svn commit: samba r9896 - in trunk/source: auth registry rpc_server
jerry at samba.org
jerry at samba.org
Thu Sep 1 15:01:54 GMT 2005
Author: jerry
Date: 2005-09-01 15:01:54 +0000 (Thu, 01 Sep 2005)
New Revision: 9896
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=9896
Log:
add get_root_nt_token() for operating under the context of LOCAL_SYSTEM (based on discussion with Jeremy & Brian Moran
Modified:
trunk/source/auth/auth_util.c
trunk/source/registry/reg_frontend.c
trunk/source/rpc_server/srv_eventlog_nt.c
Changeset:
Modified: trunk/source/auth/auth_util.c
===================================================================
--- trunk/source/auth/auth_util.c 2005-09-01 14:58:57 UTC (rev 9895)
+++ trunk/source/auth/auth_util.c 2005-09-01 15:01:54 UTC (rev 9896)
@@ -641,6 +641,44 @@
}
/******************************************************************************
+ Create a token for the root user to be used internally by smbd.
+ This is similar to running under the context of the LOCAL_SYSTEM account
+ in Windows. This is a read-only token. Do not modify it or free() it.
+ Create a copy if your need to change it.
+******************************************************************************/
+
+NT_USER_TOKEN *get_root_nt_token( void )
+{
+ static NT_USER_TOKEN *token = NULL;
+ DOM_SID u_sid, g_sid;
+ DOM_SID g_sids[1];
+ struct passwd *pw;
+ NTSTATUS result;
+
+ if ( token )
+ return token;
+
+ if ( !(pw = getpwnam( "root" )) ) {
+ DEBUG(0,("create_root_nt_token: getpwnam\"root\") failed!\n"));
+ return NULL;
+ }
+
+ /* get the user and primary group SIDs; although the
+ BUILTIN\Administrators SId is really the one that matters here */
+
+ if ( !NT_STATUS_IS_OK(uid_to_sid(&u_sid, pw->pw_uid)) )
+ return NULL;
+ if ( !NT_STATUS_IS_OK(gid_to_sid(&g_sid, pw->pw_gid)) )
+ return NULL;
+
+ sid_copy( &g_sids[0], &global_sid_Builtin_Administrators );
+
+ result = create_nt_user_token( &u_sid, &g_sid, 1, g_sids, False, &token);
+
+ return NT_STATUS_IS_OK(result) ? token : NULL;
+}
+
+/******************************************************************************
* this function returns the groups (SIDs) of the local SAM the user is in.
* If this samba server is a DC of the domain the user belongs to, it returns
* both domain groups and local / builtin groups. If the user is in a trusted
Modified: trunk/source/registry/reg_frontend.c
===================================================================
--- trunk/source/registry/reg_frontend.c 2005-09-01 14:58:57 UTC (rev 9895)
+++ trunk/source/registry/reg_frontend.c 2005-09-01 15:01:54 UTC (rev 9896)
@@ -55,7 +55,7 @@
uint32 access_desired, uint32 *access_granted )
{
NTSTATUS result;
-
+
se_map_generic( &access_desired, ®_generic_map );
se_access_check( sec_desc, token, access_desired, access_granted, &result );
@@ -112,7 +112,7 @@
/* inform the external eventlog machinery of the change */
- eventlog_refresh_external_parameters();
+ eventlog_refresh_external_parameters( get_root_nt_token() );
/* build the cache tree of registry hooks */
Modified: trunk/source/rpc_server/srv_eventlog_nt.c
===================================================================
--- trunk/source/rpc_server/srv_eventlog_nt.c 2005-09-01 14:58:57 UTC (rev 9895)
+++ trunk/source/rpc_server/srv_eventlog_nt.c 2005-09-01 15:01:54 UTC (rev 9896)
@@ -38,7 +38,7 @@
probably)
********************************************************************/
-void eventlog_refresh_external_parameters( void )
+void eventlog_refresh_external_parameters( NT_USER_TOKEN *token )
{
const char **elogs = lp_eventlog_list();
int i;
@@ -51,9 +51,7 @@
DEBUG(10,("eventlog_refresh_external_parameters: Refreshing =>[%s]\n",
elogs[i]));
- /* FIXME!!!! create a default token for root here and pass it in */
-
- if ( !control_eventlog_hook( NULL, elogs[i] ) ) {
+ if ( !control_eventlog_hook( token, elogs[i] ) ) {
DEBUG(0,("eventlog_refresh_external_parameters: failed to refresh [%s]\n",
elogs[i]));
}
More information about the samba-cvs
mailing list