diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-11 05:41:19 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:06:31 -0500 |
commit | 6ca874f71ad77c82d6e161a3e4772100de2ad6c5 (patch) | |
tree | 6379d5d502d779df1da563911d40249030268ac6 /source4/librpc | |
parent | 280bb1cf0fc84c61e20f6f557cecbeba726e2749 (diff) | |
download | samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.tar.gz samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.tar.bz2 samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.zip |
r4147: converted from NT_USER_TOKEN to struct security_token
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/idl/security.idl | 73 |
1 files changed, 28 insertions, 45 deletions
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl index 419c199f8f..662d874c86 100644 --- a/source4/librpc/idl/security.idl +++ b/source4/librpc/idl/security.idl @@ -148,32 +148,35 @@ interface security /* - privilege names + privilege IDs. Please keep the IDs below 64. If we get more + than 64 then we need to change security_token */ - const string SEC_PRIV_SECURITY = "SeSecurityPrivilege"; - const string SEC_PRIV_BACKUP = "SeBackupPrivilege"; - const string SEC_PRIV_RESTORE = "SeRestorePrivilege"; - const string SEC_PRIV_SYSTEMTIME = "SeSystemtimePrivilege"; - const string SEC_PRIV_SHUTDOWN = "SeShutdownPrivilege"; - const string SEC_PRIV_REMOTE_SHUTDOWN = "SeRemoteShutdownPrivilege"; - const string SEC_PRIV_TAKE_OWNERSHIP = "SeTakeOwnershipPrivilege"; - const string SEC_PRIV_DEBUG = "SeDebugPrivilege"; - const string SEC_PRIV_SYSTEM_ENVIRONMENT = "SeSystemEnvironmentPrivilege"; - const string SEC_PRIV_SYSTEM_PROFILE = "SeSystemProfilePrivilege"; - const string SEC_PRIV_PROFILE_SINGLE_PROCESS = "SeProfileSingleProcessPrivilege"; - const string SEC_PRIV_INCREASE_BASE_PRIORITY = "SeIncreaseBasePriorityPrivilege"; - const string SEC_PRIV_LOAD_DRIVER = "SeLoadDriverPrivilege"; - const string SEC_PRIV_CREATE_PAGEFILE = "SeCreatePagefilePrivilege"; - const string SEC_PRIV_INCREASE_QUOTA = "SeIncreaseQuotaPrivilege"; - const string SEC_PRIV_CHANGE_NOTIFY = "SeChangeNotifyPrivilege"; - const string SEC_PRIV_UNDOCK = "SeUndockPrivilege"; - const string SEC_PRIV_MANAGE_VOLUME = "SeManageVolumePrivilege"; - const string SEC_PRIV_IMPERSONATE = "SeImpersonatePrivilege"; - const string SEC_PRIV_CREATE_GLOBAL = "SeCreateGlobalPrivilege"; - const string SEC_PRIV_ENABLE_DELEGATION = "SeEnableDelegationPrivilege"; - const string SEC_PRIV_INTERACTIVE_LOGON = "SeInteractiveLogonRight"; - const string SEC_PRIV_NETWORK_LOGON = "SeNetworkLogonRight"; - const string SEC_PRIV_REMOTE_INTERACTIVE_LOGON = "SeRemoteInteractiveLogonRight"; + typedef enum { + SEC_PRIV_SECURITY = 1, + SEC_PRIV_BACKUP = 2, + SEC_PRIV_RESTORE = 3, + SEC_PRIV_SYSTEMTIME = 4, + SEC_PRIV_SHUTDOWN = 5, + SEC_PRIV_REMOTE_SHUTDOWN = 6, + SEC_PRIV_TAKE_OWNERSHIP = 7, + SEC_PRIV_DEBUG = 8, + SEC_PRIV_SYSTEM_ENVIRONMENT = 9, + SEC_PRIV_SYSTEM_PROFILE = 10, + SEC_PRIV_PROFILE_SINGLE_PROCESS = 11, + SEC_PRIV_INCREASE_BASE_PRIORITY = 12, + SEC_PRIV_LOAD_DRIVER = 13, + SEC_PRIV_CREATE_PAGEFILE = 14, + SEC_PRIV_INCREASE_QUOTA = 15, + SEC_PRIV_CHANGE_NOTIFY = 16, + SEC_PRIV_UNDOCK = 17, + SEC_PRIV_MANAGE_VOLUME = 18, + SEC_PRIV_IMPERSONATE = 19, + SEC_PRIV_CREATE_GLOBAL = 20, + SEC_PRIV_ENABLE_DELEGATION = 21, + SEC_PRIV_INTERACTIVE_LOGON = 22, + SEC_PRIV_NETWORK_LOGON = 23, + SEC_PRIV_REMOTE_INTERACTIVE_LOGON = 24 + } sec_privilege; /* a domain SID. Note that unlike Samba3 this contains a pointer, @@ -273,24 +276,4 @@ interface security [range(0,0x40000),value(ndr_size_security_descriptor(r->sd))] uint32 sd_size; [subcontext(4)] security_descriptor *sd; } sec_desc_buf; - - typedef [public,printonly] struct { - /* TODO */ - uint32 flags; - } security_privilege; - - typedef [public,printonly] struct { - uint32 flags; - dom_sid *user_sid; - dom_sid *group_sid; - dom_sid *logon_sid; - uint32 num_sids; - dom_sid sids[num_sids]; - uint32 num_restricted_sids; - dom_sid restricted_sids[num_restricted_sids]; - uint32 num_privileges; - security_privilege privileges[num_privileges]; - security_acl *dacl; - } security_token; - } |