2 Unix SMB/CIFS implementation.
3 Privileges handling functions
4 Copyright (C) Jean François Micouleau 1998-2001
5 Copyright (C) Simo Sorce 2002-2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
27 #define NTSTATUS_CHECK(err, label, str1, str2) do { if (!NT_STATUS_IS_OK(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
31 {SE_NONE
, "no_privs", "No privilege"}, /* this one MUST be first */
32 {SE_CREATE_TOKEN
, "SeCreateTokenPrivilege", "Create Token"},
33 {SE_ASSIGN_PRIMARY_TOKEN
, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"},
34 {SE_LOCK_MEMORY
, "SeLockMemoryPrivilege", "Lock Memory"},
35 {SE_INCREASE_QUOTA
, "SeIncreaseQuotaPrivilege", "Increase Quota"},
36 {SE_UNSOLICITED_INPUT
, "eUnsolicitedInputPrivilege", "Unsolicited Input"},
37 {SE_MACHINE_ACCOUNT
, "SeMachineAccountPrivilege", "Can add Machine Accounts to the Domain"},
38 {SE_TCB
, "SeTcbPrivilege", "TCB"},
39 {SE_SECURITY
, "SeSecurityPrivilege", "Security Privilege"},
40 {SE_TAKE_OWNERSHIP
, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
41 {SE_LOAD_DRIVER
, "SeLocalDriverPrivilege", "Local Driver Privilege"},
42 {SE_SYSTEM_PROFILE
, "SeSystemProfilePrivilege", "System Profile Privilege"},
43 {SE_SYSTEM_TIME
, "SeSystemtimePrivilege", "System Time"},
44 {SE_PROF_SINGLE_PROCESS
, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
45 {SE_INC_BASE_PRIORITY
, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
46 {SE_CREATE_PAGEFILE
, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
47 {SE_CREATE_PERMANENT
, "SeCreatePermanentPrivilege", "Create Permanent"},
48 {SE_BACKUP
, "SeBackupPrivilege", "Backup Privilege"},
49 {SE_RESTORE
, "SeRestorePrivilege", "Restore Privilege"},
50 {SE_SHUTDOWN
, "SeShutdownPrivilege", "Shutdown Privilege"},
51 {SE_DEBUG
, "SeDebugPrivilege", "Debug Privilege"},
52 {SE_AUDIT
, "SeAuditPrivilege", "Audit"},
53 {SE_SYSTEM_ENVIRONMENT
, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
54 {SE_CHANGE_NOTIFY
, "SeChangeNotifyPrivilege", "Change Notify"},
55 {SE_REMOTE_SHUTDOWN
, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"},
56 {SE_UNDOCK
, "SeUndockPrivilege", "Undock"},
57 {SE_SYNC_AGENT
, "SeSynchronizationAgentPrivilege", "Synchronization Agent"},
58 {SE_ENABLE_DELEGATION
, "SeEnableDelegationPrivilege", "Enable Delegation"},
59 {SE_PRINT_OPERATOR
, "SePrintOperatorPrivilege", "Printer Operator"},
60 {SE_ADD_USERS
, "SeAddUsersPrivilege", "Add Users"},
61 {SE_ALL_PRIVS
, "SeAllPrivileges", "All Privileges"}
66 /****************************************************************************
67 Check if a user is a mapped group.
69 This function will check if the group SID is mapped onto a
70 system managed gid or onto a winbind manged sid.
71 In the first case it will be threated like a mapped group
72 and the backend should take the member list with a getgrgid
73 and ignore any user that have been possibly set into the group
76 In the second case, the group is a fully SAM managed group
77 served back to the system through winbind. In this case the
78 members of a Local group are "unrolled" to cope with the fact
79 that unix cannot contain groups inside groups.
80 The backend MUST never call any getgr* / getpw* function or
81 loops with winbind may happen.
