2007-06-14 15:29:35 +04:00
/*
Unix SMB / CIFS implementation .
Privileges handling functions
Copyright ( C ) Jean François Micouleau 1998 - 2001
Copyright ( C ) Simo Sorce 2002 - 2003
Copyright ( C ) Gerald ( Jerry ) Carter 2005
Copyright ( C ) Michael Adam 2007
2010-08-26 12:38:16 +04:00
Copyright ( C ) Andrew Bartlett 2010
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2007-06-14 15:29:35 +04:00
( at your option ) any later version .
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2007-06-14 15:29:35 +04:00
*/
/*
2009-05-16 03:21:08 +04:00
* Basic privileges functions ( mask - operations and conversion
2007-06-14 15:29:35 +04:00
* functions between the different formats ( se_priv , privset , luid )
* moved here * from lib / privileges . c to minimize linker deps .
*
* generally SID - and LUID - related code is left in lib / privileges . c
*
* some extra functions to hide privs array from lib / privileges . c
*/
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
# include "includes.h"
2010-08-26 08:37:00 +04:00
const uint64_t se_priv_all = SE_ALL_PRIVS ;
static const uint64_t se_priv_end = SE_END ;
2007-06-14 15:29:35 +04:00
/* Define variables for all privileges so we can use the
2010-08-26 08:37:00 +04:00
uint64_t * in the various se_priv_XXX ( ) functions */
2007-06-14 15:29:35 +04:00
2010-08-26 08:37:00 +04:00
const uint64_t se_priv_none = SE_NONE ;
const uint64_t se_machine_account = SE_MACHINE_ACCOUNT ;
const uint64_t se_print_operator = SE_PRINT_OPERATOR ;
const uint64_t se_add_users = SE_ADD_USERS ;
const uint64_t se_disk_operators = SE_DISK_OPERATOR ;
const uint64_t se_remote_shutdown = SE_REMOTE_SHUTDOWN ;
const uint64_t se_restore = SE_RESTORE ;
const uint64_t se_take_ownership = SE_TAKE_OWNERSHIP ;
2007-06-14 15:29:35 +04:00
PRIVS privs [ ] = {
2009-05-16 03:21:08 +04:00
#if 0 /* usrmgr will display these twice if you include them. We don't
2007-06-14 15:29:35 +04:00
use them but we ' ll keep the bitmasks reserved in privileges . h anyways */
2009-05-16 03:21:08 +04:00
2010-08-26 13:20:32 +04:00
{ SE_NETWORK_LOGON , " SeNetworkLogonRight " , " Access this computer from network " , 0x0 } ,
{ SE_INTERACTIVE_LOGON , " SeInteractiveLogonRight " , " Log on locally " , 0x0 } ,
{ SE_BATCH_LOGON , " SeBatchLogonRight " , " Log on as a batch job " , 0x0 } ,
{ SE_SERVICE_LOGON , " SeServiceLogonRight " , " Log on as a service " , 0x0 } ,
2007-06-14 15:29:35 +04:00
# endif
2010-08-26 13:20:32 +04:00
{ SE_MACHINE_ACCOUNT , " SeMachineAccountPrivilege " , " Add machines to domain " , SEC_PRIV_MACHINE_ACCOUNT } ,
{ SE_TAKE_OWNERSHIP , " SeTakeOwnershipPrivilege " , " Take ownership of files or other objects " , SEC_PRIV_TAKE_OWNERSHIP } ,
{ SE_BACKUP , " SeBackupPrivilege " , " Back up files and directories " , SEC_PRIV_BACKUP } ,
{ SE_RESTORE , " SeRestorePrivilege " , " Restore files and directories " , SEC_PRIV_RESTORE } ,
{ SE_REMOTE_SHUTDOWN , " SeRemoteShutdownPrivilege " , " Force shutdown from a remote system " , SEC_PRIV_REMOTE_SHUTDOWN } ,
2010-08-26 10:02:12 +04:00
2010-08-26 13:20:32 +04:00
{ SE_PRINT_OPERATOR , " SePrintOperatorPrivilege " , " Manage printers " , SEC_PRIV_PRINT_OPERATOR } ,
{ SE_ADD_USERS , " SeAddUsersPrivilege " , " Add users and groups to the domain " , SEC_PRIV_ADD_USERS } ,
{ SE_DISK_OPERATOR , " SeDiskOperatorPrivilege " , " Manage disk shares " , SEC_PRIV_DISK_OPERATOR } ,
2007-06-14 15:29:35 +04:00
2010-08-26 13:20:32 +04:00
{ SE_END , " " , " " , 0x0 }
2007-06-14 15:29:35 +04:00
} ;
/***************************************************************************
2010-08-26 08:37:00 +04:00
copy an uint64_t structure
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
bool se_priv_copy ( uint64_t * dst , const uint64_t * src )
2007-06-14 15:29:35 +04:00
{
if ( ! dst | | ! src )
return False ;
2009-05-16 03:21:08 +04:00
2010-08-26 08:37:00 +04:00
memcpy ( dst , src , sizeof ( uint64_t ) ) ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
return True ;
}
/***************************************************************************
put all privileges into a mask
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
bool se_priv_put_all_privileges ( uint64_t * mask )
2007-06-14 15:29:35 +04:00
{
int i ;
uint32 num_privs = count_all_privileges ( ) ;
if ( ! se_priv_copy ( mask , & se_priv_none ) ) {
return False ;
}
