diff options
| author | Jeremy Allison <jra@samba.org> | 2010-11-18 16:13:28 -0800 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2011-03-05 14:34:39 +0100 |
| commit | 5c755725f9acf7db9896c615341ac37d73b1405c (patch) | |
| tree | add57939b04a2e1397aa53156cf3f25814a47c07 /source3/lib | |
| parent | e91b5ab21ad88f0d9144c2db72301e391997aafd (diff) | |
| download | samba-5c755725f9acf7db9896c615341ac37d73b1405c.tar.gz | |
Add SeSecurityPrivilige.
Jeremy.
(cherry picked from commit f11da60f3189bc70eb82259435e108f40b2bb333)
Diffstat (limited to 'source3/lib')
| -rw-r--r-- | source3/lib/privileges_basic.c | 3 | ||||
| -rw-r--r-- | source3/lib/util_seaccess.c | 6 |
2 files changed, 4 insertions, 5 deletions
diff --git a/source3/lib/privileges_basic.c b/source3/lib/privileges_basic.c index 323983b1683..8d031f21a22 100644 --- a/source3/lib/privileges_basic.c +++ b/source3/lib/privileges_basic.c @@ -46,6 +46,7 @@ const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; const SE_PRIV se_restore = SE_RESTORE; const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP; +const SE_PRIV se_security = SE_SECURITY; /******************************************************************** This is a list of privileges reported by a WIndows 2000 SP4 AD DC @@ -98,6 +99,7 @@ PRIVS privs[] = { {SE_SERVICE_LOGON, "SeServiceLogonRight", "Log on as a service", { 0x0, 0x0 }}, #endif {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain", { 0x0, 0x0006 }}, + {SE_SECURITY, "SeSecurityPrivilege", "Manage auditing and security log", { 0x0, 0x0008 }}, {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects",{ 0x0, 0x0009 }}, {SE_BACKUP, "SeBackupPrivilege", "Back up files and directories", { 0x0, 0x0011 }}, {SE_RESTORE, "SeRestorePrivilege", "Restore files and directories", { 0x0, 0x0012 }}, @@ -107,6 +109,7 @@ PRIVS privs[] = { {SE_ADD_USERS, "SeAddUsersPrivilege", "Add users and groups to the domain", { 0x0, 0x1002 }}, {SE_DISK_OPERATOR, "SeDiskOperatorPrivilege", "Manage disk shares", { 0x0, 0x1003 }}, + {SE_END, "", "", { 0x0, 0x0 }} }; diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 0da7442d195..369f6848a08 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -179,17 +179,13 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, bits_remaining)); } -#if 0 - /* We need to support SeSecurityPrivilege for this. */ - if (access_desired & SEC_FLAG_SYSTEM_SECURITY) { - if (user_has_privileges(token, &sec_security)) { + if (user_has_privileges(token, &se_security)) { bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY; } else { return NT_STATUS_PRIVILEGE_NOT_HELD; } } -#endif /* a NULL dacl allows access */ if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) { |