From ad5ec58a714aba1f6c0894ca4e7207f1c5072949 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 30 Aug 2010 15:27:40 +1000
Subject: s3-privs Hide the bitmap-based grant_privilege and revoke_privilege

The new wrappers avoid anything but the core privileges code
dealing with the bitmap values directly.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 source3/rpc_server/srv_lsa_nt.c | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

(limited to 'source3/rpc_server/srv_lsa_nt.c')

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 896ca66c6d..d0cf4e4716 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1990,7 +1990,6 @@ NTSTATUS _lsa_AddPrivilegesToAccount(struct pipes_struct *p,
 				     struct lsa_AddPrivilegesToAccount *r)
 {
 	struct lsa_info *info = NULL;
-	uint64_t mask;
 	struct lsa_PrivilegeSet *set = NULL;
 
 	/* find the connection policy handle. */
@@ -2006,13 +2005,10 @@ NTSTATUS _lsa_AddPrivilegesToAccount(struct pipes_struct *p,
 	}
 
 	set = r->in.privs;
-	if ( !privilege_set_to_se_priv( &mask, set ) )
-		return NT_STATUS_NO_SUCH_PRIVILEGE;
 
-	if ( !grant_privilege( &info->sid, mask ) ) {
-		DEBUG(3,("_lsa_AddPrivilegesToAccount: grant_privilege(%s) failed!\n",
+	if ( !grant_privilege_set( &info->sid, set ) ) {
+		DEBUG(3,("_lsa_AddPrivilegesToAccount: grant_privilege_set(%s) failed!\n",
 			 sid_string_dbg(&info->sid) ));
-		DEBUG(3,("Privilege mask: 0x%llx\n", (unsigned long long)mask));
 		return NT_STATUS_NO_SUCH_PRIVILEGE;
 	}
 
@@ -2028,7 +2024,6 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(struct pipes_struct *p,
 					  struct lsa_RemovePrivilegesFromAccount *r)
 {
 	struct lsa_info *info = NULL;
-	uint64_t mask;
 	struct lsa_PrivilegeSet *set = NULL;
 
 	/* find the connection policy handle. */
@@ -2045,13 +2040,9 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(struct pipes_struct *p,
 
 	set = r->in.privs;
 
-	if ( !privilege_set_to_se_priv( &mask, set ) )
-		return NT_STATUS_NO_SUCH_PRIVILEGE;
-
-	if ( !revoke_privilege( &info->sid, mask ) ) {
+	if ( !revoke_privilege_set( &info->sid, set) ) {
 		DEBUG(3,("_lsa_RemovePrivilegesFromAccount: revoke_privilege(%s) failed!\n",
 			 sid_string_dbg(&info->sid) ));
-		DEBUG(3,("Privilege mask: 0x%llx\n", (unsigned long long)mask));
 		return NT_STATUS_NO_SUCH_PRIVILEGE;
 	}
 
-- 
cgit