2 Unix SMB/Netbios implementation.
5 Copyright (C) Tim Potter 2000
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include "se_access_check_utils.h"
23 #include "lib/util/string_wrappers.h"
25 void char_to_sid(struct dom_sid
*sid
, char *sid_str
)
27 /* If it looks like a SID, call string_to_sid() else look it up
30 if (strncmp(sid_str
, "S-", 2) == 0) {
31 string_to_sid(sid
, sid_str
);
33 struct winbindd_request request
;
34 struct winbindd_response response
;
36 /* Send off request */
39 ZERO_STRUCT(response
);
41 fstrcpy(request
.data
.name
, sid_str
);
42 if (winbindd_request(WINBINDD_LOOKUPNAME
, &request
,
43 &response
) != NSS_STATUS_SUCCESS
) {
44 printf("FAIL: unable to look up sid for name %s\n",
49 string_to_sid(sid
, response
.data
.sid
.sid
);
50 printf("converted char %s to sid %s\n", sid_str
,
51 response
.data
.sid
.sid
);
55 /* Construct an ACL from a list of ace_entry structures */
57 SEC_ACL
*build_acl(struct ace_entry
*ace_list
)
63 if (ace_list
== NULL
) return NULL
;
67 while(ace_list
->sid
) {
71 /* Create memory for new ACE */
73 if (!(aces
= Realloc(aces
,
74 sizeof(SEC_ACE
) * (num_aces
+ 1)))) {
80 init_sec_access(&sa
, ace_list
->mask
);
82 char_to_sid(&sid
, ace_list
->sid
);
83 init_sec_ace(&aces
[num_aces
], &sid
, ace_list
->type
,
90 /* Create ACL from list of ACEs */
92 result
= make_sec_acl(ACL_REVISION
, num_aces
, aces
);
98 /* Make a security descriptor */
100 SEC_DESC
*build_sec_desc(struct ace_entry
*dacl
, struct ace_entry
*sacl
,
101 char *owner_sid
, char *group_sid
)
103 struct dom_sid the_owner_sid
, the_group_sid
;
104 SEC_ACL
*the_dacl
, *the_sacl
;
108 /* Build up bits of security descriptor */
110 char_to_sid(&the_owner_sid
, owner_sid
);
111 char_to_sid(&the_group_sid
, group_sid
);
113 the_dacl
= build_acl(dacl
);
114 the_sacl
= build_acl(sacl
);
116 result
= make_sec_desc(SEC_DESC_REVISION
,
117 SEC_DESC_SELF_RELATIVE
| SEC_DESC_DACL_PRESENT
,
118 &the_owner_sid
, &the_group_sid
,
119 the_sacl
, the_dacl
, &size
);
121 free_sec_acl(&the_dacl
);
122 free_sec_acl(&the_sacl
);
127 /* Iterate over password database and call a user-specified function */
129 void visit_pwdb(BOOL (*fn
)(struct passwd
*pw
, int ngroups
, gid_t
*groups
))
137 while ((pw
= getpwent())) {
142 ngroups
= getgroups(0, NULL
);
144 groups
= malloc(sizeof(gid_t
) * ngroups
);
145 getgroups(ngroups
, groups
);
149 result
= fn(pw
, ngroups
, groups
);