From fcaa86f4026cac94ed257406cbf4a59947b6029f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 26 Aug 2010 14:37:00 +1000 Subject: s3-privs Further changes to remove SE_PRIV Signed-off-by: Andrew Tridgell --- source3/include/privileges.h | 24 +++++----- source3/include/proto.h | 38 +++++++-------- source3/include/smb.h | 2 +- source3/lib/privileges_basic.c | 96 ++++++++++++++++++------------------- source3/printing/nt_printing.c | 2 +- source3/rpc_server/srv_lsa_nt.c | 12 ++--- source3/rpc_server/srv_samr_nt.c | 12 ++--- source3/rpc_server/srv_spoolss_nt.c | 18 +++---- source3/rpc_server/srv_srvsvc_nt.c | 8 ++-- source3/utils/net_sam.c | 6 +-- 10 files changed, 108 insertions(+), 110 deletions(-) diff --git a/source3/include/privileges.h b/source3/include/privileges.h index ab16edfa6d..9c07d1f2be 100644 --- a/source3/include/privileges.h +++ b/source3/include/privileges.h @@ -30,27 +30,25 @@ /* privilege bitmask */ -typedef uint64_t SE_PRIV; - /* common privilege defines */ #define SE_END 0x0 #define SE_NONE 0x0 -#define SE_ALL_PRIVS (SE_PRIV)-1 +#define SE_ALL_PRIVS (uint64_t)-1 /* defined in lib/privilegs_basic.c */ -extern const SE_PRIV se_priv_all; +extern const uint64_t se_priv_all; -extern const SE_PRIV se_priv_none; -extern const SE_PRIV se_machine_account; -extern const SE_PRIV se_print_operator; -extern const SE_PRIV se_add_users; -extern const SE_PRIV se_disk_operators; -extern const SE_PRIV se_remote_shutdown; -extern const SE_PRIV se_restore; -extern const SE_PRIV se_take_ownership; +extern const uint64_t se_priv_none; +extern const uint64_t se_machine_account; +extern const uint64_t se_print_operator; +extern const uint64_t se_add_users; +extern const uint64_t se_disk_operators; +extern const uint64_t se_remote_shutdown; +extern const uint64_t se_restore; +extern const uint64_t se_take_ownership; /* @@ -66,7 +64,7 @@ typedef struct { } PRIVILEGE_SET; typedef struct { - SE_PRIV se_priv; + uint64_t se_priv; const char *name; const char *description; struct lsa_LUID luid; diff --git a/source3/include/proto.h b/source3/include/proto.h index 5e2e0bff3d..4644a55046 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -633,13 +633,13 @@ void pidfile_unlink(void); /* The following definitions come from lib/privileges.c */ -bool get_privileges_for_sids(SE_PRIV *privileges, struct dom_sid *slist, int scount); +bool get_privileges_for_sids(uint64_t *privileges, struct dom_sid *slist, int scount); NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids); -NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx, +NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx, struct dom_sid **sids, int *num_sids); -bool grant_privilege(const struct dom_sid *sid, const SE_PRIV *priv_mask); +bool grant_privilege(const struct dom_sid *sid, const uint64_t *priv_mask); bool grant_privilege_by_name(struct dom_sid *sid, const char *name); -bool revoke_privilege(const struct dom_sid *sid, const SE_PRIV *priv_mask); +bool revoke_privilege(const struct dom_sid *sid, const uint64_t *priv_mask); bool revoke_all_privileges( struct dom_sid *sid ); bool revoke_privilege_by_name(struct dom_sid *sid, const char *name); NTSTATUS privilege_create_account(const struct dom_sid *sid ); @@ -653,23 +653,23 @@ bool grant_all_privileges( const struct dom_sid *sid ); /* The following definitions come from lib/privileges_basic.c */ -bool se_priv_copy( SE_PRIV *dst, const SE_PRIV *src ); -bool se_priv_put_all_privileges(SE_PRIV *mask); -void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv ); -void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv ); -bool se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 ); -bool se_priv_from_name( const char *name, SE_PRIV *mask ); -void dump_se_priv( int dbg_cl, int dbg_lvl, const SE_PRIV *mask ); -bool is_privilege_assigned(const SE_PRIV *privileges, - const SE_PRIV *check); +bool se_priv_copy( uint64_t *dst, const uint64_t *src ); +bool se_priv_put_all_privileges(uint64_t *mask); +void se_priv_add( uint64_t *mask, const uint64_t *addpriv ); +void se_priv_remove( uint64_t *mask, const