summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-24 14:47:26 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-09-11 18:46:03 +1000
commit42a98a570b57c3b4625f56179c6697a45427e8a6 (patch)
tree3f13de3cc137eb3f35e44593c14bb08bd60fef91
parentb8f28c2e70b3fa332313126ea6f1f2f42fb46a90 (diff)
downloadsamba-42a98a570b57c3b4625f56179c6697a45427e8a6.tar.gz
samba-42a98a570b57c3b4625f56179c6697a45427e8a6.tar.bz2
samba-42a98a570b57c3b4625f56179c6697a45427e8a6.zip
s3:privileges Change SE_PRIV to be just a uint64_t
We don't need 128 possible privileges here, as we only use 12. This reverts some of 46e5effea948931509283cb84b27007d34b521c8 by Jerry back in 2005, where he introduced the SE_PRIV structure to replace the uint32_t used at the time. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r--source3/include/privileges.h39
-rw-r--r--source3/lib/privileges_basic.c29
2 files changed, 22 insertions, 46 deletions
diff --git a/source3/include/privileges.h b/source3/include/privileges.h
index 35fccd38a8..ba09f57fae 100644
--- a/source3/include/privileges.h
+++ b/source3/include/privileges.h
@@ -29,38 +29,33 @@
/* privilege bitmask */
-#define SE_PRIV_MASKSIZE 4
-
-typedef struct {
- uint32 mask[SE_PRIV_MASKSIZE];
-} SE_PRIV;
-
+typedef uint64_t SE_PRIV;
/* common privilege defines */
-#define SE_END { { 0x00000000, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_NONE { { 0x00000000, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_ALL_PRIVS { { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF } }
+#define SE_END 0x0
+#define SE_NONE 0x0
+#define SE_ALL_PRIVS (SE_PRIV)-1
/*
* We will use our own set of privileges since it makes no sense
* to implement all of the Windows set when only a portion will
- * be used. Use 128-bit mask to give room to grow.
+ * be used. Use 64-bit mask to give room to grow.
*/
-#define SE_NETWORK_LOGON { { 0x00000001, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_INTERACTIVE_LOGON { { 0x00000002, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_BATCH_LOGON { { 0x00000004, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_SERVICE_LOGON { { 0x00000008, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_MACHINE_ACCOUNT { { 0x00000010, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_PRINT_OPERATOR { { 0x00000020, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_ADD_USERS { { 0x00000040, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_DISK_OPERATOR { { 0x00000080, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_REMOTE_SHUTDOWN { { 0x00000100, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_BACKUP { { 0x00000200, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_RESTORE { { 0x00000400, 0x00000000, 0x00000000, 0x00000000 } }
-#define SE_TAKE_OWNERSHIP { { 0x00000800, 0x00000000, 0x00000000, 0x00000000 } }
+#define SE_NETWORK_LOGON 0x00000001
+#define SE_INTERACTIVE_LOGON 0x00000002
+#define SE_BATCH_LOGON 0x00000004
+#define SE_SERVICE_LOGON 0x00000008
+#define SE_MACHINE_ACCOUNT 0x00000010
+#define SE_PRINT_OPERATOR 0x00000020
+#define SE_ADD_USERS 0x00000040
+#define SE_DISK_OPERATOR 0x00000080
+#define SE_REMOTE_SHUTDOWN 0x00000100
+#define SE_BACKUP 0x00000200
+#define SE_RESTORE 0x00000400
+#define SE_TAKE_OWNERSHIP 0x00000800
/* defined in lib/privilegs_basic.c */
diff --git a/source3/lib/privileges_basic.c b/source3/lib/privileges_basic.c
index f6080690f7..962b5e8514 100644
--- a/source3/lib/privileges_basic.c
+++ b/source3/lib/privileges_basic.c
@@ -148,11 +148,7 @@ bool se_priv_put_all_privileges(SE_PRIV *mask)
void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv )
{
- int i;
-
- for ( i=0; i<SE_PRIV_MASKSIZE; i++ ) {
- mask->mask[i] |= addpriv->mask[i];
- }
+ *mask |= *addpriv;
}
/***************************************************************************
@@ -162,11 +158,7 @@ void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv )
void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv )
{
- int i;
-
- for ( i=0; i<SE_PRIV_MASKSIZE; i++ ) {
- mask->mask[i] &= ~removepriv->mask[i];
- }
+ *mask &= ~*removepriv;
}
/***************************************************************************
@@ -188,7 +180,7 @@ static void se_priv_invert( SE_PRIV *new_mask, const SE_PRIV *mask )
bool se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 )
{
- return ( memcmp(mask1, mask2, sizeof(SE_PRIV)) == 0 );
+ return *mask1 == *mask2;
}
/***************************************************************************
@@ -198,13 +190,10 @@ bool se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 )
static bool se_priv_empty( const SE_PRIV *mask )
{
SE_PRIV p1;
- int i;
se_priv_copy( &p1, mask );
- for ( i=0; i<SE_PRIV_MASKSIZE; i++ ) {
- p1.mask[i] &= se_priv_all.mask[i];
- }
+ p1 &= se_priv_all;
return se_priv_equal( &p1, &se_priv_none );
}
@@ -233,15 +222,7 @@ bool se_priv_from_name( const char *name, SE_PRIV *mask )
void dump_se_priv( int dbg_cl, int dbg_lvl, const SE_PRIV *mask )
{
- int i;
-
- DEBUGADDC( dbg_cl, dbg_lvl,("SE_PRIV "));
-
- for ( i=0; i<SE_PRIV_MASKSIZE; i++ ) {
- DEBUGADDC( dbg_cl, dbg_lvl,(" 0x%x", mask->mask[i] ));
- }
-
- DEBUGADDC( dbg_cl, dbg_lvl, ("\n"));
+ DEBUGADDC( dbg_cl, dbg_lvl,("SE_PRIV 0x%llx\n", (unsigned long long)*mask));
}
/****************************************************************************