From e0cbc68c0a29bc036949adb7be5e140edd07a3b2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 30 Aug 2010 13:24:43 +1000 Subject: s3-privs Rework privilege enumeration to also use new DB format Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/lib/privileges.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 42fccf8b71..5988480cc0 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -173,20 +173,33 @@ static int priv_traverse_fn(struct db_record *rec, void *state) /* check to see if we are looking for a particular privilege */ - if ( !se_priv_equal(&priv->privilege, &se_priv_none) ) { + fstrcpy( sid_string, (char *)&(rec->key.dptr[strlen(PRIVPREFIX)]) ); + + if (priv->privilege != 0) { uint64_t mask; - se_priv_copy( &mask, (uint64_t*)rec->value.dptr ); + if (rec->value.dsize == 4*4) { + DEBUG(3, ("get_privileges: Should not have obtained old-style privileges record for SID " + "[%s]\n", sid_string)); + return 0; + } + + if (rec->value.dsize != sizeof( uint64_t ) ) { + DEBUG(3, ("get_privileges: Invalid privileges record assigned to SID " + "[%s]\n", sid_string)); + return 0; + } + + mask = BVAL(rec->value.dptr, 0); /* if the SID does not have the specified privilege then just return */ - if ( !is_privilege_assigned( &mask, &priv->privilege) ) + if ((mask & priv->privilege) == 0) { return 0; + } } - fstrcpy( sid_string, (char *)&(rec->key.dptr[strlen(PRIVPREFIX)]) ); - /* this is a last ditch safety check to preventing returning and invalid SID (i've somehow run into this on development branches) */ -- cgit