static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask ) { struct db_context *db = get_account_pol_db(); fstring tmp, keystr; TDB_DATA data; if ( !lp_enable_privileges() ) return False; if ( db == NULL ) return False; if ( !sid || (sid->num_auths == 0) ) { DEBUG(0,("set_privileges: Refusing to store empty SID!\n")); return False; } /* PRIV_<SID> (NULL terminated) as the key */ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid)); /* no packing. static size structure, just write it out */ data.dptr = (uint8 *)mask; data.dsize = sizeof(SE_PRIV); return NT_STATUS_IS_OK(dbwrap_store_bystring(db, keystr, data, TDB_REPLACE)); }
static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask ) { struct db_context *db = get_account_pol_db(); fstring tmp, keystr; TDB_DATA data; /* Fail if the admin has not enable privileges */ if ( !lp_enable_privileges() ) { return False; } if ( db == NULL ) return False; /* PRIV_<SID> (NULL terminated) as the key */ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid)); data = dbwrap_fetch_bystring( db, talloc_tos(), keystr ); if ( !data.dptr ) { DEBUG(3, ("get_privileges: No privileges assigned to SID " "[%s]\n", sid_string_dbg(sid))); return False; } SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) ); se_priv_copy( mask, (SE_PRIV*)data.dptr ); TALLOC_FREE(data.dptr); return True; }
static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; TDB_DATA key, data; if ( !lp_enable_privileges() ) return False; if ( !tdb ) return False; if ( !sid || (sid->num_auths == 0) ) { DEBUG(0,("set_privileges: Refusing to store empty SID!\n")); return False; } /* PRIV_<SID> (NULL terminated) as the key */ fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); key.dptr = keystr; key.dsize = strlen(keystr) + 1; /* no packing. static size structure, just write it out */ data.dptr = (char*)mask; data.dsize = sizeof(SE_PRIV); return ( tdb_store(tdb, key, data, TDB_REPLACE) != -1 ); }
BOOL init_account_policy(void) { const char *vstring = "INFO/version"; uint32 version; int i; if (tdb) { return True; } tdb = tdb_open_log(lock_path("account_policy.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open account policy database\n")); return False; } /* handle a Samba upgrade */ tdb_lock_bystring(tdb, vstring); if (!tdb_fetch_uint32(tdb, vstring, &version) || version != DATABASE_VERSION) { tdb_store_uint32(tdb, vstring, DATABASE_VERSION); for (i=0; account_policy_names[i].field; i++) { if (!account_policy_set_default_on_empty(account_policy_names[i].field)) { DEBUG(0,("failed to set default value in account policy tdb\n")); return False; } } } tdb_unlock_bystring(tdb, vstring); /* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */ privilege_create_account( &global_sid_World ); privilege_create_account( &global_sid_Builtin_Account_Operators ); privilege_create_account( &global_sid_Builtin_Server_Operators ); privilege_create_account( &global_sid_Builtin_Print_Operators ); privilege_create_account( &global_sid_Builtin_Backup_Operators ); /* BUILTIN\Administrators get everything -- *always* */ if ( lp_enable_privileges() ) { if ( !grant_all_privileges( &global_sid_Builtin_Administrators ) ) { DEBUG(1,("init_account_policy: Failed to grant privileges " "to BUILTIN\\Administrators!\n")); } } return True; }
NTSTATUS privilege_delete_account(const struct dom_sid *sid) { struct db_context *db = get_account_pol_db(); fstring tmp, keystr; if (!lp_enable_privileges()) { return NT_STATUS_OK; } if (!db) { return NT_STATUS_INVALID_HANDLE; } if (!sid || (sid->num_auths == 0)) { return NT_STATUS_INVALID_SID; } /* PRIV_<SID> (NULL terminated) as the key */ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid)); return dbwrap_delete_bystring(db, keystr); }
static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask ) { TDB_CONTEXT *tdb = get_account_pol_tdb(); fstring keystr; TDB_DATA key, data; /* Fail if the admin has not enable privileges */ if ( !lp_enable_privileges() ) { return False; } if ( !tdb ) return False; /* PRIV_<SID> (NULL terminated) as the key */ fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); key.dptr = keystr; key.dsize = strlen(keystr) + 1; data = tdb_fetch( tdb, key ); if ( !data.dptr ) { DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n", sid_string_static(sid))); return False; } SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) ); se_priv_copy( mask, (SE_PRIV*)data.dptr ); SAFE_FREE(data.dptr); return True; }