a5afa4d72 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -230,8 +230,8 @@ static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) ); se_priv_copy( mask, (SE_PRIV*)data.dptr ); - - + SAFE_FREE(data.dptr); + return True; } -- cgit From 66df8431ec092c4e629fc07e8e5a242ff3821b2d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 10 Mar 2005 18:50:47 +0000 Subject: r5726: merge LsaLookupPrivValue() code from trunk (This used to be commit 277203b5356af58ce62eb4eec0db2eccadeeffd6) --- source3/lib/privileges.c | 116 +++++++++++++++++++++++------------------------ 1 file changed, 57 insertions(+), 59 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 5a5afa4d72..8b5348e1f2 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -3,7 +3,7 @@ Privileges handling functions Copyright (C) Jean François Micouleau 1998-2001 Copyright (C) Simo Sorce 2002-2003 - Copyright (C) Gerald (Jerry) Carter 2004 + Copyright (C) Gerald (Jerry) Carter 2005 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -40,6 +40,43 @@ const SE_PRIV se_add_users = SE_ADD_USERS; const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; +/******************************************************************** + This is a list of privileges reported by a WIndows 2000 SP4 AD DC + just for reference purposes: + + SeCreateTokenPrivilege Create a token object + SeAssignPrimaryTokenPrivilege Replace a process level token + SeLockMemoryPrivilege Lock pages in memory + SeIncreaseQuotaPrivilege Increase quotas + SeMachineAccountPrivilege Add workstations to domain + SeTcbPrivilege Act as part of the operating system + SeSecurityPrivilege Manage auditing and security log + SeTakeOwnershipPrivilege Take ownership of files or other objects + SeLoadDriverPrivilege Load and unload device drivers + SeSystemProfilePrivilege Profile system performance + SeSystemtimePrivilege Change the system time + SeProfileSingleProcessPrivilege Profile single process + SeIncreaseBasePriorityPrivilege Increase scheduling priority + SeCreatePagefilePrivilege Create a pagefile + SeCreatePermanentPrivilege Create permanent shared objects + SeBackupPrivilege Back up files and directories + SeRestorePrivilege Restore files and directories + SeShutdownPrivilege Shut down the system + SeDebugPrivilege Debug programs + SeAuditPrivilege Generate security audits + SeSystemEnvironmentPrivilege Modify firmware environment values + SeChangeNotifyPrivilege Bypass traverse checking + SeRemoteShutdownPrivilege Force shutdown from a remote system + SeUndockPrivilege Remove computer from docking station + SeSyncAgentPrivilege Synchronize directory service data + SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation + SeManageVolumePrivilege Perform volume maintenance tasks + SeImpersonatePrivilege Impersonate a client after authentication + SeCreateGlobalPrivilege Create global objects + +********************************************************************/ + + PRIVS privs[] = { #if 0 /* usrmgr will display these twice if you include them. We don't use them but we'll keep the bitmasks reserved in privileges.h anyways */ @@ -58,38 +95,6 @@ PRIVS privs[] = { {SE_END, "", ""} }; -#if 0 /* not needed currently */ -PRIVS privs[] = { - {SE_ASSIGN_PRIMARY_TOKEN, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"}, - {SE_CREATE_TOKEN, "SeCreateTokenPrivilege", "Create Token"}, - {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"}, - {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"}, - {SE_UNSOLICITED_INPUT, "SeUnsolicitedInputPrivilege", "Unsolicited Input"}, - {SE_TCB, "SeTcbPrivilege", "Act as part of the operating system"}, - {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, - {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, - {SE_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"}, - {SE_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"}, - {SE_SYSTEM_TIME, "SeSystemtimePrivilege", "System Time"}, - {SE_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"}, - {SE_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"}, - {SE_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"}, - {SE_CREATE_PERMANENT, "SeCreatePermanentPrivilege", "Create Permanent"}, - {SE_BACKUP, "SeBackupPrivilege", "Backup Privilege"}, - {SE_RESTORE, "SeRestorePrivilege", "Restore Privilege"}, - {SE_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"}, - {SE_DEBUG, "SeDebugPrivilege", "Debug Privilege"}, - {SE_AUDIT, "SeAuditPrivilege", "Audit"}, - {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, - {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"}, - {SE_UNDOCK, "SeUndockPrivilege", "Undock"}, - {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"}, - {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"}, - {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"} - {SE_END, "", ""} -}; -#endif - typedef struct priv_sid_list { SE_PRIV privilege; SID_LIST sids; @@ -177,6 +182,24 @@ static BOOL se_priv_empty( const SE_PRIV *mask ) return se_priv_equal( &p1, &se_priv_none ); } +/********************************************************************* + Lookup the SE_PRIV value for a privilege name +*********************************************************************/ + +BOOL se_priv_from_name( const char *name, SE_PRIV *mask ) +{ + int i; + + for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { + if ( strequal( privs[i].name, name ) ) { + se_priv_copy( mask, &privs[i].se_priv ); + return True; + } + } + + return False; +} + /*************************************************************************** dump an SE_PRIV structure to the log files ****************************************************************************/ @@ -369,11 +392,9 @@ LUID_ATTR get_privilege_luid( SE_PRIV *mask ) for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { - /* just use the index+1 (so its non-zero) into the - array as the lower portion of the LUID */ - if ( se_priv_equal( &privs[i].se_priv, mask ) ) { priv_luid.luid.low = GENERATE_LUID_LOW(i); + break; } } @@ -664,9 +685,6 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l { int i; - /* don't crash if the source pointer is NULL (since we don't - do priviledges now anyways) */ - if ( !old_la ) return NT_STATUS_OK; @@ -731,26 +749,6 @@ char* luid_to_privilege_name(const LUID *set) return name; } -/**************************************************************************** - Convert an LUID to a 32-bit mask -****************************************************************************/ - -SE_PRIV* luid_to_privilege_mask(const LUID *set) -{ - static SE_PRIV mask; - int max = count_all_privileges(); - - if (set->high != 0) - return NULL; - - if ( set->low > max ) - return NULL; - - se_priv_copy( &mask, &privs[set->low - 1].se_priv ); - - return &mask; -} - /******************************************************************* return the number of elements in the privlege array *******************************************************************/ -- cgit From 0d579953042b5c361ead51f57957accb3706e3f0 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 22 Mar 2005 15:39:24 +0000 Subject: r5953: more compiler cleanups; moved SID_LIST from smb.h to privileges.c to cleanup the name space (This used to be commit 7dfafa712deb115e425c7367296400c54827a217) --- source3/lib/privileges.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 8b5348e1f2..b60832c8d8 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -95,7 +95,12 @@ PRIVS privs[] = { {SE_END, "", ""} }; -typedef struct priv_sid_list { +typedef struct { + int count; + DOM_SID *list; +} SID_LIST; + +typedef struct { SE_PRIV privilege; SID_LIST sids; } PRIV_SID_LIST; -- cgit From e84ead0cfdc5e45a577387cc54dceb4c3f32948a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 27 Mar 2005 16:33:04 +0000 Subject: r6080: Port some of the non-critical changes from HEAD to 3_0. The main one is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f) --- source3/lib/privileges.