for ( i = 0 ; i < num_privs ; i + + ) {
2009-05-16 03:21:08 +04:00
se_priv_add ( mask , & privs [ i ] . se_priv ) ;
2007-06-14 15:29:35 +04:00
}
return True ;
}
/***************************************************************************
2010-08-26 08:37:00 +04:00
combine 2 uint64_t structures and store the resulting set in mew_mask
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
void se_priv_add ( uint64_t * mask , const uint64_t * addpriv )
2007-06-14 15:29:35 +04:00
{
2010-08-24 08:47:26 +04:00
* mask | = * addpriv ;
2007-06-14 15:29:35 +04:00
}
/***************************************************************************
2010-08-26 08:37:00 +04:00
remove one uint64_t sytucture from another and store the resulting set
2007-06-14 15:29:35 +04:00
in mew_mask
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
void se_priv_remove ( uint64_t * mask , const uint64_t * removepriv )
2009-05-16 03:21:08 +04:00
{
2010-08-24 08:47:26 +04:00
* mask & = ~ * removepriv ;
2007-06-14 15:29:35 +04:00
}
/***************************************************************************
2010-08-26 08:37:00 +04:00
invert a given uint64_t and store the set in new_mask
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
static void se_priv_invert ( uint64_t * new_mask , const uint64_t * mask )
2009-05-16 03:21:08 +04:00
{
2010-08-26 08:37:00 +04:00
uint64_t allprivs ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
se_priv_copy ( & allprivs , & se_priv_all ) ;
se_priv_remove ( & allprivs , mask ) ;
se_priv_copy ( new_mask , & allprivs ) ;
}
/***************************************************************************
2010-08-26 08:37:00 +04:00
check if 2 uint64_t structure are equal
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
bool se_priv_equal ( const uint64_t * mask1 , const uint64_t * mask2 )
2009-05-16 03:21:08 +04:00
{
2010-08-24 08:47:26 +04:00
return * mask1 = = * mask2 ;
2007-06-14 15:29:35 +04:00
}
/***************************************************************************
2010-08-26 08:37:00 +04:00
check if a uint64_t has any assigned privileges
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
static bool se_priv_empty ( const uint64_t * mask )
2007-06-14 15:29:35 +04:00
{
2010-08-26 08:37:00 +04:00
uint64_t p1 ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
se_priv_copy ( & p1 , mask ) ;
2010-08-24 08:47:26 +04:00
p1 & = se_priv_all ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
return se_priv_equal ( & p1 , & se_priv_none ) ;
}
/*********************************************************************
2010-08-26 08:37:00 +04:00
Lookup the uint64_t value for a privilege name
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
bool se_priv_from_name ( const char * name , uint64_t * mask )
2007-06-14 15:29:35 +04:00
{
int i ;
for ( i = 0 ; ! se_priv_equal ( & privs [ i ] . se_priv , & se_priv_end ) ; i + + ) {
if ( strequal ( privs [ i ] . name , name ) ) {
se_priv_copy ( mask , & privs [ i ] . se_priv ) ;
return True ;
}
}
return False ;
}
/***************************************************************************
2010-08-26 08:37:00 +04:00
dump an uint64_t structure to the log files
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
void dump_se_priv ( int dbg_cl , int dbg_lvl , const uint64_t * mask )
2007-06-14 15:29:35 +04:00
{
2010-08-26 08:37:00 +04:00
DEBUGADDC ( dbg_cl , dbg_lvl , ( " uint64_t 0x%llx \n " , ( unsigned long long ) * mask ) ) ;
2007-06-14 15:29:35 +04:00
}
/****************************************************************************
check if the privilege is in the privilege list
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
bool is_privilege_assigned ( const uint64_t * privileges ,
const uint64_t * check )
2007-06-14 15:29:35 +04:00
{
2010-08-26 08:37:00 +04:00
uint64_t p1 , p2 ;
2007-06-14 15:29:35 +04:00
if ( ! privileges | | ! check )
return False ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
/* everyone has privileges if you aren't checking for any */
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
if ( se_priv_empty ( check ) ) {
DEBUG ( 1 , ( " is_privilege_assigned: no privileges in check_mask! \n " ) ) ;
return True ;
}
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
se_priv_copy ( & p1 , check ) ;
2009-05-16 03:21:08 +04:00
2010-08-26 08:37:00 +04:00
/* invert the uint64_t we want to check for and remove that from the
