From ad5ec58a714aba1f6c0894ca4e7207f1c5072949 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 30 Aug 2010 15:27:40 +1000 Subject: s3-privs Hide the bitmap-based grant_privilege and revoke_privilege The new wrappers avoid anything but the core privileges code dealing with the bitmap values directly. Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/lib/privileges.c | 40 +++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) (limited to 'source3/lib') diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 436e456932..181ea5c986 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -280,7 +280,7 @@ NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx, Add privilege to sid ****************************************************************************/ -bool grant_privilege(const struct dom_sid *sid, const uint64_t priv_mask) +static bool grant_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask) { uint64_t old_mask, new_mask; @@ -317,14 +317,27 @@ bool grant_privilege_by_name(struct dom_sid *sid, const char *name) return False; } - return grant_privilege( sid, mask ); + return grant_privilege_bitmap( sid, mask ); +} + +/*************************************************************************** + Grant a privilege set (list of LUID values) from a sid +****************************************************************************/ + +bool grant_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set) +{ + uint64_t privilege_mask; + if (!privilege_set_to_se_priv(&privilege_mask, set)) { + return false; + } + return grant_privilege_bitmap(sid, privilege_mask); } /*************************************************************************** Remove privilege from sid ****************************************************************************/ -bool revoke_privilege(const struct dom_sid *sid, const uint64_t priv_mask) +static bool revoke_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask) { uint64_t mask; @@ -344,13 +357,26 @@ bool revoke_privilege(const struct dom_sid *sid, const uint64_t priv_mask) return set_privileges( sid, &mask ); } +/*************************************************************************** + Remove a privilege set (list of LUID values) from a sid +****************************************************************************/ + +bool revoke_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set) +{ + uint64_t privilege_mask; + if (!privilege_set_to_se_priv(&privilege_mask, set)) { + return false; + } + return revoke_privilege_bitmap(sid, privilege_mask); +} + /********************************************************************* Revoke all privileges *********************************************************************/ bool revoke_all_privileges( struct dom_sid *sid ) { - return revoke_privilege( sid, SE_ALL_PRIVS); + return revoke_privilege_bitmap( sid, SE_ALL_PRIVS); } /********************************************************************* @@ -367,7 +393,7 @@ bool revoke_privilege_by_name(struct dom_sid *sid, const char *name) return False; } - return revoke_privilege(sid, mask); + return revoke_privilege_bitmap(sid, mask); } @@ -377,7 +403,7 @@ bool revoke_privilege_by_name(struct dom_sid *sid, const char *name) NTSTATUS privilege_create_account(const struct dom_sid *sid ) { - return ( grant_privilege(sid, 0) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL); + return ( grant_privilege_bitmap(sid, 0) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL); } /*************************************************************************** @@ -509,5 +535,5 @@ bool grant_all_privileges( const struct dom_sid *sid ) return False; } - return grant_privilege( sid, mask ); + return grant_privilege_bitmap( sid, mask ); } -- cgit