svn commit: samba r14432 - branches/SAMBA_3_0/source/lib trunk/source/lib

[jerry at samba.org]

Author: jerry
Date: 2006-03-15 05:50:52 +0000 (Wed, 15 Mar 2006)
New Revision: 14432

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14432

Log:
Give in and grant BUILT\Administrators all privileges


Modified:
   branches/SAMBA_3_0/source/lib/account_pol.c
   branches/SAMBA_3_0/source/lib/privileges.c
   trunk/source/lib/account_pol.c
   trunk/source/lib/privileges.c


Changeset:
Modified: branches/SAMBA_3_0/source/lib/account_pol.c
===================================================================
--- branches/SAMBA_3_0/source/lib/account_pol.c	2006-03-15 05:50:42 UTC (rev 14431)
+++ branches/SAMBA_3_0/source/lib/account_pol.c	2006-03-15 05:50:52 UTC (rev 14432)
@@ -288,12 +288,17 @@
 	/* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */
 
 	privilege_create_account( &global_sid_World );
-	privilege_create_account( &global_sid_Builtin_Administrators );
 	privilege_create_account( &global_sid_Builtin_Account_Operators );
 	privilege_create_account( &global_sid_Builtin_Server_Operators );
 	privilege_create_account( &global_sid_Builtin_Print_Operators );
 	privilege_create_account( &global_sid_Builtin_Backup_Operators );
 
+	/* BUILTIN\Administrators get everything -- *always* */
+
+	if ( !grant_all_privileges( &global_sid_Builtin_Administrators ) ) {
+		DEBUG(0,("init_account_policy: Failed to grant privileges to BUILTIN\\Administrators!\n"));
+	}
+
 	return True;
 }
 

Modified: branches/SAMBA_3_0/source/lib/privileges.c
===================================================================
--- branches/SAMBA_3_0/source/lib/privileges.c	2006-03-15 05:50:42 UTC (rev 14431)
+++ branches/SAMBA_3_0/source/lib/privileges.c	2006-03-15 05:50:52 UTC (rev 14432)
@@ -867,9 +867,27 @@
 /*******************************************************************
 *******************************************************************/
 
-BOOL is_privileged_sid( DOM_SID *sid )
+BOOL is_privileged_sid( const DOM_SID *sid )
 {
 	SE_PRIV mask;
 	
 	return get_privileges( sid, &mask );
 }
+
+/*******************************************************************
+*******************************************************************/
+
+BOOL grant_all_privileges( const DOM_SID *sid )
+{
+	int i;
+	SE_PRIV mask;
+	uint32 num_privs = count_all_privileges();
+
+	se_priv_copy( &mask, &se_priv_none );
+	
+	for ( i=0; i<num_privs; i++ ) {
+		se_priv_add(&mask, &privs[i].se_priv); 
+	}
+
+	return grant_privilege( sid, &mask );
+}

Modified: trunk/source/lib/account_pol.c
===================================================================
--- trunk/source/lib/account_pol.c	2006-03-15 05:50:42 UTC (rev 14431)
+++ trunk/source/lib/account_pol.c	2006-03-15 05:50:52 UTC (rev 14432)
@@ -296,12 +296,17 @@
 	/* These exist by default on NT4 in [HKLM\SECURITY\Policy\Accounts] */
 
 	privilege_create_account( &global_sid_World );
-	privilege_create_account( &global_sid_Builtin_Administrators );
 	privilege_create_account( &global_sid_Builtin_Account_Operators );
 	privilege_create_account( &global_sid_Builtin_Server_Operators );
 	privilege_create_account( &global_sid_Builtin_Print_Operators );
 	privilege_create_account( &global_sid_Builtin_Backup_Operators );
 
+	/* BUILTIN\Administrators get everything -- *always* */
+
+	if ( !grant_all_privileges( &global_sid_Builtin_Administrators ) ) {
+		DEBUG(0,("init_account_policy: Failed to grant privileges to BUILTIN\\Administrators!\n"));
+	}
+
 	return True;
 }
 

Modified: trunk/source/lib/privileges.c
===================================================================
--- trunk/source/lib/privileges.c	2006-03-15 05:50:42 UTC (rev 14431)
+++ trunk/source/lib/privileges.c	2006-03-15 05:50:52 UTC (rev 14432)
@@ -867,9 +867,27 @@
 /*******************************************************************
 *******************************************************************/
 
-BOOL is_privileged_sid( DOM_SID *sid )
+BOOL is_privileged_sid( const DOM_SID *sid )
 {
 	SE_PRIV mask;
 	
 	return get_privileges( sid, &mask );
 }
+
+/*******************************************************************
+*******************************************************************/
+
+BOOL grant_all_privileges( const DOM_SID *sid )
+{
+	int i;
+	SE_PRIV mask;
+	uint32 num_privs = count_all_privileges();
+
+	se_priv_copy( &mask, &se_priv_none );
+	
+	for ( i=0; i<num_privs; i++ ) {
+		se_priv_add(&mask, &privs[i].se_priv); 
+	}
+
+	return grant_privilege( sid, &mask );
+}