#define NUM_SHORT_LIST_PRIVS 8
-PRIVS privs[] = {
+static const struct {
+ enum sec_privilege luid;
+ uint64_t privilege_mask;
+ const char *name;
+ const char *description;
+} privs[] = {
{SEC_PRIV_MACHINE_ACCOUNT, SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Add machines to domain"},
{SEC_PRIV_TAKE_OWNERSHIP, SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take ownership of files or other objects"},
}
/*******************************************************************
- return the number of elements in the privlege array
+ return the number of elements in the 'short' privlege array (traditional source3 behaviour)
*******************************************************************/
int num_privileges_in_short_list( void )
return NUM_SHORT_LIST_PRIVS;
}
-/*********************************************************************
- Generate the struct lsa_LUIDAttribute structure based on a bitmask
- The assumption here is that the privilege has already been validated
- so we are guaranteed to find it in the list.
-*********************************************************************/
-
-enum sec_privilege get_privilege_luid( uint64_t *privilege_mask )
-{
- int i;
-
- uint32_t num_privs = ARRAY_SIZE(privs);
-
- for ( i=0; i<num_privs; i++ ) {
- if ( se_priv_equal( &privs[i].privilege_mask, privilege_mask ) ) {
- return privs[i].luid;
- }
- }
-
- return 0;
-}
-
/****************************************************************************
Convert a LUID to a named string
****************************************************************************/
}
/*
- map a privilege name to a privilege id. Return -1 if not found
+ assist in walking the table of privileges - return the LUID (low 32 bits) by index
*/
enum sec_privilege sec_privilege_from_index(int idx)
{
return -1;
}
+/*
+ assist in walking the table of privileges - return the string constant by index
+*/
+const char *sec_privilege_name_from_index(int idx)
+{
+ if (idx >= 0 && idx<ARRAY_SIZE(privs)) {
+ return privs[idx].name;
+ }
+ return NULL;
+}
+
/*
return a privilege mask given a privilege id
struct lsa_LUIDAttribute *set;
} PRIVILEGE_SET;
-typedef struct {
- enum sec_privilege luid;
- uint64_t privilege_mask;
- const char *name;
- const char *description;
-} PRIVS;
-
/***************************************************************************
copy an uint64_t structure
****************************************************************************/
bool user_has_any_privilege(struct security_token *token, const uint64_t *privilege_mask);
/*******************************************************************
- return the number of elements in the privlege array
+ return the number of elements in the 'short' privlege array (traditional source3 behaviour)
*******************************************************************/
-int count_all_privileges( void );
-
-/*********************************************************************
- Generate the struct lsa_LUIDAttribute structure based on a bitmask
- The assumption here is that the privilege has already been validated
- so we are guaranteed to find it in the list.
-*********************************************************************/
+int num_privileges_in_short_list( void );
-enum sec_privilege get_privilege_luid( uint64_t *privilege_mask );
/****************************************************************************
Convert a LUID to a named string
****************************************************************************/
enum sec_privilege sec_privilege_from_mask(uint64_t mask);
/*
- map a privilege name to a privilege id. Return -1 if not found
+ assist in walking the table of privileges - return the LUID (low 32 bits) by index
*/
enum sec_privilege sec_privilege_from_index(int idx);
+/*
+ assist in walking the table of privileges - return the string constant by index
+*/
+const char *sec_privilege_name_from_index(int idx);
+
/*
return true if a security_token has a particular privilege bit set
*/
#define MAX_LOOKUP_SIDS 0x5000 /* 20480 */
-extern PRIVS privs[];
-
enum lsa_handle_type { LSA_HANDLE_POLICY_TYPE = 1, LSA_HANDLE_ACCOUNT_TYPE };
struct lsa_info {
uint32 enum_context = *r->in.resume_handle;
int num_privs = num_privileges_in_short_list();
struct lsa_PrivEntry *entries = NULL;
- struct lsa_LUIDAttribute luid;
/* remember that the enum_context starts at 0 and not 1 */
entries[i].luid.high = 0;
} else {
- init_lsa_StringLarge(&entries[i].name, privs[i].name);
+ init_lsa_StringLarge(&entries[i].name, sec_privilege_name_from_index(i));
- entries[i].luid.low = get_privilege_luid( &privs[i].privilege_mask );
+ entries[i].luid.low = sec_privilege_from_index(i);
entries[i].luid.high = 0;
}
}
return net_run_function(c, argc, argv, "net sam policy", func);
}
-extern PRIVS privs[];
-
static int net_sam_rights_list(struct net_context *c, int argc,
const char **argv)
{
if (argc == 0) {
int i;
- int num = count_all_privileges();
+ int num = num_privileges_in_short_list();
for (i=0; i<num; i++) {
- d_printf("%s\n", privs[i].name);
+ d_printf("%s\n", sec_privilege_name_from_index(i));
}
return 0;
}
git.samba.org / abartlet / samba.git / .git / commitdiff