/* privilege bitmask */
-typedef uint64_t SE_PRIV;
-
/* common privilege defines */
#define SE_END 0x0
#define SE_NONE 0x0
-#define SE_ALL_PRIVS (SE_PRIV)-1
+#define SE_ALL_PRIVS (uint64_t)-1
/* defined in lib/privilegs_basic.c */
-extern const SE_PRIV se_priv_all;
+extern const uint64_t se_priv_all;
-extern const SE_PRIV se_priv_none;
-extern const SE_PRIV se_machine_account;
-extern const SE_PRIV se_print_operator;
-extern const SE_PRIV se_add_users;
-extern const SE_PRIV se_disk_operators;
-extern const SE_PRIV se_remote_shutdown;
-extern const SE_PRIV se_restore;
-extern const SE_PRIV se_take_ownership;
+extern const uint64_t se_priv_none;
+extern const uint64_t se_machine_account;
+extern const uint64_t se_print_operator;
+extern const uint64_t se_add_users;
+extern const uint64_t se_disk_operators;
+extern const uint64_t se_remote_shutdown;
+extern const uint64_t se_restore;
+extern const uint64_t se_take_ownership;
/*
} PRIVILEGE_SET;
typedef struct {
- SE_PRIV se_priv;
+ uint64_t se_priv;
const char *name;
const char *description;
struct lsa_LUID luid;
/* The following definitions come from lib/privileges.c */
-bool get_privileges_for_sids(SE_PRIV *privileges, struct dom_sid *slist, int scount);
+bool get_privileges_for_sids(uint64_t *privileges, struct dom_sid *slist, int scount);
NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids);
-NTSTATUS privilege_enum_sids(const SE_PRIV *mask, TALLOC_CTX *mem_ctx,
+NTSTATUS privilege_enum_sids(const uint64_t *mask, TALLOC_CTX *mem_ctx,
struct dom_sid **sids, int *num_sids);
-bool grant_privilege(const struct dom_sid *sid, const SE_PRIV *priv_mask);
+bool grant_privilege(const struct dom_sid *sid, const uint64_t *priv_mask);
bool grant_privilege_by_name(struct dom_sid *sid, const char *name);
-bool revoke_privilege(const struct dom_sid *sid, const SE_PRIV *priv_mask);
+bool revoke_privilege(const struct dom_sid *sid, const uint64_t *priv_mask);
bool revoke_all_privileges( struct dom_sid *sid );
bool revoke_privilege_by_name(struct dom_sid *sid, const char *name);
NTSTATUS privilege_create_account(const struct dom_sid *sid );
/* The following definitions come from lib/privileges_basic.c */
-bool se_priv_copy( SE_PRIV *dst, const SE_PRIV *src );
-bool se_priv_put_all_privileges(SE_PRIV *mask);
-void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv );
-void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv );
-bool se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 );
-bool se_priv_from_name( const char *name, SE_PRIV *mask );
-void dump_se_priv( int dbg_cl, int dbg_lvl, const SE_PRIV *mask );
-bool is_privilege_assigned(const SE_PRIV *privileges,
- const SE_PRIV *check);
+bool se_priv_copy( uint64_t *dst, const uint64_t *src );
+bool se_priv_put_all_privileges(uint64_t *mask);
+void se_priv_add( uint64_t *mask, const uint64_t *addpriv );
+void se_priv_remove( uint64_t *mask, const uint64_t *removepriv );
+bool se_priv_equal( const uint64_t *mask1, const uint64_t *mask2 );
+bool se_priv_from_name( const char *name, uint64_t *mask );
+void dump_se_priv( int dbg_cl, int dbg_lvl, const uint64_t *mask );
+bool is_privilege_assigned(const uint64_t *privileges,
+ const uint64_t *check);
const char* get_privilege_dispname( const char *name );
-bool user_has_privileges(const NT_USER_TOKEN *token, const SE_PRIV *privilege);
-bool user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege);
+bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege);
+bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege);
int count_all_privileges( void );
-struct lsa_LUIDAttribute get_privilege_luid( SE_PRIV *mask );
+struct lsa_LUIDAttribute get_privilege_luid( uint64_t *mask );
const char *luid_to_privilege_name(const struct lsa_LUID *set);
-bool se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask );
-bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset );
