search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Do some checks about data passed to this function
[Samba.git] / source / lib / privileges.c
blobcd888b6513341961b64d2f65ebeb9ca0fd607c66
1 /*
2 Unix SMB/CIFS implementation.
3 Privileges handling functions
4 Copyright (C) Jean François Micouleau 1998-2001
5 Copyright (C) Simo Sorce 2002-2003
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23
24 /* defines */
25
26 #define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
27 #define NTSTATUS_CHECK(err, label, str1, str2) do { if (!NT_STATUS_IS_OK(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
28
29
30 PRIVS privs[] = {
31 {SE_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
32 {SE_CREATE_TOKEN, "SeCreateTokenPrivilege", "Create Token"},
33 {SE_ASSIGN_PRIMARY_TOKEN, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"},
34 {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"},
35 {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"},
36 {SE_UNSOLICITED_INPUT, "eUnsolicitedInputPrivilege", "Unsolicited Input"},
37 {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Can add Machine Accounts to the Domain"},
38 {SE_TCB, "SeTcbPrivilege", "TCB"},
39 {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"},
40 {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
41 {SE_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"},
42 {SE_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"},
43 {SE_SYSTEM_TIME, "SeSystemtimePrivilege", "System Time"},
44 {SE_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
45 {SE_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
46 {SE_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
47 {SE_CREATE_PERMANENT, "SeCreatePermanentPrivilege", "Create Permanent"},
48 {SE_BACKUP, "SeBackupPrivilege", "Backup Privilege"},
49 {SE_RESTORE, "SeRestorePrivilege", "Restore Privilege"},
50 {SE_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"},
51 {SE_DEBUG, "SeDebugPrivilege", "Debug Privilege"},
52 {SE_AUDIT, "SeAuditPrivilege", "Audit"},
53 {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
54 {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"},
55 {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"},
56 {SE_UNDOCK, "SeUndockPrivilege", "Undock"},
57 {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"},
58 {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"},
59 {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Operator"},
60 {SE_ADD_USERS, "SeAddUsersPrivilege", "Add Users"},
61 {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"}
62 };
63
64
65
66 /****************************************************************************
67 Check if a user is a mapped group.
68
69 This function will check if the group SID is mapped onto a
70 system managed gid or onto a winbind manged sid.
71 In the first case it will be threated like a mapped group
72 and the backend should take the member list with a getgrgid
73 and ignore any user that have been possibly set into the group
74 object.
75
76 In the second case, the group is a fully SAM managed group
77 served back to the system through winbind. In this case the
78 members of a Local group are "unrolled" to cope with the fact
79 that unix cannot contain groups inside groups.
80 The backend MUST never call any getgr* / getpw* function or
81 loops with winbind may happen.
82 ****************************************************************************/
83
84 #if 0
85 NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
86 {
87 NTSTATUS result;
88 gid_t id;
89
90 /* look if mapping exist, do not make idmap alloc an uid if SID is not found */
91 result = idmap_get_gid_from_sid(&id, sid, False);
92 if (NT_STATUS_IS_OK(result)) {
93 *mapped = gid_is_in_winbind_range(id);
94 } else {
95 *mapped = False;
96 }
97
98 return result;
99 }
100 #endif
101
102 /****************************************************************************
103 duplicate alloc luid_attr
104 ****************************************************************************/
105 NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la)
106 {
107 NTSTATUS ret;
108
109 /* don't crash if the source pointer is NULL (since we don't
110 do priviledges now anyways) */
111
112 if ( !old_la )
113 return NT_STATUS_OK;
114
115 *new_la = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR));
