source: branches/samba-3.0/source/lib/privileges.c@ 715

Last change on this file since 715 was 39, checked in by Paul Smedley, 19 years ago

Upgrade source to 3.0.25a
File size: 27.1 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 Privileges handling functions
4 Copyright (C) Jean François Micouleau 1998-2001
5 Copyright (C) Simo Sorce 2002-2003
6 Copyright (C) Gerald (Jerry) Carter 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21*/
22
23
24#include "includes.h"
25
26#define PRIVPREFIX "PRIV_"
27
28static const SE_PRIV se_priv_all = SE_ALL_PRIVS;
29static const SE_PRIV se_priv_end = SE_END;
30
31/* Define variables for all privileges so we can use the
32 SE_PRIV* in the various se_priv_XXX() functions */
33
34const SE_PRIV se_priv_none = SE_NONE;
35const SE_PRIV se_machine_account = SE_MACHINE_ACCOUNT;
36const SE_PRIV se_print_operator = SE_PRINT_OPERATOR;
37const SE_PRIV se_add_users = SE_ADD_USERS;
38const SE_PRIV se_disk_operators = SE_DISK_OPERATOR;
39const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
40const SE_PRIV se_restore = SE_RESTORE;
41const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
42
43/********************************************************************
44 This is a list of privileges reported by a WIndows 2000 SP4 AD DC
45 just for reference purposes (and I know the LUID is not guaranteed
46 across reboots):
47
48 SeCreateTokenPrivilege Create a token object ( 0x0, 0x2 )
49 SeAssignPrimaryTokenPrivilege Replace a process level token ( 0x0, 0x3 )
50 SeLockMemoryPrivilege Lock pages in memory ( 0x0, 0x4 )
51 SeIncreaseQuotaPrivilege Increase quotas ( 0x0, 0x5 )
52 SeMachineAccountPrivilege Add workstations to domain ( 0x0, 0x6 )
53 SeTcbPrivilege Act as part of the operating system ( 0x0, 0x7 )
54 SeSecurityPrivilege Manage auditing and security log ( 0x0, 0x8 )
55 SeTakeOwnershipPrivilege Take ownership of files or other objects ( 0x0, 0x9 )
56 SeLoadDriverPrivilege Load and unload device drivers ( 0x0, 0xa )
57 SeSystemProfilePrivilege Profile system performance ( 0x0, 0xb )
58 SeSystemtimePrivilege Change the system time ( 0x0, 0xc )
59 SeProfileSingleProcessPrivilege Profile single process ( 0x0, 0xd )
60 SeIncreaseBasePriorityPrivilege Increase scheduling priority ( 0x0, 0xe )
61 SeCreatePagefilePrivilege Create a pagefile ( 0x0, 0xf )
62 SeCreatePermanentPrivilege Create permanent shared objects ( 0x0, 0x10 )
63 SeBackupPrivilege Back up files and directories ( 0x0, 0x11 )
64 SeRestorePrivilege Restore files and directories ( 0x0, 0x12 )
65 SeShutdownPrivilege Shut down the system ( 0x0, 0x13 )
66 SeDebugPrivilege Debug programs ( 0x0, 0x14 )
67 SeAuditPrivilege Generate security audits ( 0x0, 0x15 )
68 SeSystemEnvironmentPrivilege Modify firmware environment values ( 0x0, 0x16 )
69 SeChangeNotifyPrivilege Bypass traverse checking ( 0x0, 0x17 )
70 SeRemoteShutdownPrivilege Force shutdown from a remote system ( 0x0, 0x18 )
71 SeUndockPrivilege Remove computer from docking station ( 0x0, 0x19 )
72 SeSyncAgentPrivilege Synchronize directory service data ( 0x0, 0x1a )
73 SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation ( 0x0, 0x1b )
74 SeManageVolumePrivilege Perform volume maintenance tasks ( 0x0, 0x1c )
75 SeImpersonatePrivilege Impersonate a client after authentication ( 0x0, 0x1d )
76 SeCreateGlobalPrivilege Create global objects ( 0x0, 0x1e )
77
78 ********************************************************************/
79
80/* we have to define the LUID here due to a horrible check by printmig.exe
81 that requires the SeBackupPrivilege match what is in Windows. So match
82 those that we implement and start Samba privileges at 0x1001 */
83
84PRIVS privs[] = {
85#if 0 /* usrmgr will display these twice if you include them. We don't
86 use them but we'll keep the bitmasks reserved in privileges.h anyways */
87
88 {SE_NETWORK_LOGON, "SeNetworkLogonRight", "Access this computer from network", { 0x0, 0x0 }},
89 {SE_INTERACTIVE_LOGON, "SeInteractiveLogonRight", "Log on locally", { 0x0, 0x0 }},
90 {SE_BATCH_LOGON, "SeBatchLogonRight", "Log on as a batch job", { 0x0, 0x0 }},
91 {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service", { 0x0, 0x0 }},
92#endif
