summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-30 14:17:02 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-09-11 18:46:11 +1000
commit4080ff7af5eec946a01c52f8d9ba01f1ef81fe71 (patch)
treecc50d2c7d8460563788a98be4fcc7aaac9a918e8
parent71832a404e5028c1c3933351c608a99e4fc80e42 (diff)
downloadsamba-4080ff7af5eec946a01c52f8d9ba01f1ef81fe71.tar.gz
samba-4080ff7af5eec946a01c52f8d9ba01f1ef81fe71.tar.bz2
samba-4080ff7af5eec946a01c52f8d9ba01f1ef81fe71.zip
s3-privs Make privilege_enum_sids() take an LUID, not a bitmap
This moves one more privileges call away from direct bitmap manipuation. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r--source3/include/proto.h2
-rw-r--r--source3/lib/privileges.c4
-rw-r--r--source3/rpc_server/srv_lsa_nt.c7
-rw-r--r--source3/utils/net_sam.c8
4 files changed, 12 insertions, 9 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 2e8f3c9f7e..4081a82686 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -635,7 +635,7 @@ void pidfile_unlink(void);
bool get_privileges_for_sids(uint64_t *privileges, struct dom_sid *slist, int scount);
NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids);
-NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
+NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
struct dom_sid **sids, int *num_sids);
bool grant_privilege(const struct dom_sid *sid, const uint64_t priv_mask);
bool grant_privilege_by_name(struct dom_sid *sid, const char *name);
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index 5988480cc0..436e456932 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -251,7 +251,7 @@ NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids)
Retrieve list of SIDs granted a particular privilege
*********************************************************************/
-NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
+NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
struct dom_sid **sids, int *num_sids)
{
struct db_context *db = get_account_pol_db();
@@ -263,7 +263,7 @@ NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(priv);
- priv.privilege = *mask;
+ priv.privilege = sec_privilege_mask(privilege);
priv.mem_ctx = mem_ctx;
db->traverse_read(db, priv_traverse_fn, &priv);
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 04e8d1970c..896ca66c6d 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -2440,7 +2440,7 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p,
struct dom_sid *sids = NULL;
int num_sids = 0;
uint32_t i;
- uint64_t mask;
+ enum sec_privilege privilege;
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
return NT_STATUS_INVALID_HANDLE;
@@ -2458,11 +2458,12 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p,
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
- if (!se_priv_from_name(r->in.name->string, &mask)) {
+ privilege = sec_privilege_id(r->in.name->string);
+ if (privilege == SEC_PRIV_INVALID) {
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
- status = privilege_enum_sids(&mask, p->mem_ctx,
+ status = privilege_enum_sids(privilege, p->mem_ctx,
&sids, &num_sids);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 4da712d8cc..53e8c96f63 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -634,7 +634,7 @@ static int net_sam_policy(struct net_context *c, int argc, const char **argv)
static int net_sam_rights_list(struct net_context *c, int argc,
const char **argv)
{
- uint64_t mask;
+ enum sec_privilege privilege;
if (argc > 1 || c->display_usage) {
d_fprintf(stderr, "%s\n%s",
@@ -653,12 +653,14 @@ static int net_sam_rights_list(struct net_context *c, int argc,
return 0;
}
- if (se_priv_from_name(argv[0], &mask)) {
+ privilege = sec_privilege_id(argv[0]);
+
+ if (privilege != SEC_PRIV_INVALID) {
struct dom_sid *sids;
int i, num_sids;
NTSTATUS status;
- status = privilege_enum_sids(&mask, talloc_tos(),
+ status = privilege_enum_sids(privilege, talloc_tos(),
&sids, &num_sids);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, _("Could not list rights: %s\n"),