From 4080ff7af5eec946a01c52f8d9ba01f1ef81fe71 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 30 Aug 2010 14:17:02 +1000 Subject: s3-privs Make privilege_enum_sids() take an LUID, not a bitmap This moves one more privileges call away from direct bitmap manipuation. Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/include/proto.h | 2 +- source3/lib/privileges.c | 4 ++-- source3/rpc_server/srv_lsa_nt.c | 7 ++++--- source3/utils/net_sam.c | 8 +++++--- 4 files changed, 12 insertions(+), 9 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 2e8f3c9f7e..4081a82686 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -635,7 +635,7 @@ void pidfile_unlink(void); bool get_privileges_for_sids(uint64_t *privileges, struct dom_sid *slist, int scount); NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids); -NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx, +NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx, struct dom_sid **sids, int *num_sids); bool grant_privilege(const struct dom_sid *sid, const uint64_t priv_mask); bool grant_privilege_by_name(struct dom_sid *sid, const char *name); diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c index 5988480cc0..436e456932 100644 --- a/source3/lib/privileges.c +++ b/source3/lib/privileges.c @@ -251,7 +251,7 @@ NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids) Retrieve list of SIDs granted a particular privilege *********************************************************************/ -NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx, +NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx, struct dom_sid **sids, int *num_sids) { struct db_context *db = get_account_pol_db(); @@ -263,7 +263,7 @@ NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx, ZERO_STRUCT(priv); - priv.privilege = *mask; + priv.privilege = sec_privilege_mask(privilege); priv.mem_ctx = mem_ctx; db->traverse_read(db, priv_traverse_fn, &priv); diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 04e8d1970c..896ca66c6d 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -2440,7 +2440,7 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p, struct dom_sid *sids = NULL; int num_sids = 0; uint32_t i; - uint64_t mask; + enum sec_privilege privilege; if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) { return NT_STATUS_INVALID_HANDLE; @@ -2458,11 +2458,12 @@ NTSTATUS _lsa_EnumAccountsWithUserRight(struct pipes_struct *p, return NT_STATUS_NO_SUCH_PRIVILEGE; } - if (!se_priv_from_name(r->in.name->string, &mask)) { + privilege = sec_privilege_id(r->in.name->string); + if (privilege == SEC_PRIV_INVALID) { return NT_STATUS_NO_SUCH_PRIVILEGE; } - status = privilege_enum_sids(&mask, p->mem_ctx, + status = privilege_enum_sids(privilege, p->mem_ctx, &sids, &num_sids); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 4da712d8cc..53e8c96f63 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -634,7 +634,7 @@ static int net_sam_policy(struct net_context *c, int argc, const char **argv) static int net_sam_rights_list(struct net_context *c, int argc, const char **argv) { - uint64_t mask; + enum sec_privilege privilege; if (argc > 1 || c->display_usage) { d_fprintf(stderr, "%s\n%s", @@ -653,12 +653,14 @@ static int net_sam_rights_list(struct net_context *c, int argc, return 0; } - if (se_priv_from_name(argv[0], &mask)) { + privilege = sec_privilege_id(argv[0]); + + if (privilege != SEC_PRIV_INVALID) { struct dom_sid *sids; int i, num_sids; NTSTATUS status; - status = privilege_enum_sids(&mask, talloc_tos(), + status = privilege_enum_sids(privilege, talloc_tos(), &sids, &num_sids); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Could not list rights: %s\n"), -- cgit