93 {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain", { 0x0, 0x0006 }},
94 {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects",{ 0x0, 0x0009 }},
95 {SE_BACKUP, "SeBackupPrivilege", "Back up files and directories", { 0x0, 0x0011 }},
96 {SE_RESTORE, "SeRestorePrivilege", "Restore files and directories", { 0x0, 0x0012 }},
97 {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Force shutdown from a remote system", { 0x0, 0x0018 }},
98
99 {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Manage printers", { 0x0, 0x1001 }},
100 {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain", { 0x0, 0x1002 }},
101 {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares", { 0x0, 0x1003 }},
102
103 {SE_END, "", "", { 0x0, 0x0 }}
104};
105
106typedef struct {
107 size_t count;
108 DOM_SID *list;
109} SID_LIST;
110
111typedef struct {
112 SE_PRIV privilege;
113 SID_LIST sids;
114} PRIV_SID_LIST;
115
116/***************************************************************************
117 copy an SE_PRIV structure
118****************************************************************************/
119
120BOOL se_priv_copy( SE_PRIV *dst, const SE_PRIV *src )
121{
122 if ( !dst || !src )
123 return False;
124
125 memcpy( dst, src, sizeof(SE_PRIV) );
126
127 return True;
128}
129
130/***************************************************************************
131 combine 2 SE_PRIV structures and store the resulting set in mew_mask
132****************************************************************************/
133
134void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv )
135{
136 int i;
137
138 for ( i=0; i<SE_PRIV_MASKSIZE; i++ ) {
139 mask->mask[i] |= addpriv->mask[i];
140 }
141}
142
143/***************************************************************************
144 remove one SE_PRIV sytucture from another and store the resulting set
145 in mew_mask
146****************************************************************************/
147
148void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv )
149{
150 int i;
151
152 for ( i=0; i<SE_PRIV_MASKSIZE; i++ ) {
153 mask->mask[i] &= ~removepriv->mask[i];
154 }
155}
156
157/***************************************************************************
158 invert a given SE_PRIV and store the set in new_mask
159****************************************************************************/
160
161static void se_priv_invert( SE_PRIV *new_mask, const SE_PRIV *mask )
162{
163 SE_PRIV allprivs;
164
165 se_priv_copy( &allprivs, &se_priv_all );
166 se_priv_remove( &allprivs, mask );
167 se_priv_copy( new_mask, &allprivs );
168}
169
170/***************************************************************************
171 check if 2 SE_PRIV structure are equal
172****************************************************************************/
173
174static BOOL se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 )
175{
176 return ( memcmp(mask1, mask2, sizeof(SE_PRIV)) == 0 );
177}
178
179/***************************************************************************
180 check if a SE_PRIV has any assigned privileges
181****************************************************************************/
182
183static BOOL se_priv_empty( const SE_PRIV *mask )
184{
185 SE_PRIV p1;
186 int i;
187
188 se_priv_copy( &p1, mask );
189
190 for ( i=0; i<SE_PRIV_MASKSIZE; i++ ) {
191 p1.mask[i] &= se_priv_all.mask[i];
192 }
193
194 return se_priv_equal( &p1, &se_priv_none );
195}
196
197/*********************************************************************
198 Lookup the SE_PRIV value for a privilege name
199*********************************************************************/
200
201BOOL se_priv_from_name( const char *name, SE_PRIV *mask )
202{
203 int i;
204
205 for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) {
206 if ( strequal( privs[i].name, name ) ) {
207 se_priv_copy( mask, &privs[i].se_priv );
208 return True;
209 }
210 }
211
212 return False;
213}
214
215/***************************************************************************
216 dump an SE_PRIV structure to the log files
217****************************************************************************/
218
219void dump_se_priv( int dbg_cl, int dbg_lvl, const SE_PRIV *mask )
220{