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index b60832c8d8..e01561de06 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -497,7 +497,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s return 0; } - add_sid_to_array( &sid, &priv->sids.list, &priv->sids.count ); + add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count ); return 0; } -- cgit From 129b461673ecd0ad4d16c0c99585dd5c067172df Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 9 Jun 2005 15:20:11 +0000 Subject: r7440: * merge registry server changes from trunk (so far) for more printmig.exe work * merge the sys_select_signal(char c) change from trunk in order to keeo the winbind code in sync (This used to be commit a112c5570a7f8ddddde1af0fa665f40a6067e8cf) --- source3/lib/privileges.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index e01561de06..ae98d8940f 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -39,6 +39,7 @@ const SE_PRIV se_print_operator = SE_PRINT_OPERATOR; const SE_PRIV se_add_users = SE_ADD_USERS; const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; +const SE_PRIV se_restore = SE_RESTORE; /******************************************************************** This is a list of privileges reported by a WIndows 2000 SP4 AD DC @@ -91,6 +92,9 @@ PRIVS privs[] = { {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain"}, {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Force shutdown from a remote system"}, {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares"}, + {SE_BACKUP, "SeBackupPrivilege", "Back up files and directories"}, + {SE_RESTORE, "SeRestorePrivilege", "Restore files and directories"}, + {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects"}, {SE_END, "", ""} }; @@ -636,6 +640,7 @@ NTSTATUS privilege_create_account(const DOM_SID *sid ) /**************************************************************************** initialise a privilege list and set the talloc context ****************************************************************************/ + NTSTATUS privilege_set_init(PRIVILEGE_SET *priv_set) { TALLOC_CTX *mem_ctx; -- cgit From 270b90e25f2ec5fcb1283588a9e605b7228e0e41 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 29 Jun 2005 16:35:32 +0000 Subject: r7995: * privileges are local except when they're *not* printmig.exe assumes that the LUID of the SeBackupPrivlege on the target server matches the LUID of the privilege on the local client. Even though an LUID is never guaranteed to be the same across reboots. How *awful*! My cat could write better code! (more on my cat later....) * Set the privelege LUID in the global PRIVS[] array * Rename RegCreateKey() to RegCreateKeyEx() to better match MSDN * Rename the unknown field in RegCreateKeyEx() to disposition (guess according to MSDN) * Add the capability to define REG_TDB_ONLY for using the reg_db.c functions and stress the RegXXX() rpc functions. (This used to be commit 0d6352da4800aabc04dfd7c65a6afe6af7cd2d4b) --- source3/lib/privileges.c | 124 ++++++++++++++++++++++++----------------------- 1 file changed, 64 insertions(+), 60 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index ae98d8940f..30db2fc2bb 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -25,8 +25,6 @@ #define PRIVPREFIX "PRIV_" -#define GENERATE_LUID_LOW(x) (x)+1; - static const SE_PRIV se_priv_all = SE_ALL_PRIVS; static const SE_PRIV se_priv_end = SE_END; @@ -43,60 +41,65 @@ const SE_PRIV se_restore = SE_RESTORE; /******************************************************************** This is a list of privileges reported by a WIndows 2000 SP4 AD DC - just for reference purposes: - - SeCreateTokenPrivilege Create a token object - SeAssignPrimaryTokenPrivilege Replace a process level token - SeLockMemoryPrivilege Lock pages in memory - SeIncreaseQuotaPrivilege Increase quotas - SeMachineAccountPrivilege Add workstations to domain - SeTcbPrivilege Act as part of the operating system - SeSecurityPrivilege Manage auditing and security log - SeTakeOwnershipPrivilege Take ownership of files or other objects - SeLoadDriverPrivilege Load and unload device drivers - SeSystemProfilePrivilege Profile system performance - SeSystemtimePrivilege Change the system time - SeProfileSingleProcessPrivilege Profile single process - SeIncreaseBasePriorityPrivilege Increase scheduling priority - SeCreatePagefilePrivilege Create a pagefile - SeCreatePermanentPrivilege Create permanent shared objects - SeBackupPrivilege Back up files and directories - SeRestorePrivilege Restore files and directories - SeShutdownPrivilege Shut down the system - SeDebugPrivilege Debug programs - SeAuditPrivilege Generate security audits - SeSystemEnvironmentPrivilege Modify firmware environment values - SeChangeNotifyPrivilege Bypass traverse checking - SeRemoteShutdownPrivilege Force shutdown from a remote system - SeUndockPrivilege Remove computer from docking station - SeSyncAgentPrivilege Synchronize directory service data - SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation - SeManageVolumePrivilege Perform volume maintenance tasks - SeImpersonatePrivilege Impersonate a client after authentication - SeCreateGlobalPrivilege Create global objects - -********************************************************************/ - - + just for reference purposes (and I know the LUID is not guaranteed + across reboots): + + SeCreateTokenPrivilege Create a token object ( 0x0, 0x2 ) + SeAssignPrimaryTokenPrivilege Replace a process level token ( 0x0, 0x3 ) + SeLockMemoryPrivilege Lock pages in memory ( 0x0, 0x4 ) + SeIncreaseQuotaPrivilege Increase quotas ( 0x0, 0x5 ) + SeMachineAccountPrivilege Add workstations to domain ( 0x0, 0x6 ) + SeTcbPrivilege Act as part of the operating system ( 0x0, 0x7 ) + SeSecurityPrivilege Manage auditing and security log ( 0x0, 0x8 ) + SeTakeOwnershipPrivilege Take ownership of files or other objects ( 0x0, 0x9 ) + SeLoadDriverPrivilege Load and unload device drivers ( 0x0, 0xa ) + SeSystemProfilePrivilege Profile system performance ( 0x0, 0xb ) + SeSystemtimePrivilege Change the system time ( 0x0, 0xc ) + SeProfileSingleProcessPrivilege Profile single process ( 0x0, 0xd ) + SeIncreaseBasePriorityPrivilege Increase scheduling priority ( 0x0, 0xe ) + SeCreatePagefilePrivilege Create a pagefile ( 0x0, 0xf ) + SeCreatePermanentPrivilege Create permanent shared objects ( 0x0, 0x10 ) + SeBackupPrivilege Back up files and directories ( 0x0, 0x11 ) + SeRestorePrivilege Restore files and directories ( 0x0, 0x12 ) + SeShutdownPrivilege Shut down the system ( 0x0, 0x13 ) + SeDebugPrivilege Debug programs ( 0x0, 0x14 ) + SeAuditPrivilege Generate security audits ( 0x0, 0x15 ) + SeSystemEnvironmentPrivilege Modify firmware environment values ( 0x0, 0x16 ) + SeChangeNotifyPrivilege Bypass traverse checking ( 0x0, 0x17 ) + SeRemoteShutdownPrivilege Force shutdown from a remote system ( 0x0, 0x18 ) + SeUndockPrivilege Remove computer from docking station ( 0x0, 0x19 ) + SeSyncAgentPrivilege Synchronize directory service data ( 0x0, 0x1a ) + SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation ( 0x0, 0x1b ) + SeManageVolumePrivilege Perform volume maintenance tasks ( 0x0, 0x1c ) + SeImpersonatePrivilege Impersonate a client after authentication ( 0x0, 0x1d ) + SeCreateGlobalPrivilege Create global objects ( 0x0, 0x1e ) + + ********************************************************************/ + +/* we have to define the LUID here due to a horrible check by printmig.exe + that requires the SeBackupPrivilege match what is in Windows. So match + those that we implement and start Samba privileges at 0x1001 */ + PRIVS privs[] = { #if 0 /* usrmgr will display these twice if you include them. We don't use them but we'll keep the bitmasks reserved in privileges.h anyways */ - {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from network"}, - {SE_INTERACTIVE_LOGON, "SeInteractiveLogonRight", "Log on locally"}, - {SE_BATCH_LOGON, "SeBatchLogonRight", "Log on as a batch job"}, - {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service"}, + {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from network", { 0x0, 0x0 }}, + {SE_INTERACTIVE_LOGON, "SeInteractiveLogonRight", "Log on locally", { 0x0, 0x0 }}, + {SE_BATCH_LOGON, "SeBatchLogonRight", "Log on as a batch job", { 0x0, 0x0 }}, + {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service", { 0x0, 0x0 }}, #endif - {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain"}, - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Manage printers"}, - {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain"}, - {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Force