+bool se_priv_to_privilege_set( PRIVILEGE_SET *set, uint64_t *mask );
+bool privilege_set_to_se_priv( uint64_t *mask, struct lsa_PrivilegeSet *privset );
/* The following definitions come from lib/readline.c */
/* The following definitions come from rpc_server/srv_samr_nt.c */
NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token,
- SE_PRIV *rights, uint32 rights_mask,
+ uint64_t *rights, uint32 rights_mask,
uint32 des_access, uint32 *acc_granted,
const char *debug);
void map_max_allowed_access(const NT_USER_TOKEN *nt_token,
typedef struct nt_user_token {
size_t num_sids;
struct dom_sid *sids;
- SE_PRIV privilege_mask;
+ uint64_t privilege_mask;
} NT_USER_TOKEN;
typedef struct unix_user_token {
#include "includes.h"
-const SE_PRIV se_priv_all = SE_ALL_PRIVS;
-static const SE_PRIV se_priv_end = SE_END;
+const uint64_t se_priv_all = SE_ALL_PRIVS;
+static const uint64_t se_priv_end = SE_END;
/* Define variables for all privileges so we can use the
- SE_PRIV* in the various se_priv_XXX() functions */
+ uint64_t* in the various se_priv_XXX() functions */
-const SE_PRIV se_priv_none = SE_NONE;
-const SE_PRIV se_machine_account = SE_MACHINE_ACCOUNT;
-const SE_PRIV se_print_operator = SE_PRINT_OPERATOR;
-const SE_PRIV se_add_users = SE_ADD_USERS;
-const SE_PRIV se_disk_operators = SE_DISK_OPERATOR;
-const SE_PRIV se_remote_shutdown = SE_REMOTE_SHUTDOWN;
-const SE_PRIV se_restore = SE_RESTORE;
-const SE_PRIV se_take_ownership = SE_TAKE_OWNERSHIP;
+const uint64_t se_priv_none = SE_NONE;
+const uint64_t se_machine_account = SE_MACHINE_ACCOUNT;
+const uint64_t se_print_operator = SE_PRINT_OPERATOR;
+const uint64_t se_add_users = SE_ADD_USERS;
+const uint64_t se_disk_operators = SE_DISK_OPERATOR;
+const uint64_t se_remote_shutdown = SE_REMOTE_SHUTDOWN;
+const uint64_t se_restore = SE_RESTORE;
+const uint64_t se_take_ownership = SE_TAKE_OWNERSHIP;
/********************************************************************
This is a list of privileges reported by a WIndows 2000 SP4 AD DC
};
/***************************************************************************
- copy an SE_PRIV structure
+ copy an uint64_t structure
****************************************************************************/
-bool se_priv_copy( SE_PRIV *dst, const SE_PRIV *src )
+bool se_priv_copy( uint64_t *dst, const uint64_t *src )
{
if ( !dst || !src )
return False;
- memcpy( dst, src, sizeof(SE_PRIV) );
+ memcpy( dst, src, sizeof(uint64_t) );
return True;
}
put all privileges into a mask
****************************************************************************/
-bool se_priv_put_all_privileges(SE_PRIV *mask)
+bool se_priv_put_all_privileges(uint64_t *mask)
{
int i;
uint32 num_privs = count_all_privileges();
}
/***************************************************************************
- combine 2 SE_PRIV structures and store the resulting set in mew_mask
+ combine 2 uint64_t structures and store the resulting set in mew_mask
****************************************************************************/
-void se_priv_add( SE_PRIV *mask, const SE_PRIV *addpriv )
+void se_priv_add( uint64_t *mask, const uint64_t *addpriv )
{
*mask |= *addpriv;
}
/***************************************************************************
- remove one SE_PRIV sytucture from another and store the resulting set
+ remove one uint64_t sytucture from another and store the resulting set
in mew_mask
****************************************************************************/
-void se_priv_remove( SE_PRIV *mask, const SE_PRIV *removepriv )
+void se_priv_remove( uint64_t *mask, const uint64_t *removepriv )
{
*mask &= ~*removepriv;
}
/***************************************************************************
- invert a given SE_PRIV and store the set in new_mask
+ invert a given uint64_t and store the set in new_mask
