diff options
| author | Jeremy Allison <jra@samba.org> | 2010-11-17 15:58:15 -0800 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2011-03-05 14:34:39 +0100 |
| commit | aa7977074307e24b0b215185ba46cdb7628571c2 (patch) | |
| tree | d5a23f4d7a29b44d0061bbbe75241200fc8919a6 /source3/lib | |
| parent | 5c755725f9acf7db9896c615341ac37d73b1405c (diff) | |
| download | samba-aa7977074307e24b0b215185ba46cdb7628571c2.tar.gz | |
Fix our privileges code to display privileges with the "high" 32-bit value set.
SeSecurityPrivilege is the first LUID we have added that has a non-zero
"high" value, ensure our LUID code correctly supports it.
Jeremy.
The last 14 patches address bug #7716 (acl_xattr and acl_tdb modules don't store
unmodified copies of security descriptors).
(cherry picked from commit 941129fb70261d4871de4804a81ce82e23d9d0f7)
Diffstat (limited to 'source3/lib')
| -rw-r--r-- | source3/lib/privileges_basic.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/source3/lib/privileges_basic.c b/source3/lib/privileges_basic.c index 8d031f21a22..8d52c906837 100644 --- a/source3/lib/privileges_basic.c +++ b/source3/lib/privileges_basic.c @@ -195,6 +195,15 @@ bool se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 ) } /*************************************************************************** + check if 2 LUID's are equal. +****************************************************************************/ + +static bool luid_equal( const LUID *luid1, const LUID *luid2 ) +{ + return ( luid1->low == luid2->low && luid1->high == luid2->high); +} + +/*************************************************************************** check if a SE_PRIV has any assigned privileges ****************************************************************************/ @@ -409,11 +418,8 @@ const char *luid_to_privilege_name(const LUID *set) { int i; - if (set->high != 0) - return NULL; - for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) { - if ( set->low == privs[i].luid.low ) { + if (luid_equal(set, &privs[i].luid)) { return privs[i].name; } } @@ -480,9 +486,13 @@ static bool luid_to_se_priv( struct lsa_LUID *luid, SE_PRIV *mask ) { int i; uint32 num_privs = count_all_privileges(); + LUID local_luid; + + local_luid.low = luid->low; + local_luid.high = luid->high; for ( i=0; i<num_privs; i++ ) { - if ( luid->low == privs[i].luid.low ) { + if (luid_equal(&local_luid, &privs[i].luid)) { se_priv_copy( mask, &privs[i].se_priv ); return True; } @@ -503,12 +513,6 @@ bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset ) for ( i=0; i<privset->count; i++ ) { SE_PRIV r; - /* sanity check for invalid privilege. we really - only care about the low 32 bits */ - - if ( privset->set[i].luid.high != 0 ) - return False; - if ( luid_to_se_priv( &privset->set[i].luid, &r ) ) se_priv_add( mask, &r ); } |