shutdown from a remote system"}, - {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares"}, - {SE_BACKUP, "SeBackupPrivilege", "Back up files and directories"}, - {SE_RESTORE, "SeRestorePrivilege", "Restore files and directories"}, - {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects"}, - - {SE_END, "", ""} + {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain", { 0x0, 0x0006 }}, + {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects",{ 0x0, 0x0009 }}, + {SE_BACKUP, "SeBackupPrivilege", "Back up files and directories", { 0x0, 0x0011 }}, + {SE_RESTORE, "SeRestorePrivilege", "Restore files and directories", { 0x0, 0x0012 }}, + {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Force shutdown from a remote system", { 0x0, 0x0018 }}, + + {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Manage printers", { 0x0, 0x1001 }}, + {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain", { 0x0, 0x1002 }}, + {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares", { 0x0, 0x1003 }}, + + {SE_END, "", "", { 0x0, 0x0 }} }; typedef struct { @@ -109,7 +112,6 @@ typedef struct { SID_LIST sids; } PRIV_SID_LIST; - /*************************************************************************** copy an SE_PRIV structure ****************************************************************************/ @@ -402,7 +404,7 @@ LUID_ATTR get_privilege_luid( SE_PRIV *mask ) for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { if ( se_priv_equal( &privs[i].se_priv, mask ) ) { - priv_luid.luid.low = GENERATE_LUID_LOW(i); + priv_luid.luid = privs[i].luid; break; } } @@ -746,17 +748,19 @@ BOOL user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege) char* luid_to_privilege_name(const LUID *set) { static fstring name; - int max = count_all_privileges(); + int i; if (set->high != 0) return NULL; - if ( set->low > max ) - return NULL; - - fstrcpy( name, privs[set->low - 1].name ); + for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { + if ( set->low == privs[i].luid.low ) { + fstrcpy( name, privs[set->low - 1].name ); + return name; + } + } - return name; + return NULL; } /******************************************************************* @@ -792,7 +796,7 @@ BOOL se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask ) if ( !is_privilege_assigned(mask, &privs[i].se_priv) ) continue; - luid.luid.low = GENERATE_LUID_LOW(i); + luid.luid = privs[i].luid; if ( !privilege_set_add( set, luid ) ) return False; -- cgit From 9b62dfaf19b5fc853393bf367f9c61f547d835d3 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 4 Jul 2005 13:19:05 +0000 Subject: r8141: Update volker's valgrind fix in r8097. Same effect, just helps me to remember what is going on here better. (This used to be commit 4a8068ce632adc34e88c128c4a6cc4c690d082bf) --- source3/lib/privileges.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 30db2fc2bb..05dff33307 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -539,6 +539,9 @@ BOOL grant_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) { SE_PRIV old_mask, new_mask; + ZERO_STRUCT( old_mask ); + ZERO_STRUCT( new_mask ); + if ( get_privileges( sid, &old_mask ) ) se_priv_copy( &new_mask, &old_mask ); else -- cgit From 1431a6030d4d869325184dafc4295737ec810f26 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 4 Aug 2005 01:41:03 +0000 Subject: r9029: Another crash bug when enumerating privileges. Thanks Volker! Guenther (This used to be commit e59c7c76d7ce52c7e16c4978c017636383ec57a5) --- source3/lib/privileges.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 05dff33307..8bb6108448 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -758,7 +758,7 @@ char* luid_to_privilege_name(const LUID *set) for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { if ( set->low == privs[i].luid.low ) { - fstrcpy( name, privs[set->low - 1].name ); + fstrcpy( name, privs[i].name ); return name; } } -- cgit From e722cb25d8b2584a21dc6b4ecbca3b04c4dcb2c1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 2 Sep 2005 12:53:46 +0000 Subject: r9952: Adapt better to the Windows way of taking and assigning ownership: * Users with SeRestorePrivilege may chown files to anyone (be it as a backup software or directly using the ownership-tab in the security acl editor on xp), while * Users with SeTakeOwnershipPrivilege only can chown to themselves. Simo, Jeremy. I think this is correct now. Guenther (This used to be commit 1ef7a192eed457d302a08c692bb54a73a1af4afd) --- source3/lib/privileges.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 8bb6108448..a2797f2a5d 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -38,6 +38,7 @@ const SE_PRIV se_add_users = SE_ADD_USERS; const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; const SE_PRIV se_restore = SE_RESTORE; +const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP; /******************************************************************** This is a list of privileges reported by a WIndows 2000 SP4 AD DC -- cgit From 963351f59d4256743b7238e26614411aeeabc59d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 23 Sep 2005 15:23:16 +0000 Subject: r10454: * prevent privilege code from storing an empty SID (and filter it out if one is already there) * Fix LUID value match in privilege_set_to_se_priv() (fix jmcd's bug report). (This used to be commit 356334264f5cd3a2480c3288ec40e0ee63264e1b) --- source3/lib/privileges.c | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index a2797f2a5d..d95c1ba4c1 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -286,6 +286,11 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) if ( !tdb ) return False; + if ( !sid || (sid->num_auths == 0) ) { + DEBUG(0,("set_privileges: Refusing to store empty SID!\n")); + return False; + } + /* PRIV_ (NULL terminated) as the key */ fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); @@ -498,6 +503,12 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s fstrcpy( sid_string, &key.dptr[strlen(PRIVPREFIX)] ); + /* this is a last ditch safety check to preventing returning + and invalid SID (i've somehow run into this on development branches) */ + + if ( strcmp( "S-0-0", sid_string ) == 0 ) + return 0; + if ( !string_to_sid(&sid, sid_string) ) { DEBUG(0,("travsersal_fn_enum__acct: Could not convert SID [%s]\n", sid_string)); @@ -812,11 +823,28 @@ BOOL se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask ) /******************************************************************* *******************************************************************/ -BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) +static BOOL luid_to_se_priv( LUID *luid, SE_PRIV *mask ) { int i; uint32 num_privs = count_all_privileges(); + for ( i=0; ilow == privs[i].luid.low ) { + se_priv_copy( mask, &privs[i].se_priv ); + return True; + } + } + + return False; +} + +/******************************************************************* +*******************************************************************/ + +BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) +{ + int i; + ZERO_STRUCTP( mask ); for ( i=0; icount; i++ ) { @@ -828,12 +856,8 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) if ( privset->set[i].luid.high != 0 ) return False; - /* make sure :LUID.low is in range */ - if ( privset->set[i].luid.low == 0 || privset->set[i].luid.low > num_privs ) - return False; - - r = privs[privset->set[i].luid.low - 1].se_priv; - se_priv_add( mask, &r ); + if ( luid_to_se_priv( &privset->set[i].luid, &r ) ) + se_priv_add( mask, &r ); } return True; -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/lib/privileges.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index d95c1ba4c1..ff0631b82f 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -397,6 +397,8 @@ static BOOL privilege_set_add(PRIVILEGE_SET *priv_set, LUID_ATTR set) /********************************************************************* Generate the LUID_ATTR structure based on a bitmask + The assumption here is that the privilege has already been validated + so we are guaranteed to find it in the list. *********************************************************************/ LUID_ATTR get_privilege_luid( SE_PRIV *mask ) @@ -404,8 +406,7 @@ LUID_ATTR get_privilege_luid( SE_PRIV *mask ) LUID_ATTR priv_luid; int i; - priv_luid.attr = 0; - priv_luid.luid.high = 0; + ZERO_STRUCT( priv_luid ); for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { -- cgit From 8d7c88667190fe286971ac4fffb64ee5bd9eeeb0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Oct 2005 03:24:00 +0000 Subject: r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208) --- source3/lib/privileges.