82 ****************************************************************************/
85 NTSTATUS
is_mapped_group(BOOL
*mapped
, const DOM_SID
*sid
)
90 /* look if mapping exist, do not make idmap alloc an uid if SID is not found */
91 result
= idmap_get_gid_from_sid(&id
, sid
, False
);
92 if (NT_STATUS_IS_OK(result
)) {
93 *mapped
= gid_is_in_winbind_range(id
);
102 /****************************************************************************
103 duplicate alloc luid_attr
104 ****************************************************************************/
105 NTSTATUS
dupalloc_luid_attr(TALLOC_CTX
*mem_ctx
, LUID_ATTR
**new_la
, LUID_ATTR
*old_la
)
109 /* don't crash if the source pointer is NULL (since we don't
110 do priviledges now anyways) */
115 *new_la
= (LUID_ATTR
*)talloc(mem_ctx
, sizeof(LUID_ATTR
));
116 ALLOC_CHECK(new_la
, ret
, done
, "dupalloc_luid_attr");
118 (*new_la
)->luid
.high
= old_la
->luid
.high
;
119 (*new_la
)->luid
.low
= old_la
->luid
.low
;
120 (*new_la
)->attr
= old_la
->attr
;
128 /****************************************************************************
129 initialise a privilege list
130 ****************************************************************************/
131 NTSTATUS
init_privilege(PRIVILEGE_SET
**priv_set
)
134 TALLOC_CTX
*mem_ctx
= talloc_init("privilege set");
135 ALLOC_CHECK(mem_ctx
, ret
, done
, "init_privilege");
137 *priv_set
= talloc_zero(mem_ctx
, sizeof(PRIVILEGE_SET
));
138 ALLOC_CHECK(*priv_set
, ret
, done
, "init_privilege");
140 (*priv_set
)->mem_ctx
= mem_ctx
;
148 NTSTATUS
init_priv_with_ctx(TALLOC_CTX
*mem_ctx
, PRIVILEGE_SET
**priv_set
)
152 *priv_set
= talloc_zero(mem_ctx
, sizeof(PRIVILEGE_SET
));
153 ALLOC_CHECK(*priv_set
, ret
, done
, "init_privilege");
155 (*priv_set
)->mem_ctx
= mem_ctx
;
156 (*priv_set
)->ext_ctx
= True
;
164 void reset_privilege(PRIVILEGE_SET
*priv_set
)
167 priv_set
->control
= 0;
168 priv_set
->set
= NULL
;
171 void destroy_privilege(PRIVILEGE_SET
**priv_set
)
173 if (priv_set
== NULL
|| *priv_set
== NULL
)
176 reset_privilege(*priv_set
);
177 if (!((*priv_set
)->ext_ctx
))
178 /* mem_ctx is local, destroy it */
179 talloc_destroy((*priv_set
)->mem_ctx
);
183 /****************************************************************************
184 add a privilege to a privilege array
185 ****************************************************************************/
186 NTSTATUS
add_privilege(PRIVILEGE_SET
*priv_set
, LUID_ATTR set
)
191 /* check if the privilege is not already in the list */
192 if (NT_STATUS_IS_OK(check_priv_in_privilege(priv_set
, set
)))
193 return NT_STATUS_UNSUCCESSFUL
;
195 /* we can allocate memory to add the new privilege */
197 new_set
= (LUID_ATTR
*)talloc_realloc(priv_set
->mem_ctx
, priv_set
->set
, (priv_set
->count
+ 1) * (sizeof(LUID_ATTR
)));
198 ALLOC_CHECK(new_set
, ret
, done
, "add_privilege");
200 new_set
[priv_set
->count
].luid
.high
= set
.luid
.high
;
201 new_set
[priv_set
->count
].luid
.low
= set
.luid
.low
;
202 new_set
[priv_set
->count
].attr
= set
.attr
;
205 priv_set
->set
= new_set
;
213 NTSTATUS
add_privilege_by_name(PRIVILEGE_SET
*priv_set
, const char *name
)
217 for (e
= 0; privs
[e
].se_priv
!= SE_ALL_PRIVS
; e
++) {
218 if (StrCaseCmp(privs
[e
].priv
, name
) == 0) {
223 la
.luid
.low
= privs
[e
].se_priv
;
225 return add_privilege(priv_set
, la
);
229 DEBUG(1, ("add_privilege_by_name: No Such Privilege Found (%s)\n", name
));
231 return NT_STATUS_UNSUCCESSFUL
;
234 /****************************************************************************
235 add all the privileges to a privilege array
236 ****************************************************************************/
237 NTSTATUS
add_all_privilege(PRIVILEGE_SET
*priv_set
)
239 NTSTATUS result
= NT_STATUS_OK
;
245 /* TODO: set a proper list of privileges */
246 set
.luid
.low
= SE_ADD_USERS
;
247 result
= add_privilege(priv_set
, set
);
248 NTSTATUS_CHECK(result
, done
, "add_all_privilege", "add_privilege");
250 set
.luid
.low
= SE_MACHINE_ACCOUNT
;
251 result
= add_privilege(priv_set
, set
);
252 NTSTATUS_CHECK(result
, done