original set . If we are left with the uint64_t we are checking
2007-06-14 15:29:35 +04:00
for then return True */
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
se_priv_invert ( & p1 , check ) ;
se_priv_copy ( & p2 , privileges ) ;
se_priv_remove ( & p2 , & p1 ) ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
return se_priv_equal ( & p2 , check ) ;
}
/****************************************************************************
check if the privilege is in the privilege list
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
static bool is_any_privilege_assigned ( uint64_t * privileges , const uint64_t * check )
2007-06-14 15:29:35 +04:00
{
2010-08-26 08:37:00 +04:00
uint64_t p1 , p2 ;
2007-06-14 15:29:35 +04:00
if ( ! privileges | | ! check )
return False ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
/* everyone has privileges if you aren't checking for any */
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
if ( se_priv_empty ( check ) ) {
DEBUG ( 1 , ( " is_any_privilege_assigned: no privileges in check_mask! \n " ) ) ;
return True ;
}
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
se_priv_copy ( & p1 , check ) ;
2009-05-16 03:21:08 +04:00
2010-08-26 08:37:00 +04:00
/* invert the uint64_t we want to check for and remove that from the
original set . If we are left with the uint64_t we are checking
2007-06-14 15:29:35 +04:00
for then return True */
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
se_priv_invert ( & p1 , check ) ;
se_priv_copy ( & p2 , privileges ) ;
se_priv_remove ( & p2 , & p1 ) ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
/* see if we have any bits left */
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
return ! se_priv_empty ( & p2 ) ;
}
/*********************************************************************
2010-06-05 04:39:11 +04:00
Generate the struct lsa_LUIDAttribute structure based on a bitmask
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
const char * get_privilege_dispname ( const char * name )
{
int i ;
2008-02-11 13:57:29 +03:00
if ( ! name ) {
return NULL ;
}
2007-06-14 15:29:35 +04:00
for ( i = 0 ; ! se_priv_equal ( & privs [ i ] . se_priv , & se_priv_end ) ; i + + ) {
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
if ( strequal ( privs [ i ] . name , name ) ) {
return privs [ i ] . description ;
}
}
return NULL ;
}
/****************************************************************************
2009-05-16 03:21:08 +04:00
initialise a privilege list and set the talloc context
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
/****************************************************************************
Does the user have the specified privilege ? We only deal with one privilege
at a time here .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 16:08:22 +04:00
bool user_has_privileges ( const struct security_token * token , const uint64_t * privilege )
2007-06-14 15:29:35 +04:00
{
if ( ! token )
return False ;
2010-08-31 05:18:11 +04:00
return is_privilege_assigned ( & token - > privilege_mask , privilege ) ;
2007-06-14 15:29:35 +04:00
}
/****************************************************************************
Does the user have any of the specified privileges ? We only deal with one privilege
at a time here .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 16:08:22 +04:00
bool user_has_any_privilege ( struct security_token * token , const uint64_t * privilege )
2007-06-14 15:29:35 +04:00
{
if ( ! token )
return False ;
2010-08-31 05:18:11 +04:00
return is_any_privilege_assigned ( & token - > privilege_mask , privilege ) ;
2007-06-14 15:29:35 +04:00
}
/*******************************************************************
return the number of elements in the privlege array
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
int count_all_privileges ( void )
{
2007-06-30 13:15:33 +04:00
/*
* The - 1 is due to the weird SE_END record . . .
*/
return ( sizeof ( privs ) / sizeof ( privs [ 0 ] ) ) - 1 ;
2007-06-14 15:29:35 +04:00
}
/*********************************************************************
2010-06-05 04:39:11 +04:00
Generate the struct lsa_LUIDAttribute structure based on a bitmask
2007-06-14 15:29:35 +04:00
The assumption here is that the privilege has already been validated
2009-05-16 03:21:08 +04:00
so we are guaranteed to find it in the list .
