mirror of
https://github.com/samba-team/samba.git
synced 2025-11-20 08:23:50 +03:00
r4724: Add support for Windows privileges in Samba 3.0
(based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4.
This commit is contained in:
Gerald Carter
committed by
Gerald (Jerry) Carter
Gerald (Jerry) Carter
parent
dddd572646
commit
77c10ff9aa
@@ -647,3 +647,67 @@ DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src)
|
||||
|
||||
return dst;
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
Add SID to an array SIDs
|
||||
********************************************************************/
|
||||
|
||||
void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
|
||||
{
|
||||
*sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1);
|
||||
|
||||
if (*sids == NULL)
|
||||
return;
|
||||
|
||||
sid_copy(&((*sids)[*num]), sid);
|
||||
*num += 1;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
/********************************************************************
|
||||
Add SID to an array SIDs ensuring that it is not already there
|
||||
********************************************************************/
|
||||
|
||||
void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num_sids)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i=0; i<(*num_sids); i++) {
|
||||
if (sid_compare(sid, &(*sids)[i]) == 0)
|
||||
return;
|
||||
}
|
||||
|
||||
add_sid_to_array(sid, sids, num_sids);
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
Remove SID from an array
|
||||
********************************************************************/
|
||||
|
||||
void del_sid_from_array(const DOM_SID *sid, DOM_SID **sids, int *num)
|
||||
{
|
||||
DOM_SID *sid_list = *sids;
|
||||
int i;
|
||||
|
||||
for ( i=0; i<*num; i++ ) {
|
||||
|
||||
/* if we find the SID, then decrement the count
|
||||
and break out of the loop */
|
||||
|
||||
if ( sid_equal(sid, &sid_list[i]) ) {
|
||||
*num -= 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* This loop will copy the remainder of the array
|
||||
if i < num of sids ni the array */
|
||||
|
||||
for ( ; i<*num; i++ )
|
||||
sid_copy( &sid_list[i], &sid_list[i+1] );
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user