/* Editor Settings: expandtabs and use 4 spaces for indentation * ex: set softtabstop=4 tabstop=8 expandtab shiftwidth=4: * * -*- mode: c, c-basic-offset: 4 -*- */ /* * Copyright Likewise Software 2004-2008 * All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at * your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. You should have received a copy of the GNU General * Public License along with this program. If not, see * . * * LIKEWISE SOFTWARE MAKES THIS SOFTWARE AVAILABLE UNDER OTHER LICENSING * TERMS AS WELL. IF YOU HAVE ENTERED INTO A SEPARATE LICENSE AGREEMENT * WITH LIKEWISE SOFTWARE, THEN YOU MAY ELECT TO USE THE SOFTWARE UNDER THE * TERMS OF THAT SOFTWARE LICENSE AGREEMENT INSTEAD OF THE TERMS OF THE GNU * GENERAL PUBLIC LICENSE, NOTWITHSTANDING THE ABOVE NOTICE. IF YOU * HAVE QUESTIONS, OR WISH TO REQUEST A COPY OF THE ALTERNATE LICENSING * TERMS OFFERED BY LIKEWISE SOFTWARE, PLEASE CONTACT LIKEWISE SOFTWARE AT * license@likewisesoftware.com */ /* * Copyright (C) Likewise Software. All rights reserved. * * Module Name: * * lpaccess.c * * Abstract: * * Likewise Security and Authentication Subsystem (LSASS) * * Local Authentication Provider * * Access Check API * * Authors: Krishna Ganugapati (krishnag@likewisesoftware.com) * Sriram Nambakam (snambakam@likewisesoftware.com) */ #include "includes.h" DWORD LocalCheckForAddAccess( HANDLE hProvider ) { DWORD dwError = 0; BOOLEAN bIsAdmin = FALSE; dwError = LocalCheckIsAdministrator(hProvider, &bIsAdmin); BAIL_ON_LSA_ERROR(dwError); if (!bIsAdmin) { dwError = EACCES; } error: return dwError; } DWORD LocalCheckForModifyAccess( HANDLE hProvider ) { DWORD dwError = 0; BOOLEAN bIsAdmin = FALSE; dwError = LocalCheckIsAdministrator(hProvider, &bIsAdmin); BAIL_ON_LSA_ERROR(dwError); if (!bIsAdmin) { dwError = EACCES; } error: return dwError; } DWORD LocalCheckForPasswordChangeAccess( HANDLE hProvider, uid_t targetUid ) { DWORD dwError = 0; PLOCAL_PROVIDER_CONTEXT pContext = (PLOCAL_PROVIDER_CONTEXT)hProvider; if (pContext->uid != targetUid) { BOOLEAN bIsAdmin = FALSE; dwError = LocalCheckIsAdministrator(hProvider, &bIsAdmin); BAIL_ON_LSA_ERROR(dwError); if (!bIsAdmin) { dwError = EACCES; } } error: return dwError; } DWORD LocalCheckForQueryAccess( HANDLE hProvider ) { return LW_ERROR_SUCCESS; } DWORD LocalCheckForDeleteAccess( HANDLE hProvider ) { DWORD dwError = 0; BOOLEAN bIsAdmin = FALSE; dwError = LocalCheckIsAdministrator(hProvider, &bIsAdmin); BAIL_ON_LSA_ERROR(dwError); if (!bIsAdmin) { dwError = EACCES; } error: return dwError; } DWORD LocalCheckIsAdministrator( HANDLE hProvider, PBOOLEAN pbIsAdmin ) { DWORD dwError = 0; PLOCAL_PROVIDER_CONTEXT pContext = (PLOCAL_PROVIDER_CONTEXT)hProvider; BOOLEAN bIsAdmin = FALSE; BOOLEAN bInLock = FALSE; BAIL_ON_INVALID_HANDLE(hProvider); pthread_mutex_lock(&pContext->mutex); bInLock = TRUE; switch (pContext->localAdminState) { case LOCAL_ADMIN_STATE_NOT_DETERMINED: dwError = LocalDirCheckIfAdministrator( hProvider, pContext->uid, &bIsAdmin); BAIL_ON_LSA_ERROR(dwError); pContext->localAdminState = (bIsAdmin ? LOCAL_ADMIN_STATE_IS_ADMIN : LOCAL_ADMIN_STATE_IS_NOT_ADMIN); break; case LOCAL_ADMIN_STATE_IS_ADMIN: bIsAdmin = TRUE; break; case LOCAL_ADMIN_STATE_IS_NOT_ADMIN: bIsAdmin = FALSE; break; } *pbIsAdmin = bIsAdmin; cleanup: if (bInLock) { pthread_mutex_unlock(&pContext->mutex); } return dwError; error: *pbIsAdmin = FALSE; goto cleanup; }