From 2527f5ef52400294c98b4f4345a4f18b981ff22f Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 23 Nov 2001 15:11:22 +0000 Subject: Changed how the privileges are stored in the group mapping code. It's now an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c) --- source3/include/mapping.h | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'source3/include') diff --git a/source3/include/mapping.h b/source3/include/mapping.h index f016e148ba..9a64eefa56 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -20,13 +20,26 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#define PRIV_ALL_INDEX 5 + +#define SE_PRIV_NONE 0x0000 +#define SE_PRIV_ADD_MACHINES 0x0006 +#define SE_PRIV_SEC_PRIV 0x0008 +#define SE_PRIV_TAKE_OWNER 0x0009 +#define SE_PRIV_ADD_USERS 0xff01 +#define SE_PRIV_PRINT_OPERATOR 0xff03 +#define SE_PRIV_ALL 0xffff + +#define ENUM_ONLY_MAPPED True +#define ENUM_ALL_MAPPED False + typedef struct _GROUP_MAP { gid_t gid; DOM_SID sid; enum SID_NAME_USE sid_name_use; fstring nt_name; fstring comment; - uint32 privilege; + uint32 privileges[PRIV_ALL_INDEX]; } GROUP_MAP; typedef struct _PRIVS { @@ -35,14 +48,3 @@ typedef struct _PRIVS { char *description; } PRIVS; -#define SE_PRIV_NONE 0x0000 -#define SE_PRIV_ADD_USERS 0x0001 -#define SE_PRIV_ADD_MACHINES 0x0002 -#define SE_PRIV_PRINT_OPERATOR 0x0004 -#define SE_PRIV_ALL 0xffff - -#define PRIV_ALL_INDEX 3 - - -#define ENUM_ONLY_MAPPED True -#define ENUM_ALL_MAPPED False -- cgit