221 int i;
222
223 DEBUGADDC( dbg_cl, dbg_lvl,("SE_PRIV "));
224
225 for ( i=0; i<SE_PRIV_MASKSIZE; i++ ) {
226 DEBUGADDC( dbg_cl, dbg_lvl,(" 0x%x", mask->mask[i] ));
227 }
228
229 DEBUGADDC( dbg_cl, dbg_lvl, ("\n"));
230}
231
232/***************************************************************************
233 Retrieve the privilege mask (set) for a given SID
234****************************************************************************/
235
236static BOOL get_privileges( const DOM_SID *sid, SE_PRIV *mask )
237{
238 TDB_CONTEXT *tdb = get_account_pol_tdb();
239 fstring keystr;
240 TDB_DATA key, data;
241
242 /* Fail if the admin has not enable privileges */
243
244 if ( !lp_enable_privileges() ) {
245 return False;
246 }
247
248 if ( !tdb )
249 return False;
250
251 /* PRIV_<SID> (NULL terminated) as the key */
252
253 fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) );
254 key.dptr = keystr;
255 key.dsize = strlen(keystr) + 1;
256
257 data = tdb_fetch( tdb, key );
258
259 if ( !data.dptr ) {
260 DEBUG(3,("get_privileges: No privileges assigned to SID [%s]\n",
261 sid_string_static(sid)));
262 return False;
263 }
264
265 SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) );
266
267 se_priv_copy( mask, (SE_PRIV*)data.dptr );
268 SAFE_FREE(data.dptr);
269
270 return True;
271}
272
273/***************************************************************************
274 Store the privilege mask (set) for a given SID
275****************************************************************************/
276
277static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask )
278{
279 TDB_CONTEXT *tdb = get_account_pol_tdb();
280 fstring keystr;
281 TDB_DATA key, data;
282
283 if ( !lp_enable_privileges() )
284 return False;
285
286 if ( !tdb )
287 return False;
288
289 if ( !sid || (sid->num_auths == 0) ) {
290 DEBUG(0,("set_privileges: Refusing to store empty SID!\n"));
291 return False;
292 }
293
294 /* PRIV_<SID> (NULL terminated) as the key */
295
296 fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) );
297 key.dptr = keystr;
298 key.dsize = strlen(keystr) + 1;
299
300 /* no packing. static size structure, just write it out */
301
302 data.dptr = (char*)mask;
303 data.dsize = sizeof(SE_PRIV);
304
305 return ( tdb_store(tdb, key, data, TDB_REPLACE) != -1 );
306}
307
308/****************************************************************************
309 check if the privilege is in the privilege list
310****************************************************************************/
311
312static BOOL is_privilege_assigned( const SE_PRIV *privileges,
313 const SE_PRIV *check )
314{
315 SE_PRIV p1, p2;
316
317 if ( !privileges || !check )
318 return False;
319
320 /* everyone has privileges if you aren't checking for any */
321
322 if ( se_priv_empty( check ) ) {
323 DEBUG(1,("is_privilege_assigned: no privileges in check_mask!\n"));
324 return True;
325 }
326
327 se_priv_copy( &p1, check );
328
329 /* invert the SE_PRIV we want to check for and remove that from the
330 original set. If we are left with the SE_PRIV we are checking
331 for then return True */
332
333 se_priv_invert( &p1, check );
334 se_priv_copy( &p2, privileges );
335 se_priv_remove( &p2, &p1 );
336
337 return se_priv_equal( &p2, check );
338}
339
340/****************************************************************************
341 check if the privilege is in the privilege list
342****************************************************************************/
343
344static BOOL is_any_privilege_assigned( SE_PRIV *privileges, const SE_PRIV *check )
345{
346 SE_PRIV p1, p2;
347
348 if ( !privileges || !check )
349 return False;
350
351 /* everyone has privileges if you aren't checking for any */
352
353 if ( se_priv_empty( check ) ) {
354 DEBUG(1,("is_any_privilege_assigned: no privileges in check_mask!\n"));
355 return True;
356 }
357
358 se_priv_copy( &p1, check );
359
360 /* invert the SE_PRIV we want to check for and remove that from the
361 original set. If we are left with the SE_PRIV we are checking
362 for then return True */
363
364 se_priv_invert( &p1, check );
365 se_priv_copy( &p2, privileges );
366 se_priv_remove( &p2, &p1 );
367
368 /* see if we have any bits left */
369