, "add_all_privilege", "add_privilege");
254 set
.luid
.low
= SE_PRINT_OPERATOR
;
255 result
= add_privilege(priv_set
, set
);
256 NTSTATUS_CHECK(result
, done
, "add_all_privilege", "add_privilege");
261 /****************************************************************************
262 check if the privilege list is empty
263 ****************************************************************************/
264 NTSTATUS
check_empty_privilege(PRIVILEGE_SET
*priv_set
)
267 return NT_STATUS_INVALID_PARAMETER
;
269 if (priv_set
->count
== 0)
272 return NT_STATUS_UNSUCCESSFUL
;
275 /****************************************************************************
276 check if the privilege is in the privilege list
277 ****************************************************************************/
278 NTSTATUS
check_priv_in_privilege(PRIVILEGE_SET
*priv_set
, LUID_ATTR set
)
283 return NT_STATUS_INVALID_PARAMETER
;
285 /* if the list is empty, obviously we can't have it */
286 if (NT_STATUS_IS_OK(check_empty_privilege(priv_set
)))
287 return NT_STATUS_UNSUCCESSFUL
;
289 for (i
= 0; i
< priv_set
->count
; i
++) {
292 cur_set
= &priv_set
->set
[i
];
293 /* check only the low and high part. Checking the attr field has no meaning */
294 if ( (cur_set
->luid
.low
== set
.luid
.low
) &&
295 (cur_set
->luid
.high
== set
.luid
.high
) ) {
300 return NT_STATUS_UNSUCCESSFUL
;
303 /****************************************************************************
304 remove a privilege from a privilege array
305 ****************************************************************************/
306 NTSTATUS
remove_privilege(PRIVILEGE_SET
*priv_set
, LUID_ATTR set
)
314 return NT_STATUS_INVALID_PARAMETER
;
316 /* check if the privilege is in the list */
317 if (!NT_STATUS_IS_OK(check_priv_in_privilege(priv_set
, set
)))
318 return NT_STATUS_UNSUCCESSFUL
;
320 /* special case if it's the only privilege in the list */
321 if (priv_set
->count
== 1) {
322 reset_privilege(priv_set
);
327 * the privilege is there, create a new list,
328 * and copy the other privileges
331 old_set
= priv_set
->set
;
333 new_set
= (LUID_ATTR
*)talloc(priv_set
->mem_ctx
, (priv_set
->count
- 1) * (sizeof(LUID_ATTR
)));
334 ALLOC_CHECK(new_set
, ret
, done
, "remove_privilege");
336 for (i
=0, j
=0; i
< priv_set
->count
; i
++) {
337 if ( (old_set
[i
].luid
.low
== set
.luid
.low
) &&
338 (old_set
[i
].luid
.high
== set
.luid
.high
) ) {
342 new_set
[j
].luid
.low
= old_set
[i
].luid
.low
;
343 new_set
[j
].luid
.high
= old_set
[i
].luid
.high
;
344 new_set
[j
].attr
= old_set
[i
].attr
;
349 if (j
!= priv_set
->count
- 1) {
350 DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
351 DEBUGADD(0,("old count:%d, new count:%d\n", priv_set
->count
, j
));
352 return NT_STATUS_INTERNAL_ERROR
;
355 /* ok everything is fine */
358 priv_set
->set
= new_set
;
366 /****************************************************************************
367 duplicates a privilege array
368 the new privilege set must be passed inited
369 (use init_privilege or init_priv_with_ctx)
370 ****************************************************************************/
371 NTSTATUS
dup_priv_set(PRIVILEGE_SET
*new_priv_set
, PRIVILEGE_SET
*priv_set
)
378 if (new_priv_set
== NULL
|| priv_set
== NULL
)
379 return NT_STATUS_INVALID_PARAMETER
;
381 /* special case if there are no privileges in the list */
382 if (priv_set
->count
== 0) {
388 * and copy the other privileges
391 old_set
= priv_set
->set
;
393 new_set
= (LUID_ATTR
*)talloc(new_priv_set
->mem_ctx
, (priv_set
->count
) * (sizeof(LUID_ATTR
)));
394 ALLOC_CHECK(new_set
, ret
, done
, "dup_priv_set");
396 for (i
=0; i
< priv_set
->count
; i
++) {
398 new_set
[i
].luid
.low
= old_set
[i
].luid
.low
;
399 new_set
[i
].luid
.high
= old_set
[i
].luid
.high
;
400 new_set
[i
].attr
= old_set
[i
].attr
;
403 new_priv_set
->count
= priv_set
->count
;
404 new_priv_set
->control
= priv_set
->control
;
405 new_priv_set
->set
= new_set
;
414 NTSTATUS
user_has_privilege(struct current_user
*user
, uint32 privilege
)
420 set
.luid
.low
= privilege
;
422 return check_priv_in_privilege(user
->privs
, set
);