bool user_has_privileges(const NT_USER_TOKEN *token, const SE_PRIV *privilege) { if ( !token ) return False; return is_privilege_assigned( &token->privileges, privilege ); }
static int priv_traverse_fn(struct db_record *rec, void *state) { PRIV_SID_LIST *priv = (PRIV_SID_LIST *)state; int prefixlen = strlen(PRIVPREFIX); DOM_SID sid; fstring sid_string; /* easy check first */ if (rec->value.dsize != sizeof(SE_PRIV) ) return 0; /* check we have a PRIV_+SID entry */ if ( strncmp((char *)rec->key.dptr, PRIVPREFIX, prefixlen) != 0) return 0; /* check to see if we are looking for a particular privilege */ if ( !se_priv_equal(&priv->privilege, &se_priv_none) ) { SE_PRIV mask; se_priv_copy( &mask, (SE_PRIV*)rec->value.dptr ); /* if the SID does not have the specified privilege then just return */ if ( !is_privilege_assigned( &mask, &priv->privilege) ) return 0; } fstrcpy( sid_string, (char *)&(rec->key.dptr[strlen(PRIVPREFIX)]) ); /* this is a last ditch safety check to preventing returning and invalid SID (i've somehow run into this on development branches) */ if ( strcmp( "S-0-0", sid_string ) == 0 ) return 0; if ( !string_to_sid(&sid, sid_string) ) { DEBUG(0,("travsersal_fn_enum__acct: Could not convert SID [%s]\n", sid_string)); return 0; } if (!NT_STATUS_IS_OK(add_sid_to_array(priv->mem_ctx, &sid, &priv->sids.list, &priv->sids.count))) { return 0; } return 0; }
static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) { PRIV_SID_LIST *priv = state; int prefixlen = strlen(PRIVPREFIX); DOM_SID sid; fstring sid_string; /* easy check first */ if ( data.dsize != sizeof(SE_PRIV) ) return 0; /* check we have a PRIV_+SID entry */ if ( strncmp(key.dptr, PRIVPREFIX, prefixlen) != 0) return 0; /* check to see if we are looking for a particular privilege */ if ( !se_priv_equal(&priv->privilege, &se_priv_none) ) { SE_PRIV mask; se_priv_copy( &mask, (SE_PRIV*)data.dptr ); /* if the SID does not have the specified privilege then just return */ if ( !is_privilege_assigned( &mask, &priv->privilege) ) return 0; } fstrcpy( sid_string, &key.dptr[strlen(PRIVPREFIX)] ); /* this is a last ditch safety check to preventing returning and invalid SID (i've somehow run into this on development branches) */ if ( strcmp( "S-0-0", sid_string ) == 0 ) return 0; if ( !string_to_sid(&sid, sid_string) ) { DEBUG(0,("travsersal_fn_enum__acct: Could not convert SID [%s]\n", sid_string)); return 0; } add_sid_to_array( NULL, &sid, &priv->sids.list, &priv->sids.count ); return 0; }
bool se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask ) { int i; uint32 num_privs = count_all_privileges(); LUID_ATTR luid; luid.attr = 0; luid.luid.high = 0; for ( i=0; i<num_privs; i++ ) { if ( !is_privilege_assigned(mask, &privs[i].se_priv) ) continue; luid.luid = privs[i].luid; if ( !privilege_set_add( set, luid ) ) return False; } return True; }