2007-06-14 15:29:35 +04:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
struct lsa_LUIDAttribute get_privilege_luid ( uint64_t * mask )
2007-06-14 15:29:35 +04:00
{
2010-06-05 04:39:11 +04:00
struct lsa_LUIDAttribute priv_luid ;
2007-06-14 15:29:35 +04:00
int i ;
ZERO_STRUCT ( priv_luid ) ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
for ( i = 0 ; ! se_priv_equal ( & privs [ i ] . se_priv , & se_priv_end ) ; i + + ) {
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
if ( se_priv_equal ( & privs [ i ] . se_priv , mask ) ) {
2010-08-26 13:20:32 +04:00
priv_luid . luid . low = privs [ i ] . luid ;
priv_luid . luid . high = 0 ;
2007-06-14 15:29:35 +04:00
break ;
}
}
return priv_luid ;
}
/****************************************************************************
Convert a LUID to a named string
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-06-05 04:39:11 +04:00
const char * luid_to_privilege_name ( const struct lsa_LUID * set )
2007-06-14 15:29:35 +04:00
{
int i ;
if ( set - > high ! = 0 )
return NULL ;
for ( i = 0 ; ! se_priv_equal ( & privs [ i ] . se_priv , & se_priv_end ) ; i + + ) {
2010-08-26 13:20:32 +04:00
if ( set - > low = = privs [ i ] . luid ) {
2007-06-30 13:15:33 +04:00
return privs [ i ] . name ;
2007-06-14 15:29:35 +04:00
}
}
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
return NULL ;
}
/****************************************************************************
add a privilege to a privilege array
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-06-05 04:39:11 +04:00
static bool privilege_set_add ( PRIVILEGE_SET * priv_set , struct lsa_LUIDAttribute set )
2007-06-14 15:29:35 +04:00
{
2010-06-05 04:39:11 +04:00
struct lsa_LUIDAttribute * new_set ;
2007-06-14 15:29:35 +04:00
/* we can allocate memory to add the new privilege */
2010-06-05 04:39:11 +04:00
new_set = TALLOC_REALLOC_ARRAY ( priv_set - > mem_ctx , priv_set - > set , struct lsa_LUIDAttribute , priv_set - > count + 1 ) ;
2007-06-14 15:29:35 +04:00
if ( ! new_set ) {
DEBUG ( 0 , ( " privilege_set_add: failed to allocate memory! \n " ) ) ;
return False ;
2009-05-16 03:21:08 +04:00
}
2007-06-14 15:29:35 +04:00
new_set [ priv_set - > count ] . luid . high = set . luid . high ;
new_set [ priv_set - > count ] . luid . low = set . luid . low ;
2010-06-05 04:39:11 +04:00
new_set [ priv_set - > count ] . attribute = set . attribute ;
2007-06-14 15:29:35 +04:00
priv_set - > count + + ;
priv_set - > set = new_set ;
return True ;
}
/*******************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
bool se_priv_to_privilege_set ( PRIVILEGE_SET * set , uint64_t * mask )
2007-06-14 15:29:35 +04:00
{
int i ;
uint32 num_privs = count_all_privileges ( ) ;
2010-06-05 04:39:11 +04:00
struct lsa_LUIDAttribute luid ;
2009-05-16 03:21:08 +04:00
2010-06-05 04:39:11 +04:00
luid . attribute = 0 ;
2007-06-14 15:29:35 +04:00
luid . luid . high = 0 ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
for ( i = 0 ; i < num_privs ; i + + ) {
if ( ! is_privilege_assigned ( mask , & privs [ i ] . se_priv ) )
continue ;
2009-05-16 03:21:08 +04:00
2010-08-26 13:20:32 +04:00
luid . luid . high = 0 ;
luid . luid . low = privs [ i ] . luid ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
if ( ! privilege_set_add ( set , luid ) )
return False ;
}
return True ;
}
/*******************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
static bool luid_to_se_priv ( struct lsa_LUID * luid , uint64_t * mask )
2007-06-14 15:29:35 +04:00
{
int i ;
uint32 num_privs = count_all_privileges ( ) ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
for ( i = 0 ; i < num_privs ; i + + ) {
2010-08-26 13:20:32 +04:00
if ( luid - > low = = privs [ i ] . luid ) {
2007-06-14 15:29:35 +04:00
se_priv_copy ( mask , & privs [ i ] . se_priv ) ;
return True ;
}
}
return False ;
}
/*******************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-08-26 08:37:00 +04:00
bool privilege_set_to_se_priv ( uint64_t * mask , struct lsa_PrivilegeSet * privset )
2007-06-14 15:29:35 +04:00
{
int i ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
ZERO_STRUCTP ( mask ) ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
for ( i = 0 ; i < privset - > count ; i + + ) {
2010-08-26 08:37:00 +04:00
uint64_t r ;
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
/* sanity check for invalid privilege. we really
only care about the low 32 bits */
2009-05-16 03:21:08 +04:00
2007-06-14 15:29:35 +04:00
if ( privset - > set [ i ] . luid . high ! = 0 )
return False ;
2009-05-16 03:21:08 +04:00
if ( luid_to_se_priv ( & privset - > set [ i ] . luid , & r ) )
2007-06-14 15:29:35 +04:00
se_priv_add ( mask , & r ) ;
}
return True ;
}