uint64_t *removepriv ); +bool se_priv_equal( const uint64_t *mask1, const uint64_t *mask2 ); +bool se_priv_from_name( const char *name, uint64_t *mask ); +void dump_se_priv( int dbg_cl, int dbg_lvl, const uint64_t *mask ); +bool is_privilege_assigned(const uint64_t *privileges, + const uint64_t *check); const char* get_privilege_dispname( const char *name ); -bool user_has_privileges(const NT_USER_TOKEN *token, const SE_PRIV *privilege); -bool user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege); +bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege); +bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege); int count_all_privileges( void ); -struct lsa_LUIDAttribute get_privilege_luid( SE_PRIV *mask ); +struct lsa_LUIDAttribute get_privilege_luid( uint64_t *mask ); const char *luid_to_privilege_name(const struct lsa_LUID *set); -bool se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask ); -bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset ); +bool se_priv_to_privilege_set( PRIVILEGE_SET *set, uint64_t *mask ); +bool privilege_set_to_se_priv( uint64_t *mask, struct lsa_PrivilegeSet *privset ); /* The following definitions come from lib/readline.c */ @@ -5667,7 +5667,7 @@ int fncall_recv(struct tevent_req *req, int *perr); /* The following definitions come from rpc_server/srv_samr_nt.c */ NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token, - SE_PRIV *rights, uint32 rights_mask, + uint64_t *rights, uint32 rights_mask, uint32 des_access, uint32 *acc_granted, const char *debug); void map_max_allowed_access(const NT_USER_TOKEN *nt_token, diff --git a/source3/include/smb.h b/source3/include/smb.h index f109739a42..ca98a21991 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -234,7 +234,7 @@ extern const struct dom_sid global_sid_Unix_Groups; typedef struct nt_user_token { size_t num_sids; struct dom_sid *sids; - SE_PRIV privilege_mask; + uint64_t privilege_mask; } NT_USER_TOKEN; typedef struct unix_user_token { diff --git a/source3/lib/privileges_basic.c b/source3/lib/privileges_basic.c index 962b5e8514..a9f6232788 100644 --- a/source3/lib/privileges_basic.c +++ b/source3/lib/privileges_basic.c @@ -32,20 +32,20 @@ #include "includes.h" -const SE_PRIV se_priv_all = SE_ALL_PRIVS; -static const SE_PRIV se_priv_end = SE_END; +const uint64_t se_priv_all = SE_ALL_PRIVS; +static const uint64_t se_priv_end = SE_END; /* Define variables for all privileges so we can use the - SE_PRIV* in the various se_priv_XXX() functions */ + uint64_t* in the various se_priv_XXX() functions */ -const SE_PRIV se_priv_none = SE_NONE; -const SE_PRIV se_machine_account = SE_MACHINE_ACCOUNT; -const SE_PRIV se_print_operator = SE_PRINT_OPERATOR; -const SE_PRIV se_add_users = SE_ADD_USERS; -const SE_PRIV se_disk_operators = SE_DISK_OPERATOR; -const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN; -const SE_PRIV se_restore = SE_RESTORE; -const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP; +const uint64_t se_priv_none = SE_NONE; +const uint64_t se_machine_account = SE_MACHINE_ACCOUNT; +const uint64_t se_print_operator = SE_PRINT_OPERATOR; +const uint64_t se_add_users = SE_ADD_USERS; +const uint64_t se_disk_operators = SE_DISK_OPERATOR; +const uint64_t se_remote_shutdown = SE_REMOTE_SHUTDOWN; +const uint64_t se_restore = SE_RESTORE; +const uint64_t se_take_ownership = SE_TAKE_OWNERSHIP; /******************************************************************** This is a list of privileges reported by a WIndows 2000 SP4 AD DC @@ -111,15 +111,15 @@ PRIVS privs[] = { }; /*************************************************************************** - copy an SE_PRIV structure + copy an uint64_t structure ****************************************************************************/ -bool se_priv_copy( SE_PRIV *dst, const SE_PRIV *src ) +bool se_priv_copy( uint64_t *dst, const uint64_t *src ) { if ( !dst || !src ) return False; - memcpy( dst, src, sizeof(SE_PRIV) ); + memcpy( dst, src, sizeof(uint64_t) ); return True; } @@ -128,7 +128,7 @@ bool se_priv_copy( SE_PRIV *dst, const SE_PRIV *src ) put all privileges into a mask ****************************************************************************/ -bool se_priv_put_all_privileges(SE_PRIV *mask) +bool se_priv_put_all_privileges(uint64_t *mask) { int i; uint32 num_privs = count_all_privileges(); @@ -143,31 +143,31 @@ bool se_priv_put_all_privileges(SE_PRIV *mask) } /*************************************************************************** - combine 2 SE_PRIV structures and store the resulting set in mew_mask + combine 2 uint64_t structures and store the resulting set in mew_mask ****************************************************************************/ -void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv ) +void se_priv_add( uint64_t *mask, const uint64_t *addpriv ) { *mask |= *addpriv; } /*************************************************************************** - remove one SE_PRIV sytucture from another and store the resulting set + remove one uint64_t sytucture from another and store the resulting set in mew_mask ****************************************************************************/ -void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv ) +void se_priv_remove( uint64_t *mask, const uint64_t *removepriv ) { *mask &= ~*removepriv; } /*************************************************************************** - invert a given SE_PRIV and store the set in new_mask + invert a given uint64_t and store the set in new_mask ****************************************************************************/ -static void se_priv_invert( SE_PRIV *new_mask, const SE_PRIV *mask ) +static void se_priv_invert( uint64_t *new_mask, const uint64_t *mask ) { - SE_PRIV allprivs; + uint64_t allprivs; se_priv_copy( &allprivs, &se_priv_all ); se_priv_remove( &allprivs, mask ); @@ -175,21 +175,21 @@ static void se_priv_invert( SE_PRIV *new_mask, const SE_PRIV *mask ) } /*************************************************************************** - check if 2 SE_PRIV structure are equal + check if 2 uint64_t structure are equal ****************************************************************************/ -bool se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 ) +bool se_priv_equal( const uint64_t *mask1, const uint64_t *mask2 ) { return *mask1 == *mask2; } /*************************************************************************** - check if a SE_PRIV has any assigned privileges + check if a uint64_t has any assigned privileges ****************************************************************************/ -static bool se_priv_empty( const SE_PRIV *mask ) +static bool se_priv_empty( const uint64_t *mask ) { - SE_PRIV p1; + uint64_t p1; se_priv_copy( &p1, mask ); @@ -199,10 +199,10 @@ static bool se_priv_empty( const SE_PRIV *mask ) } /********************************************************************* - Lookup the SE_PRIV value for a privilege name + Lookup the uint64_t value for a privilege name *********************************************************************/ -bool se_priv_from_name( const char *name, SE_PRIV *mask ) +bool se_priv_from_name( const char *name, uint64_t *mask ) { int i; @@ -217,22 +217,22 @@ bool se_priv_from_name( const char *name, SE_PRIV *mask ) } /*************************************************************************** - dump an SE_PRIV structure to the log files + dump an uint64_t structure to the log files ****************************************************************************/ -void dump_se_priv( int dbg_cl, int dbg_lvl, const SE_PRIV *mask ) +void dump_se_priv( int dbg_cl, int dbg_lvl, const uint64_t *mask ) { - DEBUGADDC( dbg_cl, dbg_lvl,("SE_PRIV 0x%llx\n", (unsigned long long)*mask)); + DEBUGADDC( dbg_cl, dbg_lvl,("uint64_t 0x%llx\n", (unsigned long long)*mask)); } /**************************************************************************** check if the privilege is in the privilege list ****************************************************************************/ -bool is_privilege_assigned(const SE_PRIV *privileges, - const SE_PRIV *check) +bool is_privilege_assigned(const uint64_t *privileges, + const