****************************************************************************/
-static void se_priv_invert( SE_PRIV *new_mask, const SE_PRIV *mask )
+static void se_priv_invert( uint64_t *new_mask, const uint64_t *mask )
{
- SE_PRIV allprivs;
+ uint64_t allprivs;
se_priv_copy( &allprivs, &se_priv_all );
se_priv_remove( &allprivs, mask );
}
/***************************************************************************
- check if 2 SE_PRIV structure are equal
+ check if 2 uint64_t structure are equal
****************************************************************************/
-bool se_priv_equal( const SE_PRIV *mask1, const SE_PRIV *mask2 )
+bool se_priv_equal( const uint64_t *mask1, const uint64_t *mask2 )
{
return *mask1 == *mask2;
}
/***************************************************************************
- check if a SE_PRIV has any assigned privileges
+ check if a uint64_t has any assigned privileges
****************************************************************************/
-static bool se_priv_empty( const SE_PRIV *mask )
+static bool se_priv_empty( const uint64_t *mask )
{
- SE_PRIV p1;
+ uint64_t p1;
se_priv_copy( &p1, mask );
}
/*********************************************************************
- Lookup the SE_PRIV value for a privilege name
+ Lookup the uint64_t value for a privilege name
*********************************************************************/
-bool se_priv_from_name( const char *name, SE_PRIV *mask )
+bool se_priv_from_name( const char *name, uint64_t *mask )
{
int i;
}
/***************************************************************************
- dump an SE_PRIV structure to the log files
+ dump an uint64_t structure to the log files
****************************************************************************/
-void dump_se_priv( int dbg_cl, int dbg_lvl, const SE_PRIV *mask )
+void dump_se_priv( int dbg_cl, int dbg_lvl, const uint64_t *mask )
{
- DEBUGADDC( dbg_cl, dbg_lvl,("SE_PRIV 0x%llx\n", (unsigned long long)*mask));
+ DEBUGADDC( dbg_cl, dbg_lvl,("uint64_t 0x%llx\n", (unsigned long long)*mask));
}
/****************************************************************************
check if the privilege is in the privilege list
****************************************************************************/
-bool is_privilege_assigned(const SE_PRIV *privileges,
- const SE_PRIV *check)
+bool is_privilege_assigned(const uint64_t *privileges,
+ const uint64_t *check)
{
- SE_PRIV p1, p2;
+ uint64_t p1, p2;
if ( !privileges || !check )
return False;
se_priv_copy( &p1, check );
- /* invert the SE_PRIV we want to check for and remove that from the
- original set. If we are left with the SE_PRIV we are checking
+ /* invert the uint64_t we want to check for and remove that from the
+ original set. If we are left with the uint64_t we are checking
for then return True */
se_priv_invert( &p1, check );
check if the privilege is in the privilege list
****************************************************************************/
-static bool is_any_privilege_assigned( SE_PRIV *privileges, const SE_PRIV *check )
+static bool is_any_privilege_assigned( uint64_t *privileges, const uint64_t *check )
{
- SE_PRIV p1, p2;
+ uint64_t p1, p2;
if ( !privileges || !check )
return False;
se_priv_copy( &p1, check );
- /* invert the SE_PRIV we want to check for and remove that from the
- original set. If we are left with the SE_PRIV we are checking
+ /* invert the uint64_t we want to check for and remove that from the
+ original set. If we are left with the uint64_t we are checking
for then return True */
se_priv_invert( &p1, check );
at a time here.
*****************************************************************************/
-bool user_has_privileges(const NT_USER_TOKEN *token, const SE_PRIV *privilege)
+bool user_has_privileges(const NT_USER_TOKEN *token, const uint64_t *privilege)
{
if ( !token )
return False;
at a time here.
