static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask )
{
struct db_context *db = get_account_pol_db();
fstring tmp, keystr;
TDB_DATA data;
if ( !lp_enable_privileges() )
return False;
if ( db == NULL )
return False;
if ( !sid || (sid->num_auths == 0) ) {
DEBUG(0,("set_privileges: Refusing to store empty SID!\n"));
return False;
}
/* PRIV_<SID> (NULL terminated) as the key */
fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));
/* no packing. static size structure, just write it out */
data.dptr = (uint8 *)mask;
data.dsize = sizeof(SE_PRIV);
return NT_STATUS_IS_OK(dbwrap_store_bystring(db, keystr, data,
TDB_REPLACE));
}
static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask )
{
struct db_context *db = get_account_pol_db();
fstring tmp, keystr;
TDB_DATA data;
/* Fail if the admin has not enable privileges */
if ( !lp_enable_privileges() ) {
return False;
}
if ( db == NULL )
return False;
/* PRIV_<SID> (NULL terminated) as the key */
fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));
data = dbwrap_fetch_bystring( db, talloc_tos(), keystr );
if ( !data.dptr ) {
DEBUG(3, ("get_privileges: No privileges assigned to SID "
"[%s]\n", sid_string_dbg(sid)));
return False;
}
SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) );
se_priv_copy( mask, (SE_PRIV*)data.dptr );
TALLOC_FREE(data.dptr);
return True;
}
static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask )
{
TDB_CONTEXT *tdb = get_account_pol_tdb();
fstring keystr;
TDB_DATA key, data;
if ( !lp_enable_privileges() )
return False;
if ( !tdb )
return False;
if ( !sid || (sid->num_auths == 0) ) {
DEBUG(0,("set_privileges: Refusing to store empty SID!\n"));
return False;
}
/* PRIV_<SID> (NULL terminated) as the key */
fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) );
key.dptr = keystr;
key.dsize = strlen(keystr) + 1;
/* no packing. static size structure, just write it out */
data.dptr = (char*)mask;
data.dsize = sizeof(SE_PRIV);
return ( tdb_store(tdb, key, data, TDB_REPLACE) != -1 );
}
BOOL init_account_policy(void)
{
const char *vstring = "INFO/version";
uint32 version;
int i;
if (tdb) {
return True;
}
tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
if (!tdb) {
DEBUG(0,("Failed to open account policy database\n"));
return False;
}
/* handle a Samba upgrade */
tdb_lock_bystring(tdb, vstring);
if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) {
tdb_store_uint32(tdb, vstring, DATABASE_VERSION);
for (i=0; account_policy_names[i].field; i++) {
if (!account_policy_set_default_on_empty(account_policy_names[i].field)) {
DEBUG(0,("failed to set default value in account policy tdb\n"));
return False;
}
}
}
tdb_unlock_bystring(tdb, vstring);
/* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */
privilege_create_account( &global_sid_World );
privilege_create_account( &global_sid_Builtin_Account_Operators );
privilege_create_account( &global_sid_Builtin_Server_Operators );
privilege_create_account( &global_sid_Builtin_Print_Operators );
privilege_create_account( &global_sid_Builtin_Backup_Operators );
/* BUILTIN\Administrators get everything -- *always* */
if ( lp_enable_privileges() ) {
if ( !grant_all_privileges( &global_sid_Builtin_Administrators ) ) {
DEBUG(1,("init_account_policy: Failed to grant privileges "
"to BUILTIN\\Administrators!\n"));
}
}
return True;
}
NTSTATUS privilege_delete_account(const struct dom_sid *sid)
{
struct db_context *db = get_account_pol_db();
fstring tmp, keystr;
if (!lp_enable_privileges()) {
return NT_STATUS_OK;
}
if (!db) {
return NT_STATUS_INVALID_HANDLE;
}
if (!sid || (sid->num_auths == 0)) {
return NT_STATUS_INVALID_SID;
}
/* PRIV_<SID> (NULL terminated) as the key */
fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));
return dbwrap_delete_bystring(db, keystr);
}
static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask )
{
TDB_CONTEXT *tdb = get_account_pol_tdb();
fstring keystr;
TDB_DATA key, data;
/* Fail if the admin has not enable privileges */
if ( !lp_enable_privileges() ) {
return False;
}
if ( !tdb )
return False;
/* PRIV_<SID> (NULL terminated) as the key */
fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) );
key.dptr = keystr;
key.dsize = strlen(keystr) + 1;
data = tdb_fetch( tdb, key );
if ( !data.dptr ) {
DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n",
sid_string_static(sid)));
return False;
}
SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) );
se_priv_copy( mask, (SE_PRIV*)data.dptr );
SAFE_FREE(data.dptr);
return True;
}