uint64_t *check) { - SE_PRIV p1, p2; + uint64_t p1, p2; if ( !privileges || !check ) return False; @@ -246,8 +246,8 @@ bool is_privilege_assigned(const SE_PRIV *privileges, se_priv_copy( &p1, check ); - /* invert the SE_PRIV we want to check for and remove that from the - original set. If we are left with the SE_PRIV we are checking + /* invert the uint64_t we want to check for and remove that from the + original set. If we are left with the uint64_t we are checking for then return True */ se_priv_invert( &p1, check ); @@ -261,9 +261,9 @@ bool is_privilege_assigned(const SE_PRIV *privileges, check if the privilege is in the privilege list ****************************************************************************/ -static bool is_any_privilege_assigned( SE_PRIV *privileges, const SE_PRIV *check ) +static bool is_any_privilege_assigned( uint64_t *privileges, const uint64_t *check ) { - SE_PRIV p1, p2; + uint64_t p1, p2; if ( !privileges || !check ) return False; @@ -277,8 +277,8 @@ static bool is_any_privilege_assigned( SE_PRIV *privileges, const SE_PRIV *check se_priv_copy( &p1, check ); - /* invert the SE_PRIV we want to check for and remove that from the - original set. If we are left with the SE_PRIV we are checking + /* invert the uint64_t we want to check for and remove that from the + original set. If we are left with the uint64_t we are checking for then return True */ se_priv_invert( &p1, check ); @@ -321,7 +321,7 @@ const char* get_privilege_dispname( const char *name ) at a time here. *****************************************************************************/ -bool user_has_privileges(const NT_USER_TOKEN *token, const SE_PRIV *privilege) +bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege) { if ( !token ) return False; @@ -334,7 +334,7 @@ bool user_has_privileges(const NT_USER_TOKEN *token, const SE_PRIV *privilege) at a time here. *****************************************************************************/ -bool user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege) +bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege) { if ( !token ) return False; @@ -361,7 +361,7 @@ int count_all_privileges( void ) so we are guaranteed to find it in the list. *********************************************************************/ -struct lsa_LUIDAttribute get_privilege_luid( SE_PRIV *mask ) +struct lsa_LUIDAttribute get_privilege_luid( uint64_t *mask ) { struct lsa_LUIDAttribute priv_luid; int i; @@ -429,7 +429,7 @@ static bool privilege_set_add(PRIVILEGE_SET *priv_set, struct lsa_LUIDAttribute /******************************************************************* *******************************************************************/ -bool se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask ) +bool se_priv_to_privilege_set( PRIVILEGE_SET *set, uint64_t *mask ) { int i; uint32 num_privs = count_all_privileges(); @@ -454,7 +454,7 @@ bool se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask ) /******************************************************************* *******************************************************************/ -static bool luid_to_se_priv( struct lsa_LUID *luid, SE_PRIV *mask ) +static bool luid_to_se_priv( struct lsa_LUID *luid, uint64_t *mask ) { int i; uint32 num_privs = count_all_privileges(); @@ -472,14 +472,14 @@ static bool luid_to_se_priv( struct lsa_LUID *luid, SE_PRIV *mask ) /******************************************************************* *******************************************************************/ -bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset ) +bool privilege_set_to_se_priv( uint64_t *mask, struct lsa_PrivilegeSet *privset ) { int i; ZERO_STRUCTP( mask ); for ( i=0; icount; i++ ) { - SE_PRIV r; + uint64_t r; /* sanity check for invalid privilege. we really only care about the low 32 bits */ diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 9f4ede22bd..186369df1f 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -2075,7 +2075,7 @@ bool print_access_check(const struct auth_serversupplied_info *server_info, WERROR