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index ff0631b82f..ee69613df0 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -104,7 +104,7 @@ PRIVS privs[] = { }; typedef struct { - int count; + size_t count; DOM_SID *list; } SID_LIST; -- cgit From f39c02e945dcb93cb156b9e28656d1cd4b0483da Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 15 Mar 2006 05:50:52 +0000 Subject: r14432: Give in and grant BUILT\Administrators all privileges (This used to be commit b6170910604dba6533b727de8d7f0cc75256d14f) --- source3/lib/privileges.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index ee69613df0..d77d7857d7 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -867,9 +867,27 @@ BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) /******************************************************************* *******************************************************************/ -BOOL is_privileged_sid( DOM_SID *sid ) +BOOL is_privileged_sid( const DOM_SID *sid ) { SE_PRIV mask; return get_privileges( sid, &mask ); } + +/******************************************************************* +*******************************************************************/ + +BOOL grant_all_privileges( const DOM_SID *sid ) +{ + int i; + SE_PRIV mask; + uint32 num_privs = count_all_privileges(); + + se_priv_copy( &mask, &se_priv_none ); + + for ( i=0; i Date: Tue, 20 Jun 2006 01:32:50 +0000 Subject: r16396: Klocwork #1170. Null deref. Jeremy. (This used to be commit 220627ab70977a9a26dc0e010f73195c2c87ec96) --- source3/lib/privileges.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index d77d7857d7..d19592e582 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -530,6 +530,10 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) TDB_CONTEXT *tdb = get_account_pol_tdb(); PRIV_SID_LIST priv; + if (!tdb) { + return NT_STATUS_ACCESS_DENIED; + } + ZERO_STRUCT(priv); se_priv_copy( &priv.privilege, &se_priv_none ); -- cgit From 1cf1e648feed823244731eef5f56bd34e15cb045 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 31 Jul 2006 04:30:55 +0000 Subject: r17334: Some C++ warnings (This used to be commit 8ae7ed1f3cecbb5285313d17b5f9511e2e622f0b) --- source3/lib/privileges.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index d19592e582..344d636f5e 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -473,7 +473,7 @@ BOOL get_privileges_for_sids(SE_PRIV *privileges, DOM_SID *slist, int scount) static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) { - PRIV_SID_LIST *priv = state; + PRIV_SID_LIST *priv = (PRIV_SID_LIST *)state; int prefixlen = strlen(PRIVPREFIX); DOM_SID sid; fstring sid_string; -- cgit From 15974508e8916e325563202f5fa7fad4f8514340 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 28 Nov 2006 13:41:45 +0000 Subject: r19932: Add some const (This used to be commit be3c444c37dc6f0ab91a2815a2efe6f7c38818c5) --- source3/lib/privileges.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 344d636f5e..32535394c7 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -309,7 +309,8 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) check if the privilege is in the privilege list ****************************************************************************/ -static BOOL is_privilege_assigned( SE_PRIV *privileges, const SE_PRIV *check ) +static BOOL is_privilege_assigned( const SE_PRIV *privileges, + const SE_PRIV *check ) { SE_PRIV p1, p2; @@ -740,7 +741,7 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l at a time here. *****************************************************************************/ -BOOL user_has_privileges(NT_USER_TOKEN *token, const SE_PRIV *privilege) +BOOL user_has_privileges(const NT_USER_TOKEN *token, const SE_PRIV *privilege) { if ( !token ) return False; -- cgit From 63609fbb04d2ce620338b4b79e7c1abf39f08ef8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 9 Dec 2006 02:58:18 +0000 Subject: r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24) --- source3/lib/privileges.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 32535394c7..c0f7857c95 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -517,7 +517,9 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s return 0; } - add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count ); + if (!add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count )) { + return 0; + } return 0; } -- cgit From 8960af95585cca9312e6df2f9214fcad8cff73c7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 27 Mar 2007 09:59:32 +0000 Subject: r21976: make use of tdb_*_bystring() and string_term_tdb_data() in lib/ to avoid creating the TDB_DATA struct from strings "by hand" metze (This used to be commit c22b86595a502eb48c9d0038faee8a9ee41b8438) --- source3/lib/privileges.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index c0f7857c95..2348995dc8 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -237,7 +237,7 @@ static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; - TDB_DATA key, data; + TDB_DATA data; /* Fail if the admin has not enable privileges */ @@ -251,10 +251,8 @@ static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) /* PRIV_ (NULL terminated) as the key */ fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - data = tdb_fetch( tdb, key ); + data = tdb_fetch_bystring( tdb, keystr ); if ( !data.dptr ) { DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n", @@ -278,7 +276,7 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; - TDB_DATA key, data; + TDB_DATA data; if ( !lp_enable_privileges() ) return False; @@ -294,15 +292,13 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) /* PRIV_ (NULL terminated) as the key */ fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; /* no packing. static size structure, just write it out */ data.dptr = (char*)mask; data.dsize = sizeof(SE_PRIV); - return ( tdb_store(tdb, key, data, TDB_REPLACE) != -1 ); + return ( tdb_store_bystring(tdb, keystr, data, TDB_REPLACE) != -1 ); } /**************************************************************************** -- cgit From bc2b6436d0f5f3e9ffdfaeb7f1b32996a83d5478 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 29 Mar 2007 09:35:51 +0000 Subject: r22009: change TDB_DATA from char * to unsigned char * and fix all compiler warnings in the users metze (This used to be commit 3a28443079c141a6ce8182c65b56ca210e34f37f) --- source3/lib/privileges.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 2348995dc8..5fa9fd7a7d 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -295,7 +295,7 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) /* no packing. static size structure, just write it out */ - data.dptr = (char*)mask; + data.dptr = (uint8 *)mask; data.dsize = sizeof(SE_PRIV); return ( tdb_store_bystring(tdb, keystr, data, TDB_REPLACE) != -1 ); @@ -482,7 +482,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s /* check we have a PRIV_+SID entry */ - if ( strncmp(key.dptr, PRIVPREFIX, prefixlen) != 0) + if ( strncmp((const char *)key.dptr, PRIVPREFIX, prefixlen) != 0) return 0; /* check to see if we are looking for a particular privilege */ @@ -499,7 +499,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s return 0; } - fstrcpy( sid_string, &key.dptr[strlen(PRIVPREFIX)] ); + fstrcpy( sid_string, (const char *)&key.dptr[strlen(PRIVPREFIX)] ); /* this is a last ditch safety check to preventing returning and invalid SID (i've somehow run into this on development branches) */ -- cgit From be8b0685a55700c6bce3681734800ec6434b0364 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 30 Apr 2007 02:39:34 +0000 Subject: r22589: Make TALLOC_ARRAY consistent across all uses. Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9) --- source3/lib/privileges.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 5fa9fd7a7d..cd6494d1ed 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -719,10 +719,14 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l if ( !old_la ) return NT_STATUS_OK; - *new_la = TALLOC_ARRAY(mem_ctx, LUID_ATTR, count); - if ( !