summaryrefslogtreecommitdiff
path: root/source4/librpc
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-11 05:41:19 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:06:31 -0500
commit6ca874f71ad77c82d6e161a3e4772100de2ad6c5 (patch)
tree6379d5d502d779df1da563911d40249030268ac6 /source4/librpc
parent280bb1cf0fc84c61e20f6f557cecbeba726e2749 (diff)
downloadsamba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.tar.gz
samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.tar.bz2
samba-6ca874f71ad77c82d6e161a3e4772100de2ad6c5.zip
r4147: converted from NT_USER_TOKEN to struct security_token
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
Diffstat (limited to 'source4/librpc')
-rw-r--r--source4/librpc/idl/security.idl73
1 files changed, 28 insertions, 45 deletions
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 419c199f8f..662d874c86 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -148,32 +148,35 @@ interface security
/*
- privilege names
+ privilege IDs. Please keep the IDs below 64. If we get more
+ than 64 then we need to change security_token
*/
- const string SEC_PRIV_SECURITY = "SeSecurityPrivilege";
- const string SEC_PRIV_BACKUP = "SeBackupPrivilege";
- const string SEC_PRIV_RESTORE = "SeRestorePrivilege";
- const string SEC_PRIV_SYSTEMTIME = "SeSystemtimePrivilege";
- const string SEC_PRIV_SHUTDOWN = "SeShutdownPrivilege";
- const string SEC_PRIV_REMOTE_SHUTDOWN = "SeRemoteShutdownPrivilege";
- const string SEC_PRIV_TAKE_OWNERSHIP = "SeTakeOwnershipPrivilege";
- const string SEC_PRIV_DEBUG = "SeDebugPrivilege";
- const string SEC_PRIV_SYSTEM_ENVIRONMENT = "SeSystemEnvironmentPrivilege";
- const string SEC_PRIV_SYSTEM_PROFILE = "SeSystemProfilePrivilege";
- const string SEC_PRIV_PROFILE_SINGLE_PROCESS = "SeProfileSingleProcessPrivilege";
- const string SEC_PRIV_INCREASE_BASE_PRIORITY = "SeIncreaseBasePriorityPrivilege";
- const string SEC_PRIV_LOAD_DRIVER = "SeLoadDriverPrivilege";
- const string SEC_PRIV_CREATE_PAGEFILE = "SeCreatePagefilePrivilege";
- const string SEC_PRIV_INCREASE_QUOTA = "SeIncreaseQuotaPrivilege";
- const string SEC_PRIV_CHANGE_NOTIFY = "SeChangeNotifyPrivilege";
- const string SEC_PRIV_UNDOCK = "SeUndockPrivilege";
- const string SEC_PRIV_MANAGE_VOLUME = "SeManageVolumePrivilege";
- const string SEC_PRIV_IMPERSONATE = "SeImpersonatePrivilege";
- const string SEC_PRIV_CREATE_GLOBAL = "SeCreateGlobalPrivilege";
- const string SEC_PRIV_ENABLE_DELEGATION = "SeEnableDelegationPrivilege";
- const string SEC_PRIV_INTERACTIVE_LOGON = "SeInteractiveLogonRight";
- const string SEC_PRIV_NETWORK_LOGON = "SeNetworkLogonRight";
- const string SEC_PRIV_REMOTE_INTERACTIVE_LOGON = "SeRemoteInteractiveLogonRight";
+ typedef enum {
+ SEC_PRIV_SECURITY = 1,
+ SEC_PRIV_BACKUP = 2,
+ SEC_PRIV_RESTORE = 3,
+ SEC_PRIV_SYSTEMTIME = 4,
+ SEC_PRIV_SHUTDOWN = 5,
+ SEC_PRIV_REMOTE_SHUTDOWN = 6,
+ SEC_PRIV_TAKE_OWNERSHIP = 7,
+ SEC_PRIV_DEBUG = 8,
+ SEC_PRIV_SYSTEM_ENVIRONMENT = 9,
+ SEC_PRIV_SYSTEM_PROFILE = 10,
+ SEC_PRIV_PROFILE_SINGLE_PROCESS = 11,
+ SEC_PRIV_INCREASE_BASE_PRIORITY = 12,
+ SEC_PRIV_LOAD_DRIVER = 13,
+ SEC_PRIV_CREATE_PAGEFILE = 14,
+ SEC_PRIV_INCREASE_QUOTA = 15,
+ SEC_PRIV_CHANGE_NOTIFY = 16,
+ SEC_PRIV_UNDOCK = 17,
+ SEC_PRIV_MANAGE_VOLUME = 18,
+ SEC_PRIV_IMPERSONATE = 19,
+ SEC_PRIV_CREATE_GLOBAL = 20,
+ SEC_PRIV_ENABLE_DELEGATION = 21,
+ SEC_PRIV_INTERACTIVE_LOGON = 22,
+ SEC_PRIV_NETWORK_LOGON = 23,
+ SEC_PRIV_REMOTE_INTERACTIVE_LOGON = 24
+ } sec_privilege;
/* a domain SID. Note that unlike Samba3 this contains a pointer,
@@ -273,24 +276,4 @@ interface security
[range(0,0x40000),value(ndr_size_security_descriptor(r->sd))] uint32 sd_size;
[subcontext(4)] security_descriptor *sd;
} sec_desc_buf;
-
- typedef [public,printonly] struct {
- /* TODO */
- uint32 flags;
- } security_privilege;
-
- typedef [public,printonly] struct {
- uint32 flags;
- dom_sid *user_sid;
- dom_sid *group_sid;
- dom_sid *logon_sid;
- uint32 num_sids;
- dom_sid sids[num_sids];
- uint32 num_restricted_sids;
- dom_sid restricted_sids[num_restricted_sids];
- uint32 num_privileges;
- security_privilege privileges[num_privileges];
- security_acl *dacl;
- } security_token;
-
}