*****************************************************************************/
-bool user_has_any_privilege(NT_USER_TOKEN *token, const SE_PRIV *privilege)
+bool user_has_any_privilege(NT_USER_TOKEN *token, const uint64_t *privilege)
{
if ( !token )
return False;
so we are guaranteed to find it in the list.
*********************************************************************/
-struct lsa_LUIDAttribute get_privilege_luid( SE_PRIV *mask )
+struct lsa_LUIDAttribute get_privilege_luid( uint64_t *mask )
{
struct lsa_LUIDAttribute priv_luid;
int i;
/*******************************************************************
*******************************************************************/
-bool se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask )
+bool se_priv_to_privilege_set( PRIVILEGE_SET *set, uint64_t *mask )
{
int i;
uint32 num_privs = count_all_privileges();
/*******************************************************************
*******************************************************************/
-static bool luid_to_se_priv( struct lsa_LUID *luid, SE_PRIV *mask )
+static bool luid_to_se_priv( struct lsa_LUID *luid, uint64_t *mask )
{
int i;
uint32 num_privs = count_all_privileges();
/*******************************************************************
*******************************************************************/
-bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset )
+bool privilege_set_to_se_priv( uint64_t *mask, struct lsa_PrivilegeSet *privset )
{
int i;
ZERO_STRUCTP( mask );
for ( i=0; i<privset->count; i++ ) {
- SE_PRIV r;
+ uint64_t r;
/* sanity check for invalid privilege. we really
only care about the low 32 bits */
WERROR result;
const char *pname;
TALLOC_CTX *mem_ctx = NULL;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
/* If user is NULL then use the current_user structure */
{
NTSTATUS status = NT_STATUS_OK;
struct lsa_info *info=NULL;
- SE_PRIV mask;
+ uint64_t mask;
PRIVILEGE_SET privileges;
struct lsa_PrivilegeSet *priv_set = NULL;
struct lsa_LUIDAttribute *luid_attrs = NULL;
struct lsa_AddPrivilegesToAccount *r)
{
struct lsa_info *info = NULL;
- SE_PRIV mask;
+ uint64_t mask;
struct lsa_PrivilegeSet *set = NULL;
/* find the connection policy handle. */
struct lsa_RemovePrivilegesFromAccount *r)
{
struct lsa_info *info = NULL;
- SE_PRIV mask;
+ uint64_t mask;
struct lsa_PrivilegeSet *set = NULL;
/* find the connection policy handle. */
struct lsa_info *info = NULL;
struct dom_sid sid;
PRIVILEGE_SET privileges;
- SE_PRIV mask;
+ uint64_t mask;
/* find the connection policy handle. */
struct lsa_info *info = NULL;
const char *name = NULL;
struct lsa_LUIDAttribute priv_luid;
- SE_PRIV mask;
+ uint64_t mask;
/* find the connection policy handle. */
struct dom_sid *sids = NULL;
int num_sids = 0;
uint32_t i;
- SE_PRIV mask;
+ uint64_t mask;
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
return NT_STATUS_INVALID_HANDLE;
********************************************************************/
NTSTATUS access_check_object( struct security_descriptor *psd, NT_USER_TOKEN *token,
- SE_PRIV *rights, uint32 rights_mask,
+ uint64_t *rights, uint32 rights_mask,
uint32 des_access, uint32 *acc_granted,
const char *debug )
{
NTSTATUS status;
size_t sd_size;
uint32_t extra_access = SAMR_DOMAIN_ACCESS_CREATE_USER;
- SE_PRIV se_rights;
+ uint64_t se_rights;
/* find the connection policy handle. */
size_t sd_size;
bool ret;
NTSTATUS nt_status;
- SE_PRIV se_rights;
+ uint64_t se_rights;
NTSTATUS status;
dinfo = policy_handle_find(p, r->in.domain_handle,