116 ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr");
117
118 (*new_la)->luid.high = old_la->luid.high;
119 (*new_la)->luid.low = old_la->luid.low;
120 (*new_la)->attr = old_la->attr;
121
122 ret = NT_STATUS_OK;
123
124 done:
125 return ret;
126 }
127
128 /****************************************************************************
129 initialise a privilege list
130 ****************************************************************************/
131 NTSTATUS init_privilege(PRIVILEGE_SET **priv_set)
132 {
133 NTSTATUS ret;
134 TALLOC_CTX *mem_ctx = talloc_init("privilege set");
135 ALLOC_CHECK(mem_ctx, ret, done, "init_privilege");
136
137 *priv_set = talloc_zero(mem_ctx, sizeof(PRIVILEGE_SET));
138 ALLOC_CHECK(*priv_set, ret, done, "init_privilege");
139
140 (*priv_set)->mem_ctx = mem_ctx;
141
142 ret = NT_STATUS_OK;
143
144 done:
145 return ret;
146 }
147
148 NTSTATUS init_priv_with_ctx(TALLOC_CTX *mem_ctx, PRIVILEGE_SET **priv_set)
149 {
150 NTSTATUS ret;
151
152 *priv_set = talloc_zero(mem_ctx, sizeof(PRIVILEGE_SET));
153 ALLOC_CHECK(*priv_set, ret, done, "init_privilege");
154
155 (*priv_set)->mem_ctx = mem_ctx;
156 (*priv_set)->ext_ctx = True;
157
158 ret = NT_STATUS_OK;
159
160 done:
161 return ret;
162 }
163
164 void reset_privilege(PRIVILEGE_SET *priv_set)
165 {
166 priv_set->count = 0;
167 priv_set->control = 0;
168 priv_set->set = NULL;
169 }
170
171 void destroy_privilege(PRIVILEGE_SET **priv_set)
172 {
173 if (priv_set == NULL || *priv_set == NULL)
174 return;
175
176 reset_privilege(*priv_set);
177 if (!((*priv_set)->ext_ctx))
178 /* mem_ctx is local, destroy it */
179 talloc_destroy((*priv_set)->mem_ctx);
180 *priv_set = NULL;
181 }
182
183 /****************************************************************************
184 add a privilege to a privilege array
185 ****************************************************************************/
186 NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
187 {
188 NTSTATUS ret;
189 LUID_ATTR *new_set;
190
191 /* check if the privilege is not already in the list */
192 if (NT_STATUS_IS_OK(check_priv_in_privilege(priv_set, set)))
193 return NT_STATUS_UNSUCCESSFUL;
194
195 /* we can allocate memory to add the new privilege */
196
197 new_set = (LUID_ATTR *)talloc_realloc(priv_set->mem_ctx, priv_set->set, (priv_set->count + 1) * (sizeof(LUID_ATTR)));
198 ALLOC_CHECK(new_set, ret, done, "add_privilege");
199
200 new_set[priv_set->count].luid.high = set.luid.high;
201 new_set[priv_set->count].luid.low = set.luid.low;
202 new_set[priv_set->count].attr = set.attr;
203
204 priv_set->count++;
205 priv_set->set = new_set;
206
207 ret = NT_STATUS_OK;
208
209 done:
210 return ret;
211 }
212
213 NTSTATUS add_privilege_by_name(PRIVILEGE_SET *priv_set, const char *name)
214 {
215 int e;
216
217 for (e = 0; privs[e].se_priv != SE_ALL_PRIVS; e++) {
218 if (StrCaseCmp(privs[e].priv, name) == 0) {
219 LUID_ATTR la;
220
221 la.attr = 0;
222 la.luid.high = 0;
223 la.luid.low = privs[e].se_priv;
224
225 return add_privilege(priv_set, la);
226 }
227 }
228
229 DEBUG(1, ("add_privilege_by_name: No Such Privilege Found (%s)\n", name));
230
231 return NT_STATUS_UNSUCCESSFUL;
232 }
233
234 /****************************************************************************
235 add all the privileges to a privilege array
236 ****************************************************************************/
237 NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set)
238 {
239 NTSTATUS result = NT_STATUS_OK;
240 LUID_ATTR set;
241
242 set.attr = 0;
243 set.luid.high = 0;
244
245 /* TODO: set a proper list of privileges */
246 set.luid.low = SE_ADD_USERS;
247 result = add_privilege(priv_set, set);
248 NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege");
249
250 set.luid.low = SE_MACHINE_ACCOUNT;
251 result = add_privilege(priv_set, set);
252 NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege");
253
254 set.luid.low = SE_PRINT_OPERATOR;
255 result = add_privilege(priv_set, set);
256 NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege");
257
258 return result;
259 }
260
261 /****************************************************************************
262 check if the privilege list is empty
263 ****************************************************************************/
264 NTSTATUS check_empty_privilege(PRIVILEGE_SET *priv_set)