*new_la ) { - DEBUG(0,("dup_luid_attr: failed to alloc new LUID_ATTR array [%d]\n", count)); - return NT_STATUS_NO_MEMORY; + if (count) { + *new_la = TALLOC_ARRAY(mem_ctx, LUID_ATTR, count); + if ( !*new_la ) { + DEBUG(0,("dup_luid_attr: failed to alloc new LUID_ATTR array [%d]\n", count)); + return NT_STATUS_NO_MEMORY; + } + } else { + *new_la = NULL; } for (i=0; i Date: Thu, 14 Jun 2007 11:29:35 +0000 Subject: r23485: This checkin consists mostly of refactorings in preparation of the activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e) --- source3/lib/privileges.c | 505 ++--------------------------------------------- 1 file changed, 18 insertions(+), 487 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index cd6494d1ed..3714a906de 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -4,6 +4,7 @@ Copyright (C) Jean François Micouleau 1998-2001 Copyright (C) Simo Sorce 2002-2003 Copyright (C) Gerald (Jerry) Carter 2005 + Copyright (C) Michael Adam 2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -25,84 +26,6 @@ #define PRIVPREFIX "PRIV_" -static const SE_PRIV se_priv_all = SE_ALL_PRIVS; -static const SE_PRIV se_priv_end = SE_END; - -/* Define variables for all privileges so we can use the - SE_PRIV* in the various se_priv_XXX() functions */ - -const SE_PRIV se_priv_none = SE_NONE; -const SE_PRIV se_machine_account = SE_MACHINE_ACCOUNT; -const SE_PRIV se_print_operator = SE_PRINT_OPERATOR; -const SE_PRIV se_add_users = SE_ADD_USERS; -const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; -const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; -const SE_PRIV se_restore = SE_RESTORE; -const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP; - -/******************************************************************** - This is a list of privileges reported by a WIndows 2000 SP4 AD DC - just for reference purposes (and I know the LUID is not guaranteed - across reboots): - - SeCreateTokenPrivilege Create a token object ( 0x0, 0x2 ) - SeAssignPrimaryTokenPrivilege Replace a process level token ( 0x0, 0x3 ) - SeLockMemoryPrivilege Lock pages in memory ( 0x0, 0x4 ) - SeIncreaseQuotaPrivilege Increase quotas ( 0x0, 0x5 ) - SeMachineAccountPrivilege Add workstations to domain ( 0x0, 0x6 ) - SeTcbPrivilege Act as part of the operating system ( 0x0, 0x7 ) - SeSecurityPrivilege Manage auditing and security log ( 0x0, 0x8 ) - SeTakeOwnershipPrivilege Take ownership of files or other objects ( 0x0, 0x9 ) - SeLoadDriverPrivilege Load and unload device drivers ( 0x0, 0xa ) - SeSystemProfilePrivilege Profile system performance ( 0x0, 0xb ) - SeSystemtimePrivilege Change the system time ( 0x0, 0xc ) - SeProfileSingleProcessPrivilege Profile single process ( 0x0, 0xd ) - SeIncreaseBasePriorityPrivilege Increase scheduling priority ( 0x0, 0xe ) - SeCreatePagefilePrivilege Create a pagefile ( 0x0, 0xf ) - SeCreatePermanentPrivilege Create permanent shared objects ( 0x0, 0x10 ) - SeBackupPrivilege Back up files and directories ( 0x0, 0x11 ) - SeRestorePrivilege Restore files and directories ( 0x0, 0x12 ) - SeShutdownPrivilege Shut down the system ( 0x0, 0x13 ) - SeDebugPrivilege Debug programs ( 0x0, 0x14 ) - SeAuditPrivilege Generate security audits ( 0x0, 0x15 ) - SeSystemEnvironmentPrivilege Modify firmware environment values ( 0x0, 0x16 ) - SeChangeNotifyPrivilege Bypass traverse checking ( 0x0, 0x17 ) - SeRemoteShutdownPrivilege Force shutdown from a remote system ( 0x0, 0x18 ) - SeUndockPrivilege Remove computer from docking station ( 0x0, 0x19 ) - SeSyncAgentPrivilege Synchronize directory service data ( 0x0, 0x1a ) - SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation ( 0x0, 0x1b ) - SeManageVolumePrivilege Perform volume maintenance tasks ( 0x0, 0x1c ) - SeImpersonatePrivilege Impersonate a client after authentication ( 0x0, 0x1d ) - SeCreateGlobalPrivilege Create global objects ( 0x0, 0x1e ) - - ********************************************************************/ - -/* we have to define the LUID here due to a horrible check by printmig.exe - that requires the SeBackupPrivilege match what is in Windows. So match - those that we implement and start Samba privileges at 0x1001 */ - -PRIVS privs[] = { -#if 0 /* usrmgr will display these twice if you include them. We don't - use them but we'll keep the bitmasks reserved in privileges.h anyways */ - - {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from network", { 0x0, 0x0 }}, - {SE_INTERACTIVE_LOGON, "SeInteractiveLogonRight", "Log on locally", { 0x0, 0x0 }}, - {SE_BATCH_LOGON, "SeBatchLogonRight", "Log on as a batch job", { 0x0, 0x0 }}, - {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service", { 0x0, 0x0 }}, -#endif - {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain", { 0x0, 0x0006 }}, - {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects",{ 0x0, 0x0009 }}, - {SE_BACKUP, "SeBackupPrivilege", "Back up files and directories", { 0x0, 0x0011 }}, - {SE_RESTORE, "SeRestorePrivilege", "Restore files and directories", { 0x0, 0x0012 }}, - {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Force shutdown from a remote system", { 0x0, 0x0018 }}, - - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Manage printers", { 0x0, 0x1001 }}, - {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain", { 0x0, 0x1002 }}, - {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares", { 0x0, 0x1003 }}, - - {SE_END, "", "", { 0x0, 0x0 }} -}; - typedef struct { size_t count; DOM_SID *list; @@ -113,125 +36,6 @@ typedef struct { SID_LIST sids; } PRIV_SID_LIST; -/*************************************************************************** - copy an SE_PRIV structure -****************************************************************************/ - -BOOL se_priv_copy( SE_PRIV *dst, const SE_PRIV *src ) -{ - if ( !dst || !src ) - return False; - - memcpy( dst, src, sizeof(SE_PRIV) ); - - return True; -} - -/*************************************************************************** - combine 2 SE_PRIV structures and store the resulting set in mew_mask -****************************************************************************/ - -void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv ) -{ - int i; - - for ( i=0; imask[i] |= addpriv->mask[i]; - } -} - -/*************************************************************************** - remove one SE_PRIV sytucture from another and store the resulting set - in mew_mask -****************************************************************************/ - -void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv ) -{ - int i; - - for ( i=0; imask[i] &= ~removepriv->mask[i]; - } -} - -/*************************************************************************** - invert a given SE_PRIV and store the set in new_mask -****************************************************************************/ - -static void se_priv_invert( SE_PRIV *new_mask, const SE_PRIV *mask ) -{ - SE_PRIV allprivs; - - se_priv_copy( &allprivs, &se_priv_all ); - se_priv_remove( &allprivs, mask ); - se_priv_copy( new_mask, &allprivs ); -} - -/*************************************************************************** - check if 2 SE_PRIV structure are equal -****************************************************************************/ - -static BOOL se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 ) -{ - return ( memcmp(mask1, mask2, sizeof(SE_PRIV)) == 0 ); -} - -/*************************************************************************** - check if a SE_PRIV has any assigned privileges -****************************************************************************/ - -static BOOL se_priv_empty( const SE_PRIV *mask ) -{ - SE_PRIV p1; - int i; - - se_priv_copy( &p1, mask ); - - for ( i=0; imask[i] )); - } - - DEBUGADDC( dbg_cl, dbg_lvl, ("\n")); -} - -/*************************************************************************** - Retrieve the privilege mask (set) for a given SID -****************************************************************************/ static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) { @@ -301,139 +105,6 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) return ( tdb_store_bystring(tdb, keystr, data, TDB_REPLACE) != -1 ); } -/**************************************************************************** - check if the privilege is in the privilege list -****************************************************************************/ - -static BOOL is_privilege_assigned( const SE_PRIV *privileges, - const SE_PRIV *check ) -{ - SE_PRIV p1, p2; - - if ( !privileges || !check ) - return False; - - /* everyone has privileges if you aren't checking for any */ - - if ( se_priv_empty( check ) ) { - DEBUG(1,("is_privilege_assigned: no privileges in check_mask!