/* check this, when giving away 'add computer to domain' privs */
uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
bool can_add_account = False;
- SE_PRIV se_rights;
+ uint64_t se_rights;
dinfo = policy_handle_find(p, r->in.domain_handle,
SAMR_DOMAIN_ACCESS_CREATE_USER, NULL,
uint32 des_access = r->in.access_mask;
size_t sd_size;
NTSTATUS status;
- SE_PRIV se_rights;
+ uint64_t se_rights;
dinfo = policy_handle_find(p, r->in.domain_handle,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, NULL,
size_t sd_size;
NTSTATUS status;
bool ret;
- SE_PRIV se_rights;
+ uint64_t se_rights;
dinfo = policy_handle_find(p, r->in.domain_handle,
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, NULL,
char *cmd = lp_deleteprinter_cmd();
char *command = NULL;
int ret;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
bool is_print_op = false;
/* can't fail if we don't try */
if ( r->in.access_mask & SERVER_ACCESS_ADMINISTER )
{
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
if (!lp_ms_add_printer_wizard()) {
close_printer_handle(p, r->out.handle);
struct spoolss_DriverInfo8 *info_win2k = NULL;
int version;
WERROR status;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
int version;
bool delete_files;
WERROR status;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
char *cmd = lp_addport_cmd();
char *command = NULL;
int ret;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
bool is_print_op = false;
if ( !*cmd ) {
int numlines;
int ret;
int fd;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
bool is_print_op = false;
if (!remote_machine) {
struct spoolss_AddFormInfo1 *form = r->in.info.info1;
int snum = -1;
WERROR status = WERR_OK;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
Printer_entry *Printer = find_printer_index_by_hnd(p, r->in.handle);
Printer_entry *Printer = find_printer_index_by_hnd(p, r->in.handle);
int snum = -1;
WERROR status = WERR_OK;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
DEBUG(5,("_spoolss_DeleteForm\n"));
const char *form_name = r->in.form_name;
int snum = -1;
WERROR status = WERR_OK;
- SE_PRIV se_printop = SE_PRINT_OPERATOR;
+ uint64_t se_printop = SE_PRINT_OPERATOR;
Printer_entry *Printer = find_printer_index_by_hnd(p, r->in.handle);
int ret;
char *path = NULL;
struct security_descriptor *psd = NULL;
- SE_PRIV se_diskop = SE_DISK_OPERATOR;
+ uint64_t se_diskop = SE_DISK_OPERATOR;
bool is_disk_op = False;
int max_connections = 0;
TALLOC_CTX *ctx = p->mem_ctx;
int ret;
char *path;
struct security_descriptor *psd = NULL;
- SE_PRIV se_diskop = SE_DISK_OPERATOR;
+ uint64_t se_diskop = SE_DISK_OPERATOR;
bool is_disk_op;
int max_connections = 0;
TALLOC_CTX *ctx = p->mem_ctx;
char *share_name = NULL;
int ret;
int snum;
- SE_PRIV se_diskop = SE_DISK_OPERATOR;
+ uint64_t se_diskop = SE_DISK_OPERATOR;
bool is_disk_op;
struct share_params *params;
TALLOC_CTX *ctx = p->mem_ctx;
struct srvsvc_NetFileClose *r)
{
struct enum_file_close_state state;
- SE_PRIV se_diskop = SE_DISK_OPERATOR;
+ uint64_t se_diskop = SE_DISK_OPERATOR;
bool is_disk_op;
DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
static int net_sam_rights_list(struct net_context *c, int argc,
const char **argv)
{
- SE_PRIV mask;
+ uint64_t mask;
if (argc > 1 || c->display_usage) {
d_fprintf(stderr, "%s\n%s",
struct dom_sid sid;
enum lsa_SidType type;
const char *dom, *name;
- SE_PRIV mask;
+ uint64_t mask;
int i;
if (argc < 2 || c->display_usage) {
struct dom_sid sid;
enum lsa_SidType type;
const char *dom, *name;
- SE_PRIV mask;
+ uint64_t mask;
int i;
if (argc < 2 || c->display_usage) {