5 files changed, 64 insertions, 11 deletions

diff --git a/source3/include/auth.h b/source3/include/auth.h
index ecf4d539d8..27cdc1e3f5 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -86,6 +86,7 @@ typedef struct auth_serversupplied_info
 	/* NT group information taken from the info3 structure */
 	
 	NT_USER_TOKEN *ptok;
+	PRIVILEGE_SET *privs;
 	
 	DATA_BLOB nt_session_key;
 	DATA_BLOB lm_session_key;
diff --git a/source3/include/includes.h b/source3/include/includes.h
index db060907e4..a594e309df 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -783,6 +783,8 @@ extern int errno;
 
 #include "version.h"
 
+#include "privileges.h"
+
 #include "smb.h"
 
 #include "nameserv.h"
@@ -791,8 +793,6 @@ extern int errno;
 
 #include "byteorder.h"
 
-#include "privileges.h"
-
 #include "rpc_creds.h"
 
 #include "mapping.h"
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 668bbcc2de..d471eb53f3 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -362,6 +362,16 @@ typedef struct pdb_context
 	NTSTATUS (*pdb_update_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust);
 	
 	NTSTATUS (*pdb_delete_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust);
+
+	/* privileges functions */
+
+	NTSTATUS (*pdb_add_sid_to_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid);
+
+	NTSTATUS (*pdb_remove_sid_from_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid);
+
+	NTSTATUS (*pdb_get_privilege_set)(struct pdb_context *context, NT_USER_TOKEN *token, PRIVILEGE_SET *privs);
+	
+	NTSTATUS (*pdb_get_privilege_entry)(struct pdb_context *context, const char *privname, char **sid_list);
 	
 	void (*free_fn)(struct pdb_context **);
 	
@@ -467,6 +477,16 @@ typedef struct pdb_methods
 	
 	NTSTATUS (*delete_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust);
 
+	/* privileges functions */
+
+	NTSTATUS (*add_sid_to_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid);
+
+	NTSTATUS (*remove_sid_from_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid);
+
+	NTSTATUS (*get_privilege_set)(struct pdb_methods *methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privs);
+
+	NTSTATUS (*get_privilege_entry)(struct pdb_methods *methods, const char *privname, char **sid_list);
+
 } PDB_METHODS;
 
 typedef NTSTATUS (*pdb_init_function)(struct pdb_context *, 
diff --git a/source3/include/privileges.h b/source3/include/privileges.h
index b7e1b44c2a..289afa234e 100644
--- a/source3/include/privileges.h
+++ b/source3/include/privileges.h
@@ -23,15 +23,39 @@
 #ifndef PRIVILEGES_H
 #define PRIVILEGES_H
 
-#define PRIV_ALL_INDEX		5
+#define PRIV_ALL_INDEX		30
 
-#define SE_PRIV_NONE		0x0000
-#define SE_PRIV_ADD_MACHINES	0x0006
-#define SE_PRIV_SEC_PRIV	0x0008
-#define SE_PRIV_TAKE_OWNER	0x0009
-#define SE_PRIV_ADD_USERS	0xff01
-#define SE_PRIV_PRINT_OPERATOR	0xff03
-#define SE_PRIV_ALL		0xffff
+#define SE_NONE				0
+#define SE_ASSIGN_PRIMARY_TOKEN		1
+#define SE_CREATE_TOKEN			2
+#define SE_LOCK_MEMORY			3
+#define SE_INCREASE_QUOTA		4
+#define SE_UNSOLICITED_INPUT		5
+#define SE_MACHINE_ACCOUNT		6
+#define SE_TCB				7
+#define SE_SECURITY			8
+#define SE_TAKE_OWNERSHIP		9
+#define SE_LOAD_DRIVER			10
+#define SE_SYSTEM_PROFILE		11
+#define SE_SYSTEM_TIME			12
+#define SE_PROF_SINGLE_PROCESS		13
+#define SE_INC_BASE_PRIORITY		14
+#define SE_CREATE_PAGEFILE		15
+#define SE_CREATE_PERMANENT		16
+#define SE_BACKUP			17
+#define SE_RESTORE			18
+#define SE_SHUTDOWN			19
+#define SE_DEBUG			20
+#define SE_AUDIT			21
+#define SE_SYSTEM_ENVIRONMENT		22
+#define SE_CHANGE_NOTIFY		23
+#define SE_REMOTE_SHUTDOWN		24
+#define SE_UNDOCK			25
+#define SE_SYNC_AGENT			26
+#define SE_ENABLE_DELEGATION		27
+#define SE_PRINT_OPERATOR		28
+#define SE_ADD_USERS			29
+#define SE_ALL_PRIVS			0xffff
 
 #define PR_NONE                0x0000
 #define PR_LOG_ON_LOCALLY      0x0001
@@ -39,6 +63,11 @@
 #define PR_LOG_ON_BATCH_JOB    0x0004
 #define PR_LOG_ON_SERVICE      0x0010
 
+#ifndef _BOOL
+typedef int BOOL;
+#define _BOOL       /* So we don't typedef BOOL again in vfs.h */
+#endif
+
 typedef struct LUID
 {
 	uint32 low;
@@ -49,7 +78,7 @@ typedef struct LUID_ATTR
 {
 	LUID luid;
 	uint32 attr;
-} LUID_ATTR ;
+} LUID_ATTR;
 
 typedef struct privilege_set
 {
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 5cd5e71f74..ab6f4c70d6 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -500,6 +500,7 @@ typedef struct connection_struct
 	int ngroups;
 	gid_t *groups;
 	NT_USER_TOKEN *nt_user_token;
+	PRIVILEGE_SET *privs;
 	
 	time_t lastused;
 	BOOL used;
@@ -519,6 +520,7 @@ struct current_user
 	int ngroups;
 	gid_t *groups;
 	NT_USER_TOKEN *nt_user_token;
+	PRIVILEGE_SET *privs;
 };
 
 /* Defines for the sent_oplock_break field above. */
@@ -1546,6 +1548,7 @@ typedef struct user_struct
 	gid_t *groups;
 
 	NT_USER_TOKEN *nt_user_token;
+	PRIVILEGE_SET *privs;
 
 	DATA_BLOB session_key;