sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-11-16 20:23:50 +03:00
Code Activity

r4742: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code

Browse Source
This commit is contained in:
Gerald Carter
2005-01-15 02:20:30 +00:00
committed by Gerald (Jerry) Carter
parent 85731706c9
commit 7bf1312287
5 changed files with 247 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
source/lib/privileges.c
View File

@@ -87,24 +87,25 @@ typedef struct priv_sid_list {
Retrieve the privilege mask (set) for a given SID
****************************************************************************/
static uint32 get_privileges( const DOM_SID *sid )
static uint32 get_privileges( const DOM_SID *sid, uint32 *mask )
{
TDB_CONTEXT *tdb = get_account_pol_tdb();
fstring keystr;
uint32 priv_mask;
if ( !tdb )
return 0;
return False;
fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) );
if ( !tdb_fetch_uint32( tdb, keystr, &priv_mask ) ) {
DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n",
sid_string_static(sid)));
return 0;
return False;
}
return priv_mask;
*mask = priv_mask;
return True;
}
/***************************************************************************
@@ -241,13 +242,11 @@ void get_privileges_for_sids(PRIVILEGE_SET *privset, DOM_SID *slist, int scount)
int i;
for ( i=0; i<scount; i++ ) {
priv_mask = get_privileges( &slist[i] );
/* don't add unless we actually have a privilege assigned */
if ( priv_mask == 0 )
if ( !get_privileges( &slist[i], &priv_mask ) )
continue;
DEBUG(5,("get_privileges_for_sids: sid = %s, privilege mask = 0x%x\n",
sid_string_static(&slist[i]), priv_mask));
@@ -350,9 +349,10 @@ BOOL grant_privilege(const DOM_SID *sid, uint32 priv_mask)
{
uint32 old_mask, new_mask;
old_mask = get_privileges( sid );
new_mask = old_mask | priv_mask;
if ( get_privileges( sid, &old_mask ) )
new_mask = old_mask | priv_mask;
else
new_mask = priv_mask;
DEBUG(10,("grant_privilege: %s, orig priv set = 0x%x, new privilege set = 0x%x\n",
sid_string_static(sid), old_mask, new_mask ));
@@ -360,6 +360,25 @@ BOOL grant_privilege(const DOM_SID *sid, uint32 priv_mask)
return set_privileges( sid, new_mask );
}
/*********************************************************************
Add a privilege based on its name
*********************************************************************/
BOOL grant_privilege_by_name(DOM_SID *sid, const char *name)
{
int i;
for ( i = 0; privs[i].se_priv != SE_END; i++ ) {
if ( strequal(privs[i].name, name) ) {
return grant_privilege( sid, privs[i].se_priv );
}
}
DEBUG(3, ("grant_privilege_by_name: No Such Privilege Found (%s)\n", name));
return False;
}
/***************************************************************************
Remove privilege from sid
****************************************************************************/
@@ -368,7 +387,10 @@ BOOL revoke_privilege(const DOM_SID *sid, uint32 priv_mask)
{
uint32 old_mask, new_mask;
old_mask = get_privileges( sid );
if ( get_privileges( sid, &old_mask ) )
new_mask = old_mask | priv_mask;
else
new_mask = priv_mask;
new_mask = old_mask & ~priv_mask;
@@ -378,6 +400,25 @@ BOOL revoke_privilege(const DOM_SID *sid, uint32 priv_mask)
return set_privileges( sid, new_mask );
}
/*********************************************************************
Add a privilege based on its name
*********************************************************************/
BOOL revoke_privilege_by_name(DOM_SID *sid, const char *name)
{
int i;
for ( i = 0; privs[i].se_priv != SE_END; i++ ) {
if ( strequal(privs[i].name, name) ) {
return revoke_privilege( sid, privs[i].se_priv );
}
}
DEBUG(3, ("revoke_privilege_by_name: No Such Privilege Found (%s)\n", name));
return False;
}
/***************************************************************************
Retrieve the SIDs assigned to a given privilege
****************************************************************************/
@@ -560,3 +601,15 @@ int count_all_privileges( void )
return count;
}
/*******************************************************************
*******************************************************************/
BOOL is_privileged_sid( DOM_SID *sid )
{
int mask;
/* check if the lookup succeeds */
return get_privileges( sid, &mask );
}