#include "includes.h"
-#include "dbwrap.h"
+#include "lib/privileges.h"
+#include "dbwrap/dbwrap.h"
+#include "libcli/security/privileges_private.h"
+#include "../libcli/security/security.h"
+#include "passdb.h"
#define PRIVPREFIX "PRIV_"
struct db_context *db = get_account_pol_db();
fstring tmp, keystr;
TDB_DATA data;
+ NTSTATUS status;
/* Fail if the admin has not enable privileges */
fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));
- data = dbwrap_fetch_bystring( db, talloc_tos(), keystr );
+ status = dbwrap_fetch_bystring(db, talloc_tos(), keystr, &data);
- if ( !data.dptr ) {
- DEBUG(3, ("get_privileges: No privileges assigned to SID "
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(4, ("get_privileges: No privileges assigned to SID "
"[%s]\n", sid_string_dbg(sid)));
return False;
}
int prefixlen = strlen(PRIVPREFIX);
struct dom_sid sid;
fstring sid_string;
+ TDB_DATA key;
+
+ key = dbwrap_record_get_key(rec);
/* check we have a PRIV_+SID entry */
- if ( strncmp((char *)rec->key.dptr, PRIVPREFIX, prefixlen) != 0)
+ if (strncmp((char *)key.dptr, PRIVPREFIX, prefixlen) != 0)
return 0;
/* check to see if we are looking for a particular privilege */
- fstrcpy( sid_string, (char *)&(rec->key.dptr[strlen(PRIVPREFIX)]) );
+ fstrcpy( sid_string, (char *)&(key.dptr[strlen(PRIVPREFIX)]) );
if (priv->privilege != 0) {
uint64_t mask;
+ TDB_DATA value;
+
+ value = dbwrap_record_get_value(rec);
- if (rec->value.dsize == 4*4) {
- mask = map_old_SE_PRIV(rec->value.dptr);
+ if (value.dsize == 4*4) {
+ mask = map_old_SE_PRIV(value.dptr);
} else {
- if (rec->value.dsize != sizeof( uint64_t ) ) {
+ if (value.dsize != sizeof( uint64_t ) ) {
DEBUG(3, ("get_privileges: Invalid privileges record assigned to SID "
"[%s]\n", sid_string));
return 0;
}
- mask = BVAL(rec->value.dptr, 0);
+ mask = BVAL(value.dptr, 0);
}
/* if the SID does not have the specified privilege
}
/*********************************************************************
- Retreive list of privileged SIDs (for _lsa_enumerate_accounts()
+ Retrieve list of privileged SIDs (for _lsa_enumerate_accounts()
*********************************************************************/
NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids)
{
struct db_context *db = get_account_pol_db();
PRIV_SID_LIST priv;
+ NTSTATUS status;
if (db == NULL) {
return NT_STATUS_ACCESS_DENIED;
ZERO_STRUCT(priv);
- db->traverse_read(db, priv_traverse_fn, &priv);
+ status = dbwrap_traverse_read(db, priv_traverse_fn, &priv, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
/* give the memory away; caller will free */
{
struct db_context *db = get_account_pol_db();
PRIV_SID_LIST priv;
+ NTSTATUS status;
if (db == NULL) {
return NT_STATUS_ACCESS_DENIED;
priv.privilege = sec_privilege_mask(privilege);
priv.mem_ctx = mem_ctx;
- db->traverse_read(db, priv_traverse_fn, &priv);
+ status = dbwrap_traverse_read(db, priv_traverse_fn, &priv, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
/* give the memory away; caller will free */
Add a privilege based on its name
*********************************************************************/
-bool grant_privilege_by_name(struct dom_sid *sid, const char *name)
+bool grant_privilege_by_name(const struct dom_sid *sid, const char *name)
{
uint64_t mask;
Revoke all privileges
*********************************************************************/
-bool revoke_all_privileges( struct dom_sid *sid )
+bool revoke_all_privileges( const struct dom_sid *sid )
{
return revoke_privilege_bitmap( sid, SE_ALL_PRIVS);
}
Add a privilege based on its name
*********************************************************************/
-bool revoke_privilege_by_name(struct dom_sid *sid, const char *name)
+bool revoke_privilege_by_name(const struct dom_sid *sid, const char *name)
{
uint64_t mask;
{
uint64_t mask;
- if (!se_priv_put_all_privileges(&mask)) {
- return False;
- }
+ se_priv_put_all_privileges(&mask);
return grant_privilege_bitmap( sid, mask );
}