summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-27 12:44:35 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-09-11 18:46:04 +1000
commit821b9e61aa057530212438988c204d79f1f70b1d (patch)
treedbcd8d002cffe20ea6a9325e3dad1183bb0c9cb4
parent99aae4a0ee4f5d069bebe998337d1cdb0c1c390a (diff)
downloadsamba-821b9e61aa057530212438988c204d79f1f70b1d.tar.gz
samba-821b9e61aa057530212438988c204d79f1f70b1d.tar.bz2
samba-821b9e61aa057530212438988c204d79f1f70b1d.zip
privs Move privilege bitmasks to security.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r--librpc/idl/security.idl39
-rw-r--r--source3/include/privileges.h20
2 files changed, 40 insertions, 19 deletions
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index b8b35d2c2b..20cbb4189b 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -347,6 +347,45 @@ interface security
SEC_PRIV_MACHINE_ACCOUNT = 25
} sec_privilege;
+/*
+ * We will use our own bitmap here as the Samba3 privilages.tdb records these values
+ */
+ typedef [bitmap64bit] bitmap {
+ SE_NETWORK_LOGON = 0x00000001,
+ SE_INTERACTIVE_LOGON = 0x00000002,
+ SE_BATCH_LOGON = 0x00000004,
+ SE_SERVICE_LOGON = 0x00000008,
+ SE_MACHINE_ACCOUNT = 0x00000010,
+
+ /* Samba-specific privs */
+ SE_PRINT_OPERATOR = 0x00000020,
+ SE_ADD_USERS = 0x00000040,
+ SE_DISK_OPERATOR = 0x00000080,
+
+ SE_REMOTE_SHUTDOWN = 0x00000100,
+ SE_BACKUP = 0x00000200,
+ SE_RESTORE = 0x00000400,
+ SE_TAKE_OWNERSHIP = 0x00000800,
+ SE_INCREASE_QUOTA = 0x00001000,
+ SE_SECURITY = 0x00002000,
+ SE_LOAD_DRIVER = 0x00004000,
+ SE_SYSTEM_PROFILE = 0x00008000,
+ SE_SYSTEMTIME = 0x00010000,
+ SE_PROFILE_SINGLE_PROCESS = 0x00020000,
+ SE_INCREASE_BASE_PRIORITY = 0x00040000,
+ SE_CREATE_PAGEFILE = 0x00080000,
+ SE_SHUTDOWN = 0x00100000,
+ SE_DEBUG = 0x00200000,
+ SE_SYSTEM_ENVIRONMENT = 0x00400000,
+ SE_CHANGE_NOTIFY = 0x00800000,
+ SE_UNDOCK = 0x01000000,
+ SE_ENABLE_DELEGATION = 0x02000000,
+ SE_MANAGE_VOLUME = 0x04000000,
+ SE_IMPERSONATE = 0x08000000,
+ SE_CREATE_GLOBAL = 0x10000000,
+ /* Windows privs not in the list above */
+ SE_REMOTE_INTERACTIVE_LOGON = 0x20000000
+ } se_privilege;
typedef [public,bitmap8bit] bitmap {
SEC_ACE_FLAG_OBJECT_INHERIT = 0x01,
diff --git a/source3/include/privileges.h b/source3/include/privileges.h
index ba09f57fae..ab16edfa6d 100644
--- a/source3/include/privileges.h
+++ b/source3/include/privileges.h
@@ -26,6 +26,7 @@
#define PRIVILEGES_H
#include "../librpc/gen_ndr/lsa.h"
+#include "../librpc/gen_ndr/security.h"
/* privilege bitmask */
@@ -38,25 +39,6 @@ typedef uint64_t SE_PRIV;
#define SE_ALL_PRIVS (SE_PRIV)-1
-/*
- * We will use our own set of privileges since it makes no sense
- * to implement all of the Windows set when only a portion will
- * be used. Use 64-bit mask to give room to grow.
- */
-
-#define SE_NETWORK_LOGON 0x00000001
-#define SE_INTERACTIVE_LOGON 0x00000002
-#define SE_BATCH_LOGON 0x00000004
-#define SE_SERVICE_LOGON 0x00000008
-#define SE_MACHINE_ACCOUNT 0x00000010
-#define SE_PRINT_OPERATOR 0x00000020
-#define SE_ADD_USERS 0x00000040
-#define SE_DISK_OPERATOR 0x00000080
-#define SE_REMOTE_SHUTDOWN 0x00000100
-#define SE_BACKUP 0x00000200
-#define SE_RESTORE 0x00000400
-#define SE_TAKE_OWNERSHIP 0x00000800
-
/* defined in lib/privilegs_basic.c */
extern const SE_PRIV se_priv_all;