265 {
266 if (!priv_set)
267 return NT_STATUS_INVALID_PARAMETER;
268
269 if (priv_set->count == 0)
270 return NT_STATUS_OK;
271
272 return NT_STATUS_UNSUCCESSFUL;
273 }
274
275 /****************************************************************************
276 check if the privilege is in the privilege list
277 ****************************************************************************/
278 NTSTATUS check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
279 {
280 int i;
281
282 if (!priv_set)
283 return NT_STATUS_INVALID_PARAMETER;
284
285 /* if the list is empty, obviously we can't have it */
286 if (NT_STATUS_IS_OK(check_empty_privilege(priv_set)))
287 return NT_STATUS_UNSUCCESSFUL;
288
289 for (i = 0; i < priv_set->count; i++) {
290 LUID_ATTR *cur_set;
291
292 cur_set = &priv_set->set[i];
293 /* check only the low and high part. Checking the attr field has no meaning */
294 if ( (cur_set->luid.low == set.luid.low) &&
295 (cur_set->luid.high == set.luid.high) ) {
296 return NT_STATUS_OK;
297 }
298 }
299
300 return NT_STATUS_UNSUCCESSFUL;
301 }
302
303 /****************************************************************************
304 remove a privilege from a privilege array
305 ****************************************************************************/
306 NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
307 {
308 NTSTATUS ret;
309 LUID_ATTR *new_set;
310 LUID_ATTR *old_set;
311 int i,j;
312
313 if (!priv_set)
314 return NT_STATUS_INVALID_PARAMETER;
315
316 /* check if the privilege is in the list */
317 if (!NT_STATUS_IS_OK(check_priv_in_privilege(priv_set, set)))
318 return NT_STATUS_UNSUCCESSFUL;
319
320 /* special case if it's the only privilege in the list */
321 if (priv_set->count == 1) {
322 reset_privilege(priv_set);
323 return NT_STATUS_OK;
324 }
325
326 /*
327 * the privilege is there, create a new list,
328 * and copy the other privileges
329 */
330
331 old_set = priv_set->set;
332
333 new_set = (LUID_ATTR *)talloc(priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
334 ALLOC_CHECK(new_set, ret, done, "remove_privilege");
335
336 for (i=0, j=0; i < priv_set->count; i++) {
337 if ( (old_set[i].luid.low == set.luid.low) &&
338 (old_set[i].luid.high == set.luid.high) ) {
339 continue;
340 }
341
342 new_set[j].luid.low = old_set[i].luid.low;
343 new_set[j].luid.high = old_set[i].luid.high;
344 new_set[j].attr = old_set[i].attr;
345
346 j++;
347 }
348
349 if (j != priv_set->count - 1) {
350 DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
351 DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
352 return NT_STATUS_INTERNAL_ERROR;
353 }
354
355 /* ok everything is fine */
356
357 priv_set->count--;
358 priv_set->set = new_set;
359
360 ret = NT_STATUS_OK;
361
362 done:
363 return ret;
364 }
365
366 /****************************************************************************
367 duplicates a privilege array
368 the new privilege set must be passed inited
369 (use init_privilege or init_priv_with_ctx)
370 ****************************************************************************/
371 NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set)
372 {
373 NTSTATUS ret;
374 LUID_ATTR *new_set;
375 LUID_ATTR *old_set;
376 int i;
377
378 if (new_priv_set == NULL || priv_set == NULL)
379 return NT_STATUS_INVALID_PARAMETER;
380
381 /* special case if there are no privileges in the list */
382 if (priv_set->count == 0) {
383 return NT_STATUS_OK;
384 }
385
386 /*
387 * create a new list,
388 * and copy the other privileges
389 */
390
391 old_set = priv_set->set;
392
393 new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count) * (sizeof(LUID_ATTR)));
394 ALLOC_CHECK(new_set, ret, done, "dup_priv_set");
395
396 for (i=0; i < priv_set->count; i++) {
397
398 new_set[i].luid.low = old_set[i].luid.low;
399 new_set[i].luid.high = old_set[i].luid.high;
400 new_set[i].attr = old_set[i].attr;
401 }
402
403 new_priv_set->count = priv_set->count;
404 new_priv_set->control = priv_set->control;
405 new_priv_set->set = new_set;
406
407 ret = NT_STATUS_OK;
408
409 done:
410 return ret;
411 }
412
413
414 NTSTATUS user_has_privilege(struct current_user *user, uint32 privilege)
415 {
416 LUID_ATTR set;
417
418 set.attr = 0;
419 set.luid.high = 0;
420 set.luid.low = privilege;
421
422 return check_priv_in_privilege(user->privs, set);
423 }
424
Samba GIT mirror