result; const char *pname; TALLOC_CTX *mem_ctx = NULL; - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; /* If user is NULL then use the current_user structure */ diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 235ec12b58..12fd6a948f 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1836,7 +1836,7 @@ NTSTATUS _lsa_EnumPrivsAccount(struct pipes_struct *p, { NTSTATUS status = NT_STATUS_OK; struct lsa_info *info=NULL; - SE_PRIV mask; + uint64_t mask; PRIVILEGE_SET privileges; struct lsa_PrivilegeSet *priv_set = NULL; struct lsa_LUIDAttribute *luid_attrs = NULL; @@ -1995,7 +1995,7 @@ NTSTATUS _lsa_AddPrivilegesToAccount(struct pipes_struct *p, struct lsa_AddPrivilegesToAccount *r) { struct lsa_info *info = NULL; - SE_PRIV mask; + uint64_t mask; struct lsa_PrivilegeSet *set = NULL; /* find the connection policy handle. */ @@ -2034,7 +2034,7 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(struct pipes_struct *p, struct lsa_RemovePrivilegesFromAccount *r) { struct lsa_info *info = NULL; - SE_PRIV mask; + uint64_t mask; struct lsa_PrivilegeSet *set = NULL; /* find the connection policy handle. */ @@ -2350,7 +2350,7 @@ NTSTATUS _lsa_EnumAccountRights(struct pipes_struct *p, struct lsa_info *info = NULL; struct dom_sid sid; PRIVILEGE_SET privileges; - SE_PRIV mask; + uint64_t mask; /* find the connection policy handle. */ @@ -2405,7 +2405,7 @@ NTSTATUS _lsa_LookupPrivValue(struct pipes_struct *p, struct lsa_info *info = NULL; const char *name = NULL; struct lsa_LUIDAttribute priv_luid; - SE_PRIV mask; + uint64_t mask; /* find the connection policy handle. */ @@ -2446,7 +2446,7 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p, struct dom_sid *sids = NULL; int num_sids = 0; uint32_t i; - SE_PRIV mask; + uint64_t mask; if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) { return NT_STATUS_INVALID_HANDLE; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 6e83a3e4e5..87e50a5d40 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -180,7 +180,7 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, struct security_descriptor ********************************************************************/ NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token, - SE_PRIV *rights, uint32 rights_mask, + uint64_t *rights, uint32 rights_mask, uint32 des_access, uint32 *acc_granted, const char *debug ) { @@ -545,7 +545,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, NTSTATUS status; size_t sd_size; uint32_t extra_access = SAMR_DOMAIN_ACCESS_CREATE_USER; - SE_PRIV se_rights; + uint64_t se_rights; /* find the connection policy handle. */ @@ -2253,7 +2253,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, size_t sd_size; bool ret; NTSTATUS nt_status; - SE_PRIV se_rights; + uint64_t se_rights; NTSTATUS status; dinfo = policy_handle_find(p, r->in.domain_handle, @@ -3807,7 +3807,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, /* check this, when giving away 'add computer to domain' privs */ uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS; bool can_add_account = False; - SE_PRIV se_rights; + uint64_t se_rights; dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_DOMAIN_ACCESS_CREATE_USER, NULL, @@ -4233,7 +4233,7 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p, uint32 des_access = r->in.access_mask; size_t sd_size; NTSTATUS status; - SE_PRIV se_rights; + uint64_t se_rights; dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, NULL, @@ -6312,7 +6312,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, size_t sd_size; NTSTATUS status; bool ret; - SE_PRIV se_rights; + uint64_t se_rights; dinfo = policy_handle_find(p, r->in.domain_handle, SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, NULL, diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 881f0e5555..9a9e3f52f1 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -364,7 +364,7 @@ static WERROR delete_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, char *cmd = lp_deleteprinter_cmd(); char *command = NULL; int ret; - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; bool is_print_op = false; /* can't fail if we don't try */ @@ -1743,7 +1743,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, if ( r->in.access_mask & SERVER_ACCESS_ADMINISTER ) { - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; if (!lp_ms_add_printer_wizard()) { close_printer_handle(p, r->out.handle); @@ -1995,7 +1995,7 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p, struct spoolss_DriverInfo8 *info_win2k = NULL; int version; WERROR status; - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ @@ -2101,7 +2101,7 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p, int version; bool delete_files; WERROR status; - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ @@ -5864,7 +5864,7 @@ static WERROR add_port_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *p char *cmd = lp_addport_cmd(); char *command = NULL; int ret; - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; bool is_print_op = false; if ( !*cmd ) { @@ -5919,7 +5919,7 @@ static bool add_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, int numlines; int ret; int fd; - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; bool is_print_op = false; if (!remote_machine) { @@ -8248,7 +8248,7 @@ WERROR _spoolss_AddForm(struct pipes_struct *p, struct spoolss_AddFormInfo1 *form = r->in.info.info1; int snum = -1; WERROR status = WERR_OK; - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle); @@ -8322,7 +8322,7 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p, struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle); int snum = -1; WERROR status = WERR_OK; - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; DEBUG(5,("_spoolss_DeleteForm\n")); @@ -8382,7 +8382,7 @@ WERROR _spoolss_SetForm(struct pipes_struct *p, const char *form_name = r->in.form_name; int snum = -1; WERROR status = WERR_OK; - SE_PRIV se_printop = SE_PRINT_OPERATOR; + uint64_t se_printop = SE_PRINT_OPERATOR; struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle); diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index ceee47d443..ee879e89f7 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1535,7 +1535,7 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p, int ret; char *path = NULL; struct security_descriptor *psd = NULL; - SE_PRIV se_diskop = SE_DISK_OPERATOR; + uint64_t se_diskop = SE_DISK_OPERATOR; bool is_disk_op = False; int max_connections = 0; TALLOC_CTX *ctx = p->mem_ctx; @@ -1764,7 +1764,7 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p, int ret; char *path; struct security_descriptor *psd = NULL; - SE_PRIV se_diskop = SE_DISK_OPERATOR; + uint64_t se_diskop = SE_DISK_OPERATOR; bool is_disk_op; int max_connections = 0; TALLOC_CTX *ctx = p->mem_ctx; @@ -1941,7 +1941,7 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p, char *share_name = NULL; int ret; int snum; - SE_PRIV se_diskop = SE_DISK_OPERATOR; + uint64_t se_diskop = SE_DISK_OPERATOR; bool is_disk_op; struct share_params *params; TALLOC_CTX *ctx = p->mem_ctx; @@ -2517,7 +2517,7 @@ WERROR _srvsvc_NetFileClose(struct pipes_struct *p, struct srvsvc_NetFileClose *r) { struct enum_file_close_state state; - SE_PRIV se_diskop = SE_DISK_OPERATOR; + uint64_t se_diskop = SE_DISK_OPERATOR; bool is_disk_op; DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__)); diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 44a0b79e18..99eac045e0 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -636,7 +636,7 @@ extern PRIVS privs[]; static int net_sam_rights_list(struct net_context *c, int argc, const char **argv) { - SE_PRIV mask; + uint64_t mask; if (argc > 1 || c->display_usage) { d_fprintf(stderr, "%s\n%s", @@ -692,7 +692,7 @@ static int net_sam_rights_grant(struct net_context *c, int argc, struct dom_sid sid; enum lsa_SidType type; const char *dom, *name; - SE_PRIV mask; + uint64_t mask; int i; if (argc < 2 || c->display_usage) { @@ -731,7 +731,7 @@ static int net_sam_rights_revoke(struct net_context *c, int argc, struct dom_sid sid; enum lsa_SidType type; const char *dom, *name; - SE_PRIV mask; + uint64_t mask; int i; if (argc < 2 || c->display_usage) { -- cgit