diff options
| author | bubulle <bubulle@alioth.debian.org> | 2011-03-07 19:04:15 +0000 |
|---|---|---|
| committer | bubulle <bubulle@alioth.debian.org> | 2011-03-07 19:04:15 +0000 |
| commit | 4d16e8d5702fb98dda73c5c0f3404d662ae62df6 (patch) | |
| tree | fc3a71a0b741cbcc6a5a892f91cc0f2218dfe656 /source3/lib/privileges_basic.c | |
| parent | 9fbd7973837d958b90261b85fafff36ac194ba58 (diff) | |
| download | samba-4d16e8d5702fb98dda73c5c0f3404d662ae62df6.tar.gz | |
Load samba-3.5.8 into branches/samba/upstream.upstream/3.5.8_dfsg
git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/upstream@3691 fc4039ab-9d04-0410-8cac-899223bdd6b0
Diffstat (limited to 'source3/lib/privileges_basic.c')
| -rw-r--r-- | source3/lib/privileges_basic.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/source3/lib/privileges_basic.c b/source3/lib/privileges_basic.c index 323983b168..8d52c90683 100644 --- a/source3/lib/privileges_basic.c +++ b/source3/lib/privileges_basic.c @@ -46,6 +46,7 @@ const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; const SE_PRIV se_restore = SE_RESTORE; const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP; +const SE_PRIV se_security = SE_SECURITY; /******************************************************************** This is a list of privileges reported by a WIndows 2000 SP4 AD DC @@ -98,6 +99,7 @@ PRIVS privs[] = { {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service", { 0x0, 0x0 }}, #endif {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain", { 0x0, 0x0006 }}, + {SE_SECURITY, "SeSecurityPrivilege", "Manage auditing and security log", { 0x0, 0x0008 }}, {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects",{ 0x0, 0x0009 }}, {SE_BACKUP, "SeBackupPrivilege", "Back up files and directories", { 0x0, 0x0011 }}, {SE_RESTORE, "SeRestorePrivilege", "Restore files and directories", { 0x0, 0x0012 }}, @@ -107,6 +109,7 @@ PRIVS privs[] = { {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain", { 0x0, 0x1002 }}, {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares", { 0x0, 0x1003 }}, + {SE_END, "", "", { 0x0, 0x0 }} }; @@ -192,6 +195,15 @@ bool se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 ) } /*************************************************************************** + check if 2 LUID's are equal. +****************************************************************************/ + +static bool luid_equal( const LUID *luid1, const LUID *luid2 ) +{ + return ( luid1->low == luid2->low && luid1->high == luid2->high); +} + +/*************************************************************************** check if a SE_PRIV has any assigned privileges ****************************************************************************/ @@ -406,11 +418,8 @@ const char *luid_to_privilege_name(const LUID *set) { int i; - if (set->high != 0) - return NULL; - for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { - if ( set->low == privs[i].luid.low ) { + if (luid_equal(set, &privs[i].luid)) { return privs[i].name; } } @@ -477,9 +486,13 @@ static bool luid_to_se_priv( struct lsa_LUID *luid, SE_PRIV *mask ) { int i; uint32 num_privs = count_all_privileges(); + LUID local_luid; + + local_luid.low = luid->low; + local_luid.high = luid->high; for ( i=0; i<num_privs; i++ ) { - if ( luid->low == privs[i].luid.low ) { + if (luid_equal(&local_luid, &privs[i].luid)) { se_priv_copy( mask, &privs[i].se_priv ); return True; } @@ -500,12 +513,6 @@ bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset ) for ( i=0; i<privset->count; i++ ) { SE_PRIV r; - /* sanity check for invalid privilege. we really - only care about the low 32 bits */ - - if ( privset->set[i].luid.high != 0 ) - return False; - if ( luid_to_se_priv( &privset->set[i].luid, &r ) ) se_priv_add( mask, &r ); } |