\n")); - return True; - } - - se_priv_copy( &p1, check ); - - /* invert the SE_PRIV we want to check for and remove that from the - original set. If we are left with the SE_PRIV we are checking - for then return True */ - - se_priv_invert( &p1, check ); - se_priv_copy( &p2, privileges ); - se_priv_remove( &p2, &p1 ); - - return se_priv_equal( &p2, check ); -} - -/**************************************************************************** - check if the privilege is in the privilege list -****************************************************************************/ - -static BOOL is_any_privilege_assigned( SE_PRIV *privileges, const SE_PRIV *check ) -{ - SE_PRIV p1, p2; - - if ( !privileges || !check ) - return False; - - /* everyone has privileges if you aren't checking for any */ - - if ( se_priv_empty( check ) ) { - DEBUG(1,("is_any_privilege_assigned: no privileges in check_mask!\n")); - return True; - } - - se_priv_copy( &p1, check ); - - /* invert the SE_PRIV we want to check for and remove that from the - original set. If we are left with the SE_PRIV we are checking - for then return True */ - - se_priv_invert( &p1, check ); - se_priv_copy( &p2, privileges ); - se_priv_remove( &p2, &p1 ); - - /* see if we have any bits left */ - - return !se_priv_empty( &p2 ); -} - -/**************************************************************************** - add a privilege to a privilege array - ****************************************************************************/ - -static BOOL privilege_set_add(PRIVILEGE_SET *priv_set, LUID_ATTR set) -{ - LUID_ATTR *new_set; - - /* we can allocate memory to add the new privilege */ - - new_set = TALLOC_REALLOC_ARRAY(priv_set->mem_ctx, priv_set->set, LUID_ATTR, priv_set->count + 1); - if ( !new_set ) { - DEBUG(0,("privilege_set_add: failed to allocate memory!\n")); - return False; - } - - new_set[priv_set->count].luid.high = set.luid.high; - new_set[priv_set->count].luid.low = set.luid.low; - new_set[priv_set->count].attr = set.attr; - - priv_set->count++; - priv_set->set = new_set; - - return True; -} - -/********************************************************************* - Generate the LUID_ATTR structure based on a bitmask - The assumption here is that the privilege has already been validated - so we are guaranteed to find it in the list. -*********************************************************************/ - -LUID_ATTR get_privilege_luid( SE_PRIV *mask ) -{ - LUID_ATTR priv_luid; - int i; - - ZERO_STRUCT( priv_luid ); - - for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { - - if ( se_priv_equal( &privs[i].se_priv, mask ) ) { - priv_luid.luid = privs[i].luid; - break; - } - } - - return priv_luid; -} - -/********************************************************************* - Generate the LUID_ATTR structure based on a bitmask -*********************************************************************/ - -const char* get_privilege_dispname( const char *name ) -{ - int i; - - for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { - - if ( strequal( privs[i].name, name ) ) { - return privs[i].description; - } - } - - return NULL; -} - /********************************************************************* get a list of all privleges for all sids the in list *********************************************************************/ @@ -582,17 +253,15 @@ BOOL grant_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) BOOL grant_privilege_by_name(DOM_SID *sid, const char *name) { - int i; - - for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { - if ( strequal(privs[i].name, name) ) { - return grant_privilege( sid, &privs[i].se_priv ); - } - } + SE_PRIV mask; - DEBUG(3, ("grant_privilege_by_name: No Such Privilege Found (%s)\n", name)); + if (! se_priv_from_name(name, &mask)) { + DEBUG(3, ("grant_privilege_by_name: " + "No Such Privilege Found (%s)\n", name)); + return False; + } - return False; + return grant_privilege( sid, &mask ); } /*************************************************************************** @@ -636,17 +305,16 @@ BOOL revoke_all_privileges( DOM_SID *sid ) BOOL revoke_privilege_by_name(DOM_SID *sid, const char *name) { - int i; + SE_PRIV mask; - for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { - if ( strequal(privs[i].name, name) ) { - return revoke_privilege( sid, &privs[i].se_priv ); - } - } + if (! se_priv_from_name(name, &mask)) { + DEBUG(3, ("revoke_privilege_by_name: " + "No Such Privilege Found (%s)\n", name)); + return False; + } - DEBUG(3, ("revoke_privilege_by_name: No Such Privilege Found (%s)\n", name)); + return revoke_privilege(sid, &mask); - return False; } /*************************************************************************** @@ -738,139 +406,6 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l return NT_STATUS_OK; } -/**************************************************************************** - Does the user have the specified privilege ? We only deal with one privilege - at a time here. -*****************************************************************************/ - -BOOL user_has_privileges(const NT_USER_TOKEN *token, const SE_PRIV *privilege) -{ - if ( !token ) - return False; - - return is_privilege_assigned( &token->privileges, privilege ); -} - -/**************************************************************************** - Does the user have any of the specified privileges ? We only deal with one privilege - at a time here. -*****************************************************************************/ - -BOOL user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege) -{ - if ( !token ) - return False; - - return is_any_privilege_assigned( &token->privileges, privilege ); -} - -/**************************************************************************** - Convert a LUID to a named string -****************************************************************************/ - -char* luid_to_privilege_name(const LUID *set) -{ - static fstring name; - int i; - - if (set->high != 0) - return NULL; - - for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { - if ( set->low == privs[i].luid.low ) { - fstrcpy( name, privs[i].name ); - return name; - } - } - - return NULL; -} - -/******************************************************************* - return the number of elements in the privlege array -*******************************************************************/ - -int count_all_privileges( void ) -{ - static int count; - - if ( count ) - return count; - - /* loop over the array and count it */ - for ( count=0; !se_priv_equal(&privs[count].se_priv, &se_priv_end); count++ ) ; - - return count; -} - -/******************************************************************* -*******************************************************************/ - -BOOL se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask ) -{ - int i; - uint32 num_privs = count_all_privileges(); - LUID_ATTR luid; - - luid.attr = 0; - luid.luid.high = 0; - - for ( i=0; ilow == privs[i].luid.low ) { - se_priv_copy( mask, &privs[i].se_priv ); - return True; - } - } - - return False; -} - -/******************************************************************* -*******************************************************************/ - -BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) -{ - int i; - - ZERO_STRUCTP( mask ); - - for ( i=0; icount; i++ ) { - SE_PRIV r; - - /* sanity check for invalid privilege. we really - only care about the low 32 bits */ - - if ( privset->set[i].luid.high != 0 ) - return False; - - if ( luid_to_se_priv( &privset->set[i].luid, &r ) ) - se_priv_add( mask, &r ); - } - - return True; -} - /******************************************************************* *******************************************************************/ @@ -886,15 +421,11 @@ BOOL is_privileged_sid( const DOM_SID *sid ) BOOL grant_all_privileges( const DOM_SID *sid ) { - int i; SE_PRIV mask; - uint32 num_privs = count_all_privileges(); - se_priv_copy( &mask, &se_priv_none ); - - for ( i=0; i Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/privileges.