diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-08-27 12:19:09 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-09-11 18:46:08 +1000 |
commit | cbd72ab93bc35aa71a55b190cd999dda4106be07 (patch) | |
tree | 72327385378a4efdd39c2a4f46b096f33a5b11cc /libcli | |
parent | 33ce8633d6a5e5cc54209c92397025114f0a46ea (diff) | |
download | samba-cbd72ab93bc35aa71a55b190cd999dda4106be07.tar.gz samba-cbd72ab93bc35aa71a55b190cd999dda4106be07.tar.bz2 samba-cbd72ab93bc35aa71a55b190cd999dda4106be07.zip |
libcli/security Don't export privs[] as a global variable
Instead, provide access functions for the LSA and net sam callers
for the information they need.
They still only enumerate the first 8 privileges that have traditionally
been exposed.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/security/privileges.c | 43 | ||||
-rw-r--r-- | libcli/security/privileges.h | 25 |
2 files changed, 27 insertions, 41 deletions
diff --git a/libcli/security/privileges.c b/libcli/security/privileges.c index 24a58e49e8..a33ef57a60 100644 --- a/libcli/security/privileges.c +++ b/libcli/security/privileges.c @@ -55,7 +55,12 @@ const uint64_t se_take_ownership = SE_TAKE_OWNERSHIP; #define NUM_SHORT_LIST_PRIVS 8 -PRIVS privs[] = { +static const struct { + enum sec_privilege luid; + uint64_t privilege_mask; + const char *name; + const char *description; +} privs[] = { {SEC_PRIV_MACHINE_ACCOUNT, SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain"}, {SEC_PRIV_TAKE_OWNERSHIP, SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects"}, @@ -404,7 +409,7 @@ bool user_has_any_privilege(struct security_token *token, const uint64_t *privil } /******************************************************************* - return the number of elements in the privlege array + return the number of elements in the 'short' privlege array (traditional source3 behaviour) *******************************************************************/ int num_privileges_in_short_list( void ) @@ -412,27 +417,6 @@ int num_privileges_in_short_list( void ) return NUM_SHORT_LIST_PRIVS; } -/********************************************************************* - Generate the struct lsa_LUIDAttribute structure based on a bitmask - The assumption here is that the privilege has already been validated - so we are guaranteed to find it in the list. -*********************************************************************/ - -enum sec_privilege get_privilege_luid( uint64_t *privilege_mask ) -{ - int i; - - uint32_t num_privs = ARRAY_SIZE(privs); - - for ( i=0; i<num_privs; i++ ) { - if ( se_priv_equal( &privs[i].privilege_mask, privilege_mask ) ) { - return privs[i].luid; - } - } - - return 0; -} - /**************************************************************************** Convert a LUID to a named string ****************************************************************************/ @@ -613,7 +597,7 @@ enum sec_privilege sec_privilege_from_mask(uint64_t mask) } /* - map a privilege name to a privilege id. Return -1 if not found + assist in walking the table of privileges - return the LUID (low 32 bits) by index */ enum sec_privilege sec_privilege_from_index(int idx) { @@ -623,6 +607,17 @@ enum sec_privilege sec_privilege_from_index(int idx) return -1; } +/* + assist in walking the table of privileges - return the string constant by index +*/ +const char *sec_privilege_name_from_index(int idx) +{ + if (idx >= 0 && idx<ARRAY_SIZE(privs)) { + return privs[idx].name; + } + return NULL; +} + /* return a privilege mask given a privilege id diff --git a/libcli/security/privileges.h b/libcli/security/privileges.h index e1cfbbb404..e715c468c2 100644 --- a/libcli/security/privileges.h +++ b/libcli/security/privileges.h @@ -63,13 +63,6 @@ typedef struct { struct lsa_LUIDAttribute *set; } PRIVILEGE_SET; -typedef struct { - enum sec_privilege luid; - uint64_t privilege_mask; - const char *name; - const char *description; -} PRIVS; - /*************************************************************************** copy an uint64_t structure ****************************************************************************/ @@ -137,18 +130,11 @@ bool user_has_privileges(const struct security_token *token, const uint64_t *pri bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege_mask); /******************************************************************* - return the number of elements in the privlege array + return the number of elements in the 'short' privlege array (traditional source3 behaviour) *******************************************************************/ -int count_all_privileges( void ); - -/********************************************************************* - Generate the struct lsa_LUIDAttribute structure based on a bitmask - The assumption here is that the privilege has already been validated - so we are guaranteed to find it in the list. -*********************************************************************/ +int num_privileges_in_short_list( void ); -enum sec_privilege get_privilege_luid( uint64_t *privilege_mask ); /**************************************************************************** Convert a LUID to a named string ****************************************************************************/ @@ -181,11 +167,16 @@ enum sec_privilege sec_privilege_id(const char *name); enum sec_privilege sec_privilege_from_mask(uint64_t mask); /* - map a privilege name to a privilege id. Return -1 if not found + assist in walking the table of privileges - return the LUID (low 32 bits) by index */ enum sec_privilege sec_privilege_from_index(int idx); /* + assist in walking the table of privileges - return the string constant by index +*/ +const char *sec_privilege_name_from_index(int idx); + +/* return true if a security_token has a particular privilege bit set */ bool security_token_has_privilege(const struct security_token *token, enum sec_privilege privilege); |