summaryrefslogtreecommitdiff
path: root/libcli
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-08-27 12:19:09 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-09-11 18:46:08 +1000
commitcbd72ab93bc35aa71a55b190cd999dda4106be07 (patch)
tree72327385378a4efdd39c2a4f46b096f33a5b11cc /libcli
parent33ce8633d6a5e5cc54209c92397025114f0a46ea (diff)
downloadsamba-cbd72ab93bc35aa71a55b190cd999dda4106be07.tar.gz
samba-cbd72ab93bc35aa71a55b190cd999dda4106be07.tar.bz2
samba-cbd72ab93bc35aa71a55b190cd999dda4106be07.zip
libcli/security Don't export privs[] as a global variable
Instead, provide access functions for the LSA and net sam callers for the information they need. They still only enumerate the first 8 privileges that have traditionally been exposed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r--libcli/security/privileges.c43
-rw-r--r--libcli/security/privileges.h25
2 files changed, 27 insertions, 41 deletions
diff --git a/libcli/security/privileges.c b/libcli/security/privileges.c
index 24a58e49e8..a33ef57a60 100644
--- a/libcli/security/privileges.c
+++ b/libcli/security/privileges.c
@@ -55,7 +55,12 @@ const uint64_t se_take_ownership = SE_TAKE_OWNERSHIP;
#define NUM_SHORT_LIST_PRIVS 8
-PRIVS privs[] = {
+static const struct {
+ enum sec_privilege luid;
+ uint64_t privilege_mask;
+ const char *name;
+ const char *description;
+} privs[] = {
{SEC_PRIV_MACHINE_ACCOUNT, SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain"},
{SEC_PRIV_TAKE_OWNERSHIP, SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects"},
@@ -404,7 +409,7 @@ bool user_has_any_privilege(struct security_token *token, const uint64_t *privil
}
/*******************************************************************
- return the number of elements in the privlege array
+ return the number of elements in the 'short' privlege array (traditional source3 behaviour)
*******************************************************************/
int num_privileges_in_short_list( void )
@@ -412,27 +417,6 @@ int num_privileges_in_short_list( void )
return NUM_SHORT_LIST_PRIVS;
}
-/*********************************************************************
- Generate the struct lsa_LUIDAttribute structure based on a bitmask
- The assumption here is that the privilege has already been validated
- so we are guaranteed to find it in the list.
-*********************************************************************/
-
-enum sec_privilege get_privilege_luid( uint64_t *privilege_mask )
-{
- int i;
-
- uint32_t num_privs = ARRAY_SIZE(privs);
-
- for ( i=0; i<num_privs; i++ ) {
- if ( se_priv_equal( &privs[i].privilege_mask, privilege_mask ) ) {
- return privs[i].luid;
- }
- }
-
- return 0;
-}
-
/****************************************************************************
Convert a LUID to a named string
****************************************************************************/
@@ -613,7 +597,7 @@ enum sec_privilege sec_privilege_from_mask(uint64_t mask)
}
/*
- map a privilege name to a privilege id. Return -1 if not found
+ assist in walking the table of privileges - return the LUID (low 32 bits) by index
*/
enum sec_privilege sec_privilege_from_index(int idx)
{
@@ -623,6 +607,17 @@ enum sec_privilege sec_privilege_from_index(int idx)
return -1;
}
+/*
+ assist in walking the table of privileges - return the string constant by index
+*/
+const char *sec_privilege_name_from_index(int idx)
+{
+ if (idx >= 0 && idx<ARRAY_SIZE(privs)) {
+ return privs[idx].name;
+ }
+ return NULL;
+}
+
/*
return a privilege mask given a privilege id
diff --git a/libcli/security/privileges.h b/libcli/security/privileges.h
index e1cfbbb404..e715c468c2 100644
--- a/libcli/security/privileges.h
+++ b/libcli/security/privileges.h
@@ -63,13 +63,6 @@ typedef struct {
struct lsa_LUIDAttribute *set;
} PRIVILEGE_SET;
-typedef struct {
- enum sec_privilege luid;
- uint64_t privilege_mask;
- const char *name;
- const char *description;
-} PRIVS;
-
/***************************************************************************
copy an uint64_t structure
****************************************************************************/
@@ -137,18 +130,11 @@ bool user_has_privileges(const struct security_token *token, const uint64_t *pri
bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege_mask);
/*******************************************************************
- return the number of elements in the privlege array
+ return the number of elements in the 'short' privlege array (traditional source3 behaviour)
*******************************************************************/
-int count_all_privileges( void );
-
-/*********************************************************************
- Generate the struct lsa_LUIDAttribute structure based on a bitmask
- The assumption here is that the privilege has already been validated
- so we are guaranteed to find it in the list.
-*********************************************************************/
+int num_privileges_in_short_list( void );
-enum sec_privilege get_privilege_luid( uint64_t *privilege_mask );
/****************************************************************************
Convert a LUID to a named string
****************************************************************************/
@@ -181,11 +167,16 @@ enum sec_privilege sec_privilege_id(const char *name);
enum sec_privilege sec_privilege_from_mask(uint64_t mask);
/*
- map a privilege name to a privilege id. Return -1 if not found
+ assist in walking the table of privileges - return the LUID (low 32 bits) by index
*/
enum sec_privilege sec_privilege_from_index(int idx);
/*
+ assist in walking the table of privileges - return the string constant by index
+*/
+const char *sec_privilege_name_from_index(int idx);
+
+/*
return true if a security_token has a particular privilege bit set
*/
bool security_token_has_privilege(const struct security_token *token, enum sec_privilege privilege);