summaryrefslogtreecommitdiff
path: root/source3/include
diff options
context:
space:
mode:
authorJean-François Micouleau <jfm@samba.org>2001-11-29 16:05:05 +0000
committerJean-François Micouleau <jfm@samba.org>2001-11-29 16:05:05 +0000
commitfac01bda8bb4f52b930496c362f55aca5b112240 (patch)
tree14657fee45b97fc453596e62bb9f64e26c26de94 /source3/include
parent3a921f37b737cab0729cc904e514647406e6f01c (diff)
downloadsamba-fac01bda8bb4f52b930496c362f55aca5b112240.tar.gz
samba-fac01bda8bb4f52b930496c362f55aca5b112240.tar.bz2
samba-fac01bda8bb4f52b930496c362f55aca5b112240.zip
Changed again how the privilege list is handled in the group mapping code.
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP struct as some privilege showing in USRMGR.EXE are not real privs but a bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT 3.1 box to verify, but I'm too lazy (yes I still have my CDs). Added 3 more LSA calls: SetSystemAccount, AddPrivileges and RemovePrivileges, we can manage all this privilege from UserManager. Time to change the NT_USER_TOKEN struct and add checks in all the rpc functions. Fun, fun, fun. J.F. (This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
Diffstat (limited to 'source3/include')
-rw-r--r--source3/include/mapping.h10
-rw-r--r--source3/include/rpc_lsa.h42
2 files changed, 51 insertions, 1 deletions
diff --git a/source3/include/mapping.h b/source3/include/mapping.h
index 9a64eefa56..4a7db6360d 100644
--- a/source3/include/mapping.h
+++ b/source3/include/mapping.h
@@ -33,13 +33,21 @@
#define ENUM_ONLY_MAPPED True
#define ENUM_ALL_MAPPED False
+#define PR_NONE 0x0000
+#define PR_LOG_ON_LOCALLY 0x0001
+#define PR_ACCESS_FROM_NETWORK 0x0002
+#define PR_LOG_ON_BATCH_JOB 0x0004
+#define PR_LOG_ON_SERVICE 0x0010
+
+
typedef struct _GROUP_MAP {
gid_t gid;
DOM_SID sid;
enum SID_NAME_USE sid_name_use;
fstring nt_name;
fstring comment;
- uint32 privileges[PRIV_ALL_INDEX];
+ uint32 systemaccount;
+ PRIVILEGE_SET priv_set;
} GROUP_MAP;
typedef struct _PRIVS {
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index f3edac6873..ce275d4ace 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -570,6 +570,18 @@ typedef struct lsa_r_getsystemaccount
} LSA_R_GETSYSTEMACCOUNT;
+typedef struct lsa_q_setsystemaccount
+{
+ POLICY_HND pol; /* policy handle */
+ uint32 access;
+} LSA_Q_SETSYSTEMACCOUNT;
+
+typedef struct lsa_r_setsystemaccount
+{
+ NTSTATUS status;
+} LSA_R_SETSYSTEMACCOUNT;
+
+
typedef struct lsa_q_lookupprivvalue
{
POLICY_HND pol; /* policy handle */
@@ -583,6 +595,36 @@ typedef struct lsa_r_lookupprivvalue
NTSTATUS status;
} LSA_R_LOOKUPPRIVVALUE;
+
+typedef struct lsa_q_addprivs
+{
+ POLICY_HND pol; /* policy handle */
+ uint32 count;
+ PRIVILEGE_SET set;
+} LSA_Q_ADDPRIVS;
+
+typedef struct lsa_r_addprivs
+{
+ NTSTATUS status;
+} LSA_R_ADDPRIVS;
+
+
+typedef struct lsa_q_removeprivs
+{
+ POLICY_HND pol; /* policy handle */
+ uint32 allrights;
+ uint32 ptr;
+ uint32 count;
+ PRIVILEGE_SET set;
+} LSA_Q_REMOVEPRIVS;
+
+typedef struct lsa_r_removeprivs
+{
+ NTSTATUS status;
+} LSA_R_REMOVEPRIVS;
+
+
+
#endif /* _RPC_LSA_H */
/*