From cbd72ab93bc35aa71a55b190cd999dda4106be07 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 27 Aug 2010 12:19:09 +1000
Subject: libcli/security Don't export privs[] as a global variable

Instead, provide access functions for the LSA and net sam callers
for the information they need.

They still only enumerate the first 8 privileges that have traditionally
been exposed.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 libcli/security/privileges.c | 43 +++++++++++++++++++------------------------
 1 file changed, 19 insertions(+), 24 deletions(-)

(limited to 'libcli/security/privileges.c')

diff --git a/libcli/security/privileges.c b/libcli/security/privileges.c
index 24a58e49e8..a33ef57a60 100644
--- a/libcli/security/privileges.c
+++ b/libcli/security/privileges.c
@@ -55,7 +55,12 @@ const uint64_t se_take_ownership  = SE_TAKE_OWNERSHIP;
 
 #define NUM_SHORT_LIST_PRIVS 8
 
-PRIVS privs[] = {
+static const struct {
+	enum sec_privilege luid;
+	uint64_t privilege_mask;
+	const char *name;
+	const char *description;
+} privs[] = {
 
 	{SEC_PRIV_MACHINE_ACCOUNT, SE_MACHINE_ACCOUNT,   "SeMachineAccountPrivilege",	"Add machines to domain"},
 	{SEC_PRIV_TAKE_OWNERSHIP,  SE_TAKE_OWNERSHIP,    "SeTakeOwnershipPrivilege",    "Take ownership of files or other objects"},
@@ -404,7 +409,7 @@ bool user_has_any_privilege(struct security_token *token, const uint64_t *privil
 }
 
 /*******************************************************************
- return the number of elements in the privlege array
+ return the number of elements in the 'short' privlege array (traditional source3 behaviour)
 *******************************************************************/
 
 int num_privileges_in_short_list( void )
@@ -412,27 +417,6 @@ int num_privileges_in_short_list( void )
 	return NUM_SHORT_LIST_PRIVS;
 }
 
-/*********************************************************************
- Generate the struct lsa_LUIDAttribute structure based on a bitmask
- The assumption here is that the privilege has already been validated
- so we are guaranteed to find it in the list.
-*********************************************************************/
-
-enum sec_privilege get_privilege_luid( uint64_t *privilege_mask )
-{
-	int i;
-
-	uint32_t num_privs = ARRAY_SIZE(privs);
-
-	for ( i=0; i<num_privs; i++ ) {
-		if ( se_priv_equal( &privs[i].privilege_mask, privilege_mask ) ) {
-			return privs[i].luid;
-		}
-	}
-
-	return 0;
-}
-
 /****************************************************************************
  Convert a LUID to a named string
 ****************************************************************************/
@@ -613,7 +597,7 @@ enum sec_privilege sec_privilege_from_mask(uint64_t mask)
 }
 
 /*
-  map a privilege name to a privilege id. Return -1 if not found
+  assist in walking the table of privileges - return the LUID (low 32 bits) by index
 */
 enum sec_privilege sec_privilege_from_index(int idx)
 {
@@ -623,6 +607,17 @@ enum sec_privilege sec_privilege_from_index(int idx)
 	return -1;
 }
 
+/*
+  assist in walking the table of privileges - return the string constant by index
+*/
+const char *sec_privilege_name_from_index(int idx)
+{
+	if (idx >= 0 && idx<ARRAY_SIZE(privs)) {
+		return privs[idx].name;
+	}
+	return NULL;
+}
+
 
 /*
   return a privilege mask given a privilege id
-- 
cgit