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 3714a906de..df7a2a7748 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/lib/privileges.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index df7a2a7748..2f06307354 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ -- cgit From 9888ecedd8cb2d5d04c4808a107a5f366ac2e95d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 14 Aug 2007 20:11:47 +0000 Subject: r24435: Fix typo. Guenther (This used to be commit 8705f890b11e7158b5c77cbd3a6dfae8eb26776e) --- source3/lib/privileges.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 2f06307354..34bca18b20 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -105,7 +105,7 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) } /********************************************************************* - get a list of all privleges for all sids the in list + get a list of all privileges for all sids in the list *********************************************************************/ BOOL get_privileges_for_sids(SE_PRIV *privileges, DOM_SID *slist, int scount) -- cgit From 54d3c7f61d612ca041aafc0fba964e0431cbf463 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Sep 2007 20:30:51 +0000 Subject: r25040: Add "net sam rights" Not strictly in the SAM, but close enough. This command acts directly on the local tdb, no running smbd required This also changes the root-only check to a warning (This used to be commit 0c5657b5eff60e3c52de8fbb4ce9346d0341854c) --- source3/lib/privileges.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 34bca18b20..b2e145e819 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -31,6 +31,7 @@ typedef struct { } SID_LIST; typedef struct { + TALLOC_CTX *mem_ctx; SE_PRIV privilege; SID_LIST sids; } PRIV_SID_LIST; @@ -183,7 +184,8 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s return 0; } - if (!add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count )) { + if (!add_sid_to_array( priv->mem_ctx, &sid, &priv->sids.list, + &priv->sids.count )) { return 0; } @@ -217,6 +219,35 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) return NT_STATUS_OK; } +/********************************************************************* + Retrieve list of SIDs granted a particular privilege +*********************************************************************/ + +NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx, + DOM_SID **sids, int *num_sids) +{ + TDB_CONTEXT *tdb = get_account_pol_tdb(); + PRIV_SID_LIST priv; + + if (!tdb) { + return NT_STATUS_ACCESS_DENIED; + } + + ZERO_STRUCT(priv); + + se_priv_copy(&priv.privilege, mask); + priv.mem_ctx = mem_ctx; + + tdb_traverse( tdb, priv_traverse_fn, &priv); + + /* give the memory away; caller will free */ + + *sids = priv.sids.list; + *num_sids = priv.sids.count; + + return NT_STATUS_OK; +} + /*************************************************************************** Add privilege to sid ****************************************************************************/ -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/lib/privileges.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index b2e145e819..839ce91a57 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -37,7 +37,7 @@ typedef struct { } PRIV_SID_LIST; -static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) +static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; @@ -76,7 +76,7 @@ static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) Store the privilege mask (set) for a given SID ****************************************************************************/ -static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) +static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; @@ -109,11 +109,11 @@ static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) get a list of all privileges for all sids in the list *********************************************************************/ -BOOL get_privileges_for_sids(SE_PRIV *privileges, DOM_SID *slist, int scount) +bool get_privileges_for_sids(SE_PRIV *privileges, DOM_SID *slist, int scount) { SE_PRIV mask; int i; - BOOL found = False; + bool found = False; se_priv_copy( privileges, &se_priv_none ); @@ -252,7 +252,7 @@ NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx, Add privilege to sid ****************************************************************************/ -BOOL grant_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) +bool grant_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) { SE_PRIV old_mask, new_mask; @@ -281,7 +281,7 @@ BOOL grant_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) Add a privilege based on its name *********************************************************************/ -BOOL grant_privilege_by_name(DOM_SID *sid, const char *name) +bool grant_privilege_by_name(DOM_SID *sid, const char *name) { SE_PRIV mask; @@ -298,7 +298,7 @@ BOOL grant_privilege_by_name(DOM_SID *sid, const char *name) Remove privilege from sid ****************************************************************************/ -BOOL revoke_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) +bool revoke_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) { SE_PRIV mask; @@ -324,7 +324,7 @@ BOOL revoke_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) Revoke all privileges *********************************************************************/ -BOOL revoke_all_privileges( DOM_SID *sid ) +bool revoke_all_privileges( DOM_SID *sid ) { return revoke_privilege( sid, &se_priv_all ); } @@ -333,7 +333,7 @@ BOOL revoke_all_privileges( DOM_SID *sid ) Add a privilege based on its name *********************************************************************/ -BOOL revoke_privilege_by_name(DOM_SID *sid, const char *name) +bool revoke_privilege_by_name(DOM_SID *sid, const char *name) { SE_PRIV mask; @@ -439,7 +439,7 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l /******************************************************************* *******************************************************************/ -BOOL is_privileged_sid( const DOM_SID *sid ) +bool is_privileged_sid( const DOM_SID *sid ) { SE_PRIV mask; @@ -449,7 +449,7 @@ BOOL is_privileged_sid( const DOM_SID *sid ) /******************************************************************* *******************************************************************/ -BOOL grant_all_privileges( const DOM_SID *sid ) +bool grant_all_privileges( const DOM_SID *sid ) { SE_PRIV mask; -- cgit From 900288a2b86abd247f9eb4cd15dc5617a17cfef1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 21:11:36 +0100 Subject: Replace sid_string_static by sid_string_dbg in DEBUGs (This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09) --- source3/lib/privileges.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 839ce91a57..3e2c756849 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -59,8 +59,8 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) data = tdb_fetch_bystring( tdb, keystr ); if ( !data.dptr ) { - DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n", - sid_string_static(sid))); + DEBUG(3, ("get_privileges: No privileges assigned to SID " + "[%s]\n", sid_string_dbg(sid))); return False; } @@ -123,8 +123,8 @@ bool get_privileges_for_sids(SE_PRIV *privileges, DOM_SID *slist, int scount) if ( !get_privileges( &slist[i], &mask ) ) continue; - DEBUG(5,("get_privileges_for_sids: sid = %s\nPrivilege set:\n", - sid_string_static(&slist[i]))); + DEBUG(5,("get_privileges_for_sids: sid = %s\nPrivilege " + "set:\n", sid_string_dbg(&slist[i]))); dump_se_priv( DBGC_ALL, 5, &mask ); se_priv_add( privileges, &mask ); @@ -266,7 +266,7 @@ bool grant_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) se_priv_add( &new_mask, priv_mask ); - DEBUG(10,("grant_privilege: %s\n", sid_string_static(sid))); + DEBUG(10,("grant_privilege: %s\n", sid_string_dbg(sid))); DEBUGADD( 10, ("original privilege mask:\n")); dump_se_priv( DBGC_ALL, 10, &old_mask ); @@ -307,7 +307,7 @@ bool revoke_privilege(const DOM_SID *sid, const SE_PRIV *priv_mask) if ( !get_privileges( sid, &mask ) ) return True; - DEBUG(10,("revoke_privilege: %s\n", sid_string_static(sid))); + DEBUG(10,("revoke_privilege: %s\n", sid_string_dbg(sid))); DEBUGADD( 10, ("original privilege mask:\n")); dump_se_priv( DBGC_ALL, 10, &mask ); -- cgit From 14ef4cdec1ab6be55c97d0f32780cbddbcdde218 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 22:00:39 +0100 Subject: Replace sid_string_static with sid_to_string This adds 28 fstrings on the stack, but I think an fstring on the stack is still far better than a static one. (This used to be commit c7c885078be8fd3024c186044ac28275d7609679) --- source3/lib/privileges.