s3-privs Make privilege_enum_sids() take an LUID, not a bitmap

This moves one more privileges call away from direct bitmap manipuation.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

4 files changed, 12 insertions, 9 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 2e8f3c9f7e..4081a82686 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -635,7 +635,7 @@ void pidfile_unlink(void);
 
 bool get_privileges_for_sids(uint64_t *privileges, struct dom_sid *slist, int scount);
 NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids);
-NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
+NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
 			     struct dom_sid **sids, int *num_sids);
 bool grant_privilege(const struct dom_sid *sid, const uint64_t priv_mask);
 bool grant_privilege_by_name(struct dom_sid *sid, const char *name);
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
index 5988480cc0..436e456932 100644
--- a/source3/lib/privileges.c
+++ b/source3/lib/privileges.c
@@ -251,7 +251,7 @@ NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids)
  Retrieve list of SIDs granted a particular privilege
 *********************************************************************/
 
-NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
+NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
 			     struct dom_sid **sids, int *num_sids)
 {
 	struct db_context *db = get_account_pol_db();
@@ -263,7 +263,7 @@ NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
 
 	ZERO_STRUCT(priv);
 
-	priv.privilege = *mask;
+	priv.privilege = sec_privilege_mask(privilege);
 	priv.mem_ctx = mem_ctx;
 
 	db->traverse_read(db, priv_traverse_fn, &priv);
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 04e8d1970c..896ca66c6d 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -2440,7 +2440,7 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p,
 	struct dom_sid *sids = NULL;
 	int num_sids = 0;
 	uint32_t i;
-	uint64_t mask;
+	enum sec_privilege privilege;
 
 	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
 		return NT_STATUS_INVALID_HANDLE;
@@ -2458,11 +2458,12 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p,
 		return NT_STATUS_NO_SUCH_PRIVILEGE;
 	}
 
-	if (!se_priv_from_name(r->in.name->string, &mask)) {
+	privilege = sec_privilege_id(r->in.name->string);
+	if (privilege == SEC_PRIV_INVALID) {
 		return NT_STATUS_NO_SUCH_PRIVILEGE;
 	}
 
-	status = privilege_enum_sids(&mask, p->mem_ctx,
+	status = privilege_enum_sids(privilege, p->mem_ctx,
 				     &sids, &num_sids);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 4da712d8cc..53e8c96f63 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -634,7 +634,7 @@ static int net_sam_policy(struct net_context *c, int argc, const char **argv)
 static int net_sam_rights_list(struct net_context *c, int argc,
 			       const char **argv)
 {
-	uint64_t mask;
+	enum sec_privilege privilege;
 
 	if (argc > 1 || c->display_usage) {
 		d_fprintf(stderr, "%s\n%s",
@@ -653,12 +653,14 @@ static int net_sam_rights_list(struct net_context *c, int argc,
 		return 0;
 	}
 
-	if (se_priv_from_name(argv[0], &mask)) {
+	privilege = sec_privilege_id(argv[0]);
+
+	if (privilege != SEC_PRIV_INVALID) {
 		struct dom_sid *sids;
 		int i, num_sids;
 		NTSTATUS status;
 
-		status = privilege_enum_sids(&mask, talloc_tos(),
+		status = privilege_enum_sids(privilege, talloc_tos(),
 					     &sids, &num_sids);
 		if (!NT_STATUS_IS_OK(status)) {
 			d_fprintf(stderr, _("Could not list rights: %s\n"),