diff options
| author | Jean-François Micouleau <jfm@samba.org> | 2001-11-29 16:05:05 +0000 |
|---|---|---|
| committer | Jean-François Micouleau <jfm@samba.org> | 2001-11-29 16:05:05 +0000 |
| commit | fac01bda8bb4f52b930496c362f55aca5b112240 (patch) | |
| tree | 14657fee45b97fc453596e62bb9f64e26c26de94 /source3/include | |
| parent | 3a921f37b737cab0729cc904e514647406e6f01c (diff) | |
| download | samba-fac01bda8bb4f52b930496c362f55aca5b112240.tar.gz samba-fac01bda8bb4f52b930496c362f55aca5b112240.tar.bz2 samba-fac01bda8bb4f52b930496c362f55aca5b112240.zip | |
Changed again how the privilege list is handled in the group mapping code.
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It
makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP
struct as some privilege showing in USRMGR.EXE are not real privs but a
bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT
3.1 box to verify, but I'm too lazy (yes I still have my CDs).
Added 3 more LSA calls: SetSystemAccount, AddPrivileges and
RemovePrivileges, we can manage all this privilege from UserManager.
Time to change the NT_USER_TOKEN struct and add checks in all the rpc
functions. Fun, fun, fun.
J.F.
(This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
Diffstat (limited to 'source3/include')
| -rw-r--r-- | source3/include/mapping.h | 10 | ||||
| -rw-r--r-- | source3/include/rpc_lsa.h | 42 |
2 files changed, 51 insertions, 1 deletions
diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 9a64eefa56..4a7db6360d 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -33,13 +33,21 @@ #define ENUM_ONLY_MAPPED True #define ENUM_ALL_MAPPED False +#define PR_NONE 0x0000 +#define PR_LOG_ON_LOCALLY 0x0001 +#define PR_ACCESS_FROM_NETWORK 0x0002 +#define PR_LOG_ON_BATCH_JOB 0x0004 +#define PR_LOG_ON_SERVICE 0x0010 + + typedef struct _GROUP_MAP { gid_t gid; DOM_SID sid; enum SID_NAME_USE sid_name_use; fstring nt_name; fstring comment; - uint32 privileges[PRIV_ALL_INDEX]; + uint32 systemaccount; + PRIVILEGE_SET priv_set; } GROUP_MAP; typedef struct _PRIVS { diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index f3edac6873..ce275d4ace 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -570,6 +570,18 @@ typedef struct lsa_r_getsystemaccount } LSA_R_GETSYSTEMACCOUNT; +typedef struct lsa_q_setsystemaccount +{ + POLICY_HND pol; /* policy handle */ + uint32 access; +} LSA_Q_SETSYSTEMACCOUNT; + +typedef struct lsa_r_setsystemaccount +{ + NTSTATUS status; +} LSA_R_SETSYSTEMACCOUNT; + + typedef struct lsa_q_lookupprivvalue { POLICY_HND pol; /* policy handle */ @@ -583,6 +595,36 @@ typedef struct lsa_r_lookupprivvalue NTSTATUS status; } LSA_R_LOOKUPPRIVVALUE; + +typedef struct lsa_q_addprivs +{ + POLICY_HND pol; /* policy handle */ + uint32 count; + PRIVILEGE_SET set; +} LSA_Q_ADDPRIVS; + +typedef struct lsa_r_addprivs +{ + NTSTATUS status; +} LSA_R_ADDPRIVS; + + +typedef struct lsa_q_removeprivs +{ + POLICY_HND pol; /* policy handle */ + uint32 allrights; + uint32 ptr; + uint32 count; + PRIVILEGE_SET set; +} LSA_Q_REMOVEPRIVS; + +typedef struct lsa_r_removeprivs +{ + NTSTATUS status; +} LSA_R_REMOVEPRIVS; + + + #endif /* _RPC_LSA_H */ /* |