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 3e2c756849..9f155acd8b 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -40,7 +40,7 @@ typedef struct { static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); - fstring keystr; + fstring tmp, keystr; TDB_DATA data; /* Fail if the admin has not enable privileges */ @@ -54,7 +54,7 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) /* PRIV_ (NULL terminated) as the key */ - fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); + fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_string(tmp, sid)); data = tdb_fetch_bystring( tdb, keystr ); @@ -79,7 +79,7 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); - fstring keystr; + fstring tmp, keystr; TDB_DATA data; if ( !lp_enable_privileges() ) @@ -95,7 +95,7 @@ static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask ) /* PRIV_ (NULL terminated) as the key */ - fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); + fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_string(tmp, sid)); /* no packing. static size structure, just write it out */ -- cgit From 2e07c2ade89f4ff281c61f74cb88e09990cf5f46 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 22:47:30 +0100 Subject: s/sid_to_string/sid_to_fstring/ least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546) --- source3/lib/privileges.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 9f155acd8b..63fb462e32 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -54,7 +54,7 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) /* PRIV_ (NULL terminated) as the key */ - fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_string(tmp, sid)); + fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid)); data = tdb_fetch_bystring( tdb, keystr ); @@ -95,7 +95,7 @@ static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask ) /* PRIV_ (NULL terminated) as the key */ - fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_string(tmp, sid)); + fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid)); /* no packing. static size structure, just write it out */ -- cgit From f3603d5a5ab878d45b67bf0f33e2beca50d0af2d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 9 Jan 2008 00:11:31 +0100 Subject: Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS. Michael (This used to be commit 6b2b9a60ef857ec31da5fea631535205fbdede4a) --- source3/lib/privileges.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 63fb462e32..509da80785 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -184,8 +184,10 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s return 0; } - if (!add_sid_to_array( priv->mem_ctx, &sid, &priv->sids.list, - &priv->sids.count )) { + if (!NT_STATUS_IS_OK(add_sid_to_array(priv->mem_ctx, &sid, + &priv->sids.list, + &priv->sids.count))) + { return 0; } -- cgit From 9aa8d0c627773c1509b2beb1cf007a52c57d233e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 28 Mar 2008 12:09:56 +0100 Subject: Convert account_pol.tdb to dbwrap Signed-off-by: Stefan Metzmacher (This used to be commit 0b36871a0d795183f0e9dc78b654788b1988f06e) --- source3/lib/privileges.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'source3/lib/privileges.c') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 509da80785..c1bb783fbc 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -39,7 +39,7 @@ typedef struct { static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) { - TDB_CONTEXT *tdb = get_account_pol_tdb(); + struct db_context *db = get_account_pol_db(); fstring tmp, keystr; TDB_DATA data; @@ -49,14 +49,14 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) return False; } - if ( !tdb ) + if ( db == NULL ) return False; /* PRIV_ (NULL terminated) as the key */ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid)); - data = tdb_fetch_bystring( tdb, keystr ); + data = dbwrap_fetch_bystring( db, talloc_tos(), keystr ); if ( !data.dptr ) { DEBUG(3, ("get_privileges: No privileges assigned to SID " @@ -67,7 +67,7 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) ); se_priv_copy( mask, (SE_PRIV*)data.dptr ); - SAFE_FREE(data.dptr); + TALLOC_FREE(data.dptr); return True; } @@ -78,14 +78,14 @@ static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask ) { - TDB_CONTEXT *tdb = get_account_pol_tdb(); + struct db_context *db = get_account_pol_db(); fstring tmp, keystr; TDB_DATA data; if ( !lp_enable_privileges() ) return False; - if ( !tdb ) + if ( db == NULL ) return False; if ( !sid || (sid->num_auths == 0) ) { @@ -102,7 +102,8 @@ static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask ) data.dptr = (uint8 *)mask; data.dsize = sizeof(SE_PRIV); - return ( tdb_store_bystring(tdb, keystr, data, TDB_REPLACE) != -1 ); + return NT_STATUS_IS_OK(dbwrap_store_bystring(db, keystr, data, + TDB_REPLACE)); } /********************************************************************* @@ -136,10 +137,10 @@ bool get_privileges_for_sids(SE_PRIV *privileges, DOM_SID *slist, int scount) /********************************************************************* - travseral functions for privilege_enumerate_accounts + traversal functions for privilege_enumerate_accounts *********************************************************************/ -static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) +static int priv_traverse_fn(struct db_record *rec, void *state) { PRIV_SID_LIST *priv = (PRIV_SID_LIST *)state; int prefixlen = strlen(PRIVPREFIX); @@ -148,12 +149,12 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s /* easy check first */ - if ( data.dsize != sizeof(SE_PRIV) ) + if (rec->value.dsize != sizeof(SE_PRIV) ) return 0; /* check we have a PRIV_+SID entry */ - if ( strncmp((const char *)key.dptr, PRIVPREFIX, prefixlen) != 0) + if ( strncmp((char *)rec->key.dptr, PRIVPREFIX, prefixlen) != 0) return 0; /* check to see if we are looking for a particular privilege */ @@ -161,7 +162,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s if ( !se_priv_equal(&priv->privilege, &se_priv_none) ) { SE_PRIV mask; - se_priv_copy( &mask, (SE_PRIV*)data.dptr ); + se_priv_copy( &mask, (SE_PRIV*)rec->value.dptr ); /* if the SID does not have the specified privilege then just return */ @@ -170,7 +171,7 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s return 0; } - fstrcpy( sid_string, (const char *)&key.dptr[strlen(PRIVPREFIX)] ); + fstrcpy( sid_string, (char *)&(rec->key.dptr[strlen(PRIVPREFIX)]) ); /* this is a last ditch safety check to preventing returning and invalid SID (i've somehow run into this on development branches) */ @@ -200,10 +201,10 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) { - TDB_CONTEXT *tdb = get_account_pol_tdb(); + struct db_context *db = get_account_pol_db(); PRIV_SID_LIST priv; - if (!tdb) { + if (db == NULL) { return NT_STATUS_ACCESS_DENIED; } @@ -211,7 +212,7 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) se_priv_copy( &priv.privilege, &se_priv_none ); - tdb_traverse( tdb, priv_traverse_fn, &priv); + db->traverse_read(db, priv_traverse_fn, &priv); /* give the memory away; caller will free */ @@ -228,10 +229,10 @@ NTSTATUS privilege_enumerate_accounts(DOM_SID **sids, int *num_sids) NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx, DOM_SID **sids, int *num_sids) { - TDB_CONTEXT *tdb = get_account_pol_tdb(); + struct db_context *db = get_account_pol_db(); PRIV_SID_LIST priv; - if (!tdb) { + if (db == NULL) { return NT_STATUS_ACCESS_DENIED; } @@ -240,7 +241,7 @@ NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx, se_priv_copy(&priv.privilege, mask); priv.mem_ctx = mem_ctx; - tdb_traverse( tdb, priv_traverse_fn, &priv); + db->traverse_read(db, priv_traverse_fn, &priv); /* give the memory away; caller will free */ -- cgit