#include "libcli/security/privileges_private.h"
#include "../libcli/security/security.h"
#include "passdb.h"
+#include "lib/util/string_wrappers.h"
#define PRIVPREFIX "PRIV_"
static bool get_privileges( const struct dom_sid *sid, uint64_t *mask )
{
struct db_context *db = get_account_pol_db();
- fstring tmp, keystr;
+ struct dom_sid_buf tmp;
+ fstring keystr;
TDB_DATA data;
NTSTATUS status;
/* PRIV_<SID> (NULL terminated) as the key */
- fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));
+ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, dom_sid_str_buf(sid, &tmp));
status = dbwrap_fetch_bystring(db, talloc_tos(), keystr, &data);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(4, ("get_privileges: No privileges assigned to SID "
- "[%s]\n", sid_string_dbg(sid)));
+ "[%s]\n", tmp.buf));
return False;
}
} else {
if (data.dsize != sizeof( uint64_t ) ) {
DEBUG(3, ("get_privileges: Invalid privileges record assigned to SID "
- "[%s]\n", sid_string_dbg(sid)));
+ "[%s]\n", tmp.buf));
return False;
}
{
struct db_context *db = get_account_pol_db();
uint8_t privbuf[8];
- fstring tmp, keystr;
+ struct dom_sid_buf tmp;
+ fstring keystr;
TDB_DATA data;
if ( !lp_enable_privileges() )
/* PRIV_<SID> (NULL terminated) as the key */
- fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));
+ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, dom_sid_str_buf(sid, &tmp));
/* This writes the 64 bit bitmask out in little endian format */
SBVAL(privbuf,0,mask);
*privileges = 0;
for ( i=0; i<scount; i++ ) {
+ struct dom_sid_buf buf;
+
/* don't add unless we actually have a privilege assigned */
if ( !get_privileges( &slist[i], &mask ) )
continue;
DEBUG(5,("get_privileges_for_sids: sid = %s\nPrivilege "
- "set: 0x%llx\n", sid_string_dbg(&slist[i]),
+ "set: 0x%llx\n",
+ dom_sid_str_buf(&slist[i], &buf),
(unsigned long long)mask));
*privileges |= mask;
}
/*********************************************************************
- Retreive list of privileged SIDs (for _lsa_enumerate_accounts()
+ Retrieve list of privileged SIDs (for _lsa_enumerate_accounts()
*********************************************************************/
NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids)
static bool grant_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask)
{
uint64_t old_mask, new_mask;
+ struct dom_sid_buf buf;
ZERO_STRUCT( old_mask );
ZERO_STRUCT( new_mask );
new_mask |= priv_mask;
- DEBUG(10,("grant_privilege: %s\n", sid_string_dbg(sid)));
+ DEBUG(10,("grant_privilege: %s\n", dom_sid_str_buf(sid, &buf)));
DEBUGADD( 10, ("original privilege mask: 0x%llx\n", (unsigned long long)new_mask));
static bool revoke_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask)
{
uint64_t mask;
+ struct dom_sid_buf buf;
/* if the user has no privileges, then we can't revoke any */
if ( !get_privileges( sid, &mask ) )
return True;
- DEBUG(10,("revoke_privilege: %s\n", sid_string_dbg(sid)));
+ DEBUG(10,("revoke_privilege: %s\n", dom_sid_str_buf(sid, &buf)));
DEBUGADD( 10, ("original privilege mask: 0x%llx\n", (unsigned long long)mask));
NTSTATUS privilege_delete_account(const struct dom_sid *sid)
{
struct db_context *db = get_account_pol_db();
- fstring tmp, keystr;
+ struct dom_sid_buf tmp;
+ fstring keystr;
if (!lp_enable_privileges()) {
return NT_STATUS_OK;
/* PRIV_<SID> (NULL terminated) as the key */
- fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));
+ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, dom_sid_str_buf(sid, &tmp));
return dbwrap_delete_bystring(db, keystr);
}